securityinsights

Security Insights

A podcast that takes a deeper look at today’s most important issues in cyber security, and beyond.

Author

securityinsights

Category

Technology

Podcast website

securityinsights.co.uk

Latest episode

Jul 9, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Ransomware: can transparency bring security? 05.07.2024

It's hard to put an exact figure on ransomware attacks. All the available research shows incidents continue to grow year on year, and that the vast majority of cyber incidents are now ransomware or other extortion attacks. But could more transparency and information sharing help defend against ransomware? If more organisations disclosed attacks, we would have a clearer picture of the problem and b...

Cyber war: new lessons from history? 20.06.2024

The idea of cyber war is not new; researchers first suggested the concept 30 years ago. Since then, there's been a debate on what cyber war means and what can be done to prevent it. Some experts even suggest cyber war is already happening, even if it is mostly in the shadows. For Peter Kestner, the rise of cyber attacks and an increasingly volatile geopolitical situation were just two of the reaso...

A CISO's Journey: Mani Nagothu, SentinelOne 06.06.2024

The CISO’s role is changing; that is clear enough. Indeed, constant change and the need to adapt is always a feature of cybersecurity. And that’s why our guest this week lists curiosity as one of the key attributes for a cybersecurity career. Mani Nagothu is field CISO at SentinelOne. Before that she headed up IT security for an energy company. That followed a career as a consultant. But she didn’...

Cyber on demand: filling the skills gap? 23.05.2024

The cybersecurity skills gap is a problem that won't go away. Worldwide, there are close to 3.5 million vacancies in the industry. The problem seems to be worsening, not least because we are all doing more business online. And moves to recruit and retain more staff, as well as to widen the talent pool, take time. In the immediate term this leaves CISOs with gaps to fill. One option is outsourcing....

Chief Business Security Officers: a CISO's new ally? 09.05.2024

What is a chief business security officer, and what do they do? IT and data security are increasingly important. But so too are physical security and resilience. The chief business security officer, though, is a fairly new addition to the security team. Over the next three episodes of the Security Insights podcast, we’ll look at the changing role of the CISO, the role interim or outsourced securit...

Ransomware: should payments be banned? 25.04.2024

Ransomware now accounts for the vast majority of cyber attacks. But regulators and law makers are increasingly concerned about the money being paid out to ransomware groups -- often, it is used to fund further crime. Should paying ransoms be banned? Would a ban improve security, or make matters worse? And what steps can organisations take, to cut the risk of falling victim to a ransomware attack i...

Cloud security: an identity problem 04.04.2024

In this episode, we look at why a lack of robust identity controls are one of the biggest causes of cloud security failures. Cloud operators, at least the larger ones, now have robust security in place. But that security is there, first and foremost, to protect their business. The "shared responsibility model" means that users are responsible for their data and applications. The problem, as our gu...

The end of passwords? 21.03.2024

Are passwords now a security risk? And if they no longer work, what should replace them? In this episode, we speak to https://www.linkedin.com/in/johncapps/   at VIDA Digital Identify, and Ev Kontsevoy , CEO of infrastructure access firm Teleport . They argue that relying on "secrets" and data to prove identity no longer guarantees security. Alternatives, including zero trust, hold out a lot of pr...

Critical National Infrastructure: changing threats 07.03.2024

How are the threats to critical national infrastructure evolving, and how do we counter them? And are we seeing a shift from attacks based on data and ransomware, towards disruption. In this episode, we welcome back a previous guest, Trevor Dearing. Trevor is Director of Critical Infrastructure at Illumio. Trevor’s work is increasingly focused on resilience, and helping organisations to survive an...

DORA: one year to go 22.02.2024

The EU’s Digital Operational Resilience Act, or DORA, comes into force in January 2025. So there is not much time for affected organisations to prepare. DORA sets out to improve cybersecurity — or ICT risk management — across the EU’s financial services sector. The Act covers both regulated firms and what the EU terms “critical third parties” in their supply chains. In fact managing third party ri...

Cyber governance: a new UK code of practice? 08.02.2024

The UK Government's Department of Science, Innovation and Technology (DSIT) is consulting on a new code of practice for business leaders, which aims to "improve cyber resilience across the UK economy". But how will this operate, and will another code of practice -- alongside a host of existing laws and industry regulations -- help organisations be more secure? We discuss this with our guest Amanda...

Web apps and security weaknesses 25.01.2024

As many as a third of serious vulnerabilities could be in web applications. But securing web apps, APIs and web-based interfaces is a challenge. In this episode, we look at why vulnerabilities have seen a steady uptick over the last few years, how identifying and securing vital web applications is essential to enterprise security, and why a fixation on technical CVEs does little to boost defences....

