Info Risk Today Podcast

Hunterdon Healthcare in New Jersey is shifting applications to cloud providers in order to tap into security capabilities and innovation that doesn't run as deep in the integrated healthcare delivery system's own technology team, says Jason Tahaney, the organization's director of IT.

As the healthcare industry undergoes its own digital transformation, security is more important than ever. Okta's Nick Fisher says a zero trust model can keep hospitals and patients healthy when it comes to protecting their data.

Account takeover continues to be a lucrative path for fraudsters across all industry sectors. But Scott Olson of iovation says there are different levels of defense that can be deployed, based on the risk of specific types of transactions.

Inspira Health has taken several key vendor risk management steps to help ensure patient data is protected, says CIO Tom Pacek, who describes the effort in this interview.

Organizations looking to implement behavior-centric security must set clear goals for the business outcomes, says David Coffey, senior vice president of engineering at Forcepoint, who offers tips.

What are some of the moves that organizations can make to improve their identity and access management? Veda Sankepally, an IT security manager at managed care company Molina Healthcare, describes critical steps in this case study interview.

Why is fraud that originates on mobile devices growing at such a rapid rate? Brooke Snelling and Melissa Gaddis of iovation offer an analysis in this joint interview.

An A-list of cyber experts, including former Homeland Security Secretary Jeh Johnson, has put its weight behind U.S. CyberDome, a nonpartisan initiative to protect presidential campaigns against foreign influence. Matthew Barrett, a former NIST leader and co-founder of CyberDome, outlines how this group is gearing up.

This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.

A new professional credential aims to help healthcare organizations bolster their security leadership bench strength, says William Brad Marsh, co-chair of a committee that developed the certification.

IoT, the cloud, third-party risk - we hear a lot about how the cybersecurity risk surface and threat landscape have evolved. But what about the new business demands on cybersecurity leaders? Christopher Hetner, former global CISO at GE Capital, shares insights.

Fortinet's FortiGuard Labs global threat research team is creating research playbooks that provide deep-dive analysis of not only threat trends, but also cybercriminal and adversary tools and techniques. Derek Manky and Tony Giandomenico discuss the playbook model and how it can help in the fight against cybercrime.

Former Secret Service agent Jeff Dant now heads fraud operations and intelligence for the financial crimes unit at BMO Financial Group. Which threats and threat actors does he focus on, and how does his law enforcement experience help? Dant previews a session at the upcoming Cybersecurity Summit in New York.

The SANS Institute's Cyber Workforce Academy is helping to address the shortage of cybersecurity pros by recruiting individuals from other fields and matching graduates with local employers, says Max Shuftan, who leads the institute's cyber talent division. The approach could serve as a model, he says.

DirectTrust's new effort to develop a standard for instant messaging in healthcare could potentially help providers securely communicate in real time over multiple platforms, says Scott Stuewe, the nonprofit alliance's president and CEO.

The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements.

To leverage blockchain for identity management at the enterprise level, CISOs first need to form a governance structure, says Prasanna Lohar, head of innovation at DCB Bank, a private banking company in India, who describes all the necessary steps.

The promise of cloud and mobility is to provide access to key services quickly and from anywhere at any time from any device. Zscaler's Lisa Lorenzin opens up on zero trust network access technologies, which provide a secure alternative to legacy methods.

The Capital One data breach is in early stages of remediation. Art Coviello, former chair of RSA, which was breached in 2011, shares first-hand insight on steps the breached institution and its CEO should be taking now.

Data breach costs continue well after the initial year, according to the latest IBM/Ponemon Institute,"Cost of a Data Breach" report. Limor Kessem of IBM Security shares details of the study.

Mike Cotton of Digital Defense sees a key shift in the threat landscape, as attackers focus more on attacking key endpoints and infrastructure. As a result, many organizations are developing security blind spots. Cotton explains how to regain visibility.

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption. Also featured: An analysis of Equifax's settlement with the FTC and a discussion of a new report on the cost of data breaches.

Taking a zero-trust approach can help organizations unshackle themselves from the password and drastically reduce the attack surface, says Akamai's Fernando Serto.

Digital transformation: It's the present and future of business, as enterprises adapt to work at the speed and convenience of new demands. But amidst this transformation, how can security leaders avoid being obstacles and actually become catalysts for change? Alex Teteris of Zscaler shares insight.

Security leaders for a decade now have been discussing the profession's growing skills gap. But what is its true business impact, and what are some near- and long-term strategies to mitigate it? FireEye's Gareth Maclachlan shares insight.

When it comes to supply chain risk, many organizations overlook how dependent they are on those critical relationships, says Matt Kraning of Expanse. As a result, they are minimizing serious security vulnerabilities. Kraning offers insights on re-thinking that dynamic.

A major misconception about cloud IAM is that it's easy to implement, says Mark Perry, CTO for APAC at Ping Identity. Implementation poses challenges, and cloud IAM must be carefully integrated with other systems, he says.

Misconfigured file storage technologies and a lack of basic security controls are the root causes for the inadvertent online exposure of 2.3 billion files worldwide that contain personal information, including sensitive medical data, says Harrison Van Riper, a security researcher at Digital Shadows.

The latest edition of the ISMG Security Report describes the accidental discovery of a Tesla software vulnerability. Also featured: an analysis of the latest ransomware trends and insights from former federal advisers Richard Clarke and Robert Knake on cyber resilience.

From malware and phishing to cryptojacking and man-in-the-middle attacks, mobile threats are rampant, and organizations need to stay a step ahead. Traditional threat management has been reactive. But IBM and Wandera have joined forces to stop threats dead in their tracks before they get close to your environment.

Deception technology is becoming more sophisticated, enabling organizations to battle against emerging threats, says Alissa Knight, senior analyst at Aite Group, a research and advisory company.

There's good news and bad news about the current state of cybersecurity, according to Richard A. Clarke and Robert K. Knake, two former federal advisers who have written a new book. Learn about their concerns that cyberattacks could escalate into prolonged conflicts.

Enumerating medical devices, identifying where the security risks lie and then implementing a multilayered defense plan to mitigate risks should be top priorities for healthcare organizations, says thought leader John Halamka, M.D., executive director for technology exploration at Beth Israel Lahey Health.

Incidents involving supply chain vendors pose increasingly significant risks to health data, says Rick McElroy of Carbon Black, who addresses "island hopping" and other emerging threats.

The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies.

The success of security operations centers will depend on how well they blend key technologies - including detection, user behavior analytics and orchestration, says Haiyan Song of Splunk, who offers strategic insights.

The relationship between American Medical Collection Agency and its laboratory clients affected by the company's data breach will be closely examined as breach-related lawsuits progress, says attorney Paul Hales, a HIPAA specialist, who explains why.

In the wake of digital transformation, there remain some organizations that - for security reasons - resist the temptation to move to the cloud. What are their objections? Zscaler's Bil Harmer addresses these, as well as the critical questions security leaders should ask of cloud service providers.

Cyber adversaries are resilient and move quickly, so it'st critical that organizations share threat intelligence in an automated way, says Shawn Henry of CrowdStrike Services. But that sharing has been hampered by a lack of understanding of why it's important and how organizations can benefit, he says.

With attackers continuing to hammer weaknesses in software, organizations must prioritize application security more than ever, says Ian Ashworth of Synopsys. Thankfully, developers and middle management - bolstered by agile methodologies and DevOps - are increasingly leading the charge.

Biometrics may be in fashion, but it's in part because users are ready, willing and able to use it to prove their identity, thanks to Apple, Samsung, Google and other players providing trustable hardware for verifying people's fingerprints and faces, says IBM Security's Neil Warburton.

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security.

Threat intelligence programs have evolved greatly over the past decade. But Mario Vuksan, CEO of ReversingLabs, says too many organizations are overlooking the value of local intelligence embedded in their own networks. Vuksan talks about maximizing TI resources.

Fraud schemes have migrated in recent years, exposing inherent vulnerabilities in how most organizations authenticate users. Diego Szteinhendler of Mastercard outlines new strategies and tools for evolving authentication practices beyond solely payments security.

Since Sentara Healthcare adopted a DevSecOps approach, CISO Daniel Bowden says, his security team has gained improved visibility into the entire application development process.

An effective third-party risk management program starts with asking the right questions, says Brad Keller, chief strategy officer and senior vice president at the Santa Fe Group, a strategic advisory company, who spells out key issues to address.

The latest edition of the ISMG Security Report discusses Cloudflare's harsh criticism of Verizon over an internet outage it labeled as a "small heart attack." Plus: sizing up the impact of GDPR; reviewing highlights of the ISMG Healthcare Security Summit.

In one of the recent stops in this roundtable dinner seriers, ISMG and Zscaler visited Boston to discuss the role of security as a catalyst for digital transformations. We saw in each of these conversations that change is difficult, but that everyone is asking the same questions, says Stan Lowe, Global CISO with Zscaler.

Increasingly, cyber attackers are molding technology and human intelligence into blended threats that prey upon vulnerable defenses. Chester Wisniewski of Sophos lays out how organizations can become more mature in preparedness and response.

Often in breach response, security professionals focus on the technical aspects of the attack. Yet, the non-technical aspects are often more insidious, says Teju Shyamsundar of Okta. And Identity can be a powerful tool to bolster defenses.