Info Risk Today Podcast

Contact-tracing apps are continuing to take shape around the world as the COVID-19 pandemic continues. Using privacy-by-design principles is critical to building trust in these apps, says privacy expert Ann Cavoukian.

Enterprises globally recognize the challenge of third-party cyber risk, but they still struggle with the risk management. Dave Stapleton of CyberGRX discusses the elements of a mature program, including the role of risk ratings.

Hospitals and other healthcare organizations can help prevent Medicare fraud by "having robust processes in place for employees to report fraud," says fraud mitigation expert Louis Rossignuolo, managing director of investigations at Altomonte Advisory Group.

The latest edition of the ISMG Security Report analyzes the unusual case against former Uber CSO, Joe Sullivan, who was charged in connection with allegedly covering up a data breach. Also featured: CISA director on election security; insights on preventing healthcare fraud.

Many of the business continuity steps taken during the COVID-19 pandemic should be considered when crafting broader disaster recovery plans, such as those used after a hurricane, two risk management and compliance experts say.

The latest edition of the ISMG Security Report analyzes why ransomware gangs continue to see bigger payoffs from their ransom-paying victims. Also featured: Lessons learned from Twitter hacking response; security flaw in Amazon's Alexa.

Criminals are devising ways to circumvent fraud-fighting measures that use artificial intelligence, says Avivah Litan, a vice president at Gartner Research, who discusses mitigation strategies.

The growing use of biometric technology is raising concerns about privacy as well as identity theft and fraud, says attorney Paul Hales, who reviews recent legal and legislative developments.

Implementing an adaptive, risk-based authentication process for remote system access is proving effective as more staff members work from home during the COVID-19 pandemic, says Ant Allan, a vice president and analyst at Gartner.

It's a myth that organizations with legacy systems cannot implement DevSecOps, says Md.Mahbubul Alam Rafel, head of information security at Prime Bank in Bangladesh.

With the surge in telehealth use during the COVID-19 pandemic, healthcare organizations must be prepared to deal with cloud security and privacy risks, says Jim Angle of Trinity Health, who is the author of a recent report from the Cloud Security Alliance.

The latest edition of the ISMG Security Report analyzes why Barclays is being investigated for allegedly spying on its employees. Also featured: How the pandemic is affecting CISOs; an FBI assessment of nation-state threats to U.S. election.

Fortinet's FortiGuard Labs is out with its latest Global Threat Landscape Report, and it tracks cyber adversaries exploiting the COVID-19 pandemic at a worldwide scale. The best response? A shift to proactive defense, says FortiGuard's Derek Manky, Chief, Security Insights & Global Threat Alliances.

Rep. Bill Foster, D-Ill., who has twice introduced a measure to pave the way for a national patient identifier, explains in an in-depth interview why he believes such an ID is essential.

The latest edition of the ISMG Security Report analyzes the hijacking of a virtual court hearing in the Twitter hacking case. Also featured: Why network segmentation is more important than ever; update on Windows print spooler vulnerability.

Too many companies that are implementing behavioral biometrics to combat fraud lack a complete understanding of how to make the most of the technology, says David Lacey, managing director at IDCARE, Australia and New Zealand's not-for-profit national identity and cyber support service.

Christopher Leone, assistant special agent in charge, United States Secret Service, offers advice to organizations on forging relationships with law enforcement as part of their cybersecurity incident preparedness plans.

The latest edition of the ISMG Security Report analyzes the hacking of Dave, a mobile banking app. Plus: Sizing up the impact of GDPR after two years of enforcement and an assessment of IIoT vulnerabilities.

Social media analytics tools can play a key role in mitigating the risk of brand impersonation fraud, says Barika Pace, senior director analyst at Gartner.

Data analytics can play a critical role in detecting payroll fraud, says Kelly Paxton, a fraud examiner and private investigator.

As ransomware and other cyberattacks on healthcare organizations surge, the potential risks to medical devices are growing, says Kelly Rozumalski, director of secure connected health initiatives at the consulting firm Booz Allen Hamilton, who discusses risk mitigation efforts.

The latest edition of the ISMG Security Report analyzes the hacking of high-profile Twitter accounts. Also featured: Addressing security when offices reopen; the role of personal protective equipment, or PPE, in money laundering during the pandemic.

COVID-19 contract-tracing applications that help monitor individuals' possible exposure to those who have tested positive for the virus present a variety of privacy issues that must be addressed, says regulatory attorney Nancy Perkins.

The latest edition of the ISMG Security Report analyzes the latest developments in banning Huawei technology from 5G networks. Also featured are discussions of how to respond better to cybercrime and whether we're on the cusp of a digital currency revolution.

Ramping up authentication as e-commerce continues to grow requires achieving a delicate balance of a frictionless, yet secure, consumer experience, says Robert Capps of NuData Security, a unit of Mastercard.

As cyberthreats facing healthcare organizations soar, medical device maker Becton, Dickinson and Co. has ramped up its process for coordinated disclosure of vulnerabilities to help identify, assess and communicate issues to regulators and industry stakeholders, says BD's Dana-Megan Rossi.