Security in 2024: AI, skills, and a seat on the board 11.01.2024

What are the key security challenges for 2024? And how will CISOs address them? In our first episode for Series 5, Security Insights is joined again by Chris Dimitriadis, Chief Global Strategy Officer at ISACA. He explains why AI both poses risks, and offers benefits, why the cyber skills shortage is not going away, and how cybersecurity's voice needs to be heard by the board.   Interview by Steph...

Security Insights: 2023 year in review 28.12.2023

In our final episode of this season, and indeed for this year, we look at some of the key trends in cybersecurity during 2023. And we discuss some of the steps CISOs might need to take, to safeguard their organisations in 2024. Our special guest is the CEO of the Chartered Institute of Information Security (CIISec), Amanda Finch.

Cyber: crime’s digital economy 14.12.2023

Nothing seems able to stop the growth of cybercrime. And ransomware, above all, has woken up boards to the threat. But there is more to cybercrime than ransomware, and the drivers behind online crime are varied too. And the scale of the problem means that few, if any, organisations can tackle it alone. Our guest this week is security expert, chief scientist at Rapid 7 and Europol EC3 adviser Raj S...

Quantum computing: a security risk? 30.11.2023

Could quantum computing threaten our day to day security, and even the fabric of the internet? Researchers are increasingly concerned about the risks quantum technology poses to encryption. Organisations need to act now, if they are they are to secure their data and their operations, argue this week's guests. Ramy Shelbaya is CEO and co-founder of Quantum Dice. That’s a business spun out of Oxford...

The Cyber Resilience Act: a law with unintended consequences? 16.11.2023

The upcoming European Cyber Resilience Act sets out to boost security for anything with “digital elements”. The Act will apply to hardware and software. The idea is to make it easier to update devices, and to fix any vulnerabilities. Why, then, has a group of cyber security professionals written an open letter to the European Commission asking them to change a key part of the proposed rules? Exper...

Open source: a security risk? 02.11.2023

As many as 96 per cent of vulnerabilities in open source software are because developers use an outdated, or unpatched version of the code. And this matters, because open source is now the building block of almost all enterprise software, web applications, and even the code that runs consumer technology. But open source can be secure. It just needs developers, and the organisation they work for, t...

Automation and the cybersecurity skills gap 19.10.2023

The cybersecurity industry faces an ongoing -- and some say worsening -- skills gap. Both the private and public sectors need more skilled security professionals, as more operations go online. And there is only so much the education system, or training within the business, can do to solve the problem. So do we need to rethink how cybersecurity operates? Perhaps it is time for the industry to under...

Cyber resilience: are we prepared? 05.10.2023

Most boards -- and certainly all CISOs -- now understand that it is not if a cyber attack happens, but when. None the less, organisations are not doing enough to ensure that they can continue to operate during a cyber attack, and recover from it. And the latest UK Government Cyber Security Breaches survey goes further, suggesting that not only are organisations failing to invest in cyber security,...

Defending healthcare in cyberspace 21.09.2023

Healthcare is coming under an increasing volume of cyber attacks, especially since the pandemic. And attacks are spreading to smaller health care outfits, such as ambulance services, suppliers to the health care system, and the pharmaceutical industry. Much of this is being driven by ransomware, but we are also seeing more complex attacks. How can healthcare organisations protect themselves? Our g...

Cyber war: is it everyone’s business? 07.09.2023

Is cyber war a risk that only governments can deal with? Or should enterprises be prepared to mount their own defences? In this episode we speak to Prof Richard Benham, a UK Government adviser on cyber security, the first professor in cyber security management, Patron of The National Museum of Computing at Bletchley Park, and non-executive director at Emerge Digital . He believes that, in some way...

Cloud insecurity: leaving the keys in the door? 24.08.2023

The cloud is now a mainstream technology across both the public and private sectors. Its flexibility and scaleability are attractive to organisations of all sizes, and early concerns about security have been addressed. Or have they? There is growing evidence that data breaches and attacks, such as ransomware, are exploiting gaps in cloud security. All too often, this is because security measures h...

Deep fakes, AI and digital trust 11.08.2023

Without trust, we can’t have security. But the growth of the digital economy, and the wider online world, is changing our idea of trust. A lot of the ways we identified and trusted the people, and organisations in the physical world are not easy to replicate online. And, as well as removing the human traits that help us to establish trust – from eye contact or a handshake, to a tone of voice – it'...

Biometrics: Eyes in the sky? 27.07.2023

Biometric technology promises both security and convenience: there's a reason the leading smartphone makers have adopted face ID, or fingerprint scanners. But improvements in computing power and AI, as well as more powerful sensors, have opened up entirely new fields, such as remote surveillance. Are we comfortable with systems that can pick out a face from a crowd? And how do we feel about artifi...

Listen to the Security Insights podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.