Info Risk Today Podcast

Legislation pending in Congress that would offer protections for companies and individuals who seek to "hack back" in retaliation against cybercriminals who have attacked them is a bad idea, contends Alan Brill of Kroll.

The latest ISMG Security Report leads with a report on a malware attack on an industrial safety system that experts contend could threaten public safety. Also, legislation giving DHS's cybersecurity unit a meaningful name progresses through Congress.

With just a few months left until the EU's General Data Protection Regulation will be enforced, too many so-called "experts" are spreading fear and falsehoods about the regulation, says Brian Honan, a Dublin-based cybersecurity consultant, who clarifies misperceptions in an in-depth interview.

Organizations should take an "inside-out" approach to mitigating the insider threat, says Brandon Swafford of Forcepoint, who explains the components of that approach in an in-depth interview.

The latest ISMG Security Report focuses on the significant changes found in the latest version of the U.S. government's Framework for Improving Critical Infrastructure Cybersecurity, commonly known as the NIST cybersecurity framework. NIST seeks comments from stakeholders on the draft of version 1.1 of the framework by Jan. 19.

The latest ISMG Security Report features a special report on securing medical devices. Healthcare security leaders from the FDA, an academic medical center and a medical device manufacturer share their insights on the challenges involved.

The cloud gives organizations great new opportunities to deploy new systems and applications. It also creates a whole new level of cybersecurity exposure, says Gavin Millard of Tenable, offering tips to bridge that gap.

In an era where users are working simultaneously across mobile, social and cloud applications and platforms, organizations need to deploy identity and access management solutions that can scale and adapt quickly. IBM's Sean Brown describes the rise of Identity as a Service.

Denial of Service, web application layer attacks, credential abuse and IoT - these are the attack trends and vectors that will make headlines in 2018. Ryan Barnett of Akamai offers insight into how to prepare your defenses.

A report on the SEC targeting a Canadian company for fraud, alleging it cheated investors by exploiting a so-called Initial Coin Offering crowdsourcing funding system, leads the ISMG Security Report. Also, an NSA analyst pleads guilty in a case involving storing classified data on his home PC.

If you want to anticipate a prospective hacker's moves, then you'd better be able to think like one. That's the position of Terry Cutler, an ethical hacker who dedicates his time to testing organization's cybersecurity defenses - and their people.

With roughly six months to go before the GDPR enforcement deadline, Petter Nordwall and Anthony Merry of Sophos says it's time for organizations to assess whether "They need to panic a little, or they need to panic a lot."

A commentary on the need for developers to be more deliberate in securing IT products leads the latest edition of the ISMG Security. Also featured: A report on Congress tackling voting machine security.

Credit unions offer unique services to a unique member base - and they face unique challenges when rolling out multifactor authentication across all of their banking channels. Michel Nerrant of Crossmatch discusses how new biometric solutions can meet CU needs.

Spear phishing is the common trigger to many of the most popular - and successful - targeted attacks. How can organizations improve their defenses? Jon Clay of Trend Micro tells how to better spot and stop spear phishing.

Organizations are rapidly migrating services and data to cloud infrastructure, creating a new "cloud generation" of users who bring with them a new set of endpoint security concerns. How should these issues be prioritized and addressed? Naveen Palavalli of Symantec details new strategies and solutions.

An assessment of how campaigns can safeguard their IT assets on the eve of the 2018 U.S. congressional elections leads the latest ISMG Security Report. Also, an update on how years-ago hacks are finally gaining attention.

A presentation on new models to battle email phishing leads the latest edition of the ISMG Security Report. Also, did Uber mishandle ransomware response?

Several significant pending legal cases, including the CareFirst lawsuit, showcase the cybersecurity challenges facing the healthcare sector, says attorney Lisa Rivera in an in-depth interview.

With a rise in incidents of omnichannel financial fraud globally, financial institutions need to enhance their ability to detect fraud - while also reducing technical complexity. Maxim Shifrin of IBM Trusteer discusses new solutions.