The Security Strategist

EM360Tech
  • 5.0 (1)
  • TECHNOLOGY
  • UPDATED DAILY

With cyber attacks more common than ever before and each attack becoming increasingly sophisticated, security teams need to be one step ahead of cybercrime at all times. “The Security Strategist” podcast delves into the depths of the cybercriminal underworld, revealing practical strategies to keep you one step ahead. We dissect the latest trends and threats in cybersecurity, providing insights and expect-backed solutions to protect your organisation effectively. Tune into this cybersecurity podcast as we dissect major threats, explore emerging trends, and share proven prevention strategies to fortify your defences.

  1. Speed vs. Privacy: Navigating Digital Threats in Modern Counter Terrorism

    1D AGO

    Speed vs. Privacy: Navigating Digital Threats in Modern Counter Terrorism

    There is a moment in every investigation where time becomes the deciding factor. Not capability, not intent, but time. In modern counter-terrorism, that moment arrives faster than ever because the evidence is no longer waiting to be found. It already exists, scattered across devices, platforms, and networks, growing silently in volume. The question is no longer whether the data is there. It’s whether it can be understood quickly enough to matter. In this episode of Security Strategist, EM360Tech host Trisha Pillay and Chris Johnson, CEO of Cyacomb, explore how digital evidence is reshaping counter-terrorism and why the real challenge isn’t access to information, but the ability to act on it without crossing the line into overreach. Why Digital Evidence Is Reshaping Counter-TerrorismDigital evidence has become central to modern counter-terrorism investigations. From mobile devices and encrypted messaging platforms to online communities, nearly every case now involves large-scale digital analysis. The challenge is not access, it’s volume and complexity. A single device can hold vast amounts of data, and across thousands of investigations, this creates significant backlogs. Investigators must sift through irrelevant, fragmented, and often encrypted information to identify credible threats. At the same time, the threat landscape is changing drastically. Terrorist networks are more decentralised, digitally enabled, and adaptive in how they communicate. This forces law enforcement to rethink how investigations are conducted basically shifting toward digital forensics, data analysis, and real-time intelligence gathering. As Johnson highlights, the ability to deal with data quickly is not new, but the scale of the problem has changed dramatically. Managing Data, Risk and Operational PressureSpeed sits at the centre of modern counter-terrorism operations, where even minor delays in analysing digital evidence can result in missed warning signs or postponed intervention. The increasing speed is far from straightforward. Investigators must contend with vast volumes of data spread across multiple devices, alongside a growing diversity of formats and platforms that complicate analysis.  Layered on top of this are manual processes that slow case progression and persistent operational backlogs that delay access to critical insights. The result is a bottleneck in which time-sensitive intelligence risks being lost in a sea of noise. In response, organisations are turning to advanced digital forensics tools and automation to streamline workflows, prioritise relevant data, and reduce the burden of manual investigation. However, efficiency alone does not solve the problem. Accelerating processes without robust controls introduces new risks, particularly when handling sensitive personal data, where speed must be carefully balanced with accuracy, oversight, and compliance. Privacy and Security with AI in Digital InvestigationsArtificial intelligence is becoming an increasingly significant tool in digital forensics and counter-terrorism investigations, largely due to its ability to process data at scale, identify patterns, and rapidly surface relevant insights. This capability enables faster identification of high-risk material, more informed decision-making during investigations, and a reduced dependence on manual data review, which has traditionally been time-consuming and resource-intensive.  However, the integration of AI into law enforcement also introduces important ethical and legal challenges that cannot be overlooked. Counter-terrorism operations must remain firmly within established frameworks that safeguard privacy and civil liberties, as failing to do so risks undermining public trust in both the technology and the institutions that deploy it. In response, privacy-assured AI and specialist investigative tools are emerging, designed to minimise exposure to irrelevant personal data, concentrate only on content linked to potential threats, and support transparent, compliant investigative processes. As Johnson notes, while AI has a clear and valuable role in modern law enforcement, its effectiveness ultimately depends on the responsibility and governance with which it is implemented. The Future of Counter-TerrorismThe next phase of counter-terrorism will be defined by the ability to turn data into actionable intelligence quickly and responsibly. This means: Reducing investigative backlogs;Integrating AI into core workflows;Improving collaboration across systems and teams;Embedding privacy into the design of investigative technologies. Digital evidence will only continue to grow. The organisations that succeed will be those that can navigate the intersection of speed, scale, and privacy without compromising any one of them. In modern counter-terrorism, advantage is no longer just about access to information; it’s about how effectively you can act on it. TakeawaysDigital evidence and data volumes in investigationsEvolving threat landscape and global tensionsPrivacy, civil liberties, and ethical considerationsOperational efficiency and technological innovationsFuture trends in law enforcement technology Chapters00:00 The Evolving Role of Digital Evidence in Counter-Terrorism 07:10 Challenges in Analysing Digital Evidence 13:02 Balancing Privacy and Security in Investigations 20:09 Future of Counter-Terrorism and Technology

