Security Breach: 'Nobody Should Get Ransomwared'

The tools and tactics are here - why the investment has to follow.

As we’ve discussed numerous times on Security Breach, terms like change, evolution and constant are more than just buzz terms – they’re a simple reality of working in the industrial OT space.

Whether we’re discussing threat actors from Stuxnet to Lockbit, tactics from social engineering to double-extortion ransomware, or vulnerability sources ranging from weak passwords to embedded secure-by design concerns, the ever-expanding attack surface is a constant reminder of change and the evolving nature of threats. 

In this episode we talk to Michael Haase, and draw on his extensive background and personal experiences as we discuss:

  • The on-going balancing act between cost and security priorities.
  • Why he considers the need for phishing training, "a massive failure on the part of the technical community."
  • How AI is laying the groundwork for attacks that haven't happened yet.
  • Why the growing complexity of hackers is actually a positive indicator.
  • Automation is the inflection point for cybersecurity - for both sides.
  • The shift from worrying about the ability to detect new attacks to focusing on the vulnerabilities being exploited.
  • The distinction between learning what needs to be done and actually taking action.

To catch up on past episodes, you can go to or You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected]

To download our latest report on industrial cybersecurity,  The Industrial Sector’s New Battlefield, click here.

More in Educational Resources - FM