Info Risk Today Podcast

As healthcare organizations step up their efforts this year to exchange more patient data with others to improve care, it's urgent that they address the "significant risks" involved, says Erik Devine, chief security officer at an Illinois hospital.

Over the last 12 months, hackers have enhanced the marketing of high-value stolen data, according to Dell SecureWorks' David Shear, who explains how the underground economy works.

"Cybercrime as a Service" is the latest threat evolution, and traditional defenses continue to fall short. Derek Manky of Fortinet discusses the merits of information sharing and the new Cyber Threat Alliance.

Distributed-denial-of-service attacks, fueled by the interconnected nature of smart devices, will only continue to increase, says Matt Moynahan, president of Arbor Networks. "The infrastructure itself is insecure," he says.

Nobody wants to be a cyber-attacker's first victim. But there are benefits to being second or third, says Akamai's Mike Smith. Then you get to enjoy the true benefits of the oft-discussed information sharing.

Amidst a global information security staffing crisis, India must focus on developing more practitioners with deep technical skills. This is the practical advice from Hord Tipton, out-going director of (ISC)².

While the FBI blames North Korea for the hack attack against Sony Pictures, security expert Carl Herberger says the attack differs from previous nation-state attacks. Learn how organizations must shift defenses.

Richard Spurr has been CEO of security vendor ZixCorp for more than 10 years. How has his approach to e-mail security evolved, and how does he see evolving threats and the marketplace changing in the year ahead?

As CEO of ForeScout Technologies, which focuses on continuous monitoring of networks, T. Kent Elliott says he has to anticipate the next generation of vulnerabilities. So what's the most significant emerging risk? The Internet of Things.

Gary Steele has seen attack methods rapidly evolve over the last five years. But what the CEO of Proofpoint hasn't seen is a comparable evolution in how the security industry responds to attacks.

Financial transactions on smart phones require layered security that helps outsmart cyberthieves, says Alan Dabbiere, chairman of AirWatch, who describes today's mobile challenges.

As David Shearer steps in as the new executive director of (ISC)², he inherits a huge challenge: How does the consortium respond appropriately to the global information security staffing shortage?

When you're thinking about securing your data assets and web site, how do you really know the value of what you're protecting? Akamai's Terrence O'Connor shares how to determine the cost of a data breach.

Lost and stolen mobile devices might be a leading cause of data breaches. But it's a strategic mistake for enterprises to focus too heavily on device security, says Christy Wyatt, CEO of Good Technology.

Following a "Flash Alert" from the FBI, organizations must mitigate the risk posed by dangerous "wiper" malware attacks designed to erase hard drives. Malware expert Roel Schouwenberg offers strategic advice.

Retailers say tokenization and encryption are critical to ensuring payment card data security. Aite's Natalie Reinelt describes how merchants will use layers of security to protect data at the point of capture.

The use of big data for real-time threat analysis will become more commonplace among banks and credit unions in 2015, says Bill Stewart of Booz Allen Hamilton, who describes cybersecurity trends for the year ahead.

Hewlett Foundation President Larry Kramer explains why the group is funding academic efforts to lay the cornerstone for sustainable public policy to deal with the growing cyberthreats faced by governments, businesses and individuals.

Yes, there is a global security staffing shortage. But what is the cause, and what can be done to address the crisis? Hord Tipton of (ISC)² offers his take on key issues facing the profession.

Cybersecurity specialists need to learn to think like an adversary in order to develop sound defense strategies, says Greg Shannon, chief scientist at the CERT Division of Carnegie Mellon University's Software Engineering Institute.

Brendan Hannigan became IBM's top security systems executive in 2011, when Big Blue acquired the company he ran, Q1 Labs. Hannigan says acquisitions will remain a key component in the growth of IBM's security business.

A top-flight IT security team requires individuals with know-how in a wide range of non-technology disciplines, in addition to those with technical expertise, cybersecurity leaders say.

To protect against medical ID theft and fraud, healthcare organizations need to build comprehensive security programs that go beyond just putting their "finger in the dike," says security expert Mark Ford of Deloitte.

The threats, the solutions and certainly the actors all have changed dramatically since David DeWalt first entered the information security industry. Which should be the top concern for enterprises?

Advanced threats, targeted attacks and enterprise mobility have re-shaped how we approach security, and they've also influenced the growth of FireEye. CEO David DeWalt discusses the highs and lows of his tenure.

"It's a tough conversation, telling [clients] they've spent a lot of money on defense-in-depth that isn't working," says FireEye CEO David DeWalt. "If they don't change, they're risking their company."

