Episode 8: What Network & Cloud Security Means in the AI Era

Episode 8: What Network & Cloud Security Means in the AI Era

For years, cyber security was built around a simple idea: protect the perimeter. But what happens when your applications live in the cloud, your data is spread across multiple platforms, and AI systems can access information, automate tasks, and make decisions on your behalf? In this episode, Lynn sits down with Keith Archer to explore how network and cloud security is evolving in the AI era, and why many of the security assumptions organisations have relied on for years no longer hold up. Because AI isn't just changing how businesses work. It's changing how cyber threats operate too. From agentic AI and prompt injection to shadow AI and tool hijacking, this conversation unpacks some of the newest risks emerging as organisations race to adopt AI-powered tools and platforms. Keith explains why traditional security controls often struggle to detect these threats, how attackers are beginning to weaponise AI, and why visibility has become one of the most important capabilities an organisation can have. The discussion also explores the growing challenge of shadow AI — where employees introduce AI tools without formal oversight — and the business impact of not knowing what systems, data, or applications those tools can access. Most importantly, this episode isn't about avoiding AI. It's about adopting it responsibly. Because organisations that balance innovation with governance will be far better positioned than those that either ignore AI altogether or deploy it without understanding the risks. A HIDDEN Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot?hsCtaAttrib=411057601767] helps organisations identify gaps across people, identities, data, recovery, devices, networks, cloud environments, and emerging AI usage; creating a clearer picture of where exposure actually exists. Key takeaways: * Why traditional security perimeters no longer exist * What agentic AI means in practical terms * The risks associated with prompt injection and AI manipulation * How shadow AI creates visibility and governance challenges * Why traditional security tools struggle with AI-driven threats * Where organisations should focus first to improve resilience in the AI era Chapters: 00:00 Introduction 01:12 Meet Keith Archer 02:59 The evolution from perimeter to cloud 05:20 Understanding agentic AI 07:11 Why traditional security tools are struggling 10:34 Jailbreaking and prompt injection explained 14:58 The rise of indirect prompt injection 16:19 The real business impact of AI threats 18:17 Shadow AI and the visibility challenge 19:58 When AI tools become attack paths 21:31 Where organisations are getting AI wrong 23:27 Immediate actions for security teams 25:49 Why human risk still matters 27:46 Keith’s wake-up call for business leaders 30:05 Conclusion

Episode 7: Who’s Watching the Phones and Laptops?

Your cyber security is only as strong as the devices connecting to your business. Laptops. Phones. Tablets. Personal devices. Corporate devices. They’ve never been more essential to how we work … and they’ve never been more attractive to attackers. In this episode, Lynn sits down with Callum Archer to explore why endpoints remain one of the most targeted attack surfaces in modern cyber security, and what organisations can do to improve visibility, detection, and response before a small compromise becomes a much bigger problem. Because attackers don’t need to break into every device. They just need one. This conversation unpacks why outdated software, inconsistent device standards, and alert fatigue continue to create opportunities for attackers, particularly in SMB environments where IT teams are often stretched thin. Callum also explains how endpoint security has evolved beyond traditional antivirus, why behaviour-based attacks are becoming more common, and how modern endpoint detection and response tools help organisations identify and contain threats faster. Most importantly, this episode explores the importance of speed. Because when a device is compromised, every second matters. The faster you can detect a threat, contain it, and respond, the less opportunity attackers have to move through your environment and cause damage. Our HIDDEN Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot?hsCtaAttrib=411057601767] helps organisations identify hidden gaps across devices, monitoring, policies, and response capabilities; creating a clearer picture of where endpoint risks actually exist. Key takeaways: * Why endpoints remain a primary target for attackers * The risks created by outdated devices and inconsistent standards * Why traditional antivirus is no longer enough on its own * How behaviour-based attacks are changing cyber security * The importance of detection, response, and threat containment * What good endpoint protection looks like today Chapters: 00:00 Introduction 01:09 Meet Callum Archer 02:08 Why devices remain a prime target 04:19 The unseen cost of vulnerabilities and alert fatigue 07:25 What happens after a device is compromised 09:00 Why antivirus alone isn't enough 10:51 The rise of malware-free attacks 13:10 How inconsistent device standards create risk 16:25 The non-negotiables of endpoint protection 17:39 Measuring your security maturity 19:47 Callum’s advice on what to do when a device is compromised 20:10 Conclusion

