Info Risk Today Podcast

RSA Conference 2017 is coming to San Francisco from Feb. 13 to 17. What new sessions, speakers and venues should attendees expect to see? Conference organizers Linda Gray Martin and Britta Glade offer a preview.

This ISMG Security Report leads with comments from President Donald Trump that suggest the U.S. military will take the lead in defending civilian-owned critical infrastructure. Also, how insider defenses changed since Chelsea Manning's WikiLeaks data dump.

Leo Scanlon, deputy CISO at the U.S. Department of Health and Human Services, will take a lead role as HHS sharpens its ongoing focus on cybersecurity issues, an effort that will continue under the Trump administration, he explains.

In his eight years in the White House, former President Barack Obama made cybersecurity a priority. But will his legacy be his administration's various IT security initiatives or the damaging breaches that occurred during his tenure? That's the lead story in the latest edition of the ISMG Security Report.

Mac McMillan, CEO of the information security consulting firm CynergisTek, explains in an interview why he sold the company he co-founded 13 years ago to healthcare document management firm Auxilio Inc., and what's planned next.

Companies involved in mergers and acquisitions are increasingly targeted with cyberattacks that could potentially derail the deals, says Bryce Boland of FireEye, who outlines the risks and offers tips for mitigating them.

In this edition of the ISMG Report: An FTC complaint filed against a camera manufacturer could signal the start of a trend to regulate IoT security. Also, Donald Trump adviser Rudolph Giuliani's cybersecurity credentials are questioned, and a terrorist shooting prompts new privacy guidance.

Critical issues that must be addressed to pave the way for broader exchange of health information are expanding the use of multifactor authentication and data encryption and making broad improvements in identity management, says David Kibbe, M.D., president and CEO of DirectTrust.

Examining the causes of a cyberattack that blacked out Ukraine's power system leads the latest edition of the ISMG Security Report. Also, a report on the Anthem breach and commentary on President-elect Donald Trump's characterization of cybersecurity.

Although HIPAA requires healthcare organizations to conduct a periodic security risk analysis focused on systems containing PHI, larger entities should also perform more comprehensive security self-assessments, advises CISO David Loewy of SUNY Downstate Medical Center, who explains his approach.

Because cyberattackers are now using memory-resident malware that leave no trace on the disk, forensics experts using traditional methods will face a challenge, says Christopher Novak, director of Verizon's global investigative response unit.

Hack analysis: The latest edition of the ISMG Security Report closely examines the U.S. intelligence community's assessment of how the Russian government allegedly tried to influence the American presidential election through breaches, social media and fake news.

The latest episode of the ISMG Security Report focuses on the clash between President-elect Donald Trump and the U.S. intelligence community on whether the Russian government directed the hack of Democratic Party computers to influence the American presidential election.

To deal with the risks posed by the explosive growth of the internet of things, CISOs and CIOs must expand the scope of their security efforts, says Ganesh Ramamoorthy, vice president of research at Gartner.

Medical device makers need to ensure they have procedures in place to take quicker action once they're alerted of cybersecurity issues in their products, says attorney Yarmela Pavlovic, who specializes in healthcare regulatory issues.

A U.K. Information Commissioner's report on its investigation into a 2015 TalkTalk breach offers essential information security takeaways for any organization that wants to avoid being breached, says David Stubley of 7 Elements.

Advanced threats are multi-layered and borderless - and so are today's enterprises. These are among the factors pushing organizations to adopt the Intelligent Hybrid Security approach, says Anil Nandigam of NSFOCUS.

The latest episode of the ISMG Security Report leads with security experts questioning the effectiveness of U.S. imposed sanctions against the Russians to stop Kremlin-backed cyberattacks.

As the Trump administration begins, expect a ramp-up in cyber espionage as well as more "test attacks" by nation-states, says cybersecurity specialist Brad Medairy of the consultancy Booz Allen Hamilton.

An analysis of a National Institute of Standards and Technology initiative to identify algorithms that could defend encryption against attacks from quantum computers leads the latest edition of the ISMG Security Report. Also featured: An update on new FDA guidance on cybersecurity for medical devices.

Now that more breaches are targeting industrial control systems, organizations that have paid little attention to operational technology security must ramp up their protection efforts, says breach response expert Christopher Novak of Verizon.

With the rise of malware infecting IoT devices, DDoS defenders "have to assume that the attackers have an unlimited supply of machines that they can compromise," says Akamai's Michael Smith. But quarantines, ISP feedback loops and better patch management can bolster defenses.

Will more "historical" breaches be revealed in 2017 and beyond? Data breach expert Troy Hunt is optimistic that such revelations will become rare as large businesses operating online continue to improve security. But what about small and mid-size organizations?

Because cyber threats are becoming increasingly sophisticated, bolstering employee and customer awareness and training about ransomware, phishing and other cyber risks must be a top priority in 2017, says Curt Kwak, CIO of Proliance Surgeons.

Cyber espionage groups are using unconventional channels to hack target organizations, according to Mandiant' s latest research. Trusted service provider relationships are being exploited to compromise organizations in government and defense, says Rob van der Ende, Mandiant's vice president for Asia Pacific and Japan.

