Afleveringen
-
In this episode, we look at why a lack of robust identity controls are one of the biggest causes of cloud security failures.
Cloud operators, at least the larger ones, now have robust security in place. But that security is there, first and foremost, to protect their business. The "shared responsibility model" means that users are responsible for their data and applications.
The problem, as our guest this week identifies, is that senior managers fail to understand that point, and expect the cloud to fix everything.
It won't, and as Jennifer Cox, member of the global engineering team at Tenable, and director for Ireland of Women in Cybersecurity, warns "it always makes me a bit nervous when people think that something is foolproof".
-
Are passwords now a security risk? And if they no longer work, what should replace them?
In this episode, we speak to https://www.linkedin.com/in/johncapps/ at VIDA Digital Identify, and Ev Kontsevoy, CEO of infrastructure access firm Teleport.
They argue that relying on "secrets" and data to prove identity no longer guarantees security. Alternatives, including zero trust, hold out a lot of promise. But moving to zero trust needs the whole organisation behind it -- it's as much about culture as technology.
-
Zijn er afleveringen die ontbreken?
-
How are the threats to critical national infrastructure evolving, and how do we counter them?
And are we seeing a shift from attacks based on data and ransomware, towards disruption.
In this episode, we welcome back a previous guest, Trevor Dearing.
Trevor is Director of Critical Infrastructure at Illumio.
Trevor’s work is increasingly focused on resilience, and helping organisations to survive and recover from attacks.
We discuss how organisations in the CNI space need to improve their ability to react to, and survive, a cyber attack.
After all, a failure to do so could cause widespread economic and social disruption.
-
The EU’s Digital Operational Resilience Act, or DORA, comes into force in January 2025. So there is not much time for affected organisations to prepare.
DORA sets out to improve cybersecurity — or ICT risk management — across the EU’s financial services sector.
The Act covers both regulated firms and what the EU terms “critical third parties” in their supply chains. In fact managing third party risk is a big part of DORA, along with measures such as improved resilience testing, incident management plans, and strict reporting requirements.
Our guest is DORA expert and director of consulting firm SECFORCE Rodrigo Marcos.
-
The UK Government's Department of Science, Innovation and Technology (DSIT) is consulting on a new code of practice for business leaders, which aims to "improve cyber resilience across the UK economy".
But how will this operate, and will another code of practice -- alongside a host of existing laws and industry regulations -- help organisations be more secure?
We discuss this with our guest Amanda Finch, CEO of the Chartered Institute of Information Security.
Listeners can find out more about the proposed Code of Practice and the consultation on the UK Government's cyber security site.
-
As many as a third of serious vulnerabilities could be in web applications. But securing web apps, APIs and web-based interfaces is a challenge.
In this episode, we look at why vulnerabilities have seen a steady uptick over the last few years, how identifying and securing vital web applications is essential to enterprise security, and why a fixation on technical CVEs does little to boost defences.
Plus, why both security pros and reporters like a pie analogy.
Our guest is Alex Kreilein, vice president for product security at Qualys. Interview by Stephen Pritchard.
Listeners can also view the Qualys research on the firm's blog.
-
What are the key security challenges for 2024? And how will CISOs address them?
In our first episode for Series 5, Security Insights is joined again by Chris Dimitriadis, Chief Global Strategy Officer at ISACA.
He explains why AI both poses risks, and offers benefits, why the cyber skills shortage is not going away, and how cybersecurity's voice needs to be heard by the board.
Interview by Stephen Pritchard.
-
In our final episode of this season, and indeed for this year, we look at some of the key trends in cybersecurity during 2023. And we discuss some of the steps CISOs might need to take, to safeguard their organisations in 2024.
Our special guest is the CEO of the Chartered Institute of Information Security (CIISec), Amanda Finch.
-
Nothing seems able to stop the growth of cybercrime. And ransomware, above all, has woken up boards to the threat.
But there is more to cybercrime than ransomware, and the drivers behind online crime are varied too. And the scale of the problem means that few, if any, organisations can tackle it alone.
Our guest this week is security expert, chief scientist at Rapid 7 and Europol EC3 adviser Raj Samani. He talks to Stephen Pritchard about why cybercrime is far more than an IT security issue, and why a range of responses will be needed to reduce the threat.
-
Could quantum computing threaten our day to day security, and even the fabric of the internet? Researchers are increasingly concerned about the risks quantum technology poses to encryption.
Organisations need to act now, if they are they are to secure their data and their operations, argue this week's guests.
Ramy Shelbaya is CEO and co-founder of Quantum Dice. That’s a business spun out of Oxford university’s quantum optics lab – and which is now using quantum mechanics to create a self-certifying quantum random number generator.
And Axel Poschmann is a cybersecurity expert with a background in both the industry and academia. Currently, he works at PQShield, another business with links to Oxford, and which specialises in quantum-resistant cryptography.
We asked them to explain why quantum threatens security, and what CISOs can do about it.
Interviews by Stephen Pritchard
-
The upcoming European Cyber Resilience Act sets out to boost security for anything with “digital elements”.
The Act will apply to hardware and software. The idea is to make it easier to update devices, and to fix any vulnerabilities.
Why, then, has a group of cyber security professionals written an open letter to the European Commission asking them to change a key part of the proposed rules?
Experts are concerned that, by requiring organisations to disclose vulnerabilities within 24 hours, the Act could increase, rather than reduce, risks.
Our guest today is Christine Bejerasco, CISO at WithSecure and one of the signatories of the letter.
We asked her to set out the background to the Act, and why so many security professionals fear it could have unintended consequences.