    23 min
  2. Democratising Cybercrime: How AI is Changing Enterprise Security

    2D AGO

    Democratising Cybercrime: How AI is Changing Enterprise Security

    AI isn’t introducing entirely new cyber threats, but it is changing how easily they can be executed, and by whom. In this episode of Security Strategist, EM360Tech host Trisha Pillay speaks with Darren Anstee, Chief Technology Officer for Security at NETSCOUT, about how conversational AI is lowering the barrier to entry for cyberattacks.  Drawing on real-world telemetry from thousands of enterprises and service providers, Anstee outlines how the threat landscape is shifting not through new attack types, but through scale, speed, and accessibility. At the centre of that shift are two forces, in his words, simplification and automation. How AI is Changing Cyber AttacksFrom a Distributed Denial-of-Service (DDoS) perspective, Anstee says, “AI isn’t creating fundamentally new attack vectors. Instead, it’s making existing ones easier to execute”. Historically, launching a sophisticated attack required time, expertise, and intent. Attackers would need to scan a target, identify vulnerabilities, select the right attack vectors, and continuously adapt based on how defences responded. That process demanded both technical knowledge and active decision-making. Now, much of that can be abstracted away. As a result, conversational interfaces are increasingly being integrated into attack tools, allowing users to issue simple, natural language instructions. Behind the scenes, those tools can run reconnaissance, analyse results, select attack methods, and even adapt in real time if defences respond. As Anstee puts it, “the whole need for there being any knowledge in the seat has gone away.” The result is not necessarily more advanced attackers, but more attackers capable of attempting advanced techniques. The Democratisation of Cyber AttacksThis shift has direct implications for enterprise risk. As sophisticated capabilities become more accessible, the volume and distribution of attacks change. Organisations that were previously unlikely targets are now within scope, not because they are high-value, but because they are reachable. Anstee points to a growing trend, and that is attackers moving beyond heavily defended primary targets and focusing on secondary organisations within the digital supply chain. Suppliers, service providers, and partners often present a weaker entry point, while still offering indirect access to larger ecosystems. In practical terms, this expands the attack surface. It also exposes a gap in how many organisations think about risk. Dependencies are not always fully mapped, and the resilience of third-party services is often assumed rather than verified. When those dependencies fail, be it through DDoS disruption or another incident, the impact can cascade quickly. What’s changing is not just who gets targeted, but how risk propagates across interconnected systems. This shift is being accelerated by automation. Automation and Efficiency in CybercrimeAutomation is what turns accessibility into scale. The steps involved in launching an attack, reconnaissance, analysis, execution, and adaptation, can be structured as decision trees. AI systems can follow those paths quickly and consistently, removing the need for manual intervention at each stage. This has two consequences. First, it increases the frequency of attacks. More actors can launch them, and they can do so with less effort. Second, it compresses response time. Attacks can adapt dynamically, forcing defenders to react faster and with greater precision. For many organisations, this exposes a mismatch between perceived and actual readiness. As Anstee notes, having defensive tools in place is not the same as knowing how they perform under real conditions. Firewalls and baseline protections may handle simple attacks, but they are often insufficient against multi-vector, adaptive threats. This is where his emphasis on certainty becomes critical. Confidence—based on vendor claims or assumed coverage is not enough. Organisations need real visibility into how their defences behave in practice, across environments, and under pressure. Without that, decision-making is based on assumptions rather than evidence. In a landscape shaped by automation, that gap becomes harder to sustain. For more information, visit netscout.com TakeawaysAI is simplifying and automating cyber attacks, making them accessible to a broader range of attackersEnterprises must reassess their risk management strategies The cost of cybersecurity is likely to rise as organisations enhance their defencesAI's impact on cyber attack sophisticationDemocratisation of attack capabilitiesAutomation in attack executionSupply chain vulnerabilities and third-party risksCertainty vs. confidence in cybersecurity decision-making  Chapters00:00 Introduction to Cybersecurity and AI 02:28 The Evolving Threat Landscape 06:36 Automation and Cost Implications of AI in Cybercrime 11:20 AI's Role in Existing and New Attack Vectors 13:36 Understanding Supply Chain Risks 17:25 The Importance of Certainty Over Confidence 20:33 Strategic Actions for C-Suite Leaders

