Info Risk Today Podcast

In an in-depth interview, Verizon's Ashish Thapar analyzes the results of the company's latest Data Breach Investigations Report, noting, for example, the spread of cyberespionage in several sectors worldwide. He also shares insights on effective mitigation strategies.

The ISMG Security Report leads with an analysis of how tactics used by Kremlin-tied actors to target political groups in France, Germany and the U.S. to influence foreign elections could be employed to damage the reputation of businesses.

As ransomware attackers continue to hone their craft, defense also is evolving. Con Mallon of CrowdStrike discusses what to do - and what not to do - when your organization is struck by ransomware.

Although cyberattacks on medical devices that could potentially harm patients so far have only been demonstrated in lab settings, there have been actual cases involving the hacking of devices to gain access to patient data, says ethical hacker Stephanie Domas.

Healthcare organizations must take a long view in their security risk management programs rather than focus on the "cyberthreat du jour," says security expert Bob Chaput, who explains why.

Word that President Donald Trump's cybersecurity executive order could be unveiled in days leads the latest edition of the ISMG Security Report. Also, large Australian companies anticipate rise in information security risk.

A look at a Russian-speaking hacker offering novice cybercriminals a cheap way to conduct ransomware attacks leads the latest edition of the ISMG Security Report. Also, hear U.S. Homeland Secretary John Kelly address the cybersecurity challenges the federal government confronts.

Medical device manufacturers and healthcare entities should take five key cyber-related steps to help ensure patient safety, says Beau Woods of the grassroots cyber-safety advocacy group, I Am the Cavalry.

To shift from reactive to active defense mode, organizations need to get better at both threat-hunting and incident response. Tim Bandos of Digital Guardian discusses the tools and skills that are needed.

Biometric adoption and demand by consumers is increasing rapidly. Next-gen solutions now exist for organizations to bring secure, frictionless authentication to their consumers using biometric solutions. Michael Lynch of InAuth shares insights.

A report from Editorial Director Tom Field on why organizations struggle with privileged access management leads the latest edition of the ISMG Security Report. Also, did the NSA target SWIFT bureaus?

What should healthcare entities and business associates expect when faced with a data breach investigation or compliance audit by federal regulators? Attorney Marti Arvin discusses the do's and don'ts.

Too many businesses assume that the internet will be around forever, but that's faulty thinking and an impractical business practice, says Information Security Forum's Steve Durbin, a featured speaker at Information Security Media Group's Fraud and Breach Prevention Summit in Atlanta this month.

Leading the latest version of the ISMG Security Report: A tale of how a dedicated manager spent her weekends monitoring video of ATMs led to the capture of a criminal skimmer. Also, the growing sophistication of cybercriminals.

A look at how top security vendors share cyberthreat intelligence leads the latest edition of the ISMG Security Report. Also, states taking up legal efforts to assure the safety of medical devices and apps sold to consumers.

When it comes to the motivations driving Eastern European cybercriminals, "pseudo-anti-Americanism" is big, says Vitali Kremez, a researcher with intelligence firm Flashpoint who regularly infiltrates cybercrime forums.

A report outlining new ways to recruit and retain cybersecurity professionals in the U.S. federal government leads the latest edition of the ISMG Security Report. Also, the sector considered the most cybersecurity challenged, and the growing interest in virtual private networks.

The latest edition of the ISMG Security Report leads off with an interview with the co-editor of a new book, Inside Threat, who uses examples from the physical world that can be applied to the virtual world. Also, organizations fall short on offering identity protection services.

Collaboration between medical device manufacturers and ethical hackers who discover vulnerabilities is getting better, but there's still plenty of room for improvement, says Bill Aerts, the former global privacy and security officer of Medtronic.

The security landscape has shifted significantly for financial services organizations. And now they must use digital transformation as the impetus to evolve their cybersecurity strategies, says Bruce Roton of Level 3.

Leading the latest edition of the ISMG Security Report: A breakdown of testimony presented at a Senate Select Committee on Intelligence hearing on Russia's attempt to influence the U.S. presidential election. Also, remembering Trend Micro Chief Technology Officer Raimund Genes.

What's in store for health data privacy and security initiatives in the Trump administration, now that a new leader for the HHS Office for Civil Rights, which enforces HIPAA, has been selected? Healthcare attorney Kirk Nahra, a regulatory expert, offers an assessment.

As the threat landscape evolves, with risks exposed by newer technologies and commoditization of attack infrastructure, the motives of targeted attackers may also be evolving as they try new ways to influence change in an increasingly digital world.

The former Smart Card Alliance industry group has expanded its mission to include IoT, mobility and other emerging technologies. And it has a new name, too: Secure Technology Alliance. Executive Director Randy Vanderhoof explains the move.

An analysis of British Home Secretary Amber Rudd's call for law enforcement to gain access to encrypted communications services, such as WhatsApp, leads the latest edition of the ISMG Security Report. Also, a preview of ISMG's Fraud and Breach Prevention Summit in San Francisco.