Episode 6: Why Backup Isn’t the Same as Recovery

“We have backups.”  It’s one of the most common phrases in cyber security conversations (and one of the most misunderstood).  Because having a backup doesn’t automatically mean your business can recover.  In this episode, Lynn sits down with Steve Hennessy to unpack the critical difference between backup, recovery, business continuity, and resilience, and why testing matters just as much as the backup itself.  When systems go down, the real question isn’t whether a copy of your data exists. It’s how quickly you can get your business operational again.  This conversation explores why untested backups create a false sense of security, how ransomware attackers increasingly target backup systems first, and why assumptions around recovery often fall apart during real-world incidents.  Steve also breaks down the concept of Recovery Time Objectives (RTOs), why downtime impacts every business differently, and how organisations should think about resilience beyond just data storage.  Most importantly, this episode reframes recovery planning as something proactive, not reactive. Because calm, structured decision-making during a crisis only happens when the planning, testing, and preparation have already happened beforehand.  From restore testing and disaster recovery planning to identifying single points of failure, this episode is all about understanding what happens after something goes wrong and whether your business is truly prepared for it.  A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify hidden gaps across backup strategy, resilience, recovery planning, and operational risk: creating a clearer picture of where vulnerabilities exist.  Key takeaways:  * Why backups and recovery are not the same thing   * The risks of relying on untested backups   * Why ransomware attackers target backup systems first   * What Recovery Time Objectives (RTOs) mean   * How business continuity planning improves resilience   * Why testing and preparation matter more than assumptions   Chapters:  00:00 Introduction  01:11 Meet Steve Hennessy  02:15 Why backups alone aren’t enough  05:33 The importance of restore testing  08:17 The danger of assuming recovery will work  10:15 Why attackers target backup systems  13:17 Understanding Recovery Time Objectives (RTOs)  14:41 What downtime really costs a business  10:15 Cyber security and backup systems  18:07 Backup vs recovery explained  19:35 Why business continuity planning matters  22:20 The non-negotiables for resilience  25:50 Steve’s advice on staying calm during a cyber crisis  27:02 Conclusion

Episode 5: Taking Control of Your Data

Your business data is constantly moving. Shared across Teams. Stored in cloud drives. Downloaded onto devices. Sent externally. Duplicated. Renamed. Forwarded. And in many SMBs, nobody has full visibility of where it all lives anymore. In this episode, Lynn sits down with Nisha Sondhi to unpack the growing challenges of data governance, oversharing, and data sprawl. They also discuss why controlling your data has become one of the biggest cyber security challenges facing modern businesses. Because data doesn’t usually become exposed through one dramatic event. It happens gradually. A file gets overshared. Access permissions are never reviewed. Sensitive information sits in the wrong place. A link gets sent externally. And over time, organisations lose track of what’s sensitive, who has access to it, and what’s happening to it. This conversation explores why data classification is often missing in SMB environments, how human behaviour quietly increases risk, and why “everyone has access to everything” creates far more problems than it solves. Nisha also breaks down the growing pressure coming from compliance requirements, insurers, and customers — who increasingly expect organisations to prove they understand where their data lives and how it’s protected. Most importantly, this episode reframes data governance as something practical, not overwhelming. Because good data security isn’t about locking everything down. It’s about balance, visibility, and putting the right controls around the data that matters most. A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify hidden gaps across data sharing, access, governance, and user behaviour: creating a clearer picture of where risk actually exists. Key takeaways: * Why data sprawl creates hidden security risks * The dangers of oversharing inside and outside the business * Why data classification is often missing in SMBs * How compliance and cyber insurance are reshaping data governance * What good data governance actually looks like in practice Chapters: 00:00 Introduction 01:10 Meet Nisha Sondhi 02:10 Why businesses lose track of their data 07:20 Why governance and compliance now matter more 09:05 The problem with unclassified data 12:31 How human behaviour increases data risk 19:20 What to do when sensitive data is exposed 24:04 Conclusion

Episode 4: Who Can Get into Your Business Right Now?

If someone stole a password in your business today, how much could they actually access? That’s the question at the centre of this episode. Lynn sits down with Anton Davies to unpack why identity has become the new perimeter in cyber security, and why attackers are increasingly targeting people, passwords, and access instead of trying to “hack” their way into systems. Because modern cyber attacks often don’t start with breaking in. They start with logging in. This episode explores how compromised identities can quietly open the door to sensitive systems, company data, and internal tools (often without anyone realising until it’s too late). From over-provisioned admin access to forgotten accounts and weak password habits, Anton breaks down the identity gaps that commonly exist inside SMB environments and why they’re so dangerous. The conversation also unpacks the practical side of identity security, including: * Why multi-factor authentication (MFA) should be non-negotiable * How conditional access helps reduce unnecessary risk * Why “too much access” can become a major problem * How small housekeeping habits can dramatically improve visibility and control Most importantly, this episode reframes identity security as something bigger than passwords. It’s about understanding who has access to what, when they should have it, and what happens if those accounts are compromised. Because if identity is now the front door to your business, you need to know exactly who can walk through it. A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify hidden gaps across identity, access, devices, and governance: creating a clearer picture of where exposure actually exists. Key takeaways: * Why identity is now the new perimeter in cyber security * How credential theft leads to larger breaches * The risks of excessive admin access and poor housekeeping * Why MFA and conditional access matter more than ever * How passphrases can strengthen password security Chapters: 0:00 Introduction 1:10 Meet Anton Davies 2:05 Identity as the new perimeter 3:11 Credential theft and its implications 6:21 Security gaps in identity management 7:41 Excessive privilege risks 10:44 Penetration testing explained 11:29 Lifecycle control in identity management 13:57 Non-negotiables for SMB identity security 18:37 Governance and ownership of identity 21:49 Anton’s quick win for password security 24:27 Conclusion