Government Information Security Podcast

Ransomware struck global currency exchange and remittance company Travelex on New Year's Eve 2019. Don Gibson, a security architect at Travelex, became publicly linked with the incident, and the undesired attention he received contributed to a health situation that nearly led to a tragic outcome.

The latest edition of the ISMG Security Report includes highlights and observations from RSA Conference 2022, including a key message from RSA CEO Rohit Ghai. It also discusses the value of automation and the Cybersecurity and Infrastructure Security Agency's mission to grow cyber talent.

The latest edition of the ISMG Security Report discusses how security researchers have warned of a new attack campaign targeting 1,200 cloud-based Elasticsearch databases. It also revisits the Kaseya supply chain attack and examines how we can mitigate mobile phone fraud.

The healthcare sector is still behind many other critical infrastructure sectors in implementing critically important security technologies to protect against the rise in potentially devastating cyber incidents, says threat intelligence analyst Christiaan Beek of security firm Trellix.

If software has a dangerous security flaw, should its maker tell customers to shut it down until it’s fixed? It's a tough call, but Dutch company Hoppenbrouwers says the software vendor Kaseya should have done so last year to prevent a massive supply chain attack by the REvil ransomware gang.

The latest edition of the ISMG Security Report discusses how the leader of a "transnational cybercrime syndicate" has been arrested in Nigeria, according to Interpol. It also shares updates on U.S. privacy laws and how we can improve collaboration as an industry.

The inclusion of a new secure product development framework for manufacturers is a most significant addition to recently updated federal draft guidance for the cybersecurity of premarket medical devices, says attorney Linda Malek of the law firm Moses & Singer LLP.

An effort to establish industry benchmarks for medical device cybersecurity maturity aims to help advance overall cybersecurity in the healthcare sector, says Rob Suárez, CISO of medical device maker Becton, Dickinson and Co. He discusses how to improve the state of medical device cybersecurity.

The latest edition of the ISMG Security Report analyzes the changes in the ransomware landscape one year after the attack on Colonial Pipeline. It also revisits the Ryuk ransomware attack on a school district in Illinois and examines common culprits hindering effective Zero Trust adoption.

In this episode of "Cybersecurity Unplugged," Tim Danks of Global Risk Perspectives discusses issues around trusting our global supply chain, including the role of Huawei, the steps needed to secure critical infrastructure, and the process for determining a comfortable level of risk management.

A new initiative aims to create a standards-based nationwide patient credential and matching ecosystem to ultimately improve matching patients with their electronic health information, says Scott Stuewe, CEO of DirectTrust, the nonprofit, vendor-neutral organization that is leading the effort.

Many experts advise organizations to pivot from a maturity-based approach to a risk-based approach to cybersecurity. Tia Hopkins, field CTO and chief cyber risk strategist at eSentire, discusses where the maturity-based approach falls short and how a risk-based approach can help organizations.

New Health Sector Coordinating Council guidance aims to help medical device makers improve their communications regarding security vulnerabilities in their products, says Matt Russo, a security leader at Medtronic and a member of the task group that developed the document.

The latest edition of the ISMG Security Report analyzes what lessons cybersecurity leaders can learn from the Russia-Ukraine war. It also examines the Okta data breach and Lapsus$ attack and describes how tech companies are supporting new developments in the FIDO protocol.

Healthcare sector organizations should prepare to deal with potential hacktivist attacks tied to controversy surrounding the U.S. Supreme Court's leaked draft ruling and eventual final decision involving Roe vs. Wade, says attorney Erik Weinick of the law firm Otterbourg PC.

Rockford Public Schools in Rockford, Illinois, was hit by Ryuk ransomware days after the school year started in September 2019. The attack encrypted more than 6 million files, wrecked applications and locked up servers. But the district kept classes running while mounting a mighty recovery effort.

In this episode of "Cybersecurity Unplugged," David Bruce of Broadcom discusses the competition and noise that marketers face today, why product builders and marketers should communicate about strategy, and how to describe your product in a way that lets customers know why it's important.

This ISMG Security Report analyzes the decline in the number of organizations hit by ransomware who choose to pay a ransom to the attackers. It also examines how to better protect digital identities in the healthcare sector and how security decision-makers can use metrics to achieve better outcomes.

New industry guidance provides a detailed road map to help healthcare sector entities respond to and recover from cyberattacks involving extended IT outages, say Lisa Bisterfeldt and Kirsten Nunez, who are members of the Health Sector Coordinating Council task force that developed the resource.

This ISMG Security Report analyzes the U.S. State Department's reward offer of up to $10 million for information about Russian military hackers implicated in NotPetya. It also examines how ransomware may evolve and the new cybersecurity draft guidance issued by the Food and Drug Administration.