Phishing for Trouble from IO (ISMS.online)

What not to do in a disaster

39 min · 28 de ene de 2025
Portada del episodio What not to do in a disaster

Descripción

Back in May 2017, a cryptoworm virus made it into some Microsoft computing systems, locking away the data of global organisations and demanding a ransom. In panic some people paid up only to find their data never returned. The knock-on effect to health services, including hospitals, was dramatic. So what do you do if you’re faced with such a scenario? In this episode, David Holloway and Rebecca Harper talk about the right and wrong things to do in the face of a ransomware or other cyber attack. Plus they’re joined by the experts to look at how we can all plan better for the worst – so that when a data breach or cyber attack takes place, your business and your people are in the best position to recover quickly.  Leading infosec thinkers Ash Patel [https://www.ecipartners.com/our-team/ash-patel] of ECI Partners [https://www.ecipartners.com/] and Chloé Messdaghi, [https://www.chloemessdaghi.com/] founder of Sustain Cyber [https://sustaincyber.com/] and leader in responsible AI and cybersecurity, share their wisdom, as well as some hopeful advice for information security teams in the future. "Phishing for Trouble," is the cybersecurity podcast from ⁠ISMS.online⁠ [https://www.isms.online/] that demystifies compliance and informationsecurity in your business. To find out more about how ISMS.online [https://www.isms.online/] can help your business master information security compliance, visit our website for a self-guided tour. Love this podcast? Share it with your colleagues and help businesses like yours learn more and stay secureonline. #Informationsecuritypodcast #infosecpod #cyberattackcasestudies#cybersecuritypodcast#disastermitigationpodcast

Comentarios

0

Sé la primera persona en comentar

¡Regístrate ahora y únete a la comunidad de Phishing for Trouble from IO (ISMS.online)!

Empezar

2 meses por 1 €

Después 4,99 € / mes · Cancela cuando quieras.

  • Podcasts exclusivos
  • 20 horas de audiolibros / mes
  • Podcast gratuitos

Todos los episodios

20 episodios

Portada del episodio What the Regulators Want

What the Regulators Want

Today, regulators don’t just want compliance, they want accountability and resilience. In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore how the shift of expectations isn’t just about speed, it’s about demonstrable, baked-in compliance. Regulators are no longer passive; they’re proactive, prescriptive, and punitive. They’re joined by Paul Vane [https://jerseyoic.org/team/paul-vane-0], the Information Commissioner for the Jersey Office of the Information Commissioner, a man who has worked in privacy and data protection for over two decades and uniquely equipped to clarify how the relationship between company and regulator should work, and why sometimes it doesn’t. Hear what you should be planning for, months or years before a breach, how the mindset for crisis readiness needs to be a continuous process rather than a periodic exercise, and how themember of staff best equipped to cope, should the worst happen, often isn’t from the senior leadership team.   The ultimate ambition is to shift the culture from “responded well” to “being able to see it coming”. It’s no longer enough to simply recover in a crisis, the expectations are now to think about future risks and show some evidence of how you mitigated those dangers ahead of time. Find out more at ISMS.online [https://www.isms.online/]

2 de jul de 202619 min
Portada del episodio The Cost of Doing Nothing

The Cost of Doing Nothing

What does a cyber incident really cost a business? In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore the hidden commercial impact of weak security, poor compliance and delayed investment in resilience. They’re joined by Alan Hughes, Chief Operations Officer at Savenet Solutions, who has worked with organisations before, during and after major cyber incidents witnessing the long-term fallout that often never makes the headlines. Hear why the real damage doesn’t stop with the breach itself, from lost contracts and stalled growth to reputational harm thatcan take years to recover from. The episode explores why smaller businesses are increasingly being targeted, how supply chain requirements are reshapingcustomer expectations and why doing nothing can quickly become the most expensive decision a company makes. From ransomware attacks and failed security questionnaires to business continuity, tested backups and recovery planning, this episode looks at what separates the organisations that recover quickly from the ones left trying to rebuild. Find out more at ISMS.online [https://www.isms.online/]

25 de jun de 202622 min
Portada del episodio Scaling Securely: What High-Growth Firms Get Right

Scaling Securely: What High-Growth Firms Get Right

What happens when your business grows faster than its foundations can handle? In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore why the companies that scale successfully aren’t necessarily the ones that achieve compliance fastest. They’re the ones that build security, privacy and governance into the way they operate from the very beginning. They’re joined by cyber leader Purvi Kay, whose experience spans government, aerospace and FTSE 100 boardrooms and Andy Ellis [https://origin.csoandy.com/bio/] cybersecurity advisor, former Chief Security Officer at Akamai and author of 1% Leadership. Hear why “security debt” can quietly build as startups race to grow, why compliance should be treated as a product featureand how resilience becomes a competitive advantage as organisations scale. From secure-by-design principles and embedded security teams to risk appetite, customer trust and leadership accountability, this episode explores what high-growth firms get right and why resilience is about far more than passing an audit. Find out more at ISMS.online [https://www.isms.online/]

18 de jun de 202621 min
Portada del episodio You’re compliant, are you resilient?

You’re compliant, are you resilient?

What happens when a cyber attack doesn’t just disrupt your business, but stops it completely? In this episode of Phishing for Trouble, IO’s Rebecca Harper and David Holloway explore why resilience has become a defining business challenge fororganisations of every size. Using the Jaguar Land Rover cyber attack as a case study, alongside insights from cybersecurity expert Pierre Noel and Professor Ciaran Martin, founding CEO of the UK National Cyber Security Centre, they unpack the growing gap between compliance and genuine operational resilience. Hear why businesses are moving from prevention to preparedness, why supply chain resilience matters now more than ever, and why the organisations best placed to survive disruption are the ones building resilience into every part of their operations. Find out more at ISMS.online [https://www.isms.online/]

11 de jun de 202638 min
Portada del episodio Boardroom to Breakroom: Building a Culture of Compliance

Boardroom to Breakroom: Building a Culture of Compliance

Why do organisations still struggle to turn security policy into real-world behaviour?  In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore how regulations like NIS2 place direct accountability on senior leaders whilst, in many organisations, compliance still lives on paper and not in practice. They’re joined by Professor Steven Furnell [https://www.nottingham.ac.uk/computerscience/people/steven.furnell], Professor of Cyber Security at the University of Nottingham, an expert in the intersection of human, technological and organisationalaspects of cyber security and full of good advice on turning policy into real action.  Hear how having a policy isn’t the same as people understanding how it applies directly to them and their job,the importance of moving away from ‘tick box’ compliance and how, wrongly handled, security training and tests can feel punitive, rather than supportive.  Because if staff are using unapproved processes or shadow I.T. and A.I, it might actually be a clue to what resources the business is lacking and a cue to ask the questions that fillthe gaps compliantly. Find out more at ISMS.online [https://www.isms.online/]

4 de jun de 202626 min