Episodes
Tuesday Jun 08, 2021
Defending against email compromises
Tuesday Jun 08, 2021
Tuesday Jun 08, 2021
Phishing, attacks on email servers and business email compromise are all very real threats.
Yet email infrastructure often attracts less attention from security teams than other applications.
Despite the growth of other collaboration tools, including video conferencing and tools such as Slack and Teams, email remains central to most organisations' operations. And, as statistics on phishing show, it can be a weak link in cybersecurity.
In this episode, Matt Bromiley, senior principal consultant at Mandiant and Stephen Reynolds, a director at Libraesva, discuss some of the recent threats affecting email, including vulnerabilities in Exchange Server, business email compromise, phishing, and how to defend against them all.
Tuesday May 18, 2021
Critical infrastructure, and new norms for cyber
Tuesday May 18, 2021
Tuesday May 18, 2021
Critical infrastructure is on the front line of cybersecurity.
An attack on power, sanitation, healthcare, or even the banking system, could be catastrophic. But it could happen.
Back in the 1990s, ethical hacker Joe Carson was already concerned about how a power outage could disrupt medical services.
Then, it was the Y2K bug that worried the experts.
Today it is state sponsored actors.
As chief security scientist and advisory CISO at Thycotic, Carson has pitted himself against CNI’s defences, and found them wanting.
But can, and should, we do more to create practices and norms to protect these vital services?
Tuesday May 04, 2021
Cyber: A new Cold War?
Tuesday May 04, 2021
Tuesday May 04, 2021
Is cyber a new war zone? Nation states account for a growing percentage of cyber attacks. And some experts warn that state-sanctioned hacking could spill over into an all-out cyber conflict, or worse still, outright war.
But is that overstating the risk? Will state actors hold back from attacks on sectors such as energy, or healthcare? Will they stop short of causing civil unrest, or is that their goal?
Cyber is now firmly part of the "grey zone" between peace and war, where norms and behaviours are only now starting to emerge.
What steps should governments, international bodies, and the cybersecurity industry itself take to stop an accidental cyber attack becoming an international incident?
Security Insights' Stephen Pritchard discusses this, and more, with Nominet Cyber's MD, David Carroll.
Tuesday Apr 20, 2021
Special Report: Red Teams
Tuesday Apr 20, 2021
Tuesday Apr 20, 2021
It's no longer a question of if you will be hacked.
It's when.
This makes rigorous security testing all the more important. And Red Team exercises, testing defences against an adversary in real time, is one of the most effective methods.
But Red Teaming can be demanding. How should CISOs engage a red team, and what is the best way to make the exercise effective?
In this special report, we speak to Gemma Moore, of Cyberis and CREST, David Benson, of Pen Test People, and Richard Hughes of A&O IT Group.
Reporter: Stephen Pritchard
Tuesday Apr 06, 2021
Security Priorities for 2021: Forrester's Outlook
Tuesday Apr 06, 2021
Tuesday Apr 06, 2021
Priorities for information security professionals in 2021 include insider threats, privacy, the risks posed by state actors and, of course, the aftermath of the pandemic.
In this episode, we speak to Forrester analyst Enza Iannopollo about her firm's latest security predictions - and how CISOs should deal with them.
Tuesday Mar 23, 2021
Making the Switch: a New Career in Cyber
Tuesday Mar 23, 2021
Tuesday Mar 23, 2021
The information security industry faces an ongoing skills shortage: globally, over 3m jobs are unfilled.
How, then, can we close the skills gap? One answer could be encouraging more career changers to consider the profession.
In this episode, we catch up with two people who have done just that: ex British Army communications specialist, turned pentester, Holly Grace Williams, and former professional cricketer, now security engineer, Charlie Shreck.
Tuesday Mar 09, 2021
Secure remote working: a year on, with Amar Singh
Tuesday Mar 09, 2021
Tuesday Mar 09, 2021
At the start of the pandemic, businesses started out on a journey that would transform the world of work for millions.
We invited CMA founder and CEO Amar Singh to discuss the steps organisations should take, to make that transformation as secure as possible.
A year on, how have organisations fared? Which measures have worked well, and which less well?
And what steps should CISOs take now to ensure organisations stay secure as, hopefully, we start to exit lockdowns?
One year on, Security Insights invited Amar Singh back, to discuss the lessons learned -- and what to do next.
Tuesday Feb 23, 2021
Special report: Zero Trust
Tuesday Feb 23, 2021
Tuesday Feb 23, 2021
Could the internet be safer if we trust no-one?
Trust and identity are bedrocks of security. But the erosion of a clear perimeter threatens conventional ways to secure data, applications and devices.
Zero Trust looks to replace reliance on perimeter defences with a more flexible, less intrusive and more effective form of security.
But how does it work, and does it bring risks as well as benefits? We ask Elliot Rose, of PA Consulting, Ian Pratt, from HP Personal Systems, Iben Rodriguez of Gigaom and Nico Fischbach of Forcepoint for their views.
Tuesday Feb 09, 2021
People and security: Part 3: security culture expert Kai Roer
Tuesday Feb 09, 2021
Tuesday Feb 09, 2021
Security training and security awareness only goes so far. Instead of annual tick box exercises, organisations should aim for a permanent shift in attitudes to security, argues our guest for this episode. They need to create a security culture.
Kai Roer is an author and security expert, and founder of security culture advisory firm CLT.re, now part of KnowBe4. He talks to host Stephen Pritchard about how we can make that shift.
Tuesday Jan 26, 2021
People and Security: Part 2: Melanie Oldham, Bob's Business
Tuesday Jan 26, 2021
Tuesday Jan 26, 2021
Just one per cent of security spending goes on training and human factors, says Melanie Oldham.
Oldham is the founder of Bob's Business. Her security training company is best known for the eponymous Bob, a put-upon business exec who battles to secure his operation.
But Bob is not alone. This industry, Oldham argues, needs to strip away the complexity that too often surrounds cyber security.
And we need to focus less on hardware and technology, and more on the people who handle data. Non-technical users often make the best security champions. That, she says, will only be more important, as remote working becomes the norm.