Info Risk Today Podcast

Ransomware attacks are increasingly using multiple proven techniques to spread quickly and achieve the maximum impact before being thwarted. They are going to get bigger and target other platforms in the future, warns Justin Peters at Sophos APAC.

The latest edition of the ISMG Security Report leads with an analysis exploring how artificial intelligence can be used by hackers to threaten IT systems and by organizations to defend critical digital assets. Also, a deep dive into the NotPetya ransomware attack.

Only about half of medical device manufacturers say they follow FDA guidance for addressing cybersecurity risks, says security expert Mike Ahmadi. What about healthcare providers?

Many security leaders argue over whether their incident response posture needs to be proactive or reactive. But Rsam CISO Bryan Timmerman says it isn't either or - that organizations need both. Here's why.

Traditionally in cybersecurity, technology is the central focus. Adversaries act; security controls respond. But Richard Ford of Forcepoint says it is time to change the dynamic with a shift to human-centered security.

The latest ISMG Security Report leads off with a look at the growing industry of mobile spyware designed exclusively for governments, but often misused to track citizens and activists. Also, Australia's push to get allies to adopt tools to counter encryption.

Midway through 2017, phishing attacks are very much on the rise, namely because they are too easy to launch and far too lucrative for the attackers, says Brooke Satti Charles of IBM Security Trusteer.

In an in-depth interview, Guru Bhat, head of engineering at PayPal, describes how the online payments provider has used a mix of sophisticated automation, including machine learning, and human insight to maintain a fraud loss rate of just 0.32 percent.

The latest edition of the ISMG Security Report leads off with a look at why organizations turn to paper when critical systems can't be secured. Also, how to hack air-gapped systems over the internet.

Organizations can take steps in advance to help ensure that forensic investigations into data breaches and cyberattacks are successful, says security expert John "Drew" Hamilton, a professor at Mississippi State University.

Writing the obituary for the lifeless Neutrino exploit kit leads the latest edition of the ISMG Security Report. Also, judging the value of the Department of Health and Human Services' wall-of-shame website of healthcare sector breaches.

Data breaches will continue to plague the healthcare sector until the security mindset among senior leadership radically changes, says security and privacy expert Kate Borten.

Sixty-five percent of security leaders consider their organizations' security postures to be above average or superior. But only 29 percent are very confident in their security controls. Neustar's Tom Pageler analyzes results of Strategic Cybersecurity Investments Study.

Former U.S. CISO Gregory Touhill says the federal government must rethink how it hardens its workforce to prevent cyberattackers from succeeding. Organizations, he says, should regularly conduct cybersecurity exercises to help build their cyber defense.

The CEO of the company that crippled WannaCry's ransomware component explains to Congress how the worm continues to attack unpatched systems at increasing rates. Also, creating a healthcare cybersecurity framework.

Despite the efficiencies of cloud services, security remains a significant barrier of entry for many organizations. Mark Urban of Symantec offers advice to help security leaders navigate past cloud complexity and chaos.

Bad security habits of consumers whose use of apps is skyrocketing is leading to increased risks for businesses as they ramp up their use of apps as well, says Neil Wu Becker, a global vice president at A10 networks, who emphasizes the need to enforce best practices.

A report on security flaws found in mainframe computers leads the latest edition of the ISMG Security Report. Also, the tale of how a hacker launched his career; insights on new EU data protection regulations.

A discussion that explores the predicament many information security managers face when deciding which security technologies to buy in a glutted market leads the latest edition of the ISMG Security Report. Also: An update on cyber flaws in connected vehicles and the latest from Infosecurity Europe.

A just released update to the FFIEC's Cybersecurity Assessment Tool helps make meeting regulators' demands for "baseline" cybersecurity more attainable, says Amy McHugh, a bank adviser and former IT examination analyst for the Federal Deposit Insurance Corp.

A discussion analyzing the difficulty of striking a balance between IT functionality and cybersecurity leads the latest edition of the ISMG Security Report. Also featured: Updates on sizing up weaknesses in biometrics and the potential to exploit LED lights to leak sensitive data from routers.

The latest ISMG Security Report focuses on evolving Russian cyber threats, including manipulating hacked documents as part of a disinformation, cyber-espionage campaign.

It's a tried and true military tradition: ISR, or Intelligence, Surveillance and Reconnaissance. But the practice is gaining traction in enterprises as well, and especially within cybersecurity, says Christopher Cleary of Tenable Network Security.

In an in-depth interview about a new study that identifies thousands of vulnerabilities in cardiac devices, security researcher Billy Rios calls on manufacturers to more carefully consider the compromises they make in balancing the usability benefits to patient care versus the cybersecurity risks.

As the adversaries develop new methods to strike at increasingly vulnerable digital infrastructures, it is time businesses take a hard look at the way defense is approached and recast security models to drive the cost to the attacker up, says Palo Alto Network's Sean Duca.

