Every year we are asked the question, 'what are your cybersecurity predictions for this year?', but is there really any value in predictions and have cybersecurity threats really changed that much over the years? Holly Grace Williams, takes a look back at last years predictions to see how accurate they really were, and to discusses the most prominent threats for 2020. Key points: 3'35 Cloud outages 4'16 Nation state attacks 4'48 SQL injection 5'26 Supply chain risk 5'52 Ransomware 10'18 Phishing...
Feb 13, 2020•22 min
We invite our most popular interviewee of last year, Mike Koss, back into the studio to discuss one of the emerging cyber threats of the modern day – deepfakes. Mike discusses how this machine learning model, fakes content, and the impact it can have on business. Key Points: 0’43 What is a deepfake? 3’32 What fake content might be used for 10’00 Faking audio 14’13 Faking videos 16’56 Faking photos 22’53 Educating and preparing organisations for deepfakes 28’05 Detecting fake content with algorit...
Feb 03, 2020•40 min
Ransomware has been around since the 80's and unfortunately, due to it's effectiveness, it's not going away. Holly Grace Williams's discusses the recent Travelex ransomware attack - what we can learn from it, how to deal with being held to ransom and predictions for the future. Key points: 0'35 The Travelex breach 7'14 A two-part ransomware attack 9'17 Keep your systems up to date! 10'41 Why attackers use ransomware 13'23 Media response following a breach 15'38 What should you do if you're held ...
Jan 30, 2020•21 min
According to the BSIA's report on CCTV surveillance, there is approximately 6 million cameras in the UK. But who owns these cameras and how is the data being stored and used? Pauline Norstrom, the Founder & CEO of a boutique consultancy focusing on technology for video surveillance, joins us to discuss facial recognition and the future of AI in the industry. Key points: 0’22 Guest introduction 3’50 The picture is not clear - how many CCTV surveillance cameras in the UK?* 5’48 The concerns of fac...
Jan 23, 2020•38 min
We are kicking off our new season of the Hacked Off podcast with an interview with Jenny Radcliffe, Founder & Director of Human Factor Security. Jenny speaks to Secarma’s Technical Director Holly Grace Williams, about the fascinating world of social engineering. 0’26 Guest introduction 6’05 Where companies should start with social engineering 9’32 Exploiting the pattern of life 10’56 The importance of pre-engagement research 14’07 Stumbling across other hackers! 18’19 The aim of a physical acces...
Jan 16, 2020•59 min
Catch up on November's cybersecurity news with our month in review. From the Labour Party DDoS attack to the phising attack on the new Disney Plus streaming service, Holly Grace William's discuss the importance of balancing user experience and security. 0'32 Cybersecurity highlights of November 1'05 The Labour Party DDoS attack 7'23 The Disney Plus hack 9'46 Password managers 11'48 Balancing user experience and security Download on iTunes: apple.co/2Ji61Ek Listening time: 16 minutes Hosted by: H...
Nov 28, 2019•16 min
'When you're doing a penetration test, do you ever find hackers?' After receiving this question a few times recently, our Technical Director Holly Grace Williams discusses how likely it is for a pentester to discover that an organisation has been breached and how to deal with this situation. Key points: 1'10 What a pentester will do when they discover a beach 1'46 The signs of a breach 3'05 Different ways companies have discovered breaches 7'55 What action to take after discovering you've been c...
Nov 21, 2019•16 min
With Black Friday and Cyber Monday only round the corner, Holly Grace Williams talks about cybersecurity during busy retail periods from both a consumer and retailer's point of view. Here's what to keep an eye out for and how to stay safe! 1'49 The NCSC's guidance for Black Friday. 2'47 The kind of phishing attacks consumers need to keep an eye out for. 9'44 Attackers aren't always after your credit card details 10'57 Cybersecurity for retailers around busy retail seasons 12'51 Why your website ...
Nov 14, 2019•20 min
After running a poll on Twitter earlier in the year asking "Is SMS based multi-factor authentication better than no multi-factor authentication or should it never be used?", Holly Grace Williams discusses the pros and cons of password managers and multi-factor authentication. Key points: 1'15 How passwords managers work 2'21 The concerns with password managers 4'00 Weighing up the risk 6'29 Two-factor authentication 10'10 Two-factor authentication vs two-step authentication 13'00 Googles researc...
Nov 07, 2019•20 min
There have been a lot of security breaches this month, including NordVPN, Avast and Adobe all falling victim to cyber crime. Holly Grace Williams takes a look at the NordVPN's server breach, what we can learn from it and then discusses why you might want to choose a Virtual Private Network. Key points: 1'03 The NordVPN breach 2'08 Why use a Virtual Private Network? 4'37 Which VPN should you use? 8'43 How NordVPN's breach has impacted the VPN conversation 11'19 What features to look for 13'30 Who...
