Info Risk Today Podcast

The development of authentication technologies that could replace the password is "nearing a tipping point," but there's still several years of work to do, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace.

As researchers scramble to learn more about Shellshock and the risks it poses to operating systems, servers and devices, Michael Smith of Akamai explains why not all patches are actually fixing the problem.

In a wide-ranging interview, the acclaimed expert on cybersecurity strategy addresses the cyberthreat posed by ISIS and explains why Congress is unlikely to enact significant cybersecurity legislation this year.

To mitigate the newly discovered Bash bug - AKA Shellshock - which may make millions of systems vulnerable to remote takeover, organizations must take several key steps, says security expert Alan Woodward.

One year after HIPAA Omnibus Rule enforcement began, why do so many healthcare entities and business associates continue to struggle with even the most basic requirements? Security expert Andrew Hicks offers insights.

Healthcare organizations are increasingly top targets for sophisticated data breaches. How can they improve their defenses? Paul Smith of Ascension Health and Mark Hanson of Fortinet offer tips.

When it comes to the evolution of machine data, security organizations now can improve protection <i>and</i> the top line. How can they maximize the business benefits? Jean-Francois Roy of Tibco shares tips.

What's the toughest challenge the U.S. faces when it comes to EMV? Randy Vanderhoof of the EMV Migration Forum points to getting POS software and terminals certified for EMV transactions. Find out what other hurdles he identifies.

Helping merchants deal with the growing threat of POS malware is one of the biggest challenges facing Troy Leach, CTO of the PCI Security Standards Council, who says the BlackPOS malware threat, in particular, "is keeping me up at night."

If the U.S. military awarded a decoration for hacking, Army Col. Gregory Conti would wear it proudly on his uniform. Hear Conti, director of the Army Cyber Institute, explain why ethical hacking helps drive America's innovation engine.

Recent hacking incidents affecting HealthCare.gov, Community Health Systems and other healthcare organizations illustrate the need to urgently ramp up defenses against emerging cyberthreats, two security experts say.

Boston Children's Hospital CIO Daniel Nigrin, M.D., describes the impact of a recent DDoS attack on the medical center and lessons that other healthcare facilities can learn from that event.

What steps can organizations take to mitigate insider fraud threats? Michael Theis of Carnegie Mellon, a featured speaker at ISMG's upcoming Fraud Summits in Toronto and London, explains why using data analytics is key.

Amidst a year of high-profile and costly data breaches, what can organizations be doing to help ensure they aren't the next victims? Charley Chell of CA Technologies discusses new authentication solutions.

Call center data and logs can help banks predict account-takeover attempts across multiple banking channels, says fraud expert Matt Anthony, a presenter at ISMG's upcoming Fraud Summits in Toronto and London.

The explosion in POS malware attacks against U.S. merchants highlights the need for retailers to take bolder security steps. Troy Leach of the PCI Council and Karl Sigler of Trustwave outline key steps.

In an in-depth interview, Adam Sedgewick, the point man for the NIST cybersecurity framework, addresses misconceptions about the guidance, the costs to implement it and its role as a marketplace catalyst.

Canada is considering adopting tougher data security and cybercrime legislation that could serve as a model for other nations, says Claudiu Popa, an information security expert who'll be a panelist at the Fraud Summit Toronto.

What lessons can be learned from recent high-profile breaches? IT security experts John Pescatore of the SANS Institute and Ron Ross of NIST explain how organizations can work to mitigate the new-style data breach threat. Listen to the conversation.

2014 has seen an explosion of mobile banking demand and services. But as the channel grows, so do the threats against it. What are today's top threats, and how can institutions offer more secure mobile banking?

Patients and healthcare providers need to recognize that Web-enabled mobile health devices that fall under the umbrella of the "Internet of Things" potentially can put personal information at risk, says Intel Security executive Greg Brown.

Michael Daniel explains that among his biggest challenges as special assistant to the president is fully understanding the economics and psychology behind cybersecurity, topics that few people have mastered.

As the Target breach demonstrated, boards of directors will be held accountable when their organizations are breached. Attorney Kim Peretti offers tips on how to educate boards about security issues.

Apple's forthcoming iOS 8 includes a number of useful new security and privacy features, says Symantec threat researcher Candid Wueest. But there are missing features he'd still like to see implemented.

