Detailed
Compact
Art
Reverse
October 11, 2019
How might a national unique patient identifier improve the accuracy of patient record matching and potentially help address identity fraud? Julie Dooling of the American Healthcare Information Management Association - which has been lobbying for the development of such an ID - makes the case.
October 11, 2019
The latest edition of the ISMG Security Report analyzes Twitter's repurposing of user phone numbers for targeted advertising. Plus: A discussion of 5G security issues and findings of the Internet Organized Crime Threat Assessment.
October 10, 2019
To ensure privacy is protected, governments need to make sure standards and regulations keep pace with the latest technology developments, including facial recognition and other forms of artificial intelligence, says Steven Feldstein, an associate professor at Boise State University.
October 10, 2019
What should healthcare organizations know about complying with the breach notification and data security requirements of New York's SHIELD Act? And how does the new law compare with HIPAA? Jon Moore, chief risk officer at consulting firm Clearwater, explains.
October 10, 2019
What is a "reasonable" response to a cyber incident? Following a recent roundtable dinner discussion of the topic, Jonathan Nguyen-Duy of Fortinet discusses getting cyber right.
October 9, 2019
When it comes to identifying and stopping malicious and even accidental insider threats, organizations are often overlooking a significant gap. Nathan Hunstad of Code42 discusses how to plug this costly leak.
October 9, 2019
As part of a multi-city tour, ISMG and Sonatype visited Atlanta recently for an engaging discussion on how to mitigate risks introduced by open source code. Here's a conversation with DevOps advocate Derek Weeks.
October 8, 2019
Amidst a multi-city tour, ISMG and Sonatype visited Boston for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses how the conversation highlights the offense vs. defense approaches to securing critical applications.
October 7, 2019
Organizations must take a number of critical steps to prepare a response to ransomware attacks before they hit, says Caleb Barlow, the new president and CEO of security consulting firm CynergisTek, who offers a guide.
October 4, 2019
Healthcare organizations can take steps to start mitigating risks while awaiting vendor software patches to address URGENT/11 IPnet vulnerabilities in their medical devices, says researcher Ben Seri of security firm Armis, which identified the flaws.
October 4, 2019
The latest edition of the ISMG Security Report analyzes concerns about the use of Huawei equipment by U.S. telecommunications firms. Also featured: A Huawei executive discusses 5G security, plus an update on an Australian ransomware attack.
October 4, 2019
ISMG and Rapid7 kicked off a roundtable dinner series in San Francisco, where Rapid7's Scott King says the conversation showcased the challenges security leaders face in engaging business leaders to discuss risk.
October 3, 2019
Microsoft's Remote Desktop Protocol is one of the most widely used utilities for connecting to remote machines. But it poses risks if organizations don't actively monitor how it's used, says Chris Morales of the security firm Vectra.
October 1, 2019
With all of the tools deployed for endpoint detection and response, enterprises today are often overwhelmed by threat intelligence, says J.J. Thompson of Sophos. To alleviate "analysis paralysis," Sophos has just launched its Managed Threat Response service. Thompson details its offerings.With all of the tools deployed for endpoint detection and response, enterprises today are often overwhelmed by threat intelligence, says J.J. Thompson of Sophos. To alleviate "analysis paralysis," Sophos has just launched its Managed Threat Response service. Thompson details its offerings. Thompson, senior director of Managed Threat Response, says the new service combines sophisticated tools and expert analysts in a service that surpasses what traditional EDR can do today. "Of the landscape of MDR providers out there, very few take action," Thompson says. "Other services simply notify customers of attacks or suspicious events, and then it's really up to them to manage things from there." But with the new Sophos service, "neutralize" is just as important as "detect." In an interview about managed threat response, Thompson discusses: The evolution of threat hunting; How Sophos' new service works; Why neutralizing threats is a competitive edge. Thompson is among the earliest pioneers in the field of cybersecurity known today as Managed Detection and Response. An industry veteran with a 20-year entrepreneurial track record of success, J.J. joined Sophos to lead strategy for managed service offerings following the acquisition of his company Rook Security in 2019. Previously, J.J. led security program strategy and operations for some of the world's largest technology and security companies. While at Ernst & Young, he served Global 100 accounts through strategic incident and crisis response. J.J. also served as President of the Silicon Valley chapter of the Information Systems Security Association (ISSA) and (ISC)² Indianapolis.
September 30, 2019
What are some of the most important aspects in managing vendor security risk when taking on third parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk.
September 27, 2019
The latest edition of the ISMG Security Report features an analysis of Donald Trump's comments about "the server" in a discussion with the president of Ukraine. Also: insights on "privacy by design" and highlights of ISMG's Cybersecurity Summit in Toronto.
September 25, 2019
A new resource designed to help healthcare organizations of all sizes engage in cybersecurity information sharing is now available. Errol Weiss, who helped create the "cybersecurity matrix," describes how to use it.
September 25, 2019
Technology companies often don't build in controls to protect privacy during the application development process, says Jason Cronk, a lawyer and privacy engineer. But using "privacy by design" principles during software development can help avoid trouble, he says.
September 20, 2019
The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir. Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues.
September 19, 2019
Deception technology has emerged as a hot practice - but not one that is necessarily on every enterprise's budgeting radar. Don Gray, CTO of PacketViper, talks about the emergence of deception technology and how security leaders can make the case - and find the budget - for its usage.
September 17, 2019
Artificial intelligence is playing an important role in the fight against payment card fraud, says Gord Jamieson, senior director of Canada risk services at Visa. He'll offer a keynote presentation on the latest fraud trends at Information Security Media Group's Cybersecurity Summit in Toronto Sept 24-25.
September 17, 2019
Even with the uptake of cloud services, many large enterprises still hold data on mainframes, says Philip MacLochlainn of IBM. But the diversity of computing environments around mainframes is rapidly changing, which increases the risk of data breaches, he explains.
September 13, 2019
Ransomware-wielding attackers treat infecting endpoints as a business and put customer relationship management principles to work, says Bill Siegel, CEO of ransomware incident response firm Coveware. He notes criminals "go after the low-hanging fruit because it's cheap and the conversion rate is high."
September 13, 2019
Cybercriminals are "upping their game" by stealing and then auctioning off on the dark web administrative access credentials to healthcare organizations' clinician and patient portals, says Etay Maor of IntSights.
September 13, 2019
This week's ISMG Security Report analyzes the cost of business email compromise attacks and the recent arrest of dozens of suspects. Also featured: updates on the easy availability of low-cost hacking tools and the latest payment card fraud trends.
September 13, 2019
Insider threats are difficult to counter. What happens when an employee goes rogue, and how do you catch them? Charles Carmakal of Mandiant, who says his firm is dealing with more insider threat investigations, shares tips for better defenses.
September 10, 2019
In the past year, cybercriminals behind two of the biggest ransomware attacks have abandoned other techniques in favor of exploiting remote desktop protocol. Matt Boddy of Sophos explains why RDP attacks are so popular - and what you can do to discourage them.
September 6, 2019
This week's ISMG Security Report takes a close look at whether an iPhone hacking campaign may be linked to Android spying campaigns by China. Plus: Do ransomware gangs target organizations that have cyber insurance?
September 6, 2019
This week's ISMG Security Report takes a close look at whether an iPhone hacking campaign may be linked to Android spying campaigns by China. Plus: Do ransomware gangs target organizations that have cyber insurance?
September 5, 2019
ISMG and Cybereason visited Dallas on their "Indicators of Behavior" roundtable dinner tour. And Cybereason CSO Sam Curry says the discussion validated the notion that it's time to reimagine incident detection and response.
September 3, 2019
Security needs to be reinvented for the internet of things, and start-up companies can play a critical role, says Robin Saxby, the former CEO and founder of Arm Holdings, a U.K.-based semiconductor company, who now invests in start-up firms.
September 3, 2019
What role does security play in an enterprise's digital transformation? ISMG and Nominet recently raised this question to a group of security leaders in Las Vegas. The answers were eye-opening. Stuart Reed of Nominet shares his reaction to the roundtable discussion.
August 30, 2019
The latest edition of the ISMG Security Report offers an analysis of how French cyber police disrupted a cryptomining malware gang. Also featured: Apple's botched patching of a jailbreaking vulnerability; an industry veteran's insights on battling payment card fraud.
August 30, 2019
Artificial intelligence and machine learning must be judiciously used, such as when monitoring internet of things devices, says David De Roure, professor of e-research at the University of Oxford, who offers insights on IoT risk management.
August 23, 2019
The latest edition of the ISMG Security Report analyzes the ransomware attack on Texas municipalities as part of a broader trend. Also featured: An initiative designed to safeguard the 2020 presidential elections and a CIO's third-party risk management efforts.
August 22, 2019
Account takeover continues to be a lucrative path for fraudsters across all industry sectors. But Scott Olson of iovation says there are different levels of defense that can be deployed, based on the risk of specific types of transactions.
