Shows
Security InsightsBug bounties: risks and rewardsA growing number of organisations now offer "bug bounties", paying hackers or security researchers rewards for finding vulnerabilities.
But how do these programmes operate, and how do CISOs ensure that they are run ethically? What are the risks of inviting researchers to hack your organisation? How do bug bounties stack up against other methods of security testing?
And what are the benefits to security researchers themselves, as the programmes cannot work without hackers?
We cover the pros and cons of bug bounties with Ottilia Westerlund, hacker engagement manager at bug bounty platform Intigriti...
2025-10-1629 minSecurity InsightsDDoS, geopolitics and AIDDoS – or distributed denial of service attacks – remain a serious source of disruption across the internet.
DDoS attacks continue to grow in their frequency and volume. And increasingly, they’re aligned to geopolitical events.
A driver is sites offering “DDoS for hire”. The groups behind these sites even offer DDoS as a service attacks for free. But cybercrime groups are making use of AI too.
This is leading to what researchers at NETSCOUT describe as a “digital battlefield", with DDoS attacks overwhelming underprepared defenders.
Our guest is Richard Hummel, director of threat intell...
2025-10-0229 minSecurity InsightsCyber skills: a crisis of our own making?Is cybersecurity's skills crisis one of its own making?
And why have initiatives to close the skills gap made relatively little impact?
In this episode, our guests Thom Langford, of Rapid7, and Lee Munson, of the ISF, discuss career changes, hiring practices, certifications and what needs to change with editor Stephen Pritchard
2025-09-1829 minSecurity InsightsDefending education: countering the cyber threatEducation is increasingly in the crosshairs for malicous actors. Along with other public sector bodies, schools, colleges and universities are being targeted for the information they hold, as well as for extortion and ransom.
What, then, can leaders in the sector do to bolster their defences, especially when budgets are under pressure?
Our guest is Joe Rooke, director of risk insights at Recorded Future’s Insikt Group.
2025-09-0429 minSecurity InsightsVulnerabilities, CVEs and the attack surfaceIn this episode, we discuss whether vulnerability scores are still a viable tool when it comes to measuring cyber threats.
Both CVEs and CVSS are core security tools. But, our guest this week argues, they are often misused. In a worst case scenario, they add little to effective defence, and can divert security teams from the real threats.
Tod Beardsley is VP of security research at runZero, is on the board of the CVE Project, and is a former official at CISA.
2025-08-2131 minSecurity InsightsHuman risk factors: cybersecurity's weak spotMore than three quarters of security breaches result from human behaviour.
But as an industry, we focus far more on technical security measures, than on the human element.
Human risk management sets out to change this. Its proponents aruge that by measuring what people do on networks and systems, we create a much clearer picture of risk.
In fact, they say, the risks posed by people should be on the business' risk register.
And it's only with that picture that we can implement the controls, and measures such as security awareness...
2025-08-0729 minSecurity InsightsAI, Testing and Red Teaming, with Peter GarraghanArtificial intelligence is often described as a "black box". We can see what we put in, and what comes out. But not how the model comes to its results.
And, unlike conventional software, large language models are non-deterministic. The same inputs can produce different results.
This makes it hard to secure AI systems, and to assure their users that they are secure.
There is already growing evidence that malicious actors are using AI to find vulnerabilities, carry out reconnaissance, and fine-tune their attacks.
But the risks posed by AI systems themselves...
2025-07-2429 minSecurity InsightsAI, Testing and Red Teaming, with Peter GarrighanArtificial intelligence is often described as a "black box". We can see what we put in, and what comes out. But not how the model comes to its results.
And, unlike conventional software, large language models are non-deterministic. The same inputs can produce different results.
This makes it hard to secure AI systems, and to assure their users that they are secure.
There is already growing evidence that malicious actors are using AI to find vulnerabilities, carry out reconnaissance, and fine-tune their attacks.
But the risks posed by AI systems themselves...
2025-07-2429 minSecurity InsightsNon-human identities: the rise of the machinesNon-human identities now vastly outnumber human actors on the internet, perhaps by as many as 50 to one.
APIs, online devices and service calls now dominate internet traffic, and access requests.
And this is only set to increase, with the rise of AI and AI agents.
Could we even see "robot wars" as AI agents take on AI defenders?
A lack of visibility, and a lack of control over machine identities is not just putting systems and networks at risk.
It is changing the whole concept of identity.
...
2025-07-0329 minSecurity InsightsBalancing risk and security: Rich SeiersenManaging cybersecurity is increasingly about managing risk.
It's not possible to stop every attack or prevent every breach. So CISOs need to link the likelihood and impact of an incident to the damage it does to the organisation.
But do security teams understand business risk? And do business leaders fully appreciate the threat from cyber attacks?
Our guest is Richard Seiersen, chief risk technology officer at Qualys, as well as a researcher, author, entrepreneur and former CISO.
2025-06-1929 minSecurity InsightsBalancing risk and security: Rich SeiersonManaging cybersecurity is increasingly about managing risk.
It's not possible to stop every attack or prevent every breach. SO CISOs need to link the likelihood and impact of an incident to the damage it does to the organisation.
But do security teams understand business risk? And do business leaders fully appreciate the threat from cyber attacks?
Our guest is Richard Seiersen, chief risk technology officer at Qualys, as well as a researcher, author, entrepreneur and former CISO.
2025-06-1929 minSecurity InsightsCyber Security Foundations: security by the bookCan a book hold the answers to our cybersecurity challenges?
Perhaps not. But a new book from the Information Security Group at Royal Holloway, University of London, sets out to act as a primer on cybersecurity.
The target audience is both those setting out on a career in the sector, or general readers who want to understand the core principles of cybersecurity.
The book is called Cyber Security Foundations: Fundamentals, Technology and Society, published by Kogan Page. In this episode, we ask three of it authors how it came into being, and how...
2025-06-0535 minSecurity InsightsVerizon's DBIR: tracking security threatsVerizon's Data Breach Investigations Report is one of the longest-running research studies in the industry.
This year's report is the 18th and tracks over 20,000 incidents and 12,000 breaches.
What changes are we seeing, and what can CISOs learn from the data?
Our guest is Ashish Khanna, who runs the security solutions and consulting practice at Verizon Business. Interview by Stephen Pritchard
2025-05-2229 minSecurity InsightsBeyond the Titanic: Cybersecurity in Northern IrelandIn this episode, we look at the growth of the cybersecurity industry in Northern Ireland.
