A five-question interview on current topics in cybersecurity. One question may even surprise you. Raj Samani is an active member of the information security industry, through involvement with numerous initiatives to improve the awareness and application of security in business and society. He is currently working as the vice president, chief technical officer for McAfee EMEA, having previously worked as the Chief Information Security Officer for a large public sector organization in the UK and inducted into the Infosecurity Europe Hall of Fame (2012).He has previously worked across numerous public sector organizations, in many cyber security and research orientated working groups in Europe. He is also the Syngress books ‘Applied Cyber Security and the Smart Grid’, “CSA Guide to Cloud Computing”, and technical editor “Industrial Network Security (vol2)” and “Cyber Security for decision makers”. In addition, Raj is currently the Cloud Security Alliance’s Chief Innovation Officer and Special Adviser for the European CyberCrime Centre. We recently sat down for a quick chat on the state of cybersecurity. What does the average week look like for you? The only thing consistent about my week is the lack of consistency! Although in general the intent is to dedicate some time toward proactive measures. I am sure I can speak for everyone reading this, but we can spend all week simply responding to emails, so I do try to put some time aside for things outside of email response!Name the top three cybersecurity risks that keep you awake at night? Do you remember the film adaptation of H.G. Wells’ book War of Worlds? The precursor to the invasion were blackouts across the Ukraine. Well not wishing to tempt fate, but…In all seriousness though, we do have to tread cautiously with regards to drawing conclusions however the one thing that is very apparent is that we are witnessing greater connectivity than ever before. Furthermore, disruption of these systems can and do have a dramatic impact on society. I have said this many times before but the future cloud will be keeping our water clean, and lights on.Ensuring that we are as an industry focused and engaged with protecting these systems is our single biggest challenge. I don’t feel that we can stay in a self-serving industry looking to score points of one another. This is imperative, because in a few years we will be hurtling down the highway in self-driving cars, and the risk of not being engaged with the broader business does not bear thinking about.How do you measure success and failure in an information security management program?Ironically, a true measure of success is more work! This happened to me once before. We were looking to drive awareness when I was a CISO. The net result was more people were reporting security incidents because they knew what to look for and where to go. More broadly, I feel that success from a subjective perspective is greater engagement with the business. We all are fully aware that security is something that the entire business assumes responsibility for (or at least should). Working in tandem with information asset owners to me is the measure of success.How would you fix the human firewall?Well you cannot. We each have subconscious levers that can be used to influence. These are what criminals use within modern spear phishing emails, and is intended to tap into our subconscious to influence our behaviors. What I find remarkable is that these tricks are being used within emails bombarding our inboxes; in fact it’s not just email, they are coming in via multiple channels. I wrote a paper about this called hacking the human OS, but it was intended to get us to move away from simply blaming users for clicking onto links, and ask the questions about making a change away from using solely awareness as the default answer. There are multiple answers to this, and they involve using technology (e.g. voice stress analyzers), Process (communicating to the employees where to report suspicious requests for data) to people (tiger testing for example).We will never fix the issue, but the risk can certainly be reduced.A question you yourself would like to be asked… What fills you with hope about the future of technology? We have pockets of collaboration. Whether that is law enforcement/private industry or indeed exchanges of data between private sector. It’s a little later than the criminals have done, but in the past two years more progress has been made than ever before.Our biggest challenge however is before us. Getting the basic foundation of security and privacy integrated into the new wave of devices we will all use. Related content news DDoS attacks are increasingly targeting critical infrastructure An upswing in hacktivist activity is behind the big rise in attacks aiming to saturate and overwhelm the resources of governments, utilities, and financial services, a report from Netscout reveals. By Lucian Constantin 03 Oct 2024 7 mins DDoS Hacker Groups Cyberattacks news Cloudflare reports thwarting largest-ever DDoS attack The scale of the attack shows an ever-increasing amplification of distributed denial-of-service attempts, aided in part by the growing number of vulnerable or poorly secured IoT devices. By Lucian Constantin 02 Oct 2024 5 mins DDoS Cyberattacks Internet Security news Tor browser, Tails OS merge to offer users improved security and privacy Platforms hope by combining, their reach can be expanded, and that the merger ‘will strengthen both organizations' ability to protect people worldwide from surveillance and censorship’. By Howard Solomon 30 Sep 2024 4 mins Browser Security Internet Security Privacy news analysis TLS security subverted due to CA use of outdated WHOIS servers Registering the domain of .mobi’s former WHOIS server for $20, researchers discovered that Certificate Authorities could be tricked into running domain validation through rogue email addresses, thereby breaking the TLS chain of trust. By Lucian Constantin 11 Sep 2024 11 mins Internet Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe