Careers Information Security Podcast

Akamai's John Ellis talks about the quick evolution of bots and botnets, and how enterprise security leaders should deal with them now using a three-pronged approach - detection, management and mitigation.

When Benjamin Wyrick of VASCO Data Security looks toward 2016, he sees financial institutions embracing new mobile banking apps that are at once convenient and secure. What are the keys to making his vision a reality?

New draft guidance from the National Institute of Standards and Technology instructs healthcare providers on critical steps for securing patient data on mobile devices. Nate Lesser, who helped prepare the report, offers an analysis.

The FIDO alliance advocates the process of eliminating global dependency on passwords. RSA's Kayvan Alikhani discusses how FIDO is educating teams to use authentication tools to protect identities.

With enterprises now taking to the cloud in the APAC region, it's important to learn security lessons from western counterparts, says Cloud Security Alliance CEO Jim Reavis. He offers insights on dealing with risks and legacy IT.

If SSL goes away today, the Internet needs a security plan B, says Uniken's Chief Security Evangelist, Menny Barzilay. Innovation on the application level is what will restore trust, he believes.

Privacy advocate Deborah Peel, M.D., is worried that several ongoing healthcare sector initiatives could potentially erode patient privacy and individuals' control over their health records. Find out about her latest concerns.

Visa's Eduardo Perez says one of the key merchant vulnerabilities his company is most concerned about is weak remote-access controls for point-of-sale systems and devices. He offers risk mitigation advice in this exclusive interview.

One of the most important lessons emerging from the recent string of major cyberattacks in the healthcare sector is the need for executives to treat information security as an essential component of business operations, says attorney Ron Raether.

Security expert Alan Woodward is warning that enterprises should ditch RC4 after researchers demonstrated practical attacks that demolish the crypto that's widely used in enterprise WiFi devices and for TLS.

Organizations think they have done everything right, yet still they are breached. What has gone wrong? RSA's CTO Zulfikar Ramzan says it's time for security practitioners to shift to a new prevention mindset.

Virtualization and related developments bring significant changes to the architecture of today's data centers. At RSA Conference Asia Pacific & Japan, Cisco's Munawar Hossain defines these changes and outlines the new challenges.

Cybercrime is growing as an industry, developing capabilities to target large entities. Ernst & Young's Ken Allan recommends a three-stage strategy to combat threats and urges CISOs to set new priorities.

Put your personal feelings aside; what's dangerous about the AshleyMadison.com breach is that ideologists will now go beyond taking down an IT system and actually destroy a business. This evolution, says cybersecurity expert Carl Herberger, requires a new way to assess and mitigate risk.

Robin Slade of the Santa Fe Group says current vendor risk evaluation methods are inefficient. She advocates peer collaboration through shared assessments of vendors to help improve management of third-party risks.

Raimund Genes' keynote at RSA Conference Asia Pacific & Japan is an appeal to the information security community to start putting security in perspective, emphasizing new approaches that address the changing threat landscape.

DNS hijacking is the most common attack being investigated by Akamai's incident response team, says APAC CTO Mike Smith. He shares some background on the subject and his session on it at RSA Conference APAC.

Misusing data access privileges can pose a threat to the integrity of an organization's IT systems and the privacy of individuals. But gray areas exist, and it's not always clear cut when "unofficially" accessing protected data means users are abusing their privileges.

By now, organizations are well acquainted with DDoS. But do they understand the attacks' key components and how to mitigate them? Akamai's Matt Mosher shares the questions to ask when purchasing DDoS mitigation.

As more enterprises adopt software-defined networking, hackers are finding the emerging technology to be a new route to penetrate organizations. Anthony Lim of (ISC)² recommends ways to secure SDNs against attacks.