Episódios
-
Can a book hold the answers to our cybersecurity challenges?
Perhaps not. But a new book from the Information Security Group at Royal Holloway, University of London, sets out to act as a primer on cybersecurity.
The target audience is both those setting out on a career in the sector, or general readers who want to understand the core principles of cybersecurity.
The book is called Cyber Security Foundations: Fundamentals, Technology and Society, published by Kogan Page. In this episode, we ask three of it authors how it came into being, and how a written text can keep pace with a fast-changing security landscape.
-
Verizon's Data Breach Investigations Report is one of the longest-running research studies in the industry.
This year's report is the 18th and tracks over 20,000 incidents and 12,000 breaches.
What changes are we seeing, and what can CISOs learn from the data?
Our guest is Ashish Khanna, who runs the security solutions and consulting practice at Verizon Business. Interview by Stephen Pritchard
-
Estão a faltar episódios?
-
In this episode, we look at the growth of the cybersecurity industry in Northern Ireland.
What are the reasons for its success, and why does cyber play an important part in Northern Ireland's post-industrial future? And why should CISOs look there for a source of talent?
Our guest is Simon Whittaker, chair of the steering committee for NI Cyber, and CEO of Vertical Structure, now part of Instil.
-
Our guest this week is Mandy Andress is CISO at Elastic.
Elastic describes itself as a “search AI company”, and is very much at the forefront of modernising enterprise technology.
A host of businesses use Elastic's tools behind the scenes to manage their data, for security and, of course, for AI.
As CISO, Mandy Andress has the dual responsibilities of keeping Elastic secure, and advising customers on security.
In this CISO interview, we hear about her route into cybersecurity and the pressures of dealing with the increasing intensity, or velocity of cyber attacks.
And we discuss why CISOs need to be more aware than ever of their role in providing security not just within their own organisations but across national infrastructure, and the wider economy.
-
Dr Claudia Natanson is CEO at the UK Cyber Security Council.
The Council, which is funded by the Government's Department for Science, Innovation and Technology, acts as an umbrella body for a range of professional bodies in cybersecurity.
It is the organisation behind chartered status for cybersecurity professionals, sets standards and publishes an ethics code, and acts as a voice of the industry: quite a broad mission for an organisation that is only a few years old.
The Council is, though, very well placed to assess the health of the cybersecurity industry across the UK. And, as Dr Natanson says, it faces a number of challenges, including recruitment, retention, diversity, and ensuring organisations understand what they need from their cybersecurity teams.
But what, exactly, does pouring the perfect pint of Guinness have to do with a successful career in cyber?
Interview by Stephen Pritchard
-
Our guest for the 125th episode of Security Insights is James Bore.
A well-known industry figure and speaker on cybersecurity, James runs the family consultancy firm Bores. He's also an author, book publisher, cyber skills trainer and volunteer.
In this Insights Interview, he shares his forthright -- and sometimes controversial -- views on the way forward for cybersecurity, with editor Stephen Pritchard.
Does cybersecurity blame the victim? What is the relationship between trust and security? And why is investment in security sometimes a bad thing?
-
Are CISOs leaving the industry in droves?
One survey suggests that as many as one in four senior cybersecurity leaders plans to leave the profession.
The causes include growing responsibilities, increasingly severe threats and ever-greater regulatory burdens.
The result is stress and burn out, with CISOs constantly fighting fires. As one of our guests says, CISOs suffer from an "invisibility of success".
So what can we do? The first step is to recognise the problem; the second is to help CISOs build both organisational and individual resilience.
Our guests are Darren Williams, founder and CEO of BlackFog, which commissioned the research, and Peter Coroneos, founder of mental health not for profit Cybermindz.
-
How far should you push security tests?
Sometimes, the answer is "to the limit".
In this episode we look at stress testing in cybersecurity. Putting systems under pressure is the only true way to check that they will work, as intended, during a cyber attack.
But how does stress testing differ from pentesting and cyber exercises? How far is too far, and how do security teams capture the right lessons from the testing process?
