ema-logo-secondary-c

Cybersecurity Awesomeness Podcast Recap - Episode 115: The Clickbait News Cycle

Jul 7, 2025 12:39:35 PM

Welcome to the recap of the Enterprise Management Associates (EMA) Cybersecurity Awesomeness (CSA) Podcast. Hosted by Chris Steffen, Vice President of Research and Ken Buckler, Research Director at EMA, the CSA Podcast covers a wide range of cybersecurity topics, from cyber workforce talent shortages to cyber threat intelligence, to current events in technology and security. This short, laidback podcast is for listeners of all skill levels and backgrounds.

Today’s podcast delves into a recent article[1] that highlights the eye-popping figure of 16 billion exposed passwords, but as the authors elucidate, this information can often be more sensational than substantive.

Steffen and Buckler emphasize the prevalence of clickbait culture, wherein shocking headlines drive traffic but fail to convey the accurate context of cybersecurity incidents. The mention of 16 billion passwords causes immediate alarm, yet upon closer examination, these figures represent cumulative data from various incidents over several years—many of which should have been resolved through common security practices, like changing compromised passwords. The two experts underscore the grave consequence of this distorted representation: it fosters unnecessary fear and misunderstanding within organizations striving to maintain a robust cybersecurity posture.

A critical point raised is the concept of shared responsibility in cybersecurity, particularly concerning cloud service providers (CSPs) like Amazon, Google, and Microsoft. Steffen shares his frustration regarding the persistent misconception that CSPs are solely responsible for all aspects of security. In reality, the responsibility is shared: while CSPs secure the infrastructure, organizations must take accountability for their own data security practices. This misunderstanding is underscored by consistently low recognition of this model among respondents in various surveys conducted by Enterprise Management Associates, revealing that about 7% of organizations incorrectly grasp their responsibilities.

The conversation highlights the dangers of reusing passwords and the need for effective password management strategies. They urge listeners to adopt practices such as changing passwords regularly, utilizing two-factor authentication, and considering password managers to streamline security. Buckler’s analogy, likening passwords to “the one ring” from The Lord of the Rings, serves as a reminder of their value and the necessity of guarding them closely.

With the world becoming increasingly interconnected and reliant on digital systems for business operations, the stakes couldn’t be higher. Understanding the nuances of cybersecurity reporting and the importance of an informed approach to organizational security is essential for IT practitioners and decision-makers. The conversation encapsulated in this podcast episode sheds light on critical cybersecurity principles while encouraging a culture of proactive engagement in security best practices.

For a deeper understanding of these vital issues, we invite you to listen to the full podcast episode and enhance your grasp of the cybersecurity landscape. Join us in fostering a more knowledgeable community by visiting Enterprise Management Associates at www.enterprisemanagement.com, where you'll find valuable resources to support your cybersecurity efforts.

You can find the Cybersecurity Awesomeness Podcast at www.cybersecurityawesomeness.com. To gain deeper insights and hear firsthand comments from Chris and Ken on these vital topics, we invite you to listen to the full podcast. Furthermore, for more resources and expertise on cybersecurity, visit Enterprise Management Associates at www.enterprisemanagement.com.

[1] Forbes “Is The Truth Behind The 16 Billion Passwords Leak Finally Revealed?” https://www.forbes.com/sites/daveywinder/2025/06/30/is-the-truth-behind-the-16-billion-passwords-leak-finally-revealed/

Chris Steffen & Ken Buckler

Written by Chris Steffen & Ken Buckler

Christopher Steffen, CISSP, CISA, is the vice president of research at EMA, covering information security, risk, and compliance management. Before EMA, he served as the CIO for a financial services firm, focusing on FedRAMP compliance and security. He has also served in executive and leadership roles in numerous industry verticals. Steffen has presented at numerous industry conferences and has been interviewed by multiple online and print media sources. Steffen holds over a dozen technical certifications, including CISSP and CISA.

Kenneth Buckler, CASP, is a research director of information security/risk and compliance management for Enterprise Management Associates, a leading industry analyst and consulting firm that provides deep insight across the full spectrum of IT and data management technologies. Before EMA, he supported a Federal agency’s Enterprise Visibility program, providing security insights and compliance trending for the agency’s national network of computers and devices. He has also served in technical hands-on roles across multiple agencies in the Federal cyber security space and has published three Cyber Security books. Ken holds multiple technical certifications, including CompTIA’s Advanced Security Practitioner (CASP) certification.

  • There are no suggestions because the search field is empty.

Lists by Topic

see all

Posts by Topic

see all

Recent Posts