Info Risk Today Podcast

The prospects for passing a U.S. privacy law will improve under the Biden administration, predicts attorney Kirk Nahra, who offers a legislative outlook.

The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain security and operations center analysts.

The "remote workforce" of 2020 is gone. Now we're talking about the new, permanent "branch office" - and it comes with its own unique set of cybersecurity concerns, says Derek Manky of FortiGuard Labs. He discusses new social engineering trends and how to respond.

This edition of the ISMG Security Report features an analysis of the very latest information about the SolarWinds hack. Also featured are discussions of "zero trust" for the hybrid cloud environment and data privacy regulatory trends.

Based on cyber insurance claims they file, small and midsized vendors potentially pose substantial security risks, so their customers should make them a third-party risk management priority, says consultant Mark Johnson, a former healthcare CISO.

New regulatory provisions that allow healthcare systems to make donations of cybersecurity technology and services to physician practices could help greatly bolster security in the sector, says attorney Julie Kass of law firm Baker Donelson.

Facebook's relaunch and rebrand of its Libra digital payment initiative as Diem is seen by some as a shadow of its former self. Financial services commentator Chris Skinner explains why state governments and AML concerns are to blame.

As federal regulators intensify their focus on compliance with requirements to provide patients with access to their health information, healthcare organizations need to sort through a variety of emerging challenges, says health information management and privacy expert Rita Bowen.

The latest edition of the ISMG Security Report offers leadership lessons from Equifax CISO Jamil Farshchi and Mastercard's deputy CSO, Alissa "Dr. Jay" Abdullah. Also featured: An assessment of cybersecurity priorities for President-elect Joe Biden.

Identity management will be at the forefront of securing remote work in the coming year. Jason Bohrer, new leader of the Secure Technology Alliance and the U.S. Payments Forum, describes key initiatives as he steps into this role.

The growth in the use of telehealth during the COVID-19 crisis means that healthcare providers must carefully reassess and bolster the security of the connected devices, applications and systems used, says Kelly Rozumalski of the consultancy Booz Allen Hamilton.

In the year ahead, healthcare organizations must be prepared to face an assortment of advancing security threats, including those that damage the integrity of critical patient data, says Rod Piechowski of the Healthcare Information and Management Systems Society.

The COVID-19 pandemic has spotlighted an array of evolving patient privacy issues that legislators and regulators will need to address in the year ahead, say government policy experts Mari Savickis and Cassie Leonard of the College of Healthcare Information Management Executives.

This edition of the ISMG Security Report features insights from David Forscey, managing director at Aspen Cybersecurity Group, on improving supply chain security in the aftermath of the SolarWinds hack. Also featured: Black Hat Europe's key takeaways; keeping safe during the holidays.

In light of the SolarWinds supply chain breach and other security incidents, the United States has substantial work to do in building a resilient digital infrastructure, says David Forscey of the Aspen Cyber Group, who outlines a five-step road map.

The latest edition of the ISMG Security Report features an analysis of what we know so far about the impact of the SolarWinds supply chain hack and how to respond.

What critical factors should organizations consider before taking the step of paying extortionists a ransom in hopes of regaining access to systems or avoiding the release of data in the wake of a ransomware attack? Former FBI special agent Vincent D'Agostino provides guidance.

The latest edition of the ISMG Security Report features an analysis of why the FireEye breach is a wake-up call for the cybersecurity industry. Also featured: Monero cryptocurrency scams; key considerations for cloud security.

This edition of the ISMG Security Report features an analysis of a serious Apple iOS "zero-click exploit" that could have allowed hackers to remotely gain complete control of a device. Also featured: a discussion of identity proofing challenges and a review of New Zealand's updated Privacy Act.

The latest edition of the ISMG Security Report features an analysis of how cybercriminals are ditching banking Trojans in favor of ransomware attacks. Also featured: Defending against deep fakes; supporting a dispersed workforce.

What are the critical components of a strong enterprise cyber risk management program for healthcare entities? Bob Chaput, founder of security and privacy consulting firm Clearwater, outlines key factors in an interview about his new book on the topic.

Companies should establish clear policies for how employees can report signs of accounts payable fraud, says Peter Goldmann, president of FraudAware, which provides antifraud training.

This edition of the ISMG Security Report features a discussion with Christopher Krebs, the recently fired director of the Cybersecurity Infrastructure Security Agency, on his accomplishments at the agency. Also featured are updates on ransomware gangs recruiting affiliates and healthcare supply chain risks.

Organizations need to build security into their cloud environments to help thwart cyberthreats, says Tom Corn of VMware, who describes this "intrinsic security" approach.

With the escalation of cyberattacks on the healthcare sector during the COVID-19 pandemic, supply chain partners need to strengthen their security controls and defenses, say Vishwas Gadgil of pharmaceutical firm Merck and Ed Gaudet of the consultancy Censinet. They describe updated guidance on the subject.

