Info Risk Today Podcast

Organizations are getting increasingly prioritizing incident response capabilities by putting investigation firms on retainer, or creating their own internal teams, says Patrick Morley, president and CEO of Bit9 + Carbon Black.

Gartner's Claudio Neiva says there is only so much an intrusion detection and prevention system can do, so organizations need to take additional steps to safeguard critical data and systems.

Hackers are using medical devices as gateways to launch targeted attacks at hospitals, but there are steps organizations can take to better protect their environments, says Greg Enriquez, CEO of TrapX.

Attackers today continue to refine their distributed denial-of-service attack capabilities, delivering downtime on demand. The increase in attack effectiveness and volume demands new types of defenses, says Akamai's Richard Meeus.

Two years after the leaks that showed the U.S. National Security Agency spied on America's European allies, the U.S. and Europe still need to rebuild trust so they can collaborate on defending against cyber-attacks, says Carsten Casper of Gartner.

Last year, organizations took an average of 205 days to detect a breach. To better combat such attacks and lock down breaches, FireEye's Jason Steer says organizations must lower that to hours or even minutes.

Larry Ponemon, founder of the Ponemon Institute, offers an in-depth analysis of the results of the organization's 10th study of the costs of data breaches, which found, for example, that rapid growth in hacker attacks is leading to escalating costs.

"Show me your dashboard." That's a request security expert Gavin Millard regularly makes to CISOs to demonstrate how today's too-complex dashboards highlight the challenge of gathering and distilling essential security metrics.

Mark Weatherford, a former DHS cybersecurity leader, says the Office of Personnel Management neglected to take basic steps that could have helped prevent a breach that may have exposed the PII of 4 million current and former government workers.

While cyberthreat information sharing within the banking sector has improved, the retail sector has failed to keep up. But ISACA's Robert Stroud said pending federal legislation could help change that.

When it comes to advanced threat protection, security leaders increasingly turn to new machine learning solutions. Stephen Newman of Damballa discusses key skills and strategies necessary for success.

Financial services firms are increasingly applying contextual security tools to help identify fraud more quickly. But a shift to continuous authentication will provide even better security, says Vasco's Jan Valcke.

At CA Technologies, mobile security is not just a solution for customers; it's a practice that IT security leaders have embraced internally. CA's Robert Primm discusses how to secure a borderless workplace.

Intel Security cybercrime expert Raj Samani says that after the April disruption of the Beebone botnet by law enforcement agencies, researchers have found more infected nodes than normal, largely in Iran.

How does an advanced threat adversary operate for 10 years, undetected? FireEye APAC CTO Bryce Boland shares details of the decade-long APT30 campaign that targeted organizations in India and Southeast Asia.

Many security pros look askance at "cybersecurity." But Symantec's Sian John says the embrace of that term shows just how much senior executives are beginning to understand the risks their organizations face.

Assessing the risks presented by "digital business" - the new business designs that blur the digital and physical worlds - will be a theme at the 2015 Gartner Security and Risk Management Summit, says Andrew Walls, event chairman.

To help organizations discover what they don't know is happening on their networks, Darktrace uses machine learning to create advanced baselines of normal behavior, then sounding alarms when it sees deviations.

Cybercrime continues to evolve, offering an ever-increasing array of niche capabilities, ranging from attack techniques and infrastructure to related research and sales services, warns Trend Micro's Bharat Mistry.

The EMV Migration Forum has published a new "roadmap" to help card issuers, acquirers and merchants prepare for the October card-present fraud liability shift date. Director Randy Vanderhoof explains why the clarification is needed.