Info Risk Today Podcast

In cybersecurity circles, multi-factor authentication today is considered table stakes. Yet, many organizations and users are hesitant to embrace MFA because of friction or other concerns. Corey Nachreiner and Marc Laliberte of WatchGuard Technologies dispel some of the MFA myths.

As enterprises increasingly enter the evolving multi-cloud environment, how should they re-think their approach to network detection and response? Ryan Davis of ExtraHop shares insight on how to navigate this new landscape.

The latest edition of the ISMG Security Report offers an analysis of cybersecurity and privacy issues raised by COVID-19 research efforts. Also featured: the latest ransomware trends and an investor's take on hot cybersecurity sectors.

A cloud computing security model needs to be customized to fit how the cloud provider serves its clients, says privacy attorney Adam Greene.

Among the many cybersecurity and privacy risks involving the fast evolving global coronavirus outbreak are potential concerns related to the technology assessments during trial or vaccine research, says cyber risk management in global digital health expert Stanley Mierzwa of Kean University in Union, New Jersey.

Federal government agencies face unique cybersecurity risks, and as a result they often place tight restrictions on mobile devices in the workplace. Michael Campbell of Privoro says it's time to loosen these restrictions because they are negatively impacting missions, recruitment and retention.

How can the use of "smart contracts" based on distributed ledger technology help improve the overall security picture for healthcare system supply chains? Mitch Parker, CISO of Indiana University Health, explains.

The latest edition of the ISMG Security Report discusses the developing definition of "Insider Risk." Plus, Former DHS Secretary Michael Chertoff on U.S. 5G rollout plans; Cloud Security Alliance on containers and microservices.

So far, there have been 92,000 reported cases of coronavirus globally, with 3,200 deaths. Global markets have been rocked, and major employers are revisiting their plans for staffing, travel and conferences. What do the numbers and trends mean? Pandemic expert Regina Phelps analyzes the latest developments.

This special edition of the ISMG Security Report focuses exclusively on the RSA 2020 conference. Featured are comments from former NSA Director Keith Alexander on "collective defense," plus a discussion on fighting payment fraud and a roundup of other important themes.

In an in-depth interview, privacy expert Caitlin Fennessy sorts through modified draft regulations to carry out the California Consumer Privacy Act that are designed to help businesses take a more pragmatic approach to privacy.

Implementing the concept of "privacy design" requires a series of critical steps, says Heikki Tolvanen, chief legal engineer at PrivacyAnt, a Finland-based privacy consulting firm, who offers insights on mistakes to avoid.

This special edition of the ISMG Security Report offers a preview of top keynote presentations at the RSA 2020 conference, plus a look at important themes and health tips for attendees.

Globally, the coronavirus has infected more than 75,000 people and led to over 2,000 deaths. But business travelers should avoid panic, says pandemic expert Regina Phelps, who offers preventive health tips for those headed to international events, such as the RSA 2020 conference.

"The Human Element" is the theme of the RSA Conference 2020, but there are plenty of technology-rich topics in store for attendees, including session tracks that focus on election security, open source tools, product security and anti-fraud. Britta Glade, a conference director, previews the event.

The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also featured: Advice on implementing NIST's new privacy framework; lessons learned in a breach disclosure.

Although NIST's new privacy framework is agnostic toward any particular privacy law, "it gives organizations building blocks to help them meet any obligations under any particular law or jurisdiction" says Naomi Lefkovitz, a NIST senior privacy adviser.

The latest edition of the ISMG Security Report offers an analysis of the missteps that led to problems with the app used in this week's Democratic presidential caucuses in Iowa. Also featured: growing privacy concerns about facial recognition and business continuity tips for dealing with the coronavirus.

The coronavirus statistics are dizzying - as of Thursday, there were more than 28,000 infections and about 560 deaths. But the key stat to watch is the mortality rate, currently 2 percent, says pandemic expert Regina Phelps. How that number changes will dictate how business continuity leaders must respond.

As health data privacy concerns heat up to a boiling point on multiple fronts, it's more essential than ever that patients get a clear opportunity to make a choice about whether their data is shared, says privacy advocate Twila Brase, who heads the Citizens' Council for Health Freedom.

The latest edition of the ISMG Security Report discusses the ramifications of the U.K's decision to allow limited use of Huawei's equipment in 5G networks. Plus: Updates on Wawa's stolen card data offered for sale and nascent security threats from social networks and drones.

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of Onapsis, a vendor focused on securing business-critical applications. In this exclusive interview, DeWalt opens up on application vulnerabilities, the evolution of the nation-state threat and technologies to watch in 2020.

The latest edition of the ISMG Security Report offers an analysis of fresh details on the hacking of Amazon CEO Jeff Bezos' iPhone. Also featured: an update on Microsoft's exposure of customer service records; a hacker's take on key areas of cyber hygiene.

In light of rising tensions between the U.S. and Iran, the Association of Executives in Healthcare Information Security recently issued new data security guidance to help the healthcare sector prepare for potential nation-state attacks, says CISO Christopher Frenz, one of the document's authors.

