Info Risk Today Podcast

Today's ISMG Security Report leads off with House Homeland Security Committee Chairman Michael McCaul and DHS Secretary Jeh Johnson lamenting about the congressional bureaucracy that hinders passage of needed cybersecurity legislation.

Why are ATMs a top target for fraudsters? In an interview, Shirley Inscoe, a financial fraud expert and analyst at Aite Group, offers insights based on a new study and predicts the surge in skimming will continue next year.

Cyber espionage and other increasingly sophisticated nation-state cyberattacks will escalate into what amounts to "cyberwar" in 2017, predicts security expert Michael Bruemmer of Experian Data Breach Resolution.

Cyberattacks waged by organized crime groups are simultaneously targeting a wider array of industries worldwide, which is why cross-industry threat information sharing is more critical than ever, says Brian Engle, executive director of the Retail Cyber Intelligence Sharing Center.

The latest ISMG Security Report leads with a look at the ransomware attack against San Francisco's light rail agency. Also featured is an analysis of the ongoing fallout from Australia's online census project.

Healthcare entities must perform security due diligence when they consider introducing emerging technologies - including "internet of things" devices - into their environments, says attorney Stephen Wu, author of a new book on HIPAA compliance.

Soltra Edge, the automated threat intelligence sharing platform that had been slated to be phased out, has been rescued by NC4, a cyber threat intelligence firm that has purchased the platform, Bill Nelson of FS-ISAC explains in this exclusive audio interview.

In September, the annual G20 summit - the gathering of leaders from 20 major global economies- was held in China. NSFOCUS was selected to provide security protection. Guy Rosefelt discusses that mission and its unique challenges.

So, if 2016 was the year when mobile security threats finally started to materialize and mature, what can we expect to see in 2017? Tom Wills of Ontrack Advisory shares insight on the mobility threatscape and new enterprise solutions.

The latest ISMG Security Report leads with a look at how to protect patient data should President-elect Donald Trump and the Republican-led Congress follow through with their promise to dismantle Obamacare. Also featured is a discussion of whether IoT security should be regulated.

Retail groups are asking Visa to clarify how it plans to level the playing field for EMV adoption in the U.S. - especially for routing EMV debit payments. In an interview, Mark Horwedel of the Merchant Advisory Group explains MAG's objections to Visa limiting merchants' transaction options for debit payments.

Highlighting the latest ISMG Security Report: National Institute of Standards and Technology's Ron Ross explains how a new approach employing engineering principles can be used to build secure, trustworthy systems. Also, when a ransomware attack is deemed a breach.

An analysis of how the Donald Trump administration will address health IT security and privacy leads the latest edition of the ISMG Security Report. Also, the ramifications of a big breach, and an FBI agent tackles ransomware.

The breach of Democratic Party computers led to the release of a trove of emails embarrassing to Hillary Clinton that might have swayed the election. Should the IT security community fess up? Also, top government cybersecurity policymakers assess President-elect Donald Trump as an IT security influencer.

Donald Trump pledges to conduct a review of U.S. cyber defenses and vulnerabilities as one of his first acts as president. Melissa Hathaway, who led a similar review for Barack Obama nearly eight years ago, says it's important for an incoming president to get the lay of the land.

Two NIST initiatives aim to close the cybersecurity skills gap. One is an interactive, online tool known as CyberSeek; the other is updated guidance known as the NICE Cybersecurity Workforce Framework. In this audio report, NICE Director Rodney Petersen explains the connection between the two.

Thank Mark Zuckerberg's taped-over webcam and the Paris robbery of Kim Kardashian West for waking up the average consumer to the security risks they face from using technology and social media, social engineering expert Sharon Conheady says in this audio interview.

An explanation of how the FBI likely was able to quickly review 650,000 emails found on a computer shared by a top aide to Democratic Party presidential nominee Hillary Clinton leads the latest ISMG Security Report. Also, this week's ISMG Fraud and Breach Prevention Summit in London is previewed.

The Domain Name System is crucial to the functioning of the internet, but largely taken for granted - until it breaks. In an audio interview, Cricket Liu of Infoblox discusses how DNS providers must improve security.

How did the FBI likely approach its examination of the computer of Hillary Clinton's close aide Huma Abedin to determine if it contained classified materials? Forensic expert Rob Lee explains just how such an examination occurs.

As organizations prepare to transition to Microsoft Office 365, what should be their top security concerns - and how should they address them? Symantec's Deena Thomchick offers insight and tips.

The latest ISMG Security Report features a special report on potential cyber threats that could damage the integrity of the U.S. presidential election. Also, an analysis of the harm caused by Australia's largest breach of personal information.

The ransomware-as-a-service operation known as Cerber is earning at least $200,000 per month via ransoms paid by victims, says Check Point Software Technologies' Gadi Naveh. In an audio interview, he explains that bitcoins and high levels of automation are key to the operation's success.

The latest ISMG Security Report kicks off with a bit of history: Comparing the similarities between remediating the year 2000 data problem, known as Y2K, that enterprises faced at the end of the 20th century with today's initiatives to drive IT security by modernizing information systems.

Healthcare organizations should take a disaster recovery approach to creating their breach response plans, says Joey Johnson, CISO of Premise Health, in this audio interview.

