Security Insights securityinsights

In this episode, we look at why a lack of robust identity controls are one of the biggest causes of cloud security failures.
Cloud operators, at least the larger ones, now have robust security in place. But that security is there, first and foremost, to protect their business. The "shared responsibility model" means that users are responsible for their data and applications.
The problem, as our guest this week identifies, is that senior managers fail to understand that point, and expect the cloud to fix everything.
It won't, and as Jennifer Cox, member of the global engineering team at Tenable, and director for Ireland of Women in Cybersecurity, warns "it always makes me a bit nervous when people think that something is foolproof".

Are passwords now a security risk? And if they no longer work, what should replace them?
In this episode, we speak to https://www.linkedin.com/in/johncapps/ at VIDA Digital Identify, and Ev Kontsevoy, CEO of infrastructure access firm Teleport.
They argue that relying on "secrets" and data to prove identity no longer guarantees security. Alternatives, including zero trust, hold out a lot of promise. But moving to zero trust needs the whole organisation behind it -- it's as much about culture as technology.

How are the threats to critical national infrastructure evolving, and how do we counter them?
And are we seeing a shift from attacks based on data and ransomware, towards disruption.
In this episode, we welcome back a previous guest, Trevor Dearing.
Trevor is Director of Critical Infrastructure at Illumio.
Trevor’s work is increasingly focused on resilience, and helping organisations to survive and recover from attacks.
We discuss how organisations in the CNI space need to improve their ability to react to, and survive, a cyber attack.
After all, a failure to do so could cause widespread economic and social disruption.
 

The EU’s Digital Operational Resilience Act, or DORA, comes into force in January 2025. So there is not much time for affected organisations to prepare.
DORA sets out to improve cybersecurity — or ICT risk management — across the EU’s financial services sector.
The Act covers both regulated firms and what the EU terms “critical third parties” in their supply chains. In fact managing third party risk is a big part of DORA, along with measures such as improved resilience testing, incident management plans, and strict reporting requirements.
Our guest is DORA expert and director of consulting firm SECFORCE Rodrigo Marcos.

The UK Government's Department of Science, Innovation and Technology (DSIT) is consulting on a new code of practice for business leaders, which aims to "improve cyber resilience across the UK economy".
But how will this operate, and will another code of practice -- alongside a host of existing laws and industry regulations -- help organisations be more secure?
We discuss this with our guest Amanda Finch, CEO of the Chartered Institute of Information Security.
Listeners can find out more about the proposed Code of Practice and the consultation on the UK Government's cyber security site.

As many as a third of serious vulnerabilities could be in web applications. But securing web apps, APIs and web-based interfaces is a challenge.
In this episode, we look at why vulnerabilities have seen a steady uptick over the last few years, how identifying and securing vital web applications is essential to enterprise security, and why a fixation on technical CVEs does little to boost defences.
Plus, why both security pros and reporters like a pie analogy.
Our guest is Alex Kreilein, vice president for product security at Qualys. Interview by Stephen Pritchard.
Listeners can also view the Qualys research on the firm's blog.