What are the reasons for its success, and why does cyber play an important part in Northern Ireland's post-industrial future? And why should CISOs look there for a source of talent?
Our guest is Simon Whittaker, chair of the steering committee for NI Cyber, and CEO of Vertical Structure, now part of Instil.
2025-05-0829 minSecurity InsightsCISO Interview: Mandy Andress, ElasticOur guest this week is Mandy Andress is CISO at Elastic.
Elastic describes itself as a “search AI company”, and is very much at the forefront of modernising enterprise technology.
A host of businesses use Elastic's tools behind the scenes to manage their data, for security and, of course, for AI.
As CISO, Mandy Andress has the dual responsibilities of keeping Elastic secure, and advising customers on security.
In this CISO interview, we hear about her route into cybersecurity and the pressures of dealing with the increasing intensity, or velocity of cybe...
2025-04-2429 minSecurity InsightsInsights Interview: Claudia Natanson, UK Cyber Security CouncilDr Claudia Natanson is CEO at the UK Cyber Security Council.
The Council, which is funded by the Government's Department for Science, Innovation and Technology, acts as an umbrella body for a range of professional bodies in cybersecurity.
It is the organisation behind chartered status for cybersecurity professionals, sets standards and publishes an ethics code, and acts as a voice of the industry: quite a broad mission for an organisation that is only a few years old.
The Council is, though, very well placed to assess the health of the cybersecurity industry across...
2025-04-1029 minSecurity InsightsEpisode 125: Insights Interview, with James BoreOur guest for the 125th episode of Security Insights is James Bore.
A well-known industry figure and speaker on cybersecurity, James runs the family consultancy firm Bores. He's also an author, book publisher, cyber skills trainer and volunteer.
In this Insights Interview, he shares his forthright -- and sometimes controversial -- views on the way forward for cybersecurity, with editor Stephen Pritchard.
Does cybersecurity blame the victim? What is the relationship between trust and security? And why is investment in security sometimes a bad thing?
2025-03-2629 minSecurity InsightsWhy CISOs quit: cyber's leadership crisisAre CISOs leaving the industry in droves?
One survey suggests that as many as one in four senior cybersecurity leaders plans to leave the profession.
The causes include growing responsibilities, increasingly severe threats and ever-greater regulatory burdens.
The result is stress and burn out, with CISOs constantly fighting fires. As one of our guests says, CISOs suffer from an "invisibility of success".
So what can we do? The first step is to recognise the problem; the second is to help CISOs build both organisational and individual resilience.
Our guests...
2025-03-1329 minSecurity InsightsStress testing cyber defencesHow far should you push security tests?
Sometimes, the answer is "to the limit".
In this episode we look at stress testing in cybersecurity. Putting systems under pressure is the only true way to check that they will work, as intended, during a cyber attack.
But how does stress testing differ from pentesting and cyber exercises? How far is too far, and how do security teams capture the right lessons from the testing process?
Our guests are Chris McKean, solutions specialist at NetApp, and Simon Edwards, founder and CEO at SE...
2025-02-2729 minSecurity InsightsFighting Ransomware, with Raj SamaniRansomware remains one of the greatest cyber threats to organisations. Certainly, it is the threat at the top of most boards' agendas.
The reasons are clear enough: ransomware damages reputations, as well as the balance sheet. in the worst case scenario, a business might never recover from an attack.
And ransomware itself is becoming more sophisticated, and so more dangerous. Groups have moved on from simple phishing and RDP attacks to exploiting zero days. And they are as likely to threaten to release confidential information, as they are to encrypt it.
As our...
2025-02-1332 minSecurity InsightsThe eye of the storm: dealing with a cyber crisisWhat happens when a cyber attack hits? What is it like to be in the eye of the storm, and how can security teams prepare?
A cyber attack is inevitably a highly stressful situation for everyone involved. But planning and exercising goes a long way to at least manage that stress.
Our guest for this episode is Dan Potter, senior director for resilience and cyber drills at Immersive Labs. He also has over 15 years' experience working in resilience in the financial services sector.
As he says, no playbook or incident response plan will...
2025-01-2329 minSecurity InsightsCISO Interview: Jack Mersey Westbury Street HoldingsIn a new series of interviews with cybersecurity leaders, we meet Jack Mersey, CISO at Westbury Street Holdings.
In an in-depth interview, he discusses threats -- from nation states to business email compromise -- security awareness and culture, and the challenges of ensuring security to a highly distributed business with 26,000 people and over 1000 sites that operates around the clock.
How does a CISO gain the confidence, and support, of colleagues from baristas and chefs to general managers and finance teams?
How can a security team operate internationally and keep headcounts low?
...
2025-01-0929 minSecurity InsightsHacktivism's changing facesHacktivist groups have been around almost as long as the public internet.
But their make up, and their goals, have changed.
Hacktivism is no longer about "hacker" or counter culture or protest. Instead, it appears increasingly aligned with political objectives.
And some of today's groups at the very least aligned to, if not sponsored, by nation states.
Perhaps hacktivism is no longer the right term. Researchers are now talking about groups that set out to undermine trust in both the online and physical worlds, and carry out what some security researchers c...
2024-12-1929 minSecurity InsightsSecurity and AI: Jon France, CISO, ISC2AI poses risks to security, through possible flaws in the applications themselves, and by AI being used by threat actors to develop malware and improve their targeting.
But there’s also plenty who argue that AI offers a chance to improve security. Certainly there are plenty of vendors promoting AI-enhanced versions of their products, promising to react faster, and pick up more threats.
Which side, though, will win out? And should cybersecurity professionals fear AI, or see it as an ally?
Our guest this week is Jon France, CISO at ISC Two...
2024-12-0529 minSecurity InsightsCyber stress: are we burning out?Is stress unavoidable, if you work in cyber?
And does workplace stress in the industry threaten security?
Stress and burnout among cyber teams are now a real worry for CISOs. And our guest for this episode argues that they should be a concern for boards too.
Stressed-out operators underperform and make mistakes. Burned out staff are more likely to leave, forcing firms to spend more on hiring and training replacements.
So how should employers spot the signs of stress? And what can we do as individuals to avoid burn out?
2024-11-2129 minSecurity InsightsInsights Interview: Geopolitics and cyber threats, with the ISF's Steve DurbinGeopolitics is increasingly influencing cybersecurity.
The growth of online espionage, the potential for attacks by state actors, and governments turning a blind eye to cybercrime are all increasing risk.
At the same time, our growing dependency on connectivity, in government, in critical infrastructure and for day to day business, makes cyberspace an attractive target.