    22 min
  3. Cyber Resilience in Microsoft 365: What Security Leaders Must Know

    3D AGO

    Cyber Resilience in Microsoft 365: What Security Leaders Must Know

    Many organisations assume that moving to the cloud means much of their security posture is handled automatically. But that assumption can create blind spots. In the latest episode of the Security Strategist Podcast, Trisha Pillay from EM360Tech speaks with Rob Edmondson, Senior Director of Product Marketing at CoreView, about cyber resilience in Microsoft 365 environments and what tenant hardening means in practice. As organisations rely more heavily on Microsoft 365 for collaboration, identity management, and device control, understanding how the environment is configured becomes increasingly important for security teams. Microsoft 365 Has Grown Beyond Its Original ScopeWhen Microsoft first introduced Microsoft 365 as Office 365, it primarily focused on email and productivity tools. Security strategies often revolved around protecting inboxes and ensuring that business data was backed up. According to Edmondson, that model no longer reflects how the platform is used today. Microsoft 365 now includes a wide range of services that support identity management, device management, compliance, and collaboration. Many of these services sit at the centre of daily business operations. This shift means that security risks are no longer limited to email or file storage. Identity platforms, collaboration tools, and endpoint management capabilities all operate within the same tenant. If critical settings are misconfigured, the impact can extend across multiple systems at once. For security leaders, the challenge is recognising that the platform has evolved into something far more complex than many organisations initially planned for. Why Visibility Into Configurations Is Still LimitedOne of the main themes in the discussion is visibility. Edmondson explains that many organisations simply do not have a clear view of how configurations change within their Microsoft 365 tenants. Attackers often exploit these blind spots. If they gain access to an environment, they may modify configurations that allow them to regain access later. Because some of these changes are subtle, they may go unnoticed for long periods. However, not all configuration drift comes from attackers. Administrative errors or platform updates can also change settings in ways that affect security or operations. This is why documentation still plays a role. Edmondson suggests that even basic records of key configurations can help organisations understand their environment and recover faster during incidents. While documenting every setting in a large tenant may not always be practical, identifying and tracking the most critical configurations can provide a starting point for stronger oversight. Reducing Privilege and Strengthening Tenant ResilienceAnother concern discussed in the episode is the issue of excessive privileges. Many administrator roles in Microsoft 365 grant access across an entire tenant, which can increase risk if those accounts are compromised. Edmondson argues that reducing standing privileges should be a priority. Instead of granting broad permissions by default, organisations should consider limiting administrative access to only what is necessary. Tenant hardening plays an important role here. By tightening configuration controls and carefully managing privileges, organisations can reduce the likelihood that a single compromised account leads to a wider security incident. The goal is not simply to add more security controls, but to build a clearer understanding of how the tenant operates and how it could be restored if something goes wrong. The full conversation on the Security Strategist Podcast explores these challenges in greater depth, including configuration visibility, tenant recovery scenarios, and the practical steps security teams can take to improve resilience in Microsoft 365 environments. If you would like to find out more, visit coreview.com Chapters00:00 Introduction to Cyber Resilience in Microsoft 365 01:01 Guest Introduction: Rob Edmison and His Role at CoreView 02:17 Why Confidence in Microsoft 365 Security Falls Short 04:24 The Expanding Scope of Microsoft 365 Services 05:27 Visibility Challenges in Microsoft 365 Security 07:20 Bridging the Gap: Improving Visibility and Configuration Management 11:05 Risks of Configuration Drift and Tenant Hardening 16:23 Importance of Configuration Backup in Cyber Resilience 21:28 Overprivileged Accounts and Tenant Security Risks 26:04 Balancing Security and Innovation with AI and Automation 28:37 Tips for Decision Makers TakeawaysMicrosoft 365 now covers identity, device, compliance, and collaboration tools.Security risks extend far beyond just email and file storage.Limited visibility into configuration changes creates blind spots.Excessive administrative privileges increase the potential impact of a compromise.Strengthening configurations and planning for recovery helps organisations respond more quickly.

    30 min
  4. Why Do Most Cyber Breaches Stem from System Failures, Not Human Error?

    MAR 24

    Why Do Most Cyber Breaches Stem from System Failures, Not Human Error?

