Detailed
Compact
Art
Reverse
February 14, 2020
The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also featured: Advice on implementing NIST's new privacy framework; lessons learned in a breach disclosure.
February 11, 2020
Although NIST's new privacy framework is agnostic toward any particular privacy law, "it gives organizations building blocks to help them meet any obligations under any particular law or jurisdiction" says Naomi Lefkovitz, a NIST senior privacy adviser.
February 7, 2020
The latest edition of the ISMG Security Report offers an analysis of the missteps that led to problems with the app used in this week's Democratic presidential caucuses in Iowa. Also featured: growing privacy concerns about facial recognition and business continuity tips for dealing with the coronavirus.
February 6, 2020
The coronavirus statistics are dizzying - as of Thursday, there were more than 28,000 infections and about 560 deaths. But the key stat to watch is the mortality rate, currently 2 percent, says pandemic expert Regina Phelps. How that number changes will dictate how business continuity leaders must respond.
January 31, 2020
As health data privacy concerns heat up to a boiling point on multiple fronts, it's more essential than ever that patients get a clear opportunity to make a choice about whether their data is shared, says privacy advocate Twila Brase, who heads the Citizens' Council for Health Freedom.
January 31, 2020
The latest edition of the ISMG Security Report discusses the ramifications of the U.K's decision to allow limited use of Huawei's equipment in 5G networks. Plus: Updates on Wawa's stolen card data offered for sale and nascent security threats from social networks and drones.
January 27, 2020
Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of Onapsis, a vendor focused on securing business-critical applications. In this exclusive interview, DeWalt opens up on application vulnerabilities, the evolution of the nation-state threat and technologies to watch in 2020.
January 24, 2020
The latest edition of the ISMG Security Report offers an analysis of fresh details on the hacking of Amazon CEO Jeff Bezos' iPhone. Also featured: an update on Microsoft's exposure of customer service records; a hacker's take on key areas of cyber hygiene.
January 20, 2020
Could satellites play a role in distributing next-generation encryption keys? Robert Bedington, CTO and co-founder at Singapore-based SpeQtral, describes quantum communications via satellites in this in-depth interview.
January 20, 2020
Deception technology is evolving as a powerful asset in the cybersecurity arsenal, providing significant advantages in being able to monitor an attacker's behavior, says Joseph Krull, senior analyst at Aite Group.
January 17, 2020
The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.
January 16, 2020
While secure coding has always been an imperative, in a cloud-based environment, BMC Software's Rick Bosworth says it is especially critical since the liability does not rest with cloud services providers for secure configuration.
January 15, 2020
Five years ago, cybersecurity executive Dave Merkel called upon enterprises to shed their "peacetime" mindsets and adopt a "wartime" stance against persistent cybercriminals and nation-state actors. How have they risen to that challenge?
January 13, 2020
After a data breach, if individuals' stolen information is offered for sale on the dark web, that potentially bolsters class action lawsuits filed by plaintiffs against the breached organization, says technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C.
January 10, 2020
Is it possible that a nation-state actor such as Iran could create a cybersecurity incident that compromises the U.S. power grid? Bernie Cowens, most recently CISO at the nation's largest electric utility, says that's unlikely because the power grid is more cybersecure than you might think.
January 10, 2020
The latest edition of the ISMG Security Report discusses "Orwellian" surveillance activity in 2020 via the ToTok app. Also featured: the controversy over enabling law enforcement to circumvent encryption; the cyberattack risks posed by IoT devices.
January 10, 2020
Researchers are attempting to develop new forms of cryptography that could not be cracked by powerful quantum computing devices that are in the works. Divesh Aggarwal, principal investigator at Singapore's Center for Quantum Technologies, describes the efforts.
January 9, 2020
Healthcare organizations need to carefully assess whether data they hold falls under the scope of the California Consumer Privacy Act, says attorney Anne Kimbol, assistant general counsel of HITRUST - especially now that the regulation's Jan. 1 compliance deadline has hit.
January 8, 2020
Complex, manual processes and disparate, disconnected tools make it difficult for security and IT teams to mount a cohesive response. Bryce Schroeder of ServiceNow discusses a more effective approach to vulnerability response.
January 7, 2020
In the wake of the killing of an Iranian general in a U.S. drone attack last week, organizations - especially healthcare entities and units of government that have been vulnerable to ransomware attacks - need to be on guard against destructive "wiper" attacks, says Caleb Barlow of CynergisTek.