But it's not always been this way. In the early days of information and IT security, nation state threats were rare.
But, as Steve Durbin, CEO of the Information Security Forum points out, a lot has changed...
2024-11-0729 minSecurity InsightsDeepfakes: uncovering the security risksThere's a lot being said (and written) about deepfakes.
And there is no doubt that they can now be very convincing, to the point where they can deceive the human eye.
But are deepfakes just a bit of fun, or do they pose real security risks? Do the dangers lie in manipulating public opinion through fake news, or can deepfakes be used to breach security systems.
Our guest, Dr Andrew Newell, academic researcher and chief scientific officer at iProov, argues that both are happening. Security teams need to take steps to block deepfakes...
2024-10-2429 minSecurity InsightsSaaS and security: shared responsibility, or hidden risks?Software as a service, or SaaS, has been a huge success. There are now some 30 thousand SaaS applications on the market worldwide. These cover everything from niche requirements to running entire businesses.
The SaaS revolution has certainly brought benefits to businesses.
But are SaaS applications secure and robust enough? Supporters of SaaS argue that their applications are actually safer and more resilient than locally-run IT.
However, Cloud vendors, including SaaS companies, rely on the shared responsibility model. In simple terms, they look after the infrastructure, but the customer is responsible for their data.
2024-10-1129 minSecurity InsightsInvesting in cyber: should we follow the money?Europe's cybersecurity industry is worth some $50bn and is growing at 10% a year.
It's also pretty fragmented – at least when it comes to vendors. Europe -- even more so than the US -- is now ready for market consolidation.
Some of that is being driven by acquisitions by the large technology firms, as they look to broaden their cybersecurity offerings.
But firms, and their investors, are looking for scale.
And CISOs are looking for simplicity and greater security. Could vendor consolidation achieve this? And what is the role of cybersecurity "platforms" as...
2024-09-2629 minSecurity InsightsCyber escape rooms - and experiential learningConventional security training leaves a lot to be desired.
So what can CISOs do, to deliver training and security awareness in a way that is effective, and engaging?
Over the last few episodes we've discussed both the psychology, and human factors, around cybersecurity. To finish the series, in this programme we will look at experiential learning, or learning by doing.
Our guest is Amy Stokes-Waters. She delivers exactly that, by running escape rooms for organisations who want to improve security awareness, but want to move away from slide-heavy courses, and checkbox compliance. She's...
2024-09-1229 minSecurity InsightsHuman Risk Management: tackling cybersecurity's weak spotHow do we manage the risks posed by human behaviour?
In this, the second of our short series exploring the links between human behaviour and security, we look at the emerging field of human risk management.
The statistics are quite frightening: 90 per cent of security breaches involve human error or social engineering.
But how do we, at a business level, categorise those risks? If we don’t understand the risks, we can’t reduce them.
A better understanding of where the risks are – and which behaviours are risky – makes it easier to desig...
2024-08-3029 minSecurity InsightsMind games: the psychology of cybersecurityHow important is human behaviour in cybersecurity? How well do we know our people, and do we understand the risks posed by individuals' actions?
Research suggests that the overwhelming majority of cyber breaches start with human error or poor practice. But despite investments in security training and security awareness, we still make mistakes.
Over the next three episodes, we will examine some of the human factors around cybersecurity, including human risk management, and how we change behaviour.
We'll start the series by looking at the psychology of cybersecurity, as well as how to...
2024-08-1529 minSecurity InsightsAI: chatbots, cut and paste, and data leaksOur guest for this episode is Tim Freestone, of Kiteworks. He’s a long-standing expert in data protection and data privacy. And he's been following the growth of AI, and what it means for data privacy, security and confidentiality.
Even data specialists have been surprised by the rapid take up of generative AI and its benefits. But do we have the measure in place to guard against the potential security risks it brings?
It is not just malicious hackers who make AI tools such as chatbots a risk. Even something as simple as pasting information in...
2024-08-0129 minSecurity InsightsIT, OT, and CNI: a hidden threat?Any advanced economy relies on the smooth running of its infrastucture.
And whether it’s transport, logistics, healthcare, the banking system, manufacturing – even food production – industrial and operational systems are what keeps it all running.
Those systems are now being targeted by malicious actors. Both state-sponsored and criminal groups are looking closely at operational technology and industrial systems.
Recent research suggests that many, if not most, of the groups attacking critical national infrastructure are linked to national intelligence agencies. And that raises some difficult questions about how both businesses, and their governments, should respon...
2024-07-1929 minSecurity InsightsRansomware: can transparency bring security?It's hard to put an exact figure on ransomware attacks. All the available research shows incidents continue to grow year on year, and that the vast majority of cyber incidents are now ransomware or other extortion attacks.
But could more transparency and information sharing help defend against ransomware?
If more organisations disclosed attacks, we would have a clearer picture of the problem and be able to respond more quicky to new techniques or attack vectors.
That's the argument put forward by this week's guest.
Sabeen Malik is vice president of global...
2024-07-0529 minSecurity InsightsCyber war: new lessons from history?The idea of cyber war is not new; researchers first suggested the concept 30 years ago.
Since then, there's been a debate on what cyber war means and what can be done to prevent it.
Some experts even suggest cyber war is already happening, even if it is mostly in the shadows.
For Peter Kestner, the rise of cyber attacks and an increasingly volatile geopolitical situation were just two of the reasons to examine cyber warfare in more detail.
Peter is both a keen student of history, and a cybersecurity professional with...
2024-06-2029 minSecurity InsightsA CISO's Journey: Mani Nagothu, SentinelOneThe CISO’s role is changing; that is clear enough.
Indeed, constant change and the need to adapt is always a feature of cybersecurity.
And that’s why our guest this week lists curiosity as one of the key attributes for a cybersecurity career.
Mani Nagothu is field CISO at SentinelOne. Before that she headed up IT security for an energy company. That followed a career as a consultant.
But she didn’t start out in cybersecurity, but as an engineer. And the CISO’s role itself is becoming less technical, and more...
2024-06-0629 minSecurity InsightsCyber on demand: filling the skills gap?The cybersecurity skills gap is a problem that won't go away.
Worldwide, there are close to 3.5 million vacancies in the industry. The problem seems to be worsening, not least because we are all doing more business online.
And moves to recruit and retain more staff, as well as to widen the talent pool, take time.
In the immediate term this leaves CISOs with gaps to fill. One option is outsourcing. Another is to use “on demand” cyber specialists. But how do these options work with building larger and more effective in-house teams?
