Info Risk Today Podcast

Card-not-present fraud skyrocketed in 2016, jumping 40 percent from 2015, according to new research, says Al Pacqual of Javelin Strategy & Research, who analyzes the reasons why.

Organizations are increasingly turning to user behavioral analytics to help more quickly detect new attacks - emanating from inside or outside the enterprise - as well as mitigate those threats, says CA's Mark McGovern.

Major healthcare breaches involving hackers accessing patient information soared in 2016. But now more cybercriminals are shifting their attention to ransomware attacks because of the glut of stolen health information hitting the black market, says Dan Berger of CynergisTek.

As more IoT devices are compromised to wage large-scale attacks, related litigation and regulatory scrutiny will grow, which means device manufacturers - and users - could be held more accountable, says Richard Henderson, global security strategist at Absolute.

Increasing regulatory oversight is overwhelming smaller banks and credit unions, pushing them to continue to focus more on compliance than overall cybersecurity and resilience, says Sean Feeney, CEO of Defense Storm.

Staying current in threat detection is key, which is why more security companies need to embrace a more open way of thinking when it comes to solutions integration, says Christopher Kruegel, CEO of Lastline.

A pending federal regulation - called for under the HITECH Act - that would allow regulators to share with breach victims money collected in HIPAA violation cases eventually could have implications for class-action breach lawsuits, says privacy attorney Adam Greene.

Because most malware is spread via phishing, experts at Webroot are focusing their attention on stopping phishing attacks before they have a chance to infect a system with malicious code, says David Dufour, the company's senior director of engineering and cybersecurity.

Risk analysis is at the core of most card fraud prevention platforms used today, says Carol Alexander of CA Technologies. But what if the industry could take the lessons it's learned to other channels, enabling banking institutions to more readily identify potentially fraudulent transactions before they happen?

The honeymoon period for smaller players in cybersecurity is nearing an end, predicts Trend Micro CTO Raimund Genes. Achieving profitability has proven to be challenging for startups, while more established companies are thriving, he contends.

By applying analytics to user behavior, organizations can better prioritize the actual risks facing their business, thus helping cut through the sheer volume of security alerts they face daily, says Doug Copley, deputy CISO of Forcepoint.

Attackers continue to target enterprise assets both from outside and - too often - inside the corporate perimeter. To help, more organizations are turning to software-defined secure networks, says Mihir Maniar of Juniper Networks.

To help prepare for ever-evolving cyber threats, healthcare entities need to learn from the security practices of other sectors, says Lucia Savage, former chief privacy officer at the Office of the National Coordinator for Health IT.

Because so many healthcare organizations are growing through mergers and acquisitions at a time when cyber threats are multiplying, effective access control is becoming increasingly important - and more complex, says Joe Meyer of the security consulting firm NCC Group.

An analysis of integrity - a core foundation of cybersecurity - in the era of fake news leads the latest edition of the ISMG Security Report. Also, a new initiative aims to help ensure the security of medical devices and financial institutions in New York face new state cybersecurity regulations.

Plans to launch some onsite HIPAA compliance audits are now on hold while the agency that enforces HIPAA completes more than 200 desk audit reports, says Deven McGraw, deputy director of the Department of Health and Human Services' Office for Civil Rights.

Fooling hackers into giving up traceable information about themselves through "reflective" social engineering is helping researchers curb fraud losses and protect would-be victims, say Dell Secureworks researchers Joe Stewart and James Bettke.

A new website is now available for reporting medical device vulnerabilities, says Dale Nordenberg, M.D., executive director of the Medical Device Innovation, Safety and Security Consortium, who explains how MD-VIPER works in this in-depth interview.

The uptick of ransomware and other cyberattacks in the healthcare sector has prompted healthcare provider RWJBarnabas Health to make a number of important moves to help prevent, detect and respond to breaches, says CISO Hussein Syed.

This edition of the ISMG Security Report features updates from RSA Conference 2017 on emerging technologies, the forthcoming White House cybersecurity executive order and Microsoft's call for a "Digital Geneva Convention."