Understanding Cyber

The Bottom Line Cash! We talk about funding cyber security, when you need funding, and top tips on how to secure funding. If you want any cyber security support please get in contact with the team by email info@clearcutcyber.com or visit the website clearcutcyber.com Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Cyber Essentials - Part 2: We first tackled cyber essentials in 2021 - since then there have been a number of updates and changes, as well as our understanding changing. We are therefore revisiting CE. In this part we cover 8 more tips to achieve CE, including the elements that are not obvious. This advice stems from us advising and supporting complex organisation is gaining CE. If you want any cyber security support please get in contact with the team by email info@clearcutcyber.com or visit the website clearcutcyber.com Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Cyber Essentials - Part 1: We first tackled cyber essentials in 2021 - since then there have been a number of updates and changes, as well as our understanding changing. We are therefore revisiting CE. In this part we cover what it is, when you might want it, and 2 tips to make gaining CE easier. Part 2 contains 8 more tips, including the elements that are not obvious. This advice stems from us advising and supporting complex organisation is gaining CE. If you want any cyber security support please get in contact with the team by email info@clearcutcyber.com or visit the website clearcutcyber.com Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

How CISOs sleep at night - aka Assurance: The final episode of our special series on risk. Matt, Tom and Toby discuss how you can assure your risks, ensuring your risk understanding and prioritisation is correct, and your mitigation work effectively. If you want any cyber security support please get in contact with the team by email info@clearcutcyber.com or visit the website clearcutcyber.com Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Risking It All: Episode three of four in our special series on risk. Matt and Tom continue their journey through cyber risk management, and talk about how we might go about accepting certain levels of risk. Exercising, threat modelling, and a good comms plan all feature. If you want any cyber security support please get in contact with the team by email info@clearcutcyber.com or visit the website clearcutcyber.com Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Risky Tools and Techniques by Clear Cut Cyber Ltd

In the first of a four-part series on risk we examine what risk management means in the cyber world, how people get it wrong, and how to solve it. Featuring special guest, and Clear Cut Cyber risk expert, Matt. If you want any cyber security support please get in contact with the team by email info@clearcutcyber.com or visit the website clearcutcyber.com Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Learn how to plan cyber incident response We explain how to plan for cyber incident response. The elements that make up the plan, the stages that take place during cyber incident response, the key things to do ahead of an incident, and how to learn more. If you want any cyber security support please get in contact with the team by email info@clearcutcyber.com or visit the website https://clearcutcyber.com Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

What is a CISO? In this episode Toby and Tom are joined by a special guest - Dr Andy Grayland. Andy is an experienced CISO, and currently fills that role for Silobreaker. He joins the team to discuss what a CISO is, what the role entails, when you need one, and what he thinks the most important actions and skills are for a new CISO. If you want any cyber security support please get in contact with the team via the website: clearcutcyber.com or to learn more about Silobreaker go to Silobreaker.com. Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Security assessments In this episode Toby and Tom discuss what security assessments are, different types of assessment, and how they are conducted. They also talk through some of the assessments they have conducted. If you want any cyber security support please get in contact with the team via the website: clearcutcyber.com. Including free cyber security health checks for charitable organisations. Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

