CYBER SECURITY FOR SMALL BUSINESSES AND CONSULTANTS

[01:23] What are the most pressing Cyber threats to businesses?

[03:30] Why is diversity, and hiring more women, so important for Cybersecurity?

[07:54] Why do cybercriminals go after our data?

[24:11] With cybercriminals spoofing GPS signals, how concerned should we be about them redirecting self-driving cars?

[25:21] What’s next in Cybersecurity and Cybercrime?

In this live episode of the Virtual CISO Happy Hour, our cybersecurity experts discuss the critical steps companies must take to navigate the complex landscape of data privacy. They discuss the importance of establishing regular data inventories and minimization efforts to ensure that only business-critical information is retained, thereby reducing the attack surface for threat actors.

The conversation shifts to the pitfalls of treating privacy audits as one-off events rather than ongoing processes. Our experts argue for the automation of data control operations and the continuous evaluation of their effectiveness, which is crucial for maintaining compliance and achieving certifications like ISO or SOC 2.

The episode also tackles the misconception of ‘cyber risk,’ advocating for a broader understanding of business risk and its real-world consequences. The discussion highlights the importance of aligning cybersecurity strategies with business KPIs and KRIs to effectively communicate the value of security measures to executives and boards.

Furthermore, they explore the role of CISOs in control design and effectiveness, emphasizing collaboration with CFOs to leverage their experience with regulatory compliance for more nuanced and effective control strategies. They also touch upon the significant cost savings that can be realized by reevaluating and updating corporate risk registers in response to changes in data storage and access patterns.

This episode is a must-listen for any professional involved in data privacy and cybersecurity, offering practical insights into making informed decisions that align with both security and business objectives.

“Few companies had a binder marked `global pandemic,’ but many had policies that called for annual DR testing that they didn’t enact,” said Kayne McGladrey, CISSP and cybersecurity expert. “Teams play how they train, but not having table-topped crisis communications, DR, or IR hurt their responses.”

The workforce of tomorrow still will be technically savvy, well-versed in machine learning and data science. Advanced machine learning skills will be important, but Kayne McGladrey (@kaynemcgladrey), Director of Security and Information Technology at Pensar Development, recommended that those looking for future employment also consider learning a programming language.

“The intent here is not to master it,” McGladrey explained, “but rather to gain an understanding and appreciation of how things work from the inside out. Employers are also looking for career stability so that they can invest in their people, so don’t hop from company to company on an annual basis.”

“There’s the cybersecurity threat and then there’s the real threat,” explains Kayne McGladrey, field chief information security officer (CISO) of compliance company Hyperproof, and senior member of the Institute of Electrical and Electronics Engineers (IEEE). “A cybersecurity threat is disruption, like when we saw the Russians invade Ukraine as part of their illegal war, they took down Viasat and not by attacking the satellites themselves, instead, they attacked the firmware of satellite modems on the ground.”