Episodes
Wednesday Nov 03, 2021
Threat modelling: finding flaws before software goes live
Wednesday Nov 03, 2021
Wednesday Nov 03, 2021
The idea of building security in to new hardware and software products from the outset has gained ground over the last few years.
And the move to "shift left" and introduce security by design has gained ground, following growing concerns about supply chain attacks.
One way to achieve this is through threat modelling. Threat modelling is not, itself, new: Microsoft did pioneering work on it in the Nineties. But it is now being adopted by bodies such as NIST, with the goal of reducing zero-day vulnerabilities.
Our guest in this episode is Stephen de Vries. Co-founder and CEO of IriusRisk, he has worked on threat modelling for over a decade. He explains why organisations should add it to their security toolkit.
Wednesday Oct 20, 2021
Rent a hack? Why cybercrime is now a service
Wednesday Oct 20, 2021
Wednesday Oct 20, 2021
Criminal groups are increasingly turning their attention to cyber, a trend that picked up pace during the pandemic.
One reason is that technical skills are no longer needed to launch a cyber or phishing attack. Instead, anyone can buy malware, zero day exploits and phishing templates on the dark web.
This has led to an active market in vulnerabilities, and a wider range of crime groups and nation state actors buying in sophisticated exploits.
But why is cybercrime evolve in this way? And what does it mean for cybersecurity teams, and does it need a different response from organisations, and governments?
Our guest is Jack Chapman, VP threat intelligence at Egress. He’s been monitoring the growth of cyber crime as a service, as crime groups move their attentions online. We asked him what it means for security teams, and how they can counter this growing threat.
Wednesday Oct 06, 2021
Ransomware: dealing with the aftermath
Wednesday Oct 06, 2021
Wednesday Oct 06, 2021
Ransomware continues to threaten organisations of all sizes.
And although cybersecurity teams are improving their ability to detect and block ransomware attacks, some will make it through.
How, then, should we deal with the aftermath? In this episode we look at the 30 days after am attack, and the impact of ransomware attacks on operations and reputation, and how businesses can recover.
As our guest this week -- Ed Williams, from Trustwave SpiderLabs -- argues ransomware needs attention from the highest levels of the business. But blocking it, and recovering from it, also means paying attention to the essentials of security.
Interview by Stephen Pritchard
Wednesday Sep 22, 2021
Altered States:The State of the Security Profession in 2021
Wednesday Sep 22, 2021
Wednesday Sep 22, 2021
After a tumultuous 18 months, cybersecurity is by no means alone in taking stock.
Which of the changes introduced to deal with the global pandemic are here to stay? And how have changes to the way we work impacted how we manage security in a world that is, if anything, riskier?
The Chartered Institute of Information Security has just released a report covering all this, and more.
In this episode, Security Insights talks to CIISec director, and report lead author, Piers Wilson about the outlook for the profession, and the challenges we still face.
Wednesday Sep 08, 2021
Defending universities and research, part 2
Wednesday Sep 08, 2021
Wednesday Sep 08, 2021
Universities and research institutes saw an upswing in cyber attacks during the pandemic.
But even before 2020, the sector was finding itself under increasing threat, from ransomware, espionage, and also because of underinvestment in technology and training.
Our guests in this episode are Allie Mellen, an analyst covering security and risk, at Forrester, and previously an academic researcher at MIT, and Mark Wantling, the CIO at Salford University. They discuss the threats, and possible solutions, with Security Insights editor Stephen Pritchard.
Wednesday Aug 25, 2021
Ready for a new term? How universities are improving their cybersecurity.
Wednesday Aug 25, 2021
Wednesday Aug 25, 2021
Universities and academic research institutions are under growing threat from cyber attack, driven by the rise of ransomware, Covid-19, and those on the search for intellectual property.
But could collaboration help secure a sector that is vital to the UK's economic prosperity?
As universities prepare for the start of the new academic year, Security Insights editor Stephen Pritchard discusses this, and more, with Professor Kevin Curran, senior member of the IEEE and Professor of Cyber Security at the University of Ulster.
Wednesday Aug 11, 2021
Paper trail: security risks from printed documents
Wednesday Aug 11, 2021
Wednesday Aug 11, 2021
Are paper documents a hidden security risk?
According to one survey, two out of three people print sensitive work documents at home.
But losing paper records could put an organisation in breach of the GDPR, and cause significant reputational damage.
Controlling access to printed documents, and their secure destruction, is enough of a challenge in the workplace. But add in widespread home working, and the problem becomes all the greater.
Could a clean desk policy at home be the answer? Mike Cluskey, MD of Go Shred, thinks so. In a wide-ranging conversation, he joined Security Insights' Stephen Pritchard to talk about document security, Benji the Binman, and why we still like to work on paper.
Wednesday Jul 21, 2021
A new roadmap for identity from The Alan Turing Institute
Wednesday Jul 21, 2021
Wednesday Jul 21, 2021
Researchers at The Alan Turing Institute are tackling one of the most pressing challenges of the digital world: trusted identity.
How can we develop a version of identity that works for governments, businesses and individuals, is easy and cost effective to apply, reliable and works at scale?
And how can robust identity counter the growing threats online?
The Alan Turing Institute is the UK’s national institute for data science and artificial intelligence. And it is working on a four year project, Trustworthy digital infrastructure for identity systems, to address exactly these questions.
Security Insights invited the project's lead, Professor Carsten Maple, to explain more.
Wednesday Jul 07, 2021
Ransomware: cybersecurity's clear and present danger
Wednesday Jul 07, 2021
Wednesday Jul 07, 2021
According to the National Centre for Cyber Security, ransomware is the greatest cyber threat to UK business.
And globally, ransomware is both increasing, and becoming more damaging.
What are the reasons, and what can businesses, and governments, do to tackle it?
In this episode, Security Insights invited three experts, Forrester analyst Steve Turner, security consultant James Bore, and James Rees, CISO and director of consultancy at Razorthorn, to discuss the threat, and some possible solutions.
The discussion is hosted by Security Insights editor, Stephen Pritchard.
Wednesday Jun 23, 2021
Cybercrime and healthcare: exploiting the pandemic
Wednesday Jun 23, 2021
Wednesday Jun 23, 2021
The healthcare and pharmaceutical sectors are leading the fight against the Covid-19 pandemic.
But, even as doctors work to treat seriously ill patients, and researchers develop and refine treatments and vaccines, there are others who are setting out to disrupt medical facilities, steal clinical and R&D data, spread disinformation and commit fraud.
Why is healthcare now in the cybersecurity front line, and what can security professionals, governments, and even individuals do to protect it?
Andrew Hollister is deputy CISO and VP for labs at LogRhythm. He has been monitoring the impact of cyber attacks on the sector during the pandemic, and he spoke about the challenge, and some potential solutions, to Security Insights editor Stephen Pritchard.