In episode 43, Mandy Haeburn-Little is joined by Joseph Boland-Scott, Security Product Marketing Lead at Microsoft, to discuss the topical issue of Deep Fakes.

In a light-hearted start to the conversation, Mandy opens by asking Joe how she can be sure that it really was him on the call. Joe responds by providing some great suggestions about how you can look out for specific audio or video cues to help spot fake audio and video.

Joe goes on to explain the difference between Deep Fake and AI-generated content; in general terms, he explains that AI content is created from scratch for legitimate purposes, whereas Deep Fake is more about image, video and voice manipulation and is more often than not used much more for malicious purposes.

Mandy and Joe then chat about the areas we are seeing Deep Fakes being used, to which Joe provides some of the more common examples, such as in the onboarding of new employees remotely, where the team has never met the new employee. In these helpdesk vulnerabilities, cybercriminals are posing as current employees looking to restore access to their devices.

Mandy then asks what you should do when you suspect something is not quite right. Joe outlines typical things to look for when you don't feel everything is 100% right. Primarily, question if the person you think you're speaking to would contact you on a particular channel, or would they make such a request at an unusual hour?

By way of encouragement, Joe points to the fact that people are generally much more aware of telephone scamming than they were a few years ago. So, he suggests, in the same way, people will get better at questioning the authenticity of audio and video content. However, he emphasises that awareness is only a small part of the solution; there is a need for much greater collaboration among tech, policy and education to combat the increasing criminal use of Deep Fake.

It is a fascinating insight into the world of Deep Fakes and how to identify and protect yourself against this growing threat.

Microsoft has many resources and guidance to help with cybersecurity awareness. You can explore these here.

Joe also refers to Microsoft's Digital Defence Report, which you can download here.

In episode 42, Mandy Haeburn-Little is joined by Gordon Adam, Manager, Cyber Threat Intelligence Partnerships at Mastercard.

Gordon begins by explaining his role and how his department serves as the first port of call for incidents of cybercrime or fraud. He describes how they operate proactively by analysing the threat landscape and reactively responding to incidents and emerging threats.

Mandy is also keen to understand why Mastercard has earned a reputation for being approachable, particularly for SMEs. Gordon then highlights how 'doing the right thing' is a fundamental part of the company's culture; they are keen to make business owners feel secure, and that's why they provide resources such as the GCA Toolkit and Mastercard Trust Centre. For Mastercard, it's about sharing their wealth of knowledge, especially with the SME community. He also explains how they invest time and effort in creating the right messaging when it comes to cyber; Mastercard break it down to make it interesting and simple for those not familiar with cyber. Fundamentally, they are keen to promote the idea that every step an SME takes will improve its resilience.

Gordon also outlines some of the red flags that SMEs should look for, such as unexpected logins, suspicious emails, and tech update prompts. His advice is to start with employee training to build an understanding of the threats and how to prepare for them.

The two discuss why it's essential that businesses feel safe when adopting new technology; otherwise, it can stifle innovation and growth. It is in everyone's interest that businesses thrive, so by providing free support and guidance, Mastercard is helping them become more resilient and confident when adopting an inclusive attitude to new technology.

Gordon offers advice on where to start, reiterating that it's about the basics, including visiting the Mastercard Trust Centre, exploring the GCA Toolkit, and the Cyber Readiness Programme. He also emphasises it's all about preparedness and recommends the GCA Toolkit as an accessible and free resource with actionable guidance to reduce cyber risk.

In conclusion, Mandy asks Gordon how he feels about the industry, to which he responds that it is worse in terms of the volume of attacks. However, he also points out that we are much better prepared than we were in the past. The knowledge of how to mitigate and respond, as well as our capabilities in defence, is significantly greater than it was a few years ago.

His final comments are sound advice, stating that preparation is the best defence. Take the time now to accept advice and have a response in mind, rather than panicking when something goes wrong.

In episode 41, Mandy Haeburn-Little is joined by Justene Ewing, Vice President, Health, Care and Life Sciences for UK & Australia at CGI.

It is a fascinating conversation that explores the role technology plays in healthcare and the associated risks as we adopt digital solutions to improve services and productivity.

Justene outlines some of what we already know about the Government's 10-year healthcare plan; primarily that the following three essential elements will be the main focus:

1. Helping people to stay in their home environment
2. The role that data will play in helping the NHS workforce and the patients, and the family's relationship with their data
3. Prevention before cure

Justene explains why digital and data is the 'Golden Thread' running through all three, and why it is increasingly vital to help cope with the demands and pressure on the NHS, which is set to increase significantly in the coming years.

