Banking Information Security Podcast

This edition of the ISMG Security Report features an analysis of the very latest ransomware trends. Also featured: Discussions of Microsoft's move to DNS over HTTPS and strategies for tackling IoT security challenges.

Numerous regulations and standards have been introduced globally to help curtail online fraud. What makes EMV 3D Secure stand out? Matt Cooke and Paul Dulany of Broadcom weigh in on the implementation and benefits of EMV 3DS.

While IoT devices are entering enterprises at a rapid pace, the security practices around them are as much as 20 years behind those for enterprise computing, says Sean Peasley of Deloitte, who outlines steps organizations can take to ensure safe IoT computing.

Cloud solutions, the mobile workforce, the skills gap - these are among the security impacts that don't get enough attention when discussing digital transformation. David Ryder of Avast Business opens up on these topics.

Multifactor authentication is gaining traction - but it also is causing additional user friction when deployed poorly. Corey Nachreiner and Marc Laliberte of WatchGuard Technologies discuss how best to deploy and administer MFA.

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.

There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etay Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.

Getting breached is not a question of "if," but "when." Nick Carstensen of Graylog explains what steps should be taken to mitigate data breach risk.

Many companies around the world that accept card payments are failing to continually maintain compliance with the PCI Data Security Standard, according to the new Verizon 2019 Payment Security Report. Verizon's Rodolphe Simonetti, who contributed to the report, explains the findings.

One key step for preparing to comply with the California Consumer Privacy Act, which goes into effect in January, is determining how best to verify the identity of users, say two leaders of the Sovrin Foundation, who discuss the key issues.

Bala Kumar of iovation, a TransUnion company, sees a marked spike in identity fraud in general, and at account origination in particular. How does this increase manifest across industry sectors, and how should organizations re-think their defenses?

Sprawling computing environments - from cloud to containers to serverless - are posing challenges in maintaining visibility and determining if data is secure, says Mike Adler of RSA.

The latest edition of the ISMG Security Report offers an analysis of how Twitter allegedly was used to spy on critics of the Saudi Arabian government. Also featured: A preview of the new NIST Privacy Framework and an update on business email compromise attacks.

Organizations should develop a comprehensive strategy for managing third-party security risks and avoid over-reliance on any one tool, such as vendor security risk assessment, monitoring or ratings services, says analyst Jie Zhang of Gartner.

By year's end, the National Institute of Standards and Technology should be ready to publish the first version of its privacy framework, a tool to help organizations identify, assess, manage and communicate about privacy risk, says NIST's Naomi Lefkovitz, who provides implementation insights.

The Sophos 2020 Threat Report is out, and among the key findings: Ransomware attackers continue to leverage automated active attacks that can evade security controls and disable backups to do maximum damage in minimal time. John Shier of Sophos analyzes the trends that are most likely to shape the 2020 cybersecurity landscape.

The latest edition of the ISMG Security Report offers an in-depth analysis of how to prevent data exposure in the cloud. Plus: why PCI's new contactless payment standard lacks PINs, and how to go beyond the hype to accurately define "zero trust."

Mobile devices are attractive targets for attackers because of messages, call logs, location data and more. State-sponsored groups are digging ever deeper into mobile hacking, says Brian Robison of BlackBerry Cylance.

It's one thing to know your attackers. It's another to emulate some of their techniques so you can improve your own enterprise defenses. Craig Harber, CTO of Fidelis Cybersecurity, is an advocate of this "think like an attacker" defensive strategy.

Agile environments benefit from development platforms and open-source software, but that also raises the risks of attacks seeded in those supply chains, says Chet Wisniewski of Sophos, who describes steps that organizations can take to mitigate the risks.