Risky Tools and Techniques by Clear Cut Cyber LtdClear Cut Cyber Ltd

In the first of a four-part series on risk we examine what risk management means in the cyber world, how people get it wrong, and how to solve it. Featuring special guest, and Clear Cut Cyber risk expert, Matt.If you want any cyber security support please get in contact with the team by email info@clearcutcyber.com or visit the website clearcutcybe…

Learn how to plan cyber incident responseWe explain how to plan for cyber incident response. The elements that make up the plan, the stages that take place during cyber incident response, the key things to do ahead of an incident, and how to learn more.If you want any cyber security support please get in contact with the team by email info@clearcut…

What is a CISO?In this episode Toby and Tom are joined by a special guest - Dr Andy Grayland. Andy is an experienced CISO, and currently fills that role for Silobreaker. He joins the team to discuss what a CISO is, what the role entails, when you need one, and what he thinks the most important actions and skills are for a new CISO.If you want any c…

Security assessmentsIn this episode Toby and Tom discuss what security assessments are, different types of assessment, and how they are conducted. They also talk through some of the assessments they have conducted.If you want any cyber security support please get in contact with the team via the website: clearcutcyber.com. Including free cyber secu…

From Function to Fortification: identifying and securing critical business functionsIn this episode Toby and Tom discuss why understanding business impact is key to context for any cyber security programme, and a process for working it out.If you want any cyber security support please get in contact with the team via the website: https://clearcutcy…

Cyber EssentialsIn this second part of the cyber essentials scheme we examine what the scope of it is, how you define your scope, and what is not in scope.Further reading:NCSC website: https://www.ncsc.gov.uk/cyberessentials/overviewIASME (NCSC partner): https://iasme.co.uk/cyber-essentials/Music by Jahzzar and used under CC BY-SA 4.0 license: crea…

Cyber EssentialsThe UK has a certification scheme called Cyber Essentials to help improve cyber security. In this podcast we help you understand what the cyber essentials and cyber essentials plus schemes are, and why you should follow the advice contained in the essentials. This podcast provides and overview of the scheme, and later podcasts will …

Honeypots and DeceptionEver wondered what honeypots have to do with cyber security and how to use them to give high quality alerts about an attack? Listen to understand.Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/Clear Cut Cyber Ltd

Episode 25 - OT / Operational TechnologyWe understand: What is OT, what is the difference between OT and IT, why this difference matters, and why you need to think differently when securing OT.Read more about OT:https://en.wikipedia.org/wiki/Operational_technologyBlack energy OT attack that Tom described:https://en.wikipedia.org/wiki/BlackEnergyMus…

Episode 25 - Cryptography 2We continue to understand: What is cryptography, this time focussing on asymmetric crypto, how how it is a fundemental part of the internet and security - all without any maths!Key exchange colours - in video!https://www.youtube.com/watch?v=d_FU9tZIo10Wikipedia on public key crypto: https://en.wikipedia.org/wiki/Public-ke…

Episode 24 - Cryptography 1We understand: What is cryptography, why is it important, and what are its applications - all without any maths!Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/Clear Cut Cyber Ltd

Episode 23 - Understanding Apps and Web AppsWe understand: What is an App? When did they start being called apps? How do they work? Whats a web app and why are apps much more reliant on the internet today? How might an app be compromised?Further reading:https://en.wikipedia.org/wiki/Mobile_apphttps://edu.gcfglobal.org/en/computerbasics/understandin…

Episode 22 - AIWe understand: What is AI, how does it work, its history and future, use cases, and potential vulnerabilitiesFurther reading:Wikipedia: https://en.wikipedia.org/wiki/Artificial_intelligenceOxford uni paper: http://www.fhi.ox.ac.uk/Reports/2008-3.pdfCode bullet youtube: https://www.youtube.com/c/CodeBullet/ZDNet: https://www.zdnet.com…

Episode 20 - The RansomwareWe understand what ransomware is, how it works, some notable examples and what to do it you suffer it.Further reading here:NCSChttps://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacksNCAhttps://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crimeAction fraudhttps://www.actionfraud.police.u…

Episode 20 - The DarkwebWe explore what the Darkweb is, who uses it, how to access it, and why you should be careful of it.Further reading here:https://en.wikipedia.org/wiki/Dark_webhttps://us.norton.com/internetsecurity-how-to-how-can-i-access-the-deep-web.htmlMusic by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa…

Episode 19 - Question and Answer - Q&AWe cover a large number of questions that you are asked in this episode, including: Whats more secure Android or iPhone?Do I need AV on my phone?Why is hacking illegal?How do I know if a wifi network is safe?What is End to End Encryption?What is the blockchain?and more.Music by Jahzzar and used under CC BY-SA 4…

Episode 18 - working from homeWe cover the basics of security when working from home, specifically: protecting yourself from scams, protecting your network, how to securely access the office, and what happens if something goes wrong.Further reading:ResourcesSANS guidehttps://www.sans.org/security-awareness-training/sans-security-awareness-work-home…

Episode 17 - Employee Identity and Access ManagementDicko returns to chat to us about Employee and Identity Access Management. He explains how this technology can make life significantly easier and more secure for the business and IT departments, but why you want to carefully plan and test any rollout before going live.Further reading:NCSC Identity…