Our guests are Chris McKean, solutions specialist at NetApp, and Simon Edwards, founder and CEO at SE Labs.
-
Ransomware remains one of the greatest cyber threats to organisations. Certainly, it is the threat at the top of most boards' agendas.
The reasons are clear enough: ransomware damages reputations, as well as the balance sheet. in the worst case scenario, a business might never recover from an attack.
And ransomware itself is becoming more sophisticated, and so more dangerous. Groups have moved on from simple phishing and RDP attacks to exploiting zero days. And they are as likely to threaten to release confidential information, as they are to encrypt it.
As our guest suggests, ransomware has moved from an attack on availability to an attack on confidentiality.
When it comes to advising on the ransomware threat, few are better placed than Raj Samani. Senior vice president and and chief scientist at Rapid7, Raj is also chief innovation officer at the Cloud Security Alliance, a special adviser at the European Cybercrime Centre and a co-founder of No More Ransom.
Here he discusses the changing ransomware threat, and how organisations should act when they are attacked, with Stephen Pritchard.
-
What happens when a cyber attack hits? What is it like to be in the eye of the storm, and how can security teams prepare?
A cyber attack is inevitably a highly stressful situation for everyone involved. But planning and exercising goes a long way to at least manage that stress.
Our guest for this episode is Dan Potter, senior director for resilience and cyber drills at Immersive Labs. He also has over 15 years' experience working in resilience in the financial services sector.
As he says, no playbook or incident response plan will be fully effective, unless the business takes the time to test it - and learn the lessons from the exercises they run.
-
In a new series of interviews with cybersecurity leaders, we meet Jack Mersey, CISO at Westbury Street Holdings.
In an in-depth interview, he discusses threats -- from nation states to business email compromise -- security awareness and culture, and the challenges of ensuring security to a highly distributed business with 26,000 people and over 1000 sites that operates around the clock.
How does a CISO gain the confidence, and support, of colleagues from baristas and chefs to general managers and finance teams?
How can a security team operate internationally and keep headcounts low?
And how can cybersecurity leaders ensure security does not become a blocker?
Interview by Stephen Pritchard
-
Hacktivist groups have been around almost as long as the public internet.
But their make up, and their goals, have changed.
Hacktivism is no longer about "hacker" or counter culture or protest. Instead, it appears increasingly aligned with political objectives.
And some of today's groups at the very least aligned to, if not sponsored, by nation states.
Perhaps hacktivism is no longer the right term. Researchers are now talking about groups that set out to undermine trust in both the online and physical worlds, and carry out what some security researchers call “cognitive warfare”.
As part of its 2025 Security Navigator report Orange Cyberdefense tracked one hacktivist group in detail. Our guest is their head of security research. In this episode, he tells editor Stephen Pritchard what his team have discovered, from watching one particular group, and a renewed interest in hacktivism more broadly.
-
AI poses risks to security, through possible flaws in the applications themselves, and by AI being used by threat actors to develop malware and improve their targeting.
But there’s also plenty who argue that AI offers a chance to improve security. Certainly there are plenty of vendors promoting AI-enhanced versions of their products, promising to react faster, and pick up more threats.
Which side, though, will win out? And should cybersecurity professionals fear AI, or see it as an ally?
Our guest this week is Jon France, CISO at ISC Two. On the back of the organisation’s recent Cybersecurity Workforce Study, he discusses AI, good and bad, with editor Stephen Pritchard.
-
Is stress unavoidable, if you work in cyber?
And does workplace stress in the industry threaten security?
Stress and burnout among cyber teams are now a real worry for CISOs. And our guest for this episode argues that they should be a concern for boards too.
Stressed-out operators underperform and make mistakes. Burned out staff are more likely to leave, forcing firms to spend more on hiring and training replacements.
So how should employers spot the signs of stress? And what can we do as individuals to avoid burn out?
Our guest is Katie Maycock, of GYST Wellbeing.
