Info Risk Today Podcast

There are roughly 3,000 cybersecurity vendors in the market today, and former FireEye CEO Dave DeWalt says conditions are right for even greater market growth. How does he see the marketplace evolving in 2018?

An analysis of FBI Director Christopher Wray's comments about how encryption poses complications for law enforcement officials leads the latest edition of the ISMG Security Report. Also featured: The former CISO of the state of Michigan sizes up cybersecurity forecasts.

Under what circumstances must a U.S. healthcare provider comply with the European Union's General Data Protection Regulation, which will be enforced beginning in May? In an in-depth interview, regulatory attorney Stephen Wu explains the conditions under which compliance is required.

Dave DeWalt, former CEO of McAfee and FireEye, identifies the next generation of cybersecurity threats in the latest edition of the ISMG Security Report. Also featured: an analysis of the recent news of the Meltdown and Spectre microprocessor flaws and the POS malware attack on retailer Forever 21.

It's been nearly one year since Dave DeWalt walked away from FireEye, where he served as CEO. The veteran security leader has a new role and some candid insights on the state of enterprise cybersecurity defenses.

An analysis of how unprepared businesses are to fight back against the continued problem of ransomware is featured in the latest edition of the ISMG Security Report. Also featured: outlooks for health data breaches and other cybersecurity trends in 2018.

CISOs need to precisely tailor their risk management strategies to protect the specific high-value assets of their organization; a broad-brushed approach will never work, says UK-based Kelly Bissell, managing director and global lead, Accenture Security.

Ransomware has ascended, by some estimates, to a $1 billion industry. Although the FBI advises against paying ransoms, some organizations see it as the quickest way to recovery. Michael Viscuso of Carbon Black says that the larger problem is a failure to defend networks.

ECRI Institute researcher Juuso Leinonen discusses why ransomware and other cyberattacks can have a big impact on care delivery and patient safety.

From worsening ransomware attacks to deepened concerns about external digital risk, former AT&T CISO Ed Amoroso says 2018 will be a challenging year, and security teams need to be building out their resiliency plans to prepare for what's ahead.

As the healthcare sector implements a variety of new applications and increasingly moves to the cloud, it has a fresh opportunity to address security, says Daniel Bowden, CISO at Sentara Healthcare, who discusses best practices.

This episode of the ISMG Security Report is devoted to producer/host Eric Chabrow's recollection of the evolution of cybersecurity news and analysis during his nine years at Information Security Media Group. Chabrow is retiring after 45 years in journalism.

Ensuring the integrity of data generated and emitted by medical devices is a growing concern as cyber threats advance, says cybersecurity expert Kevin Fu, who also discusses concerns about consumer-wearable health devices.

A look ahead at five trends that should have a significant impact on cybersecurity in 2018 is featured in the final ISMG Security Report for 2017. Cybersecurity and privacy thought leader Christopher Pierson forecasts the likely occurrences.

Following the success of Russian offensive cyber operations, other countries will likely be testing their capabilities, says FireEye's Bryce Boland, who predicts nation-state attacks will become more common in 2018.

Ira "Gus" Hunt, a security expert who was formerly CTO at the CIA, analyzes why many large healthcare provider organizations plan to boost cybersecurity spending in 2018 and discusses the role of emerging technologies.

Since the massive data breach of credit bureau Equifax, the U.S. Congress has become more interested in the causes of data breaches. Australian security expert Troy Hunt, who recently traveled to Washington to share his insights with a House committee, discusses what he told lawmakers in this in-depth interview.

Curt Kwak, CIO of Proliance Surgeons, a large Washington state surgery practice, discusses top security challenges and priorities for the new year in this in-depth interview.

The international payments system is largely based on the three-decades old SWIFT messaging system. But cyberattackers have exploited weak controls employed by banks to make fraudulent transfers. Nick Armstrong of Identitii discusses a path forward for securing payments made with legacy systems.

Exploring Samuel Visner's vision - patterned after the Manhattan Project and moonshot - for collaborating to create innovative ways to improve cybersecurity leads the latest edition of the ISMG Security Report. Also featured: a report on legislation designed to improve the security of U.S. elections.

In an information technology environment where personnel are taking on increasingly complex responsibilities, the key to ensuring security is still awareness training, says former U.S. CISO Gregory Touhill, who says he'd put his last dollar on it.

An assessment on whether North Korea is behind the WannaCry ransomware attacks leads the latest edition of the ISMG Security Report. Also, the co-author of NIST's revised Trustworthy Email special publication discusses changes in the guidance.

An analysis of the cyber component of the Trump administration's just-published National Security Strategy leads the latest edition of the ISMG Security. Also, DHS and industry establish a cyber coordinating council to help secure the U.S. electoral system.

Legislation pending in Congress that would offer protections for companies and individuals who seek to "hack back" in retaliation against cybercriminals who have attacked them is a bad idea, contends Alan Brill of Kroll.

