Info Risk Today Podcast

Attributing the Anthem, OPM and other breaches to specific attackers might be useful for government-level diplomatic efforts. But organizations must prioritize blocking all types of espionage and cybercrime attacks, says Symantec's Vikram Thakur.

Julie Conroy of the Aite Group analyzes why a new report shows most top-tier North American banking institutions expect to increase their spending on online and mobile fraud mitigation in the next two years.

Just how prepared are Japanese entities for dealing with the risks from targeted attacks? What are the unique considerations and the maturity level? Trend Micro's Masayoshi Someya shares his perspective.

Akamai's John Ellis talks about the quick evolution of bots and botnets, and how enterprise security leaders should deal with them now using a three-pronged approach - detection, management and mitigation.

When Benjamin Wyrick of VASCO Data Security looks toward 2016, he sees financial institutions embracing new mobile banking apps that are at once convenient and secure. What are the keys to making his vision a reality?

New draft guidance from the National Institute of Standards and Technology instructs healthcare providers on critical steps for securing patient data on mobile devices. Nate Lesser, who helped prepare the report, offers an analysis.

The FIDO alliance advocates the process of eliminating global dependency on passwords. RSA's Kayvan Alikhani discusses how FIDO is educating teams to use authentication tools to protect identities.

With enterprises now taking to the cloud in the APAC region, it's important to learn security lessons from western counterparts, says Cloud Security Alliance CEO Jim Reavis. He offers insights on dealing with risks and legacy IT.

If SSL goes away today, the Internet needs a security plan B, says Uniken's Chief Security Evangelist, Menny Barzilay. Innovation on the application level is what will restore trust, he believes.

Privacy advocate Deborah Peel, M.D., is worried that several ongoing healthcare sector initiatives could potentially erode patient privacy and individuals' control over their health records. Find out about her latest concerns.

Visa's Eduardo Perez says one of the key merchant vulnerabilities his company is most concerned about is weak remote-access controls for point-of-sale systems and devices. He offers risk mitigation advice in this exclusive interview.

One of the most important lessons emerging from the recent string of major cyberattacks in the healthcare sector is the need for executives to treat information security as an essential component of business operations, says attorney Ron Raether.

Security expert Alan Woodward is warning that enterprises should ditch RC4 after researchers demonstrated practical attacks that demolish the crypto that's widely used in enterprise WiFi devices and for TLS.

Organizations think they have done everything right, yet still they are breached. What has gone wrong? RSA's CTO Zulfikar Ramzan says it's time for security practitioners to shift to a new prevention mindset.

Virtualization and related developments bring significant changes to the architecture of today's data centers. At RSA Conference Asia Pacific & Japan, Cisco's Munawar Hossain defines these changes and outlines the new challenges.

Cybercrime is growing as an industry, developing capabilities to target large entities. Ernst & Young's Ken Allan recommends a three-stage strategy to combat threats and urges CISOs to set new priorities.

Put your personal feelings aside; what's dangerous about the AshleyMadison.com breach is that ideologists will now go beyond taking down an IT system and actually destroy a business. This evolution, says cybersecurity expert Carl Herberger, requires a new way to assess and mitigate risk.

Robin Slade of the Santa Fe Group says current vendor risk evaluation methods are inefficient. She advocates peer collaboration through shared assessments of vendors to help improve management of third-party risks.

Raimund Genes' keynote at RSA Conference Asia Pacific & Japan is an appeal to the information security community to start putting security in perspective, emphasizing new approaches that address the changing threat landscape.

DNS hijacking is the most common attack being investigated by Akamai's incident response team, says APAC CTO Mike Smith. He shares some background on the subject and his session on it at RSA Conference APAC.

Misusing data access privileges can pose a threat to the integrity of an organization's IT systems and the privacy of individuals. But gray areas exist, and it's not always clear cut when "unofficially" accessing protected data means users are abusing their privileges.

By now, organizations are well acquainted with DDoS. But do they understand the attacks' key components and how to mitigate them? Akamai's Matt Mosher shares the questions to ask when purchasing DDoS mitigation.

Privacy attorney Kirk Nahra says largely overlooked provisions tucked away in the "21st Century Cures" bill recently passed by the U.S. House of Representatives could have a significant impact on patient privacy.

As more enterprises adopt software-defined networking, hackers are finding the emerging technology to be a new route to penetrate organizations. Anthony Lim of (ISC)² recommends ways to secure SDNs against attacks.

