Data Breach Today Podcast

A George Mason University research fellow says the cybersecurity framework, issued earlier this year by the National Institute of Standards and Technology, is likely to cause more problems than it solves.

Verizon's latest annual breach report shows that Web application attacks increased more than malware-fueled point-of-sale intrusions in 2013, says analyst Dave Ostertag, who provides an overview of the report's findings.

Ellen Richey of Visa, keynoter at the April 29 Fraud Summit San Francisco, outlines key card fraud-fighting trends for the year ahead, including the U.S.'s migration toward EMV, greater use of tokenization and heightened fraud detection.

A notion emerging from the Heartbleed bug is that organizations can't determine if the vulnerability caused data to be exfiltrated. But CERT's Will Dormann says that may not always be the case.

The chief executive of the Finnish company that uncovered the Internet website vulnerability known as Heartbleed says security practitioners should rethink how they approach IT security by placing a greater emphasis on vetting software for vulnerabilities.

Symantec's 2014 Internet Security Threat Report calls 2013 the year of the mega breach. Why? Because it's getting far too easy for the bad guys to pull off these breaches, says Symantec's Kevin Haley.

The FFIEC just issued new guidelines on DDoS risks to U.S. banking institutions. What is the substance of these guidelines, and how must banks and credit unions respond? Rodney Joffe of Neustar offers advice.

To boost cybersecurity, senior leaders - whether a CEO, a board member or a government agency director - need to think of information as a critical asset worthy of protection, risk management experts Val Rahmani and Malcolm Harkins say.

Increasingly, organizations are seeing attacks migrate from the network to the application level. How can security leaders ensure they are prepared to handle this shift? Kunal Anand of Prevoty offers insight.

Even so-called minor breaches can cost organizations nearly $200,000, according to one finding from NTT Group's annual Intelligence Report. Rob Kraus of Solutionary shares the study's insights and advice.

Advanced threats are like the weather. Everyone talks about them, but few have a solid defense plan - or even a solid understanding of the threat landscape. Mike Nichols of General Dynamics Fidelis Cybersecurity Solutions offers insight.

Information security and privacy work in healthcare environments often requires a depth of specialized knowledge and competency that can be validated through the help of professional credentialing, says CISO Sean Murphy.

Retail point-of-sale breaches at Target Corp. and Neiman Marcus have put a spotlight on payment card security and encryption. But achieving true end-to-end encryption isn't easy, says data protection specialist Richard Moulds.

Banking Trojans such as Zeus have gotten much tougher to detect because of new attack techniques, which means intrusions are going undiscovered for longer periods, says Trusteer researcher Etay Maor.

Mobility has driven the rise of containerization as a security strategy for employee-owned devices. But what about for contractors? Kimber Spradlin of Moka5 discusses how to mitigate third-party risks.

Attackers likely purchased malware in underground "cybercrime-as-a-service" markets to use in recent credit card breaches, including the Target Corp. attack, a new report from McAfee Labs asserts. Adam Wosotowsky explains the report's findings.

One key factor in efforts to reduce reliance on passwords for authentication will be international acceptance of the FIDO Alliance's soon-to-be released protocol for advanced authentication, says Michael Barrett, the alliance's president.

Recent data breaches, such as the ones suffered by Target Corp. and Neiman Marcus, may have been detected sooner if retailers had been sharing transactional pattern and behavioral information about their customers, says Mike Braatz of ACI Worldwide.

Distributed-denial-of-service attacks are a concern for all organizations. But financial institutions face unique challenges, and so they require a unique level of protection, says Mark Byers of Fortinet.

Phyllis Schneck, the Department of Homeland Security's deputy undersecretary for cybersecurity, equates the department's continuous diagnostics and mitigation initiative with a medical probe detecting an infection in the human body.