The latest ISMG Security Report leads with a report on a malware attack on an industrial safety system that experts contend could threaten public safety. Also, legislation giving DHS's cybersecurity unit a meaningful name progresses through Congress.

With just a few months left until the EU's General Data Protection Regulation will be enforced, too many so-called "experts" are spreading fear and falsehoods about the regulation, says Brian Honan, a Dublin-based cybersecurity consultant, who clarifies misperceptions in an in-depth interview.

Organizations should take an "inside-out" approach to mitigating the insider threat, says Brandon Swafford of Forcepoint, who explains the components of that approach in an in-depth interview.

The latest ISMG Security Report focuses on the significant changes found in the latest version of the U.S. government's Framework for Improving Critical Infrastructure Cybersecurity, commonly known as the NIST cybersecurity framework. NIST seeks comments from stakeholders on the draft of version 1.1 of the framework by Jan. 19.

The latest ISMG Security Report features a special report on securing medical devices. Healthcare security leaders from the FDA, an academic medical center and a medical device manufacturer share their insights on the challenges involved.

The cloud gives organizations great new opportunities to deploy new systems and applications. It also creates a whole new level of cybersecurity exposure, says Gavin Millard of Tenable, offering tips to bridge that gap.

In an era where users are working simultaneously across mobile, social and cloud applications and platforms, organizations need to deploy identity and access management solutions that can scale and adapt quickly. IBM's Sean Brown describes the rise of Identity as a Service.

Denial of Service, web application layer attacks, credential abuse and IoT - these are the attack trends and vectors that will make headlines in 2018. Ryan Barnett of Akamai offers insight into how to prepare your defenses.

A report on the SEC targeting a Canadian company for fraud, alleging it cheated investors by exploiting a so-called Initial Coin Offering crowdsourcing funding system, leads the ISMG Security Report. Also, an NSA analyst pleads guilty in a case involving storing classified data on his home PC.

If you want to anticipate a prospective hacker's moves, then you'd better be able to think like one. That's the position of Terry Cutler, an ethical hacker who dedicates his time to testing organization's cybersecurity defenses - and their people.

With roughly six months to go before the GDPR enforcement deadline, Petter Nordwall and Anthony Merry of Sophos says it's time for organizations to assess whether "They need to panic a little, or they need to panic a lot."

Spear phishing is the common trigger to many of the most popular - and successful - targeted attacks. How can organizations improve their defenses? Jon Clay of Trend Micro tells how to better spot and stop spear phishing.

A commentary on the need for developers to be more deliberate in securing IT products leads the latest edition of the ISMG Security. Also featured: A report on Congress tackling voting machine security.

Credit unions offer unique services to a unique member base - and they face unique challenges when rolling out multifactor authentication across all of their banking channels. Michel Nerrant of Crossmatch discusses how new biometric solutions can meet CU needs.

Organizations are rapidly migrating services and data to cloud infrastructure, creating a new "cloud generation" of users who bring with them a new set of endpoint security concerns. How should these issues be prioritized and addressed? Naveen Palavalli of Symantec details new strategies and solutions.

An assessment of how campaigns can safeguard their IT assets on the eve of the 2018 U.S. congressional elections leads the latest ISMG Security Report. Also, an update on how years-ago hacks are finally gaining attention.

A presentation on new models to battle email phishing leads the latest edition of the ISMG Security Report. Also, did Uber mishandle ransomware response?

Several significant pending legal cases, including the CareFirst lawsuit, showcase the cybersecurity challenges facing the healthcare sector, says attorney Lisa Rivera in an in-depth interview.

We all see the headlines about high-profile breaches that started because of a phishing exploit. But how severe is the global email infiltration problem? Patrick Peterson of Agari offers insight and advice.

With a rise in incidents of omnichannel financial fraud globally, financial institutions need to enhance their ability to detect fraud - while also reducing technical complexity. Maxim Shifrin of IBM Trusteer discusses new solutions.

U.S. government agencies now find themselves having to comply with Binding Operational Directive 18-01 to enhance email and web security. What are the immediate tasks? Patrick Peterson of Agari offers insight and advice.

HealthcareInfoSecurity Executive Editor Marianne Kolbasuk McGee reflects on the just-concluded Healthcare Security Summit in New York in the latest edition of the ISMG Security Report. Also, PCI Security Standards Council CTO Troy Leach addresses ransomware risks.

A report on new White House rules on when to disclose cybersecurity vulnerabilities to software vendors leads the latest edition of the ISMG Security Report. Also, storing passcodes in clothing.

The healthcare sector should consider adopting cybersecurity best practices implemented in the financial sector, especially those related to supply chain security and information sharing on cyberattacks, says security expert Greg Garcia.

In the year ahead, cyber threats to the healthcare sector will continue to evolve from attacks primarily involving the theft of health data to assaults aimed at disrupting organizations' operations, predicts Sean Murphy, CISO of health insurer Premera Blue Cross.

The PCI Security Standards Council is creating a payments software framework, including two new standards that can evolve as the software rapidly changes, Troy Leach, the council's CTO, explains in this in-depth interview.