Justene highlights that while digital can improve productivity, she warns that the more we rely on and introduce digital solutions, the greater the risks become. She also believes that while it is getting better, there are still misconceptions around the board table about the scale of the risk, and perhaps even whose 'headache' it is! But, she also acknowledges there's no easy solution because budgets, resources, and capabilities are all very challenging.

On the fascinating topic of AI, Justene touches on the misuse of tools like ChatGPT, which is caused purely by a lack of understanding of the risk and where the data is shared. She advises that while they are great tools that will save time, the risk must be adequately managed.

Justene cites some good examples of how AI is being used to make a difference in healthcare in areas like screening and bed management. These are excellent examples of how AI has been developed with a purpose, rather than innovation for innovation's sake. Her main point around the increasing adoption of AI solutions is that we must ensure there is complete transparency so that we have total confidence in data and that there will always be humans in the loop.

It is a fascinating conversation and insight into the adoption of technology in the health sector and why we must ensure the data is safe in order to prevent the disruption and threat to critical care at all times.

Episode 40 is a short podcast recorded when Mandy Haeburn-Little caught up with Richard Meeus, Director of Security Technology and Strategy EMEA at Akamai, and Paul Croker, UK & I Executive Committee Member at GTIA (Global Technology Industry Association. Both attended Infosec (Infosecurity Europe 2025) from 2nd - 4th June and were kind enough to join Mandy for a quick chat about the conference.

Richard and Paul provide a brief overview of their experience over the three days at ExCel London and what they took away from the conference. Both also discuss the value of being NCRCG National Ambassadors and how much they are enjoying the engagement and collaboration with fellow National Ambassadors.

In episode 39, Mandy Haeburn-Little is joined by three members of the Microsoft team: Marc Carney, Director, Security Solutions Group; Gabriela Gradden, EMEA Security Sales Director; and Joseph Boland-Scott, Security Product Manager.

The team began by reflecting on a transformative period for the cyber security landscape, with an increase in ransomware and much more targeted attacks, impacting critical infrastructure and supply chains with the use of sophisticated AI-driven resources.

Mark highlights that Zero Trust frameworks are anticipated to become standard practice which will drive innovation in identity management and authentication solutions, helping to streamline and enable robust capabilities to identify users.

Gabriela talks about Microsoft's mission statement, 'Empowering every person and organisation on the planet to achieve more'. She explains how it is more than words and how it actually shapes everything the company does. As an example, she cites the Secure Future Initiative, which was brought about because of the Midnight Visit attack on Microsoft and how this multi-year commitment to how they design, build, test and operate their technology for everyone, starting with Microsoft's 100,000 employees, all of whom are tasked with putting security first.

Joe points out that as one of the most attacked entities in the world, Microsoft has the challenge of dealing with this and the unique opportunity to learn from these attacks as the threat landscape evolves.

He emphasises that password-related attacks increased tenfold in 2024, highlighting the continued importance of identity protection like multi-factor authentication. He also talks about a need for a change in attitude whereby security is not simply one of the focuses; it must become the central focus for all businesses.

Mark states that Microsoft's security posture is stronger and more advanced than it's ever been but warns that the threat environment hasn't stood still. Attackers are more sophisticated and have better resources, especially with the use of AI and automation. So even though Microsoft has up its game, the threats have matched the pace. So it's about continuous investment and improving their capabilities and resources, which they are committed to doing in the UK.

Gabriela also touches on the repivoting of attackers; so, as we become more able to deal with sophisticated AI-based attacks, criminals are going back to basics; human, phishing and identity-based attacks are rising, so it is more important than ever to get the basics right and make sure your people trained and are able to identify these threats.

The team also talk about the persistence of attackers and how they are prepared to stay hidden in an organisation's systems, sometimes for years. He quotes some valuable examples that clearly demonstrate the ongoing need to get the basics right. Patching, training vulnerability management etc. must be priorities.

AI is, of course, a hot topic, and Mandy explores what AI means to the business community. Mark explains the enormous benefits and opportunities offered by AI not only in improving efficiency, productivity and processes but also in the detection of security threats.

They also talk about products like Microsoft Security Copilot that protects organisations at the speed and scale with a generative AI-powered assistant for daily operations in security and IT.

In a broad-ranging conversation, Mandy and the Microsoft team also cover topics like Microsoft's approach to the democratisation of knowledge, carbon emissions from data centres, and how they decide on areas of focus. Deepfake is also discussed, and how it is becoming much more common and one of the top threats to businesses.

In episode 38, Mandy Haeburn-Little is joined by two members of the Logistics UK team, the first company from the transport sector to join the National Cyber Resilience Centre Group as National Ambassadors; they are Nigel Smart, Director of IT & Development and Natalie Chapman, Head of Public Affairs.