The latest edition of the ISMG Security Report analyzes the surge in the use of employee monitoring tools for the increasingly remote workforce. Also featured: Discussions about IoT security guidelines and CCPA compliance requirements.

The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.

In mere weeks, the healthcare industry was able to leapfrog ahead years in its digital transformation. But at a price to data security, which now faces new kinds of exposure. Zettaset CEO Tim Reilly discusses these vulnerabilities and the future of encryption in the healthcare sector.

With the COVID-19 pandemic continuing to surge, organizations must remain vigilant in their defense against coronavirus-themed phishing, business email compromise and other fraud campaigns, says attorney Robert Egan, who offers risk mitigation insights.

This edition of the ISMG Security Report analyzes whether IoT devices will outlive their security updates. Also featured: Why security spending needs to shift further upstream; could banks be custodians of identity?

Troy Leach of the PCI Security Standards Council discusses how the shift to card-not-present transactions during the COVID-19 pandemic has created new fraud-fighting challenges and offers an update on pending standards revisions.

Enterprises need to move away from manual threat detection methods to leverage artificial intelligence, which can help boost defenses, says Dr. Jassim Haji, president of Artificial Intelligence Society, Bahrain Chapter.

The latest edition of the ISMG Security Report discusses recent research on the cyberthreats in multicloud environments and how to mitigate them. Also featured: A ransomware risk management update; tips on disaster planning.

How do the recently identified "Ripple20" TCP/IP code flaws potentially impact medical devices? And what steps can healthcare organizations take to help mitigate the risks? Elad Luz of the security research firm CyberMDX, which helped study the vulnerabilities, offers an analysis.

If your organization gets hit by ransomware, what should happen next? Ideally, organizations will get help to identify the best response, says Kroll's Alan Brill. He notes that many organizations are now carrying cyber insurance coverage, in part, to gain rapid access to incident response tools and expertise.

As businesses reopen, they need to carefully consider the privacy, security and legal implications of collecting COVID-19 related information from customers, employees and other individuals, says privacy attorney Iliana Peters of the law firm Polsinelli.

When security teams apply agile methodologies, they are better able to deliver value and can more easily pivot and change plans, says Kevin Fielder, CISO of Just Eat, a British online food ordering and delivery service with operations in 13 countries.

The latest edition of the ISMG Security Report discusses Europol's launch of the European Financial and Economic Crime Center, and also details the London Met's perspective on recent cybercrime trends, and to need to maintain a paper audit trail for mobile voting.

As Roger Sels of BlackBerry assesses cybersecurity risk, he sees chaos - both cyber and endpoint chaos - as well as enterprises trying to defend automated attacks at human speed. It makes him ask: Isn't it time we rebooted our approach to cybersecurity risk prevention?

Payment fraud continues to evolve during the COVID-19 pandemic, exploiting changing habits and behaviors of consumers. Melissa Gaddis of TransUnion, who has been tracking these changes, says one of the surprising changes concerns millennials: They're now fraudsters' top target.

Perceived wisdom is that mobile voting will be open to significant opportunities for interception, manipulation and nation-state interference. Nimit Sawney, CEO of Voatz, describes the architecture of a secure mobile voting system.

Beyond mere information sharing, collective defense is a concept that aligns public and private sectors in a unified front against cyber threats. Bill Swearingen of IronNet Cybersecurity defines the concept and how it's being employed today.

For an upcoming virtual roundtable, Alex Laurie of ForgeRock discusses the importance of digital identity management, the need for organizations to quickly and accurately register people, comply with privacy regulations and define and manage the level of risk involved.

The latest edition of the ISMG Security Report sizes up progress made so far on identity management and the work yet to be done. Also featured: how security concerns are holding back IoT projects and the privacy issues raised by recording videoconferences.

It's not just the latest marketing buzz. Confidential computing is an actual initiative focused on helping to secure data in use. But what are the uses cases? In part two of a two-part podcast, Richard Curran of Intel leads an expert panel discussion on the practice of confidential computing.

Confidential computing is an emerging industry initiative focused on helping to secure data in use. But how does one separate hype from reality? In part one of a two-part podcast, Richard Curran of Intel leads an expert panel discussion on the concept of confidential computing.

API attacks are on the rise, and Gartner predicts that APIs will be the top threat vector by 2022. Roey Eliyahu, CEO of Salt Security, discusses the trend and how to build a more effective API security strategy.

Verizon's Data Breach Investigations Report 2020 highlights the leading causes of breaches last year, including credential theft, phishing, ransomware as well as issues linked to cloud implementations and web applications. In an interview, Verizon's Ashish Thapar offers an in-depth analysis.

A 15-year-old identity framework originally designed for narrow use by pharmaceutical companies is being revamped and updated for broader use in healthcare, says Kyle Neuman, managing director of SAFE Identity, an industry consortium and certification body that's coordinating the project.