Info Risk Today Podcast

IBM's Dan Hauenstein, in analyzing Big Blue's 2012 Tech Trends Report, says security concerns often inhibit the adoption of four technologies: mobile, cloud, social business media and business analytics.

Heading into 2013, security leaders across industry feel confident about their processes and technology. People, though, continue to create the greatest <b><a href='/risk-mgmt-c-38'>risks</a></b>. Can "awareness in depth" make a difference?

Karen Scarfone, who coauthored NIST's <b><a href='/encryption-c-209'>encryption</a></b> guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.

House Cybersecurity Caucus Co-Chair Jim Langevin sees the new International Telecommunication Regulations, approved in Dubai earlier this month over the objections of the U.S., as a veiled threat to suffocate Internet freedom around the world.

CISOs' top three priorities for 2013 are emerging threats, technology trends and filling security gaps, says RSA CISO Eddie Schwartz. But what new strategies should leaders employ to tackle these challenges?

As the recent <a href='https://www.bankinfosecurity.com/patco-fraud-dispute-settled-a-5313'><b>PATCO case</b></a> shows, <a href='https://www.bankinfosecurity.com/fraud-c-148'><b>fraud</b></a> litigation is moving away from just establishing damages. The key legal question now is: What is reasonable security? Attorneys discuss the 2013 fraud legal landscape.

Threats have evolved, and so have our Internet needs. This is why organizations need to explore the security and productivity gains of the next-generation firewall, says Patrick Sweeney of Dell SonicWALL.

When it comes to <a href='https://www.inforisktoday.com/mobility-c-212'><b>mobile security</b></a>, users say the right things, but still indulge in risky behavior. Javelin's Al Pascual tells how security leaders can create better partnerships and practices in 2013.

A breach that resulted in a $1 million <a href="https://www.healthcareinfosecurity.com/hipaa-hitech-c-282"><b>HIPAA</b></a> settlement led Partners Healthcare in Boston to take many significant steps, including merging its privacy and security efforts, says CISO Jennings Aske. More changes are planned for 2013.

<a href="https://www.healthcareinfosecurity.com/hipaa-hitech-c-282"><b>HIPAA</b></a> compliance audits will resume within about a year once results of a recently completed pilot program are reviewed, says Leon Rodriguez, director of the Department of Health and Human Services' Office for Civil Rights.

McAfee researchers have uncovered new information about a Gozi variant, which RSA in October named Prinimalka. The Trojan, part of a blitzkrieg-like attack, is expected to hit 30 institutions in spring 2013.

In parts of Europe and Asia, <a href='https://www.careersinfosecurity.com/privacy-c-151'><b>privacy</b></a> legislation took solid steps forward in 2012. In the U.S., however, progress has stalled. Is the U.S. at risk of falling behind when it comes to privacy protection?

It's as much about people as it is technology for organizations to successfully implement a <b><a href='https://www.govinfosecurity.com/continuous-monitoring-c-326'>continuous monitoring</a></b> program, says George Schu, senior vice president at Booz Allen Hamilton.

From <a href='https://www.bankinfosecurity.com/pos-breach-highlights-fraud-trend-a-5230'><b>point-of-sale hacks</b></a> to <a href='https://www.bankinfosecurity.com/citadel-trojan-tough-for-banks-to-beat-a-5282'><b>malware</b></a> and <a href='https://www.bankinfosecurity.com/hacktivist-hints-at-new-ddos-attacks-a-5325'><b>DDoS attacks</b></a>, the top cyberthreats of 2012 have been aggressive and strong. Is it time for organizations to adopt a "hack back" strategy against perceived attackers?

Former FBI cyber unit chief Tim Ryan sees mounting dangers from the insider, acknowledging undiscerning employees who don't follow proper processes can cause devastation. But he says the actions of those with malicious intent can be more catastrophic.

Eurograbber is more than just another banking Trojan. It's an exploitation of fundamental online banking authentication practices that could strike any institution, says Check Point's Darrell Burkey.

McAfee CPO Michelle Dennedy and Intel CISO Malcolm Harkins work for the same company, but in some ways they are worlds apart. How must privacy and security leaders bridge gaps to face challenges ahead?

Developing a <a href="https://www.healthcareinfosecurity.com/byod-c-325"><b>bring-your-own-device</b></a> policy that's well-integrated with an organization's overall information security strategy requires a multi-disciplinary, collaborative approach, says attorney Stephen Wu.

As missiles and bombs do real damage in Israel and Gaza, a veteran Israeli cybersecurity expert, Amichai Shulman, downplays the significance of the assaults waged against Israeli websites, contending any damage has been minimal.

An executive at a bank in New Jersey that was battered by Hurricane Sandy offers lessons learned, including the importance of having a well-tested, detailed business continuity plan.

Cloud-based botnets and mobile malware are two of 2013's top cyberthreats. What other threats make the list? Georgia Tech's Paul Royal tells how security pros and organizations can prepare.

The kind of detailed data analysis that helped statistician Nate Silver predict accurately the outcome of the U.S. presidential election could help enterprises using cloud-based SIEM to identify vulnerabilities, says Cloud Security Alliance's Jens Laundrup.

To know how best to respond to IT and communications failures, incident response pros first must collect information on such incidents, says Marnix Dekker, who co-authored a new report for ENISA.

Social media platforms are ever-evolving. But organizations' and individuals' use of social media has not evolved and may create new risks, says educator Sherrie Madia. How should we manage these risks?

