Today we bring back one of our favorite guests: former US most-wanted cybercriminal Brett Johnson. It’s been seven years since he was last on the show, and much has happened in the world of cyber. Brett shares how his perspective has changed in the past few years, and gives his thoughts on how new technologies impact cyber crime. Steve and Brett discuss compliance and what Brett’s path from prison to helping law enforcement means for other cyber criminals. Brett also answers some rapid-fire questions.

Key Takeaways:

1. Increased ease of access to cybercrime tools and services, along with manpower problems in law enforcement, are key reasons for why cyber crime is one of the world’s largest economies today.
2. Enterprises must shift focus from trying to block every attack to protecting their crown jewels for when an attack inevitably gets through.
3.  Bad things happen because good people remain silent.

1. Why cybersecurity awareness training often fail (13:32)
2. If Brett’s path to redemption is still viable for today’s cyber criminals (16:57)
3. Some rapid-fire questions to Brett (21:35)

1. “Cybersecurity and security overall is not a romantic thing. It's not an exotic thing. It's simply doing the nuts and bolts of what you need to do. And the problem is that largely that's not happening in the environment. If you've got management that's more interested in butter than they are in guns, you've got those types of issues.” - Brett Johnson
2. “Cybersecurity awareness training or fraud prevention training, scam awareness, anything like that, we tend to educate at a very rational level. For scams and a lot of fraud and stuff like that, it doesn't happen at a rational level. If I'm trying to attack a person and compromise that person, I'm not doing it at a rational level. I'm doing it at an emotional level. I'm trying to get you to set reason and logic aside and to react emotionally. So all that training takes place at that rational level. You can understand it there. That doesn't mean that you understand it at the emotional level whatsoever.” - Brett Johnson
3. “Is it harder? In one respect it is because we now have people that are aware of how money is moved, what criminals seek to do with it. Banks have become more aware of a lot of the new ways to launder and funnel funds. In many ways, it's much harder, but at the same time, criminal networks have adapted to that difficulty.” - Brett Johnson

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve returns to Business Matters with Juliette Foster. The war continues to rage in Iran, and with it comes an increasing threat of cyber attacks. Steve shares his thoughts on what the conflict means for cyber investment in the private sector, British critical infrastructure, and the British government’s approach to cyber resilience. Steve and Juliette also discuss the UK Financial Minister’s Spring Statement, which didn’t include any references to cybersecurity. What does this omission signal? How will multinational companies react? Is cyber a macro economic issue? This, and more, in Steve’s latest appearance on Business Matters.

Key Takeaways:

1. Cyber is a macroeconomic issue, not just a technical one.
2. AI has changed the way that the threat landscape is evolving, but it's also brought benefits for cyber defence.
3. Governments have limited abilities to support the cyber resilience of the private sector; cooperation between large enterprises supports the whole business landscape.

1. If Steve thinks the UK Finance Minister’s spring statement will impact cyber investments (8:57)
2. The impact on UK businesses of slower economic growth in the UK (14:59)
3. The state of government cyber resilience in the UK (22:39)

1. “What you have to do is you have to look at your crown jewels and back to this minimum viable company notion that I mentioned right at the beginning of our chat. You have to understand what the most critical elements of your business are, and then you can track those through these complex supply chains. Those are the pieces you need to be protecting because that's what's gonna bring your business down or ensure that you can continue to operate.” - Steve Durbin
2. “The business climate in the UK at the moment is exceptionally tough, exceptionally demanding. I think if you look at some of the legislation that's recently come in particularly around hiring, retaining employees, the sheer cost of doing business has risen pretty much exponentially for most organizations, and that means that they have to make cuts somewhere. If they can't do it in terms of some of the core business, they will look to some of the fringe elements. So if you've got an organization that perhaps does not view cyber as being core to what they do, then that may well be somewhere where a cut is made.” - Steve Durbin
3. “I think we'll certainly see a maturing of the industry. It's a very young industry still in terms of the way that it's evolving and changing, and I think that with the benefit of a couple of years under our belt, then most organizations will have moved to a stronger position from a maturity standpoint, and I would hope certainly that we're talking very much more about resilience rather than protection.”

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s episode is a special one, recorded to announce an exciting and important new partnership between ISF and the organisation Prostate Cancer Research. Joining the show is PCR CEO Oliver Kemp, who for nearly a decade has worked to ensure fewer men suffer and die from prostate cancer. Steve and Oliver talk about how prostate cancer screening works and the importance of catching it early. The two also talk about the partnership and how it will help PCR’s efforts across the UK.

Key Takeaways:

1. Early detection saves lives. If you find prostate cancer before it has reached stage 3, the survival rate is 100%.
2. A cancer battle will affect people around you, but they will also be the people whom you can draw strength and support from.
3. Access to cancer screening varies between regions and demographics.

1. What PSA is and how testing for prostate cancer is done (5:28)
2. The new partnership between ISF and PCR (18:58)
3. How AI and new technologies can help in cancer detection (22:34)

1. “I think us men are not always the best at going and looking after ourselves and we often need to be nagged to go out and do something. But if you've got prostate cancer, it's gonna get you one way or another, and it'll gradually grow inside of you. And it's far better getting it early and having a relatively simple procedure, which you can now be in and out of hospital in a single day rather than late-stage prostate cancer, which will have very different consequences.” - Oliver Kemp
2. “I think one of the great things about this partnership is first of all, we're aiming at people who often don't get tested. And there are lots of PSA tests happening across this country, but they're often focused on regional areas. So southeast of England, London has lots of testing. It has lots of the best hospitals in the world, whereas other parts of the country don't have access to that.” - Oliver Kemp
3. “And for people in cybersecurity, it's about being as proactive about your own health as you are about protecting your organization. So it isn't about waiting for symptoms. I didn't have any. Look at PSA tests. We've said on this show it's a very low cost. And the people that I've come across who've certainly taken that step, and sadly there are more of us than people might think, all tell me the same thing. And as for partners, families, friends that are listening, don't underestimate the power of your encouragement just being there. That's really important. You don't have to do anything big. It's just a quiet conversation that could genuinely help.” - Steve Durbin

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.