Info Risk Today Podcast

The primary mission of the new Global Cyber Alliance is to identify measurable ways to mitigate cyberthreats facing the public and private sectors, says Phil Reitlinger, a former DHS official and Sony CISO, who heads the new group.

Today's enterprise infrastructure is full of blind spots that can hide malicious threats, and traditional security tools struggle to scale up to meet increased demands. How must security leaders respond? Amrit Williams of CloudPassage shares insight.

Attorney Kevin McGinty analyzes the potential impact of a Massachusetts judge's unusual decision to allow a class-action lawsuit stemming from a health data breach to proceed, despite a lack of evidence of harm stemming from the incident.

The FFIEC's Cybersecurity Assessment Tool is already being integrated into regulators' cybersecurity examinations, says Gartner analyst Avivah Litan. But the tool has so far led to more confusion than clarity, she says, and must be enhanced in 2016.

Expect rebooted European Union data privacy rules to drive organizations worldwide to begin minimizing the amount of information they collect and store on individuals in 2016, both to protect privacy as well as minimize the impact of data breaches.

In the healthcare sector in 2016, hackers will continue to threaten systems and networks - and possibly medical devices - while federal and state regulators expand and refine their data security enforcement activities.

Boards of directors that figure out how to leverage cybersecurity as a strategic asset will give their organizations a strong competitive advantage, says Lance Hayden of Berkeley Research Group. "Security needs to be part of what the organization uses to competitively differentiate itself."

In the coming months, the Department of Homeland Security will implement a new cyberthreat information sharing law designed to help prevent breaches. But will the Cybersecurity Act of 2015 really make a difference?

The hack of the Office of Personnel Management, revealed in June, represented a turning point. As a result of the cyberattack, breaches became a concern of a wide sphere of government employees and citizens.

Without a doubt, 2015 was the year of the healthcare megabreach and a major turning point for the sector. The hacking incidents are a blaring wake-up call to safeguard patient data.

The breaches of the infidelity online dating service Ashley Madison and toymaker VTech illustrate how cyber intrusions got worse in 2015, thanks to organizations failing to secure private information.

Improving breach detection and defenses involves much more than buying the latest technology, warns security expert Haroon Meer. "We keep moving on as we try to solve new, shiny problems, which we then half solve, but we still haven't completely solved problems that we knew about 20 years ago."

NIST is soliciting comments from stakeholders on whether its cybersecurity framework is helping organizations secure their information systems. Those observations could result in an update of the framework, NIST's Adam Sedgewick explains in this interview.

Security expert Chris Bowen explains why mitigating emerging threats to mobile devices and applications should be a top health data breach prevention priority for 2016.

Understanding the promise of user behavior analytics is one thing. Deploying them to detect and respond to threats is quite another. Bert Rankin of Fortscale offers tips on practical application of the latest UBA solutions.

Too many recent high-profile breaches resulted from attackers using legitimate user credentials to infiltrate critical systems. Fortscale's Bert Rankin tells how user behavior analytics help organizations catch attackers after the breach.

Conflicting cybersecurity guidance from banking regulators and a federal agency is making it more difficult for CISOs to set priorities, says Chris Feeney, president of BITS, the technology and policy division of the Financial Services Roundtable.

To help train more cybersecurity professionals, academia must work with business and government to find enough qualified trainers and educators, says George Washington University Professor Diana Burley.

The rising profile and increasingly complex nature of cyberattacks was a major development in 2015. What are the key threats for security practitioners to be wary of in the year ahead? FireEye CTO APAC Bryce Boland shares insights.

Legislative expert Samantha Burch of the Healthcare Information and Management Systems Society offers an in-depth analysis of healthcare provisions in the recently enacted Cybersecurity Act of 2015 and describes how the law could prove especially helpful to smaller organizations.

Giving the fired Sanders aide the benefit of the doubt that he wasn't trying to steal Clinton campaign secrets to benefit the Vermont senator's quest for the White House, was Josh Uretsky justified in accessing the rival's data to conduct his own investigation?

Security expert Tom Walsh makes a case for why the time has come to update the HIPAA Security Rule, which he says is out of date in light of today's new technologies and sophisticated cyberthreats.

Jeremy King of the PCI Security Standards Council explains why it has extended its compliance deadline for encryption updates aimed at phasing out SSL and TLS 1.0. But he stresses that merchants, processors and acquirers should not wait to make upgrades.

In terms of malware, 2015 will go down as the year that ransomware got big, and the organized criminals behind it got bolder. IBM's Limor Kessem discusses what to expect from advanced malware variants in 2016.

As it continues to ramp up its cybersecurity enforcement efforts, the FTC could take action next year against consumer wearable device makers if they fail to live up to their promises to protect the privacy of health data and other information, says researcher Stephen Cobb, who also expects scrutiny from the FDA.