    Podcast: The Security Strategist Host: Richard Stiennon, Chief Research Analyst at IT-Harvest Guest: Michael Kennedy, Ostra Security Founder For leaders in enterprise technology, the pressure to show measurable cybersecurity outcomes has never been greater. Boards are asking tougher questions, attackers are moving faster, and conventional security awareness metrics aren’t telling the whole story. In the recent episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, is joined by Ostra Security Founder Michael Kennedy, who pointed out a growing gap in how enterprises measure success. Despite years of investment in phishing training and user awareness, breaches keep happening—not because employees are failing on a large scale, but because enterprise systems aren’t designed to handle inevitable mistakes. For CIOs, CISOs, and CTOs, this signals a major transition toward outcome-based security. Why Traditional Security Awareness Metrics Fall ShortPhishing simulations, reduced click rates, and increased reporting are often seen as proof of a strong cybersecurity strategy. The metrics are easy to track, too. However, as Kennedy notes, they provide limited insight into actual risk reduction. Even the most effective awareness programs leave some room for error. In reality, attackers only need one successful attempt to gain access. “If one gets through, that’s enough,” Kennedy suggests, highlighting a truth most security leaders understand but find difficult to measure. What these metrics don’t capture is the downstream impact of that failure. Two identical phishing attacks can lead to vastly different results depending on the enterprise security setup. In one situation, the threat is neutralised quickly. In another, it escalates into lateral movement, credential theft, or ransomware deployment. For enterprise settings, this gap reveals a basic problem – user-focused metrics assess behaviour. What Outcome-Based Cybersecurity Looks Like?The more effective approach, Kennedy argues, is to frame cybersecurity around engineering outcomes instead of user behaviour. This means evaluating how well systems perform during attacks—not how well users avoid making mistakes. The key markers of a strong enterprise cybersecurity strategy include how quickly threats are detected, how effectively security teams respond, and how well incidents are contained before they spread. These operational metrics give a clearer view of real-world readiness. This shift lines up with the growing adoption of zero trust architectures, extended detection and response (XDR), and AI-driven security operations. All these frameworks focus on containment, visibility, and fast responses rather than the unrealistic goal of perfect user behaviour. It also changes how breaches are examined. High-profile incidents are often simplified to stories about weak passwords or phishing clicks, while the more vital question—why controls failed to limit the impact—gets overlooked. For enterprise buyers and decision-makers, this can lead to misaligned investments, over-prioritising awareness training while underfunding detection engineering, identity controls, and network segmentation. Why is it Necessary to Create a No-Blame Culture?While the focus shifts away from blaming users, Kennedy emphasises that people still play a vital role in enterprise cybersecurity—just not in the way many enterprises think. In enterprise environments where employees fear blame, reporting delays are common. Suspicious emails go unreported, incidents remain unnoticed longer, and response times increase. In contrast, organisations that create a no-blame security culture see users acting as an extension of their detection capabilities. Employees who feel safe reporting anomalies can identify threats earlier, often before automated systems escalate them. This cultural change has measurable operational benefits. Faster reporting reduces dwell time, limits damage, and improves overall incident response effectiveness. Some enterprises are formalising this approach through internal collaboration platforms, enabling real-time threat sharing across teams. In doing so, they turn their workforce into a distributed security layer—one that complements, rather than replaces, technical controls. The enterprises that succeed in this next phase of cybersecurity maturity will be those that move beyond the “human error” narrative and embrace a truly outcome-based approach to security engineering. Because in modern enterprise environments, the question is no longer who clicked—it’s how well the system absorbed the impact. Key TakeawaysCybersecurity failures are system design issues—not user mistakes.Click-rate metrics are misleadingReal success is measured by containment speed and impact reduction.Strong security culture encourages users to report threats without fear of blame.Engineering outcomes (like detection speed and blast radius control) matter more than user behaviour metrics.AI is reshaping both attacks and defence, making faster, smarter response capabilities essential. Chapters00:00 Introduction to Cybersecurity's Human Element03:15 Reevaluating User Responsibility in Cybersecurity06:44 Creating a Culture of Reporting09:25 Measuring Security Outcomes Beyond Click Rates12:05 The Role of AI in Cybersecurity15:06 Adapting to Evolving Threats17:44 Key Takeaways for Decision Makers For more information, please visit em360tech.com and ostrasecurity.com. Follow: EM360Tech YouTube: @enterprisemanagement360 EM360Tech LinkedIn: @EM360Tech EM360Tech X: @EM360Tech Ostra LinkedIn: Ostra Security Ostra X: @ostra_security Ostra YouTube: @OstraCybersecurity #Cybersecurity #CISO #EnterpriseSecurity #OutcomeBasedSecurity #SecurityMetrics #Phishing #ZeroTrust #AIinSecurity #NoBlameCulture #SecurityStrategist #OstraSecurity

    20 min
  5. Are Security Teams Wasting Resources on 99% of Vulnerabilities That Don’t Matter?

    MAR 20

    Are Security Teams Wasting Resources on 99% of Vulnerabilities That Don’t Matter?

