Info Risk Today Podcast

The latest edition of the ISMG Security Report features an analysis of why Google was one of the first companies to be hit with a major GDPR fine, plus a global update on GDPR compliance trends and an in-depth report on shifts in malware.

Cisco is out with findings from its 2019 Data Privacy Benchmark Study, which shows the impact of GDPR compliance as well as how customers are asking more questions about how their data is secured. Cisco Chief Privacy Officer Michelle Dennedy analyzes the survey.

How do data privacy and security matters affect organizations that are contemplating a merger or acquisition? Attorney Iliana Peters offers insights into cybersecurity, data breach and compliance issues that can potentially doom a deal.

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International.

Threat intelligence sharing is all about trust, speed and context. And yet many enterprise intel programs lack one or more of those qualities. Jon Clay of Trend Micro discusses what it takes to stand up a customized threat intelligence program.

How can healthcare organizations better address the many challenges they face involving the security of legacy medical devices? Device security specialist Ben Ransford offers insights on critical steps that can help reduce the risks.

Venture capitalists invested $5.3 billion in cybersecurity companies in 2018, about 20 percent more than in 2017 and twice as much as 2016, according to research from Strategic Cyber Ventures. What's ahead for 2019 and beyond?

Leading the latest edition of the ISMG Security Report is an in-depth look at why ransomware remains a pervasive threat and how it's evolving. Also featured: updates on venture capital investments in cybersecurity and a study of vulnerabilities in industrial remotes.

Privacy attorney Adam Greene provides tips for avoiding mistakes when conducting a HIPAA security risk analysis and spells out the essential steps to take.

Within the next five to 10 years, quantum computing will get so powerful that it could be used to break encryption on the fly, predicts Steve Marshall, CISO at U.K.-based Bytes Software Services.

Customer lifecyle data management can play an important role in cracking down on fraud tied to the growth in real-time P2P payments, says David Barnhardt of the security firm GIACT.

A Juniper Research analysis of why card-not-present fraud will continue to grow leads this week's edition of the ISMG Security Report. Also featured: Updates on a Neiman Marcus breach lawsuit settlement and a German hacking incident.

Card-not-present fraud will cost retailers worldwide $130 billion between 2018 and 2023, a new report from Juniper Research predicts. Steffen Sorrell, author of the study, explains the reasons behind this growth projection and describes what can be done to improve the fight against fraud.

Organizations looking to migrate to a next-generation security operations center must first carefully assess any problems they are facing with current security technology, says Vikram Mehta, associate director of information security at MakeMyTrip, an India-based online ticketing portal.

Where is the greatest potential for the implementation of blockchain in healthcare? Attorney Steven Teppler discusses the possibilities for the distributed ledger technology as well as its security pros and cons.

In this edition of the ISMG Security Report, former federal CISO Gregory Touhill explains why a zero-trust security model is essential, and Ron Ross of NIST describes initiatives to protect critical infrastructure from IoT vulnerabilities.

Although chip cards are now commonplace in the U.S., there is still much work to be done securing card transactions online and offline. Randy Vanderhoof of the U.S. Payments Forum discusses 2019 initiatives.

With an operating system that's used by 90 percent of Fortune 500 companies, Microsoft closely monitors cyberattack trends. Joram Borenstein, general manager of Microsoft's Cybersecurity Solutions Group, discusses his top three concerns for 2019.

Fraud detection requires an omnichannel approach to behavioral analysis that involves monitoring users' access to networks via the web, mobile, a call center or other channels, says Shai Cohen, a vice president at RSA.

"Self-sovereign identity" projects based on blockchain technology are likely to gain significant momentum in 2019, says analyst Avivah Litan of Gartner Research.

What impact would potential changes to HIPAA have on the healthcare sector? And what's the likelihood that HIPAA, indeed, will be modified - especially provisions that touch on privacy and security? Privacy attorney Kirk Nahra sizes up what's ahead.

Mastercard has launched a "fusion center" designed to increase its speed of response and coordination among departments in the event of a cyberattack, says CSO Ron Green, who explains the initiative.

Leading the latest edition of the ISMG Security Report: Microsoft's Joram Borenstein highlights his top three areas of focus for 2019. Plus, Randy Vanderhoof of the US Payments Forum on securing card transactions in the coming year.

Healthcare entities need to take a number of important steps to defend against cyberattacks involving remote access, say Chad Waters and Juuso Leinonen, security engineers at the ECRI Institute, which recently singled out hackers remotely accessing medical devices and systems as the No. 1 technology hazard.

Healthcare C-suite executives shouldn't have to worry about cybersecurity, contends John Houston, CISO at Pittsburgh-based integrated health delivery network UPMC. But for the second year in a row, cybersecurity was named the top priority for senior executives in a survey of 40 U.S. health systems.