Security software often generates so many warnings that it can be difficult to figure out which ones are the most serious. How can one differentiate good intelligence from bad? John Watters, founder of iSight Partners, discusses how to separate the signal from the noise.

In this special edition of the ISMG Security Report, DataBreachToday Executive Editor Mathew Schwartz discusses the Russian groups behind damaging hacks against the U.S. and Strategic Cyber Ventures CEO Tom Kellermann details cyberthreats posed by the West's nation-state adversaries.

Hacks sponsored by nation-states and attacks fueld by IoT-powered botnets are just some of the daunting threats we will see in 2017, says cybersecurity thought leader Tom Kellermann. What are his top predictions, and how should security leaders respond?

This edition of the ISMG Security Report features an analysis of recommendations by a U.S. House Encryption Working Group that Congress should not enact legislation that requires technology companies to help law enforcement authorities bypass encryption on the devices they manufacture.

A federal court recently ruled that the structure of the Consumer Financial Protection Bureau, which is led by a single director, is unconstitutional. Cybersecurity attorney Chris Pierson assesses whether the potential restructuring of the CFPB could have any impact on the bureau's oversight of banks.

As cybercriminals continue to wage more sophisticated, well-funded attacks, it's more urgent than ever to attract qualified professionals to careers in cybersecurity, Symantec CTO Dr. Hugh Thompson says in this audio interview.

Leading this latest edition of the ISMG Security Report: The growing momentum in Congress to establish a select committee to investigate breaches the American intelligence community has tied to the Kremlin to influence the U.S. presidential election.

Fifty-nine percent of security leaders believe their current ransomware defenses are above average or superior. Yet 53 percent also have been victim of ransomware attacks in the past year. Eduardo Cabrera of Trend Micro discusses this and other results of the Ransomware Response Study.

The impact of the patient data privacy and security provisions of the 21st Century Cures Act, signed into law Dec. 13, will depend, in part, on who is chosen to study key issues and come up with recommendations, says attorney Steven Teppler.

The emergence of contactless chip payments on mobile phones is changing the way transactions are authenticated and secured, Jeremy King of the PCI Security Standards Council explains in this audio interview.

A report foreseeing homegrown hacktivists showing their displeasure with President-elect Donald Trump by launching cyberattacks against U.S. government sites leads the latest edition of the ISMG Security Report. Also, the details behind the 1 billion-record hack of Yahoo.

Hack attack victims often ask two questions: "Who did it? And can we hack them back?" But after an attack, with time of the essence for blocking further damage, those are the wrong questions for breached organizations to be asking, data breach response expert Alan Brill says in this audio interview.

The healthcare sector needs to more effectively compete against other industries that are urgently seeking experienced cybersecurity professionals, says Lee Kim of the Healthcare Information and Management Systems Society, who discusses critical steps in this audio interview.

Ransomware is going to get personal. Password managers will be huge targets. And we will see the rise of a whole new exploit kit. These are among the 2017 security predictions from Malwarebytes Laboratories. CEO Marcin Kleczynski offers insight on how to prepare.

How much time and effort will consumers put into protecting themselves from identity theft and financial fraud? That was the question posed by Aite Group's Julie Conroy in researching the new Global Security Engagement Scorecard. And the answer might just surprise you.

Leading the latest edition of the ISMG Security Report: an analysis of the impact on healthcare information security and privacy of the 21st Century Cares Act, which President Obama signed into law Dec. 13. Also, a report on the spread of malvertising and an update on the Bangladesh Bank cyber heist.

Hackers are increasingly taking advantage of new technologies, including analytics and artificial intelligence, to launch more sophisticated attacks and commit cybercrimes, Bill Fox, a former federal prosecutor, explains in this interview.

In an in-depth audio interview, Troy Leach of the PCI Security Standards Council describes just-released guidance that's designed to help organizations simplify network segmentation, a practice the council strongly recommends to help protect payment card data.

A report on the former head of the NSA and CIA questioning President-elect Donald Trump's understanding of cybersecurity leads the latest edition of the ISMG Security Report. Also, House Homeland Security Committee Chairman Michael McCaul outlines his vision of Congress' cybersecurity agenda for 2017.

With their reliance on so many IoT devices, how can healthcare organizations defend against menaces such as the Mirai malware, which exploit these devices to create powerful botnets and launch DDoS attacks? Akamai's Dave Lewis offers tips.

According to one report, barely one-third of global organizations feel prepared to handle a modern cyberattack such as malvertising or ransomware. Justin Dolly of Malwarebytes explains how security leaders can step up their game in 2017.

In an audio interview, Steve Durbin, managing director of the Information Security Forum, offers a forecast of the top security threats for the year ahead, including the ramping up of attacks fueled by "crime-as-a-service" offerings.

As fraudsters continually refine their techniques to steal banking customers' credentials, IBM fights back with new tools that use behavioral biometrics and cognitive fraud detection. IBM's Brooke Satti Charles offers a preview.

The threat landscape certainly has changed in recent years. But can you say the same about the traditional intrusion prevention system? Kurt Bertone of Fidelis Cybersecurity lays out what to look for in a next-gen IPS.

A just-issued report from President Obama's Commission on Enhancing National Cybersecurity outlines challenges the next administration should address. Observations from one of the panel's commissioners highlight the latest episode of the ISMG Security Report.