After the OPM breach, the U.S. and China recently agreed to hammer out a cyber "code of conduct." But John Pescatore, a director at the SANS Institute, argues that governments would be better served by first jointly combating cybercrime.

The OPM breach is not just the biggest in U.S. government history. It's also likely a classic case of third-party risk management, says Jacob Olcott of BitSight Technologies. What are the key lessons to be learned?

Gordon Werkema, who is leading the Federal Reserve's initiative to revamp the U.S. payments infrastructure, describes his security priorities as the move to faster payments progresses.

Hord Tipton, a retired federal executive who spent more than five years as chief information officer of the Department of the Interior, says it was "chilling" to learn he is one of the more than 22 million victims of the Office of Personnel Management breaches.

Healthcare CIOs are lobbying for the creation of a unique national patient identifier to facilitate secure national health information exchange. Leslie Krigstein of the College of Healthcare Information Management Executives explains the initiative.

The healthcare sector lags behind the financial sector when it comes to the maturity of vendor risk management programs, a new study confirms. Risk management experts Rocco Grillo and Gary Roboff analyze the work yet to be done.

OpenDNS's Andrew Hay sees danger confronting many enterprises in the era of the "Internet of Things" as Internet-ready consumer devices, not architected for security, find their way onto corporate networks, often unbeknown to administrators.

The increasingly sophisticated cyberthreats facing healthcare are making privileged access management more critical, says Sudhakar Gummadi, CISO at Molina Healthcare, a managed care company.

The FFIEC has released its much-anticipated Cybersecurity Assessment Tool. Hear why banking regulator Tim Segerson believes the tool is expected to be rolled into regulatory examinations by summer of 2016.

The new chief executive of the Center for Internet Security, which operates the Multistate Information Sharing and Analysis Center, sees mutual cooperation among enterprises as a way for organizations with limited staff to address critical IT security problems.

The PCI Security Standards Council has just released version 2 of its point-to-point encryption standard. Jeremy King of the PCI SSC explains how this optional standard can complement PCI-DSS compliance.

As healthcare entities embrace consumer wearable health devices, it's critical to carefully weigh patient benefits with the security and privacy risks. Michael Ash, M.D. of Nebraska Medicine, shares advice.

Organizations that want to protect sensitive data first need to know where it is. But outside of military and government realms, few employees know how to manually classify data, or have an incentive to do so, says TITUS CTO Stephane Charbonneau.

With the rise in awareness of visual security threats and the advent in open plan office environments, protecting data inside the organization is a growing concern, says Ben Rooney, a marketing executive at 3M.

Adoption of the financial services top-level domain ".bank" will provide enhanced email authentication capabilities, three experts explain in part two of a panel discussion on the new TLD.

In this audio report on a Senate hearing, the federal CIO justifies his backing of Office of Personnel Management Director Katherine Archuleta as she defends retaining a contractor whose stolen credentials may have led to the breach.

Listen to an audio report on a House hearing where key federal lawmakers explain why Katherine Archuleta should be fired as Office of Personnel Management director in the wake of what could be the largest government breach ever.

Before healthcare entities consider accepting data from consumers' wearable devices, they need to take appropriate security measures, says Verizon security expert Suzanne Widup.

The 'Cybersecurity Domino Effect' is a new term to describe the cumulative impact of multiple data breaches. How should organizations and individuals respond? Michael Bruemmer of Experian offers guidance.

Employing context-aware security can reduce the risk of a hacker mimicking a legitimate user to illicitly access a system, says Bill Evans of Dell Security.

Those advocating the use of the ".bank" top-level domain argue that it offers better security than ".com." In part one of a two-part interview, Craig Schwartz of fTLD Registry Services and Doug Johnson of the ABA explain the security provisions.

When it comes to malware, how wide is the gap between infection and detection - and what is the potential business impact on organizations? Paul Martini, CEO of iboss Cybersecurity offers insights and strategies.

Enterprise developers are under pressure to produce quickly mobile apps, often leaving security as a second thought. Denim Group's John Dickson suggests ways to make security a priority.

Chris Feeney, recently named president of BITS, the technology and policy division of the Financial Services Roundtable, describes his top cybersecurity priorities, including helping members deal with insider threats.

Threat intelligence is increasingly being brought to bear to help businesses apply kill-chain concepts, focusing on disrupting discrete parts of online attacks as early as possible, says Fortinet's Simon Bryden.

What's your digital identity strategy? Numerous agencies in countries across Europe - such as the Italian postal service - are creating new approaches to verifying identities and allowing them to be used as a trusted service, says CA's Paul Briault.