Info Risk Today Podcast

Bringing identity and access management to the next level and investigating the potential that blockchain offers to improve the management of device IDs are among the priority security projects at Sentara Healthcare, an integrated delivery system serving Virginia and North Carolina, says CISO Daniel Bowden.

In an age when every organization is essentially borderless, how do security leaders approach securing the borderless network? Paul Martini of iboss Cybersecurity offers insights and solutions.

When working with cloud service providers, healthcare organizations must take responsibility for security practices rather than relying on the vendor, says Sonia Arista, a security consultant who formerly was CISO at Tufts Medical Center. She's a featured speaker at the HIMSS18 conference.

To keep up with the ever-evolving cyberthreat landscape, healthcare organizations must combine basic security principles with advanced technologies, Kristopher Kusche, CISO at Albany Medical Center, says in an interview at the HIMSS18 conference.

User behavior analytics and data loss prevention tools are among the most promising yet underutilized or improperly implemented security technologies in healthcare, says security consultant Mark Dill, formerly of the Cleveland Clinic, a featured speaker at the HIMSS18 conference.

Many banking institutions boast of being "digital first" and enabling "omnichannel banking." But are they fully aware of the new fraud risks they also are inviting? Kimberly Sutherland and Kimberly White of LexisNexis Risk Solutions discuss how to mitigate omnichannel fraud.

The new generation of deception technology can play an important role in helping healthcare organizations detect malware, including ransomware, but it requires careful implementation to get the most value, says Mitch Parker, CISO at Indiana University Health System.

Leading the latest edition of the ISMG Security Report: President Trump has not authorized the National Security Agency to go after Russian election hackers at the source. Also, 23,000 digital certificates get revoked after their private keys get leaked, and an analysis of deception technologies.

Now that the Supreme Court has declined to review a case stemming from a 2014 cyberattack on CareFirst Blue Cross Blue Shield, what comes next? Attorney Patricia Carreiro analyzes the potential implications for the class-action lawsuit filed after a breach that affected 1.1 million individuals.

Despite the millions of dollars companies invest in cybersecurity programs, advanced persistent attackers constantly devise new means of breaking into corporate environments. How can deception technology offer a new alternative? Ofer Israeli of Illusive Networks explains.

Interest in deception technology is growing because it can play a valuable role in improving intrusion detection, says Anton Chuvakin of Gartner, who explains the intricacies of the emerging technology in an in-depth interview.

Attorney Steven Teppler, who recently wrote a report that addresses risks related to the internet of things, offers insights on risk management steps organizations in all sectors must take as IoT devices proliferate in the enterprise.

As banking institutions of all sizes maximize their digital channels, there is growing tension between the need to prevent fraud and the desire to maintain a frictionless customer experience. IBM Trusteer's Valerie Bradford discusses how to defuse this tension.

What are the top security lessons that covered entities and business associates should learn from the latest HIPAA settlements? Illiana Peters, a former top HIPAA enforcer, shares her insights.

Leading the latest edition of the ISMG Security Report: The Department of Justice indicts Russians for allegedly running an industrialized troll factory designed to influence U.S. politics. Also, a feature in Australia's new real-time payment system could be abused by identity thieves.

How can organizations decide what security technologies best meet their needs? CISO Mark Eggleston shares his tips for making the right purchase decisions.

Cyber intelligence expert Tom Kellermann discusses the significance and impact of the announcement that 13 Russian nationals and three Russian entities were indicted Friday for allegedly meddling in the 2016 presidential election.

With advances in big data, artificial intelligence, machine learning and more, healthcare is primed to innovate. But do HIPAA, GDPR and other regulatory standards inhibit the ability to innovate? Scott Whyte of ClearDATA discusses healthcare's complex convergence of innovation and compliance.

Leading the latest edition of the ISMG Security Report: U.S. intelligence chiefs warn Congress that Russia's information operations continue, while Europol says criminals love cryptocurrencies, both for stealing via scams as well as to launder "dirty money."

When faced with a ransomware attacks, why do some healthcare entities choose to pay extortionists a ransom to decrypt data? Security expert Ron Pelletier offers insights.

As internet of things devices become increasingly common in the enterprise, CISOs must lead the way in making sure emerging security issues, including a higher risk of distributed denial-of-service attacks, are adequately addressed, says John Pescatore of the SANS Institute, which offers training for CISOs and others.

In an exclusive, in-depth analysis, a panel of security experts concludes that India's recent Aadhaar data security conundrum, resulting in identity theft and data breaches, was due to poor implementation of security, monitoring and authentication mechanisms.

After two years of development in stealth mode, the Sheltered Harbor effort to get U.S. financial institutions to use a standard approach to account data backup is shifting into high gear, says Trey Maust, the new CEO of the initiative, which is backed by FS-ISAC.

DDoS extortion comes in many forms. Campaigns over the past three years have varied in their nature and continue to evolve over even the past few months. What lessons can be learned from the latest attacks? Dennis Birchard of Akamai shares insights on the attacks and the newest defenses.

