Data Breach Today Podcast

Because big data brings significant benefits - and risks - CEOs and boards of directors must take charge of developing privacy protection policies, ISACA International Vice President Jeff Spivey says.

Today's advanced threats are no secret. Focusing the correct resources on them is the true challenge, says Will Irace of General Dynamics Fidelis Cybersecurity Solutions. He offers tips for harnessing the right skills and technology.

Version 3.0 of the PCI Data Security Standard is coming, and draft guidelines reflect the impact of recent retail breaches. PCI GM Bob Russo explains big changes to ensuring payment card security.

The old saw of a blind squirrel fortuitously finding an acorn reminds the Atlantic Council's Jason Healey of cyber-assailants from third-rate cyber-power Iran, believed to be behind DDoS attacks on U.S. banks.

It's time to start thinking about the next wave of DDoS attacks, says Neustar's Rodney Joffe. And it's time for other critical infrastructure industries - not just banks - to assess their risks.

Organizations won't effectively share cyberthreat intelligence until they have more efficient ways of gathering and prioritizing data, says EMC's Kathleen Moriarty, author of a new report about information sharing weaknesses.

Because mobile payments are so new, banking institutions worldwide are still trying to understand which threats to address first, says payments fraud expert Neira Jones.

It's an increasingly common question from CEOs. "How is our security program protecting the business?" Pamela Gupta of OutSecure shares insight on what CISOs should demonstrate when they answer that question.

The best ideas to secure the Internet do not come from the top-down government approach imposed by some foreign governments, but from the openness derived by a multi-stakeholder process, says Christopher Painter, America's top cyber diplomat.

The hotline, the communications link established between Washington and Moscow during the Cold War to avert a nuclear war, is being used to warn of potential cyber and environmental crises, the State Department's Christopher Painter says.

Kim Peretti, the ex-prosecutor who helped nab Heartland hacker Albert Gonzalez, says recent indictments offer insights into the actors behind global fraud schemes that affected 160 million cardholders.

Providing patients with more transparency into who's electronically requesting their health information can not only improve data privacy, but also help patients catch record errors and ID theft, says David Staggs, a participant in a new pilot.

As social media use grows, so do the risks of organizations getting caught up in costly legal disputes over ownership and assets. Alan Brill of Kroll advises on how to mitigate such risks.

Draft legislation circulating in the Senate, if enacted, would serve as Congress' endorsement of President Obama's order to create best practices that industry could voluntarily adopt, says Jacob Olcott, the former counsel to the committee that wrote the bill.

When it comes to fighting fraud, technology can only go so far, says Nancy Guglielmo of BITS. So, how can banking institutions truly correct the user behavior that enables many fraud schemes?

At a time of heightened cybersecurity threats, few organizations have processes for employees at all levels to report breaches. It's time for accelerated breach response, says attorney Ellen Giblin.

A new incident response publication coming from the National Institute of Standards and Technology will include guidance on how to form circles of trust - networks of IT security experts spanning multiple organizations, says NIST's Lee Badger.

Losses linked to retail breaches have fueled class action lawsuits on behalf of consumers. But Javelin's Al Pascual says banks are soon likely to take legal action, too, in breach cases that expose cards and lead to fraud.

One of the biggest security challenges the Washington state health insurance exchange faces as it prepares for its Oct. 1 launch is building interfaces with its partners, says CIO Curt Kwak.

Recent DDoS attacks on banks are prime examples of the new age of ideological threats to organizations across all industries. Who are the threat actors, and how can organizations best manage risks?