Radio interview on KRLD-AM

McGladrey, whose work focuses on identity and access management, leads a team that assists clients in multiple industries. The focus: insider and outsider threats on non-privileged or privileged credentials. McGladrey said that technology has matured so much, that overall cyber security is not about software installation.

Presented at the CIO & CISO Atlanta Summit

New Year, New Standards: Preparing for SEC Cybersecurity Disclosures in 2025 and Beyond

The SEC’s new cybersecurity disclosure requirements have set a new benchmark for transparency and accountability, compelling public companies to enhance their cybersecurity practices and reporting.

In this session, you’ll learn how to align your organizations with these evolving requirements and take proactive steps to stay ahead of regulatory expectations.
In this session, we’ll join Kayne McGladrey, Field CISO at Hyperproof, to discuss:

An overview of the 2024 SEC cybersecurity requirements
Best practices for cybersecurity disclosures
How to prepare for the 2025 disclosure season

“There’s not a one-size-fits-all approach to securing healthcare,” McGladrey said. “All organizations are doing the best they can, working hard against insurmountable odds. It’s important to respect and understand not where they are relative to the standard, but how they’ve improved over time.”

Adopting zero trust strategies are a potential solution to mitigate the challenges of ransomware, bulk intelligence data collection, and technical threats to cryptocurrency. As zero trust is predicated on a continuous authentication of user and device identities based on prior known-good behaviors, unusual events from previously unknown devices will be far less frequent and the telemetry far more obvious for investigation by blue teams.

At issue is whether the incident led to significant risk to the organization and its shareholders. If so, it’s defined as material and must be reported within four days of this determination being made (not its initial discovery). “Materiality extends beyond quantitative losses, such as direct financial impacts, to include qualitative aspects, like reputational damage and operational disruptions,” he says. McGladrey says the SEC’s materiality guidance underscores the importance of investor protection in relation to cybersecurity events and, if in doubt, the safest path is reporting. “If a disclosure is uncertain, erring on the side of transparency safeguards shareholders,” he tells CSO.