securityinsights

Security Insights

A podcast that takes a deeper look at today’s most important issues in cyber security, and beyond.

Author

securityinsights

Category

Technology

Podcast website

securityinsights.co.uk

Latest episode

Jul 9, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Building security capability at Thrive Homes 06.07.2023

This week's episode is an insider's account of exactly what it takes to review, and build up, an business' cyber defences. When John Stenton took over as head of IT at housing provider Thrive Homes, he admits technology was a "bit of a mess". And a lot needed to be done, both to review security and to reassure the board. Thrive Homes is fairly typical of the type of mid-sized organisation that did...

People and cyber resilience: the human factor 22.06.2023

Cybersecurity is about technology, processes and above all, people. And with CISOs' growing emphasis on resilience in the face of cyber attacks, perhaps it is time to look at the human factors involved in combatting and recovering from an incident. How can we help our teams make the right decisions, and cope under pressure? In this episode, we look at an investigation into workforce resilience, ca...

CRA and DORA: New laws, new defences? 08.06.2023

The next few years will see the European Union introduce new laws governing cybersecurity. These include the Cyber Resilience Act, and DORA. DORA -- or the Digital Operational Resilience Act -- looks to improve overall ICT resilience in the financial services sector. But as our guests this week point out, its impact is likely to be felt by other sectors too. The Cyber Resilience Act is more broadl...

CRESTCon 2023: CREST President, Rowland Johnson 31.05.2023

In our second podcast from CRESTCon Europe 2023, we catch up with Rowland Johnson, CREST President. CREST is a non profit organisation focused on building standards in cyber. This includes accreditation of companies and certification of individual cybersecurity professionals. The cybersecurity sector faces a number of challenges: professionalisation, improving diversity, dealing with a stubborn sk...

Nation state cyber attacks: part 2: evolving threats, adapting defence 25.05.2023

In this second part of our analysis of nation state cyber attacks, we look at how threats are evolving, and how increasingly private businesses are their targets. According to research by analysts Forrester, nation state attacks are becoming both more frequent, and more severe. And attackers have widened both their objectives, and their methods. But can organisations, especially in the private sec...

CRESTCon 2023: Security and integrity with Jon Geater, RKVST and IETF 24.05.2023

Over the last few years, security professionals have become increasingly concerned about where software, and software components, come from. A growing number of significant security breaches have been caused by vulnerabilities in the software supply chain. But should we now start to look beyond just software, and look at data too? Jon Geater thinks we should. The keynote speaker at this year’s CRE...

CNI, healthcare and cyber threats 11.05.2023

Any system that is connected to the public internet is at risk of cyber attack. And any system that connects to a network or other system connected to the internet, is also at risk. This poses dilemmas for operators of critical infrastructure.  Devices and applications developed to run on standalone infrastructure, often with specialist operating systems, are not designed to work safely online. Ho...

Insight Interview: Chris Dimitriadis, ISACA 27.04.2023

ISACA today is one of the principal organisations providing accreditation and skills training for infosecurity professionals. But that's not all it does. The organisation is involved in standards as well as developing developing tools for secure and software development and driving areas such as digital trust. That puts ISACA in a very good position to take the pulse of the cybersecurity industry....

Nation state cyber attacks: an unstoppable force? 13.04.2023

Nation state attacks are now an unavoidable part of the cybersecurity landscape. And increasingly, these attacks are either targeting commercial organisations, to gather intelligence, steal intellectual property or simply for political or diplomatic leverage. Even if there is no specific hostile intent, businesses and public sector bodies risk being caught in the spill over from attacks aimed else...

Cyber skills: are we our own worst enemy? 30.03.2023

The cybersecurity industry has long complained of a skills shortage. But is the industry itself at least partially to blame? From recruitment processes to training, development and retention, and a lack of diversity, there is certainly work to be done. And with no let up in cyber threats, and a growing demand for skilled staff, this needs to be tackled with urgency. Our guests this week are settin...

Data privacy, AI and the board 16.03.2023

Is data privacy still something businesses need to worry about? With financial pressures, rising inflation, the continuing aftermath of the pandemic and the ongoing challenge of recruiting skilled people – especially for technical roles – it would be understandable, if privacy had slipped down the agenda. Our guest this week, though, argues that it is wrong to overlook privacy concerns and data pr...

GPT-3, Generative AI, and cyberthreats 28.02.2023

Over the last few months, AI has attracted even more attention than usual. Much of this is driven by OpenAI's ChatGPT tool, which allows anyone to create convincing, "human sounding" text from just a web browser. But GPT-3 and generative AI can be misused, and could make it easier to carry out cybercrime or create fake news. Although ChatGPT has safeguards built in, the tools to create natural lan...