    Podcast: The Security Strategist Host: Richard Stiennon, Chief Research Analyst at IT-Harvest Guest: Nathan Rollings, CISO at Zafran The cybersecurity enterprise space has been transforming for years, going beyond traditional vulnerability management. According to Nathan Rollings, CISO at Zafran, the next shift is already underway in the B2B Enterprise technology space. It is being driven by automation, AI, and a deeper understanding of context within enterprise environments. Rollings sat down with host Richard Stiennon, also the Chief Research Analyst at IT-Harvest on The Security Strategist podcast to talk about the need for security teams to move beyond dashboards and risk scores to something more operational–agentic exposure management. “Attackers are already using automation and AI,” Stiennon says to Rollings during the podcast. “Meanwhile, most defenders are still focused on risk scores, dashboards, and ticket backlogs.” Rollings believes the real opportunity lies in allowing intelligent systems to analyse exposure continuously and act on it. The Discourse to Agentic ExposureExposure management often appears as a new discipline, but Rollings believes its roots are much older. “If you were to look at a vulnerability management maturity model five or 10 years ago, the characteristics of the most mature programs aligned with what we consider continuous threat exposure management today,” he said. Traditional vulnerability management focused heavily on scanning and prioritising flaws. Continuous threat exposure management (CTEM) builds on that by adding context such as internet reachability, compensating controls, and real-time telemetry from security tools. Agentic exposure management goes a step further, where autonomous systems help drive the processes themselves. “When we look back at the early days of vulnerability management, we did much of this manually,” Rollings said. “Then we moved toward automated processes. Now, we are moving toward autonomous.” Instead of security teams manually distributing vulnerability reports or setting rigid rules for ownership and remediation, AI agents can interpret available telemetry and handle those workflows dynamically. Over time, those same systems may even take remediation actions on their own. The challenge is trust, according to Zafran’s CISO. “Enterprises must trust that the actions taken by these systems are safe and effective within their environments.” Anthropic’s AI announcement sends industry ripplesThe podcast also covered a recent announcement from Anthropic regarding AI-driven code security. This move quickly sparked debate about how generative AI might reshape vulnerability management. Stiennon suggested the technology could disrupt parts of the market focused on application security. However, Rollings believes its impact on exposure management will be more limited. “Code analysis is incredibly powerful,” he said. “But it’s very much a shift-left capability." Exposure management operates on the opposite side of the lifecycle. It focuses on production environments, where context decides whether a vulnerability is actually exploitable. “A good exposure management platform considers your defence-in-depth strategy,” Rollings explained. “That means tens of integrations across an organisation to understand the residual risk of specific exposures.” Runtime behaviour, network paths to the internet, endpoint protection policies, and segmentation controls all influence whether a vulnerability is a real risk. Analysing source code alone cannot provide that operational picture. Why context matters more than another risk scoreFor many security teams, vulnerability prioritisation still relies heavily on numerical risk scoring. Rollings argues that this approach often misses the bigger picture. “You’re spending so much money on these security tools,” he said. “The real question is, what is the return? What is the business value?” Understanding the effectiveness of existing controls, such as intrusion prevention systems, endpoint detection, or micro-segmentation, can dramatically change how vulnerabilities are prioritised. Research cited by Rollings suggests that only around one in 50k vulnerabilities is truly exploitable in a given environment once contextual factors are taken into account. “That means organisations spend enormous effort remediating vulnerabilities that may never actually be reachable,” he added. Agentic systems that correlate telemetry across security tools could narrow that focus significantly. This would allow teams to prioritise the small subset of exposures that really matter. “Security teams were so focused on detection, assessment, and ticketing that they didn’t have time to dig deeper,” Rollings tells Stiennon. “Agentic capabilities free them to concentrate on the things that truly make a difference.” Key TakeawaysExposure management prioritises vulnerabilities using real-world context, not just CVSS scores.Agentic AI can analyse exposures and automate remediation workflows.Security context—controls, network paths, and runtime data—determines real exploitability.Only about 1 in 50,000 vulnerabilities are truly exploitable in most environments.AI-secured code won’t remove runtime risk in live infrastructure. Chapters00:00 Introduction to Cybersecurity Challenges03:19 The Evolution of Exposure Management07:31 Impact of AI on Vulnerability Management11:34 Contextual Understanding in Exposure Management15:37 Efficiency and Cost-Effectiveness in Security Teams18:08 Key Takeaways for Security Practitioners For more information, please visit em360tech.com and www.zafran.io. Follow: EM360Tech YouTube: @enterprisemanagement360 EM360Tech LinkedIn: @EM360Tech EM360Tech X: @EM360Tech Zafran LinkedIn: Zafran Security Zafran X: @Zafran_io #AgenticAI #ExposureManagement #VulnerabilityManagement #CTEM #Cybersecurity #CISO #SecurityStrategist #RichardStiennon #NathanRollings #Zafran