Do...
2024-05-2329 minSecurity InsightsChief Business Security Officers: a CISO's new ally?What is a chief business security officer, and what do they do?
IT and data security are increasingly important. But so too are physical security and resilience.
The chief business security officer, though, is a fairly new addition to the security team.
Over the next three episodes of the Security Insights podcast, we’ll look at the changing role of the CISO, the role interim or outsourced security professionals can play in plugging the skills gap.
We’ll cover the role of interim and virtual CISOs, and whether outsourcing parts of secu...
2024-05-0931 minSecurity InsightsRansomware: should payments be banned?Ransomware now accounts for the vast majority of cyber attacks.
But regulators and law makers are increasingly concerned about the money being paid out to ransomware groups -- often, it is used to fund further crime.
Should paying ransoms be banned? Would a ban improve security, or make matters worse? And what steps can organisations take, to cut the risk of falling victim to a ransomware attack in the first place?
Our guest this week is Ian Thornton Trump, CISO at Cyjax. He believes that calls to ban ransomware are misplaced; a ban...
2024-04-2529 minSecurity InsightsCloud security: an identity problemIn this episode, we look at why a lack of robust identity controls are one of the biggest causes of cloud security failures.
Cloud operators, at least the larger ones, now have robust security in place. But that security is there, first and foremost, to protect their business. The "shared responsibility model" means that users are responsible for their data and applications.
The problem, as our guest this week identifies, is that senior managers fail to understand that point, and expect the cloud to fix everything.
It won't, and as Jennifer Cox, member...
2024-04-0436 minSecurity InsightsThe end of passwords?Are passwords now a security risk? And if they no longer work, what should replace them?
In this episode, we speak to https://www.linkedin.com/in/johncapps/ at VIDA Digital Identify, and Ev Kontsevoy, CEO of infrastructure access firm Teleport.
They argue that relying on "secrets" and data to prove identity no longer guarantees security. Alternatives, including zero trust, hold out a lot of promise. But moving to zero trust needs the whole organisation behind it -- it's as much about culture as technology.
2024-03-2137 minSecurity InsightsCritical National Infrastructure: changing threatsHow are the threats to critical national infrastructure evolving, and how do we counter them?
And are we seeing a shift from attacks based on data and ransomware, towards disruption.
In this episode, we welcome back a previous guest, Trevor Dearing.
Trevor is Director of Critical Infrastructure at Illumio.
Trevor’s work is increasingly focused on resilience, and helping organisations to survive and recover from attacks.
We discuss how organisations in the CNI space need to improve their ability to react to, and survive, a cyber attack.
Af...
2024-03-0729 minSecurity InsightsDORA: one year to goThe EU’s Digital Operational Resilience Act, or DORA, comes into force in January 2025. So there is not much time for affected organisations to prepare.
DORA sets out to improve cybersecurity — or ICT risk management — across the EU’s financial services sector.
The Act covers both regulated firms and what the EU terms “critical third parties” in their supply chains. In fact managing third party risk is a big part of DORA, along with measures such as improved resilience testing, incident management plans, and strict reporting requirements.
Our guest is DORA expert and director of...
2024-02-2227 minSecurity InsightsCyber governance: a new UK code of practice?The UK Government's Department of Science, Innovation and Technology (DSIT) is consulting on a new code of practice for business leaders, which aims to "improve cyber resilience across the UK economy".
But how will this operate, and will another code of practice -- alongside a host of existing laws and industry regulations -- help organisations be more secure?
We discuss this with our guest Amanda Finch, CEO of the Chartered Institute of Information Security.
Listeners can find out more about the proposed Code of Practice and the consultation on the UK Government's cyber...
2024-02-0828 minSecurity InsightsWeb apps and security weaknessesAs many as a third of serious vulnerabilities could be in web applications. But securing web apps, APIs and web-based interfaces is a challenge.
In this episode, we look at why vulnerabilities have seen a steady uptick over the last few years, how identifying and securing vital web applications is essential to enterprise security, and why a fixation on technical CVEs does little to boost defences.
Plus, why both security pros and reporters like a pie analogy.
Our guest is Alex Kreilein, vice president for product security at Qualys. Interview by Stephen Pritchard.
2024-01-2527 minSecurity InsightsSecurity in 2024: AI, skills, and a seat on the boardWhat are the key security challenges for 2024? And how will CISOs address them?
In our first episode for Series 5, Security Insights is joined again by Chris Dimitriadis, Chief Global Strategy Officer at ISACA.
He explains why AI both poses risks, and offers benefits, why the cyber skills shortage is not going away, and how cybersecurity's voice needs to be heard by the board.
Interview by Stephen Pritchard.
2024-01-1129 minSecurity InsightsSecurity Insights: 2023 year in reviewIn our final episode of this season, and indeed for this year, we look at some of the key trends in cybersecurity during 2023. And we discuss some of the steps CISOs might need to take, to safeguard their organisations in 2024.
Our special guest is the CEO of the Chartered Institute of Information Security (CIISec), Amanda Finch.
2023-12-2828 minSecurity InsightsCyber: crime’s digital economyNothing seems able to stop the growth of cybercrime. And ransomware, above all, has woken up boards to the threat.
But there is more to cybercrime than ransomware, and the drivers behind online crime are varied too. And the scale of the problem means that few, if any, organisations can tackle it alone.
Our guest this week is security expert, chief scientist at Rapid 7 and Europol EC3 adviser Raj Samani. He talks to Stephen Pritchard about why cybercrime is far more than an IT security issue, and why a range of responses will be needed...
2023-12-1429 minSecurity InsightsQuantum computing: a security risk?Could quantum computing threaten our day to day security, and even the fabric of the internet? Researchers are increasingly concerned about the risks quantum technology poses to encryption.
Organisations need to act now, if they are they are to secure their data and their operations, argue this week's guests.
Ramy Shelbaya is CEO and co-founder of Quantum Dice. That’s a business spun out of Oxford university’s quantum optics lab – and which is now using quantum mechanics to create a self-certifying quantum random number generator.
And Axel Poschmann is a cybersecurity expert with a...
2023-11-3029 minSecurity InsightsThe Cyber Resilience Act: a law with unintended consequences?The upcoming European Cyber Resilience Act sets out to boost security for anything with “digital elements”.
The Act will apply to hardware and software. The idea is to make it easier to update devices, and to fix any vulnerabilities.
Why, then, has a group of cyber security professionals written an open letter to the European Commission asking them to change a key part of the proposed rules?
