Data Breach Today Podcast

Paid breach notification site LeakedSource has disappeared. Given the site's business model - selling access to stolen credentials to any potential buyer - breach notification expert Troy Hunt says the site's demise is no surprise.

Attackers are increasingly targeting mobile channels, driving banks to seek better ways of verifying the authenticity and integrity of not just users, but also mobile devices and transactions, says John Gunn of cybersecurity technology firm Vasco Data Security.

Leading the latest version of the ISMG Security Report: a look at how various sectors are moving away from checkbox compliance, instead taking proactive measures to secure their information assets. Also, big increase in e-commerce fraud and Yahoo's costly breach.

What's required to access the Dark Web? And how does one separate fact from fiction? These are two of the five things Dark Web users need to know, says Danny Rogers, co-founder and CEO of Terbium Labs.

Emerging insider threats have quickly proven that the proverbial "walled garden" is not so walled after all, and without true end-to-end encryption, insiders and outsiders can compromise sensitive data, says Dr. Phillip Hallam-Baker of Comodo Group.

Through a technique known as "retrospection," organizations can replay attacks, going back to scan their networks for malware identified after their networks were infected, says Ramon Peypoch of Protectwise.

Federal regulators are considering the role that blockchain technology could play in advancing the secure exchange of healthcare information, says Steve Posnack of the Office of the National Coordinator for Health IT, who explains ongoing research efforts.

Could attitudes about cybersecurity in the healthcare sector be at a tipping point? A new study shows a shift from a focus on compliance to managing business risks, says David Finn, health IT officer at Symantec.

Organizations across sectors have come to understand the inherent security risks posed by third-party vendors. But too many approach vendor risk management with a manual process, says Daniel de Juan of Rsam.

Ari Schwartz, former special assistant to the president and senior director for cybersecurity in the Obama administration, sizes up what cybersecurity actions the Trump administration could take.

Card-not-present fraud skyrocketed in 2016, jumping 40 percent from 2015, according to new research, says Al Pacqual of Javelin Strategy & Research, who analyzes the reasons why.

Organizations are increasingly turning to user behavioral analytics to help more quickly detect new attacks - emanating from inside or outside the enterprise - as well as mitigate those threats, says CA's Mark McGovern.

Major healthcare breaches involving hackers accessing patient information soared in 2016. But now more cybercriminals are shifting their attention to ransomware attacks because of the glut of stolen health information hitting the black market, says Dan Berger of CynergisTek.

As more IoT devices are compromised to wage large-scale attacks, related litigation and regulatory scrutiny will grow, which means device manufacturers - and users - could be held more accountable, says Richard Henderson, global security strategist at Absolute.

Increasing regulatory oversight is overwhelming smaller banks and credit unions, pushing them to continue to focus more on compliance than overall cybersecurity and resilience, says Sean Feeney, CEO of Defense Storm.

Staying current in threat detection is key, which is why more security companies need to embrace a more open way of thinking when it comes to solutions integration, says Christopher Kruegel, CEO of Lastline.

A pending federal regulation - called for under the HITECH Act - that would allow regulators to share with breach victims money collected in HIPAA violation cases eventually could have implications for class-action breach lawsuits, says privacy attorney Adam Greene.

Because most malware is spread via phishing, experts at Webroot are focusing their attention on stopping phishing attacks before they have a chance to infect a system with malicious code, says David Dufour, the company's senior director of engineering and cybersecurity.

Risk analysis is at the core of most card fraud prevention platforms used today, says Carol Alexander of CA Technologies. But what if the industry could take the lessons it's learned to other channels, enabling banking institutions to more readily identify potentially fraudulent transactions before they happen?

The honeymoon period for smaller players in cybersecurity is nearing an end, predicts Trend Micro CTO Raimund Genes. Achieving profitability has proven to be challenging for startups, while more established companies are thriving, he contends.