Info Risk Today Podcast

What are some of the unique challenges organizations face when they move into continuous monitoring and risk mitigation? Scott Gordon of ForeScout and Ken Pfeil of Pioneer Investments offer insight.

IT security leaders need to develop a strong, holistic security and risk management strategy as they implement advanced, strategic technical capabilities, IBM's David Jarvis says in analyzing new survey results.

What is hostile profile takeover, and why does this emerging threat pose such a risk to smart phone users? Dave Jevans, CTO of Marble Security, describes this and other new mobile threats.

The average insider scheme lasts 32 months before it's detected, says threat researcher Jason Clark, who suggests using a combination of the right technologies and the right processes is the key to improving detection.

Mary Galligan, the just-retired head of the FBI's New York cyber unit, says the federal government can do more to help businesses take all the right steps to protect sensitive information and prevent breaches.

Banking institutions and merchants are fighting back against cyber-attacks by sharing information and assisting law enforcement investigations, says Julie Conroy of Aite, which has issued a report about account takeover and cyberfraud trends.

Nations' policies for mitigating cyberthreats can conflict with efforts to promote cyber-enabled global trade, cautions Allan Friedman, research director of the Brookings Institution's Center for Technology Innovation.

Face-to-face and over-the-phone social-engineering schemes are increasingly used to perpetrate fraud, highlighting the need for more education and real-time transaction monitoring, says Gartner's Avivah Litan.

To mark his induction into the National Cyber Security Hall of Fame, Purdue University Computer Science Professor Eugene Spafford offers insights on key challenges, including overcoming senior executives' misperceptions about key issues.

Knowledge-based authentication is no longer reliable, says fraud expert Avivah Litan, an analyst at Gartner. She explains why so-called behavioral authentication is the only reliable way to verify users.

Attacks waged for cyber-espionage, fraud, DDoS and other nefarious deeds are increasingly being hired out to sophisticated hackers for specific purposes, says Symantec researcher Kevin Haley.

What are the distinct phases of the fraud lifecycle, and how can banking institutions intervene at each stage to prevent losses? Daniel Ingevaldson of Easy Solutions offers fraud-fighting tips.

Mitigating card risks associated with retail malware attacks and POS vulnerabilities is a focus of updates to the PCI Data Security Standard, say Bob Russo and Troy Leach of the PCI Security Standards Council.

Top executives at healthcare organizations must take the lead in overcoming a culture that portrays privacy and security as barriers, says Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT.

Professionalizing occupations within the cybersecurity field won't necessarily help fill vacant IT security jobs in government and industry, says Diana Burley, an IT security workforce expert.

More than 1,000 banks will test their incident response strategies by participating in a simulated cyber-attack exercise. SWACHA's Dennis Simmons says the drill, which is open to more participants, will help bolster defenses.

Phishing attempts against bank employees are on the rise. How can institutions improve their defenses? Daniel Ingevaldson of Easy Solutions offers insights on how to combat advanced phishing techniques.

In response to today's cybersecurity challenges, Southern Methodist University has selected Frederick Chang to head a new program that will address top issues - including how to fill the skills gap.

In the wake of a year of attacks waged against banking institutions by Izz ad-Din al-Qassam Cyber Fighters, the FS-ISAC's Bill Nelson and the ABA's Doug Johnson say the need to regularly update DDoS preparedness is a critical lesson learned.

John Streufert, the DHS director overseeing the rollout of a federal continuous diagnostic initiative to mitigate IT systems vulnerabilities, expects that many state and local governments will participate in the program.