Episode 16 - Have I been hacked?Have you been hacked? How do you know? What to do if you have been? We address these questions and more in this episode.Further reading:NCSC small business recovery:https://www.ncsc.gov.uk/collection/small-business-guidance--response-and-recoveryMusic by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.or…

Episode 15 - CloudWhat is the cloud? We have all heard of it, but what exactly is it and what are the options? We look at what cloud is, public vs private cloud, and the different levels of service you can have. We also discuss the benefits and drawbacks of the cloud.Further reading:What is cloud - by Cloudflare:https://www.cloudflare.com/learning/…

Episode 14 - PhishingWe will cover - What is Phishing, Spear Phishing, Whaling, Vishing and Business Email Compromise and how to defend yourself from these attacks. Further reading:Example of a Vishing phone call:https://www.youtube.com/watch?v=uv4s_ltHzFwNCSC guidance:https://www.ncsc.gov.uk/guidance/phishinghttps://www.ncsc.gov.uk/guidance/suspic…

Episode 13 - SIEM / Security Information Event ManagementA slight change - we have a guest! Our friend Dicko joins the show to explain what SIEM is, how it works, and when you might want one. Pretty business cyber security focused rather than home user. We went a bit longer than normal as Dicko had so much great material.Other resources + NCSC guid…

Episode 12 - EmailWe will cover - What email is and how it works, email vulnerabilities, how to secure email, when email is not the best option, and top tips for using email.Further reading:NCSC guidance:https://www.ncsc.gov.uk/guidance/email-security-and-anti-spoofinghttps://www.ncsc.gov.uk/blog-post/improving-email-securityhttps://www.ncsc.gov.uk…

Episode 11 - Web BrowsingWe will cover - The difference between the internet and the world wide web (WWW), how a web browser works, what the padlock means, what cookies are, and how to stay safe online.Further reading:Get safe online (UK Gov):https://www.getsafeonline.org/protecting-your-computer/safe-internet-use/Music by Jahzzar and used under CC…

Episode 10 - Testing cyber security: Pentests and cyber exercisesWe will cover - Why you want to test your cyber security. How to do test your security. Different types of test / engagement, and when to use them.Further reading:NCSC pentesting guidance:https://www.ncsc.gov.uk/guidance/penetration-testingCyber exercises:https://clearcutcyber.com/exe…

Episode 8 - VPNs - Virtual Private NetworksWe will cover - What is a VPN. Why you might want to use them. How they keep you secure on the internet. Privacy considerations. How to choose a good VPN.Further reading:NCSC guide to VPNs (excellent):https://www.ncsc.gov.uk/collection/end-user-device-security?curPage=/collection/end-user-device-security/e…

Episode 8 - DDOS and DOS (Denial of Service)We will cover - What is a DOS and DDOS. What is the difference. Why attackers might use them. How to protect against them. Further reading:NCSC blog on DOS:https://www.ncsc.gov.uk/collection/denial-service-dos-guidance-collectionWikipedia info on DDOS - includes history of and large attackshttps://en.wiki…

Episode 7 - Home Security Part 2 - IOTWe will cover - What is IOT (Internet of Things). What are these things? How can they be attacked /abused. What to think about when buying / using them. How to secure them.Further reading:UK Goverment advice:staysafeonline.org/stay-safe-onlin…g-home-network/www.cyberaware.gov.uk/NCSC blog on how to fix all the …

Episode 6 - Home Security Part 1We will cover - What is a router and why it is important, how to connect to it, what settings on it to change, how to protect it, and how to keep it up to date.Music byJahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/Further reading:UK Goverment advice:https://staysafeonline.org/sta…

Understanding Cyber - Episode 5 - Social EngineeringToday's show we explain what social engineering is, how it works, a small part of the science behind it, how to recognise when you are being social engineered, and how to protect yourself from it.Music byJahzzar and used under CC BY-SA 4.0 license: https://creativecommons.org/licenses/by-sa/4.0/Fu…

Episode 4 - Anti VirusWe will cover - What is Anti Virus, what does it protect from (more than just viruses). How does AV work - traditional and next generation. Why it is important to update your AV. Top Tips for using AV.Music byJahzzar and used under CC BY-SA 4.0 license: https://creativecommons.org/licenses/by-sa/4.0/Further reading:Different t…

Understanding Cyber - Episode 1 - What is Cyber?We introduce the show, define cyber and cyber security, and take a look at what will be covered in the podcast.Sorry the audio quality is echoey - we had this problem for episodes 1 and 3, all others should be much better quality.Music byJahzzar and used under CC BY-SA 4.0 license: https://creativecom…

Understanding Cyber - Episode 2 - PasswordsWhy passwords are important, how a password might be attacked, how to create a good password, how attackers capitalise on bad passwords, how to store passwords and finally how to add extra security with 2 Factor Authentication - 2FA.Music byJahzzar and used under CC BY-SA 4.0 license: https://creativecommo…

Episode 3 - How to hack We will cover - what is hacking, stages of hacking (gather info, get access, get to right place, do badness). Today is not how to protect yourself, because as we will see there are lots of different ways to attack, and therefore defend.Sorry, the audio quality is echoey - we had this problem for episodes 1 and 3, all others …