January 7, 2020
Zero Trust has become a cybersecurity marketing buzzword. But Kelsey Nelson of Okta sheds light on the realities of the Zero Trust approach, with a specific focus on the identity and access management component of the strategy.
January 6, 2020
From past roles at the Department of Justice, Department of Homeland Security, Microsoft and Sony, Phil Reitinger has learned more than a thing or two about nation-states and cyber threats. In this exclusive interview, the head of the Global Cyber Alliance discusses how to respond to potential new threats from Iran.
January 6, 2020
Following the U.S. killing of Iran's Maj. Gen. Qasem Soleimani last week, security experts have warned of possible retaliatory cyber strikes. Tom Kellermann of VMware believes those attacks are imminent. "The period of mourning is over, and I think the holy war in American cyberspace is yet to begin."
January 3, 2020
The latest edition of the ISMG Security Report discusses countering the threat of nation-state cyberattacks in 2020. Also featured: an update on France's experiment with facial recognition technology and sorting out what "zero trust" really means.
December 31, 2019
Credential stuffing is a growing problem that's difficult to address, says Troy Hunt, creator of the Have I Been Pwned data breach notification service, who sizes up mitigation efforts.
December 31, 2019
While Congress is unlikely to pass major new national cybersecurity legislation in an election year, federal regulators and state attorneys general will be busy addressing evolving health data privacy and security issues in 2020, predicts attorney Marcus Christian of the law firm Mayer Brown.
December 31, 2019
"Zero Trust" security is rapidly transitioning from a marketing buzzword to a practical methodology for protecting today's global networks. Stan Lowe, global CISO of Zscaler, shares his 2020 vision for zero trust.
December 30, 2019
Machine-speed attacks require a machine-speed response, yet many of today's organizations still maintain legacy defenses. Mario Vuksan of ReversingLabs discusses the future of SOC triage.
December 30, 2019
How do hospitals' efforts to bolster information security in the aftermath of data breaches potentially affect patient outcomes? Professor Eric Johnson of Vanderbilt University discusses research that shows a worrisome relationship between breach remediation and the delivery of timely patient care.
December 30, 2019
Still stinging from efforts by foreign powers to influence the 2016 presidential election, the FBI is determined to keep the 2020 election tamper-free. Elvis Chan from the FBI's San Francisco office shares insights into the election defense strategy.
December 27, 2019
The latest edition of the ISMG Security Report discusses 2020 cybersecurity trends, including fixing "fake everything," dealing with the issue of weaponized social media and securing the U.S. presidential election.
December 26, 2019
When he was CEO of RSA, Art Coviello warned global security leaders about cyber warfare among nation-states. What he didn't anticipate was how quickly social media would rise, enabling adversaries to weaponize misinformation. How does this impact his 2020 outlook?
December 26, 2019
Because vendors were implicated in many of the largest health data breaches in 2019, it's more critical than ever for healthcare organizations to manage the security risks posed by their suppliers, says Erik Decker, CISO and chief privacy officer at the University of Chicago Medicine.
December 24, 2019
Tom Kellermann, former cybersecurity adviser to the Obama administration, doesn't mince words when he describes the nation-state threat to the U.S. as the "axis of evil in cyberspace." Nor does he hold back about the threat from destructive attacks, 5G deployment and other trends to watch in 2020.
December 23, 2019
While run-of-the-mill ransomware attacks continue, some crypto-locking malware gangs are bringing more advanced hacking skills to bear against targets, seeking the maximum possible payout, says cybersecurity expert Jake Williams of Rendition Infosec, who dubs the trend "ransomware 2.0."
December 23, 2019
Fake news, fake accounts - even fake food. Gartner analyst Avivah Litan is concerned about the onslaught of "fake everything" and how it undermines the trust upon which enterprises are built. In this 2020 preview, Litan discusses emerging technologies to combat the fakes.
December 20, 2019
What are some of the most important health data privacy and security regulatory developments to watch in 2020? Privacy attorney Kirk Nahra of the law firm WilmerHale discusses what he sees as the top five issues in the year ahead.
December 20, 2019
The latest edition of the ISMG Security Report discusses the recent ransomware attacks on the city of New Orleans as well as other units of local government and schools. Also featured: discussion on security issues for IoT and legacy medical devices.
