Info Risk Today Podcast

A series of analytical reports on the threats posed by Russian hackers and how to create cyber defenses highlight the latest edition of the ISMG Security Report.

The legal obstacles to achieving the goal of national health information exchange can be overcome, attorney Valita Fredland, the new privacy officer of the Indiana Health Information Exchange, contends in this interview.

The FBI is investigating the compromise of the DNC and related party organizations. The big question is whether the FBI will be able to definitively attribute the various hacks to Russia. Former special agent Leo Taddeo offers investigatory insights.

Colin McKinty of security firm BAE Systems - hired by SWIFT in the wake of the $81 million heist from the Bank of Bangladesh - explains why BAE now believes the malware used in the SWIFT-related attacks is not unique.

A report on FBI Director James Comey seeking to reopen the debate over creating for law enforcement a bypass to encryption on mobile devices is among the stories featured in the latest ISMG Security Report.

The next president of the United States should establish a cabinet position focused on cybersecurity, and Congress should create a more focused approach to funding and authorizing IT security initiatives, says Larry Clinton, who heads the Internet Security Alliance.

A report calling for the United States electoral systems to be designated as critical infrastructure to enhance information security and integrity leads this episode of the ISMG Security Report.

A new survey shows 82 percent of organizations around the world are struggling with a shortage of staff with cybersecurity skills. Training expert Simone Petrella analyzes the survey results and spotlights the skills needed now to fight emerging cyber threats.

Swindlers trolling social media sites for customers' personally identifiable information play a critical role in facilitating banking fraud, says American Bankers Association economist Jane Yao.

This edition of the ISMG Security Report features Global Cyber Alliance CEO Phil Reitinger previewing his keynote address at ISMG's New York Fraud and Breach Prevention Summit. He explains why he believes today's approach to cyber risk management is stuck in the "Bronze Age."

Cybersecurity has emerged as a key risk factor to be weighed during the due diligence process of any merger and acquisition. How should organizations on both sides approach the process? Steve Chabinsky of CrowdStrike share strategy.

The Democratic Party platform calls for balancing privacy and security concerns, and vice presidential nominee Tim Kaine endorses the formation of a commission to advise Congress on developing digital security and encryption laws.

The new "No More Ransom" portal is designed to emphasize that police and security firms are doing whatever they can to disrupt ransomware gangs, as well as to help more victims get their data back for free, says Intel Security's Raj Samani.

CISOs face the continuing challenge of how to clearly communicate information security risk to the board and senior management. But now they can take advantage of a free metrics framework designed to help evaluate an organization's cybersecurity readiness. Phil Cracknell of ClubCISO describes the effort.

The Global Cyber Alliance is taking on small projects to come up with solutions to big cyber risk problems. "It's essentially using a startup approach to a much bigger problem," CEO Phil Reitinger, who will keynote the upcoming ISMG New York Fraud and Breach Summit, says in this interview.

A Congressional proposal that would allow HHS to offer technical assistance to private-sector efforts aimed at solving the problem of matching the right records to the right patient could pave the way for a significant breakthrough, says Lynne Thomas Gordon, CEO of AHIMA, which represents records professionals.

CISOs must be empowered to define the security architecture for smart cities. How? By securing endpoints of known and unknown device categories in the network, says David Dufour, head of security architecture for smart cities at Webroot.

Implementing a successful cybersecurity strategy in light of advanced threats calls for operationalizing three key principles: visibility, identity and risk, says Zulfikar Ramzan, chief technology officer at RSA.

Leading the latest ISMG Security Report, some security experts expect the United States government to retaliate against Moscow for interfering in the American presidential election if the Obama administration determines the Russian government was behind the hack of Democratic Party computers.

Neither ransomware nor social engineering is new, but both are more advanced and effective than ever. How can organizations improve how they detect and respond to the latest threats? James Lyne of Sophos shares insight and advice.

In light of the surge of ransomware attacks in the healthcare sector this year, security risk adviser John Pironti of ISACA offers in-depth technical advice on preparing for - and reacting to - such attacks.

Bruce Schneier, CTO of Resilient Systems, is busy exploring how IoT - the name given to computerization of everything in our lives - is changing the security world. "We're building a world-sized robot, and we don't even realize it."

Too many organizations have too many disjointed security controls, says Vijay Bharti of Happiest Minds. What do they need? An integrated cybersecurity approach that includes analytics, machine learning and a higher degree of automation.

An analysis of the GOP platform, which takes a tough stand against Chinese and Russian hackers and suggests 'hack back' as a suitable cyber defense, highlights this edition of the ISMG Security Report. Also featured: reports on mitigating Pokémon Go risks and the growth of the IT security workforce.

Security vendor Novetta recently led an independent investigation into the 2014 Sony breach. What lessons were learned, and how do they apply to today's threat landscape? Novetta's Peter LaMontagne shares key findings.

While enterprises rebuild or upgrade their security programs, they must guard against over emphasizing technology investments while neglecting staffing issues, says Ben Johnson, chief security strategist at Carbon Black.