Interview by Stephen Pritchard
-
As many as 96 per cent of vulnerabilities in open source software are because developers use an outdated, or unpatched version of the code.
And this matters, because open source is now the building block of almost all enterprise software, web applications, and even the code that runs consumer technology.
But open source can be secure. It just needs developers, and the organisation they work for, to think about security throughout the software lifecycle.
With guest Brian Fox, CTO and co-founder at Sonatype.
-
The cybersecurity industry faces an ongoing -- and some say worsening -- skills gap.
Both the private and public sectors need more skilled security professionals, as more operations go online. And there is only so much the education system, or training within the business, can do to solve the problem.
So do we need to rethink how cybersecurity operates? Perhaps it is time for the industry to undergo its own digital transformation, and look at automation to take the load off human professionals.
Our guest is Marie Wilcox, board director at the Chartered Institute of Information Security and also security evangelist at Panaseer.
-
Most boards -- and certainly all CISOs -- now understand that it is not if a cyber attack happens, but when.
None the less, organisations are not doing enough to ensure that they can continue to operate during a cyber attack, and recover from it.
And the latest UK Government Cyber Security Breaches survey goes further, suggesting that not only are organisations failing to invest in cyber security, but in some cases, are going backwards. They are paying less attention to the basic "cyber hygiene" measures that can help prevent breaches in the first place.
Our guest this week is Prof. Steven Furnell, professor of cyber security at Nottingham University,a senior member of the IEEE, and one of the researchers for the Cyber Security Breaches survey.
In this episode he discusses the pressures that could be prompting organisations to cut back on security, comparisons between cyber and "physical" crime, the need for awareness and resilience and what we need to do in a world where cyber attacks are now endemic.
Interview by Stephen Pritchard
-
Healthcare is coming under an increasing volume of cyber attacks, especially since the pandemic.
And attacks are spreading to smaller health care outfits, such as ambulance services, suppliers to the health care system, and the pharmaceutical industry.
Much of this is being driven by ransomware, but we are also seeing more complex attacks.
How can healthcare organisations protect themselves?
Our guest is Trevor Dearing, Director of Critical Infrastructure at Illumio, who reports that a growing percentage of his work now involves the health sector.
-
Is cyber war a risk that only governments can deal with? Or should enterprises be prepared to mount their own defences?
In this episode we speak to Prof Richard Benham, a UK Government adviser on cyber security, the first professor in cyber security management, Patron of The National Museum of Computing at Bletchley Park, and non-executive director at Emerge Digital.
He believes that, in some ways, a cyber war has already started. He speaks to editor Stephen Pritchard about the reasons why, and sets out what organisations can do to protect their digital assets and infrastructure.
-
The cloud is now a mainstream technology across both the public and private sectors. Its flexibility and scaleability are attractive to organisations of all sizes, and early concerns about security have been addressed.
Or have they?
There is growing evidence that data breaches and attacks, such as ransomware, are exploiting gaps in cloud security.
All too often, this is because security measures have not been deployed, or cloud resources are misconfigured.
And bad actors can exploit those gaps, possibly within just minutes.
Research by vendor Qualys, for their Totalcloud Security Research Insights report, found that in some cases, close to two thirds of cloud instances were misconfigured, and half of internet facing assets were not patched.
In his episode, Paul Baird, Qualys’ EMEA CTSO, discusses the findings – and explores what might be behind them – with editor Stephen Pritchard.
-
Without trust, we can’t have security. But the growth of the digital economy, and the wider online world, is changing our idea of trust.
A lot of the ways we identified and trusted the people, and organisations in the physical world are not easy to replicate online.
And, as well as removing the human traits that help us to establish trust – from eye contact or a handshake, to a tone of voice – it's becoming harder to identify if another person is who they say they are. In fact, it's now hard to be sure if they are a person at all.
Digital trust is one answer. And our guest this week is an expert in the field. Rolf von Roessing is one of the lead authors of ISACA's digital trust framework. And, as he explains to Stephen Pritchard, understanding digital trust will be ever more important to any organisation that operates in the digital world.
-
Biometric technology promises both security and convenience: there's a reason the leading smartphone makers have adopted face ID, or fingerprint scanners.
But improvements in computing power and AI, as well as more powerful sensors, have opened up entirely new fields, such as remote surveillance.
Are we comfortable with systems that can pick out a face from a crowd?
And how do we feel about artificial intelligence making decisions about those images, such as whether someone’s actions look suspicious?
Our guest is one of the leading experts on these issues. Tony Porter was formerly the UK Surveillance Camera Commissioner, and a former senior police officer. He’s now the chief privacy officer at Corsight – a developer of facial recognition software.
He argues that surveillance, biometrics and even AI will make us more secure – but only if we can secure the technology itself.
Interview by Stephen Pritchard
-
This week's episode is an insider's account of exactly what it takes to review, and build up, an business' cyber defences.
When John Stenton took over as head of IT at housing provider Thrive Homes, he admits technology was a "bit of a mess". And a lot needed to be done, both to review security and to reassure the board.
Thrive Homes is fairly typical of the type of mid-sized organisation that didn't see itself as being in the cyber front line. But, as Stenton explains, any organisation can be a target especially when they are handling seven-figure property transactions.
Here, he talks about his decision to bring in an outside consultancy, the work they did, and the impact this had on Thrive's security capabilities. And we are also joined by Kerry Jones from that partner, DigitalXRAID, where she is head of compliance and information security.
Interview by Stephen Pritchard
- Laat meer zien