Data Breach Today Podcast

Generative AI holds great potential for many amazing applications in healthcare, but it's critical to establish a strong framework before deploying it, said Barbee Mooneyhan, vice president of security, IT and privacy of Woebot Health, a provider of AI-driven online mental health services.

Two years after President Biden's landmark cybersecurity Executive Order, the question remains: How are federal agencies adapting to the new focus on zero trust and identity governance? SailPoint's Frank Briguglio tackles this question with crucial insights into the state of cybersecurity today.

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Censys CEO Brad Brooks discusses the stresses a CISO experiences in trying to prevent cyberattacks and in dealing with those that do occur. Topics include breach disclosure and cybersecurity marketing to CISOs.

In the aftermath of mergers and acquisitions among healthcare entities - and the resulting IT integration and cost-cutting moves - gaps in technology and skills and other gaps often put organizations at higher risk for attacks and other security incidents, said Jack Danahy of NuHarbor Security.

The number of connected devices used in healthcare is growing as manufacturers constantly introduce new types of IoT equipment. The ever-evolving threat landscape is making it harder for many entities, particularly outpatient care providers, to keep up, said Justin Foster, CTO of Forescout.

It's critical for healthcare sector entities considering - or already using - generative AI applications to create an extensive threat modeling infrastructure and understand all attack vectors, said Mervyn Chapman, principal consultant at consulting and managed services firm Ahead.

The number of major health data breaches is decreasing, but a recent disturbing trend reflects the vulnerability of critical vendors and the tenacity of cybercriminals, say John Delano, a vice president of Christus Health, and Mike Hamilton, CISO and co-founder of security firm Critical Insight.

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Oliver Tavakoli, CTO at Vectra AI, discusses ways that discriminative AI technology can filter out all of the noise from the massive volume of alerts from a portfolio of cybersecurity tools.

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Alex Waintraub, DFIR expert evangelist at CYGNVS, discusses how generative AI will play a role in the future of incident response - and in all aspects of cybersecurity - and emphasizes its dangers as well as its benefits.

Generative AI offers productivity gains, but if deployed without due security precautions, it can also open up the organization to new cybersecurity threats. Rodman Ramezanian discusses the pros and cons of different approaches to exploit generative AI safely from a cybersecurity perspective.

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Aaron Cockerill of Lookout discussed the benefits and concerns associated with generative AI and how to solve challenges related to zero-day attacks, misconfigurations, the cyber skills gap and privacy.

Legacy infusion pumps commonly available for purchase on the secondary market often contain wireless authentication and other sensitive data that the original medical organization owners failed to purge, warned researcher Deral Heiland, citing a recent study conducted by security firm Rapid7.

The threat landscape has changed considerably for financial services entities - and so has the regulatory landscape. So much of this evolution comes back to identity security, and too many of these programs are immature or weak, says Jeff Purrington of SailPoint. He says AI-driven identity security solutions can help address these deficiencies.

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Alisdair Faulkner of security and fraud prevention startup Darwinium discussed how the FedNow Service will add a layer of complexity to defending against real-time financial fraud scams used in faster payments transactions.

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Morphisec's Michael Gorelik discussed automated moving target defense - or AMTD, which is a risk-reduction strategy and preventive measure that reduces adversary success rates and provides "the final layer of defense."

Healthcare entities are "stressed," in the words of SailPoint's Rob Sebaugh, and identity security in particular has taken a steep toll. But modernization, led by AI-driven identity security, can help reduce risk and even enable new levels of clinician autonomy.

While patient safety risks posed by unpatched security vulnerabilities in legacy medical devices often grab headlines, healthcare entities shouldn't underestimate the serious business risks involving other poorly secured IoT and OT gear used in healthcare settings, said Mohammad Waqas of Armis.

Many critical infrastructure sector organizations, especially smaller entities, will likely struggle to comply with an upcoming requirement to report cyber incidents to federal regulators within 72 hours - due to an assortment of reasons, said Stanley Mierzwa of Kean University.

We live in a surveillance society, but even though citizens are concerned about the lack of privacy, they don't know what to do about it, said David Sinclair, founder of 4Freedom Mobile, a mobile service provider that helps subscribers secure their phones and stop tracking, hacking and data theft.

As generative AI applications become more common in healthcare, organizations will need to carefully consider critical third-party risk issues involving the use of these technologies, said Damian Chung, business information security officer at security firm Netskope.