Info Risk Today Podcast

The latest ISMG Security Report leads off with a discussion with <i>DataBreachToday</i> Executive Editor Mathew J. Schwartz on why online cybercrime is growing. Also, the status of the U.S. government's cyberthreat information sharing initiative.

In the wake of this week's rollout by NACHA, The Electronic Payments Association, of same-day ACH payments in the U.S., fraud departments at originating and receiving banks should be bracing for the new risks posed by faster payments, says NACHA's Jane Larimer, who offers insights on steps to take.

Why are hacked healthcare records so valuable? It's because stolen patient records often end up for sale on the deep web as part of information packages called "fullz" and "identity kits" used by fraudsters to commit a wide variety of crimes, says James Scott of the Institute for Critical Infrastructure Technology.

Cloud computing has already led to a fundamental shift in the enterprise computing paradigm, and security now needs to follow, says Gartner's Steve Riley, who shares recommendations.

The latest ISMG Security Report leads off with a segment in which Managing Editor Jeremy Kirk explains that the massive Yahoo breach not only exposed the accounts of a half-billion customers, but also the weaknesses in the way enterprises employ hashed passwords.

As pressure to speed the development of applications intensifies, CISOs must be the "voice of reason," taking a leadership role in ensuring security issues are addressed early in app development process, says John Dickson, principal at Denim Group, a Texas-based security consultancy.

In the face of evolving cyberthreats, organizations of all sizes need a more resilient cybersecurity architecture. Michael Kaczmarek of VeriSign describes how to achieve this resiliency.

Security expert Sean Sullivan isn't surprised that the massive 2014 breach of Yahoo, which exposed at least 500 million account details, only recently came to light. Here's why, as well as what users must learn from this breach.

Given the rapid spread of malware and difficulties with detection, what actions should organizations take? In this interview, Chris Novak of Verizon and Stephen Orfei of the PCI Security Standards Council offer insights.

In this latest edition of the ISMG Security Report, you'll hear an explanation why estimates from the Ponemon Institute and The Rand Corp. on typical enterprise data breach costs vary so widely. Also, analyses of a car hack, SWIFT's latest initiative to help banks mitigate fraud and the Yahoo breach.

Ransomware attacks are surging because attackers have perfected their techniques while enterprises in all sectors have failed to address critical security shortcomings, says Raimund Genes, CTO at Trend Micro.

A report on a new self-assessment tool that's intended to show whether an enterprise's cyber-risk initiative aligns with its goals and strategy leads the latest edition of the ISMG Security Report.

Because many law enforcement agencies lack cybercrime expertise, it's important for companies that have been attacked to provide as much technical and forensic information as possible to authorities to help ensure that investigations lead to arrests and prosecutions, a panel of experts says.

The recent hacker attack targeting the drug records of Olympic athletes, as well as other breaches involving high-profile targets, highlight the challenges involved in protecting sensitive data from external attackers or malicious insiders driven by political and other causes, says security expert Sean Curran.

A roundup of the just-concluded ISMG Fraud and Breach Prevention in Toronto leads the latest edition of the ISMG Security Report. Also, how one CISO gets his security message across to the board and the challenges CISOs face during their first 100 days on the job.

The paradigm shift in security from prevention to detection and response has finally arrived in Asian markets, says Sid Deshpande, Gartner principal analyst, who shares insights on 2016 trends.

Bank watchdog Sen. Elizabeth Warren is going after Wells Fargo for violating the privacy of bank customers. This news leads the latest edition of the ISMG Security Report.

The first 100 days on the job can be daunting for security leaders as they work toward understanding the organization's posture, while at the same time defending it around the clock. Gartner's Tom Scholtz shares insights on meeting key milestones.

An analysis of U.S. Republican presidential candidate Donald Trump's understanding of cybersecurity leads the latest edition of the ISMG Security Report. Also, the U.S. federal government gets its first chief information security officer.

Cyber threat information sharing in the healthcare sector urgently needs to be standardized so organizations can take appropriate action based on the intelligence, says Jeffrey Vinson, CISO of Harris Health System, who discusses findings emerging from ongoing federally funded research.

Based on Lockheed Martin's experience in the aftermath of a data breach, the company advises organizations to diligently gather threat intelligence internally to support development of an effective mitigation strategy, says Chris Coryea, cyber intelligence specialist.

Everybody talks about threat intelligence today, but how well are they distinguishing raw data from actionable intelligence? Stephen Gates of NSFOCUS discusses cybersecurity and the new threat intelligence ecosystem.

The ISMG Security Report leads with a report on Federal CIO Tony Scott partly blaming the way Congress funds agencies for the 2015 breach of computers at the Office of Management and Budget that exposed 21.5 million records.

A report on the implications of failing to notify manufacturers of security flaws in their medical devices and a conversation with internet co-founder Vint Cerf highlight the latest edition of the ISMG Security Report.