Oct 31, 2019•18 min
Our technical director, Holly Grace, speaks to Ian Murphy the Co-Founder of LMNTRIX about different ways of catching attackers - such as threat hunting, adversarial deception, and threat intelligence. Key Points: 0'32 Guest introduction 1'22 LMNTRIX 3'40 An over reliance on logs 8'44 What is threat hunting? 11'10 Where do you start with threat hunting? 18'30 What is deception? 32'48 Machine learning and adversarial detection 42'20 The difference between the deep web and the dark web Download on ...
Oct 24, 2019•54 min
How much should you spend on cybersecurity? Whilst there isn't a definitive answer to this question or a one-size-fits all answer, our Technical Director Holly Grace Williams, takes a look at how to measure your risk to determine an answer suitable for your organisation. 0'39 According to statistics... 2'09 Estimating breach costs 6'19 Cybersecurity insurance 7'53 What's your cybersecurity maturity? 9'59 Threat modelling 13'13 What kind of security should you be investing in? Send us you cyberse...
Oct 17, 2019•17 min
Secarma’s Technical Director Holly Grace Williams, is joined by Secarma’s People & Event manager Lucy Leaper, to discuss some of the most common cybersecurity misconceptions. From money concerns to the ‘it won’t happen to me’ attitude, Holly debunks certain cybersecurity beliefs, which may be leaving your organisation vulnerable. Key points: 1’00 “There’s no ROI with security testing” 5’39 “Cybersecurity isn’t my responsibility” 9’59 “My hosting provider covers our cybersecurity” 13’27 “It won’t...
Oct 10, 2019•32 min
Last month an iPhone bootrom exploit dubbed ‘checkm8’ was discovered by researcher axi0mX. This unpatchable vulnerability could give hackers access to iPhones but is it really something we need to be concerned about? 1’40 The new iPhone vulnerability 4’37 Discovering ‘checkm8’ and how it works 11’30 What we can learn from this vulnerability? 13’36 The price of vulnerabilities – bug bounties and brokers 20’53 Which iPhones are affected and how they’re affected 23’21 Is it really something we shou...
Oct 01, 2019•26 min
For those who missed The Future of Cyber Security in Manchester this week, our Technical Director Holly Grace Williams, presents her talk on malicious software and how automation will increase the impact of malware attacks. She also discusses the conversation she had with the Q&A panel on cybersecurity insurance. Key points: 1'23 Malicious software hasn't really changed 2'06 A look back on some historical ransomware attacks 3'05 Wannnacry 7'43 Notpetya 14'15 Should cyber insurance be mandatory? ...
Sep 26, 2019•26 min
In the last 12 months, 822 cyber dependent crimes were reported into Greater Manchester Police, costing the victims £1.2 million. Neil Jones, the Detective Superintendent of GMP, is speaking to us today to raise awareness about his cyber investigation team and how they can support you after a cyber-attack. He also discusses how the new Cyber Resilience Centre, which is backed by GM police, can help support smaller businesses protect themselves from cyber-crime. Key Points: 0’52 What is The Cyber...
Sep 19, 2019•37 min
What does vulnerability management, mean to you? How do you deal with these issues and track this information? Our Technical Director, Holly Grace Williams discusses the process of pulling together vulnerability information and how certain industry scoring systems for vulnerabilities can be misleading. Key points: 0’43 Keeping track of vulnerability information 3’30 Vulnerability aggregation 6’10 Scoring vulnerabilities with CVSS 12’45 ‘High risk’ can mean different things 19’25 Grouping assets ...
Sep 12, 2019•36 min
Introducing our new monthly podcast updating you with the latest cybersecurity news, we kick off ‘A Month in Review’ with some security conference controversy! Our Technical Director Holly Grace Williams discusses the BSides Twitter battle about corporate involvement and the controversial talk Crown Sterling presented at Blackhat. Key points: 1’00 The benefits of security conferences 4’29 The ‘Twitter battle’ about corporate involvement at BSides 11’17 Corporate sponsorship for corporate talks 1...
Sep 05, 2019•37 min
Some of the most common cybersecurity issues have been around for decades and whilst basic security practices can help protect organisations against these threats, businesses are still struggling to implement security basics. We talk phishing, patching and supply chain risk with the new Head of InfoSec at The University of Salford, Greg van der Gaast and why organisations need to be playing the long game when it comes to security. 0’22 Guest introduction 0’54 Why do companies struggle with secur...
Aug 29, 2019•55 min
Cybersecurity isn’t just a barrier. If leveraged correctly, it can help to improve and grow your business.The Cyber Foundry project, a European regional development fund program, has been designed to encourage and demonstrate to SMEs how to do just that. In this episode, we speak to the Project Manager of The University of Manchester, Brian Higgins, who runs us through delivering this unique initiative. We cover how businesses in all sectors are at risk of cyber crime, some common security probl...
