Info Risk Today Podcast

Leading the latest edition of the ISMG Security Report: Cambridge Analytica shuts down, saying it's lost all of its customers, and Australia's Commonwealth Bank spots a big, bad potential data breach.

Organizations in all sectors need to strive to adopt a standardized approach for ensuring that security is built into internet of things devices at the design phase, says Vinod Kumar, CEO and managing director at Bangalore-based Subex, a telecom analytics solutions provider.

How might blockchain improve digital identity proofing in the healthcare sector? The National Health Information Sharing and Analysis Center and security vendor Trusted Key are testing that out with a proof-of-concept application.

From open banking to emerging technology and the evolving needs of millennial customers, financial institutions are experiencing unprecedented change. How does this impact the risk and regulatory landscapes? Kevin Malicki of Harland Clarke shares insight.

How do we establish and maintain digital trust without burdening our users? What are the critical questions that need to be addressed by anyone managing identity and access management in a modern enterprise? David Duncan of CA Technologies offers answers to these questions.

How do we establish and maintain digital trust without burdening our users? What are the critical questions that need to be addressed by anyone managing identity and access management in a modern enterprise? David Duncan of CA Technologies offers answers to these questions.

Business email compromise and account takeover attacks haven't faded; they've just morphed. Wes Dobry of Agari discusses the new wave of these attacks and how organizations can do a better job of detecting and responding to them.

Makers of internet of things devices - especially those that handle health information - must implement protections into their product development lifecycle to effectively safeguard consumers' data, says regulatory attorney Elliot Golding.

What are some of the complexities of the EU's General Data Protection Regulation, which will be enforced beginning May 25? Gerald Beuchelt, CISO at LogMeIn, offers compliance insights in an in-depth interview.

In this edition of the ISMG Security Report: Privacy watchdogs in the EU begin enforcing GDPR in less than 30 days; are organizations ready? Also, a look at the top 10, real-world online threats facing business and financial software firm Intuit.

Corporate espionage appears to be the motive behind cyberattacks targeting a variety of medical-related equipment and systems, researcher Jon DiMaggio of Symantec says in an in-depth interview about the activities of a hacker group the company has dubbed "Orangeworm."

Data integrity and privacy issues are among potential concerns related to voice-activated "virtual assistant" tools that some vendors are beginning to offer for their electronic health record systems, says privacy and security expert Kate Borten.

To stay ahead of evolving cyber threats, healthcare entities need to deploy a defense-in-depth strategy that includes tapping more advanced tools, including deception technology, says security expert Elie Nasrallah of HITRUST.

What's the difference between artificial intelligence, machine learning, deep learning and neural networks? Don't trust vendors' marketing materials to help you find a workable, accurate definition, says Kris Lovejoy, CEO of the security firm BluVector.

In this in-depth interview, Daniel Cohen of RSA discusses how open banking, also known as banking as a service, will affect the fight against fraud and offers insights on the security steps banks should be taking.

Verizon's latest Data Breach Investigations Report shows that half of data breaches in 2017 worldwide were orchestrated by organized cybercriminal groups, says Verizon's Ashish Thapar, who offers an in-depth analysis of the findings.

Leading the latest edition of the ISMG Security Report: A preview of our extensive coverage of the 2018 RSA Conference, which will include dozens of video interviews with thought leaders.

Deception technology has been gaining traction as a way for organizations to get a view on how attackers are targeting their assets. Rik Turner, principal analyst at the consultancy Ovum, says he expects MSSPs to incorporate deception technology, making it more accessible to smaller organizations.

A new version of the FIDO authentication standard is designed to enable the elimination of passwords for a broader range of devices, says Phil Dunkelberger, CEO of Nok Nok Labs, who describes the latest developments.

Technology, regulations and customer expectations all have evolved. What does this mean for how organizations secure identities? Baber Amin of the Office of the CTO of Ping Identity offers strategic insight.

While CISOs in India are fighting off threats from technologically adept cyberattackers, they are also grappling with the challenge of effectively communicating cyber risk to management in the business terms that they can understand, says K.K. Mookhey, founder of Mumbai-based NII consulting.

The recent data breach impacting 150 million user accounts of Under Armour's MyFitnessPal application and website offers important lessons for mobile app developers, security expert Joan Pepin explains in this interview.

With Alabama and South Dakota recently becoming the last two states to adopt breach notification laws, notification processes become more complicated, says privacy attorney Adam Greene, who offers an in-depth analysis.

Leading the latest edition of the ISMG Security Report: Assessing cryptocurrencies' role in the latest ransomware and malware attacks. Plus: Facebook's revised estimate on account details accessed by Cambridge Analytica.

The high-profile breaches of Fortune 100 companies are the ones that get the headlines, but small and midsized businesses should not breathe any sighs of relief. They are very much still targets, says Austin Murphy of CrowdStrike. He offers cybersecurity advice to SMBs.

