Info Risk Today Podcast

DDoS attacks on banks have returned, and the attackers are changing their tactics and expanding their attack toolsets. How must organizations change the way they defend against DDoS? Carlos Morales of Arbor Networks shares strategies.

Companies wanting to share cyber-threat information with the government and other businesses should adopt the U.S. Defense Department's doctrine of information superiority, says Lares Institute Chief Executive Andrew Serwin.

Phishing attacks are up, and the methods are changing. Paul Ferguson of the Anti-Phishing Working Group explains how phishers are fine-tuning their schemes and exploiting cross-platform technologies.

We now have seen three waves of DDoS attacks on U.S. banks, and Dan Holden of Arbor Networks says we have seen three distinct shifts in these incidents. What can we expect going forward?

Business line managers are in better positions to control and monitor network and system access privileges than IT departments, since they know their employees and the privileges they should be provided, says Bill Evans of Dell Software.

Authenticating appropriate network administrators and employees has become increasingly challenging, especially for healthcare organizations and regional banking institutions, says Tim Ager of Celestix.

New research says more than 25 percent of consumers hit by a data breach later become victims of identity fraud - especially when payment card information is exposed. Javelin's Al Pascual shares analysis.

Will Pelgrin and Rich Licht of the Center for Internet Security see a strong link between cyber and physical security, and that has led to the creation of a new unit at the center to help local and state governments to secure both.

Data security used to be about building firewalls and protections around the data. Now it's about securing the data itself. That's why data is the new perimeter, says Charlie Pulfer of Titus.

Intelligence is helping organizations not only detect and prevent intrusions, says Mark Wood of Dell SecureWorks. It's also helping them identify they've been targeted for an attack in the first place.

Despite ever-evolving cybersecurity threats, David Knight of Proofpoint says spear phishing attacks are really the greatest worries for most security and risk officers.

The private sector has a unique opportunity to respond to President Obama's cybersecurity executive order and help shape information sharing and critical infrastructure protection. David Burg of PwC tells how.

Financial institutions can use real-time security analytics to detect early indicators of fraud, such as cash-out schemes, says David Pack of LogRhythm.

The growth in cloud computing and mobility is creating a need for a streamlined, centralized process for managing user authentication, says Sarah Fender of PhoneFactor.

Because data stored in a cloud-based "sandbox" environment for testing purposes is vulnerable, it should be masked to protect sensitive information, says Karen Hsu of Informatica.

To improve security and increase workforce productivity across an enterprise, a set of integrated capabilities is needed, says Corey Williams, senior director of product management at Centrify.

One of the biggest challenges facing organizations is that fraudsters constantly change the way they try to cheat banks and other organizations, says Rajib Roy, president of Equifax Identity and Fraud Solutions, which provides advanced analytics and proprietary technology to deliver customize insights for identity intelligence, fraud prevention, privacy and data security.

Public cloud services can reduce costs for large enterprises, but they pose security risks that must be addressed, says Tsahy Shapsa of CloudLock.

The new generation of mobile applications requires layers of security to protect integrity, says Vince Arneja of Arxan Technologies.

Banking institutions need to ramp up their ability to deal with security issues as they roll out more mobile banking applications, says Andrew McLennan of Metaforic.