BYOD is evolving into the "BYO-everything" trend, says Chris Clark, president of IBM's Fiberlink. He discusses Apple and IBM's enterprise mobility deal, as well as how mobility continues to reshape computing.

The cost of cyberfraud is expected to hit $8 billion by 2018, and that increase opens new doors for solutions provided by niche cybersecurity firms, says Easy Solutions CEO Ricardo Villadiego.

Poor post-breach communication can cause as much damage to a company's reputation as the cyber-incident itself, says Al Pascual, a senior analyst at Javelin Strategy & Research, who will speak at ISMG's Fraud Summit Dallas.

Troy Leach of the PCI Security Standards Council says log monitoring is an effective data breach detection tool that, unfortunately, not enough merchants put to use. He explains how upcoming PCI guidance could help with implementation.

The secure national exchange of patients' health information for use in treatment will make progress once "we simplify what we say when we're explaining privacy to people," says Lucia Savage, new chief privacy officer of ONC.

After 20 years in the Army and nearly that long as an information risk management leader at the National Institute of Standards and Technology, Ron Ross says his career is still evolving. Find out what he plans to do next.

Amy McHugh, a former FDIC IT examination analyst, says banking regulators will soon scrutinize C-level executives and boards of directors to gauge their cybersecurity awareness in the wake of the FFIEC's pilot cyber-risk assessment program.

Emerging Web-enabled health technologies, ranging from the upcoming Apple Watch to a Google "pill" that could potentially detect cancer in patients' bodies, pose troubling new privacy risks, says privacy advocate Deborah Peel, M.D.

An important lesson from the breach of a White House unclassified network is that organizations should invest in intrusion detection tools, not just perimeter defenses, SANS's Johannes Ullrich says.

Most citizens rightly don't trust the Internet as a voting booth. But the Atlantic Council's Jason Healey says that could change, not because of better security, but because the digital generation might demand it as they age.

Many issuers of chip-based credit cards will likely allow U.S. consumers to complete transactions with a signature, not a PIN, which will limit the fraud protections offered by EMV cards, says Citizen Financial Group's Tim Webb.

As numerous attacks have demonstrated, two-factor authentication systems are not foolproof, says Ryan Lackey, a principal in the security practice at CloudFlare, who offers insights on how today's authentication systems must evolve.

Visa is working closely with U.S. banking institutions and retailers to enhance payments security and push the migration toward EMV, says the card brand's Eduardo Perez, a featured presenter at ISMG's Fraud Summit New York.

In a wide-ranging interview, Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper discusses bipartisan efforts to enact FISMA reform, the impact of payment card breaches and his personal approach to IT security.

In addition to adopting the right IT security standards to mitigate advance persistent threats, organizations need to pick the right people to carry out those standards, says Jon Long, a featured speaker at ISMG's Global APT Defense Summit on Oct. 22.

More healthcare entities might consider implementing NIST's cybersecurity framework if healthcare-specific guidance on putting the framework to use was available, says Lee Kim of the Healthcare Information and Management Systems Society.

"Cybercrime as a service" and the globalization of attacks are two of the trends noted by cyber-intelligence firm Group-IB in its third annual High-Tech Crime Report. Group-IB's Alexander Tushkanov explains the lessons that can be learned.

What advice does the first CISO have for today's security leaders? Steve Katz speaks up on top security threats, how to defend against them and what it takes to lead an effective security team.

Data analytics is reshaping the way financial institutions detect fraud by helping them track customer behavior in real time, says FICO's Anant Nambiar, who'll be a featured presenter at ISMG's Fraud Summit New York on Oct. 21.

Knowing how to manipulate a hacker's cultural values could help thwart - or at least slow down - cyber-attacks, says Garet Moravec, a cybersecurity expert who'll speak at ISMG's Global APT Defense Summit on Oct. 22.

In this post-Target era of "It's not a matter of if, but when," how prepared is your organization for a data breach? Michael Buratowski of General Dynamics Fidelis Cybersecurity Solutions offers tips for breach planning and response.

The U.S. government could be a year away from allowing citizens to use the same authentication credentials to get services from multiple departments and agencies, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace.

Nearly two weeks since news of Shellshock broke, attacks that are taking advantage of the Bash vulnerabilities are grabbing headlines. But Michael Smith of Akamai warns that the battle against hackers capitalizing on Shellshock could go on for years.

Heartbleed, Shellshock, targeted attacks - the security threats to banking institutions are legion. And there are new banks can get better at detecting these evolving threats, says Solutionary's Jeremy Nichols.