At least some of the alleged cybersecurity vulnerabilities in St. Jude Medical cardiac devices that were found by research firm MedSec Holdings don't necessarily translate to serious clinical risks for patients, says medical device security expert Kevin Fu.

Data centers are difficult to defend, and securing the perimeter is important but of little consequence if attackers get inside. But there are ways to lock down data centers, former White House strategist Nathaniel Gleicher explains in this interview.

The way the U.S. federal government funds information technology served as a major contributor to last year's breach of computers at the Office of Personnel Management that exposed 21.5 million records, says Federal Chief Information Officer Tony Scott.

Intelligence agencies sometimes seek out and develop exploits for the very technology that their nation's organizations rely on to secure their data. In an interview, cybersecurity expert Alan Woodward offers insights on how information security professionals should respond.

Just as seasonal flu viruses change from year to year, so too malware threats quickly evolve, necessitating a behavioral-based approach to security, says John Woods, CISO of pharmacy software vendor PDX Inc.

In an interview, Internet pioneer Vint Cerf says he sees a secure future for the network of networks he helped create four decades ago as the co-developer of TCP/IP, the protocol that facilitates internet communications.

Cybersecurity expert Joshua Corman analyzes the importance of properly handling disclosure of medical device vulnerabilities to avoid jeopardizing patients' health. He laments that the proper protocol was not followed when allegations about devices from St. Jude Medical, which the firm refutes, were made public.

A report on an FBI warning to state election officials that their IT systems could be hacked leads the latest edition of the ISMG Security Report. Also, Australian officials mull bitcoin technology to secure elections.

A report exploring how some organizations have been stockpiling bitcoins to use to pay off attackers if, or when, they become victimized by ransomware attacks leads the latest edition of the ISMG Security Report.

The process of managing software vulnerabilities inside the enterprise is complicated by the sheer number of patches that must be assessed, applied, tested and rolled out, says Wolfgang Kandek of Qualys, who offers suggestions on how to better focus those efforts.

For years now, security experts have been predicting 'the year mobile threats come of age.' Is it finally here? BioCatch's Uri Rivner discusses the recent surge in mobile threats - and what to do about them.

Many organizations take months or years to discover they've been victimized by breaches because they lack experienced cybersecurity personnel, says employment researcher David Foote. The "maturing of the workforce" will take considerable time, he says in an interview.

By nature of its name and reputation, the so-called "dark web" has acquired a unique reputation. Danny Rogers of Terbium Labs discusses some of the key myths and realities about the dark web, as well as how organizations should monitor it.

A report analyzing the development of a defense against attackers who exploit USB devices to hack into computers leads the latest edition of the ISMG Security Report.

In this in-depth interview, Iliana Peters of the HHS Office for Civil Rights explains the agency's strategy for ramping up investigations of health data breaches affecting fewer than 500 individuals.

Passwords' days are numbered as businesses attempt to deliver a better user experience to their online customers, as well as apply better identity management practices, says CA's Paul Briault.

Security spending - as a percentage of IT budgets - in recent years has been getting out of hand, says Chris Richter of Level 3 Communications, who offers suggestions for how to better keep costs under control.

In an in-depth interview, Ron Ross of the National Institute of Standards and Technology explains pending revisions of guidance on how organizations outside the U.S. government should protect sensitive federal data.

Medical device cybersecurity must be recognized as a critical public health issue so that all segments of the healthcare sector understand their roles in addressing the many complicated challenges involved, says Dale Nordenberg, M.D., of the Medical Device Innovation, Safety and Security Consortium.

Hear ISMG editors untangle the various elements in the Shadow Brokers-Equation Group saga, evaluate a new anti-ransomware tool and reflect on the 10th anniversary of the PCI Security Standards Council in this edition of the ISMG Security Report.

Sam Lodhi, director at niche services firm IBRS, speaks about adapting biological cybernetics to help management understand information security risk better and how cybernetics can be applied to other verticals.

As new schemes from hackers get more disruptive and harmful, it is critical to scale up defences, disrupt these attacks and make your organization a lesser target. Alex Holden, founder and CISO of Hold Security, tells how.

A lesson from down under: A report on unintentionally creating a distributed-denial-of-service attack aimed at oneself highlights the latest edition of the ISMG Security Report. Also, a report on interpreting HIPAA privacy standards more stringently.

The creation of sophisticated inventory systems is critical to ensuring the security of an organization's diverse medical devices, says Dale Nordenberg, M.D., who heads a medical device security consortium. Learn about the group's latest efforts in this arena.

The head of the nearly year-old ISAO Standards Organization, Greg White, describes how fledgling Information Sharing and Analysis Organizations can help create an information sharing ecosystem aimed at making IT more secure at enterprises of all sizes.

Granular patient consent policies - adopted despite HIPAA allowing certain data to be shared without explicit patient consent - can lead to less data being exchanged by healthcare entities, says researcher Julia Adler Milstein of the University of Michigan, who describes results of a new study.