Leading the latest edition of the ISMG Security Report: England's Court of Appeal rejects U.S. extradition request for suspected hacker Laurie Love. Also, what took Uber and Partners Health so long to come clean about their respective data breaches?

Rachael Stockton of LastPass says that 81 percent of breaches are caused by weak or reused passwords. So, is it time to take a hard look at password management and consider adding some technology to the practice?

As banks in the U.S. and Australia grapple with how to effectively launch faster payments, more will turn to big data and machine learning to help better manage expected upticks in fraud, says cybersecurity specialist John O'Neill Jr. of DarkTower.

Healthcare entities are increasingly considering user and entity behavioral analytics tools because their previous breach prevention and detection efforts have fallen short, says security expert Mac McMillan.

Artificial intelligence will play a greater role this year in fooling attackers and authenticating users and sessions, predicts cybersecurity attorney and consultant Chris Pierson, who explains why.

More than half of surveyed organizations were struck by ransomware in 2017. And more than 75 percent of them were running up-to-date endpoint protection. What's the disconnect? Dan Schiappa of Sophos discusses the state of endpoint security.

Protecting 4 million patient records from breaches takes a multifaceted approach, says Bredai "Dai" Snyder of Care Coordination Institute, who describes three of the most critical elements.

As a long-time security leader, Qualys CISO Mark Butler has watched the evolution of security tools and platforms. The best-of-breed approach still has value, but also has failed us, he says. How can automation and orchestration provide new business value?

Leading the latest edition of the ISMG Security Report: Inside the darknet marketplaces that serve cybercrime-as-a-service buyers and sellers. Also, why the healthcare sector remains so bad at detecting data breaches and blocking ransomware.

On cybercrime forums and darknet marketplaces, there's an abundant supply of cybercrime products and services and lots of demand, plus prices remain low, says Flashpoint's Liv Rowley. All that's needed to leverage the products and services to make a profit, she says, is a bit of knowledge.

As big-data analytics matures, it will play a bigger role, but security information and event management software, or SIEMs, will also remain essential, contends Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham.

After two years on the sidelines, watching what he calls the expansion of "cyber insurgency," Tom Kellermann declares himself "back on the field" as chief cybersecurity officer at Carbon Black. How have threats evolved, and what is his hands-on mission?

A class action lawsuit filed against Allscripts in the wake of a ransomware attack that recently disrupted patient care at hundreds of healthcare practices will spotlight a variety of critical security and legal issues, says Steven Teppler, the plaintiffs' attorney, in this in-depth interview.

With the explosive growth of the internet of things, and the increasing threat posed by botnets that leverage IoT, more must be done to ensure IoT devices include security by design, says David Holmes, principal threat researcher at F5 Networks, who offers a strategy.

Leading the latest edition of the ISMG Security Report: Ransomware crypto-locks customer data stored by a cloud-based service provider. Also, there's a move afoot to use blockchain technology to better protect people's personally identifiable information.

Deception technology can play an important role in intrusion detection because it can help track lateral movements of intruders, says Felix Mohan, CEO at CISO Cybersecurity, who clears up some myths about the technology.

Blockchain holds potential for supporting secure health data exchange, but it has limitations that organizations need to keep in mind, says Intel's David Houlding in this in-depth interview on the technology.

Organizations in the Middle East and Central Asia are beginning to respond to the nuances of the evolving threat landscape in the region, says Tata Communication' Avinash Prasad in this exclusive interview.

Whether it's insider or third-party vendor access, organizations are realizing they need to do more with their privileged accounts and systems. But traditional approaches often leave organizations with wide gaps in security. Sam Elliott of Bomgar explains what companies need to look for when it comes to access management.

When building a next-generation cybersecurity operations center, or CSOC, organizations must first understand their attack profile and determine the scope of threat monitoring needed, says Jagdeep Singh, CISO at Rakuten India, an e-commerce company.

Leading the latest edition of the ISMG Security Report: Why some organizations with working backups still choose to pay a ransom after suffering a cryptolocking malware attack. Also featured: The U.S. government's push to bolster the private sector's "active defenses."

A new framework aims to improve patient safety and data integrity by helping healthcare entities to more consistently and accurately match patients with all their information, developers Kirk Botula and Melanie Mecca explain in this in-depth interview.

As a longtime investor in companies offering cybersecurity solutions, Alberto Yépez of Trident Capital Cybersecurity is most concerned by a lack of investment in one key area; replacing aged technologies that are supporting critical infrastructure industries, such as power utilities.

Federal regulator's recently issued draft for a "trusted exchange framework" aimed at propelling nationwide, secure, interoperable, query-based health data exchange is a complex proposal that requires careful analysis, says David Kibbe, M.D., CEO of DirectTrust.

We are amidst a new "machine identity crisis," says Jeff Hudson, CEO of Venafi. And unless we tackle this growing challenge of how to secure machine-to-machine communication, then enterprise IT and security departments are likely to be overwhelmed.

This edition of the ISMG Security Report takes a look at how ready healthcare organizations are for GDPR compliance. Also featured: comments from Alberto Yepez of Trident Capital on the 2018 outlook for information security companies and a summary of the latest financial fraud trends.