    18 min
  6. Are You Testing Cyber Recovery or Just Hoping Your Backups Work

    MAR 16

    Are You Testing Cyber Recovery or Just Hoping Your Backups Work

    Podcast series: The Security Strategist Guest: Sam Woodcock, Senior Director of Solutions Architecture at 11:11 Systems Host: Shubhangi Dua, Podcast Producer and B2B Tech Journalist at EM360Tech In the recent episode of The Security Strategist podcast, host Shubhangi Dua, Podcast Producer and B2B Tech Journalist at EM360Tech, spoke with Sam Woodcock, Senior Director of Solutions Architecture at 11:11 Systems. They discussed what he sees as one of the biggest issues in cybersecurity today: the gap between confidence and ability. Their conversation, based on findings from the company’s latest global survey, revealed a troubling fact. While 81 per cent of IT leaders believe they are ready to recover from a cyberattack, many have already faced serious incidents, sometimes more than once a year. Woodcock pointed out that this confidence can be misleading. “If you think about your cyber recovery planning, it often looks strong on paper,” he said. “That can create a false sense of security because cyber recovery is very complex.” Analyst Read: Forensic Recovery Is Central to Cyber Resilience Cyber Recovery is Not FixedWoodcock explained that many organisations confuse documented plans with actual readiness. Cyber recovery is not fixed; it must change with the infrastructure, applications, and threats. “Change is the only constant in this industry,” he noted. “Things are shifting daily and weekly. What you had in place today can quickly become outdated.” Testing often suffers from time and budget constraints. Many companies test just once a year, if at all. Woodcock advises that quarterly testing should be the minimum. “You’d rather find those issues now instead of during a real ransomware incident.” The costs of misplaced confidence are high, such as prolonged downtime, growing financial losses, regulatory fines, and damage to reputation. Some survey participants reported recovery times of one to two weeks, while others took over a month. The more alarming truth is the risk of getting reinfected. “Enterprises might recover from the first outage and then be hit again,” Woodcock warned. “That extends the recovery time and increases the risk and damage.” How Modern Attackers Hack?One of the most revealing points from the discussion was how modern attackers operate once they gain access. A common way in is through VPN flaws and social engineering. “One of the first things they will do is examine existing documentation within your organisation to understand your recovery strategy,” Woodcock tells Dua. “They’ll look at your company’s cyber incident recovery planning document.” Attackers often target backup systems directly to wipe out recovery options before launching ransomware. In one case, Woodcock mentioned, a company’s local backup systems were compromised. Luckily, they had maintained immutable cloud backups, allowing them to recover even after the primary backup environment was breached. In other cases, entire primary environments were taken offline, forcing organisations to switch to secondary, isolated environments. “You need a safe, trusted, clean space to recover your environment,” he said. “That way, you can understand how the attack happened and be confident that your recovery is clean.” The idea of the "clean room," or an isolated recovery environment, has become crucial to modern cyber resilience strategies. AI vs. AI: A Weapon & a DefenceThe conversation also addressed artificial intelligence (AI), both as a weapon and a defence. Woodcock noted that cybercriminals are already using AI to refine phishing campaigns, increase attack frequency, and add complexity to evade detection. “They’re using AI to potentially improve the language in social engineering attacks or to raise the frequency of attacks,” he said. However, defenders are also making progress. 11:11 Systems collaborates with technology partners like Veeam, Cohesity, and Zerto, all of whom invest heavily in AI for spotting anomalies and providing real-time threat visibility. These tools can help organisations identify when an attack began and find the last known clean recovery point. “It helps them make quicker decisions,” Woodcock added. “They can make better choices by using AI to find the right recovery point.” However, he also cautioned against thinking that technology alone will solve the problem. “Technology by itself isn’t enough. It always comes down to the maturity level and expertise within the business.” Looking forward, Woodcock does not expect ransomware sophistication to slow down. Enterprises now face double extortion tactics—not just encrypted data but also threats of public exposure. “It’s not just ransomware encrypting data,” he said. “There’s also this evolving threat of being told that data will be made public.” In an era where attackers study your recovery plan before you implement it, resilience is about proof, not just documentation. Takeaways81% of IT leaders are overconfident in their recovery abilities.Cyber recovery is complex and requires a robust plan.Regular testing is essential for effective cyber recovery.Organisations often overlook recovery strategies in favour of prevention.AI is being used by cybercriminals to enhance attacks.The frequency of cyber attacks is increasing.Understanding application dependencies is crucial for recovery.A clean recovery environment is necessary to avoid reinfection.Decision-making during incidents can be time-consuming and impact recovery.Building a strong security culture is vital for organisations. Chapters00:00 Introduction to Cyber Resilience01:46 Understanding the Cyber Recovery Gap07:17 Overconfidence in Cybersecurity12:37 The Importance of Testing in Cyber Recovery13:37 Multi-layered Approach to Cyber Recovery17:17 Real-world Cyber Attack Examples20:19 AI and the Future of Cybersecurity24:00 Emerging Threats in Cybersecurity26:31 Key Takeaways for IT Leaders For more information, please visit em360tech.com and a href="http://1111systems.com/" rel="noopener noreferrer"...

    28 min
  7. Unmasking the Invisible Threat: Defend Your APIs Before Attackers Do

    MAR 11

    Unmasking the Invisible Threat: Defend Your APIs Before Attackers Do

    Podcast series: The Security Strategist Guest: Chip Witt, Principal Security Analyst at Radware Host: Richard Stiennon, Chief Analyst Researcher at IT-Harvest When attackers target modern enterprises, they don’t break in; they log in. This insight came from the recent episode of The Security Strategist Podcast, where host Richard Stiennon, a cybersecurity analyst and Chief Analyst Researcher at IT-Harvest, speaks to Chip Witt, Principal Security Analyst at Radware. The conversation spotlights a critical issue faced by most enterprises – defending APIs as if they are just infrastructure while attackers exploit them as part of the business logic. That gap represents the real risk. What’s the Core Misunderstanding with APIs?As per Witt, enterprise teams often view APIs as technical plumbing instead of business products. Security programs focus on endpoints and authentication, believing that a locked front door means the house is safe. However, the true risk lies deeper — in authorisation logic, identity sprawl, and how applications change over time. Modern development methods lead to constant API drift. New routes appear, fields change, and versions multiply. In many organisations, security leaders cannot confidently state which APIs are live in production. The uncertainty to many is theoretical, but in reality, it’s an operational risk. Also Watch: How Do You Stop an Encrypted DDoS Attack? How to Overcome HTTPS Challenges How are Enterprises Shifting Towards Intent-Aware Protection?As enterprises speed up their use of serverless architectures, microservices, and AI-driven applications, API sprawl intensifies. With sprawl, the security model cannot remain unchanged while the application structure evolves. According to Witt, the future of API security must be intent-aware. Protection should assess whether a sequence of calls makes sense within its context for the user, system, or resource initiating them. Simply confirming identity is not enough; security also needs to validate behaviour. Zero trust principles have reshaped strategies for networks and identities. APIs now require similar scrutiny—not just at the perimeter, but within the workflow itself. APIs are no longer just back-end connectors; instead, they are now the visible surface of the enterprise. The most concerning attacks are not brute-force attempts. Most distressing attacks, in fact, are authenticated actions carried out with malicious intent. Organisations that continuously track their APIs, enforce strict authorisation, and identify workflow misuse in real time can significantly reduce their risk of breaches. More importantly, they can align security with the business pace. In today’s digital economy, APIs are the product. TakeawaysAPIs are your primary business attack surface, not back-end infrastructure.Most damaging API attacks use valid credentials and exploit weak authorisation.Visibility gaps and API drift quietly expand your exposure over time.Machine-to-machine identities often carry excessive, unmonitored privileges.Runtime, intent-aware detection is now essential to stopping business logic abuse. Chapters00:00 Introduction to API Security02:04 Understanding API Misconceptions04:49 Current API Threat Landscape06:43 Business Logic Abuse in APIs09:11 Challenges in API Security12:03 Runtime Protection and Intent Detection13:40 Key Takeaways for IT Decision Makers For more information, please visit em360tech.com and radware.com Follow: @EM360Tech on YouTube, LinkedIn and X Radware YT: @radware Radware LinkedIn: https://www.linkedin.com/company/radware/ Radware X: @radware #APISecurity #BusinessLogicAbuse #AuthenticatedAttacks #RuntimeProtection #IntentAwareSecurity #Radware #Cybersecurity2026 #OWASP #BusinessLogic #ZeroTrust #TechPodcast #EnterpriseSecurity #IntentAwareProtection #TheSecurityStrategist #Cybersecurity

    13 min
  8. How CISOs Can Reduce Enterprise Data Risk Without Slowing the Business