Experts are concerned that, by requiring organisations to disclose vulnerabilities within 24 hours, the Act could increase, rather than reduce, risks.
Our guest today is Chri...
2023-11-1629 minSecurity InsightsOpen source: a security risk?As many as 96 per cent of vulnerabilities in open source software are because developers use an outdated, or unpatched version of the code.
And this matters, because open source is now the building block of almost all enterprise software, web applications, and even the code that runs consumer technology.
But open source can be secure. It just needs developers, and the organisation they work for, to think about security throughout the software lifecycle.
With guest Brian Fox, CTO and co-founder at Sonatype.
2023-11-0230 minSecurity InsightsAutomation and the cybersecurity skills gapThe cybersecurity industry faces an ongoing -- and some say worsening -- skills gap.
Both the private and public sectors need more skilled security professionals, as more operations go online. And there is only so much the education system, or training within the business, can do to solve the problem.
So do we need to rethink how cybersecurity operates? Perhaps it is time for the industry to undergo its own digital transformation, and look at automation to take the load off human professionals.
Our guest is Marie Wilcox, board director at the Chartered...
2023-10-1929 minSecurity InsightsCyber resilience: are we prepared?Most boards -- and certainly all CISOs -- now understand that it is not if a cyber attack happens, but when.
None the less, organisations are not doing enough to ensure that they can continue to operate during a cyber attack, and recover from it.
And the latest UK Government Cyber Security Breaches survey goes further, suggesting that not only are organisations failing to invest in cyber security, but in some cases, are going backwards. They are paying less attention to the basic "cyber hygiene" measures that can help prevent breaches in the first place.
2023-10-0529 minSecurity InsightsDefending healthcare in cyberspaceHealthcare is coming under an increasing volume of cyber attacks, especially since the pandemic.
And attacks are spreading to smaller health care outfits, such as ambulance services, suppliers to the health care system, and the pharmaceutical industry.
Much of this is being driven by ransomware, but we are also seeing more complex attacks.
How can healthcare organisations protect themselves?
Our guest is Trevor Dearing, Director of Critical Infrastructure at Illumio, who reports that a growing percentage of his work now involves the health sector.
2023-09-2129 minSecurity InsightsCyber war: is it everyone’s business?Is cyber war a risk that only governments can deal with? Or should enterprises be prepared to mount their own defences?
In this episode we speak to Prof Richard Benham, a UK Government adviser on cyber security, the first professor in cyber security management, Patron of The National Museum of Computing at Bletchley Park, and non-executive director at Emerge Digital.
He believes that, in some ways, a cyber war has already started. He speaks to editor Stephen Pritchard about the reasons why, and sets out what organisations can do to protect their digital assets and...
2023-09-0735 minSecurity InsightsCloud insecurity: leaving the keys in the door?The cloud is now a mainstream technology across both the public and private sectors. Its flexibility and scaleability are attractive to organisations of all sizes, and early concerns about security have been addressed.
Or have they?
There is growing evidence that data breaches and attacks, such as ransomware, are exploiting gaps in cloud security.
All too often, this is because security measures have not been deployed, or cloud resources are misconfigured.
And bad actors can exploit those gaps, possibly within just minutes.
Research by vendor Qualys, for their Totalcloud...
2023-08-2429 minSecurity InsightsDeep fakes, AI and digital trustWithout trust, we can’t have security. But the growth of the digital economy, and the wider online world, is changing our idea of trust.
A lot of the ways we identified and trusted the people, and organisations in the physical world are not easy to replicate online.
And, as well as removing the human traits that help us to establish trust – from eye contact or a handshake, to a tone of voice – it's becoming harder to identify if another person is who they say they are. In fact, it's now hard to be sure if the...
2023-08-1133 minSecurity InsightsBiometrics: Eyes in the sky?Biometric technology promises both security and convenience: there's a reason the leading smartphone makers have adopted face ID, or fingerprint scanners.
But improvements in computing power and AI, as well as more powerful sensors, have opened up entirely new fields, such as remote surveillance.
Are we comfortable with systems that can pick out a face from a crowd?
And how do we feel about artificial intelligence making decisions about those images, such as whether someone’s actions look suspicious?
Our guest is one of the leading experts on these issues. Tony Po...
2023-07-2729 minSecurity InsightsBuilding security capability at Thrive HomesThis week's episode is an insider's account of exactly what it takes to review, and build up, an business' cyber defences.
When John Stenton took over as head of IT at housing provider Thrive Homes, he admits technology was a "bit of a mess". And a lot needed to be done, both to review security and to reassure the board.
Thrive Homes is fairly typical of the type of mid-sized organisation that didn't see itself as being in the cyber front line. But, as Stenton explains, any organisation can be a target especially when they...
2023-07-0629 minSecurity InsightsPeople and cyber resilience: the human factorCybersecurity is about technology, processes and above all, people.
And with CISOs' growing emphasis on resilience in the face of cyber attacks, perhaps it is time to look at the human factors involved in combatting and recovering from an incident.
How can we help our teams make the right decisions, and cope under pressure?
In this episode, we look at an investigation into workforce resilience, carried out by Osterman Research for Immersive Labs. Our guest is Immersive Labs' VP of Cyber, Max Vetter.
2023-06-2225 minSecurity InsightsCRA and DORA: New laws, new defences?The next few years will see the European Union introduce new laws governing cybersecurity.
These include the Cyber Resilience Act, and DORA.
DORA -- or the Digital Operational Resilience Act -- looks to improve overall ICT resilience in the financial services sector. But as our guests this week point out, its impact is likely to be felt by other sectors too.
The Cyber Resilience Act is more broadly based, and sets out baseline security requirements for both hardware and software or, as the text states, anything with a digital element.
Security...
2023-06-0835 minSecurity InsightsCRESTCon 2023: CREST President, Rowland JohnsonIn our second podcast from CRESTCon Europe 2023, we catch up with Rowland Johnson, CREST President.
CREST is a non profit organisation focused on building standards in cyber. This includes accreditation of companies and certification of individual cybersecurity professionals.
The cybersecurity sector faces a number of challenges: professionalisation, improving diversity, dealing with a stubborn skills shortage and the potential, and potential threats, of AI.
So how does the industry — and the organisations it serves — move from what Johnson describes as a “market failure” to a collaborative world based on a network of trust?
And h...
2023-05-3129 minSecurity InsightsNation state cyber attacks: part 2: evolving threats, adapting defenceIn this second part of our analysis of nation state cyber attacks, we look at how threats are evolving, and how increasingly private businesses are their targets.
