New Episode of The Cyber Show: #055 | S6 | In The Chair | In The Air: Rob Demain

In this episode of The Cyber Show, cybersecurity expert Rob Demain discusses compliance issues in civil aviation and the consequences when things go wrong. Rob shares his unique journey from a degree in geography to founding his own cybersecurity company. The episode also addresses challenges related to complex supply chains and the risks associated with using poor-quality or dubious components.

Rob begins by explaining a recent incident at Heathrow Airport, where a compromised supplier led to disruptions in automated baggage handling and check-in systems. Although the incident caused delays, airports were able to manage the situation through manual processes, highlighting the importance of resilience and preparation. Rob compares this incident to other recent cyberattacks against well-known brands like Harrods, Co-op, M&S, and Jaguar Land Rover, emphasizing the importance of reverting to manual methods in case of technological failure.

One of the key points of the discussion is the increasing complexity of IT systems and the difficulty in ensuring their resilience. Rob emphasizes that companies need to focus on the speed of detecting and responding to attacks, rather than relying solely on regulations and compliance. He also criticizes the current trend of outsourcing critical parts of systems, which can lead to a loss of control and overall understanding.

The conversation also touches on the role of checklists in managing incidents, using the analogy of the aviation industry, where checklists are essential for safety. However, Rob warns against over-reliance on checklists, which can become blunt and incomplete instruments. He stresses the importance of initiative and autonomy for teams to effectively handle incidents.

Another important topic is the growing dependence on information technology and cloud-based systems, which can create single points of failure. Rob gives the example of single sign-on (SSO) systems, which, if they fail, can paralyze entire operations. He emphasizes the importance of maintaining manual processes and backup systems to ensure business continuity.

The discussion then turns to artificial intelligence (AI) and its impact on cybersecurity. Rob expresses concerns about the reliance on AI tools, particularly those based on the cloud, which may not be available in the event of a network outage. He warns against the blind adoption of AI without a thorough evaluation of risks and benefits.

Finally, Rob talks about his company, E2E Assure, which specializes in managed security services and the detection and response to cyberattacks. He emphasizes the importance of combining technology, people, and processes to provide effective security.

To learn more, listen to the full episode at http://cybershow.uk/episodes.php?id=55