    FEB 24

    How CISOs Can Reduce Enterprise Data Risk Without Slowing the Business

    In an era where enterprise data sprawls across cloud platforms, collaboration tools, and SaaS environments, CISOs are under constant pressure to reduce risk without becoming the department that slows everything down. That tension sits at the heart of a recent episode of the Security Strategist, where host Jonathan Care speaks with Ariel Zamir, founder and CEO of Ray Security, about what pragmatic, modern data security actually looks like. Their conversation cuts through the noise around cybersecurity tools and frameworks and focuses instead on how CISOs can think differently about enterprise data, risk management, and control. Understanding Enterprise Data Risk Starts With RealityOne of the most grounded points Zamir makes is also the simplest, and that is, most enterprise data is not being used. At any given time, around 98 per cent of enterprise data sits dormant. From a data security perspective, that should immediately raise questions. Why is data that no one needs today exposed in the same way as data actively driving the business? For CISOs, this reframes the challenge. Instead of trying to secure all data equally, the priority becomes understanding which data is actually accessed, by whom, and when. This shift matters because risk does not come from volume alone, but from unnecessary exposure. Dormant data with overly broad access control is often invisible to the business, yet highly visible to attackers. By grounding cybersecurity decisions in how data is really used, security teams can reduce enterprise data risk without introducing friction for employees who are simply trying to do their jobs. Permission Hygiene, Access Control, and Dynamic SecurityA recurring theme in the discussion is permission hygiene. Over time, access rights accumulate. People change roles, projects end, contractors leave, but permissions rarely get cleaned up. The result is an expanding attack surface that no amount of policy documentation can realistically govern. Zamir argues that improving permission hygiene and access monitoring should come before heavy data classification initiatives. Tightening access control, understanding access patterns, and removing unnecessary permissions can dramatically reduce risk with relatively low operational impact. Crucially, this does not mean locking everything down. Dynamic controls play a key role here. Instead of blocking access by default, organisations can monitor for unusual behaviour and respond in context. Alerts, step-up verification, or temporary restrictions allow security teams to manage risk while preserving user experience. From a business perspective, this approach aligns far better with how work actually happens. This is also where agentic AI and agentless monitoring enter the picture. As autonomous systems increasingly access data on behalf of users, traditional identity-based controls struggle to keep up. Agentless approaches help close coverage gaps without requiring intrusive deployments, while agentic AI introduces new questions about accountability and oversight that CISOs can no longer ignore. Just-in-Time Classification and the Legal Implications of AutomationTraditional data classification has long been treated as a foundational security activity, but the podcast challenges that assumption. Classifying vast amounts of dormant data upfront is expensive, slow, and often disconnected from real risk. Instead, Zamir advocates for just-in-time classification, applying context only when data is accessed. This approach supports more effective risk management while easing the burden on security teams. It also aligns better with regulatory expectations, where proportionality and intent increasingly matter. However, automation and agentic AI introduce legal implications that CISOs must consider when developing their strategies. When autonomous agents access, move, or transform data, organisations need clarity on responsibility, auditability, and compliance. Dynamic controls and temporal insights into data access are not just technical safeguards; they are essential for demonstrating governance in an environment where human and machine actions intersect. Taken together, the conversation highlights a more measured path forward. By focusing on how enterprise data is actually used, improving permission hygiene, and applying controls dynamically, CISOs can enhance data security without slowing down the business. It is less about adding more tools and more about making smarter, context-aware decisions in a landscape where risk is shaped by time, access, and intent. For more information on this, visit: https://raysecurity.io/ TakeawaysAround 98 per cent of enterprise data sits idle, creating hidden security risks.Focusing on data dormancy helps prioritise protection and reduce exposure.Permission hygiene and dynamic controls reduce risk without slowing business workflows.Just-in-time classification cuts overhead by securing data only when accessed.Agentless monitoring and oversight of agentic AI improve coverage and accountability.Legal and governance frameworks must evolve to handle autonomous data access. Chapters00:00 Introduction to Cybersecurity Challenges 01:38 Understanding Data Dormancy and Its Implications 05:10 Focusing on Critical Data for Security 08:21 The Importance of Permission Hygiene 10:53 Just-in-Time Classification for Data Security 12:28 Dynamic Controls for Business Needs 16:43 Agentless Monitoring and Coverage Gaps 19:32 Integrating Logs and APIs for Security 21:34 Future Trends in Cybersecurity

    28 min
See All (212)

About

With cyber attacks more common than ever before and each attack becoming increasingly sophisticated, security teams need to be one step ahead of cybercrime at all times. “The Security Strategist” podcast delves into the depths of the cybercriminal underworld, revealing practical strategies to keep you one step ahead. We dissect the latest trends and threats in cybersecurity, providing insights and expect-backed solutions to protect your organisation effectively. Tune into this cybersecurity podcast as we dissect major threats, explore emerging trends, and share proven prevention strategies to fortify your defences.

Information

  • Creator
    EM360Tech
  • Years Active
    2020 - 2026
  • Episodes
    212
  • Rating
    Clean
  • Copyright
    © Copyright 2026 EM360Tech
  • Show Website
    The Security Strategist