According to research by analysts Forrester, nation state attacks are becoming both more frequent, and more severe. And attackers have widened both their objectives, and their methods.
But can organisations, especially in the private sector, defend themselves against these attacks? Forrester has put together a model setting out one way to do just that.
Our guest is Allie Mellen, senior analyst covering cybersecurity at Forrester, and...
2023-05-2529 minSecurity InsightsCRESTCon 2023: Security and integrity with Jon Geater, RKVST and IETFOver the last few years, security professionals have become increasingly concerned about where software, and software components, come from.
A growing number of significant security breaches have been caused by vulnerabilities in the software supply chain.
But should we now start to look beyond just software, and look at data too?
Jon Geater thinks we should. The keynote speaker at this year’s CRESTCon Europe, Jon is co-founder at RKVST and co-chair if the IETF’s supply chain integrity, transparency and trust working group.
Here, he discusses with editor Stephen Pritchard how...
2023-05-2429 minSecurity InsightsCNI, healthcare and cyber threatsAny system that is connected to the public internet is at risk of cyber attack. And any system that connects to a network or other system connected to the internet, is also at risk.
This poses dilemmas for operators of critical infrastructure. Devices and applications developed to run on standalone infrastructure, often with specialist operating systems, are not designed to work safely online.
How, then, can organisations operating critical national infrastructure, protect their systems from cyber attack and still benefit from connectivity to the outside world, as well as the economies of off the shelf te...
2023-05-1129 minSecurity InsightsInsight Interview: Chris Dimitriadis, ISACAISACA today is one of the principal organisations providing accreditation and skills training for infosecurity professionals.
But that's not all it does. The organisation is involved in standards as well as developing developing tools for secure and software development and driving areas such as digital trust.
That puts ISACA in a very good position to take the pulse of the cybersecurity industry. Our guest for this episode is Chris Dimitriadis, who is their Chief Strategy Officer.
In a wide ranging interview, he discusses the growth of nation state threats and cybercrime, the industry’s...
2023-04-2729 minSecurity InsightsNation state cyber attacks: an unstoppable force?Nation state attacks are now an unavoidable part of the cybersecurity landscape.
And increasingly, these attacks are either targeting commercial organisations, to gather intelligence, steal intellectual property or simply for political or diplomatic leverage.
Even if there is no specific hostile intent, businesses and public sector bodies risk being caught in the spill over from attacks aimed elsewhere.
Can organisations defend themselves against an attacker with the resources of a nation state behind them? And how does the nation-state threat rank against other risks?
Our guest this week is Rafe Pilling...
2023-04-1334 minSecurity InsightsCyber skills: are we our own worst enemy?The cybersecurity industry has long complained of a skills shortage.
But is the industry itself at least partially to blame?
From recruitment processes to training, development and retention, and a lack of diversity, there is certainly work to be done. And with no let up in cyber threats, and a growing demand for skilled staff, this needs to be tackled with urgency.
Our guests this week are setting out to do that. Sally Walker is a former director of cybersecurity at GCHQ. She is now neurodiversity champion at WithYouWithMe, a social impact company...
2023-03-3035 minSecurity InsightsData privacy, AI and the boardIs data privacy still something businesses need to worry about?
With financial pressures, rising inflation, the continuing aftermath of the pandemic and the ongoing challenge of recruiting skilled people – especially for technical roles – it would be understandable, if privacy had slipped down the agenda.
Our guest this week, though, argues that it is wrong to overlook privacy concerns and data protection.
Camilla Winlo is head of data privacy at Gemserv. She points to new legislation, the need to use data to create competitive advantage and even the growth of AI as reasons to pay...
2023-03-1630 minSecurity InsightsGPT-3, Generative AI, and cyberthreatsOver the last few months, AI has attracted even more attention than usual. Much of this is driven by OpenAI's ChatGPT tool, which allows anyone to create convincing, "human sounding" text from just a web browser.
But GPT-3 and generative AI can be misused, and could make it easier to carry out cybercrime or create fake news. Although ChatGPT has safeguards built in, the tools to create natural language text are becoming cheaper.
Security researchers at Finnish firm WithSecure put this to the test, in an EU supported project. They used a range of scenarios...
2023-02-2829 minSecurity InsightsSecurity, diversity and resilienceIT security and business resilience are often viewed as separate disciplines. But both are now squarely board-level issues.
The challenge for IT directors and cybersecurity leaders, though, is that teams, technologies and practices exist in their own silos. This makes it harder for a business to defend itself, and harder for it to recover if defences are breached.
Our guest this week is Elizabeth Green. She is European advisory and cyber leader at Dell Technologies. Her background is in data and data protection – joining Dell when it acquired storage vendor EMC – so she has a deep...
2023-02-1729 minSecurity InsightsBenchmarking, checkboxes and cyber hygieneIt’s often said that the cybersecurity and data privacy worlds rely too much on checkbox compliance exercises – and fail to get to grips with the real issues that put data and systems at risk.
But how true is that? Organisations face both increasing threats and increasing regulatory burdens. And often, CISOs and other business leaders lack a true picture of good practice.
This has prompted security researchers at Panaseer to develop a series of real-world security benchmarks.
The research came up with 18 steps, that look more deeply at security standards and controls. The...
2023-02-0229 minSecurity InsightsCritical infrastructure, cyber threats, and lessons from UkraineIn this episode we look at the continuing threats to critical national infrastructure, or CNI.
National infrastructure is under attack from both nation state actors, and from ransomware gangs and other crime groups.
And, as the war in Ukraine has shown, energy and power generation is especially vulnerable. Are we set to see more politically motivated cyber attacks, and are we likely to see more use of cyber warfare, alone or in combination with conventional military tactics?
Our guest this week is Jon Moran, a law enforcement veteran and former incident response consultant...
2023-01-1829 minSecurity InsightsCybersecurity in 2023In this extended episode, we review the key cybersecurity events of 2022, and analyse likely developments, and priorities, for 2023.
We look at Log4J, ransomware and "wiper" malware; the geopolitical situation and how the war in Ukraine is impacting cyber security, and the ongoing challenge of the industry's skills shortage.
And we review CISOs' priorities for the coming year, changes in both the threat environment and the regulatory landscape, and discuss security teams will need to handle ever more complex relationships as they look to protect supply chains.
Our guests are Sue Milton, of...
2023-01-0437 minSecurity InsightsUkraine, geopolitics and cyber riskRussia's invasion of Ukraine has brought war to the European continent once again.
