Info Risk Today Podcast

In the wake of news that 12 additional Russians have been indicted for conspiring to interfere with the 2016 presidential election, a key question emerges: What will President Trump say when he meets Monday with Russian President Vladimir Putin? Carbon Black's Tom Kellermann offers analysis.

The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach.

A new initiative by the Cyber Readiness Institute aims to promote best cybersecurity and vendor risk management practices to smaller enterprises. RiskRecon founder and CEO Kelly White offers his perspective on converting standards to practices.

While California already had some of the strictest and most varied privacy laws in the country, the new California Consumer Privacy Act of 2018 "is a whole new ballgame," says privacy attorney Kirk Nahra, who explains why.

Leading the latest edition of the ISMG Security Report: CipherTrace CEO Dave Jevans discusses recent research on cryptocurrency money laundering and whether regulation is possible. Plus, California passes a new privacy law.

Cryptocurrency money laundering is increasing dramatically, being already three times greater than in 2017. And we're only half way through the year, observes Dave Jevans, Founder and CEO of CipherTrace, and chairman of the Anti-Phishing Working Group.

What are the biggest privacy and security concerns in healthcare when it comes to the use of big data and data analytics tools? Attorneys Elizabeth Mann and Brad Peterson explain what organizations need to know before they dig in.

Leading the latest edition of the ISMG Security Report: ISMG's Managing Editor, Security and Technology, Jeremy Kirk, details Australia's HealthEngine caught in a data-sharing fiasco.

Virtualization and microsegmentation are helping to better protect electronic medical records and other critical systems at Nebraska Medicine, says the health system's CIO, Brian Lancaster.

A lack of standards spelling out to manufacturers their responsibilities for addressing the cybersecurity of their medical devices - especially legacy products - has left a big burden on the healthcare entities that use these devices, says Cletis Earle, CIO at Kaleida Health.

Behavioral analytics have taken the fast lane from emerging tech to mature practice. And Mark McGovern of CA Technologies says the technology is being deployed in innovative ways to help detect insider threats.

Consumers are more concerned than ever about their identities being compromised, yet they're failing to connect the dots between fear and preventive measures, according to recent research conducted by IDology. John Dancu, the company's CEO, explains the implications for businesses.

<p>Tom Field and Ben Smith of RSA Security reflect on key findings from their recent Executive Roundtable on threat hunting,</p>

Leading the latest edition of the ISMG Security Report: A preview of next week's Fraud and Breach Summit in Chicago, which will feature keynoter Brett Johnson, a former cybercriminal who now advises organizations on fighting crime.

The South African airline ComAir is using artificial intelligence to help mitigate the threat of cyberattacks, says Ramon Lipparoni, the company's IT integration manager.

Explosive growth in network scale and complexity demands a next generation Public Key Infrastructure (PKI) management platform. Ted Shorter of CSS says security leaders must prepare now to take full advantage of next-gen PKI solutions.

Government regulation is key to minimizing the misuse of cryptocurrencies for cybercrime, says Brett Johnson, a former cybercriminal who now consults on crime prevention. But regulating cryptocurrencies is no easy task, he acknowledges. Johnson will keynote ISMG's Fraud and Breach Prevention Summit in Chicago.

Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients.

Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe.

Phishing remains the top attack vector, and an organization's people of course remain the top target. But how can these same people be leveraged as a key component in your anti-phishing defense? Kurt Wescoe of Wombat shares insight.

Although all the major credit card brands have dropped the requirement for obtaining signatures to verify point-of-sale transactions made with EMV payment cards, they're not pushing strongly for using PINs instead, leaving that authentication decision to card issuers, says Linda Kirkpatrick of Mastercard.

Leading the latest edition of the ISMG Security Report: Our exclusive report on an Australian criminal investigation into a company that apparently swiped cryptocurrency using a software backdoor. Also, cutting through the hype on artificial intelligence and machine learning.

Since its inception the NIST Cybersecurity Framework has been embraced across geographies and sectors. Trend Micro's Ed Cabrera talks about how to maximize the framework as a baseline for improving cybersecurity posture.

Companies offering cybersecurity products are using the terms "artificial intelligence" and "machine learning" in many different ways. But the real meanings of the terms are far more nuanced than marketing hyperbole would lead us to believe, says Grant Wernick of Insight Engines.

Machine learning is supporting new ways of battling evolving cyber threats, such as by analyzing behaviors, says Darshan Appayanna, CISO at Happiest Minds, an IT services firm, who will be a featured speaker at ISMG's upcoming Fraud and Breach Prevention Summit in Bengaluru.

Lawsuits filed in the wake of data breaches are evolving, says attorney John Yanchunis, who represents plaintiffs in many of these class action cases.