A look at experts promoting blockchain as a secure way to share cyberthreat information leads the latest edition of the ISMG Security Report. Also, how sound waves pose a threat to IoT devices, smartphones and medical devices.

With the rapid changes in the threat landscape and the risks introduced by DevOps, the cloud and other new elements, organizations need to have a continuous vulnerability assessment program as a security baseline, says Richard Bussiere of Tenable Network Security.

Organizations are shifting from an IT-driven to a business-driven approach to information security, with a focus on minimizing business disruption, says Kartik Shahani of RSA.

Leading the latest edition of the ISMG Security Report: FBI Director James Comey's revelation of a counterintelligence investigation of possible ties between Donald Trump's presidential campaign and Russia's actions to influence the U.S. presidential election.

A recent study by Forrester Research unveils a direct correlation between data breaches and organizations' IAM immaturity. What needs to change? Corey Williams of Centrify offers strategic advice.

Some medical devices, smartphones and internet of things gadgets contain certain types of sensors that are vulnerable to potential hacking using sound waves, says cybersecurity researcher Kevin Fu, who calls on manufacturers to address the risks.

A look at President Donald Trump's budget blueprint to boost cybersecurity spending in fiscal year 2018 leads the latest ISMG Security Report. Also, Russian agents charged with Yahoo hack; new White House cybersecurity adviser Rob Joyce profiled.

As effective as ransomware has proven to be in attacks against so many organizations across regions and sectors, certain characteristics actually can help defenders gain an edge in detecting malware. Lastline's Engin Kirda explains how.

BitSight Technologies has just concluded a new study that rates the cybersecurity performance of Fortune 1000 enterprises. What are the key takeaways? Data Scientist Jay Jacobs shares his analysis.

The latest ISMG Security Report leads with a profile of Rob Joyce, the National Security Agency operative who is reportedly under consideration to be President Donald Trump's top cybersecurity adviser. Also, cybercriminal ties with Russian intelligence and the lifespan of zero-day vulnerabilities.

An important theme that emerges from the HHS Office for Civil Rights' dozens of HIPAA settlements is that all aspects of compliance are critical and subject to close scrutiny by federal regulators, says former OCR director Leon Rodriguez.

The source code for the Mirai botnet has been updated to launch DDoS amplification/reflection attacks, although so far that capability hasn't been used, says Gary at Arbor Networks. Even so, DDoS defense planning remains essential.

The ability of artificial intelligence to look for patterns in vast data - including large collections of unstructured data - is presenting new potential applications for bolstering the security of patient information, says Navin Budhiraja of Infosys.

The rapid evolution of malware and proliferation of solutions have created a state of chaos for security leaders, says Naveen Palavalli of Symantec. What strategy and solutions will help restore order to anti-malware defense?

Leading the latest edition of the ISMG Security: A deep dive into the WikiLeaks release of thousands of documents that appear to lay open in detail the CIA's computer hacking techniques Report. Also, tackling the rise of attacks targeting the internet of things.

When it comes to massive DDoS attacks powered by the likes of a Mirai botnet, "the sky is not falling," says ESET security researcher Cameron Camp. But organizations do need to prepare - and here's where to start.

A look at the return of the Crypt0L0cker ransomware leads the latest edition of the ISMG Security Report. Also, assuring the security of medical devices; and U.S. federal prosecutors drop charges against a child porn suspect rather than reveal the hacking technique used to ensnare him.

To meet the increasing customer demands for effective solutions, security vendors must ensure their products work together well, says Dr. Mike Lloyd of RedSeal. This is particularly essential to achieving "digital resilience," the ability to promptly detect and respond to network intrusions, he says.

With Verizon's data breach investigations team finding that 90 percent of breaches trace to a phishing or other social engineering attack, lead investigator Chris Novak says that using multifactor authentication should be a no-brainer for all organizations.

When trying to detect which security events are malicious, analysts have long battled signal-to-noise problems. LogRhythm's James Carder describes how behavioral analytics, case management, security automation and threat intelligence can help.

The European Union's General Data Protection Regulation, which will be enforced beginning in May 2018, will affect organizations throughout the world because it applies to any company that handles Europeans' personal data, says Fred Kost of HyTrust.

Leading the latest edition of the ISMG Security Report: The death of former White House Cybersecurity Coordinator Howard Schmidt, and a report on legislation to strengthen the influence of the National Institute of Standards and Technology on federal civilian agencies.

The cloud can be used to improve security by helping to separate data from applications, networks and other infrastructure, says VMware's Tom Corn.

In an in-depth interview, the Food and Drug Administration's Suzanne Schwartz, M.D., dispels some myths about the FDA's regulatory activities and expectations on the cybersecurity of medical devices.

In the latest edition of the ISMG Security Report: Analyzing how reflective social engineering can battle cybercriminals who use social engineering to fool users into divulging personal information.