December 17, 2019
Improving the security of diverse medical devices is a major challenge for a variety of reasons, according to security leaders at two device manufacturers, who spell out the key issues in this interview.
December 13, 2019
The latest edition of the ISMG Security Report discusses why cyber defense teams need to think more like attackers. Plus, a case study on cross-border payment fraud, and an expert's take on security for the 2020 elections.
December 12, 2019
ISMG and Nominet recently hosted a NYC roundtable discussion on the topic of cyber confidence. Dave Polton of Nominet reflects on the key takeaways and why cyber confidence is now one of the sector's hottest topics.
December 10, 2019
CISOs need to begin investigating the use of quantum-proof cryptography to ensure security is maintained when extremely powerful quantum computers that can crack current encryption are implemented, says Professor Alexander Ling, principal investigator at the Center for Quantum Technologies in Singapore.
December 6, 2019
The use of artificial intelligence, machine learning and robotics has enormous potential, but along with that promise come critical privacy and security challenges, says technology attorney Stephen Wu.
December 6, 2019
Applying offensive hacking expertise and a more adversarial mindset to better hone not just network defenses but also public policy is proving effective, says Jeff Moss, founder and creator of the Black Hat conference.
December 6, 2019
The latest edition of the ISMG Security Report offers an analysis of the FBI's security and privacy warnings about smart TVs. Also featured: discussions on the security of connected medical devices and strategies for fighting synthetic identity fraud.
December 5, 2019
In an in-depth interview, John Halamka, M.D., the former long-time CIO at Beth Israel Deaconess Medical Center in Boston, discusses his upcoming move to head Mayo Clinic's global digital health initiative in collaboration with Google - and why privacy and security are so critical to those efforts.
December 4, 2019
The EU's second Payments Services Directive is alive and well. But where are financial institutions now re: compliance and enforcement? James Rendell of CA Technologies, a Broadcom company, offers insight on PSD2 and EMV 3DS compliance for 2020.
December 4, 2019
What are the key mobile security threats to financial organizations, and how are these enterprises marshalling their mobile threat defense? These were the questions posed by ISMG and Wandera to security leaders in San Francisco. Wandera's Michael Covington discusses the response.
December 3, 2019
Getting the proper vendor contracts completed is a top concern for organizations preparing to comply with the California Consumer Privacy Act, says Caitlin Fennessy, research director at the International Association of Privacy Professionals.
November 29, 2019
The latest edition of the ISMG Security Report discusses new combination ransomware and doxing attacks. Plus, Twitter drops phone numbers in 2FA, and why we need to consider quantum cryptography today.
November 27, 2019
All healthcare industry stakeholders must take critical steps to address the cybersecurity of connected medical devices, says Jennifer Covich Bordenick, CEO of of the eHealth Initiative and Foundation, an advocacy group that has issued a new report on the subject.
November 25, 2019
Election hacking is not just a US issue; it's a hot topic for every global democracy. And Joseph Carson of Thycotic is concerned that too many people are focused on the wrong elements of this topic. He analyzes the specific hacking techniques that demand attention.
November 22, 2019
This edition of the ISMG Security Report features an analysis of the very latest ransomware trends. Also featured: Discussions of Microsoft's move to DNS over HTTPS and strategies for tackling IoT security challenges.
November 21, 2019
Two rules proposed by federal regulators could provide significant help to strengthen cybersecurity in the healthcare ecosystem, says regulatory attorney Julie Kass of the law firm Baker Donelson.
November 19, 2019
Numerous regulations and standards have been introduced globally to help curtail online fraud. What makes EMV 3D Secure stand out? Matt Cooke and Paul Dulany of Broadcom weigh in on the implementation and benefits of EMV 3DS.
November 19, 2019
While IoT devices are entering enterprises at a rapid pace, the security practices around them are as much as 20 years behind those for enterprise computing, says Sean Peasley of Deloitte, who outlines steps organizations can take to ensure safe IoT computing.
November 19, 2019
Cloud solutions, the mobile workforce, the skills gap - these are among the security impacts that don't get enough attention when discussing digital transformation. David Ryder of Avast Business opens up on these topics.
November 18, 2019
Multifactor authentication is gaining traction - but it also is causing additional user friction when deployed poorly. Corey Nachreiner and Marc Laliberte of WatchGuard Technologies discuss how best to deploy and administer MFA.