Chris Sibila of Elements Financial Credit Union says thwarting socially engineered schemes waged against call centers as well as debit fraud linked to card breaches spurred the financial institution to hire its first full-time fraud investigator, who's already helping to curb fraud losses.

The 21st Century Cures Act presents a number of critical but challenging issues pertaining to the advancement of nationwide secure health information exchange that federal regulators must address, David Kibbe, M.D., president and CEO of DirectTrust, explains in this in-depth interview.

In this special edition of the ISMG Security Report, you'll hear an edited version of an ISMG Fraud and Breach Prevention Summit keynote panel in which current and former federal cybersecurity officials assess the IT security agenda of the Donald Trump administration.

Leading the latest edition of the ISMG Security Report: Secretary John Kelly's congressional testimony on how DHS led government efforts to mitigate the WannaCry ransomware attacks. Also, reports on ransomware defenses as well as big data and machine learning combining to secure IT.

Healthcare entities need to take a critical step right now to prevent their medical devices from being affected by the next major ransomware attack, says cybersecurity expert Kevin Fu.

The WannaCry ransomware outbreak was a huge "wake-up call" for the global information security community, says Dan Schiappa of Sophos. It's time to patch those legacy systems and prepare for the inevitable next big crimeware scare, he says.

The WannaCry ransomware outbreak showcases the problem: Security pros are overwhelmed by vulnerabilities that could be simple to mitigate, if only they had the right info at the right time. Humphrey Christian of Bay Dynamics discusses how to improve vulnerability risk management.

Big data and machine learning will play increasingly critical roles in improving information security, predicts Will Cappelli, a vice president of research at Gartner, who describes the reasons why.

Voice biometrics: Is it good enough to protect people's bank accounts? Also, the ISMG Security Report goes to Belfast, Northern Ireland, for this year's OWASP AppSec Europe conference, including a visit to the Titanic museum - hopefully not a metaphor for the discipline.

Information security and fraud departments at financial institutions need to improve their collaboration to help fight multichannel cyberattacks, say John Buzzard and Paul Love of CO-OP Financial Services.

Reports on how the U.S. Congress is taking steps to toughen cybersecurity lead the latest edition of the ISMG Security Report. Also, an analysis of a Government Accountability Office study on the IoT landscape and the security threats facing the internet of things.

Beyond improving their patch management practices, what else can organizations do to avoid falling victim to ransomware attacks such as WannaCry? Security expert Doug Copley offers advice.

The words of Assistant to the President Thomas Bossert, who boldly pledges to outdo previous administrations on improving federal government cybersecurity, lead the latest edition of the ISMG Security Report. Also, Microsoft's exasperation with the NSA over WannaCry ransomware.

When it comes to breach preparation, it isn't just about protecting IT assets. Increasingly, the conversation is about reputational risk management, says Jacob Olcott of BitSight Technologies.

As organizations worldwide rush to mitigate the outbreak of the WannaCry crypto-locking ransomware, Adam Meyers of CrowdStrike shares insights on what researchers have gleaned from the attacks and how organizations should respond.

The Food and Drug Administration will soon launch a new centralized digital health unit that will address the cybersecurity of medical device software, Bakul Patel, who is overseeing the effort, explains in this in-depth interview.

An analysis on rethinking where awareness programs fit in cyberdefense strategies leads the latest edition of the ISMG Security Report. Also, James Comey's cybersecurity legacy at the FBI.

An examination of the maturing of cybercrime leads the latest edition of the ISMG Security Report. Also, understanding the Intel Active Management Technology flaw.

Not so many years ago, Michael Donaldson was managing a major application for a large enterprise, and when he learned of an unpatched vulnerability, it took him two days to investigate and confirm. With the right tools today, that would take two hours. Listen and learn how.

Security practitioners are debating the role deception technologies can play in a security strategy. But how does the latest technology actually work? Sahir Hidayatullah, CEO and co-founder of Smokescreen Technologies, offers some insights.

The latest ISMG Security Report leads with an account of FBI Director James Comey's testimony before the U.S. Congress on insiders posing a cyberthreat to the American law enforcement bureau. Also, dissecting the claim that most startups fail shortly after being victimized by a cyberattack.

As ransomware assaults in the healthcare sector continue to rise, it's a matter of time before medical devices are impacted, says healthcare security expert Axel Wirth of Symantec, who analyzes the risks.

When it comes to cyber risk, how must the CISO manage communications across the enterprise? The board, the staff and the line-of-business leaders all have different needs. Humphrey Christian of Bay Dynamics offers advice for the CISO in the middle.

An analysis on why small businesses are increasingly being targeted by hackers leads the latest edition of the ISMG Security Report. Also, potential medical device hacks pose risk to patients, and payment fraud evolves as the threat landscape intensifies.

So far this year, we've seen heightened tensions between the U.S. and adversaries in Russia, North Korea and Iran. How do these tensions manifest on the cyber stage? Tom Kellermann of Strategic Cyber Ventures talks about the cyberwar risks brewing below the surface.