CCT 346: Testing Disaster Recovery Plans and Why BEC Still Works Despite MFA (CISSP Domain 7)

CCT 346: Testing Disaster Recovery Plans and Why BEC Still Works Despite MFA (CISSP Domain 7)

From CISSP Cyber Training Podcast - CISSP Training Program by Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur

May 4, 2026 · 27 min · Season 3 · Episode 346

About this episode

The episode discusses the effectiveness of business email compromise in secure environments and the challenges of testing disaster recovery plans.

Send us Fan Mail MFA feels like the finish line until you watch a company wire tens of millions of dollars to an attacker without a single password being stolen. We dig into why business email compromise (BEC) still works even in “secure” environments, because the real target is the decision point: trust, timing, urgency, and authority. When attackers can spoof executives or use deepfake voice and video, the authentication layer often never gets challenged in a meaningful way. We break...

People in this episode

Host: Shon Gerber

Topics covered

  • Disaster Recovery Plans
  • Business Email Compromise
  • Multi-Factor Authentication
  • Cybersecurity
  • Trust and Authority

Keywords

  • CISSP
  • Disaster Recovery
  • Business Email Compromise
  • MFA
  • Cybersecurity
  • Trust
  • Authentication

Mentioned in this episode

Organizations: MFA, BEC, Cybersecurity

More episodes of CISSP Cyber Training Podcast - CISSP Training Program

Explore listener stats, chart rankings, contacts and more on the CISSP Cyber Training Podcast - CISSP Training Program podcast page.