ema-logo-secondary-c

Cybersecurity Awesomeness Podcast Recap - Episode 116: False Sense of Cybersecurity

Jul 14, 2025 9:16:00 AM

Welcome to the recap of the Enterprise Management Associates (EMA) Cybersecurity Awesomeness (CSA) Podcast. Hosted by Chris Steffen, Vice President of Research and Ken Buckler, Research Director at EMA, the CSA Podcast covers a wide range of cybersecurity topics, from cyber workforce talent shortages to cyber threat intelligence, to current events in technology and security. This short, laidback podcast is for listeners of all skill levels and backgrounds.

Our perception of safety, particularly within seemingly secure environments, can often be misleading. Recent events underscore this reality – particularly an alarming malware incident involving multiple Google Chrome extensions that brought to light the vulnerabilities even trusted platforms can harbor. This significant incident, affecting around 1.7 million users[1], serves as a stark reminder of the persistent risks lurking within our digital frameworks. Chris Steffen and Ken Buckler delve into this issue in the latest episode of the Cybersecurity Awesomeness Podcast, unpacking the implications for all IT practitioners and decision-makers.

The malware was discreetly embedded in popular tools available in the Chrome Web Store, such as color picker extensions and allowing VPN access to blocked sites. Many of these extensions boasted hundreds of positive reviews, reinforcing a false sense of security among users who assumed that their presence in a curated marketplace guaranteed their safety. This incident illuminates an important lesson: even in confined ecosystems that major tech companies curate, risks are still ever-present. As discussed in the podcast, the notion that any software or service is inherently secure is a dangerous fallacy. Just like previous myths about macOS immunity to viruses, our trust can blind us to the essential need for ongoing vigilance and proactive security practices.

In exploring the factors that contribute to cybersecurity breaches, Ken highlights a worrisome statistic: 74% of Chief Information Security Officers (CISOs) identify human error as a primary risk factor.[2] With 95% of breaches attributed to some form of human error,[3] it becomes unmistakably clear that the weakest link in any security architecture is often the users themselves. Chris emphasizes that despite robust protective measures, the human element remains a significant vulnerability, in which innocent mistakes can lead to catastrophic consequences. This serves not only as a warning, but also as a call to action for organizations to foster a culture of security mindfulness among their teams.

The podcast discusses the need for practical strategies to bridge the gap between security and usability. The challenge lies in ensuring that security measures do not obstruct productivity, a conflict that can push users to circumvent recommended protocols, inadvertently compromising their own systems. Chris and Ken advocate for regular security assessments of all systems, including browser extensions, to counteract the risks of unmonitored technologies.

In this enlightening episode, Chris and Ken demystify the landscape of cybersecurity risks while providing actionable insights for listeners to enhance their organizational security posture. They aim to cultivate not a culture of paranoia, but rather one of awareness and preparedness. With the frequency of breaches and evolving threat landscapes, IT practitioners and decision-makers must stay informed and proactive.

To listen to the full discussion and unpack the implications of these findings further, we encourage you to tune into this edition of the Cybersecurity Awesomeness Podcast. You can gain invaluable insights that could help safeguard your organization from the pervasive dangers lurking in our digital lives. For more resources and in-depth research on managing cybersecurity effectively, please visit Enterprise Management Associates at www.enterprisemanagement.com. Your organization’s security may depend on it.

[1] https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store/

[2] https://www.techtarget.com/whatis/34-Cybersecurity-Statistics-to-Lose-Sleep-Over-in-2020

[3] https://blog.usecure.io/the-role-of-human-error-in-successful-cyber-security-breaches

Topics: Malware Google Chrome Cybersecurity

Chris Steffen & Ken Buckler

Written by Chris Steffen & Ken Buckler

Christopher Steffen, CISSP, CISA, is the vice president of research at EMA, covering information security, risk, and compliance management. Before EMA, he served as the CIO for a financial services firm, focusing on FedRAMP compliance and security. He has also served in executive and leadership roles in numerous industry verticals. Steffen has presented at numerous industry conferences and has been interviewed by multiple online and print media sources. Steffen holds over a dozen technical certifications, including CISSP and CISA.

Kenneth Buckler, CASP, is a research director of information security/risk and compliance management for Enterprise Management Associates, a leading industry analyst and consulting firm that provides deep insight across the full spectrum of IT and data management technologies. Before EMA, he supported a Federal agency’s Enterprise Visibility program, providing security insights and compliance trending for the agency’s national network of computers and devices. He has also served in technical hands-on roles across multiple agencies in the Federal cyber security space and has published three Cyber Security books. Ken holds multiple technical certifications, including CompTIA’s Advanced Security Practitioner (CASP) certification.

  • There are no suggestions because the search field is empty.

Lists by Topic

see all

Posts by Topic

see all

Recent Posts

About Us

Founded in 1996, Enterprise Management Associates (EMA) is a leading IT research and consulting firm dedicated to delivering actionable insights across the evolving technology landscape. Through independent research, market analysis, and vendor evaluations, we empower organizations to make well-informed technology decisions. Our team of analysts combines practical experience with a deep understanding of industry best practices and emerging vendor solutions to help clients achieve their strategic objectives. Learn more about EMA research, analysis, and consulting services at www.enterprisemanagement.com or follow EMA on X or LinkedIn.

Contact Us

[fa icon="phone"]  303-543-9500

[fa icon="envelope"]  info@enterprisemanagement.com

[fa icon="home"]  2770 Arapahoe Road, Lafayette CO
Copyright 2025 Enterprise Management Associates. All rights reserved.
[fa icon="chevron-up"]