To guard against health data breaches, healthcare organizations must demand more proof that their business associates are safeguarding patient data and mitigating related risks, says privacy and security expert Daniel Schroeder.

As the cyberthreats facing the healthcare sector grow ever more sophisticated, CIO John Halamka, M.D., says organizations must launch aggressive security initiatives, including investing in analytics to improve breach detection, plus two other critical steps.

Check fraud - it not only won't go away, but it is morphing to keep pace with consumers' digital banking habits. David Barnhardt of Early Warning talks about this persistent fraud threat and how banking institutions should respond to it.

Today's security threats may be considered "advanced" by some, but ThreatSTOP founder and CEO Tom Byrnes believes many organizations are living in the medieval times of cybersecurity. How can they avoid slipping into the Dark Ages?

He'd spent nearly 15 years in information security, then realized we needed to change our fundamental approach. Why did Art Gilliland, CEO of Skyport Systems, bet his career on this notion? And how is it paying off?

Healthcare organizations should expect more FDA cybersecurity alerts about medical devices in the year ahead, predicts security researcher Kevin Fu, who explains why.

President Obama's remarks urging "high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice" are being interpreted by some to mean that government and Silicon Valley should collaborate to create a backdoor to circumvent encryption on devices used by terrorists.

In the year ahead, federal regulators need to ramp up their efforts to enforce HIPAA compliance among business associates because so many lack mature security controls, argues security expert Mac McMillan of the consultancy CynergisTek.

The experience of a dozen health plans that participated in a cyberattack drill spotlights the need for a well-thought-out incident response plan, says John Gelinne of Deloitte Advisory Cyber Risk Services.

A huge part of fraud prevention is being able to detect anomalous behavior on your network. But to do so, you need to know what normal behavior looks like. Usman Choudhary of ThreatTrack discusses how to create that network baseline.

Consultant, venture capitalist, retired chairman of RSA. Art Coviello plays many roles, and through them he has a unique view on how the information security marketplace is taking shape for 2016. Who does he see as the winners and losers?

Malware: How does it work, who built it and what - or who - is it designed to target? Answering these types of questions is a job for Marion Marschalek of Cyphort, who reverse-engineers malicious code for a living.

Business email compromise attacks are becoming more sophisticated and pervasive, and smaller businesses in English-speaking countries are proving to be the most common targets, says PhishLabs' Joseph Opacki, who calls on banks to show customers examples of the schemes.

While cyberattacks will continue to menace healthcare and other business sectors next year, organizations can't afford to overlook addressing risks tied to insiders, who are responsible for most data breaches, says Michael Bruemmer of Experian Data Breach Resolution.

More cybersecurity specialists are making the leap from long-time careers in law enforcement, the military and the government to the private sector, says Dale Meyerrose, a retired U.S. Air Force Major General, who explains why.

In the age of payment card breaches, PCI compliance is a top priority for merchants and organizations that process electronic payments. But what difference does it make when its PCI compliance in the cloud? Steve Neville of Trend Micro shares insight.

Insurance fraud schemes are growing in scale and sophistication. But at the same time, insurance companies - and their customers - are losing their appetite to accept fraud losses. IBM's Brian Banigan offers insight on the latest counter-fraud solutions.

The surge in data breaches has left millions of consumer records compromised. As a result, fraudsters have all they need to open bogus accounts, which cost banks huge losses linked to what Greg Shelton of LexisNexis Risk Solutions calls "sleeper fraud."

As precision medicine research advances, the medical community must take steps to address the privacy risks to sensitive genetic information that is shared among researchers, says Carlos Bustamante of Stanford University.

LabMD's recent victory in its long legal battle with the Federal Trade Commission will be short-lived, the medical testing lab's CEO predicts. Find out why, and what changes Michael Daugherty hopes the case will bring to FTC's enforcement practices.

NICE's Rodney Petersen sees too many government agencies and businesses using old-school methods to identify and recruit IT security professionals. Consequently, they often fail to build their cybersecurity staffs.

The ruling to dismiss the FTC's data security case against medical lab LabMD will result in FTC staff more carefully vetting the enforcement cases the agency pursues against all other companies in the future, predicts former FTC attorney Reed Freeman.

In the wake of the Paris attacks, cybersecurity expert Brian Honan argues that now is not the time to make snap public policy decisions that attempt to promote or restrict either cryptography or surveillance.

The terrorist attacks in Paris likely would have occurred even if intelligence and law enforcement agencies could have broken encryption Islamic State attackers used in their communications to plan the assault that killed at least 129 people.

The massive cyberattacks that struck Chase and other leading U.S. financial services firms illustrate just how vulnerable larger institutions can be to cyber-attacks. They also show why organizations must encrypt customer data, says security and forensics expert Chuck Easttom.