In CyberVersed episode 45, we explore and explain the Cyber PATH programme. Mandy Haeburn-Little is joined by David Socha, Interim Head of Cyber PATH, Martin Wilson Head of Cyber & Innovation, North East Business Resilience Centre, and Sophie Powell, Talent Manager at Cyber PATH.

Martin kicks off the discussion with a summary of what Cyber PATH is and what it does: essentially, it helps micro, small, and medium-sized organisations (SMOs) understand how they might be attacked and how to avoid it, while providing real-world experience for students exploring careers in cyber.

Martin touches on the changes that have taken place since he started working on the programme, and their willingness and ability to adapt services to address the latest threats and trends.

David Socha explains why his experience in managing change and building teams perfectly suits his current role and why it is right for him to take an interim position to manage the structural changes underway to enable the programme to develop and grow. He also highlights that the primary focus of the changes is designed to create even better engagement with Academia, the CRC Network, students, and SMO businesses.

Martin explains the differences in the service since it began and how relationships among the various stakeholders have blossomed, enabling them to provide a better, more comprehensive range of services.

Asked about the most popular services, David points to Security Awareness Training, Microsoft 365 Service, and Internal Vulnerability Assessments as the three most prominent. Still, he notes that all services are helpful and popular with the SMO community.

Former Cyber PATH student and the 2023 Cyber Student of the Year, Sophie Powell, provides insight from a student perspective and explains how the programme helped her develop essential, valuable skills that she wouldn't necessarily have learned through her scheduled university coursework. Now, as the Talent Manager, she outlines her new role within Cyber PATH and her ambitions for the programme's future development.

Martin explains how service demand is changing and cites Microsoft 365 as an example of a popular emerging service, driven by the growing number of businesses using the tools as an integral part of their operations. He also highlights the power of clearly defined policies and the enormous benefits of having them adequately examined as part of the Policy Review service.

Martin also explains some of the hidden benefits of the programme, which he takes great pleasure in, namely how it helps develop the student's ability to communicate and articulate the findings to business owners or operators.

The podcast is a fascinating examination of the Cyber PATH programme, with three key personnel overseeing specific areas of delivery, yet all clearly sharing a passion for Cyber PATH and its success in developing students and supporting SMOs in building better cyber resilience.

In episode 44, Mandy Haeburn-Little is joined by Nick Bell, Police CyberAlarm Lead for NPCC National Cybercrime Team.

Nick Bell is an award-winning security leader and former Detective Superintendent with 30 years in policing. He is a former CEO of the National Cyber Resilience Centre Group, where he launched the CRC network, National Ambassador programme, and Cyber PATH to support SMEs and develop future cyber talent. Nick is experienced in leading investigations into cybercrime, digital forensics, fraud, and cryptocurrency, with a track record of building national programmes and partnerships. Nick was also named Outstanding Security Director of the Year 2023 at the Tackling Economic Crime Awards.

Nick and Mandy discuss his new role and his vision to achieve significant growth for Police CyberAlarm and for it to become a trusted brand in the digital space. During the discussion, Nick explains why it is essential to raise Police CyberAlarm's profile, which he hopes will be achieved by working with third-party organisations such as the National Ambassador companies to demonstrate and deliver exceptional value to businesses and policing.

During the podcast, Nick and Mandy explore what PoliceCyberAlarm is and why it is an essential tool for both businesses and policing. Police CyberAlarm is a free monitoring tool that Nick likens to CCTV for your business. It is an 'always on' monitoring tool installed on your external systems to track activity, such as attempted intrusions. Users receive a monthly activity report that is easily digestible, enabling them to take any required action to bolster their cyber resilience.

Simultaneously, law enforcement can build an accurate picture of the current and ever-changing threat landscape, enabling them to issue targeted alerts to specific businesses about threats that may affect them. So, businesses are not only protecting themselves, they are also helping to gather information and intelligence at scale by providing critical, real-time intelligence that provides law enforcement with relevant data to reduce cybercrime harm and improve national cyber resilience.

Nick also shares some helpful examples of how Police CyberAlarm has assisted a range of organisations, from those in the public sector to small businesses in the private sector.

Nick is clearly passionate about expanding the adoption of Police CyberAlarm throughout the UK, and is hopeful that he and his team will see real growth, especially with Managed Service Providers and public sector partnerships and with a simplified sign-up and installation process.

In episode 43, Mandy Haeburn-Little is joined by Joseph Boland-Scott, Security Product Marketing Lead at Microsoft, to discuss the topical issue of Deep Fakes.

In a light-hearted start to the conversation, Mandy opens by asking Joe how she can be sure that it really was him on the call. Joe responds by providing some great suggestions about how you can look out for specific audio or video cues to help spot fake audio and video.

Joe goes on to explain the difference between Deep Fake and AI-generated content; in general terms, he explains that AI content is created from scratch for legitimate purposes, whereas Deep Fake is more about image, video and voice manipulation and is more often than not used much more for malicious purposes.

Mandy and Joe then chat about the areas we are seeing Deep Fakes being used, to which Joe provides some of the more common examples, such as in the onboarding of new employees remotely, where the team has never met the new employee. In these helpdesk vulnerabilities, cybercriminals are posing as current employees looking to restore access to their devices.

Mandy then asks what you should do when you suspect something is not quite right. Joe outlines typical things to look for when you don't feel everything is 100% right. Primarily, question if the person you think you're speaking to would contact you on a particular channel, or would they make such a request at an unusual hour?

By way of encouragement, Joe points to the fact that people are generally much more aware of telephone scamming than they were a few years ago. So, he suggests, in the same way, people will get better at questioning the authenticity of audio and video content. However, he emphasises that awareness is only a small part of the solution; there is a need for much greater collaboration among tech, policy and education to combat the increasing criminal use of Deep Fake.

It is a fascinating insight into the world of Deep Fakes and how to identify and protect yourself against this growing threat.

Microsoft has many resources and guidance to help with cybersecurity awareness. You can explore these here.

Joe also refers to Microsoft's Digital Defence Report, which you can download here.