Data Breach Today Podcast

The Internet of Things is posing an increased risk to all organizations. One global data center provider, for example, recently discovered that its malware-infected power supplies were part of a botnet, says Chris Richter of Level 3 Communications.

MasterCard's Oliver Manahan says merchants and issuers must embrace stronger cardholder authentication and security methods, such as biometrics and tokenization, to ensure payment card data is secure.

The list of information security threats facing organizations continues to grow longer. But it's up to CIOs to put the right defenses - and priorities - in place, says David White at BAE Systems Applied Intelligence.

Wary of intrusions, data compromise and theft, organizations increasingly are deploying privileged access management solutions. Idan Shoham of Hitachi ID Systems offers the essential do's and don'ts.

Keeping track of missing devices is a critical aspect of information security. Ali Solehdin, senior product manager at Absolute Software, discusses Computrace, which helps organizations secure endpoints and the sensitive data those devices contain.

EdgeWave's Mike Walls, a former bomber pilot who led Navy red teams, says penetration testing is useful in analyzing bits and bytes but not the readiness of operations under attack from cyberspace. Red teams, he says, can analyze the impact on operations.

Christophe Birkeland, CTO of malware analysis for Blue Coat Systems, was part of the team that discovered the Russia-targeting Inception campaign, and says the hunt for new APT attacks remains ongoing.

Too few security systems interoperate, which makes it difficult for organizations to block or detect data breaches. But Cisco has an interoperability plan to improve the state of cybersecurity defenses, Chief Security Architect Martin Roesch says.

Phishing campaigns are becoming harder to mitigate because of an uptick in spoofed websites tied to top-level domains, such as .bank, says Dave Jevans of the Anti-Phishing Working Group.

For Symantec, the investigation into the Duqu 2 began May 29, when Kaspersky Lab shared samples of the espionage malware - which is based on Flame and Stuxnet - and asked the security researchers to help verify its findings.

Organizations are getting increasingly prioritizing incident response capabilities by putting investigation firms on retainer, or creating their own internal teams, says Patrick Morley, president and CEO of Bit9 + Carbon Black.

Gartner's Claudio Neiva says there is only so much an intrusion detection and prevention system can do, so organizations need to take additional steps to safeguard critical data and systems.

Hackers are using medical devices as gateways to launch targeted attacks at hospitals, but there are steps organizations can take to better protect their environments, says Greg Enriquez, CEO of TrapX.

Attackers today continue to refine their distributed denial-of-service attack capabilities, delivering downtime on demand. The increase in attack effectiveness and volume demands new types of defenses, says Akamai's Richard Meeus.

Two years after the leaks that showed the U.S. National Security Agency spied on America's European allies, the U.S. and Europe still need to rebuild trust so they can collaborate on defending against cyber-attacks, says Carsten Casper of Gartner.

Last year, organizations took an average of 205 days to detect a breach. To better combat such attacks and lock down breaches, FireEye's Jason Steer says organizations must lower that to hours or even minutes.

Larry Ponemon, founder of the Ponemon Institute, offers an in-depth analysis of the results of the organization's 10th study of the costs of data breaches, which found, for example, that rapid growth in hacker attacks is leading to escalating costs.

"Show me your dashboard." That's a request security expert Gavin Millard regularly makes to CISOs to demonstrate how today's too-complex dashboards highlight the challenge of gathering and distilling essential security metrics.

Data security expert Kate Borten, a former CISO who's a featured speaker at the June 11 Healthcare Information Security Summit in Boston, warns healthcare organizations against overlooking key data protection steps.

Mark Weatherford, a former DHS cybersecurity leader, says the Office of Personnel Management neglected to take basic steps that could have helped prevent a breach that may have exposed the PII of 4 million current and former government workers.