Careers Information Security Podcast

By tracking "Indicators of Exposure" - the top techniques attackers could use to hack into any individual enterprise - organizations can better defend themselves against network intrusions and data breaches, says Gidi Cohen, CEO of Skybox Security.

Examining the human factor in the age of cyber conflict and the new healthcare challenge concerning ransomware highlight this edition of the ISMG Security Report. Also, hackers target the Republican convention.

FireEye has dealt with more disruptive data breaches over just the past year than it has since the company was founded 12 years ago. Charles Carmakal, vice president with the company's Mandiant forensics unit, shares tips for handling a breach.

An analysis of the record of the U.K.'s new prime minister, Theresa May, on cybersecurity and online privacy and a report on efforts to create an antidote to ransomware highlight this edition of the ISMG Security Report.

In the wake of the controversy over Hillary Clinton's use of private email servers, President Obama voices his concerns about the state of federal government IT security in this edition of the ISMG Security Report.

In the wake of the Hillary Clinton email controversy, organizations need to be more aware of the risks of unsanctioned "shadow IT" and take appropriate mitigation steps, says security expert Mac McMillan.

A bitter battle flares up in the fiercely competitive endpoint protection products market, and uncovering the real impact over Hillary Clinton's email server. These items highlight this edition of the ISMG Security Report.

Missing from the analysis and debate regarding the U.S. government's decision not to prosecute presumptive Democratic Party presidential candidate Hillary Clinton for using a private email server while secretary of state is this simple fact: Secure IT systems aren't tailored to function the way people behave.

One of the unforeseen advantages of the so-called "brain-drain" in cybersecurity is that organizations have had to think outside the IT box and hire staff that don't fit the traditional computer science mold. Jen Miller-Osborn of Palo Alto Networks discusses why diverse backgrounds benefit security.

One of the core values of the cybersecurity framework is to facilitate communication among various stakeholders coming from different technical and managerial backgrounds who must collaborate to build secure IT systems, NIST Program Manager Matt Barrett explains in an interview.

More than 200,000 internet-connected systems remain vulnerable to the OpenSSL vulnerability known as Heartbleed, more than two years after the flaw was publicly announced and related patches released, warns security researcher Billy Rios.

Now a Ukraine bank has reported suffering a $10 million hacker heist via fraudulent SWIFT transfers. Also hear about why attackers often use legitimate IT administrator tools, and organizations' growing use of deception technologies and strategies.

The need for PCI-DSS compliance is being embraced in Southeast Asia and the Middle East, with adoption of PCI standards increasing dramatically over the last five years, says Dharshan Shanthamurthy, CEO of SISA Information Security, who shares insights about why PCI adoption is likely to continue to grow.

The Dark Overlord selling stolen healthcare databases for bitcoins leads the ISMG Security Report. Also hear about banks' move toward real-time transaction fraud controls and a bipartisan attempt in Congress to tackle the ongoing crypto and "going dark" debates.

So why is Visa temporarily reducing the fraud chargeback burden on non-EMV-compliant U.S. merchants? Mark Nelsen, Visa's senior vice president, says it boils down to this: The card brand wants to give retailers a break while it takes steps to streamline the cumbersome certification of new POS devices.

In the wake of recent SWIFT-related interbank payment heists, more banks are monitoring transactions for anomalous behavior in an attempt to catch fraud in real time, says Andrew Davies, a fraud prevention expert at core banking services provider Fiserv.

Healthcare organizations must do much more to continually measure the effectiveness of their security controls as new cyber threats emerge and evolve, Lisa Gallagher of PricewaterhouseCoopers, formerly of HIMSS, says in this in-depth interview.

Britain's surprise vote to "Brexit" the European Union leads the ISMG Security Report. Also hear analysis on a cybercrime forum selling remote server access; Comodo being in hot water by saying "let's encrypt"; and why Facebook CEO Mark Zuckerberg covers his webcam with tape.

Achieving international acceptance of PCI-DSS is an ongoing challenge, says Jeremy King, international director of the PCI Security Standards Council, who's working to educate merchants about baseline security that goes far beyond cardholder data protection.

In this edition of the ISMG Security Report, you'll hear reports on the U.S. government nabbing healthcare fraudsters; federal agencies at risk of exposing highly sensitive data; and the hacking of brokerage accounts.