And the conflict has, inevitably, brought an increase in cyber attacks against both Ukraine and its supporters.
That those attacks have not done more damage, or achieved a higher profile, is largely down to the defensive capabilities both of Ukraine and NATO.
But increasingly Russia is trying to combine cyber with physical attacks on critical infrastructure in Ukraine. How can states defend themselves against these blended attacks, and new vectors such as wiper malware? And what can NATO, and other...
2022-12-2229 minSecurity InsightsFake apps and novel phishing attacksAccording to cybersecurity researchers, attackers are turning to new and dangerous methods to carry out phishing attacks.
As security teams have improved their defences, especially around email, so the attackers have adapted too. They are using fake web apps, blog posts and even exploiting the way search engines operate, to spread malware.
In this episode we speak to Ray Canzanese, the director of Netskope’s Threat Labs and the organisation behind the research. He explains the new attack vectors, and how we can counter them, to Stephen Pritchard.
2022-12-0729 minSecurity Insights5G: Revolution or security risk?Over the last few years 5G networks have expanded quickly, offering faster speeds and greater capacity than previous wireless networks.
And although take up has been fastest among consumers, businesses and the public sector are looking to 5G as well, as it offers a boost in both performance and flexibility.
Applications include the internet of things, logistics and transportation, as well as telemedicine and public safety.
But 5G could also come with a significant security impact. It offers a greater attack surface, and organisations will need to adapt if they are going to...
2022-11-2427 minSecurity InsightsNeurodiversity, neurodivergence, and cyberWith the skills crisis in cyber now well established, organisations are having to look beyond the conventional methods to fill vacancies.
Expanding the pool of potential talent is a key to this.
Until recently, though, little attention was paid to neurodiversity, and the idea that neurodivergent candidates -- including people with ADHD and autism -- can be highly effective cyber specialists.
But neurodivergent people face challenges entering into the workforce. Often, very bright and talented people face long-term unemployment, as conventional recruitment and career pathways are not adapted to their needs.
I...
2022-11-0229 minSecurity InsightsCyber’s $150bn black hole: operationalising cybersecurityCybersecurity spending seems to be on a never-ending upward curve. But this spending, spending, which analysts put at US$150bn annually, doesn't seem to reduce the number of cyber threats.
Could it be that we need a new approach to security?
Our guest this week is Jason Hart, CTO, EMEA at Rapid7. He argues that the problem is that we are spending money, but are not making security part of the culture, or central to how we do business.
In this episode, we look at whether a new approach could both make organisations s...
2022-10-1929 minSecurity InsightsDDoS’ shifting focus: war, religion and politicsOver the last six to twelve months security researchers have seen a shift in the pattern of cyber attacks, as the impact of the pandemic has largely been replaced by a focus on the Russian invasion of Ukraine.
Security firm NETSCOUT runs one of the largest monitoring projects for DDoS attacks. They have, for example, seen falls globally in DDoS activity, but an increase in the EMEA region.
Deterring and prosecuting those behind the attacks is as hard as ever, argues Richard Hummel, ASERT Threat Intelligence Lead, at NETSCOUT.
But, he says, there...
2022-10-0533 minSecurity InsightsWhy do we love weak passwords?Passwords are still a cornerstone of web security, especially for consumer-facing sites.
But convincing consumers, and firms, to use stronger passwords remains a struggle
Steven Furnell is a senior member of the IEEE, and professor of cybersecurity at the University of Nottingham.
For the last 15 years, he has been tracking the password policies of leading web and ecommerce sites. Do they, for example, allow weak or easy to guess passwords?
And how easy do they make it for users to pick stronger passwords, or to use alternatives such as multi-factor authentication?
2022-09-2131 minSecurity InsightsRisk or reward: can we control cyber risks?How can we control cyber risks? And how do cyber risks stack up, against the other challenges facing business?
Cyber threats have risen steadily over the last few years, and the move to digital business has created its own security challenges.
But at the same time, conventional risks have not gone away. Only recently we've seen wildfires and floods. And we are still feeling the after effects of the global pandemic.
How does an organisation balance physical threats and cyber risks, against the need to become more efficient and to grow? And how...
2022-09-0731 minSecurity InsightsClosing the skills gap – part 4: Michael Smith, NeustarIs there a "hiring gap" in cybersecurity?
Over the last few episodes on Security Insights, we’ve looked more deeply at the skills skills shortage. But is the problem as much down to matching candidates to roles, as it is finding the right people?
And are organisations failing to do enough to develop the staff they do recruit, and so ensuring they stay?
In week's episode, our guest Michael Smith, field CTO at Neustar Security Services, argues that the issue goes beyond skills alone. And firms need to invest more in security, and in...
2022-08-2429 minSecurity InsightsClosing the skills gap: part 3 - Karen Worstell, VMWareHow early do we need to start to awaken interest in cybersecurity, and indeed technology, as a career?
In this week's episode, VMWare's senior security advocate, Karen Worstell, argues that we might need to go back as far as early years education. Then, of course, we need to maintain and develop that interest, as a young person moves through education and on to their career.
And there's also more industry can do, from developing people at the starts of their careers to improving the levels of built-in security in any connected device, she says.
2022-08-0529 minSecurity InsightsClosing the security skills gap - Part 2: Tia HopkinsIn the second part of our series on the cyber skills crisis, we take a deeper look at the challenges around recruiting entry level staff – and the knock on effect that has on finding mid-tier and experienced hires.
Our guest this week is Tia Hopkins. Based in New York, she is field CTO and chief cyber risk strategist at eSentire.
In addition, Hopkins teaches cyber security, is working on her PhD, and is CEO of Empow(H)er Cybersecurity, which mentors women of colour in the cyber security industry.
How, then, do we en...
2022-07-2029 minSecurity InsightsClosing the security skills gap - part 1: Deryck MitchelsonUK businesses are short of skilled cybersecurity professionals, and the number of vacancies is in the tens of thousands.
Worldwide, the shortfall is in the millions.
But what are the reasons? Is it cultural, problems with education, a lack of diversity?
And what is the impact on organisations in the public and private sector?
Over the next few weeks, Security Insights will attempt to answer at least some of these questions.
Our first guest in the series is Deryck Mitchelson, former Director of National Digital and Chief Information Security...
2022-07-0629 minSecurity InsightsSurviving a ransomware attackWhen IT director Tony Mendoza found his company under attack by a ransomware group, there was no playbook for how to respond. He and his team had to react -- at speed -- to a rapidly developing situation.
