404: Ep. 1 - Pilot

Our in-house cyber-security expert, Luke Hill, explains the importance of cyber awareness training for your business.

John Strand is the owner of Black Hills Information Security, and he has over 2 decades of experience in cybersecurity. In this podcast, David and Brad from Samurai interview John and share stories and anecdotes about their dealings with organisations across all verticals over the years. When you start planning against a hack, you need to make sure that you can identify your risks. When you strip down risk to its core, it boils to threats and vulnerabilities. Don’t be blinded by one aspect of the danger and assume that the same threat will be repeated. An attacker will never follow just one type of methodology. The threat actors will use any technique at their disposal! Listen further to find out what the best approach is to start protecting your organisation.

The red team instigates the trouble when it comes to penetration testing. Red teaming is quite aggressive - a nuclear version of a pen test if you will. The red team goes the whole hog, and all vulnerabilities are exposed. Blue teaming is more defensive, and it is all about evaluating the detection/prevention tools you have put in place to protect yourself against an attack. Purple teaming is a joint red and blue test. Brad Thomas probes Dr. David Day to give us the scoop on red, blue, and purple teaming in this podcast. Listen in.

Cybersecurity relates back to the basic tenets of confidentiality, integrity and availability of data. Confidentiality is inextricably linked to passwords protection, integrity requires for information to be delivered without interception or alteration and it is crucial that against all odds, business systems remain available and robust against attacks. Brad Thomas explores all these concepts, and much more in this cybersecurity podcast with Dr David Day. Listen in for more insights.

When evaluating your cybersecurity health, always start with a risk assessment. There are so many different attacks and prevention mechanisms to consider, that you may not know which one is the most important to fix. It is important to have standards and frameworks to follow. However, frameworks can be subjective as not all organisations are the same. You cannot apply a one-size-fits-all approach when needs in terms of business processes, functions, culture, and risk appetite differ. Brad Thomas asked Dr. David Day to share his thoughts on the importance of doing a risk assessment. Take a listen.

When you do not remain secure online, you put everyone in your organisation at risk! Cybersecurity should not be about ‘box-ticking’. You can get the certification, but compliance does not equal security. And we can run all the penetration tests and cybersecurity reviews, but it is vital to implement the advice that follows. Unfortunately, we have had a few instances where clients would simply ignore our findings, or they were seeking findings to support their decisions. Listen to how Dr. David Day digs deep into his treasure trove of experiences and shares a few gripping stories with Brad Thomas on what happens when Samurai's advice is ignored. All shared anonymously, of course!

SS7 signalling protocol has been around since 1975, and it is archaic to say the least. Remarkably, we are still dependant on SS7 as a protocol for SMS. Dr David Day and Kieran Twidale-Smith explores the issues relating to SMS

We willingly allow our minds to be programmed to conform to how the creator of the content has intended. And in doing that, there is no mindfulness or effort to filter the content.  Brad Thomas delves deeper into the subject matter with Dr David Day

Dr David Day sheds some light on the topic of Brain Computer Interfaces. As we unpack this topic, it is crucial that we also look at the cybersecurity implications.