Info Risk Today Podcast

Healthcare organizations should expect more FDA cybersecurity alerts about medical devices in the year ahead, predicts security researcher Kevin Fu, who explains why.

President Obama's remarks urging "high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice" are being interpreted by some to mean that government and Silicon Valley should collaborate to create a backdoor to circumvent encryption on devices used by terrorists.

In the year ahead, federal regulators need to ramp up their efforts to enforce HIPAA compliance among business associates because so many lack mature security controls, argues security expert Mac McMillan of the consultancy CynergisTek.

The experience of a dozen health plans that participated in a cyberattack drill spotlights the need for a well-thought-out incident response plan, says John Gelinne of Deloitte Advisory Cyber Risk Services.

A huge part of fraud prevention is being able to detect anomalous behavior on your network. But to do so, you need to know what normal behavior looks like. Usman Choudhary of ThreatTrack discusses how to create that network baseline.

Consultant, venture capitalist, retired chairman of RSA. Art Coviello plays many roles, and through them he has a unique view on how the information security marketplace is taking shape for 2016. Who does he see as the winners and losers?

Malware: How does it work, who built it and what - or who - is it designed to target? Answering these types of questions is a job for Marion Marschalek of Cyphort, who reverse-engineers malicious code for a living.

Business email compromise attacks are becoming more sophisticated and pervasive, and smaller businesses in English-speaking countries are proving to be the most common targets, says PhishLabs' Joseph Opacki, who calls on banks to show customers examples of the schemes.

While cyberattacks will continue to menace healthcare and other business sectors next year, organizations can't afford to overlook addressing risks tied to insiders, who are responsible for most data breaches, says Michael Bruemmer of Experian Data Breach Resolution.

More cybersecurity specialists are making the leap from long-time careers in law enforcement, the military and the government to the private sector, says Dale Meyerrose, a retired U.S. Air Force Major General, who explains why.

In the age of payment card breaches, PCI compliance is a top priority for merchants and organizations that process electronic payments. But what difference does it make when its PCI compliance in the cloud? Steve Neville of Trend Micro shares insight.

Insurance fraud schemes are growing in scale and sophistication. But at the same time, insurance companies - and their customers - are losing their appetite to accept fraud losses. IBM's Brian Banigan offers insight on the latest counter-fraud solutions.

The surge in data breaches has left millions of consumer records compromised. As a result, fraudsters have all they need to open bogus accounts, which cost banks huge losses linked to what Greg Shelton of LexisNexis Risk Solutions calls "sleeper fraud."

As precision medicine research advances, the medical community must take steps to address the privacy risks to sensitive genetic information that is shared among researchers, says Carlos Bustamante of Stanford University.

LabMD's recent victory in its long legal battle with the Federal Trade Commission will be short-lived, the medical testing lab's CEO predicts. Find out why, and what changes Michael Daugherty hopes the case will bring to FTC's enforcement practices.

NICE's Rodney Petersen sees too many government agencies and businesses using old-school methods to identify and recruit IT security professionals. Consequently, they often fail to build their cybersecurity staffs.

The ruling to dismiss the FTC's data security case against medical lab LabMD will result in FTC staff more carefully vetting the enforcement cases the agency pursues against all other companies in the future, predicts former FTC attorney Reed Freeman.

In the wake of the Paris attacks, cybersecurity expert Brian Honan argues that now is not the time to make snap public policy decisions that attempt to promote or restrict either cryptography or surveillance.

The terrorist attacks in Paris likely would have occurred even if intelligence and law enforcement agencies could have broken encryption Islamic State attackers used in their communications to plan the assault that killed at least 129 people.

The massive cyberattacks that struck Chase and other leading U.S. financial services firms illustrate just how vulnerable larger institutions can be to cyber-attacks. They also show why organizations must encrypt customer data, says security and forensics expert Chuck Easttom.