The FDA's proposed <a href="https://www.healthcareinfosecurity.com/agency-releases/fda-unique-device-identification-system-r-2706"><b>Unique Device Identification System</b></a> could help the agency and healthcare providers more easily identify medical device safety issues, including malware threats, says agency official Jay Crowley.

To know how best to respond to IT and communications failures, organizations first must collect information on such incidents, says Marnix Dekker, who co-authored a just-issued report on incidents for ENISA.

One of the biggest IT security challenges enterprises will face in the coming years will be assuring the integrity of the computer products they purchase, says Gartner Fellow Neil MacDonald.

How big of a role did <a href="https://www.healthcareinfosecurity.com/hie-c-256"><b>health information exchanges</b></a> play in providing access to records during Superstorm Sandy, and what lessons can be learned? Federal officials will address these questions, says HIE expert Lee Stevens.

Kris Rowley feels she can take Sandy's punch. Having survived the battering Irene gave Vermont in 2011, the state's CISO knows how better to defend state IT as the remnants of Hurricane Sandy take aim at the Green Mountain State.

It's been compared to the 'perfect storm,' but Hurricane Sandy is unlike any storm we've seen, says Alan Berman of DRI. He believes organizations have planned well for recovery.

Hurricane Sandy threatens buildings, staff and data alike, posing a daunting challenge to business continuity pros. Disaster recovery expert Regina Phelps offers tips for weathering the storm.

Human genome sequencing can support groundbreaking research leading to improved treatments. But before genetic testing can become common, privacy issues need to be tackled, says Lisa M. Lee, who heads a presidential advisory panel.

Distributed-denial-of-service attacks on U.S. banking institutions will continue, says Akamai's Mike Smith. And he believes the attackers aren't out just to embarrass the banks, but to commit fraud.

The big breaches make the headlines, but the smaller attacks on merchants are the ones that ultimately benefit the fraudsters and hurt banking institutions most, says Wade Baker of Verizon.

Talks among IT security experts from 40 nations meeting in New Delhi could lead to treaties on cybersecurity, including, perhaps, a cyber détente between the United States and China, Deloitte Center for Cyber Innovation's Harry Raduege says.

A group of highly respected IT security thought leaders is calling on the Obama administration to exercise existing powers to strengthen the processes the federal government employs to secure its information systems.

CISOs increasingly are asked to manage both information security and risk. What new skills and tools do they need to juggle the dual role? David Sherry, CISO of Brown University, shares his views.

Employing cloud computing services could help organizations defend against the type of distributed denial of service attacks that have temporarily crippled the online service of major American banks, says NIST's Matthew Scholl.

Top executives must be transparent with their stakeholders when their IT systems get attacked. Otherwise, their enterprises' reputations could be more severely damaged, says IBM Fellow Luba Cherbakov.

<p><a href="https://www.bankinfosecurity.com/whitepapers/ddos-attacks-how-to-reduce-your-risks-w-644"><b>Download the transcript of this interview in PDF format (sponsored by Corero Network Security)</b></a></p> <p>As <a href=https://www.bankinfosecurity.com/bank-attacks-what-have-we-learned-a-5197><b>DDoS attacks</b></a> on banks continue, institutions can take immediate steps to lessen the impact on customer experience and reduce fraud risks. Jason Malo of CEB TowerGroup offers insight.</p>

As mobile computing becomes ever-present, enterprises face a new threat landscape that includes rogue marketplaces, insecure public Wi-Fi and proximity-based hacking, says Dan Hubbard of the Cloud Security Alliance.

Google and Facebook are in the mobile payments arena. But consumers still expect their banking institutions to secure the mobile wallet, says Alphonse Pascual of Javelin. What role must banks play?

Healthcare providers often fail to conduct comprehensive, timely <a href="https://www.healthcareinfosecurity.com/risk-assessment-c-44"><b>risk assessments</b></a>, as required by regulators. But security expert Kate Borten says they can leverage new guidance to help get the job done.

As the overall number of "true exploits" have decreased, targeted ones - especially those initiated by criminals or nation states - are becoming harder to detect, say Rick Miller, director of IBM Managed Security Services.

<p>DDoS attacks have existed for years. But the latest wave brings new threats to organizations. How should they defend against these attacks? Ashley Stephenson of Corero Network Security offers insights.</p> <p> DDoS attacks have existed for years. But the latest wave brings new threats to organizations. How should they defend against these attacks? Ashley Stephenson of Corero Network Security offers insights.</p> <p> In an interview about defending against the new, sophisticated DDoS attacks, Stephenson discusses:</p> <ul> <li>What's new about the attacks we're seeing;</li> <li>Why traditional defenses are insufficient;</li> <li>How organizations can mitigate their risks by deploying a new defensive strategy.</li> </ul>

The gut feeling many people have about their physical security hasn't quite developed in the digital world, presenting a challenge for homeland security officials, says State of Delaware Homeland Security Adviser Kurt Reuther.

A cybergang threatens a blitz of Trojan attacks aimed at 30 U.S. banks, according to RSA. What steps should all banking institutions take now to prepare? RSA's Mor Ahuvia offers insight and advice.

Windows 8 is coming soon. What are the security updates in Microsoft's new operating system? Which questions should security leaders weigh before upgrading? Forrester's Chenxi Wang offers insight.

Website outages at leading U.S. banks have garnered global attention. But how concerned should European institutions be that they could be the next targets? A London-based security expert shares insight.

Connecticut Attorney General George Jepsen says he hopes an update to the state's data breach protection law that took effect Oct. 1 will help make its enforcement less difficult.