What is important? In this episode Toby and Tom discuss why understanding the business impact is key to context for any cyber security programme, and a process for working it out. If you want any cyber security support please get in contact with the team via the website: https://clearcutcyber.com Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Cyber Essentials In this second part of the cyber essentials scheme we examine what the scope of it is, how you define your scope, and what is not in scope. Further reading: NCSC website: https://www.ncsc.gov.uk/cyberessentials/overview IASME (NCSC partner): https://iasme.co.uk/cyber-essentials/ Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Cyber Essentials The UK has a certification scheme called Cyber Essentials to help improve cyber security. In this podcast we help you understand what the cyber essentials and cyber essentials plus schemes are, and why you should follow the advice contained in the essentials. This podcast provides and overview of the scheme, and later podcasts will go into the detail of them. Further reading: NCSC website: https://www.ncsc.gov.uk/cyberessentials/overview IASME (NCSC partner): https://iasme.co.uk/cyber-essentials/ Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Honeypots and Deception Ever wondered what honeypots have to do with cyber security and how to use them to give high quality alerts about an attack? Listen to understand. Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 25 - OT / Operational Technology We understand: What is OT, what is the difference between OT and IT, why this difference matters, and why you need to think differently when securing OT. Read more about OT: https://en.wikipedia.org/wiki/Operational_technology Black energy OT attack that Tom described: https://en.wikipedia.org/wiki/BlackEnergy Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 25 - Cryptography 2 We continue to understand: What is cryptography, this time focussing on asymmetric crypto, how how it is a fundemental part of the internet and security - all without any maths! Key exchange colours - in video! https://www.youtube.com/watch?v=d_FU9tZIo10 Wikipedia on public key crypto: https://en.wikipedia.org/wiki/Public-key_cryptography Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 24 - Cryptography 1 We understand: What is cryptography, why is it important, and what are its applications - all without any maths! Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 23 - Understanding Apps and Web Apps We understand: What is an App? When did they start being called apps? How do they work? Whats a web app and why are apps much more reliant on the internet today? How might an app be comprimised? Further reading: https://en.wikipedia.org/wiki/Mobile_app https://edu.gcfglobal.org/en/computerbasics/understanding-applications/1/ https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 22 - AI We understand: What is AI, how does it work, its history and future, use cases, and potential vulnerabilities Further reading: Wikipedia: https://en.wikipedia.org/wiki/Artificial_intelligence Oxford uni paper: http://www.fhi.ox.ac.uk/Reports/2008-3.pdf Code bullet youtube: https://www.youtube.com/c/CodeBullet/ ZDNet: https://www.zdnet.com/article/what-is-ai-everything-you-need-to-know-about-artificial-intelligence/ Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 20 - The Ransomware We understand what ransomware is, how it works, some notable examples and what to do it you suffer it. Further reading here: NCSC https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks NCA https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime Action fraud https://www.actionfraud.police.uk/ US Cert https://www.us-cert.gov/ FBI https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware No more ransom https://www.nomoreransom.org/ Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 20 - The Darkweb We explore what the Darkweb is, who uses it, how to access it, and why you should be careful of it. Further reading here: https://en.wikipedia.org/wiki/Dark_web https://us.norton.com/internetsecurity-how-to-how-can-i-access-the-deep-web.html Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 19 - Question and Answer - Q&A We cover a large number of questions that you are asked in this episode, including: Whats more secure Android or iPhone? Do I need AV on my phone? Why is hacking illegal? How do I know if a wifi network is safe? What is End to End Encryption? What is the blockchain? and more. Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 18 - working from home We cover the basics of security when working from home, specifically: protecting yourself from scams, protecting your network, how to securely access the office, and what happens if something goes wrong. Further reading: Resources SANS guide https://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit NCSC Guide https://www.ncsc.gov.uk/guidance/home-working Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 17 - Employee Identity and Access Management Dicko returns to chat to us about Employee and Identity Access Management. He explains how this technology can make life significantly easier and more secure for the business and IT departments, but why you want to carefully plan and test any rollout before going live. Further reading: NCSC Identity and Access Management: https://www.ncsc.gov.uk/guidance/introduction-identity-and-access-management Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 16 - Have I been hacked? Have you been hacked? How do you know? What to do if you have been? We address these questions and more in this episode. Further reading: NCSC small business recovery: https://www.ncsc.gov.uk/collection/small-business-guidance--response-and-recovery Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 15 - Cloud What is the cloud? We have all heard of it, but what exactly is it and what are the options? We look at what cloud is, public vs private cloud, and the different levels of service you can have. We also discuss the benefits and drawbacks of the cloud. Further reading: What is cloud - by Cloudflare: https://www.cloudflare.com/learning/cloud/what-is-the-cloud/ NCSC Cloud Security: https://www.ncsc.gov.uk/collection/cloud-security?curPage=/collection/cloud-security/implementing-the-cloud-security-principles Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 14 - Phishing We will cover - What is Phishing, Spear Phishing, Whaling, Vishing and Business Email Compromise and how to defend yourself from these attacks. Further reading: Example of a Vishing phone call: https://www.youtube.com/watch?v=uv4s_ltHzFw NCSC guidance: https://www.ncsc.gov.uk/guidance/phishing https://www.ncsc.gov.uk/guidance/suspicious-email-actions https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 13 - SIEM / Security Information Event Management A slight change - we have a guest! Our friend Dicko joins the show to explain what SIEM is, how it works, and when you might want one. Pretty business cyber security focused rather than home user. We went a bit longer than normal as Dicko had so much great material. Other resources + NCSC guidance: How to build a free (NCSC logger / SIEM) https://www.ncsc.gov.uk/blog-post/logging-made-easy NCSC managed security service guidance: https://www.ncsc.gov.uk/guidance/security-operations-centre-soc-buyers-guide CSO online: what is SIEM: https://www.csoonline.com/article/2124604/what-is-siem-software-how-it-works-and-how-to-choose-the-right-tool.html Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 12 - Email We will cover - What email is and how it works, email vulnerabilities, how to secure email, when email is not the best option, and top tips for using email. Further reading: NCSC guidance: https://www.ncsc.gov.uk/guidance/email-security-and-anti-spoofing https://www.ncsc.gov.uk/blog-post/improving-email-security https://www.ncsc.gov.uk/information/mailcheck Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 11 - Web Browsing We will cover - The difference between the internet and the world wide web (WWW), how a web browser works, what the padlock means, what cookies are, and how to stay safe online. Further reading: Get safe online (UK Gov): https://www.getsafeonline.org/protecting-your-computer/safe-internet-use/ Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 10 - Testing cyber security: Pentests and cyber exercises We will cover - Why you want to test your cyber security. How to do test your security. Different types of test / engagement, and when to use them. Further reading: NCSC pentesting guidance: https://www.ncsc.gov.uk/guidance/penetration-testing Cyber exercises: https://clearcutcyber.com/exercising-overview/ Info on bug bounties vs pentests: https://soroush.secproject.com/blog/2018/02/bug-bounty-vs-penetration-testing-simple-unbiased-comparison/ Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 8 - VPNs - Virtual Private Networks We will cover - What is a VPN. Why you might want to use them. How they keep you secure on the internet. Privacy considerations. How to choose a good VPN. Further reading: NCSC guide to VPNs (excellent): https://www.ncsc.gov.uk/collection/end-user-device-security?curPage=/collection/end-user-device-security/eud-overview/vpns Wikipedia info on VPNs https://en.wikipedia.org/wiki/Virtual_private_network Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 8 - DDOS and DOS (Denial of Service) We will cover - What is a DOS and DDOS. What is the difference. Why attackers might use them. How to protect against them. Further reading: NCSC blog on DOS: https://www.ncsc.gov.uk/collection/denial-service-dos-guidance-collection Wikipedia info on DDOS - includes history of and large attacks https://en.wikipedia.org/wiki/Denial-of-service_attack Cloudflare info on DDOS: https://www.cloudflare.com/en-gb/learning/ddos/what-is-a-ddos-attack/ Attack map showing attacks and research on costs etc: https://www.digitalattackmap.com/understanding-ddos/ LOIC!: https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 7 - Home Security Part 2 - IOT We will cover - What is IOT (Internet of Things). What are these things? How can they be attacked /abused. What to think about when buying / using them. How to secure them. Further reading: UK Goverment advice: staysafeonline.org/stay-safe-onlin…g-home-network/ www.cyberaware.gov.uk/ NCSC blog on how to fix all the things: https://www.ncsc.gov.uk/blog-post/fixing-all-things Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Episode 6 - Home Security Part 1 We will cover - What is a router and why it is important, how to connect to it, what settings on it to change, how to protect it, and how to keep it up to date. Music byJahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ Further reading: UK Goverment advice: https://staysafeonline.org/stay-safe-online/securing-key-accounts-devices/securing-home-network/ https://www.cyberaware.gov.uk/ Norton info page on Routers: https://us.norton.com/internetsecurity-iot-smarter-home-what-is-router.html

