Government Information Security Podcast

On the heels of the recent FTX financial meltdown came the theft of millions of dollars that left thousands of investors, exchanges and others in the lurch. Hugh Brooks of CertiK shares the status of data that FTX stores, the role of regulations and best cybersecurity practices for crypto exchanges.

On the heels of the recent FTX financial meltdown came the theft of millions of dollars that left thousands of investors, exchanges and others in the lurch. Hugh Brooks, director of security operations at CertiK, shares how the funds may have been stolen and what happens next.

A decade ago, ransomware was one of the internet's petty street crimes, but it has now evolved into a major threat. Tech reporter Renee Dudley, the co-author of a new book titled "The Ransomware Hunting Team," says the FBI lost ground early on in the fight against ransomware.

Despite the strategic priorities laid out by the Biden administration and initial indicators provided by the Department of Defense, it's unclear how the next national defense strategy will prioritize threats and define the primary role of the U.S. military. Chris Dougherty discusses cyberwarfare.

Complexity is the enemy of security, and information technology grows ever more complex. Have we created a problem space in computing so complicated that we will be unable to safely operate in it for its intended purposes? Fred Cohen says that's unlikely. He discusses managing risk in the future.

This edition of the ISMG Security Report discusses how Australian health insurer Medibank is facing stark consequences for not paying a ransom to a group of cyber extortionists, how to limit unnecessary cybersecurity exposure during M&A, and how to manage challenges in hybrid environments.

Aging medical imaging devices are among those most vulnerable to security incidents, often due to misconfigurations and a lack of security controls, says Elisa Costante, vice president of research at security firm Forescout. She discusses how vendors can reduce security risks in connected products.

In this episode of "Cybersecurity Unplugged," Dr. Chris Miller, an associate professor of international history at the Fletcher School at Tufts University, discusses the cybersecurity aspects of the Russia-Ukraine war and how perceptions of the two countries may have been inaccurate.

The latest edition of the ISMG Security Report discusses how Australian health insurer Medibank is deliberating on whether to pay a ransom to extortionists, analyzes the growing number of layoffs in the security vendor space, and shares a tribute to threat intelligence researcher Vitali Kremez.

It's no secret: As pharmaceutical companies develop new health treatments, adversaries seek to steal or sabotage their intellectual property. This dynamic adds extra urgency to authentication. Tom Scontras of Yubico talks about how the pharma sector approaches authentication.

Security & ease of use: It is one thing for non-healthcare entities to debate these merits of new authentication in solutions. But in healthcare, where the decisions directly impact patient safety, the stakes are critical. Tom Scontras of Yubico talks about how healthcare approaches authentication.

Many entities fight an uphill battle against increasingly clever phishing and related scams that lead to serious data compromises, say former CIA analyst Eric Cole and former Department of Justice Assistant Attorney General David Kris, who are both advisers at security firm Theon Technology.

Too many medical device makers don't pay close attention to the fine details and features of their product designs to ensure they are safe and secure, says Naomi Schwartz, a former product reviewer at the Food and Drug Administration and current cybersecurity adviser at security firm MedCrypt.

The latest edition of the ISMG Security Report discusses how Russian-speaking ransomware gangs have their eyes on a new target, offers the latest on Australia's data security reckoning and the government’s response, and outlines emerging trends in customer identity and access management.

Cyberattacks on healthcare entities result in poor patient outcomes, including delayed procedures and even a rise in mortality, according to a recent survey conducted by research firm the Ponemon Institute. Ryan Witt of Proofpoint, which sponsored the study, discusses the findings.

A study by data privacy firm Lokker found thousands of healthcare providers deploying Facebook Pixel and other similar tracking tools. Those trackers reveal "medical and other data that consumers don't know is being tracked and haven't authorized," says Ian Cohen, Lokker's chief executive officer.

Plan for a ransomware attack the same way you plan for a hurricane, says Paige Peterson Sconzo, director of healthcare services at security firm Redacted Inc. A cyber incident capable of disrupting network connectivity requires careful thinking about how to revert to the pre-internet era.

Security flaws in a vital signs monitoring device from a China-based manufacturer could allow hackers to launch an attack that spreads to all other devices connected to the same network. This is among the most serious security issues involving medical devices, says Jason Sinchak of Level Nine.

CEO Yotam Segev says Cyera eschews the focus of data loss prevention tools on blocking users from pulling down data and instead embraces an approach that reduces friction. Cyera has sought to safeguard data by making preventative changes in areas like configuration, permissions and security posture.

The latest ISMG Security Report examines whether banks should be held liable for the rapidly increasing Zelle fraud problem, explores the latest M&A activity among IAM vendors, and discusses the implications of the new legal framework for personal data transfers between the U.S. and Europe.