August 19, 2019
What are some of moves that organizations can make to improve their identity and access management? Veda Sankepally, an IT security manager at managed care company Molina Healthcare, describes critical steps in this case study interview.
August 16, 2019
An A-list of cyber experts, including former Homeland Security Secretary Jeh Johnson, has put its weight behind U.S. CyberDome, a nonpartisan initiative to protect presidential campaigns against foreign influence. Matthew Barrett, a former NIST leader and co-founder of CyberDome, outlines how this group is gearing up.
August 16, 2019
This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.
August 12, 2019
A new professional credential aims to help healthcare organizations bolster their security leadership bench strength, says William Brad Marsh, co-chair of a committee that developed the certification.
August 9, 2019
IoT, the cloud, third-party risk - we hear a lot about how the cybersecurity risk surface and threat landscape have evolved. But what about the new business demands on cybersecurity leaders? Christopher Hetner, former global CISO at GE Capital, shares insights.
August 9, 2019
Fortinet's FortiGuard Labs global threat research team is creating research playbooks that provide deep-dive analysis of not only threat trends, but also cybercriminal and adversary tools and techniques. Derek Manky and Tony Giandomenico discuss the playbook model and how it can help in the fight against cybercrime.
August 8, 2019
Former Secret Service agent Jeff Dant now heads fraud operations and intelligence for the financial crimes unit at BMO Financial Group. Which threats and threat actors does he focus on, and how does his law enforcement experience help? Dant previews a session at the upcoming Cybersecurity Summit in New York.
August 7, 2019
The SANS Institute's Cyber Workforce Academy is helping to address the shortage of cybersecurity pros by recruiting individuals from other fields and matching graduates with local employers, says Max Shuftan, who leads the institute's cyber talent division. The approach could serve as a model, he says.
August 2, 2019
DirectTrust's new effort to develop a standard for instant messaging in healthcare could potentially help providers securely communicate in real time over multiple platforms, says Scott Stuewe, the nonprofit alliance's president and CEO.
August 2, 2019
The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements.
July 30, 2019
The promise of cloud and mobility is to provide access to key services quickly and from anywhere at any time from any device. Zscaler's Lisa Lorenzin opens up on zero trust network access technologies, which provide a secure alternative to legacy methods.
July 30, 2019
The Capital One data breach is in early stages of remediation. Art Coviello, former chair of RSA, which was breached in 2011, shares first-hand insight on steps the breached institution and its CEO should be taking now.
July 29, 2019
Data breach costs continue well after the initial year, according to the latest IBM/Ponemon Institute,"Cost of a Data Breach" report. Limor Kessem of IBM Security shares details of the study.
July 29, 2019
Mike Cotton of Digital Defense sees a key shift in the threat landscape, as attackers focus more on attacking key endpoints and infrastructure. As a result, many organizations are developing security blind spots. Cotton explains how to regain visibility.
July 26, 2019
Taking a zero-trust approach can help organizations unshackle themselves from the password and drastically reduce the attack surface, says Akamai's Fernando Serto.
July 24, 2019
Digital transformation: It's the present and future of business, as enterprises adapt to work at the speed and convenience of new demands. But amidst this transformation, how can security leaders avoid being obstacles and actually become catalysts for change? Alex Teteris of Zscaler shares insight.
July 24, 2019
Security leaders for a decade now have been discussing the profession's growing skills gap. But what is its true business impact, and what are some near- and long-term strategies to mitigate it? FireEye's Gareth Maclachlan shares insight.
July 23, 2019
When it comes to supply chain risk, many organizations overlook how dependent they are on those critical relationships, says Matt Kraning of Expanse. As a result, they are minimizing serious security vulnerabilities. Kraning offers insights on re-thinking that dynamic.
July 23, 2019
A major misconception about cloud IAM is that it's easy to implement, says Mark Perry, CTO for APAC at Ping Identity. Implementation poses challenges, and cloud IAM must be carefully integrated with other systems, he says.
July 22, 2019
Misconfigured file storage technologies and a lack of basic security controls are the root causes for the inadvertent online exposure of 2.3 billion files worldwide that contain personal information, including sensitive medical data, says Harrison Van Riper, a security researcher at Digital Shadows.
July 21, 2019
Flat-out, traditional IAM practices are insufficient to secure a modern enterprise that relies on such diverse endpoints and connected devices. But API management can play a strong complementary role, says Jay Thorne of CA Technologies, a Broadcom company.
July 19, 2019
The latest edition of the ISMG Security Report describes the accidental discovery of a Tesla software vulnerability. Also featured: an analysis of the latest ransomware trends and insights from former federal advisers Richard Clarke and Robert Knake on cyber resilience.
