Info Risk Today Podcast

Solutionary is out with its <a href="http://www.solutionary.com/research/threat-reports/quarterly-threat-reports/sert-threat-intelligence-q2-2014/?utm_source=ISMG&utm_medium=Podcast&utm_campaign=SERT-Q2-2014"><b>quarterly threat intelligence report</b></a>. Topping the list: the exploitability of the Heartbleed bug, and the current malware trends. Rob Kraus teases the report's highlights.

Mobile banking brings new opportunities to institutions and customers alike - but also a host of new security risks. Jim Anderson of BAE Systems Applied Intelligence discusses the emerging landscape.

Julie Conroy once was a financial services practitioner who subscribed to Aite Group's research. Today she is one of Aite's top fraud researchers. What was her career path, and what tips can she share?

From Neiman Marcus to P.F. Chang's, 2014 has shaped up to be the 'Year of the Data Breach.' What lessons can be gleaned from the trenches of breach investigation? Experian's Michael Bruemmer shares tips.

Many IT security practitioners see their work as a game, one in which they try to outsmart attackers, says Eric van Ommeren, co-author of the just-published book, <b><i><a href='http://ict-books.com/books/inspiration-trends/cyber-security-detail' target='_blank'>Staying Ahead in the Cyber Security Game: What Matters Now</a></i></b>.

To protect their privacy, organizations should get their IT security staffs involved in vendor-requested audits conducted to verify software licensing agreement compliance, says Gartner Research Director Victoria Barber.

To help defend their organizations, security professionals should devote more attention to attack vectors rather than specific threats, says Stephen Pao of Barracuda Networks.

A common framework for communicating threats and alerts among security vendors' systems would bolster efforts to protect consumers' information, says David Duncan of Webroot.

Despite recent high-profile breaches, organizations are not buying cyber-insurance policies at explosive rates. But Gartner's cyber-insurance expert Juergen Weiss says that might not be a bad thing.

Using <a href="https://www.inforisktoday.com/big-data-c-337"><b>big data</b></a> to fight fraud is a challenge for most organizations. Andreas Baumhof of ThreatMetrix explains how context-based <a href="https://www.inforisktoday.com/authentication-c-206"><b>authentication</b></a> combines fraud and security to leverage the use of big data.

Not all malware strains pose equal threats to an organization. So, how does one distinguish the most dangerous forms? Through layered security controls, says Julian Waits, CEO of ThreatTrack Security.

IT and security groups may know the same technical terms, but they don't always speak the same language. Don Gray of Solutionary discusses how security leaders can help bridge the communications gap.

Security is built into most applications developed today. But how does one go back and secure legacy apps in one's environment? Kunal Anand of Prevoty shares insight on this often-overlooked challenge.

Tim Pawlenty, CEO of the Financial Services Roundtable, says the only way to ensure adequate cyberthreat information sharing is through federal legislation that would furnish liability protection and other incentives.

Does BYOD really stand for Bring Your Own Disaster? JD Sherry of Trend Micro discusses the latest mobile security trends and threats, including the evolution of ransomware and the Internet of Things.

Following Target and other high-profile breaches, CEOs and boards have three key questions for security leaders. Coalfire's Rick Dakin reveals those questions - and how CISOs must be ready to respond.

Users' fear of data loss on personal devices must be balanced with an organization's need to protect sensitive information, says ZixCorp's Nigel Johnson. He explains the evolution of <a href="https://www.inforisktoday.com/mobility-c-212"><b>mobile</b></a> device management.

Under assault by advanced threats, organizations must change their approach, says Damballa's Stephen Newman. Detection is out; response is in. How do organizations deal with 'a constant state of infection?'

Organizations are careful when granting privileged access to critical systems. But they struggle to govern these privileged identities. Merritt Maxim of CA Technologies shares new strategies.

Infrastructure security used to be more manageable. But it's far more complex in today's cloud environment. Carson Sweet of CloudPassage shares insight and strategies to improve cloud infrastructure security.

Banking institutions must improve how they analyze cyber-threat intelligence. But without better tools, security leaders can't adequately anticipate new attacks, says Greg Garcia, the new executive director of the FSSCC.

Identity fraud is one of consumers' most feared crimes, and at banks those schemes translate into application fraud. FICO's Adam Davies discusses today's common application fraud scams and how to stop them.

Continuous monitoring is helping Freddie Mac reduce the number of security controls it uses to safeguard its information systems, says CISO Patricia Titus, who summarizes lessons that can apply to government and private-sector entities.

Imagine a cyber-attack that disables an electricity distribution center. What's the role of the U.S. military, government or the utility company in defending and retaliating? That's a question on the mind of Army Col. Gregory Conti.

Customers increasingly use digital channels to interact with organizations. But these interactions raise new security concerns that must be addressed by IAM solutions, says David Gormley of CA Technologies.

