Info Risk Today Podcast

Nine compelling threats will make securing IT more challenging than ever over the next two years, says Steve Durbin, managing director of the Information Security Forum.

Community banking institutions are at great risk of cyber-attack because they often don't think they're targeted, says Scott McGillivray of Pacific Continental Bank, who describes how to convey this risk to senior management.

Despite high-profile attacks and publicity, advanced persistent threats continue to strike organizations in all sectors. How can security leaders improve defenses? ThreatTrack's Usman Choudhary offers advice.

The way enterprises address information security will play an increasingly critical role in how cyber-insurance providers determine coverage and pricing, insurance experts told members of Congress at a recent hearing.

As data breaches continue to multiply, employers must not overlook how intrusions could lead to the theft of employees' identities, paving the way for fraud, says ID theft expert Johnny May. He will keynote the March 24 Fraud Summit Atlanta.

When Todd Davis helped found LifeLock in 2005, ID fraud was a niche consumer issue. Today it's a major enterprise risk. What are today's top fraud threats, and where are some of the surprising security gaps?

During her first month on the job, former Secretary of State Hillary Clinton used a private email server that lacked a digital certificate that would have ensured encrypted and authenticated email communications, surmises security firm Venafi.

When IT veteran Branden Spikes founded his own company devoted to isolating browsers from attacks, he thought building the technology would be the top challenge. The venture capital community proved him wrong.

West Virginia United Health System is taking a multi-step approach to thwarting insider threats, including aggressive analysis of access audits, says assistant CIO Mark Combs, who helps lead the system's privacy and security efforts.

ID fraud reported by U.S. consumers dropped 3 percent in 2014 - the first decline since 2010, according to Javelin. But analyst Al Pascual says the decrease should have been much greater.

The CEO of Bit9 speaks from experience: His firm was hacked, sensitive data stolen and customers put at risk. And what's happened since represents his mission to fend off attackers, even as they refine their hacks.

Chris Buse, CISO for the state of Minnesota, says centralizing IT systems should make it easier to defend against cyber-attacks because there are fewer computing environments to protect.

Financial crimes, fraud and cybersecurity. These topics are quickly converging upon security organizations, and leaders must be prepared. FICO's Stuart Wells discusses the tools and skills needed for convergence.

Security leaders expect the new Union budget to give a needed boost to cybersecurity education, as well as increased investment in critical infrastructure, biometrics and surveillance to fight cybercrime.

This year could mark a turning point for the sharing of threat intelligence, but only if the government is able to build a framework that instills private-sector trust, says threat researcher Lance James.

As more patient records are digitized, that data is a rapidly growing target for cybercriminals intent on committing medical identity theft and fraud, says Ann Patterson of the Medical Identity Fraud Alliance, who analyzes a new report on the trends.

Were DDoS attacks against major American banks in 2012 waged in retribution for U.S. government actions? A recently leaked top-secret memo prepared in 2013 for Keith Alexander, who was then NSA director, seems to confirm that's the case.

As new cyberthreats emerge, medical device maker Philips Healthcare is implementing a four-prong strategy for ensuring the cybersecurity of its products. Michael McNeil, global product security and services officer, outlines the steps.

With white-hat security researchers gaining increasing mainstream recognition, hacking as a vocation is no longer taboo - and Indian researchers are flocking to the profession, says HackerOne's Katie Moussouris

Learning more about potential attackers and their preferred information targets is one of the best ways organizations can mitigate their cyber-attack risks, says Bank of the West's David Pollino, a featured speaker at ISMG's Fraud Summit LA.

Information sharing and analysis organizations being formed under President Obama's new executive order must avoid becoming silos that only share cyberthreat intelligence "within their own walls," warns Deborah Kobza, executive director of NH-ISAC.

Attacks are larger, adversaries more diverse, and damage is broader. These are characteristics of today's DDoS attacks, and organizations need a new approach to protection, says Verisign's Ramakant Pandrangi.

Elayne Starkey, the state of Delaware's chief security officer, no longer micromanages how cloud services providers secure state data. Find out why she's giving providers more leeway in defining security requirements.

In an exclusive interview, Sergey Golonvanov, a threat researcher at Kaspersky Lab, offers insights about the Russian cybercrime ring that over the weekend made headlines for defrauding banks of up to $1 billion.

The volume of spam messaging is down, but the bogus messages that are getting through? They're more malicious than ever, says Cisco's Jason Brvenik. He shares insights from Cisco's 2015 Security Report.

Mega-breaches, including the recent hacking attack on Anthem Inc. always result in an uptick of interest in cyber-insurance, but determining how much coverage to buy is an ongoing challenge, says data privacy attorney Marc Voses.