Hardware authentication and user behavior analytics are among top promising security technologies that Michael Prakhye, CISO at Adventist HealthCare, will closely examine in the year ahead.

Aite Group's Shirley Inscoe predicts that more banks will implement robotic process automation in 2019 to make fraud investigations more efficient. She explains how the technology can help.

Security operations centers are the hub for an organization's threat detection. But organizations can take a number of steps to improve SOC operations, says Kerry Matre of Palo Alto Networks.

Account takeover is a rapidly growing arena for cybercriminals. How can organizations strengthen both authentication and authorization? Scott Olson of iovation, a TransUnion Company shares his insights.

User behavioral analytics can help better detect indicators of potential threats, both external and internal, says Carl Leonard, principal security analyst at Forcepoint.

Will the newly introduced Data Care Act prove to be a viable U.S. equivalent to the EU's General Data Protection Regulation, or is it destined to fail? An analysis leads this edition of the ISMG Security Report, which also features reports on robotic process automation and Mastercard's "fusion center."

DigiCert just conducted a global study of how organizations across sectors are approaching IoT security. What are some of the best practices of the organizations that emphasize securing connected devices? Mike Nelson of DigiCert shares the findings.

The latest edition of the ISMG Security Report features an analysis of the validity of reports that China is behind the massive Marriott data breach. Also: Fascinating details in a Congressional report on the Equifax breach, and a clear explanation of "self-sovereign identity."

Credential abuse attacks and identity theft incidents are rising, with attackers leveraging botnets to launch coordinated campaigns with high success rates, says Aseem Ahmed of Akamai Technologies, who shares best practices for mitigating the threats.

An update on the hacking of email accounts of four senior aides within the National Republican Congressional Committee leads the latest edition of the ISMG Security Report. Also featured: An analysis of when the first major fines for violations of the EU's GDPR could be issued.

Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications.

In the latest edition of the ISMG Security Report, hear prosecutors discuss the indictments of two Iranians in connection with SamSam ransomware attacks. Also: Updates on allegations that Google is violating GDPR and cryptocurrency's impact on crime trends.

At a time when security professionals are faced not only with a barrage of threats, but with a myriad of threat intelligence data sources, it can be challenging to know when to stop an investigation. Join DomainTools Senior Security Engineer Tarik Saleh to learn essential methodologies from a blue team perspective.

In an interview, Rohas Nagpal, a chief architect at Primechain Technologies, describes how blockchain can be used for authentication and pinpoints areas where blockchain is not the ideal technology. He'll be a featured speaker at ISMG's Security Summit in Mumbai Thursday.

FireEye is in a unique position to see global cybersecurity threats, threat actors and their impact on breached organizations. Grady Summers, FireEye's CTO, discusses how organizations can use staff and intelligence to bolster their cloud security defenses in 2019.

Automotive smartphone apps that can be used to unlock or start a car pose new risks that must be managed, says Asaf Ashkenazi of Inside Secure, a mobile security firm, who provides risk mitigation insights.

In the latest edition of the ISMG Security Report, Asaf Ashkenazi of the mobile security firm Inside Secure discusses new threats to car security posed by certain smartphone apps. Plus, updates on behavioral authentication and protecting "very attackable people" from hackers.

Automation and machine learning can be leveraged to make identity-driven authentication a smoother process, says Saryu Nayyar, co-founder and CEO at Gurucul, a behavioral analytics company.

So what's the mission of the newly launched Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, and how will it function? HHS Deputy Secretary Eric Hargan explains the initiative and addresses top healthcare sector cybersecurity challenges in this in-depth interview.

An analysis of China's surging hack attacks as part of an economic espionage campaign leads the latest edition of the ISMG Security Report. Also: Choosing the right MSSP, plus an analysis of the recent hijacking of Google traffic.

When implementing endpoint security solutions in healthcare environments, a critical consideration is the impact of the technology on clinical workflow, says Dave Summitt, CISO at the H. Lee Moffitt Cancer Center and Research Institute.

While unsupervised machine learning techniques get away from the data labeling and classification that most supervised systems require, they are dependent on the quality and variety of the data provided, says Gartner's Jonathan Care.

As the threat landscape evolves, it becomes a game of survival of the fittest. Only the best attacks and attackers remain standing, and the result is a series of targeted ransomware attacks that now cost global enterprises millions of dollars per year. This is among the important findings of the Sophos 2019 Threat Report.

Manufacturers need to change their approach to securing internet of things devices, says Aloysius Cheang, executive vice president for Asia Pacific at the Center for Strategic Cyberspace + Security Science, a U.K.-based think tank, who describes what needs to be done.

The FDA's recently issued draft document updating its premarket medical device cybersecurity guidance originally issued in 2014 contains several important provisions, says regulatory attorney Yarmela Pavlovic, who explains the details.