Healthcare Information Security Podcast

Increasingly, cyber attackers are molding technology and human intelligence into blended threats that prey upon vulnerable defenses. Chester Wisniewski of Sophos lays out how organizations can become more mature in preparedness and response.

Often in breach response, security professionals focus on the technical aspects of the attack. Yet, the non-technical aspects are often more insidious, says Teju Shyamsundar of Okta. And Identity can be a powerful tool to bolster defenses.

More organizations are deploying single sign-on mechanisms when they move to software-as-a-service applications to help enhance authentication and control access, says Moshe Ferber, chairman of the Israeli chapter of the Cloud Security Alliance.

Finding the right balance between risk and resilience is a challenge for every cybersecurity project - especially in the aerospace, space and defense sectors - and that's why such efforts must be driven by CISOs and CIOs, says Leonardo's Nik Beecher.

Too many organizations around the world take a "bare minimum" approach to third-party risk management, says Jonathan Ehret, founder of the Third Party Risk Association, who offers risk mitigation insights.

Identity and access management continues to be a top medical device cybersecurity challenge, says security expert Mark Sexton of the consultancy Clearwater, who offers a variety a risk mitigation tips.

When migrating systems, data and applications to the cloud, a critical security step is to involve compliance auditors in the process as early as possible, says Thien La, CISO at Wellmark Blue Cross Blue Shield.

The latest edition of the ISMG Security Report analyzes the security and privacy implications of Facebook's new digital currency - Libra. Also featured: Discussions on the rise of machine learning and IT and OT collaboration on cybersecurity.

A new report from Accenture highlights five key areas where cyberthreats in the financial services sector will evolve. Many of these threats could comingle, making them even more disruptive, says Valerie Abend, a managing director at Accenture who's one of the authors of the report.

Want to improve how your organization delivers and absorbs security awareness training? Then it comes down to reinventing your approach, including gamification, says Barracuda's Michael Flouton.

Implementing new technologies and best practices can help healthcare organizations dramatically improve their detection of data breaches, says Mitch Parker, CISO of Indiana University Health System, who will be a featured speaker at ISMG's Healthcare Security Summit on June 25 in New York.

Third-party risk has emerged as one of 2019's top security challenges, and the topic was the focus of a recent roundtable dinner in Charlotte. RSA's Patrick Potter attended that dinner and shares insight on how security leaders are approaching this aspect of digital risk management.

The latest edition of the ISMG Security Report features a deep dive into an analysis of the cybersecurity risks that publicly traded companies face. Plus: Was the band Radiohead hacked? And what's unusual about the proposed Premera Blue Cross breach lawsuit settlement?

Britain's biggest businesses continue to inappropriately expose servers and services to the internet, putting the organizations and data at risk, according to a study by Rapid7. Tod Beardsley describes the findings, including a widespread lack of phishing defenses as well as cloud misconfigurations.

What stands out most about a proposed $74 million settlement of a class action lawsuit against Premera Blue Cross in the wake of a 2014 data breach? Technology attorney Steven Teppler offers insights in this interview.

As spotlighted by the recent American Medical Collection Agency breach impacting at least four clients and more than 20 million of those companies' patients so far, vendor risk management is an increasingly critical component of information security, says Eddie Chang of Travelers Insurance.

The latest edition of the ISMG Security Report describes Apple's newly announced single sign-on function that's built with privacy in mind. Plus, a discussion of the "other" insider threat and an Infosecurity Europe conference recap.

The zero trust model has been around for a decade, and the ideas around it have evolved as applications have left the enterprise perimeter, says Lisa Lorenzin of Zscaler. With mobile apps and cloud computing, enterprises are facing challenges creating secure, trusted access paths.

Organizations across all sectors feel the cybersecurity skills gap. But Austin Murphy of CrowdStrike says it's not just skills - it's a capacity gap. He shares insight on how organizations can help bridge these divides.

The latest edition of the ISMG Security Report analyzes the "blame game" in the wake of a ransomware attack against the city of Baltimore. Also featured: Discussions of cyberthreats in the financial services sector and open source security concerns.