Cyber Security Agony Uncles

😰 SOC Analyst Misses Ransomware Alert — Should They Come Clean? - Cyber Security Agony Uncles

Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation or need any advice related to cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:"I made a mistake that I'm still losing sleep over. We got an alert that looked like routine noise, a similar pattern to false positives we'd been seeing all week from a dodgy update. I triaged it as low priority and moved on to the mountain of other tickets in the queue. Turns out, it wasn't noise. It was the early stage of a ransomware attack. Luckily, our endpoint protection caught it before it spread too far, and we contained it within a few hours. No data loss, no ransom paid, minimal disruption. Management have been great about it. They said everyone makes mistakes, praised the team for the quick response, and moved on. But here's my problem: I haven't told anyone the full truth. In my incident report, I said I "initially assessed it as lower priority given the alert volume" but I didn't say I completely dismissed it. I didn't mention that I didn't even do the basic checks I should have. My team lead thinks I just deprioritised it slightly, not that I basically ignored it. Everyone's moved on, but I feel like a fraud. Do I come clean now and risk looking worse for the cover-up, or do I just learn from this privately and be better going forward? I'm terrified that if I'm honest now, I'll lose my job or destroy the trust I've built. But I also can't shake the feeling that I'm not the person my colleagues think I am."Don't forget to like and subscribe to our podcast to be ready and waiting for the next episode.#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec

Online Safety Act: Can the Government Really Protect Your Kids Online? - Cyber Security Agony Uncles | th4ts3cur1ty.company

In this episode of Cyber Security Agony Uncles, Uncle Rich and Uncle Ross (stepping in for Uncle Stephen) dive into the UK's Online Safety Act, a law designed to protect children on the internet. But how effective is it really? And more importantly: Would you trust government officials to morally safeguard your child’s digital life? Rich and Ross explore: What the Online Safety Act actually covers: 🔍The tension between child safety and digital freedom ⚖️Whether government regulators are equipped, ethically and technically, to manage online safety. The broader impact on encryption, censorship, and platform liability. Is this a genuine step toward a safer internet, or just another overreach in the name of “protection”? 🎧 Tune in and save our podcast for monthly insights into the world of cyber. #OnlineSafetyAct [https://www.youtube.com/hashtag/onlinesafetyact] #CyberSecurityPodcast [https://www.youtube.com/hashtag/cybersecuritypodcast] #ChildOnlineSafety [https://www.youtube.com/hashtag/childonlinesafety] #DigitalRights [https://www.youtube.com/hashtag/digitalrights] #OnlineFreedom [https://www.youtube.com/hashtag/onlinefreedom] #UKLaw [https://www.youtube.com/hashtag/uklaw] #CyberLaw [https://www.youtube.com/hashtag/cyberlaw]

How to Choose the Right Security Services for Your Startup - Cyber Security Agony Uncles

Our monthly cyber security podcast, with experts Rich Benfield and Ross Eastman. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is: We are getting closer to launching our product, and as a startup without a dedicated security team, it's tough to know which external security services or consultancies we should actually invest in before going live. From your experience, how do you figure out what's really worth doing at that stage? And how do you tell the difference between good vendors and the ones just selling buzzwords, of which there are plenty? Don't forget to like and subscribe the our channel and ring the bell to be ready for our next episode. #cybernews [https://www.youtube.com/hashtag/cybernews] #cybersecurity [https://www.youtube.com/hashtag/cybersecurity] #CyberSecurity [https://www.youtube.com/hashtag/cybersecurity] #cybersecurities [https://www.youtube.com/hashtag/cybersecurities] #infosec [https://www.youtube.com/hashtag/infosec]

Offshore SOCs and AI: What could possibly go wrong? - Cyber Security Agony Uncles

In this month's episode, have a listen to our experts, Stephen and Rich, as they work through a really interesting listener's question: I work at a large company with a substantial Security Operations Centre (SOC). Recently, there's been a lot of talk about moving the SOC offshore and replacing our Level 1 SOC roles with AI. Management is saying this is a good thing for the company, but I’m seriously concerned. Although my role isn’t directly affected, I work closely with the SOC, and I can already see the problems coming. I’ve voiced my opinion that the quality of service will decline significantly, and for saying that, someone actually called me racist. For the record, I’ve worked with outsourced teams in India before. They were professional and capable, but there were real issues with understanding our internal processes and cultural nuances. They often took instructions literally, which created delays and confusion. I understand that cost savings are important and that the "bottom line" is a major factor here. But I genuinely believe that this move could backfire and ultimately hurt the company, including the bottom line they’re so focused on. Am I overreacting, or is this a disaster in the making?

Retail Cyber Held Together with Duct Tape and String! - Cyber Security Agony Uncles | th4ts3cur1ty.company

Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:I work for a decent-sized retail company. We have a few hundred stores selling all sorts of products. I am fairly senior in the cyber security team, and I'm absolutely petrified by the attacks on M&S, Coop and Harrods. I'm genuinely concerned that we could be next. The thing is, security is the one area where the board have been underinvesting for years, and whilst we have nice shiny shops on the high street, the rest of our operations are held together by duct tape and string. I've been screaming into the void about our lack of tools, processes and manpower on the security front for nearly a year, nothing's improved. Now that we're at dire risk of a cyber attack, how do I tell the business that it's now or never in terms of getting secure?Email us info@th4ts3cur1ty.company if you have any questions that you would like to be answered anonymously.#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec