Info Risk Today Podcast

The advent of faster payments has helped accelerate authorized push payment fraud schemes in which victims are defrauded under false pretenses. Banking regulators are responding to the trend, and Rob Tharle of NICE Actimize offers advice for multilayered defense.

Boston Children's Hospital is pioneering the use of Amazon's Alexa voice assist technology in the healthcare sector. John Brownstein, the hospital's chief innovation officer, discusses the security measures involved.

When it comes to browser security, one mistake made by consumers and enterprise alike is that they see the browser as a one-way window into the internet. The reality is quite different - and potentially costly if overlooked, says Pieter Arntz of Malwarebytes.

In the past, the relationship between cybersecurity and privacy has been uneasy and even ill-defined. But today, in the post-GDPR era, the relationship is clear, and so is the legal and compliance path forward, says David Ruiz of Malwarebytes.

The latest edition of the ISMG Security Report features an update on a congressional report that slams Equifax for lacking a strong cybersecurity culture. Also featured: A new study on the status of women in the cybersecurity industry and the use of Android phones as security keys.

Nearly one-quarter of the global cybersecurity workforce is now made up of women. But women still face significant compensation and other career challenges, according to a new study. Mary-Jo de Leeuw of (ISC)2 shares analysis.

Healthcare organizations need to plan ahead for the financial burden of data breaches stemming from cyberattacks and also take preventive steps to help minimize those expenses, says attorney Laura Hammargren of the law firm Mayer Brown.

The latest edition of the ISMG Security Report offers an in-depth look at the ever-changing ransomware threat. Other topics: filling the DevSecOps skills gap and the repercussions of Australia's encryption-busting law.

When a company plans to make an acquisition, it should conduct a "compromise assessment" to assess whether the organization being purchased has had an undiscovered breach, says Steve Ledzian, CTO for Asia Pacific at FireEye.

A proposed settlement in a class action lawsuit filed against ULCA Health in the wake of a 2015 cyberattack affecting 4.5 million individuals stands apart from other settlements because it requires the organization to spend a substantial sum on improving its security, says attorney Steven Teppler.

The ISMG Security Report features Chris Painter, commissioner of the Global Commission on the Stability of Cyberspace, discussing cybersecurity policy for the 2020 U.S. elections. Plus, an update on the cost of the Norsk Hydro ransomware attack and the challenges of controlling real-time payments fraud.

OT, IoT and systems targeted by cryptominers - those are among the main network security concerns of Greg Young, VP of cybersecurity at Trend Micro. Which technology trends should security leaders follow to improve network security? Young shares his insight.

The latest edition of the ISMG Security Report discusses the recent ransomware attack on aluminum giant, Norsk Hydro. Plus, confessions of a former LulzSec and Anonymous hacktivist, and the growing problem of cyber extortion.

ISMG and Zscaler hosted a roundtable dinner in Columbus, OH on Feb. 22 focused on security's role in digital transformation. Managing expectation for security as a core component of business enablement was a core component of the discussion.

In the latest stop in this roundtable dinner series, ISMG and Zscaler visited Seattle on Feb. 26 to discuss security's role as a catalyst for digital transformation. It was a diverse crowd - and a mature conversation, says Bil Harmer, Americas CISO with Zscaler.

The latest edition of the ISMG Security Report features a discussion of the role of "prosilience" in IoT security, plus the problem of overnotification under GDPR and the notion of "Spartacus as a Service."

Machine learning can play an important role in fraud prevention at financial institutions, says Marc Trepanier of ACI Worldwide, who addresses the challenges involved.

The latest edition of the ISMG Security Report features updates from RSA Conference 2019 on IoT and the cloud, GDPR compliance challenges and much more.

Identity and access management is more complicated when organizations rely on a cloud infrastructure, says Brandon Swafford, CISO at Waterbury, Connecticut-based Webster Bank, who describes the challenges in an interview.

The latest edition of the ISMG Security Report features Greg Touhill, the United States' first federal CISO, discussing how "reskilling" can help fill cybersecurity job vacancies. Plus, California considers tougher breach notification requirements; curtailing the use of vulnerable mobile networks.

Guarding against threats targeting end users is among the top security priorities this year at a large group of surgical centers in Washington state - and artificial intelligence could play an important role, says CIO Curt Kwak of Proliance Surgeons.

How can the many job openings for cybersecurity specialists be filled? "Reskilling" can play a critical role, says Greg Touhill, the nation's first federal CISO, who's now president of Cyxtera Technologies. In an interview, he offers a preview of his upcoming presentation at the RSA Conference 2019.

Healthcare CISOs and other security and privacy leaders must carefully assess HHS' proposed new rules designed to help prevent the blocking of health information sharing and consider how they might "operationalize" the provisions within their organizations, says attorney Jodi Daniel.

The latest edition of the ISMG Security Report describes vulnerabilities found in popular password generator apps. Plus, the evolution of blockchain as a utility and a new decryptor for GandCrab ransomware.

As the use of artificial intelligence tools and robotics continues to grow, it's crucial for organizations to assess the potential security risks posed, says attorney Stephen Wu, who reviews key issues in an interview.

Business email compromise attacks are becoming far more common in the healthcare sector, says Rod Piechowski of the Healthcare Information and Management Systems Society, who discusses promising technologies to help address the threat.

The latest edition of the ISMG Security Report highlights how thieves can use "deep fake" photos in an attempt to steal cryptocurrency. Also featured: A discussion of the implications of "data gravity" and an analysis of whether the era of mega-breaches is ending.

Indiana University Health is evaluating the use of blockchain in two areas to improve healthcare information security, Mitch Parker, CISO, says in an interview at the HIMSS19 conference. He sizes up the potential risks and benefits.

Proposed rules released this week by the Department of Health and Human Services aim to define and discourage inappropriate blocking of the secure sharing of health information, Elise Sweeney Anthony of the Office of the National Coordinator for Health IT explains in an interview at the HIMSS19 conference.

The 2019 RSA Conference offers an opportunity to learn about new concepts across all aspects of cybersecurity. One such area is "data gravity," which will be the topic of a session featuring Microsoft's Diana Kelley and Sian John. They discuss the concept in a joint interview.

The good news for security leaders: Because of SSL/TLS, nearly every bit of web data in transit is now encrypted. The bad news: Threat actors are now masking their attacks inside of encrypted traffic. Kevin Stewart of F5 Networks explains why network visibility is not enough to detect these attacks.

The HHS Office for Civil Rights is paying particular attention to complaints involving patients' access to their health information; it's also focusing on investigations of organizations with patterns of HIPAA noncompliance, Nick Heesters of the agency explains in an interview at the HIMSS19 conference.

Many healthcare organizations are falling short in their incident response plans, says Mark Dill, principal consultant at tw-Security. The former director of information security at the Cleveland Clinic discusses best practices for keeping those programs current in an interview at the HIMSS19 conference.

Medical device cybersecurity risks should be viewed as an enterprise problem, say Tracey Hughes of Duke University Health Systems and Clyde Hewitt of security consultancy CynergisTek, who outline critical security steps.

What are some of the hottest issues that will be discussed at this year's RSA Conference, to be held March 4-8 in San Francisco? Britta Glade, content director for the world's largest data security event, says DevSecOps - as well as third-party risk and cloud-related issues - are emerging as key themes.

Listen to the latest on security's role in digital transformation, as well as cultural and leadership challenges facing the security industry.

Analytics, artificial intelligence and machine learning are increasingly playing promising roles in healthcare data security, say Ron Mehring, CISO at Texas Health Resources, a large delivery system, and Axel Wirth of Symantec, a technology vendor. They were featured speakers at the HIMSS19 conference.

Healthcare organizations should steer clear of connecting internet of things devices to their networks unless they serve a precise medical purpose, says attorney Julia Hesse, a featured speaker at the HIMSS19 Conference.

The latest edition of the ISMG Security Report features a summary of alarming new findings about the ability of the U.S. to counter a nation-state malware attack. Plus, a discussion of "fusion centers" at banks and an update on the targeting of Webstresser subscribers.

Banks need to work toward improving collaboration between their cybersecurity and fraud management departments to boost efforts to mitigate cyberthreats, say Scott Walters and Eric Reddel of the consultancy Booz Allen Hamilton.

As cybersecurity threats in the healthcare sector evolve, medical device manufacturer ICU Medical is taking a number of steps to help safeguard its products. Chaitanya Srinivasamurthy and Marshall Fryman of the company describe these security initiatives.

<p>Listen to the latest on strategies for protecting the digital enterprise against emerging threats.</p>

Fraud incidents and losses have remained steady or increased in the past year, according to ISMG's latest Faces of Fraud Survey. And the biggest fault of banking institutions' current anti-fraud controls: They rely too much on manual processes. Mike Lopez of survey sponsor Cyxtera Technologies analyzes the results and how to use them.

The latest edition of the ISMG Security Report features an update on what U.S. intelligence chiefs told Congress this week about persistent nation-state cyberthreats, plus reports on evasion tactics used by cryptocurrency money launderers and what government CIOs have to say about security funding.

Improved integration, automation and orchestration are needed to better detect and respond to evolving cyberthreats, says John Maynard, vice president and global security specialist at Cisco Systems.

Endpoint detection and response tools and other related security technologies are critical weapons for defending against cyberattacks, says Larry Whiteside, the new CISO at Greenway Health, an electronic health records company.

Despite the value of cryptocurrency plummeting since 2017, cybercriminals and rogue nations are still using it to launder funds. One recently discovered scheme designed to evade AML detection is "crypto dusting," according to CipherTrace's Dave Jevans.

<p>Sophos is out with new reports on <a href=https://news.sophos.com/en-us/2019/01/30/matrix-targeted-small-scale-canary-in-the-coal-mine-ransomware/ target="_blank"><u>Matrix</u></a> and <a href=https://news.sophos.com/en-us/2019/01/25/stopping-emotet-with-sophos/ target="_blank"><u>Emotet</u></a>, two different types of cyberattacks that are hitting enterprise defenses. Matrix is a targeted ransomware, an emerging type of attack Sophos expects to gain prominence, and Emotet is malware that has evolved over the years into an opportunistic, polymorphic threat that can wreak havoc in many different ways. How do these threats work, and how should you bolster your defenses? Sophos researcher John Shier offers his expertise.</p>

Around the world, many CIOs at various levels of governments expect an increase in cybersecurity spending in 2019, according to new research from Gartner. Alia Mendonsa, co-author of the report, analyzes the results of a global survey.

How can a large healthcare delivery system efficiently handle identity and access management for thousands of clinicians and other users of patient data? Robert Siebenthaler of PeaceHealth explains how his organization, which operates 10 medical centers, has developed a fine-tuned, role-based approach.