Info Risk Today Podcast

Cyberattacks are increasing in frequency, complexity, nuance and stealth. But human error, business compulsions and increasingly complex environments make it difficult to maintain adequate defenses, says Juniper Network's CTO for India and SAARC

With hack attacks continuing against banks, SWIFT must follow in the footsteps of other vendors - notably Microsoft - and begin offering detailed, prescriptive security guidance to its users, says Doug Gourlay of Skyport Systems.

The $940 billion compensation awarded to Epic Systems in its case against Indian IT major TCS is unprecedented - shaking the industry out of its complacency to information security. Cyber law expert "Naavi" takes a close look at the implications for India.

There are two elements of a ransomware attack - the infection and then the action that takes place on infected devices. And both elements are evolving, says Ben Johnson of Carbon Black. He shares insight on how to improve ransomware defenses.

Many financial institutions struggle with implementing effective multifactor authentication solutions. They may lack confidence in new methods or grapple with the difficulty of integrating newer technologies with legacy investments. So, what technologies and processes need to be in place to ensure MFA's adoption throughout the financial sector? Crossmatch's Chris Trytten offers insight and strategies.

Breaches in the healthcare sector are continuing to surge, in part, because cybercriminals are building big data resources that can be used to fuel fraud, security experts Larry Ponemon and Rick Kam say in an audio interview discussing findings of a new Ponemon Institute report.

It's one thing to talk or even plan about "What happens if we are breached?" It's quite another to undertake a true breach exercise. What are the critical elements of such a drill? Author Regina Phelps shares advice from her new book.

The emerging threats posed by cybercrime and evolving banking services, including mobile banking, will be among the focal points of a keynote address by the Information Security Forum's Steve Durbin at ISMG's Fraud & Breach Prevention Summit in Washington May 17-18.

With today's multi-layered attack surface, traditional vulnerability management no longer suffices. Security leaders must embrace a new strategy to help identify and secure true assets at risk. Gautam Aggarwal of Bay Dynamics explains how.

Establishing new laws and regulations to address privacy and cybersecurity concerns related to the Internet of Things would likely be ineffective, attorney Steven Teppler, who co-chairs an American Bar Association IoT committee, says in an audio interview.

NIST's Ron Ross, in an audio interview, explains new draft guidance that's designed to help technology vendors build secure components that their customers can use to build trustworthy information systems. Ross will be a keynoter at ISMG's Fraud and Breach Prevention Summit in Washington.

The digital banking shift creates great convenience - for the fraudsters, as well as the customers. What can institutions do to reduce their vulnerability to breaches and fraud? Dave Allen of Bottomline Technologies offers advice.

Clinics, laboratories, durable medical equipment suppliers and other smaller healthcare entities need to bolster their breach preparedness as cyberattacks against smaller entities in all sectors continue to multiply, says David Finn of Symantec, who discusses findings from a new report.

Within the next 20 years, quantum computing could be applied to easily crack current approaches to cryptography, according to the National Institute of Standards and Technology, which already is beginning work on new approaches to encryption that can withstand the power of quantum computing.

The Verizon 2016 Data Breach Investigations report finds malware, ransomware and phishing attacks are more common than ever and creating even more damage. Organizations are continuing to get exploited via vulnerabilities that are months or even years old, forensics expert Laurance Dine explains in this interview.

Five new payment card data security requirements for third-party service providers are among the most significant changes included in version 3.2 of the PCI Data Security Standard released April 28, says Troy Leach of the PCI Security Standards Council.

The most important lesson from the lawsuit electronic health records vendor Epic Systems filed against Tata Consultancy Services is that data security controls must extend beyond protecting personally identifiable information to include intellectual property, attorney Ron Raether explains in this audio report.

Denise Hayman, vice president at the security firm Neustar, offers in-depth advice to women interested in launching an information security career in this audio interview.

A soon-to-be-launched pilot project funded by the National Institute of Standards and Technology aims to provide a potential model for how online access to patient information can be streamlined while boosting security, NIST trusted identities expert Phil Lam explains in this audio interview.

Now, more than ever, managing the risks involved in working with business associates and their subcontractors should be a top priority for healthcare organizations in their efforts to safeguard patient information, says risk management expert Andrew Hicks, who explains why.