Security Insights

What happens if your personal devices are stolen? Few victims of theft recover their goods. But the loss of the hardware might only be the start of their problems.

There is a growing black market in stolen devices, but also in tools that can unlock them, to steal credentials or to attack other networks. People who lose a device can be a victim twice over, if hackers then use their own property to target their identity.

In this week’s episode, security researcher Adalsteinn Jonsson explains how this is exactly what happened to his partner, and how the incident prompted him, to undertake their own investigations. He, and fellow researcher at cyber security company Cyren, Magni Reynir Sigurðsson, take up the story.

Interview by Stephen Pritchard

Is ageism a problem in cybersecurity, and IT?

The pandemic has accelerated a trend that observers were already warning about: older staff are leaving IT security. And with them, their knowledge and experience leaves too.

What then can be done to encourage older workers to stay in the industry? Is ageism a problem, and if it is, how do we counter it?

This week’s guests are inter-generational diversity expert and author, Henry Rose Lee and Gernot Hacker, from cybersecurity firm Appgate. Appgate recently commissioned a focus group study looking at attitudes to age in cyber security, as they explain.

Interview by Stephen Pritchard

The Internet of Things continues to grow at pace. But are its security flaws being addressed?

Industrial, operational technology and consumer devices are increasingly connected, but security is too often an afterthought, with flaws such as default passwords and insecure firmware. And many IoT devices are hard to patch, if they can be upgraded at all.

The result is an expanding attack surface, that risks undermining the benefits of IoT technology. But could 2022 be the year this is changes? The UK has introduced a voluntary code of practice, Secure By Design, and the Product Security and Telecommunications Infrastructure Bill should become law this year.

Our guest this week is John Moor, MD at the IoT Security Foundation. He discusses the risks posed by the technology, and how manufacturers, governments and end users can help to solve it, with Security Insights' editor Stephen Pritchard.

In this programme, Security Insights invites a selection of industry experts to look back at 2021, and to give their outlook for cybersecurity in 2022.

This episode's guests are:

Piers Wilson, director, Chartered Institute of Information Security

Dr Ian Pratt, Global Head of Security at HP

David Carroll, MD, Nominet Cyber

Jamie Collier, cyber threat intelligence consultant, Mandiant.

Episode edited by Stephen Pritchard

Respect In Security was founded earlier this year to tackle harassment and inappropriate behaviour in the cybersecurity industry.

And negative behaviour, online and face to face, is all too common.

Security Insights invited Respect In Security's co-founders, Lisa Forte and Rik Ferguson, to explain their mission - and why making the industry safer and more inclusive ultimately benefits everyone.

Interview by Stephen Pritchard

Can digital technology help people around the world who lack access to a documented identity?

Over a billion people worldwide lack access to basic papers, such as a birth certificate or passport. This makes it hard to access services such as health and education. For states, it makes it hard to prevent fraud, or detect crime.

Our guest this week is Julie Dawson, head of regulatory and policy at Yoti, a digital ID provider. She speaks to editor Stephen Pritchard about the identity gap, and also whether security companies should also have a social purpose.

The idea of building security in to new hardware and software products from the outset has gained ground over the last few years.

And the move to "shift left" and introduce security by design has gained ground, following growing concerns about supply chain attacks.

One way to achieve this is through threat modelling. Threat modelling is not, itself, new: Microsoft did pioneering work on it in the Nineties. But it is now being adopted by bodies such as NIST, with the goal of reducing zero-day vulnerabilities.

Our guest in this episode is Stephen de Vries. Co-founder and CEO of IriusRisk, he has worked on threat modelling for over a decade. He explains why organisations should add it to their security toolkit.

Criminal groups are increasingly turning their attention to cyber, a trend that picked up pace during the pandemic.

One reason is that technical skills are no longer needed to launch a cyber or phishing attack. Instead, anyone can buy malware, zero day exploits and phishing templates on the dark web.

This has led to an active market in vulnerabilities, and a wider range of crime groups and nation state actors buying in sophisticated exploits.

But why is cybercrime evolve in this way? And what does it mean for cybersecurity teams, and does it need a different response from organisations, and governments?

Our guest is Jack Chapman, VP threat intelligence at Egress. He’s been monitoring the growth of cyber crime as a service, as crime groups move their attentions online. We asked him what it means for security teams, and how they can counter this growing threat.

Ransomware continues to threaten organisations of all sizes.

And although cybersecurity teams are improving their ability to detect and block ransomware attacks, some will make it through.

How, then, should we deal with the aftermath? In this episode we look at the 30 days after am attack, and the impact of ransomware attacks on operations and reputation, and how businesses can recover.

As our guest this week -- Ed Williams, from Trustwave SpiderLabs -- argues ransomware needs attention from the highest levels of the business. But blocking it, and recovering from it, also means paying attention to the essentials of security.

Interview by Stephen Pritchard

After a tumultuous 18 months, cybersecurity is by no means alone in taking stock.

Which of the changes introduced to deal with the global pandemic are here to stay? And how have changes to the way we work impacted how we manage security in a world that is, if anything, riskier?

The Chartered Institute of Information Security has just released a report covering all this, and more.

In this episode, Security Insights talks to CIISec director, and report lead author, Piers Wilson about the outlook for the profession, and the challenges we still face.