Data Breach Today Podcast

When it comes to fighting financial fraud, Peter Tapling of Authentify says banking institutions are chronically underestimating and under-utilizing one key resource: Their own customers.

Securing the massive amounts of data swamping organizations, a trend known as big data, can be addressed, in part, by organizations simply getting rid of data no longer needed, Grant Thornton's Danny Miller says.

Phishing - it's the classic scheme that never goes away. In fact, it evolves. Amy Blackshaw of RSA offers insights on how to respond to this and other trends identified in the 2012 Faces of Fraud survey.

What's the best strategy for communications after a data breach, like the one suffered by Global Payments Inc.? Bob Carr, CEO of Heartland Payment Systems, discusses what to say in the weeks following a breach.

To respond to a security incident, an organization must first be aware of it. But too many intrusions go undetected, says Rob Lee of SANS Institute. That's the first problem that needs to be addressed.

One of the biggest mistakes companies make after a major data breach is communicating with the news media, consumers and others before all the facts are clear, says attorney Ronald Raether.

"Regulation drives spending," says George Tubin of GT Advisors. "You're in a situation where the regulators are telling you, 'You have to do something; you have to make improvements.' Therefore, the bank has to spend some money on technology."

What might the Global Payments breach investigation entail? Dave Ostertag of Verizon's Investigative Response unit describes a forensics investigation - how long it can take and what it might reveal.

Healthcare organizations need to make mobile device security a top priority because so many recent data breaches can be tied to poor mobile device management, says consultant Jeff Brandt.

Companies should hire a breach resolution vendor before they experience a data breach to help ensure rapid, appropriate response, says security consultant Robert Peterson.

Gartner Analyst Avivah Litan, one of the first fraud experts to report the Global Payments Inc. data breach, says the latest revelations raise more questions than answers about the incident's impact.

In the wake of the Global Payments Inc. card breach, ID theft expert Neal O'Farrell says banks and credit unions must be proactive with outreach to customers. What should institutions' messages include?

From 2010: When he first learned of the full magnitude of the Heartland Payment Systems data breach, Heartland CEO Bob Carr had one overriding thought: "Can we survive this?"

An omnibus package of regulations that includes a final version of extensive HIPAA modifications, which have been pending since 2010, as well as a final version of the HIPAA breach notification rule has moved one major step closer to completion.

"Many financial institutions have watched for years as cybercrime has escalated, and now we are shutting it down," says Greg Garcia, describing Operation B71 and how it's helping combat ACH/wire and other forms of fraud.

The average per capita cost of a data breach has declined from $214 to $194, according to the new Cost of a Data Breach study. But there are still plenty of causes for concern, says Dr. Larry Ponemon.

Verizon's 2012 Data Breach Investigations Report shows dramatic increases in attacks linked to hacktivist groups like Anonymous and LulzSec. How should organizations respond to this evolving threat?

Protecting the availability, confidentiality and integrity of information are the core tenets of IT security. But an FBI cybersecurity leader, Steve Chabinsky, suggests the central theme of IT security needs to be broadened to include assurance and attribution.

Apple's release of the new iPad will affect business. How should organizations incorporate new mobile concerns into their BYOD policies? Joe Rogalski of New York's First Niagara Bank weighs in.

Consumer advocate Deven McGraw describes what she likes and doesn't like about the privacy and security provisions in the proposed rules for Stage 2 of the HITECH Act electronic health record incentive program.