Understanding Cyber - Episode 5 - Social Engineering Today's show we explain what social engineering is, how it works, a small part of the science behind it, how to recognise when you are being social engineered, and how to protect yourself from it. Music byJahzzar and used under CC BY-SA 4.0 license: https://creativecommons.org/licenses/by-sa/4.0/ Further reading: Wiki on Robert Cialdine https://en.wikipedia.org/wiki/Robert_Cialdini Amazon link for his book on influence https://www.amazon.co.uk/Influence-Psychology-Robert-Cialdini-PhD/dp/006124189X A good explanation of the principals of persuasion https://www.influenceatwork.com/principles-of-persuasion/ Social Engineer Inc Podcast https://www.social-engineer.org/category/podcast/

Episode 4 - Anti Virus We will cover - What is Anti Virus, what does it protect from (more than just viruses). How does AV work - traditional and next generation. Why it is important to update your AV. Top Tips for using AV. Music byJahzzar and used under CC BY-SA 4.0 license: https://creativecommons.org/licenses/by-sa/4.0/ Further reading: Different types of scanning, false positives and other info: https://www.howtogeek.com/125650/htg-explains-how-antivirus-software-works/ Wikipedia: https://en.wikipedia.org/wiki/Antivirus_software Next Gen AV (by a next gen AV vendor): https://www.carbonblack.com/2016/11/10/next-generation-antivirus-ngav/

Episode 3 - How to hack We will cover - what is hacking, stages of hacking (gather info, get access, get to right place, do badness). Today is not how to protect yourself, because as we will see there are lots of different ways to attack, and therefore defend. Sorry, the audio quality is echoey - we had this problem for episodes 1 and 3, all others should be much better quality. Music byJahzzar and used under CC BY-SA 4.0 license: https://creativecommons.org/licenses/by-sa/4.0/

Understanding Cyber - Episode 2 - Passwords Why passwords are important, how a password might be attacked, how to create a good password, how attackers capitalise on bad passwords, how to store passwords and finally how to add extra security with 2 Factor Authentication - 2FA. Music byJahzzar and used under CC BY-SA 4.0 license: https://creativecommons.org/licenses/by-sa/4.0/

Understanding Cyber - Episode 1 - What is Cyber? We introduce the show, define cyber and cyber security, and take a look at what will be covered in the podcast. Sorry the audio quality is echoey - we had this problem for episodes 1 and 3, all others should be much better quality. Music byJahzzar and used under CC BY-SA 4.0 license: https://creativecommons.org/licenses/by-sa/4.0/ Further reading: Academic discussion and definition of cyber: https://commons.erau.edu/jdfsl/vol12/iss2/8/