"Better, cheaper, faster." These are the results that banking institutions can receive by shifting security to the cloud, says David Vergara of OneSpan. At a time when multi-channel fraud is surging and the customer experience is paramount, cloud needs serious consideration, he says.

The latest edition of the ISMG Security Report features an analysis of how President-elect Joe Biden is expected to renew international relationships needed in the fight against cyberattacks. Also featured: the pandemic's impact on cybercrime; analysis of Europol's annual cybercrime report.

Louis Marinos of the European Cybersecurity Agency offers an analysis of the agency's new Threat Landscape 2020 report, which shows how cybercriminals have been advancing their capabilities, adapting quickly and targeting victims.

The latest edition of the ISMG Security Report features an analysis of the EU General Data Protection Regulation fines that have finally been imposed on Marriott and BA over serious data breaches each suffered. Also featured: Regional digital fraud trends, and a look at the CISO role and its responsibilities.

Newly updated Food and Drug Administration guidelines will help experts to more accurately score and communicate the criticality of security vulnerabilities identified in medical devices, says Elad Luz, head of security research at CyberMDX.

The latest edition of the ISMG Security Report features a discussion with FBI Agent Elvis Chan on the cyber disruptions to expect immediately after the Nov. 3 U.S. election. Also featured: smart lock security flaws; cryptocurrency-funded crimes in 2021.

As the use of telehealth continues to surge during the COVID-19 crisis, healthcare entities and their vendors must take critical steps to keep patient data private and secure, says attorney Janine Anthony Bowen.

The latest edition of the ISMG Security Report analyzes the U.S. indictment against Russian hackers who were allegedly behind NotPetya. Also featured: A discussion of nation-state adversaries and how they operate; an update on Instagram privacy investigation.

The IRS Criminal Investigation Cyber Crimes Unit is waging a battle against the use of cryptocurrency for financing terrorists and other money-laundering activities. Agents Chris Janczewski and Jon Gebhart describe recent cryptocurrency-related takedowns.

Many healthcare organizations are failing to address shortcomings in security risk management for their supply chains, says former healthcare CIO David Finn, describing findings of a recent study assessing the state of cybersecurity in the sector.

The latest edition of the ISMG Security Report analyzes a new report that labels ransomware as the No. 1 cybercrime threat. Also featured: A former FBI agent offers an update on "disruptionware" attacks; how Tesla's autopilot is tricked by phantom images.

The latest edition of the ISMG Security Report analyzes why clothing retailer H&M was hit with a hefty fine for violating the EU's General Data Protection Rule. Also featured: The coming of age of digital identities; deputy CSO at Mastercard on top priorities for 2021.

In an exclusive interview, Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA, spells out critical steps healthcare organizations must take to safeguard patient information and ensure patient safety in light of the surge in ransomware and other hacking incidents.

Digital identity is coming of age as a way to enable COVID-19 contact tracing, crack down on payment fraud and much more, says Tony Craddock of the Emerging Payments Association.

The latest edition of the ISMG Security Report analyzes cybersecurity firm McAfee's plans to again become a publicly traded company. Also featured: 'Zero trust' strategic insights and an IoT security flaw saga.

As the compliance dates approach for the Department of Health and Human Services' information blocking and health IT interoperability final rules, organizations need to avoid potential pitfalls, says privacy attorney Adam Greene.

The latest edition of the ISMG Security Report features an analysis on why criminals continue to use darknet markets, despite the risks. Also featured: Hackers target Virgin Mobile KSA; coping with COVID-19 stress.

The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.

The latest edition of the ISMG Security Report analyzes how criminals keep finding new ways to make ransomware victims pay. Also featured: Preventing digital currency counterfeits; a proposed health data privacy framework.

The pandemic has accelerated the shift to e-commerce and raised new concerns about the use of paper money. Jim Cunha of the Federal Reserve Bank of Boston describes a collaborative research project with the Massachusetts Institute of Technology to determine the feasibility of a digital alternative.

The secure access service edge model, or SASE, treats identity as the new perimeter, says Lee Dolsen Singapore-based chief architect for Zscaler in the Asia Pacific region, who offers implementation insights.

The eHealth Initiative and the Center for Democracy and Technology are seeking feedback on their draft privacy framework that addresses gaps in legal protections for consumer health data falling outside of HIPAA's regulatory umbrella, says eHI CEO Jennifer Covich Bordenick.

Recent hacking incidents, including one targeting Twitter, are raising awareness of the importance of privileged access management, says David Boda, group head of information security for Camelot Group, operator of the U.K. National Lottery. He describes PAM best practices.

What privacy and security issues are raised by patients using smartphone apps to access health records? Attorney Helen Oscislawski and security expert Jarrett Kolthoff offer an analysis.

The latest edition of the ISMG Security Report features a discusssion with Equifax CISO, Jamil Farshchi, on the lessons learned from the credit reporting firm's massive data breach three years ago. Also featured: Australians' driver's licenses leaked; privileged access management tips.