Aug 22, 2019•44 min
In 2016 it was reported that the Russian government targeted the US election system, and whilst there wasn’t any evidence that votes were tampered with, they could have changed data or even deleted voters. With the start of the US presidential 2020 election campaigns, we take a look at why you’d want to hack an election and the pros and cons of online voting. Key points: 1’00 Why would you want to hack an election? 4’13 The challenges of online voting 8’34 The ‘public intrusion test’ on the Swis...
Aug 15, 2019•32 min
Ever wondered if you should be hiring a cybersecurity advisor or CISO, or whether the roles you currently have in place are right for your organisation? Mark Avery, Independent Cybersecurity Advisor, talks about the different CISO options, the pros and cons of these roles and how they can help support your organisation. He also discusses the challenges of the CISO role. How it is often misunderstood, resulting in demanding workloads and eventually burn out. Key points: 0’24 Guest Introduction 2’...
Aug 08, 2019•35 min
Book author, founder of the IN Security movement, judge to numerous awards in business, books and security; Jane Frankland has worn many hats over her 22 years in cybersecurity. She talks with passion about her work with leaders and women in cybersecurity, helping them build enviable and impactful results, going from being burnt out and under appreciated to being motivated, connected and sought after. Key points include: 0’41 Guest introduction 3’24 Burn out in security industry 6’23 The benefit...
Aug 01, 2019•48 min
Whilst the British Airways breach of 2018 is 'old news' it has been bought to the fore front of everyone's mind with the recent announcement that they face a record-breaking GDPR fine of £183 million. Secarma's Technical Director discusses what we know about the BA breach, the misconceptions over what may have happened and the remediation steps you can take after a data breach. 2'25 - What happened to British Airways? 13’31 - Attack misconceptions 15’51 - Have there been similar attacks? 21'45 -...
Jul 25, 2019•29 min
Mike Koss, Head of Security and Risk at N Brown Group reminisces about the ‘good old days’ when security was just a hobbyist thing, his career in IT security and how he believes the future of the CISO role it should be developed into a business position and a separate technical position. Key points include: 0’30 Guest introduction 1’38 IT security in retail 11’21 Security relationships with the board 14’37 When security was just a hobbyist thing! 24’13 The pros and cons of bug bounties 30’16 Cap...
Jul 18, 2019•1 hr
Secarma’s Technical Director Holly Grace Williams speaks to Mo Ahddoud Security Consultant and interim CISO, about his vast experience in the cybersecurity industry. They cover everything from the difference between a Security Manger and CISO role, the benefits of working with start ups and a little bit about his experience working with critical infrastructure. 0’49 Guest introduction 1’50 The Security Manager role vs the CISO role 4’06 The CISO role in different sectors 10’04 How to separate th...
Jul 11, 2019•55 min
We talk to Zeshan Sattar, Director of Learning & Skills Certification at CompTIA, about how organisations like CompTIA can help people not only in getting certified, but reskilling, upskilling and networking within IT and Cybersecurity. 1’53 What is CompTIA? 6’00 Developing the exams with industry experts 8’24 Continuing professional development with certifications 13’56 Who are these certifications for and where do you start? 18’36 What is a BETA exam? 22’56 CompTIA isn’t just exams! How they h...
Jul 04, 2019•42 min
We talk to Senior Security Consultant Thomas Ballin, on what he thinks are the major facets of red team engagements, how they can differ by provider or scenario, and how he thinks they might evolve over time. 0’32 Thomas’ unconventional route into the cybersecurity industry and his role at Secarma 4’31 The many ‘definitions’ of penetration testing 7’30 The benefits of red teaming and where to start 15’02 The race between attack and defence 20’15 Debriefing after a red team 26’00 The future of re...
Jun 27, 2019•48 min
We take a look at the history of malicious software, some of the oldest known attacks and how it has changed over the years. Holly also speaks about her own personal experience of the 2017 Notpetya attack and predicts what the future holds for malicious software attacks. It doesn’t look good… 1’22 Different types of malicious software 5’33 The oldest known malware attacks 12’13 Dealing with the Notpetya attack 16’14 Automated propagation 19’24 Manual propagation 20’24 The future of malware 21’47...
Jun 20, 2019•33 min
We share the talk we presented at UKFast’s recent Cybersecurity 101 workshop, in a little more detail, discussing where companies should start with cybersecurity and how they can be comfortable that they have covered a broad enough area of security to be safe. 1’41 What is Cyber Essentials and is it right for your company? 5’57 Risk management – building a security culture and getting the board involved 10’39 Security protections – what you can do yourself and when to get a third party involved ...
Jun 13, 2019•39 min
