Security Insights

In this programme, Security Insights invites a selection of industry experts to look back at 2021, and to give their outlook for cybersecurity in 2022.

This episode's guests are:

Piers Wilson, director, Chartered Institute of Information Security

Dr Ian Pratt, Global Head of Security at HP

David Carroll, MD, Nominet Cyber

Jamie Collier, cyber threat intelligence consultant, Mandiant.

Episode edited by Stephen Pritchard

Respect In Security was founded earlier this year to tackle harassment and inappropriate behaviour in the cybersecurity industry.

And negative behaviour, online and face to face, is all too common.

Security Insights invited Respect In Security's co-founders, Lisa Forte and Rik Ferguson, to explain their mission - and why making the industry safer and more inclusive ultimately benefits everyone.

Interview by Stephen Pritchard

Can digital technology help people around the world who lack access to a documented identity?

Over a billion people worldwide lack access to basic papers, such as a birth certificate or passport. This makes it hard to access services such as health and education. For states, it makes it hard to prevent fraud, or detect crime.

Our guest this week is Julie Dawson, head of regulatory and policy at Yoti, a digital ID provider. She speaks to editor Stephen Pritchard about the identity gap, and also whether security companies should also have a social purpose.

The idea of building security in to new hardware and software products from the outset has gained ground over the last few years.

And the move to "shift left" and introduce security by design has gained ground, following growing concerns about supply chain attacks.

One way to achieve this is through threat modelling. Threat modelling is not, itself, new: Microsoft did pioneering work on it in the Nineties. But it is now being adopted by bodies such as NIST, with the goal of reducing zero-day vulnerabilities.

Our guest in this episode is Stephen de Vries. Co-founder and CEO of IriusRisk, he has worked on threat modelling for over a decade. He explains why organisations should add it to their security toolkit.

Criminal groups are increasingly turning their attention to cyber, a trend that picked up pace during the pandemic.

One reason is that technical skills are no longer needed to launch a cyber or phishing attack. Instead, anyone can buy malware, zero day exploits and phishing templates on the dark web.

This has led to an active market in vulnerabilities, and a wider range of crime groups and nation state actors buying in sophisticated exploits.

But why is cybercrime evolve in this way? And what does it mean for cybersecurity teams, and does it need a different response from organisations, and governments?

Our guest is Jack Chapman, VP threat intelligence at Egress. He’s been monitoring the growth of cyber crime as a service, as crime groups move their attentions online. We asked him what it means for security teams, and how they can counter this growing threat.

Ransomware continues to threaten organisations of all sizes.

And although cybersecurity teams are improving their ability to detect and block ransomware attacks, some will make it through.

How, then, should we deal with the aftermath? In this episode we look at the 30 days after am attack, and the impact of ransomware attacks on operations and reputation, and how businesses can recover.

As our guest this week -- Ed Williams, from Trustwave SpiderLabs -- argues ransomware needs attention from the highest levels of the business. But blocking it, and recovering from it, also means paying attention to the essentials of security.

Interview by Stephen Pritchard

After a tumultuous 18 months, cybersecurity is by no means alone in taking stock.

Which of the changes introduced to deal with the global pandemic are here to stay? And how have changes to the way we work impacted how we manage security in a world that is, if anything, riskier?

The Chartered Institute of Information Security has just released a report covering all this, and more.

In this episode, Security Insights talks to CIISec director, and report lead author, Piers Wilson about the outlook for the profession, and the challenges we still face.

Universities and research institutes saw an upswing in cyber attacks during the pandemic.

But even before 2020, the sector was finding itself under increasing threat, from ransomware, espionage, and also because of underinvestment in technology and training.

Our guests in this episode are Allie Mellen, an analyst covering security and risk, at Forrester, and previously an academic researcher at MIT, and Mark Wantling, the CIO at Salford University. They discuss the threats, and possible solutions, with Security Insights editor Stephen Pritchard.

Universities and academic research institutions are under growing threat from cyber attack, driven by the rise of ransomware, Covid-19, and those on the search for intellectual property.

But could collaboration help secure a sector that is vital to the UK's economic prosperity?

As universities prepare for the start of the new academic year, Security Insights editor Stephen Pritchard discusses this, and more, with Professor Kevin Curran, senior member of the IEEE and Professor of Cyber Security at the University of Ulster.

Are paper documents a hidden security risk?

According to one survey, two out of three people print sensitive work documents at home.

But losing paper records could put an organisation in breach of the GDPR, and cause significant reputational damage.

Controlling access to printed documents, and their secure destruction, is enough of a challenge in the workplace. But add in widespread home working, and the problem becomes all the greater.

Could a clean desk policy at home be the answer? Mike Cluskey, MD of Go Shred, thinks so. In a wide-ranging conversation, he joined Security Insights' Stephen Pritchard to talk about document security, Benji the Binman, and why we still like to work on paper.