19: Episode 18 - Cyber Security for Business
In this episode Prof. David Spicer is joined by University of Bradford alumna and Annual Management Lecture guest speaker Dr Andrea Cullen.
Andrea is CEO and Co-Founder of CAPSLOCK, an online education organisation focused on revolutionising the way people learn and work in cyber security.
She is a cyber security expert and entrepreneur with over 20 years of experience having taught and researched at the University of Bradford before leaving academia to take a role at KPMG and then founding CAPSLOCK.
Andrea returned to the University in November 2024 to deliver the annual management lecture, focusing on how businesses and individuals can navigate the cyber security threat landscape in the modern world.
Timestamps
Introduction to Cybersecurity (00:00:02)
David Spicer introduces the podcast and guest Dr. Andrew Cullen, discussing the importance of cybersecurity.
Defining Cybersecurity (00:00:51)
Dr. Cullen explains that cybersecurity involves technology, people, and processes to keep businesses safe.
Evolution of Cyber Threats (00:01:19)
The conversation shifts to the sophistication of cyber attacks over time, beyond simple scams.
Understanding Cyber Vulnerabilities (00:02:21)
Dr. Cullen highlights that vulnerabilities can arise from human mistakes, not just intentional attacks.
Types of Cyber Threats (00:03:57)
Discussion on various cyber threats, focusing on ransomware and phishing, and their implications for businesses.
Emerging Threats: Deepfakes (00:05:40)
Deepfakes as a new threat are discussed, emphasizing their potential for manipulation and deception.
Reputation and Trust Issues (00:06:05)
Dr. Cullen talks about the reputational damage caused by deepfakes and the difficulty in restoring trust.
Authenticating Information (00:07:07)
The importance of verifying sources to combat misinformation and deepfakes is emphasized.
Perception vs. Reality (00:08:01)
The influence of perception on behavior in cybersecurity contexts is explored, highlighting social engineering risks.
Cultural Aspects of Cybersecurity (00:09:31)
Creating a culture that encourages reporting mistakes without fear is crucial for improving security.
People, Process, and Technology (00:09:38)
The discussion shifts to the three pillars of cybersecurity, starting with the people aspect.
Process Design for Security (00:11:53)
Dr. Cullen explains the importance of designing secure processes to minimize human error in cybersecurity.
Learning from Cyber Incidents (00:12:58)
The necessity for businesses to learn from cyber incidents and improve their defenses is highlighted.
Technology in Cybersecurity (00:13:34)
Dr. Cullen discusses the importance of having the right technology and understanding its purpose.
Adopting a Resilience Mindset (00:14:22)
The concept of being prepared for attacks and having recovery plans is introduced.
Learning from Past Experiences (00:15:24)
The value of learning from past cyber incidents to enhance future resilience is emphasized.
Capslock's Mission (00:15:52)
Dr. Cullen shares that Capslock focuses on reskilling individuals for cybersecurity roles.
Practical Advice for SMEs (00:17:10)
Key recommendations for small businesses to build resilience and prepare for cyber threats are provided.
Resilience in Business (00:18:07)
Discussion on the importance of a resilient mindset for businesses in managing risks.
Risk Management Analogy (00:18:36)
Comparison of business risk to a ship's safety in harbor, emphasizing the need for engagement.
Management Hero (00:19:08)
Dr. Cullen shares his admiration for his wife and co-founder as his management hero.
Student Projects Initiative (00:20:29)
Information on student projects that assist businesses with management challenges at no cost.
Keywords
Responsible Management Podcast, University of Bradford, David Spicer, Dr. Andrew Cullen, cybersecurity, Capslock, cybersecurity reskilling, cyber threats, ransomware, phishing, deepfakes, cultural aspects of cybersecurity, resilient mindset, business security, information assets, human error, security breaches, cybersecurity training, processes, technology, auditing, incident response, small and medium-sized enterprises (SMEs), proactive cybersecurity, risk management, pessimistic planning, organizational culture, management hero, personal development, applied management projects, student collaboration, business engagement, cybersecurity landscape, security awareness.