Data Breach Today Podcast

Cyberthreats increasingly target mobile devices, and simple security measures could help end-users slash these incidents by 50 percent. This is the key finding of ENISA's new Threat Landscape Report, says Louis Marinos, the prime author.

Most fraud on the Internet is linked to unsecured identities, which is why a new global identification framework is needed, says Paul Simmonds, who heads a coalition working on a framework model.

Security analyst Doug Mackey says his discovery of a vulnerability in the Department of Veterans Affairs' VistA electronic health record system highlights the importance of software security testing.

The theft of 2 million credentials reminds security professionals that their organizations are at risk because many employees use the same passwords and devices for personal and business purposes, data security lawyer Ronald Raether says.

You can be outraged that the NSA collects Internet communications records of U.S. citizens. But don't be surprised, says sociologist William Staples. This is just one example of our "culture of surveillance."

Governments and others using cloud-based services should keep 10 security tips in mind, including making sure they can maintain control of their data if a service provider goes bankrupt, says Dimitra Liveri, co-author of a new report.

ATM cash-outs and card-skimming schemes are getting more difficult to detect because today's attacks are global, coordinated and sophisticated, says ATM security expert Chuck Somers.

For risk managers, an often overlooked step for minimizing supply chain risks is to continually monitor outsourcers and other third parties to address critical security issues, says the Information Security Forum's Steve Durbin.

Computer scientists at the Georgia Institute of Technology are developing new ways to apply encryption when storing or searching data in the cloud, says Paul Royal, associate director of the university's information security center.

U.S. Attorney Steve Wiggington says identity theft, especially linked to card skimming, is still the No. 1 fraud threat facing financial services institutions as well as consumers. He stresses information sharing is critical for fighting fraud.

When it comes to safeguarding the privacy and security of healthcare information, smaller clinics, as well as patients who use telehealth technologies, face considerable challenges because of a lack of expertise, says researcher David Kotz.

Organizations need to know how other enterprises handle cyber-attacks to truly understand whether their IT security investments will pay off, the EastWest Institute's Karl Rauscher says.

Every second, 80 "things" are being connected to the Internet, and ISACA's Rob Stroud says that requires information security professionals to identify and mitigate threats, protect individuals' privacy and manage access.

New requirements to mitigate payment card risks posed by third parties, such as cloud providers and payment processors, are a focal point of the PCI Security Standards Council's updated data security standard.

As Michigan deploys its Cyber Civilian Corps, the state will need to address some of the same challenges the federal government faces in sharing cyberthreat information between the government and the private sector, state CIO David Behen says.

The number of reported breaches is up considerably this year, but so is the overall quality of organizations' breach preparedness, says Michael Bruemmer of Experian Data Breach Resolution.

Inadequate authentication is among the greatest security challenges for online payments, says Scott Dueweke of Booz Allen Hamilton, who suggests biometrics needs to play a bigger role.

Mobile security is no longer about managing devices, says Ian McWilton of Moka5. The real trick is to secure corporate assets through containerization solutions that reduce costs and improve user experience.

Banking executives were among the CEOs who met with President Obama at the White House to discuss cybersecurity strategies. Paul Smocer of BITS explains how this discussion may pay off for financial institutions.

For years, researchers have studied malicious insider threats. But how can organizations protect themselves from insiders who make a mistake or are taken advantage of in a way that puts the organization at risk?