Fortunately his organisation, technology vendor Spectra Logic, survived the attack and was able to restore its data. But he learned some hard lessons about managing a crisis, building defences and, above all, why it pays to accept that an attack will happen.
In this episode, Mendoza recalls his experience to Security Insights editor, Stephen Pritchard.
2022-06-2929 minSecurity InsightsSecurity, SMEs, and new ways of workingSmaller businesses are no means immune to cyber attack.
In fact, there is growing evidence that criminal groups are targetting smaller businesses.
One reason is the changes to working practices brought on by the pandemic, with more remote access and the use of consumer IT. And smaller firms are being used as a way to infiltrate the supply chains of their larger customers.
What, though, can smaller companies do to improve their security?
Improved training, clearer IT policies and better use of security tools, including those that come with SaaS suites...
2022-06-0829 minSecurity InsightsCritical infrastructure, and geopolitical risk - Mathieu GorgeIn the current climate, operators of critical infrastructure are finding themselves in the front line.
And it is not just the obvious and traditional fields of CNI, such as energy or transport, that are under threat. The banking system, healthcare, manufacturing and food supply are all part of geopolitical risk, and at risk of cyber attack.
So just how vulnerable is critical infrastructure to cyber attack? And how should governments and industry work together to improve security?
Our guest this week is security and risk consultant Mathieu Gorge. He also runs the Vigitrust...
2022-05-2529 minSecurity InsightsMalware, security and the cloudIn this episode we look at the risks and threats facing the cloud, with Ray Canzanese, director at Netskope’s Threat Labs.
The firm has just released its latest Cloud and Threat Report, and Canzanese talks through some of the highlights, including the use of PDFs and search engines to deliver malware, and the (mis)use of cloud storage.
2022-05-1129 minSecurity InsightsRed Teams and Cyber WarHow do organisations prepare for cyber attacks? Does “red teaming” work? And how close are we to cyber war?
Over the last few years, more firms have turned to red team security testing, putting their organisations through realistic attack simulations. But how do we balance the cost and time these tests demand, with the wider needs of the business?
Our Insights Interview guest this week is Reuven Aronashvili, founder and CEO of Israeli cybersecurity company CYE. Today, he works with large enterprises globally to help them tackle the most difficult cyber challenges.
Before that...
2022-04-2734 minSecurity InsightsSurviving a crisis: the psychology of cyber attacksNearly everyone in cyber talks about people, process and technology. But often, the people side is mentioned only in passing.
But it is people that determine how well an organisation handles a cyber attack, and how quickly it recovers. Processes and technology are vital, of course. But as our guest this week says, behind every piece of wire, there is a human being.
Rebecca McKeown is the director of human sciences at Immersive Labs. A psychologist who has worked with militaries, aviation, governments and organisations involved in critical national infrastructure, she argues that we’re no...
2022-04-1429 minSecurity InsightsDenial of service: attacks on the rise?Distributed denial of service attacks -- or DDoS -- are up 14 per cent on 2019's figures, according to research by security firm NETSCOUT.
And attacks are becoming more complex, with some using as many as 26 different vectors.
At the same time, there is a massive online market for DDoS attacks, with a terabit-class attack costing as little as $6500. Sites on the dark web even offer criminal hackers free trials of their wares, so the barriers to entry are effectively zero.
What, then, can security teams do to counter the DDoS threat? An...
2022-03-3029 minSecurity InsightsIs mobile a security weak spot?Are we underestimating the security threats to mobile devices – and indeed the threats to mobile infrastructure?
Organisations of all sizes now depend heavily on mobile devices. But, although mobile security rarely makes the headlines, the risks posed by ever more powerful devices, and networks, are all too real.
In fact, this week's guest argues that mobile devices were never designed to operate on corporate networks.
Andy Brown is the CTO at Mobliciti. His firm’s been running mobile infrastructure for enterprises since 2009, and he monitors the mobile threat closely. He discusses how the way...
2022-03-1629 minSecurity InsightsIdentity, deception and compromised credentialsStolen or compromised identities have been an attack vector for years, if not decades. Even now, organisations are failing to protect against compromised identity. Identity is one of security’s critical weak spots. But why is this?
Once an attacker breaches defences, it is still too easy for them to move laterally, and to attack higher value targets, or as we've seen recently, attack an organisation with ransomware.
Our guest this week is chief security architect and formally the chief deception officer at Attivo, Carolyn Crandall
She argues that it is changing technology and...
2022-02-2329 minSecurity InsightsThe tale of a stolen iPadWhat happens if your personal devices are stolen? Few victims of theft recover their goods. But the loss of the hardware might only be the start of their problems.
There is a growing black market in stolen devices, but also in tools that can unlock them, to steal credentials or to attack other networks. People who lose a device can be a victim twice over, if hackers then use their own property to target their identity.
In this week’s episode, security researcher Adalsteinn Jonsson explains how this is exactly what happened to his partner, an...
2022-02-0929 minSecurity InsightsAgeism in Infosec: Are we losing the older generation?Is ageism a problem in cybersecurity, and IT?
The pandemic has accelerated a trend that observers were already warning about: older staff are leaving IT security. And with them, their knowledge and experience leaves too.
What then can be done to encourage older workers to stay in the industry? Is ageism a problem, and if it is, how do we counter it?
This week’s guests are inter-generational diversity expert and author, Henry Rose Lee and Gernot Hacker, from cybersecurity firm Appgate. Appgate recently commissioned a focus group study looking at attitudes to ag...
2022-01-2629 minSecurity InsightsThe security of things: protecting the IoTThe Internet of Things continues to grow at pace. But are its security flaws being addressed?
Industrial, operational technology and consumer devices are increasingly connected, but security is too often an afterthought, with flaws such as default passwords and insecure firmware. And many IoT devices are hard to patch, if they can be upgraded at all.
The result is an expanding attack surface, that risks undermining the benefits of IoT technology. But could 2022 be the year this is changes? The UK has introduced a voluntary code of practice, Secure By Design, an...
2022-01-1229 minSecurity Insights2021: Year in ReviewIn this programme, Security Insights invites a selection of industry experts to look back at 2021, and to give their outlook for cybersecurity in 2022.
This episode's guests are:
Piers Wilson, director, Chartered Institute of Information Security
Dr Ian Pratt, Global Head of Security at HP
David Carroll, MD, Nominet Cyber
Jamie Collier, cyber threat intelligence consultant, Mandiant.
Episode edited by Stephen Pritchard
2021-12-1629 min