July 17, 2019
From malware and phishing to cryptojacking and man-in-the-middle attacks, mobile threats are rampant, and organizations need to stay a step ahead. Traditional threat management has been reactive. But IBM and Wandera have joined forces to stop threats dead in their tracks before they get close to your environment.
July 17, 2019
Deception technology is becoming more sophisticated, enabling organizations to battle against emerging threats, says Alissa Knight, senior analyst at Aite Group, a research and advisory company.
July 16, 2019
There's good news and bad news about the current state of cybersecurity, according to Richard A. Clarke and Robert K. Knake, two former federal advisers who have written a new book. Learn about their concerns that cyberattacks could escalate into prolonged conflicts.
July 15, 2019
Enumerating medical devices, identifying where the security risks lie and then implementing a multilayered defense plan to mitigate risks should be top priorities for healthcare organizations, says thought leader John Halamka, M.D., executive director for technology exploration at Beth Israel Lahey Health.
July 14, 2019
When it comes to supply chain risk, many organizations overlook how dependent they are on those critical relationships, says Matt Kraning of Expanse. As a result, they are minimizing serious security vulnerabilities. Kraning offers insights on re-thinking that dynamic.
July 12, 2019
The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies.
July 12, 2019
The success of security operations centers will depend on how well they blend key technologies - including detection, user behavior analytics and orchestration, says Haiyan Song of Splunk, who offers strategic insights.
July 11, 2019
The relationship between American Medical Collection Agency and its laboratory clients affected by the company's data breach will be closely examined as breach-related lawsuits progress, says attorney Paul Hales, a HIPAA specialist, who explains why.
July 10, 2019
In the wake of digital transformation, there remain some organizations that - for security reasons - resist the temptation to move to the cloud. What are their objections? Zscaler's Bil Harmer addresses these, as well as the critical questions security leaders should ask of cloud service providers.
July 9, 2019
Cyber adversaries are resilient and move quickly, so it'st critical that organizations share threat intelligence in an automated way, says Shawn Henry of CrowdStrike Services. But that sharing has been hampered by a lack of understanding of why it's important and how organizations can benefit, he says.
July 8, 2019
With attackers continuing to hammer weaknesses in software, organizations must prioritize application security more than ever, says Ian Ashworth of Synopsys. Thankfully, developers and middle management - bolstered by agile methodologies and DevOps - are increasingly leading the charge.
July 5, 2019
Biometrics may be in fashion, but it's in part because users are ready, willing and able to use it to prove their identity, thanks to Apple, Samsung, Google and other players providing trustable hardware for verifying people's fingerprints and faces, says IBM Security's Neil Warburton.
July 5, 2019
The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security.
July 2, 2019
Threat intelligence programs have evolved greatly over the past decade. But Mario Vuksan, CEO of ReversingLabs, says too many organizations are overlooking the value of local intelligence embedded in their own networks. Vuksan talks about maximizing TI resources.
July 1, 2019
In the wake of digital transformation, there remain some organizations that - for security reasons - resist the temptation to move to the cloud. What are their objections? Zscaler's Bil Harmer addresses these, as well as the critical questions security leaders should ask of cloud service providers.
June 28, 2019
Fraud schemes have migrated in recent years, exposing inherent vulnerabilities in how most organizations authenticate users. Diego Szteinhendler of Mastercard outlines new strategies and tools for evolving authentication practices beyond solely payments security.
June 28, 2019
Since Sentara Healthcare adopted a DevSecOps approach, CISO Daniel Bowden says, his security team has gained improved visibility into the entire application development process.
June 28, 2019
An effective third-party risk management program starts with asking the right questions, says Brad Keller, chief strategy officer and senior vice president at the Santa Fe Group, a strategic advisory company, who spells out key issues to address.
June 28, 2019
The latest edition of the ISMG Security Report discusses Cloudflare's harsh criticism of Verizon over an internet outage it labeled as a "small heart attack." Plus: sizing up the impact of GDPR; reviewing highlights of the ISMG Healthcare Security Summit.
June 27, 2019
In one of the recent stops in this roundtable dinner seriers, ISMG and Zscaler visited Boston to discuss the role of security as a catalyst for digital transformations. We saw in each of these conversations that change is difficult, but that everyone is asking the same questions, says Stan Lowe, Global CISO with Zscaler.
June 27, 2019
Increasingly, cyber attackers are molding technology and human intelligence into blended threats that prey upon vulnerable defenses. Chester Wisniewski of Sophos lays out how organizations can become more mature in preparedness and response.
