Info Risk Today Podcast

When it comes to massive DDoS attacks powered by the likes of a Mirai botnet, "the sky is not falling," says ESET security researcher Cameron Camp. But organizations do need to prepare - and here's where to start.

A look at the return of the Crypt0L0cker ransomware leads the latest edition of the ISMG Security Report. Also, assuring the security of medical devices; and U.S. federal prosecutors drop charges against a child porn suspect rather than reveal the hacking technique used to ensnare him.

To meet the increasing customer demands for effective solutions, security vendors must ensure their products work together well, says Dr. Mike Lloyd of RedSeal. This is particularly essential to achieving "digital resilience," the ability to promptly detect and respond to network intrusions, he says.

With Verizon's data breach investigations team finding that 90 percent of breaches trace to a phishing or other social engineering attack, lead investigator Chris Novak says that using multifactor authentication should be a no-brainer for all organizations.

When trying to detect which security events are malicious, analysts have long battled signal-to-noise problems. LogRhythm's James Carder describes how behavioral analytics, case management, security automation and threat intelligence can help.

The European Union's General Data Protection Regulation, which will be enforced beginning in May 2018, will affect organizations throughout the world because it applies to any company that handles Europeans' personal data, says Fred Kost of HyTrust.

Leading the latest edition of the ISMG Security Report: The death of former White House Cybersecurity Coordinator Howard Schmidt, and a report on legislation to strengthen the influence of the National Institute of Standards and Technology on federal civilian agencies.

The cloud can be used to improve security by helping to separate data from applications, networks and other infrastructure, says VMware's Tom Corn.

In an in-depth interview, the Food and Drug Administration's Suzanne Schwartz, M.D., dispels some myths about the FDA's regulatory activities and expectations on the cybersecurity of medical devices.

In the latest edition of the ISMG Security Report: Analyzing how reflective social engineering can battle cybercriminals who use social engineering to fool users into divulging personal information.

The technology and know-how exists to build a hack-proof computer, but doing so won't be easy, says Howard Shrobe, principal research scientist at the Massachusetts Institute of Technology's Computer Science and Artificial Intelligence Laboratory.

Paid breach notification site LeakedSource has disappeared. Given the site's business model - selling access to stolen credentials to any potential buyer - breach notification expert Troy Hunt says the site's demise is no surprise.

Leading the latest version of the ISMG Security Report: a look at how various sectors are moving away from checkbox compliance, instead taking proactive measures to secure their information assets. Also, big increase in e-commerce fraud and Yahoo's costly breach.

What's required to access the Dark Web? And how does one separate fact from fiction? These are two of the five things Dark Web users need to know, says Danny Rogers, co-founder and CEO of Terbium Labs.

Emerging insider threats have quickly proven that the proverbial "walled garden" is not so walled after all, and without true end-to-end encryption, insiders and outsiders can compromise sensitive data, says Dr. Phillip Hallam-Baker of Comodo Group.

Through a technique known as "retrospection," organizations can replay attacks, going back to scan their networks for malware identified after their networks were infected, says Ramon Peypoch of Protectwise.

Federal regulators are considering the role that blockchain technology could play in advancing the secure exchange of healthcare information, says Steve Posnack of the Office of the National Coordinator for Health IT, who explains ongoing research efforts.

Could attitudes about cybersecurity in the healthcare sector be at a tipping point? A new study shows a shift from a focus on compliance to managing business risks, says David Finn, health IT officer at Symantec.

Organizations across sectors have come to understand the inherent security risks posed by third-party vendors. But too many approach vendor risk management with a manual process, says Daniel de Juan of Rsam.

Ari Schwartz, former special assistant to the president and senior director for cybersecurity in the Obama administration, sizes up what cybersecurity actions the Trump administration could take.