Info Risk Today Podcast

As content sharing via mobile devices becomes more common, organizations must make sure security issues are adequately addressed, says Hormazd Romer, senior director of product marketing at Accellion.

As organizations expand their use of encryption to help prevent breaches, they must improve their management of cryptographic keys, says Prakash Panjwani, senior vice president at SafeNet.

While much of the security focus is on online fraud and major data breaches, organizations of all sizes and sectors are seeing a rise in phone-based fraud, says Matt Anthony of Pindrop Security.

The application programming interface is now an attack vector, which creates new security issues, warns Travis Broughton, IT architect at Intel.

Neustar is about to release a new report on the DDoS threat landscape. What are some of the key trends to watch? Neustar's Jim Fink offers a preview of the study's findings.

Among the biggest cyberthreats enterprises face comes from hacks on consumer mobile devices, says Caleb Barlow, a director of product management at IBM Security.

Too many businesses are worried about how security might adversely affect the user experience, even among their own workforce, says Bert Rankin, chief marketing officer of ThreatMetrix.

The gateway security solutions provider iBoss Network Security is enhancing its offerings by incorporating analysis of behavioral movement of traffic in and out of the network.

While most organizations are focusing on compliance, they are ignoring basic human-factor security risks that technology cannot fix, says Hord Tipton, executive director of the International Systems Security Certification Consortium, better known as (ISC)².

While January's seemingly isolated distributed-denial-of-service attacks against JPMorgan Chase and Bank of America may have been a blip, DDoS expert Barrett Lyon says stronger attacks are on the way.

While massive DDoS attacks were dominant in 2013, this year, smaller application-layer attacks going after such things as log-in pages and password files are far more common, says Rich Bolstridge, chief strategist, financial services, at Akamai Technologies.

The increasing use of cloud-based resources requires a new approach to protection against cyberthreats, says Ashley Stephenson, CEO at Corero Network Security.

Simple credentials, such as passwords, are a hacker's best friend, says Phillip Dunkelberger of Nok Nok Labs, a founding member of the FIDO Alliance. That's why the alliance is working to reduce reliance on passwords by enabling advanced authentication.

Cisco has launched a new open source initiative focused on application identification, says Scott Harrell, vice president of the company's security business group.

CipherCloud's Paige Leidig discusses a new offering that helps enable organizations rapidly adopt a cloud application as it protects sensitive data and ensures compliance to policies and regulations.

The recent merger of Bit9 and Carbon Black will eventually result in a single, merged product offering, says Benjamin Johnson, CTO at Carbon Black.

Although the growth of cloud-based data centers offers opportunities to more rapidly deploy applications, it also raises new security issues, says Steve Pao, senior vice president at Barracuda Networks.

Researchers at Dell SecureWorks have identified some 146 unique malware families that are targeting cryptocurrencies. Approximately 100 of those have emerged in just the last year, says Pat Litke, security analysis adviser for the company's CyberThreat unit.

Log analysis is often used for managed security, but are organizations going far enough with the information they have at their fingertips? Don Gray, chief security strategist for Solutionary, says there is much more organizations could be doing to predict breaches.

Advanced, ever-evolving threats call for security solutions vendors to counter with equally advanced and sophisticated solutions. JD Sherry of Trend Micro discusses new strategic alliances and product sets dedicated to creating new measures of threat defense.

Two critical steps that banking institutions need to take in 2014 to help prevent fraud are implementing big data analytics and adopting far more sophisticated customer and employee authentication, says Gartner analyst Avivah Litan.

Distributed generation and plug-in motor vehicles are among the emerging security challenges to the smart grid. In an RSA 2014 preview, Gib Sorebo of Leidos discusses the threats to utilities and consumers.

What is the venture capital view of the security trends and technologies that will have the most impact on careers in 2014? Alberto Yépez of Trident Capital weighs in with his insights and predictions.

Merrill Halpern of the United Nations Federal Credit Union, a pioneer in the use of chip cards, says high-profile retail breaches reinforce the long-term value of EMV for various forms of payment within the U.S.

Michael Daugherty, CEO of LabMD, offers his perspective on a longstanding dispute with the Federal Trade Commission over two data security incidents. He has even written a book on the subject.

