Episodes
Thursday Apr 14, 2022
Surviving a crisis: the psychology of cyber attacks
Thursday Apr 14, 2022
Thursday Apr 14, 2022
Nearly everyone in cyber talks about people, process and technology. But often, the people side is mentioned only in passing.
But it is people that determine how well an organisation handles a cyber attack, and how quickly it recovers. Processes and technology are vital, of course. But as our guest this week says, behind every piece of wire, there is a human being.
Rebecca McKeown is the director of human sciences at Immersive Labs. A psychologist who has worked with militaries, aviation, governments and organisations involved in critical national infrastructure, she argues that we’re not investing sufficiently in the human side of security response.
And she also discusses the results of a recent report into the way firms prepare their people for cyber incidents, the Cyber Workforce Benchmark report.
Interview by Stephen Pritchard
Wednesday Mar 30, 2022
Denial of service: attacks on the rise?
Wednesday Mar 30, 2022
Wednesday Mar 30, 2022
Distributed denial of service attacks -- or DDoS -- are up 14 per cent on 2019's figures, according to research by security firm NETSCOUT.
And attacks are becoming more complex, with some using as many as 26 different vectors.
At the same time, there is a massive online market for DDoS attacks, with a terabit-class attack costing as little as $6500. Sites on the dark web even offer criminal hackers free trials of their wares, so the barriers to entry are effectively zero.
What, then, can security teams do to counter the DDoS threat? And could governments do more? Our guest this week is Richard Hummel, ASERT Threat Intelligence Lead at NETSCOUT. He discusses this, and more, with editor Stephen Pritchard.
Wednesday Mar 16, 2022
Is mobile a security weak spot?
Wednesday Mar 16, 2022
Wednesday Mar 16, 2022
Are we underestimating the security threats to mobile devices – and indeed the threats to mobile infrastructure?
Organisations of all sizes now depend heavily on mobile devices. But, although mobile security rarely makes the headlines, the risks posed by ever more powerful devices, and networks, are all too real.
In fact, this week's guest argues that mobile devices were never designed to operate on corporate networks.
Andy Brown is the CTO at Mobliciti. His firm’s been running mobile infrastructure for enterprises since 2009, and he monitors the mobile threat closely. He discusses how the way mobile technology has changed the way we work, and what that means for cybersecurity, with Stephen Pritchard.
Wednesday Feb 23, 2022
Identity, deception and compromised credentials
Wednesday Feb 23, 2022
Wednesday Feb 23, 2022
Stolen or compromised identities have been an attack vector for years, if not decades. Even now, organisations are failing to protect against compromised identity. Identity is one of security’s critical weak spots. But why is this?
Once an attacker breaches defences, it is still too easy for them to move laterally, and to attack higher value targets, or as we've seen recently, attack an organisation with ransomware.
Our guest this week is chief security architect and formally the chief deception officer at Attivo, Carolyn Crandall
She argues that it is changing technology and changing work patterns, with the need to access information anywhere, and at any time, that is making these attacks both more common, and more damaging.
Interview by Stephen Pritchard
Wednesday Feb 09, 2022
The tale of a stolen iPad
Wednesday Feb 09, 2022
Wednesday Feb 09, 2022
What happens if your personal devices are stolen? Few victims of theft recover their goods. But the loss of the hardware might only be the start of their problems.
There is a growing black market in stolen devices, but also in tools that can unlock them, to steal credentials or to attack other networks. People who lose a device can be a victim twice over, if hackers then use their own property to target their identity.
In this week’s episode, security researcher Adalsteinn Jonsson explains how this is exactly what happened to his partner, and how the incident prompted him, to undertake their own investigations. He, and fellow researcher at cyber security company Cyren, Magni Reynir Sigurðsson, take up the story.
Interview by Stephen Pritchard
Wednesday Jan 26, 2022
Ageism in Infosec: Are we losing the older generation?
Wednesday Jan 26, 2022
Wednesday Jan 26, 2022
Is ageism a problem in cybersecurity, and IT?
The pandemic has accelerated a trend that observers were already warning about: older staff are leaving IT security. And with them, their knowledge and experience leaves too.
What then can be done to encourage older workers to stay in the industry? Is ageism a problem, and if it is, how do we counter it?
This week’s guests are inter-generational diversity expert and author, Henry Rose Lee and Gernot Hacker, from cybersecurity firm Appgate. Appgate recently commissioned a focus group study looking at attitudes to age in cyber security, as they explain.
Interview by Stephen Pritchard
Wednesday Jan 12, 2022
The security of things: protecting the IoT
Wednesday Jan 12, 2022
Wednesday Jan 12, 2022
The Internet of Things continues to grow at pace. But are its security flaws being addressed?
Industrial, operational technology and consumer devices are increasingly connected, but security is too often an afterthought, with flaws such as default passwords and insecure firmware. And many IoT devices are hard to patch, if they can be upgraded at all.
The result is an expanding attack surface, that risks undermining the benefits of IoT technology. But could 2022 be the year this is changes? The UK has introduced a voluntary code of practice, Secure By Design, and the Product Security and Telecommunications Infrastructure Bill should become law this year.
Our guest this week is John Moor, MD at the IoT Security Foundation. He discusses the risks posed by the technology, and how manufacturers, governments and end users can help to solve it, with Security Insights' editor Stephen Pritchard.
Thursday Dec 16, 2021
2021: Year in Review
Thursday Dec 16, 2021
Thursday Dec 16, 2021
In this programme, Security Insights invites a selection of industry experts to look back at 2021, and to give their outlook for cybersecurity in 2022.
This episode's guests are:
Piers Wilson, director, Chartered Institute of Information Security
Dr Ian Pratt, Global Head of Security at HP
David Carroll, MD, Nominet Cyber
Jamie Collier, cyber threat intelligence consultant, Mandiant.
Episode edited by Stephen Pritchard
Thursday Dec 02, 2021
Can we make cybersecurity a safer place to work?
Thursday Dec 02, 2021
Thursday Dec 02, 2021
Respect In Security was founded earlier this year to tackle harassment and inappropriate behaviour in the cybersecurity industry.
And negative behaviour, online and face to face, is all too common.
Security Insights invited Respect In Security's co-founders, Lisa Forte and Rik Ferguson, to explain their mission - and why making the industry safer and more inclusive ultimately benefits everyone.
Interview by Stephen Pritchard
Wednesday Nov 17, 2021
Can digital solve the global identity gap?
Wednesday Nov 17, 2021
Wednesday Nov 17, 2021
Can digital technology help people around the world who lack access to a documented identity?
Over a billion people worldwide lack access to basic papers, such as a birth certificate or passport. This makes it hard to access services such as health and education. For states, it makes it hard to prevent fraud, or detect crime.
Our guest this week is Julie Dawson, head of regulatory and policy at Yoti, a digital ID provider. She speaks to editor Stephen Pritchard about the identity gap, and also whether security companies should also have a social purpose.