Info Risk Today Podcast

Janine Darling, the founder and CEO of STASH Global, discusses the pervasive and persistent problem of ransomware and how to mitigate the risks.

Remote work, unsecured devices, susceptibility to influence - insider threat management has undergone its own transformation over the past year-plus. Rich Davis and Andrew Rose of Proofpoint offer insights into the latest risk trends, as well as technology solutions to aid the defenders' efforts.

The recent Colonial Pipeline ransomware attack illustrates the vulnerability of the nation's critical infrastructure, says Richard Stiennon, a research analyst and the author of "Security Yearbook 2021: A History and Directory of the IT Security Industry."

With cyber incidents involving vendors - including cloud services providers - surging, healthcare entities must step up scrutiny of their business associates as well as those companies' subcontractors, says Thad Phillips, CISO at Baptist Health Care in Pensacola, Florida.

Diving into the Colonial Pipeline ransomware attack - culprits, impact, recovery, and the increasing political firestorm it’s triggered - is the focus of the latest edition of the ISMG Security Report. Security leaders weigh in on the attack's significance and potential long-term ramifications.

A recently launched vulnerability disclosure program is a critical component of Toronto-based LifeLabs' efforts to bolster the security of its medical diagnostic laboratory services and online technologies used by healthcare providers across Canada, says the company's CISO, Mike Melo.

The faces of fraud have changed, and so have the defenses. But improved protection doesn’t have to mean a diminished customer experience. Soudamini Modak of LexisNexis Risk Solutions discusses the latest fraud trends and how to hone defenses.

Tom Kellerman of VMware Carbon Black shares his opinions about whether a nation-state was behind the recent ransomware attack on Colonial Pipeline and what the U.S. government should do to prevent other cyberattacks.

The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite's mobile device forensic tools. Also featured: Report shows attackers' dwell times plummeting; a call for partnership with law enforcement.

With all the talk of sophisticated adversaries and evolving threats to users and devices – what about threats to building management systems? Jeremy Morgan of Industrial Defender discusses this threat landscape and the role of automated tools to defend it.

The latest edition of the ISMG Security Report features an analysis of British spy chief Jeremy Fleming’s "cybersecurity call to arms." Also featured: Insights on COVID-19 business continuity planning; the wisdom of the late Dan Kaminsky.

Phishing, online fraud, cryptocurrency scams – they are coming at lightning speed, threatening enterprises and their brands. And just as fraudsters rely on automation to deliver these attacks, defenders can use automated tools to protect their brands. Jeff Baher of Bolster tells how.

The federal ban on funding for a national unique patient identifier adds to the complexity of customer identity and access management, especially when dealing with new patients during the COVID-19 pandemic, says Aaron Miri, CIO at UT Health Austin.

The latest edition of the ISMG Security Report features an analysis of ransomware gang REvil’s threat to release stolen Apple device blueprints unless it receives a massive payoff. Also featured: discussions of the importance of a “shift left” strategy and efforts to secure cryptocurrencies.

“Work from anywhere” is a game changer, and it has significant impacts on certificate lifecycle management. Patrick Nohe of GlobalSign discusses the new, strategic approach security leaders need to take for CLM.

A proposed privacy framework from the eHealth Initiative & Foundation and the Center for Democracy and Technology aims to set standards for the collection, disclosure and use of health data that falls outside the protection of HIPAA, says attorney Andrew Crawford of CDT.

The latest edition of the ISMG Security Report features an analysis of whether the FBI removing malicious web shells from hundreds of compromised Microsoft Exchange Servers could set a precedent. Also featured is a description of an unusual fraud scam plus an update on security product development trends.

In a joint interview, Mike Ferris and Mike Brooks of Abacode, a managed cybersecurity and compliance provider, discuss how the MCCP model helps businesses implement a holistic, framework-based cybersecurity program that provides continuous security and compliance.

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of LogDNA, a log management company, and he’s committed to the popular “shift left” movement. But he’s also got a keen eye on the broader cybersecurity marketplace and shares insights on its seismic changes.

More precise and pervasive cybersecurity threat modeling during manufacturers' development of medical devices - and also during the regulatory product review process - is critical for risk mitigation, says Kevin Fu, new acting director of medical device cybersecurity at the FDA.