By tracking "Indicators of Exposure" - the top techniques attackers could use to hack into any individual enterprise - organizations can better defend themselves against network intrusions and data breaches, says Gidi Cohen, CEO of Skybox Security.

The Asian security landscape continues to change dramatically, and ransomware and cyber extortion are among the emerging trends increasing in frequency and volume. Kaspersky Lab's Vitaly Kamluk shares insights and advice.

Mobile health applications, wearable fitness trackers and even social media sites are creating new privacy risks for health information because the data collected, shared and used falls outside the regulatory scope of HIPAA, says Lucia Savage of the Office of the National Coordinator for Health IT.

Examining the human factor in the age of cyber conflict and the new healthcare challenge concerning ransomware highlight this edition of the ISMG Security Report. Also, hackers target the Republican convention.

FireEye has dealt with more disruptive data breaches over just the past year than it has since the company was founded 12 years ago. Charles Carmakal, vice president with the company's Mandiant forensics unit, shares tips for handling a breach.

An analysis of the record of the U.K.'s new prime minister, Theresa May, on cybersecurity and online privacy and a report on efforts to create an antidote to ransomware highlight this edition of the ISMG Security Report.

Deception technology is gaining prominence with top organizations around the world. As more practitioners join the active defense bandwagon, is your organization ready? Smokescreen Technologies' Sahir Hidayatullah shares some insights to get you going.

In the wake of the controversy over Hillary Clinton's use of private email servers, President Obama voices his concerns about the state of federal government IT security in this edition of the ISMG Security Report.

In the wake of the Hillary Clinton email controversy, organizations need to be more aware of the risks of unsanctioned "shadow IT" and take appropriate mitigation steps, says security expert Mac McMillan.

A bitter battle flares up in the fiercely competitive endpoint protection products market, and uncovering the real impact over Hillary Clinton's email server. These items highlight this edition of the ISMG Security Report.

Deception technology could be a game-changer, with many thought leaders and organizations already getting behind the concept of "assume compromise." Smokescreen founder Sahir Hidayatullah speaks about the rise of this emerging technology.

Missing from the analysis and debate regarding the U.S. government's decision not to prosecute presumptive Democratic Party presidential candidate Hillary Clinton for using a private email server while secretary of state is this simple fact: Secure IT systems aren't tailored to function the way people behave.

One of the unforeseen advantages of the so-called "brain-drain" in cybersecurity is that organizations have had to think outside the IT box and hire staff that don't fit the traditional computer science mold. Jen Miller-Osborn of Palo Alto Networks discusses why diverse backgrounds benefit security.

Healthcare entities should take several critical steps to minimize the security risks posed by older, legacy medical devices used in their organizations, says medical device cybersecurity expert Kevin Fu.

One of the core values of the cybersecurity framework is to facilitate communication among various stakeholders coming from different technical and managerial backgrounds who must collaborate to build secure IT systems, NIST Program Manager Matt Barrett explains in an interview.

More than 200,000 internet-connected systems remain vulnerable to the OpenSSL vulnerability known as Heartbleed, more than two years after the flaw was publicly announced and related patches released, warns security researcher Billy Rios.

Now a Ukraine bank has reported suffering a $10 million hacker heist via fraudulent SWIFT transfers. Also hear about why attackers often use legitimate IT administrator tools, and organizations' growing use of deception technologies and strategies.

Ten years after the launch of the PCI Data Security Standards Council, the key to ensuring ongoing compliance with the PCI Data Security Standard is winning CEO buy-in worldwide, says Stephen Orfei, general manager of the council.

The need for PCI-DSS compliance is being embraced in Southeast Asia and the Middle East, with adoption of PCI standards increasing dramatically over the last five years, says Dharshan Shanthamurthy, CEO of SISA Information Security, who shares insights about why PCI adoption is likely to continue to grow.

The Dark Overlord selling stolen healthcare databases for bitcoins leads the ISMG Security Report. Also hear about banks' move toward real-time transaction fraud controls and a bipartisan attempt in Congress to tackle the ongoing crypto and "going dark" debates.

So why is Visa temporarily reducing the fraud chargeback burden on non-EMV-compliant U.S. merchants? Mark Nelsen, Visa's senior vice president, says it boils down to this: The card brand wants to give retailers a break while it takes steps to streamline the cumbersome certification of new POS devices.

In the wake of recent SWIFT-related interbank payment heists, more banks are monitoring transactions for anomalous behavior in an attempt to catch fraud in real time, says Andrew Davies, a fraud prevention expert at core banking services provider Fiserv.

Healthcare organizations must do much more to continually measure the effectiveness of their security controls as new cyber threats emerge and evolve, Lisa Gallagher of PricewaterhouseCoopers, formerly of HIMSS, says in this in-depth interview.

Britain's surprise vote to "Brexit" the European Union leads the ISMG Security Report. Also hear analysis on a cybercrime forum selling remote server access; Comodo being in hot water by saying "let's encrypt"; and why Facebook CEO Mark Zuckerberg covers his webcam with tape.