-
Geopolitics is increasingly influencing cybersecurity.
The growth of online espionage, the potential for attacks by state actors, and governments turning a blind eye to cybercrime are all increasing risk.
At the same time, our growing dependency on connectivity, in government, in critical infrastructure and for day to day business, makes cyberspace an attractive target.
But it's not always been this way. In the early days of information and IT security, nation state threats were rare.
But, as Steve Durbin, CEO of the Information Security Forum points out, a lot has changed over the last few decades, and especially in the last few years.
In this Insights Interview editor Stephen Pritchard asks whether we are now more at risk than ever, if the current level of cyber threats could spill over into a more overt conflict and whether organisations have the resources to operate in a more dangerous world.
-
There's a lot being said (and written) about deepfakes.
And there is no doubt that they can now be very convincing, to the point where they can deceive the human eye.
But are deepfakes just a bit of fun, or do they pose real security risks? Do the dangers lie in manipulating public opinion through fake news, or can deepfakes be used to breach security systems.
Our guest, Dr Andrew Newell, academic researcher and chief scientific officer at iProov, argues that both are happening. Security teams need to take steps to block deepfakes from compromising identity systems, but we all need to guard against their wider influence.
Interview by Stephen Pritchard
-
Software as a service, or SaaS, has been a huge success. There are now some 30 thousand SaaS applications on the market worldwide. These cover everything from niche requirements to running entire businesses.
The SaaS revolution has certainly brought benefits to businesses.
But are SaaS applications secure and robust enough? Supporters of SaaS argue that their applications are actually safer and more resilient than locally-run IT.
However, Cloud vendors, including SaaS companies, rely on the shared responsibility model. In simple terms, they look after the infrastructure, but the customer is responsible for their data.
This can leave organisations with real problems, if their data is inaccessible, or even deleted.
This could be down to human error, malicious actions, such as a ransomware attack, or even a SaaS provider failure.
Our guest today is Simon Taylor, Founder and CEO of HYCU. He believes that SaaS users need to take more control of their data, even when it's in a SaaS application.
-
Europe's cybersecurity industry is worth some $50bn and is growing at 10% a year.
It's also pretty fragmented – at least when it comes to vendors. Europe -- even more so than the US -- is now ready for market consolidation.
Some of that is being driven by acquisitions by the large technology firms, as they look to broaden their cybersecurity offerings.
But firms, and their investors, are looking for scale.
And CISOs are looking for simplicity and greater security. Could vendor consolidation achieve this? And what is the role of cybersecurity "platforms" as the industry changes shape?
Our guest is Mark Smith, of advisory firm Houlihan Lokey.
Interview by Stephen Pritchard.
-
Conventional security training leaves a lot to be desired.
So what can CISOs do, to deliver training and security awareness in a way that is effective, and engaging?
Over the last few episodes we've discussed both the psychology, and human factors, around cybersecurity. To finish the series, in this programme we will look at experiential learning, or learning by doing.
Our guest is Amy Stokes-Waters. She delivers exactly that, by running escape rooms for organisations who want to improve security awareness, but want to move away from slide-heavy courses, and checkbox compliance. She's also written a paper on experiential learning in cybersecurity.
But does it work? She discusses cyber escape rooms, learning theory, and the pros and cons of measurement with editor Stephen Pritchard.
-
How do we manage the risks posed by human behaviour?
In this, the second of our short series exploring the links between human behaviour and security, we look at the emerging field of human risk management.
The statistics are quite frightening: 90 per cent of security breaches involve human error or social engineering.
But how do we, at a business level, categorise those risks? If we don’t understand the risks, we can’t reduce them.
A better understanding of where the risks are – and which behaviours are risky – makes it easier to design counter measures, such as training.
Our guests this week are Lev Lesokhin and Charlotte Jupp, of OutThink – an firm that’s pioneering human risk management.
We discuss what human risk management involves, and how security teams can make use of it, without crossing privacy boundaries.
- Mostrar mais