November 15, 2019
The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.
November 14, 2019
Bolstering medical device security is a top priority at Fort Worth, Texas-based Cook Children's Health Care System, says CIO Theresa Meadows, who's a leader of two cybersecurity advisory groups.
November 14, 2019
There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etay Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.
November 14, 2019
"Zero trust" is arguably the cybersecurity buzzword of 2019, but what exactly does it mean? Jack Koons of Unisys provides his perspective.
November 13, 2019
With Google aggressively expanding its push into the healthcare sector, critical privacy-related issues are emerging, says regulatory attorney Alisa Chestler, who offers an overview of key issues.
November 12, 2019
Getting breached is not a question of "if," but "when." Nick Carstensen of Graylog explains what steps should be taken to mitigate data breach risk.
November 12, 2019
One key step for preparing to comply with the California Consumer Privacy Act, which goes into effect in January, is determining how best to verify the identity of users, say two leaders of the Sovrin Foundation, who discuss the key issues.
November 11, 2019
Bala Kumar of iovation, a TransUnion company, sees a marked spike in identity fraud in general, and at account origination in particular. How does this increase manifest across industry sectors, and how should organizations re-think their defenses?
November 8, 2019
Sprawling computing environments - from cloud to containers to serverless - are posing challenges in maintaining visibility and determining if data is secure, says Mike Adler of RSA.
November 8, 2019
The latest edition of the ISMG Security Report offers an analysis of how Twitter allegedly was used to spy on critics of the Saudi Arabian government. Also featured: A preview of the new NIST Privacy Framework and an update on business email compromise attacks.
November 7, 2019
Organizations should develop a comprehensive strategy for managing third-party security risks and avoid over-reliance on any one tool, such as vendor security risk assessment, monitoring or ratings services, says analyst Jie Zhang of Gartner.
November 6, 2019
By year's end, the National Institute of Standards and Technology should be ready to publish the first version of its privacy framework, a tool to help organizations identify, assess, manage and communicate about privacy risk, says NIST's Naomi Lefkovitz, who provides implementation insights.
November 5, 2019
The Sophos 2020 Threat Report is out, and among the key findings: Ransomware attackers continue to leverage automated active attacks that can evade security controls and disable backups to do maximum damage in minimal time. John Shier of Sophos analyzes the trends that are most likely to shape the 2020 cybersecurity landscape.
November 1, 2019
The latest edition of the ISMG Security Report offers an in-depth analysis of how to prevent data exposure in the cloud. Plus: why PCI's new contactless payment standard lacks PINs, and how to go beyond the hype to accurately define "zero trust."
November 1, 2019
The latest edition of the ISMG Security Report offers an in-depth analysis of how to prevent data exposure in the cloud. Plus: why PCI's new contactless payment standard lacks PINs, and how to go beyond the hype to accurately define "zero trust."
October 31, 2019
Mobile devices are attractive targets for attackers because of messages, call logs, location data and more. State-sponsored groups are digging ever deeper into mobile hacking, says Brian Robison of BlackBerry Cylance.
October 29, 2019
It's one thing to know your attackers. It's another to emulate some of their techniques so you can improve your own enterprise defenses. Craig Harber, CTO of Fidelis Cybersecurity, is an advocate of this "think like an attacker" defensive strategy.
October 28, 2019
Agile environments benefit from development platforms and open-source software, but that also raises the risks of attacks seeded in those supply chains, says Chet Wisniewski of Sophos, who describes steps that organizations can take to mitigate the risks.
October 28, 2019
Big data analytics and search tools give organizations the ability to analyze information faster than ever before. But too many organizations deactivate security controls built into Elasticsearch, Amazon S3 buckets and MongoDB when they deploy, leaving their data exposed, says Elastic's James Spiteri.
October 25, 2019
The use of new standards can help strengthen cybersecurity risk management of medical devices at the Department of Veterans Affairs as well as other healthcare organizations, says Anura Fernando of UL, which recently completed a study with the VA examining gaps in medical device cybersecurity approaches.
October 25, 2019
The latest edition of the ISMG Security Report analyzes how the Russian hacking group Turla has been coopting Iranian hacking tools. Plus: Avast's CCleaner hit by second attack; sizing up draft regulations for the California Consumer Protection Act.