Poor Internet hygiene, not increased cybercrime, is what's really to blame for the increased botnet traffic the online world is battling, say cybersecurity experts Tom Kellermann and Rod Rasmussen.

Healthcare organizations should take several key steps to ensure the cybersecurity of medical devices, including "walling off" certain devices from the network, says Rick Comeau of the Center for Internet Security.

The word 'security' takes on a whole new level of importance when you take a job in federal law enforcement. Joshua Belk, CSO of the FBI's San Francisco division, offers career insights for security pros.

The folks at PricewaterhouseCoopers, after <b><a href='http://www.pwc.com/en_US/us/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf' target='_blank'>surveying</a></b> 500 U.S. business, law enforcement and government executives, conclude that the vast majority of cybersecurity programs fall very short of the federal government's cybersecurity framework goals.

High-profile retail breaches, such as the one suffered by <a href="https://www.bankinfosecurity.com/target-breach-lawsuits-consolidated-a-6845"><b>Target Corp.</b></a>, could spur more merchants to promote increased use of mobile <a href="https://www.bankinfosecurity.com/payments-c-328"><b>payments</b></a> to boost security, says Thad Peterson, a new analyst at Aite Group.

Fighting fraud tied to synthetic identities requires revamping the credit infrastructure to improve detection of fraudsters' activities, says risk management specialist Richard Parry.

What does "IT security as a business enabler" mean? For a definition, Gartner's Paul Proctor looks to the way IT managers at a European car maker translate <b><a href='https://www.govinfosecurity.com/cybersecurity-c-223'>security</a></b> problems into a language a CEO can understand.

A multi-layered approach known as "context-aware security" is the most effective strategy for fighting both <a href="https://www.inforisktoday.com/insider-threat-c-64"><b>insider</b></a> and external cyberthreats, says Gartner analyst Avivah Litan, who explains how this strategy works.

Consumers around the world aren't overly concerned about Internet security, perhaps because they've experienced fatigue from the oversaturated media coverage of <b><a href='https://www.databreachtoday.com/breaches-c-318'>data breaches</a></b>, Unisys Chief Information Security Officer David Frymier says.

The National Institute of Standards and Technology is developing new <b><a href='https://www.govinfosecurity.com/cybersecurity-c-223' target='_blank'>cybersecurity</a></b> standards based on the same principles engineers use to build bridges and jetliners.

As mobile banking adoption rapidly grows this year, financial institutions need to identify and fill security gaps, says Aite Group analyst Julie Conroy, a featured speaker at the May 14 Fraud Summit Chicago.

Embedding some information security practitioners within business units could help improve IT security awareness in many enterprises, reducing security risk, says Steve Durbin, global vice president of the Information Security Forum.

Timely analysis of data residing in an organization's information systems is a critical element of IT security, say Haiyan Song and Joe Goldberg of the security firm Splunk.

Today's cybercriminals are perfecting the use of advanced-persistent-threat attacks to pilfer valuable information from precisely targeted victims, says Greg Day of security provider FireEye.

With a second House panel approving the USA Freedom Act, Congress moves a step closer to sending the president a bill to limit the government's bulk metadata collection program, the Center for Democracy and Technology's Harley Geiger says.

A leader of ISACA, Sarb Sembhi, defends President Obama's cybersecurity framework, which critics contend lacks sophistication. He says detractors miss the point about how frameworks evolve.

Too many organizations have a device-centric BYOD policy that fails to look at big picture issues, including building a comprehensive strategy for protecting corporate information no matter how it's accessed, says Ian Evans of AirWatch.

As members of the workforce increasingly rely on mobile devices to access corporate data, secure sharing of files becomes more challenging, says Accellion's Vidhya Ranganathan, who describes an effective strategy.

On the day Target's CEO resigned in the aftermath of a massive data breach, the Ponemon Institute issued its <b><a href='https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=gts-LITS-bus-conn-NA&S_PKG=ov23509' target='_blank'>2014 Cost of Data Breach Study</a></b>, which Chairman Larry Ponemon says helps explain why CEOs should be more involved in breach preparedness and response.

A behavioral analysis approach to fighting malware can be more effective than a signature-based approach in the current threat environment, contends Webroot's Patrick Kennedy.

Voltage Security's Mark Bower contends data-centric security can help break down barriers to the widespread use of encryption and help protect sensitive information, including credit card numbers.

Network "situational awareness" can help organizations in all business sectors improve regulatory compliance by identifying networks and devices that need protection, says Lumeta's Reggie Best.

Hurt the criminals and cyberthreats will decrease. That's how organizations in all sectors, working with law enforcement, should approach cybersecurity, says Juniper Networks' Kevin Kennedy.

Individuals resort to lying about themselves to protect their identities when accessing systems in today's imperfect cyber world, says Peter Tapling, president of Authentify, an out-of-band authentication service.

Trusted Identity is the end-goal, and mobile devices are the means to get there, says Dave Rockvam of Entrust. How are mobile devices being leveraged for security in the enterprise today?