Info Risk Today Podcast

Knowing exactly when to share information with law enforcement in the wake of a breach is challenging, says Assistant U.S. Attorney William Ridgway, a featured speaker at ISMG's Fraud Summit Chicago on May 19.

Security expert Mike Canavan of Kaspersky Lab North America pinpoints several critical security steps that organizations can take to help reduce the likelihood they'll become a victim of a hacking attack.

Emerging cybersecurity risks are now banking institutions' top concern, says the ABA's Heather Wyson-Constantine. What are institutions' contractual protections in the wake of a third-party data breach?

The emergence of the EMV chip in the U.S. is soon going to change the payments game for issuers and merchants. Here, Sophos' Chet Wisniewski describes what bankers should be doing now to prepare.

Securing the enterprise means securing the endpoint, not the network, says Bit9's Harry Sverdlove. Learn why the expanding perimeter is a source of concern.

Why not tap a community of bug hunters to find vulnerabilities in your products? That's the pitch behind Bugcrowd, which enables thousands of bug hunters to earn prestige - and cash - for finding and reporting new vulnerabilities.

In today's cloud-based and mobile-security world, data and applications regularly operate both inside and outside any supposed "traditional" network perimeter, and that makes them tough to secure, say F5 Networks' Preston Hogue and Greg Maudsley.

How can businesses ensure that the content coming into an application is executed safely, and that the application itself isn't under attack? That's the problem being addressed by Prevoty, says CEO Julien Bellanger.

Trying to consume threat data remains a difficult and highly manual process, says Solutionary's Joseph Blankenship. But better machine learning and artificial intelligence could make the task easier for enterprises.

Waging DDoS attacks is much easier today for hackers than it was three years ago, says Dave Lewis of Akamai. Learn why he says the online world is experiencing a commoditization of DDoS.

To better secure enterprise networks, as well as detect and respond more rapidly to data breaches, businesses need to know the who, what, where, when and why of all endpoints that connect to network resoruces, says ForeScout's Sandeep Kumar.

Rogue applications designed to impersonate a company's corporate brand are increasingly prevalent, offering attackers an easy way to fool online users into downloading malicious apps aimed at compromising credentials, says Arian Evans of the online security firm RiskIQ.

Botnet operators are increasingly selling access to interesting zombie PCs, as well as continuing to launch DDoS and financial attacks, warns Menno van der Marel, CEO of investigation firm Fox-IT.

Malware researchers can track important technical details about attacks, but shutting down cybercrime networks requires law enforcement agencies to take the next step, says Alexander Erofeev of Kaspersky Lab.

To deliver effective information sharing and threat intelligence, the security industry must settle on a single set of threat-sharing standards, says David Duncan of the Internet security firm Webroot.

To mitigate the threat posed by malicious insiders or attackers who compromise real users' credentials, businesses must create and monitor a baseline of legitimate user behavior and activities, says Idan Tendler, CEO of Fortscale.

There's a big difference between threat data and threat intelligence, says Kevin Epstein of threat intelligence firm Proofpoint. Data alone is not enough to predict emerging threats, he says.

As organizations increasingly focus on securing critical data, they mustn't overlook one huge vulnerability: enterprise email. Steven Malone of Mimecast discusses the latest in unified email management.

BitSight Technologies conducted research on breached organizations and how they were impacted by botnets. The results are eye-opening, says CTO Stephen Boyer, offering insights from this study.

To secure the growing number of devices being used within enterprises requires organizations to be sure they're providing the right access to the right resources for the right people, says Ping Identity's Nat Klassen.

Automating processes could help organizations tackle the shortage of cybersecurity practitioners by making the job of analyzing threats simpler and more efficient, says Jessica Gulick, a vice president at security provider CSG Invotas.

Using behavior analytics is key to identifying hackers, says Mark Seward, vice president of marketing for IT security provider Exabeam

As the U.S. completes its payments migration to the EMV chip, merchants and card issuers should be bracing for an uptick in card-not-present fraud, says Carol Alexander, head of payment security at software provider CA Technologies.

As organizations move toward storing and processing more data on the public cloud, security needs be automated and based on sound policies to mitigate growing threats, says HyTrust President Eric Chiu.

Organizations are moving to security solutions that protect applications and data without software agents, code changes or network devices, say Waratek's Anand Chavan and Michael Adams.