Leading the latest edition of the ISMG Security Report: Cybersecurity expert Brian Honan provides insights on why organizations that are not yet compliant with GDPR need to focus on several key steps. Also: An assessment of the progress women are making in building careers in information security.

Cybersecurity challenges and solutions have evolved greatly since 2002. And so has the Executive Women's Forum, which was founded that year to advance female leaders in the profession. Founder Joyce Brocaglia reflects on the forum's accomplishments and challenges.

What happens if organizations that must comply with GDPR have yet to achieve compliance, despite having had two years to do so before enforcement began? Don't panic, says cybersecurity expert Brian Honan, but do be pursuing a data privacy transparency and accountability action plan.

Could U.S. banks emerge as identity platform providers? Ron Shevlin of Cornerstone Advisors explains in an interview why he believes that's highly unlikely.

File-less malware is a huge security challenge for organizations today, and traditional email security controls aren't sufficient to meet the challenge. Burke Long of Lastline offers insight on a new way to approach email security.

How much progress has the healthcare sector made in the last 10 years addressing medical device cybersecurity issues? And what action is still needed? Ben Ransford, a principal researcher in a groundbreaking 2008 report about cardiac device cyber risks, offers his assessment.

Leading the latest edition of the ISMG Security Report: Reports on the impact enforcement of the EU's General Data Protection Regulation, which began Friday, will have on the healthcare and banking sectors. Plus an assessment of GDPR compliance issues in Australia, which offer lessons to others worldwide.

Security leaders have been addressing the global skills gap for better than a decade now, with little to show for it. But Joe Cosmano of iboss recommends a new approach, leveraging software-as-a-service to make up for the staffing shortfall.

The whole way we look at identity across the extended enterprise is in the midst of change, says Naresh Persaud of CA Technologies. What is dynamic authentication, and how does it herald the future of digital identity?

Universities throughout Florida are adding more cybersecurity courses in an effort to better train the next generation of practitioners, says Ernie Ferraresso of the Florida Center for Cybersecurity, which recently provided a second round of funding for the effort.

With enforcement of the EU's GDPR set to begin on May 25, Australian organizations vary in readiness. Steve Ingram of PwC says it's not too late for companies to prepare for GDPR, but it will be too late to ask regulators for forgiveness if something goes wrong.

Strict HIPAA compliance is a great preparation for compliance with the European Union's General Data Protection Regulation, which will be enforced starting May 25, according to attorneys Robert Stankey and Adam Greene, who provide compliance insights in an in-depth interview.

The EU's General Data Protection Regulation, which will be enforced beginning May 25, has significant implications for how financial institutions worldwide handle customer data, says Brett King, CEO of Moven, an all-digital bank, who sizes up the challenges.

Leading the latest edition of the ISMG Security Report: Years of massive data breaches have fueled an increase in synthetic identity fraud, in which fraudsters combine real and bogus details to create more effective fake identities. Plus, has "The Dark Overlord" hacking group finally met its match?

A security breach is always a sensitive topic - but especially so during a merger or acquisition. Ofer Israeli, CEO of Illusive Networks, discusses how deception technology can help prevent disruption by a cyberattack during M&A activity.

Knowing as many details as possible about the customer, the payment and the recipient is a critical component of stopping fraud as payments become faster, says anti-fraud specialist David Barnhardt.

Organizations today have access to countless sources of threat intelligence. And yet many still struggle to operationalize this intel effectively. Russ Spitler of AlienVault discusses how to improve detection and response with dynamic security incidents.

Credit card losses due to synthetic identity fraud exceeded $800 million in the U.S. last year, says Julie Conroy of Aite Group, who analyzes the evolving threat and offers mitigation insights.

Although the National Institutes of Health is implementing strong privacy measures as it begins its effort to enroll 1 million volunteers to contribute data to its "All of Us" precision medicine research project, there are still risks involved, says privacy attorney Kirk Nahra.

With the rise of P2P payment networks and the U.S. working toward a real-time national payments network, the push is on to battle fraudsters. Also, attackers are hacking legitimate websites to more stealthily distribute "Gandcrab" crypto-locking ransomware.

Eduard Goodman, global privacy officer of CyberScout, doesn't like the disorganized way most cyber incidents are handled now. Instead, he would like to see a more project management approach. Here are the benefits he foresees.

If operational technology systems need to get connected to IT systems, it's essential to have tight controls on the network, says Lam Kwok Yan, professor of computer science and engineering at Nanyang Technological University in Singapore.

At a recent meeting of hospital CEOs in Texas, the leaders said the issue that keeps them awake at night is cybersecurity, says Fernando Martinez of the Texas Hospital Association, who explains why.

We all know about May 25 and the enforcement deadline for Europe's General Data Protection Regulation. But what impact will GDPR have on cybersecurity programs? Danny Rogers of Terbium Labs weighs in on the topic.