Could satellites play a role in distributing next-generation encryption keys? Robert Bedington, CTO and co-founder at Singapore-based SpeQtral, describes quantum communications via satellites in this in-depth interview.

Deception technology is evolving as a powerful asset in the cybersecurity arsenal, providing significant advantages in being able to monitor an attacker's behavior, says Joseph Krull, senior analyst at Aite Group.

The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.

While secure coding has always been an imperative, in a cloud-based environment, BMC Software's Rick Bosworth says it is especially critical since the liability does not rest with cloud services providers for secure configuration.

Five years ago, cybersecurity executive Dave Merkel called upon enterprises to shed their "peacetime" mindsets and adopt a "wartime" stance against persistent cybercriminals and nation-state actors. How have they risen to that challenge?

In light of recent ransomware and other cyberattacks against vendors serving numerous healthcare organizations, it's critical to develop and deploy comprehensive vendor risk management programs, says John Farley of Arthur J. Gallagher & Co., a provider of cyber insurance.

After a data breach, if individuals' stolen information is offered for sale on the dark web, that potentially bolsters class action lawsuits filed by plaintiffs against the breached organization, says technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C.

Is it possible that a nation-state actor such as Iran could create a cybersecurity incident that compromises the U.S. power grid? Bernie Cowens, most recently CISO at the nation's largest electric utility, says that's unlikely because the power grid is more cybersecure than you might think.

The latest edition of the ISMG Security Report discusses "Orwellian" surveillance activity in 2020 via the ToTok app. Also featured: the controversy over enabling law enforcement to circumvent encryption; the cyberattack risks posed by IoT devices.

Researchers are attempting to develop new forms of cryptography that could not be cracked by powerful quantum computing devices that are in the works. Divesh Aggarwal, principal investigator at Singapore's Center for Quantum Technologies, describes the efforts.

Healthcare organizations need to carefully assess whether data they hold falls under the scope of the California Consumer Privacy Act, says attorney Anne Kimbol, assistant general counsel of HITRUST - especially now that the regulation's Jan. 1 compliance deadline has hit.

As tensions between the U.S. and Iran continue to rise, healthcare organizations need to exercise extra vigilance in shoring up their security to defend against potential Iranian cyberattacks on critical infrastructure sectors, says Errol Weiss of the Health Information Sharing and Analysis Center.

Complex, manual processes and disparate, disconnected tools make it difficult for security and IT teams to mount a cohesive response. Bryce Schroeder of ServiceNow discusses a more effective approach to vulnerability response.

In the wake of the killing of an Iranian general in a U.S. drone attack last week, organizations - especially healthcare entities and units of government that have been vulnerable to ransomware attacks - need to be on guard against destructive "wiper" attacks, says Caleb Barlow of CynergisTek.

Zero Trust has become a cybersecurity marketing buzzword. But Kelsey Nelson of Okta sheds light on the realities of the Zero Trust approach, with a specific focus on the identity and access management component of the strategy.

One of the major challenges for CISOs is deciding the indemnity limit for cyber insurance, says Bhishma Maheshwari, executive vice president at Marsh India.

From past roles at the Department of Justice, Department of Homeland Security, Microsoft and Sony, Phil Reitinger has learned more than a thing or two about nation-states and cyber threats. In this exclusive interview, the head of the Global Cyber Alliance discusses how to respond to potential new threats from Iran.

Following the U.S. killing of Iran's Maj. Gen. Qasem Soleimani last week, security experts have warned of possible retaliatory cyber strikes. Tom Kellermann of VMware believes those attacks are imminent. "The period of mourning is over, and I think the holy war in American cyberspace is yet to begin."

The latest edition of the ISMG Security Report discusses countering the threat of nation-state cyberattacks in 2020. Also featured: an update on France's experiment with facial recognition technology and sorting out what "zero trust" really means.

Credential stuffing is a growing problem that's difficult to address, says Troy Hunt, creator of the Have I Been Pwned data breach notification service, who sizes up mitigation efforts.

While Congress is unlikely to pass major new national cybersecurity legislation in an election year, federal regulators and state attorneys general will be busy addressing evolving health data privacy and security issues in 2020, predicts attorney Marcus Christian of the law firm Mayer Brown.

"Zero Trust" security is rapidly transitioning from a marketing buzzword to a practical methodology for protecting today's global networks. Stan Lowe, global CISO of Zscaler, shares his 2020 vision for zero trust.

Machine-speed attacks require a machine-speed response, yet many of today's organizations still maintain legacy defenses. Mario Vuksan of ReversingLabs discusses the future of SOC triage.

How do hospitals' efforts to bolster information security in the aftermath of data breaches potentially affect patient outcomes? Professor Eric Johnson of Vanderbilt University discusses research that shows a worrisome relationship between breach remediation and the delivery of timely patient care.

Still stinging from efforts by foreign powers to influence the 2016 presidential election, the FBI is determined to keep the 2020 election tamper-free. Elvis Chan from the FBI's San Francisco office shares insights into the election defense strategy.

The latest edition of the ISMG Security Report discusses 2020 cybersecurity trends, including fixing "fake everything," dealing with the issue of weaponized social media and securing the U.S. presidential election.