Finding a common theme from the Black Hat USA conference isn't easy, but a few emerged - simplifying complexity and developing community-based solutions - from sessions and discussions with top cybersecurity experts.

Spear phishing attacks are increasingly sophisticated. Banking institutions must learn more about how fraudsters dupe one's customers and employees, says a panel of three financial fraud experts.

Cyber-historian Jason Healey contends the U.S. government does not want peace in cyberspace so it can conduct more attacks and exploitations. Instead, he says the feds should make the Internet's economic benefits its top priority.

Can a smart phone increase your privacy and security while remaining both highly usable and attractive to buyers? The inaugural Blackphone is testing that question for consumers and businesses.

No single security solution is enough to defend against today's multifaceted exploits. So it's time for a new holistic and cooperative approach to information security, says Bob Hansmann of Websense.

Former NSA information assurance leader Tony Sager goes on the road to the Black Hat USA security conference to promote the notion that no one should try to solve cybersecurity threats alone.

Millions of user credentials are breached regularly - whether we hear of the incidents or not. So, why do we continue to rely on passwords? Derek Manky of Fortinet discusses authentication and data retention.

When it comes to incident response, organizations don't lack threat intelligence. They lack the automation, tools and the skilled staff to act on that intelligence, says Craig Carpenter of AccessData.

The PCI Council has unveiled new guidance for mitigating payment card risks posed by third parties. Troy Leach, the council's CTO, explains how banking institutions and merchants can put the guidance to use.

That Russian hackers may be hording 1.2 billion credentials merely reflects the insecurity of the world we live in today, says David Perry, threat strategist at the Finnish IT security company F-Secure.

Healthcare fraud will increasingly be linked to some form of cybercrime, says Brendan Johnson, U.S. attorney in South Dakota, whose office is ramping up its anti-fraud efforts.

Ex-Navy Secretary Richard Danzig likens society's growing dependence on IT to surviving on a diet of poisoned fruit. He says we're taking risks with critical cybersystems that ultimately can cause irreparable harm.

Detecting and preventing advanced attacks isn't just a technology issue - it's a business risk that needs to be elevated to the highest levels of an organization. Trend Micro's Tom Kellermann shares strategies.

In devising advice to help organizations identify which information security and privacy controls to adopt, NIST risk management expert Ron Ross, a NASCAR fan, looks to the way mechanics decide how to fix a car.

Vendors are rushing useful new "Internet of Things" products to market, but too often treat device security and data privacy as an afterthought, says Forrester Research analyst Andrew Rose.

Financial institutions feel the pain of recent retail breaches, and they seek new ways to secure payments and fight fraud. But how can security leaders influence changes within their own organizations?

Karl Schimmeck of the Securities Industry and Financial Markets Association won't discuss reports about the group's alleged backing of the formation of a cyberwar council, but says financial institutions must play a role in protecting critical infrastructure.

A new impersonation scheme is taking aim at business executives to perpetuate ACH and wire fraud, says Bank of the West's David Pollino, who explains steps institutions should take now to protect their customers.

As a customer, Delaware Chief Security Officer Elayne Starkey has seen the evolution of cloud computing over the past three years to a point where she has more sway over the security terms of cloud services contracts.

Big data has been the recent buzz in security circles, but what are organizations missing by overlooking the power of "small data?" Verizon's Jay Jacobs discusses how to get the most from data analytics.

Attackers increasingly focus on software vulnerabilities in what application security expert Anthony Lim calls "the invisible onslaught." How can the CISO exert more control over software development?

Attacks are more frequent, severe and complex. How can security pros defend against the entire attack continuum - before, during and after? Cisco's Bret Hartman describes a threat-centric approach.

New research shows consumers believe online purchases are more secure than those made at bricks-and-mortar retailers. Researcher Shirley Inscoe of Aite explains why misconceptions about card fraud should be worrisome to banks.

To detect and deter today's threats, security teams need new and dynamic data analytics capabilities. Haiyan Song of Splunk discusses the analytics-enabled SOC and how to improve incident response.

"United we stand; divided we fall." That's the message from Art Coviello to kick off the 2014 RSA Conference Asia Pacific & Japan in Singapore. What advice does the RSA chair offer to global security leaders?

Enterprises should test the processes they establish to respond to advanced persistent threat attacks, just as they vet their <b><a href='https://www.inforisktoday.com/business-continuitydisaster-recovery-c-76'>business continuity</a></b> plans, ISACA International President Robert Stroud says.