What are the top security priorities for healthcare's "CIO of the Year"? Bolstering defenses against phishing, malware and remote attacks head the list, says Sue Schade, CIO at the University of Michigan Hospitals and Health Centers.

A new federal cyberthreat intelligence center could help the government build more resilient networks and better identify cyber-attackers, leading to arrests and punishments, says Harry Raduege, a former top Defense Department IT leader.

The Anthem breach, which possibly started with a phishing campaign, is a prime example of how hackers are perfecting their schemes to target key employees who have access to valued information, says Dave Jevans of the Anti-Phishing Working Group.

As hack attacks, such as the breach of Anthem Inc., become more common, it's more critical than ever for organizations to carry out an "adaptive defense model" to protect sensitive information, says Dave Merkel, chief technology officer at FireEye.

PINS can effectively reduce card-not-present as well as card-present fraud, argues Liz Garner of the Merchant Advisory Group, who will be a featured speaker at Information Security Media Group's upcoming Fraud Summit Los Angeles.

Technologies that allow companies to analyze cyberthreats are evolving and soon should provide better intelligence to mitigate attacks, says Jim Anderson, a president at BAE Systems Applied Intelligence.

The recent cyber-attack on health insurer Anthem Inc. is a "call to action" for the healthcare sector to adopt a much more sophisticated approach to risk management, says security expert Lisa Gallagher of HIMSS.

There is no such thing as 100 percent security, so what does a truly successful security program look like? Mike Gentile of Auxilio describes the key elements of a formal program and how best to deploy them.

As a result of the explosive growth in worldwide use of smart phones, mobile malware will play a much bigger role in fraud this year, predicts Daniel Cohen, a threat researcher for RSA, which just released its 2014 Cybercrime Roundup report.

Target is the high-profile example, but many organizations have been breached through third-party vulnerabilities. Where are the security gaps, and how can they be filled. BitSight's Stephen Boyer offers insight.

Email fraud has existed since the advent of email. But the schemes are evolving and impacting organizations' bottom lines. Robert Holmes of Return Path offers new strategies to defeat fraud attempts.

Visa executive Kimberly Lawrence contends that the ongoing U.S. migration to EMV is progressing more rapidly than in other markets that have made the transition, requiring outside-the-box rules for debit transactions and cardholder verification.

Recognizing the behavior of an intruder, rather than relying on digital signatures, will prove to be a better way to prevent hackers from pilfering data and creating havoc in IT systems, says Radware CEO Roy Zisapel.

IBM Trusteer malware researcher Ori Bach says financial fraud attacks coming out of Brazil are having a global impact, and he offers insights and lessons for banking institutions throughout the world.

Data breaches are inevitable, hence it's up to executives to ensure their enterprise is secured, without trying to encrypt everything, warns Prakash Panjwani, president and chief executive officer of SafeNet.

The Federal Reserve's just-released plan for faster payments and technology standardization, while applicable to ACH and wire transactions, won't easily translate for card payments, says Troy Leach of the PCI Security Standards Council.

The increase in sophisticated hacking attacks will lead other sectors to follow the lead of the financial services industry in implementing multifactor authentication, says Ken Hunt, CEO of VASCO Data Security International.

The globalization of fraud waged by organized crime has spurred new cross-channel attacks and is affecting how ATM operators approach data security, executives from three of the world's leading ATM manufacturers explain in this exclusive interview.

ATM vendors are working together to enhance threat information sharing and ensure hardware and software compatibility. In part two of an exclusive three-part interview, three leading ATM manufacturers explain why collaboration has become so important.

The subject of privacy has been debated ever since the release of the AP Shah Committee report on the subject. Kamlesh Bajaj, CEO of the Data Security Council of India, shares insights on how the nation's Data Privacy Act may finally be taking shape.

The FBI has attributed the Sony hack to North Korea, in part by analyzing the messages left by the "G.O.P." attackers. But linguistics expert Shlomo Engelson Argamon says the messages appear to have been written by native Russian speakers.

How will EMV and contactless payments reduce ATM-related card fraud? In part one of this three-part exclusive interview, executives from the world's top three ATM manufacturers discuss how they're helping banking institutions address emerging fraud trends.

Ninety percent of even the largest global firms are susceptible to targeted attacks. And if adversaries want to get in, they can, says Peter George, CEO of Fidelis Security Systems, who discusses new security strategies.

Mark Horwedel of the Merchant Advisory Group says that while U.S. merchants are committed to enhancing payments security, without PINs, chip cards will do little to reduce card fraud.