A class-action suit filed by U.S. banks and credit unions that's pending against Target could prove fruitful for the banks and credit unions, says attorney Chris Pierson, chief security officer at invoicing and payments provider Viewpost.

Mark Clancy, CEO of Soltra, which provides an automated information sharing platform, says banks and credit unions that don't share threat intelligence will never advance their information risk management practices.

Attitudes about cyberthreat information sharing, as well as attack attribution, have dramatically changed in the last 18 months, says the FS-ISAC's Bill Nelson, a featured speaker at RSA Conference 2015.

The PCI Council has just released PCI DSS 3.1, which calls for mothballing the SSL encryption protocol. What do security leaders need to know about the revised standard? Troy Leach of the council offers insights.

Healthcare organizations need to take several key steps to protect their environments from the type of cyber-attacks that recently affected Anthem Inc. and Premera Blue Cross, says security expert Mac McMillan of CynergisTek.

With India facing a major staffing deficit in cybersecurity, the National Security Database is redoubling its efforts to organize a credible workforce. Director Rajshekhar Murthy shares these initiatives.

Although recent hacking incidents in the healthcare sector have targeted large insurers, business associates, self-insured companies and even smaller hospitals should be bracing for cyber-attacks, says Daniel Berger, CEO of the consultancy Redspin.

For years, security leaders have struggled to find the balance between ensuring strong security and maintaining customer convenience. Benjamin Wyrick of VASCO Data Security says mobility may be the answer.

What is the Identity Ecosystem Framework, and why is it so important for security professionals to embrace? Kimberly Little Sutherland of LexisNexis Risk Solutions shares insights on the future of online identity.

Despite the growing attention that federal regulators have been giving to medical device cybersecurity, many healthcare organizations still neglect those devices in their risk management and compliance programs, says security expert Andrew Hicks.

High-profile breaches at Home Depot, Sony and others led many to declare 2014 "The Year of the Breach." But was it really? Verizon's Bob Rudis shares insights from the 2015 Verizon Data Breach Investigations Report.

Over the last six months, the University of Vermont Medical Center has seen a spike in phishing attempts, including those laced with malware in an attempt to steal credentials, says CISO Heather Roszkowski, who describes her defensive efforts.

Lucia Savage, chief privacy officer at the Office of the National Coordinator for Health IT, describes an updated privacy and security guide for physician practices and discusses a variety of other cybersecurity issues in an interview at HIMSS15.

New NIST guidance is aimed at helping organizations to better understand the risks associated with the information and communications technology supply chain, says Jon Boyens, a NIST senior adviser.

RSA Conference 2015 is expected to be the biggest gathering in the event's history. What's new at this year's event, and how can attendees get the most out of it? Program chair Hugh Thompson shares tips.

DDoS attacks are easy to launch yet difficult to defend against. Margee Abrams of Neustar discusses the state of DDoS and how organizations can best defend against today's potentially damaging attacks.

The RSA Conference is nearly a quarter-century old. What is the legacy of this event, and how is it flourishing in new geographic regions? Art Coviello, former chairman of RSA, reflects on the event's impact.

We all know that breaches and cybersecurity are topics of boardroom discussion. But how should security leaders present them to their boards? Jim Anderson of BAE Systems Applied Intelligence offers tips.

Some merchants want to postpone the EMV-related fraud liability shift, which major card brands have slated for October. But Randy Vanderhoof of the EMV Migration Forum sees "no reason to move the date."

In the four years that he led the National Strategy for Trusted Identities in Cyberspace, Jeremy Grant says he saw significant progress in the use of new forms of authentication - yet widespread acceptance remains years away.

RSA President Amit Yoran's focus is on refining RSA's vision, growth strategy and emerging technology. A key consideration in honing that strategy: the rise and pervasiveness of advanced threat actors.

Art Coviello is retiring after 20 years with RSA. How does the company chairman size up the state of information security? "Precarious at best." Hear his top concerns and his advice to the next generation of security leaders.

The advanced and persistent nature of today's cyber-attacks, which are often waged by nation-states, is changing the way organizations address network security, says BitSight CEO Shaun McConnon.

As more mega-breaches occur, cyber-insurers will more closely assess the security risks of potential clients, leading more organizations to improve their information security programs, attorney John Yanchunis predicts.

A critical step healthcare organizations must take to improve their information security programs is to prepare for the changing threat landscape, especially hacker attacks, says security expert Tom Walsh, who analyzes results of a new survey.