Nigel begins the conversation by highlighting that while Logistics UK is a membership organisation, it prefers to be known as a business group. In fact, they are the only business group in the UK that represents all logistics, from road, rail, sea, and air, to the buyers of freight. Logistics UK is about representing its members by campaigning governments, ensuring their compliance, training and providing a media presence; its mission is to continue to be in the top three business groups that people turn to for advice in the logistics sector.

Natalie then explains in more detail her department's role and how they work closely with the UK and the devolved nations' governments, MPs, backbenchers and policymakers to influence political decisions. Their lobbying and advice are all evidence-based, which is why Logistics UK is heavily involved in research and reporting. But it's not just about gathering the evidence; they work hard to present the information in the correct formats for the target audience, be it politicians, media or the general public. It's about highlighting how logistics plays a critical role in underpinning the UK economy.

Mandy and Natalie go on to chat about a few of the big issues impacting the sector, such as the UK's ranking on the Logistics Productivity Index and how that has slipped 15 places since 2013 to a current global position of 19th. Also, how they are identifying investment priorities to ensure critical infrastructure is fit for purpose to help minimise congestion and delays. Natalie also talks about their work in decarbonisation and how they are leading the discussion on how we achieve net zero and what they are doing to assist with the skills shortage in the sector with initiatives such as Generation Logistics.

Nigel explains why cyber is high on the agenda at Logistics UK and notes that awareness of the threats and the general interest in cyber has noticeably increased throughout the organisation in the last year, and how they intend to pass on this knowledge to their members in the future.

Nigel also expresses the reasons why Logistics UK was keen to become a National Ambassador and how he is particularly looking forward to working with like-minded people and benefiting from the mutual learning opportunities of being involved with fellow National Ambassador companies.

In episode 37, Mandy Haeburn-Little is joined by two members of the team at Akamai, the newest member of our National Cyber Resilience Centre Group National Ambassadors. Mandy chats with Richard Meeus,

Director of Security Technology and Strategy EMEA, and Matt Payne, Regional Director, EMEA Financial Services Industry and Public Sector at Akamai Technologies.

The conversation starts with a brief background about the origins of the company and its name, explaining how a water cooler moment at the Massachusetts Institute of Technology (MIT) back in 1998 led to what is now Akamai, an engineering-led organisation with a platform specifically designed to provide scale and resilience.

The team provided interesting examples of how notable events, such as the release of the original Star Wars trailer, were a test and validation of the platform's design and ability to deal with large volumes of traffic.

Richard and Matt also explain the three main verticals of the business, which are Delivery (of content), Security, and Cloud. However, they are quick to highlight that it's Akamai's ability to bring all of these elements together that makes it unique and provides a platform where the whole is greater than the sum of the parts.

The two also talk about the importance of their Security Operations Centre, which provides customers with direct access to over 250 experienced and competent engineers. They also explain the value of their State of the Internet Report (SOTI Report), which gathers data firsthand from the information Akamai sees daily, providing a view of what's evolving and what's changing in terms of threats.

During the engaging conversation, Mandy asks Richard and Matt if we are getting better at dealing with ransomware attacks and about the impact of AI on cybercrime; both provide insightful and thought-provoking answers to all of the questions in what is a most interesting and open conversation.

In episode 36, Mandy Haeburn-Little chats with two of the team at Nationwide Building Society, a valued member of our portfolio of National Cyber Resilience Centre Group National Ambassadors. Rachel Vigor, Business Services, Governance, Risk & Controls Director and Sharon Gould, Supplier Security Manager, Business Services GRC, join Mandy on this episode.

The conversation opens with Rachel providing a snapshot of Nationwide's history and what it stands for. She outlines what it means to be a Mutual and why being owned by its members enables Nationwide to operate with genuine social and community purpose. So, rather than paying shareholders, they are able to spend their money building a safe and secure organisation, giving back to local communities, offering competitive rates, and sharing it with their members.

Rachel and Sharon talk about the company's approach to risk, outlining why it is important and how it encourages open, honest and transparent conversations that not only maintain operations and keep members safe but can also identify opportunities.

Speaking specifically about risk in relation to the supply chain, they highlight how they are leveraging new technology to establish risk profiles and enhance technical controls. Again, they are keen to emphasise that working with suppliers, particularly around SMEs and cyber security, is an extremely collaborative approach, with clear communications about their expectations while being realistic about the resources available to smaller organisations.

They also talk about their current dual-branded NCRCG/Nationwide supply chain campaign to encourage SMEs to join their local Cyber Resilience Centre. In addition, they explain why they are working closely with IASME to promote and endorse Cyber Essentials and Cyber Essentials Plus.

Finally, Rachel is asked the burning question about Nationwide's acquisition of Virgin Money. She explains that it's early days, but reassures listeners that they'll use the experience of over 250 previous acquisitions to proceed with care as they integrate the two dynamic brands!