Government Information Security Podcast

The latest edition of the ISMG Security Report discusses new combination ransomware and doxing attacks. Plus, Twitter drops phone numbers in 2FA, and why we need to consider quantum cryptography today.

All healthcare industry stakeholders must take critical steps to address the cybersecurity of connected medical devices, says Jennifer Covich Bordenick, CEO of of the eHealth Initiative and Foundation, an advocacy group that has issued a new report on the subject.

Election hacking is not just a US issue; it's a hot topic for every global democracy. And Joseph Carson of Thycotic is concerned that too many people are focused on the wrong elements of this topic. He analyzes the specific hacking techniques that demand attention.

This edition of the ISMG Security Report features an analysis of the very latest ransomware trends. Also featured: Discussions of Microsoft's move to DNS over HTTPS and strategies for tackling IoT security challenges.

Two rules proposed by federal regulators could provide significant help to strengthen cybersecurity in the healthcare ecosystem, says regulatory attorney Julie Kass of the law firm Baker Donelson.

Numerous regulations and standards have been introduced globally to help curtail online fraud. What makes EMV 3D Secure stand out? Matt Cooke and Paul Dulany of Broadcom weigh in on the implementation and benefits of EMV 3DS.

While IoT devices are entering enterprises at a rapid pace, the security practices around them are as much as 20 years behind those for enterprise computing, says Sean Peasley of Deloitte, who outlines steps organizations can take to ensure safe IoT computing.

Cloud solutions, the mobile workforce, the skills gap - these are among the security impacts that don't get enough attention when discussing digital transformation. David Ryder of Avast Business opens up on these topics.

Multifactor authentication is gaining traction - but it also is causing additional user friction when deployed poorly. Corey Nachreiner and Marc Laliberte of WatchGuard Technologies discuss how best to deploy and administer MFA.

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.

Bolstering medical device security is a top priority at Fort Worth, Texas-based Cook Children's Health Care System, says CIO Theresa Meadows, who's a leader of two cybersecurity advisory groups.

There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etay Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.

With Google aggressively expanding its push into the healthcare sector, critical privacy-related issues are emerging, says regulatory attorney Alisa Chestler, who offers an overview of key issues.

Getting breached is not a question of "if," but "when." Nick Carstensen of Graylog explains what steps should be taken to mitigate data breach risk.

One key step for preparing to comply with the California Consumer Privacy Act, which goes into effect in January, is determining how best to verify the identity of users, say two leaders of the Sovrin Foundation, who discuss the key issues.

Bala Kumar of iovation, a TransUnion company, sees a marked spike in identity fraud in general, and at account origination in particular. How does this increase manifest across industry sectors, and how should organizations re-think their defenses?

Sprawling computing environments - from cloud to containers to serverless - are posing challenges in maintaining visibility and determining if data is secure, says Mike Adler of RSA.

The latest edition of the ISMG Security Report offers an analysis of how Twitter allegedly was used to spy on critics of the Saudi Arabian government. Also featured: A preview of the new NIST Privacy Framework and an update on business email compromise attacks.

Organizations should develop a comprehensive strategy for managing third-party security risks and avoid over-reliance on any one tool, such as vendor security risk assessment, monitoring or ratings services, says analyst Jie Zhang of Gartner.

By year's end, the National Institute of Standards and Technology should be ready to publish the first version of its privacy framework, a tool to help organizations identify, assess, manage and communicate about privacy risk, says NIST's Naomi Lefkovitz, who provides implementation insights.