Security Insights

Could the internet be safer if we trust no-one?

Trust and identity are bedrocks of security. But the erosion of a clear perimeter threatens conventional ways to secure data, applications and devices.

Zero Trust looks to replace reliance on perimeter defences with a more flexible, less intrusive and more effective form of security.

But how does it work, and does it bring risks as well as benefits? We ask Elliot Rose, of PA Consulting, Ian Pratt, from HP Personal Systems, Iben Rodriguez of Gigaom and Nico Fischbach of Forcepoint for their views.

Security training and security awareness only goes so far. Instead of annual tick box exercises, organisations should aim for a permanent shift in attitudes to security, argues our guest for this episode. They need to create a security culture.

Kai Roer is an author and security expert, and founder of security culture advisory firm CLT.re, now part of KnowBe4. He talks to host Stephen Pritchard about how we can make that shift.

Just one per cent of security spending goes on training and human factors, says Melanie Oldham.

Oldham is the founder of Bob's Business. Her security training company is best known for the eponymous Bob, a put-upon business exec who battles to secure his operation.

But Bob is not alone. This industry, Oldham argues, needs to strip away the complexity that too often surrounds cyber security.

And we need to focus less on hardware and technology, and more on the people who handle data. Non-technical users often make the best security champions. That, she says, will only be more important, as remote working becomes the norm.

If security is about people, process and technology, people are often the weakest link.

In this first of three episodes looking at security training, awareness and culture, Security Insights meets Simeon Quarrie, founder of Vivida, a company that uses virtual reality and storytelling to make security training more engaing.

In Security Insights' End of Year Review, editor Stephen Pritchard discusses 2020's key trends in information security, and the outlook for 2021, with Amanda Finch, chief executive of the Chartered Institute of Information Security, CIISec.

Security is not always top of mind when it comes to cloud computing.

The problem has only worsened recently, as organisations of all sizes have scrambled to put business processes online.

The result is a growing “cloud security gap” — and this is the theme of the latest cloud threat report, compiled by Oracle and KPMG.

Security Insights invited Oracle’s senior director for cloud security, Greg Jensen, to discuss the report, and how to make the cloud more resilient.

Philippe Courtot is one of the longest-serving CEOs in the cyber security business, with close to two decades at the helm of cloud-based security vendor Qualys.

In this Insight Interview, editor Stephen Pritchard asks Courtot about the ever faster evolution of cyber threats, the need for industry collaboration and the role of governments and law enforcement in reducing cyber crime – as well as the role of the cloud.

The cybersecurity industry faces a growing skills gap, with as many as 3.5m unfilled positions. And the problem is set to grow.

Could recruiting neurodiverse staff be part of the solution? Neurodiverse people, often have skills – including pattern matching and attention to detail – that lend themselves to cybersecurity roles.

Security Insights spoke to Gemma Moore, co-founder of consultancy Cyberis, and board member at CREST, about how this can work.

For military strategists sub-threshold conflicts, hybrid warfare or the "grey zone" is where future battles might be fought, and won or lost.

Technology threats are right at the heart of the grey zone. Robotics, drones, disinformation and of course, cyber, are all part of a fluid landscape that is hard for armed forces, governments, and businesses to navigate.

Security and defence company QinetiQ recently published a paper, which breaks these threats. Security Insights invited CTO Mike Sewart to discuss the report's findings.

As business moves online, so does fraud. Online fraud is already a multi-billon dollar problem, and it shows little sign of easing off. RSA Security's Daniel Cohen explains why fraud should be on the CISO's agenda.