An evaluation of new U.S. government guidance to prevent the hacking of automotive computers and electronics leads the latest ISMG Security Report. Also, IBM takes responsibility for the impact of a DDoS attack and a preview of the ISMG Healthcare Security Summit.

What critical factors make the healthcare sector vulnerable to cyberattacks? In this audio interview, CISO Dave Summitt of the H. Lee Moffitt Cancer Center and Research Institute offers insights.

In an in-depth audio interview, Beth Anne Killoran, the new CIO at the Department of Health and Human Services, outlines top cybersecurity priorities, describes how the agency is recruiting new security talent and outlines efforts to bolster the security of Obamacare's HealthCare.gov website and systems.

SecurityScorecard is out with its 2016 Healthcare Industry Cybersecurity Report, and it paints a grim picture about how vulnerable healthcare entities are to socially engineered schemes. CEO Aleksandr Yampolskiy shares insight from the study.

Sean Feeney, CEO of DefenseStorm, got his education at West Point. How did his military training prepare him for leadership in technology and cybersecurity organizations? Feeney shares leadership insights in this Executive Sessions interview.

For more than a decade, Christy Wyatt was immersed in mobile security - most recently as CEO of Good Technology. Now she has re-emerged as CEO of Dtex Systems. What new challenges does this role pose to the veteran security and technology leader?

Evaluating ways to thwart massive distributed denial-of-service attacks leads the latest edition of the ISMG Security Report. Also, explaining how "conspiracy theories" tied to an historic breach of Yahoo will have an impact on the internet company's future.

In an interview, experts from one of the FFIEC's five regulatory agencies explain why the council released a "frequently asked questions" guide to its Cybersecurity Assessment Tool and how they hope banking institutions will put the FAQ to use.

Experts evaluating the likelihood of a hack to alter votes in this year's American presidential election highlights the latest edition of the ISMG Security Report. Also, U.S. federal regulators propose new cybersecurity rules for big banks.

Despite high-profile leaks and the attention given to the insider threat, many organizations still fail to even see that they have an insider threat problem. Ajit Sancheti, CEO of Preempt, discusses what's needed to improve insider threat detection.

When it comes to describing the top fraud threats to UK financial institutions, it's all about compromised identities and credentials, says John Marsden of Equifax. How can organisations prove their customers are who they say they are?

The latest ISMG Security Report analyzes new state bank cybersecurity regulation and getting small healthcare practitioners engaged in cyber threat information sharing. Also, why one nation claims it never experienced a cyberattack.

A "bottom-up" approach to IoT security is essential, starting with the hardware as the "root of trust" and then addressing the operating systems and applications, says Wind River's Thilak Ramanna, who calls for the development of standards to ensure security is baked into devices.

Although experts see widespread, practical applications of artificial intelligence as at least a decade off, it's something that's on the mind of President Obama. The commander in chief shares his thoughts on the intersection of artificial intelligence, medical viruses and cybersecurity.

The National Health Information Sharing and Analysis Center aims to better engage smaller healthcare organizations in cyber threat information sharing, leveraging funds from two recent federal grants. Denise Anderson, president of NH-ISAC, describes the plans in this in-depth interview.

A report on the verbal combat between Hillary Clinton and Donald Trump over whether the Russian government is using hacks to influence the U.S. presidential election leads the latest edition of the ISMG Security Report. Also, an update on Dropbox's new password protection strategy.

"How secure are we?" That's one of the most common questions asked by boards and senior managers. But security and technology leaders do not always have ready answers, says Jacob Olcott of BitSight Technologies. Are they even using the right security metrics?

The latest edition of the ISMG Security Report leads off with an analysis of the PCI Security Standards Council's new requirements that are designed to help thwart attempts to defeat encryption in point-of-sale devices.

Because the legal relationships between healthcare organizations can be very complex, it's not always crystal clear when business associate agreements should be in place to help safeguard patient data, says privacy attorney Adam Greene. He explains the legal issues in this in-depth interview.

To better mitigate the breach risks tied to the growing use of mobile devices, organizations need to adopt enterprise digital rights management as a way to improve data security, says Gartner's John Girard.

In this in-depth interview, cybersecurity researcher Jay Radcliffe explains flaws he identified in certain Johnson & Johnson wireless insulin pumps that make them vulnerable to hacker attacks. His discoveries led the device maker to issue warnings to patients and physicians.

Republican presidential candidate Donald Trump laying out his cybersecurity agenda leads the latest version of the ISMG Security Report. Also, federal leaders address threats posed to the U.S. electoral system.

Markus Jakobsson, Chief Scientist at Agari, has released a new book focused on socially-engineered schemes. What are the key takeaways, and how can security leaders improve their abilities to fight back against the schemers?

Attackers have healthcare entities in their crosshairs, and their favorite targets are easily compromised credentials. Tracy Hulver of Synchronoss offers new ideas for how security leaders can better manage and secure identities.

Commerce Secretary Penny Pritzker suggests that regulatory agencies should implement cyber threat information sharing programs with the businesses they regulate, not only to enhance their IT security, but to build a collaborative environment between the two, often adversarial sides.