June 25, 2019
Often in breach response, security professionals focus on the technical aspects of the attack. Yet, the non-technical aspects are often more insidious, says Teju Shyamsundar of Okta. And Identity can be a powerful tool to bolster defenses.
June 25, 2019
More organizations are deploying single sign-on mechanisms when they move to software-as-a-service applications to help enhance authentication and control access, says Moshe Ferber, chairman of the Israeli chapter of the Cloud Security Alliance.
June 25, 2019
Finding the right balance between risk and resilience is a challenge for every cybersecurity project - especially in the aerospace, space and defense sectors - and that's why such efforts must be driven by CISOs and CIOs, says Leonardo's Nik Beecher.
June 24, 2019
Too many organizations around the world take a "bare minimum" approach to third-party risk management, says Jonathan Ehret, founder of the Third Party Risk Association, who offers risk mitigation insights.
June 24, 2019
Identity and access management continues to be a top medical device cybersecurity challenge, says security expert Mark Sexton of the consultancy Clearwater, who offers a variety a risk mitigation tips.
June 21, 2019
When migrating systems, data and applications to the cloud, a critical security step is to involve compliance auditors in the process as early as possible, says Thien La, CISO at Wellmark Blue Cross Blue Shield.
June 21, 2019
The latest edition of the ISMG Security Report analyzes the security and privacy implications of Facebook's new digital currency - Libra. Also featured: Discussions on the rise of machine learning and IT and OT collaboration on cybersecurity.
June 19, 2019
A new report from Accenture highlights five key areas where cyberthreats in the financial services sector will evolve. Many of these threats could comingle, making them even more disruptive, says Valerie Abend, a managing director at Accenture who's one of the authors of the report.
June 18, 2019
Want to improve how your organization delivers and absorbs security awareness training? Then it comes down to reinventing your approach, including gamification, says Barracuda's Michael Flouton.
June 18, 2019
Implementing new technologies and best practices can help healthcare organizations dramatically improve their detection of data breaches, says Mitch Parker, CISO of Indiana University Health System, who will be a featured speaker at ISMG's Healthcare Security Summit on June 25 in New York.
June 17, 2019
Third-party risk has emerged as one of 2019's top security challenges, and the topic was the focus of a recent roundtable dinner in Charlotte. RSA's Patrick Potter attended that dinner and shares insight on how security leaders are approaching this aspect of digital risk management.
June 14, 2019
The latest edition of the ISMG Security Report features a deep dive into an analysis of the cybersecurity risks that publicly traded companies face. Plus: Was the band Radiohead hacked? And what's unusual about the proposed Premera Blue Cross breach lawsuit settlement?
June 12, 2019
Britain's biggest businesses continue to inappropriately expose servers and services to the internet, putting the organizations and data at risk, according to a study by Rapid7. Tod Beardsley describes the findings, including a widespread lack of phishing defenses as well as cloud misconfigurations.
June 11, 2019
What stands out most about a proposed $74 million settlement of a class action lawsuit against Premera Blue Cross in the wake of a 2014 data breach? Technology attorney Steven Teppler offers insights in this interview.
June 7, 2019
The latest edition of the ISMG Security Report describes Apple's newly announced single sign-on function that's built with privacy in mind. Plus, a discussion of the "other" insider threat and an Infosecurity Europe conference recap.
June 5, 2019
The zero trust model has been around for a decade, and the ideas around it have evolved as applications have left the enterprise perimeter, says Lisa Lorenzin of Zscaler. With mobile apps and cloud computing, enterprises are facing challenges creating secure, trusted access paths.
June 4, 2019
Organizations across all sectors feel the cybersecurity skills gap. But Austin Murphy of CrowdStrike says it's not just skills - it's a capacity gap. He shares insight on how organizations can help bridge these divides.
May 31, 2019
The latest edition of the ISMG Security Report analyzes the "blame game" in the wake of a ransomware attack against the city of Baltimore. Also featured: Discussions of cyberthreats in the financial services sector and open source security concerns.
May 30, 2019
Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions.
May 24, 2019
The term "digital transformation" is not just marketing buzz; it's the here and now for many organizations. And the healthcare sector is uniquely impacted, says Stuart Reed of Nominet in the wake of a recent roundtable discussion.
May 23, 2019
ISMG and NTT hosted a roundtable dinner in Chicago on May 8 focused on "Confessions of a Healthcare CISO".
Loading earlier episodes...
    15
    15
      0:00:00 / 0:00:00