October 23, 2019
Al Pascual, former head of fraud and security practices at Javelin Strategy & Research, has taken on a new role as COO of a start-up company, Breach Clarity, which is offering consumers a free tool to determine the severity and implications of a data breach and what steps they should take to mitigate risk.
October 22, 2019
Draft regulations to carry out the California Consumer Protection Act do not go far enough to clarify ambiguities in the law, which goes into effect Jan. 1, 2020, says privacy attorney Sadia Mirza of the law firm Troutman Sanders, who encourages organizations to submit comments on the proposed regs.
October 21, 2019
What is the risk of having too many cybersecurity tools? Compromised visibility because of "tool sprawl," say Brian Murphy and Seth Goldhammer of ReliaQuest. Enterprises are now awakening to this challenge and attempting to overcome it.
October 18, 2019
The latest edition of the ISMG Security Report discusses the shutdown of DeepDotWeb. Plus, dealing with breach fatigue and the Pitney Bowes ransomware attack.
October 17, 2019
Organizations are accepting that the network perimeter no longer serves as the "ultimate defense" and thus adapting zero-trust principles, including least privilege, based on the understanding that they may already have been compromised, says Darran Rolls of SailPoint.
October 17, 2019
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
October 16, 2019
According to Ricardo Villadiego, Lumu Technologies' Founder and CEO, organizations are "sitting on a gold mine: their own data". Under the single premise that organizations should assume they are compromised and prove otherwise, Lumu seeks to empower enterprises to answer the most basic question: Is your organization talking with adversary infrastructure?
October 16, 2019
The threat and risk surface of internet of things devices deployed in automobiles is exponentially increasing, which poses risks for the coming wave of autonomous vehicles, says Campbell Murray of BlackBerry. Large code bases, which likely have many hidden software bugs, are part of the problem, he says.
October 16, 2019
Large or small, enterprises from all sectors are dealing with the same vulnerabilities in open source code. The difference: the scale of the problem. DJ Schleen of Sonatype discusses insights from the latest ISMG roundtable dinner.
October 15, 2019
In the wake of a federal appeals court ruling last year vacating a Federal Trade Commission enforcement action against LabMD, the FTC's data security consent orders are becoming far more detailed and rigorous, says former FTC attorney Julie O'Neill.
October 15, 2019
What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.
October 15, 2019
Law enforcement success inevitably sparks criminals to become more innovative, including shifting from centralized markets - such as Hansa and Wall Street Market - to encrypted and distributed marketplaces, says the University of Surrey's Alan Woodward.
October 11, 2019
How might a national unique patient identifier improve the accuracy of patient record matching and potentially help address identity fraud? Julie Dooling of the American Healthcare Information Management Association - which has been lobbying for the development of such an ID - makes the case.
October 11, 2019
The latest edition of the ISMG Security Report analyzes Twitter's repurposing of user phone numbers for targeted advertising. Plus: A discussion of 5G security issues and findings of the Internet Organized Crime Threat Assessment.
October 10, 2019
To ensure privacy is protected, governments need to make sure standards and regulations keep pace with the latest technology developments, including facial recognition and other forms of artificial intelligence, says Steven Feldstein, an associate professor at Boise State University.
October 10, 2019
What should healthcare organizations know about complying with the breach notification and data security requirements of New York's SHIELD Act? And how does the new law compare with HIPAA? Jon Moore, chief risk officer at consulting firm Clearwater, explains.
October 10, 2019
What is a "reasonable" response to a cyber incident? Following a recent roundtable dinner discussion of the topic, Jonathan Nguyen-Duy of Fortinet discusses getting cyber right.
October 9, 2019
When it comes to identifying and stopping malicious and even accidental insider threats, organizations are often overlooking a significant gap. Nathan Hunstad of Code42 discusses how to plug this costly leak.
October 9, 2019
As part of a multi-city tour, ISMG and Sonatype visited Atlanta recently for an engaging discussion on how to mitigate risks introduced by open source code. Here's a conversation with DevOps advocate Derek Weeks.
October 8, 2019
Amidst a multi-city tour, ISMG and Sonatype visited Boston for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses how the conversation highlights the offense vs. defense approaches to securing critical applications.
October 7, 2019
Organizations must take a number of critical steps to prepare a response to ransomware attacks before they hit, says Caleb Barlow, the new president and CEO of security consulting firm CynergisTek, who offers a guide.
Loading earlier episodes...
    15
    15
      0:00:00 / 0:00:00