The data revolution has made our lives more convenient, but it’s also created vulnerabilities. Former Secretary of the U.S. Department of Homeland Security and The Chertoff Group Founder Michael Chertoff discusses his new book, “Exploding Data: Reclaiming Our Cyber Security in the Digital Age.” The use of digital tools has allowed us to generate a lot more data and to analyze it, altering our perception about the lines between public and private information. Chertoff talks about how we can avoid living in a world of ubiquitous surveillance and the need for greater protection of our cyber infrastructure. Finally, he calls for updates to policy and legal frameworks to reflect our new reality.

Constant software updates and changes to code can introduce new security vulnerabilities into the technology supply chain – the hardware, software, and services we use on a daily basis. Two cyber risk management experts from The Chertoff Group – David London and Adam Isles – discuss what happens when the technology supply chain is compromised, and the ripple effects given the interconnected nature of the technology. Meanwhile, the government is considering mandates and regulatory action to protect the technology supply chain. London and Isles offer insights into why companies need to manage these risks and how some sectors are working to do it. They caution that it’s a problem no company can solve alone.

The Internet of Things — from driverless vehicles to medical devices —presents new challenges to cybersecurity. Who is responsible when things go horribly awry? Chertoff Group Senior Advisor Paul Rosenzweig says a revolution in cyber liability is coming, whether the industry likes it or not. He warns that if the industry doesn’t participate in a standards-setting process, either legislatures or courts will do it for them. Rosenzweig discusses the privacy issues that are raised when our devices and cars collect information about us and he predicts an increasing convergence between privacy and security.

When we think of insider cybersecurity threats to a business or government agency, we conjure images of spies working on behalf of a foreign government. But many insider threats are accidental, explains Bob Anderson, a principal in the Chertoff Group’s global Strategic Advisory Services. Anderson, who has been involved in investigating and arresting some of the most famous spies in U.S. history during his career with the FBI, breaks down the different categories of corporate threat — from the busy employee who inadvertently clicks on malware to those with more insidious aims. He offers insights on what makes a good insider threat program, why gaining employee trust is so difficult, and why corporate boards need to proactively examine their IT infrastructure and cybersecurity practices and procedures.

Can we ensure our election security infrastructure is safe from attack? Ahead of the midterm elections, Chris Krebs, Under Secretary for the Department of Homeland Security’s National Protection and Programs Directorate, discusses the Elections Infrastructure Information Sharing and Analysis Center (ES-ISAC), which helps states and localities share information about cyberthreats. He warns that influence operations are just as formidable a threat to our elections as infrastructure risks.

While disinformation campaigns are nothing new, the ability to spread false narratives has gained new life with the use of social media. Justin Maddox, a counter-propaganda expert who specializes in emerging technology applications, talks about Russian attempts to sow discord in our politics and manipulate investments in the energy sector. The bad news? We’re falling for it. Maddox offers insights on what we can do to prepare for such attacks — wherever they come from — and why crisis communications plans are a critical part of the response.

New legislation seeks to modernize the process by which foreign companies invest in the United States. What will this mean for companies looking to do business in the U.S.? Chad Sweet, co-founder and CEO of The Chertoff Group, discusses the ins and outs of the Committee on Foreign Investment in the United States (CFIUS) and how companies can navigate the process. He talks about cases where foreign investors have stumbled in the process, why having a CFIUS advisor every step of the way is so crucial, and what the new legislation could mean.

Security threats are constantly changing.  And while you can’t completely eliminate risk, you can learn to manage it. Adam Isles, a principal at The Chertoff Group, helps clients evaluate and mature their security risk management programs. He discusses steps to creating a sound risk management program, and how companies can assess, mitigate, and monitor threats. And he gets us thinking about what to do when the threats come from the inside.

From the infamous WannaCry to NotPetya, ransomware is a big business and has become the single most prevalent form of malware. Chris Duvall, senior director at The Chertoff Group and expert on security and risk management, discusses how ransomware spreads, how to prepare for a potential attack, and how to recover. Duvall offers insights about how organizations can respond and why having an independent evaluation of your security program can help prevent a disaster down the line.

Government partners need the best solutions today to respond to threats in a constantly changing environment. Kristina Tanasichuk, CEO of the Government Technology & Services Coalition and founder of Women in Homeland Security, talks about what small and medium-sized businesses can offer their government partners. She discusses the business of homeland security and the challenges of operating in a “post-truth” environment.