<p><b>Editor's Note:</b> <i>Excerpts of this interview appear in ISMG's Security Agenda magazine, distributed at RSA Conference 2014.</i></p> <p>Privacy should be built into the design of all healthcare information technology and related processes, says Michelle Dennedy, who's writing a book on the concept of "privacy by design."</p>

Expenses linked to the data breach at Target Corp. have already cost the 58 member institutions of the Consumer Bankers Association more than $170 million - a price they should not have to pay, says the association's David Pommerehn.

Employing quantum physics, Yi-Kai Liu, a computer scientist at the National Institute of Standards and Technology, is attempting to devise a way to create a one-shot memory device that could help secure transactions or administrative passwords.

Organizations in all sectors can improve their compliance with the PCI Data Security Standard by taking five critical steps, says Rodolphe Simonetti of Verizon Enterprise Solutions, which just issued a new PCI compliance report.

A new identity fraud study shows that consumers who are victims of a payment card breach are at greater risk of fraud than victims of other types of breaches, says Al Pascual of Javelin.

When breaches result from retailers' lax security practices, merchants should be obligated to help banking institutions cover fraud losses and other post-breach expenses, says Viveca Ware of the Independent Community Bankers of America.

Expanded with more educational tracks and sessions on emerging hot topics, the 2014 edition of the RSA Conference will be the largest ever, says Hugh Thompson, program committee chair.

The PCI Security Standards Council has no plans to modify its standards for payment card data security in response to high-profile payment card breaches at Target and Neiman Marcus, says Bob Russo, the council's general manager.

Karen Evans, formerly the federal government's top IT executive, prescribes a way to get inspectors general and federal agencies on the same page in regards to annual IT security audits.

Retail data breaches are growing. ISight Partners' Tiffany Jones, a researcher who helped the Department of Homeland Security prepare its report about malware attacks, offers new insight into the latest cyber-attacks.

Cybercriminals exploiting weaknesses in how users employ passwords is a significant factor behind an increase in records exposed in breaches during 2013, says Craig Spiezle of the Online Trust Alliance.

In 2013, attackers proved that sophisticated DDoS attacks could be launched as effective disruptions and distractions. What are the evolving solutions that now help organizations mitigate these strikes?

A new, free iPhone app is designed to help organizations navigate 46 state data breach notification laws as well as federal statutes, such as HIPAA, attorney Scott Vernick says.

To avoid the risk of staff using social media to communicate about patients, healthcare organizations need to offer more secure alternatives, says security and privacy expert Andrew Hicks.

Technology is the biggest challenge to ethics and compliance in organizations today, says Deloitte's Keith Darcy. "We have the capacity to do things before we ever consider the ethical consequences ..."

Dan Clements of IntelCrawler, the research firm that claims it traced malware apparently used in the Target breach and other retailer attacks to a 17-year-old hacker in Russia, offers an exclusive, in-depth explanation of his company's findings.

From new malware to the Target breach, cyber-attacks reached an all-time high in 2013, says Cisco's Annual Security Report. Cyberthreat expert Levi Gundert tells how organizations can regain the advantage in 2014.

2014 is going to be a critical year for data breach preparation and response, according to Michael Bruemmer of Experian. What are the key breach-related developments that security leaders must watch?

From access controls to intrusion detection, mobility to privacy, many organizations face similar network security challenges. Isabelle Dumont of Palo Alto networks offers a new, unique approach for healthcare organizations, and the key concepts of this approach can be applied to any security environment.

In the wake of the Target and Neiman Marcus data breaches, Steve Kenneally of the American Bankers Association calls for greater security and accountability throughout the U.S. payments system.

Five significant trends, including the mobile revolution and the use of big data, will influence the future of cybersecurity, says Allan Friedman, co-author of a new book on the subject.

Training that's designed to help workers avoid clicking on links from spear-phishing e-mails may be ineffective because employees often fail to read training materials, says Eric Johnson, a Vanderbilt University professor who's co-author of a new study on the subject.

The new year's top trends in background screening can be summed up in two words: legal and compliance. Les Rosen of Employment Screening Resources offers expert tips for more effective screening.

To help reduce reliance on passwords, the FIDO Alliance is developing standard technical specifications for advanced authentication. Michael Barrett and Daniel Almenara of FIDO describe the impact the effort could have in 2014.

As a result of high-profile breaches, such as the Target incident, security is increasingly a board issue. What are the key topics security leaders should prepare to discuss in 2014? Alan Brill of Kroll offers his forecast.