Security Insights

It's no longer a question of if you will be hacked.

It's when.

This makes rigorous security testing all the more important. And Red Team exercises, testing defences against an adversary in real time, is one of the most effective methods.

But Red Teaming can be demanding. How should CISOs engage a red team, and what is the best way to make the exercise effective?

In this special report, we speak to Gemma Moore, of Cyberis and CREST, David Benson, of Pen Test People, and Richard Hughes of A&O IT Group.

Reporter: Stephen Pritchard

Priorities for information security professionals in 2021 include insider threats, privacy, the risks posed by state actors and, of course, the aftermath of the pandemic.

In this episode, we speak to Forrester analyst Enza Iannopollo about her firm's latest security predictions - and how CISOs should deal with them.

The information security industry faces an ongoing skills shortage: globally, over 3m jobs are unfilled.

How, then, can we close the skills gap? One answer could be encouraging more career changers to consider the profession.

In this episode, we catch up with two people who have done just that: ex British Army communications specialist, turned pentester, Holly Grace Williams, and former professional cricketer, now security engineer, Charlie Shreck.

At the start of the pandemic, businesses started out on a journey that would transform the world of work for millions.

We invited CMA founder and CEO Amar Singh to discuss the steps organisations should take, to make that transformation as secure as possible.

A year on, how have organisations fared? Which measures have worked well, and which less well?

And what steps should CISOs take now to ensure organisations stay secure as, hopefully, we start to exit lockdowns?

One year on, Security Insights invited Amar Singh back, to discuss the lessons learned -- and what to do next.

Could the internet be safer if we trust no-one?

Trust and identity are bedrocks of security. But the erosion of a clear perimeter threatens conventional ways to secure data, applications and devices.

Zero Trust looks to replace reliance on perimeter defences with a more flexible, less intrusive and more effective form of security.

But how does it work, and does it bring risks as well as benefits? We ask Elliot Rose, of PA Consulting, Ian Pratt, from HP Personal Systems, Iben Rodriguez of Gigaom and Nico Fischbach of Forcepoint for their views.

Security training and security awareness only goes so far. Instead of annual tick box exercises, organisations should aim for a permanent shift in attitudes to security, argues our guest for this episode. They need to create a security culture.

Kai Roer is an author and security expert, and founder of security culture advisory firm CLT.re, now part of KnowBe4. He talks to host Stephen Pritchard about how we can make that shift.

Just one per cent of security spending goes on training and human factors, says Melanie Oldham.

Oldham is the founder of Bob's Business. Her security training company is best known for the eponymous Bob, a put-upon business exec who battles to secure his operation.

But Bob is not alone. This industry, Oldham argues, needs to strip away the complexity that too often surrounds cyber security.

And we need to focus less on hardware and technology, and more on the people who handle data. Non-technical users often make the best security champions. That, she says, will only be more important, as remote working becomes the norm.

If security is about people, process and technology, people are often the weakest link.

In this first of three episodes looking at security training, awareness and culture, Security Insights meets Simeon Quarrie, founder of Vivida, a company that uses virtual reality and storytelling to make security training more engaing.

In Security Insights' End of Year Review, editor Stephen Pritchard discusses 2020's key trends in information security, and the outlook for 2021, with Amanda Finch, chief executive of the Chartered Institute of Information Security, CIISec.

Security is not always top of mind when it comes to cloud computing.

The problem has only worsened recently, as organisations of all sizes have scrambled to put business processes online.

The result is a growing “cloud security gap” — and this is the theme of the latest cloud threat report, compiled by Oracle and KPMG.

Security Insights invited Oracle’s senior director for cloud security, Greg Jensen, to discuss the report, and how to make the cloud more resilient.