Processing and parsing intelligence from all sources - external and internal, structured and abstract - across three important categories is essential to a proactive, predictive threat intelligence framework, says Verizon's Ashish Thapar

CISOs increasingly are summoned to present to their Boards of Directors. But too often these presentations fail to frame the right topics with the right metrics, says Jacob Olcott of BitSight. He offers advice for maximizing the opportunity in front of the Board.

Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview.

Cyber SOCs, the next generation of security operations centers, need to use a new approach to detecting emerging attacks, says Aadesh Gawde of the IT risk consultancy ProVise Consulting, who offers implementation tips.

Vendor risk management is becoming more critical as companies rely more on partners who have access to payment card data and other sensitive information, says Ramon Lipparoni, IT integration manager at ComAir, a South African airline. One critical step, he says, is conducting impromptu vendor audits.

What impact with the Facebook data privacy controversy have on the social media company, and other tech giants, eventually competing with banks? James Wester of IDC sizes up the open banking implications.

Leading the latest edition of the ISMG Security Report: Ransomware hits the city of Atlanta, Baltimore's 911 system as well as aviation giant Boeing. Plus, WikiLeaks and its Julian Assange get taken for a ride by Russian intelligence.

Two out of three organizations say that finding qualified cybersecurity professionals is a struggle, a new study shows. And 80 percent of respondents do not feel adequately prepared to defend their organizations. Kathie Miley of Cybrary and Wade Baker of Cyentia Institute discuss how to bridge the cyber skills gap.

Evidence continues to mount that Russian intelligence created the "Guccifer 2.0" hacker online persona as a "plausible deniability" cover for dumping information stolen from the U.S. Democratic National Committee, among other targets, says cybersecurity expert Alan Woodward.

As the Cambridge Analytica scandal continues to unfold, Congress seeks answers from Facebook, calling on CEO Mark Zuckerberg to testify. Also in the latest edition of the ISMG Security Report: Is it possible to build a secure digital wallet for storing cryptocurrency?

Multivector distributed denial-of-service attacks are having a bigger impact than simple volumetric attacks, says Brian McCann, president of Netscout's security business unit, who analyzes the latest trends in an in-depth interview.

The healthcare sector is slowly making progress yet still has a long way to go in ensuring that all endpoint devices are being effectively protected, says security expert Mac McMillan. What steps need to be taken?

Al Pascual of Javelin Strategy and Research discusses a new report that shows that while crypto wallets may be considered to be at the sharp end of payments innovation, the security vulnerabilities they face are much the same as those that already exist in digital banking and payments.

Many medical devices, especially older ones, were not designed with cybersecurity in mind, so healthcare organizations need to take special precautions to reduce risks, says security expert Justine Bone, who describes effective strategies.

The technology and operating models for identity and access management have evolved with time, but the way many enterprises approach IAM has not. How can security leaders modernize their IAM strategy in this era of unprecedented complexity? Patrick Wardrop of IBM Security shares insights.

Privacy attorney Kirk Nahra offers an analysis of the New York state attorney general proposing updates to the state's data security laws and issuing a substantial financial penalty in a HIPAA violations case.

Leading the latest edition of the ISMG Security Report: The Trump administration sanctions Russian organizations and individuals over U.S. election interference, the NotPetya campaign and energy sector hacks. Also featured: A deep dive into the use of so-called active defense.

While the director of the HHS Office for Civil Rights says HIPAA enforcement remains a top priority for the agency, obtaining enough resources to carry out its mission is an ongoing battle, says former OCR official Deven McGraw.

Penetration testing can help find vulnerabilities that aren't typically identified by scanning and other monitoring. But the testing comes with some risks, Duke Health CISO Chuck Kelser and pen tester John Nye explain in a joint interview.

As more data moves to the cloud, and cyberattacks multiply, organizations need to adopt an alternate paradigm of security, says Nikhil V. Bagalkotkar, a virtualization specialist at Citrix, who describes a new approach.

Recent ransomware attacks on healthcare entities have been a major security wake-up call, says Rod Piechowski, senior director of health information systems at of HIMSS, who explains what action is needed.

Leading the latest edition of the ISMG Security Report: America's top general says the U.S. response to Russian election interference isn't as well coordinated as it needs to be, and Pennsylvania sues Uber for failing to notify data breach victims in a timely manner.

Bolstering endpoint protection is a top security priority at Partners HealthCare this year, says Jigar Kadakia, CISO of the Boston-based integrated health system. What else is on the agenda?

More healthcare organizations are "decoupling" their HIPAA compliance efforts from their cybersecurity initiatives, a sign that the sector is maturing, says security expert Axel Wirth, discussing findings of a new study by HIMSS Analytics and Symantec.

Based on the feedback it received, the Office of the National Coordinator for Health IT will consider making tweaks to its proposed Trusted Exchange Framework and Common Agreement, including provisions related to privacy and security, says ONC's Genevieve Morris.