Security Insights

Researchers at The Alan Turing Institute are tackling one of the most pressing challenges of the digital world: trusted identity.

How can we develop a version of identity that works for governments, businesses and individuals, is easy and cost effective to apply, reliable and works at scale?

And how can robust identity counter the growing threats online?

The Alan Turing Institute is the UK’s national institute for data science and artificial intelligence. And it is working on a four year project, Trustworthy digital infrastructure for identity systems, to address exactly these questions.

Security Insights invited the project's lead, Professor Carsten Maple, to explain more.

According to the National Centre for Cyber Security, ransomware is the greatest cyber threat to UK business.

And globally, ransomware is both increasing, and becoming more damaging.

What are the reasons, and what can businesses, and governments, do to tackle it?
In this episode, Security Insights invited three experts, Forrester analyst Steve Turner, security consultant James Bore, and James Rees, CISO and director of consultancy at Razorthorn, to discuss the threat, and some possible solutions.

The discussion is hosted by Security Insights editor, Stephen Pritchard.

The healthcare and pharmaceutical sectors are leading the fight against the Covid-19 pandemic.

But, even as doctors work to treat seriously ill patients, and researchers develop and refine treatments and vaccines, there are others who are setting out to disrupt medical facilities, steal clinical and R&D data, spread disinformation and commit fraud.

Why is healthcare now in the cybersecurity front line, and what can security professionals, governments, and even individuals do to protect it?

Andrew Hollister is deputy CISO and VP for labs at LogRhythm. He has been monitoring the impact of cyber attacks on the sector during the pandemic, and he spoke about the challenge, and some potential solutions, to Security Insights editor Stephen Pritchard.

Phishing, attacks on email servers and business email compromise are all very real threats.

Yet email infrastructure often attracts less attention from security teams than other applications.

Despite the growth of other collaboration tools, including video conferencing and tools such as Slack and Teams, email remains central to most organisations' operations. And, as statistics on phishing show, it can be a weak link in cybersecurity.

In this episode, Matt Bromiley, senior principal consultant at Mandiant and Stephen Reynolds, a director at Libraesva, discuss some of the recent threats affecting email, including vulnerabilities in Exchange Server, business email compromise, phishing, and how to defend against them all.

Critical infrastructure is on the front line of cybersecurity.

An attack on power, sanitation, healthcare, or even the banking system, could be catastrophic. But it could happen.

Back in the 1990s, ethical hacker Joe Carson was already concerned about how a power outage could disrupt medical services.

Then, it was the Y2K bug that worried the experts.

Today it is state sponsored actors.

As chief security scientist and advisory CISO at Thycotic, Carson has pitted himself against CNI’s defences, and found them wanting.

But can, and should, we do more to create practices and norms to protect these vital services?

Is cyber a new war zone? Nation states account for a growing percentage of cyber attacks. And some experts warn that state-sanctioned hacking could spill over into an all-out cyber conflict, or worse still, outright war.

But is that overstating the risk? Will state actors hold back from attacks on sectors such as energy, or healthcare? Will they stop short of causing civil unrest, or is that their goal?

Cyber is now firmly part of the "grey zone" between peace and war, where norms and behaviours are only now starting to emerge.

What steps should governments, international bodies, and the cybersecurity industry itself take to stop an accidental cyber attack becoming an international incident?

Security Insights' Stephen Pritchard discusses this, and more, with Nominet Cyber's MD, David Carroll.

It's no longer a question of if you will be hacked.

It's when.

This makes rigorous security testing all the more important. And Red Team exercises, testing defences against an adversary in real time, is one of the most effective methods.

But Red Teaming can be demanding. How should CISOs engage a red team, and what is the best way to make the exercise effective?

In this special report, we speak to Gemma Moore, of Cyberis and CREST, David Benson, of Pen Test People, and Richard Hughes of A&O IT Group.

Reporter: Stephen Pritchard

Priorities for information security professionals in 2021 include insider threats, privacy, the risks posed by state actors and, of course, the aftermath of the pandemic.

In this episode, we speak to Forrester analyst Enza Iannopollo about her firm's latest security predictions - and how CISOs should deal with them.

The information security industry faces an ongoing skills shortage: globally, over 3m jobs are unfilled.

How, then, can we close the skills gap? One answer could be encouraging more career changers to consider the profession.

In this episode, we catch up with two people who have done just that: ex British Army communications specialist, turned pentester, Holly Grace Williams, and former professional cricketer, now security engineer, Charlie Shreck.

At the start of the pandemic, businesses started out on a journey that would transform the world of work for millions.

We invited CMA founder and CEO Amar Singh to discuss the steps organisations should take, to make that transformation as secure as possible.

A year on, how have organisations fared? Which measures have worked well, and which less well?

And what steps should CISOs take now to ensure organisations stay secure as, hopefully, we start to exit lockdowns?

One year on, Security Insights invited Amar Singh back, to discuss the lessons learned -- and what to do next.