Careers Information Security Podcast

The big-name breaches have made us all sensitive to the loss of personal and competitive data. But are we overlooking the real risks? Shawn Henry of CrowdStrike offers insight on how we need to evolve our core defenses.

Webroot has just released its 2016 edition of its annual threat brief. In an exclusive interview, Michael Malloy, executive vice president of products and strategy, discusses the report and how its key findings will likely play out in the year ahead.

Threat response is a lot like physical fitness. Enterprises know what they need to do - they often just opt not to do it. RSA's Rashmi Knowles offers advice for how to move from threat prevention to response.

More cybercriminals are adapting their attack techniques, using compromised credentials linked to privileged accounts to invade networks and systems, according to researchers at Dell SecureWorks, who describe an open source solution that can help mitigate the threat.

Former intelligence operative Will Hurd brings his CIA values, including his belief in the benefits of sharing of threat information, to his job as chairman of a House subcommittee with information security oversight. Hurd addresses a number of cybersecurity matters in a wide-ranging interview.

Unlike other security and breach reports, Verizon's Data Breach Digest is a collection of data breach investigation case studies from around the world. Verizon's Ashish Thapar elaborates on findings from this digest.

Apple's standoff with the U.S. government is creating a healthy debate about whether federal investigators, under certain circumstances, should have the right to circumvent the security functions of smartphones and other devices, says cybersecurity attorney Chris Pierson.

Virginia Gov. Terry McAuliffe has a message for state leaders across the nation: Cybersecurity has to be a top item on their policy platforms. And, by the way, he very much intends to make Virginia the cyber capital of the United States.

Healthcare organizations must take several important steps to protect their environments against ransomware attacks, says Mac McMillan, CEO of the security consulting firm CynergisTek. He outlines key measures in this interview.

Organizations can apply user behavioral analytics - the practice of reacting to how people behave in the information security realm - to better spot and block data breaches, says Fortscale's Kurt Stammberger.

Finding security staff members with the right mix of technical qualifications and real-world experience is a difficult challenge, says Curt Kwak, CIO of Proliance Surgeons, who describes his strategies.

In light of the rapidly evolving cyber threat landscape, a top goal at University of Pittsburgh Medical Center is to identify and stop security incidents before the damage escalates, says John Houston, vice president, information security and privacy.

Identity management is going to be a big issue in 2016, and emerging authentication tools, such as biometrics, could very well gain a more significant foothold, although not without posing new risks, says Steve Martino, CISO at Cisco Systems.

Attacks against the cloud, using the cloud for command and control of malware attacks, and securing endpoints are posing big worries for all industries, says Brian Kenyon of Blue Coat Systems.

The "industrialization" of cybercrime, remote-access attacks and mobile-banking application and online-browser overlay attacks are trends the financial industry should monitor this year, says George Tubin of IBM Security Trusteer.

Too many companies that provide cybersecurity solutions are failing to focus on helping organizations control risk at a reasonable cost, argues Malcolm Harkins, CISO at Cylance.

Despite the pervasiveness of data breaches, healthcare organizations are still playing catch-up on implementing strong, risk-based security programs, rather than focusing solely on HIPAA compliance, says David Finn of Symantec. He offers a preview of his session at the HIMSS 2016 Conference about a new survey.

The Department of Homeland security sees malware provenance - which identifies the attributes of malicious codes - as a way to complement its signature-based Einstein intrusion detection and prevention systems to find malware that infects IT systems.

Cybersecurity competitions are being adapted so employers can use them to vet the know-how of prospective employees, U.S. Cyber Challenge National Director Karen Evans says.

It used to be that security was the one big barrier to organizations embracing the cloud. But Troy Kitch of Oracle says that not only is that barrier coming down, but now leaders are seeing cloud as a security enabler.