Security, diversity and resilience 17.02.2023

IT security and business resilience are often viewed as separate disciplines. But both are now squarely board-level issues. The challenge for IT directors and cybersecurity leaders, though, is that teams, technologies and practices exist in their own silos. This makes it harder for a business to defend itself, and harder for it to recover if defences are breached. Our guest this week is Elizabeth...

Benchmarking, checkboxes and cyber hygiene 02.02.2023

It’s often said that the cybersecurity and data privacy worlds rely too much on checkbox compliance exercises – and fail to get to grips with the real issues that put data and systems at risk. But how true is that? Organisations face both increasing threats and increasing regulatory burdens. And often, CISOs and other business leaders lack a true picture of good practice. This has prompted securit...

Critical infrastructure, cyber threats, and lessons from Ukraine 18.01.2023

In this episode we look at the continuing threats to critical national infrastructure, or CNI. National infrastructure is under attack from both nation state actors, and from ransomware gangs and other crime groups. And, as the war in Ukraine has shown, energy and power generation is especially vulnerable. Are we set to see more politically motivated cyber attacks, and are we likely to see more us...

Cybersecurity in 2023 04.01.2023

In this extended episode, we review the key cybersecurity events of 2022, and analyse likely developments, and priorities, for 2023. We look at Log4J, ransomware and "wiper" malware; the geopolitical situation and how the war in Ukraine is impacting cyber security, and the ongoing challenge of the industry's skills shortage. And we review CISOs' priorities for the coming year, changes in both the...

Ukraine, geopolitics and cyber risk 22.12.2022

Russia's invasion of Ukraine has brought war to the European continent once again. And the conflict has, inevitably, brought an increase in cyber attacks against both Ukraine and its supporters. That those attacks have not done more damage, or achieved a higher profile, is largely down to the defensive capabilities both of Ukraine and NATO. But increasingly Russia is trying to combine cyber with p...

Fake apps and novel phishing attacks 07.12.2022

According to cybersecurity researchers, attackers are turning to new and dangerous methods to carry out phishing attacks. As security teams have improved their defences, especially around email, so the attackers have adapted too. They are using fake web apps, blog posts and even exploiting the way search engines operate, to spread malware. In this episode we speak to Ray Canzanese, the director of...

5G: Revolution or security risk? 23.11.2022

Over the last few years 5G networks have expanded quickly, offering faster speeds and greater capacity than previous wireless networks. And although take up has been fastest among consumers, businesses and the public sector are looking to 5G as well, as it offers a boost in both performance and flexibility. Applications include the internet of things, logistics and transportation, as well as telem...

Neurodiversity, neurodivergence, and cyber 02.11.2022

With the skills crisis in cyber now well established, organisations are having to look beyond the conventional methods to fill vacancies. Expanding the pool of potential talent is a key to this. Until recently, though, little attention was paid to neurodiversity, and the idea that neurodivergent candidates -- including people with ADHD and autism -- can be highly effective cyber specialists.  But...

Cyber’s $150bn black hole: operationalising cybersecurity 19.10.2022

Cybersecurity spending seems to be on a never-ending upward curve. But this spending, spending, which analysts put at US$150bn annually, doesn't seem to reduce the number of cyber threats. Could it be that we need a new approach to security? Our guest this week is Jason Hart, CTO, EMEA at  Rapid7 . He argues that the problem is that we are spending money, but are not making security part of the cu...

DDoS’ shifting focus: war, religion and politics 05.10.2022

Over the last six to twelve months security researchers have seen a shift in the pattern of cyber attacks, as the impact of the pandemic has largely been replaced by a focus on the Russian invasion of Ukraine. Security firm NETSCOUT runs one of the largest monitoring projects for DDoS attacks. They have, for example, seen falls globally in DDoS activity, but an increase in the EMEA region. Deterri...

Why do we love weak passwords? 21.09.2022

Passwords are still a cornerstone of web security, especially for consumer-facing sites. But convincing consumers, and firms, to use stronger passwords remains a struggle Steven Furnell is a senior member of the IEEE, and professor of cybersecurity at the University of Nottingham. For the last 15 years, he has been tracking the password policies of leading web and ecommerce sites.  Do they, for ex...

Risk or reward: can we control cyber risks? 07.09.2022

How can we control cyber risks? And how do cyber risks stack up, against the other challenges facing business? Cyber threats have risen steadily over the last few years, and the move to digital business has created its own security challenges. But at the same time, conventional risks have not gone away. Only recently we've seen wildfires and floods. And we are still feeling the after effects of th...

Closing the skills gap – part 4: Michael Smith, Neustar 24.08.2022

Is there a "hiring gap" in cybersecurity? Over the last few episodes on Security Insights, we’ve looked more deeply at the skills skills shortage. But is the problem as much down to matching candidates to roles, as it is finding the right people? And are organisations failing to do enough to develop the staff they do recruit, and so ensuring they stay? In week's episode, our guest Michael Smith, f...

Listen to the Security Insights podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.