CYBER SECURITY FOR SMALL BUSINESSES AND CONSULTANTS

It’s time we heard from people who live and breathe cybersecurity. Join me as we discuss the highs and lows of working in this industry, the topics that need clarifying, and those that need the B.S. removed. Kayne is active in the community and has offered some GRC maturity models to help anyone.

For years, security budgets seemed to go only one direction: up. As recently as February of this year, some 62% of organizations said they planned to increase their cybersecurity spending for 2020, according research by analyst firm ESG.

But that was then.

Like their C-suite peers, CISOs today are being asked to do more with less – and probably will be for some time, as the world continues in these uncertain economic times.

Kayne McGladrey, field CISO at Hyperproof, has seen the evidence. He worked with one organization whose executives received a contract for review and signature. “Nearly everything looked right,” McGladrey says. The only noticeable mistake was a minor error in the company’s name, which the chief counsel caught. But Gen AI isn’t just boosting the hackers’ speed and sophistication, it’s also expanding their reach, McGladrey says. Hackers can now use gen AI to create phishing campaigns with believable text in nearly any language, including those that have seen fewer attack attempts to date because the language is hard to learn or rarely spoken by non-native speakers.

“As part of the great resignation of 2021, we’ve seen an increasingly fragmented view of intellectual property on the part of departing employees. Businesses can reduce the substantial risk associated with data exfiltration of trade secrets, regulated data and other sensitive data by deploying and monitoring DLP across the enterprise, including remote endpoints.” — IEEE Senior Member Kayne McGladrey

Companies with mature GRC programs have an advantage over their competitors. However, something has been missing in the GRC world: the ability to truly understand an organization’s GRC maturity and the steps it would take to build the business case for change. That’s where the GRC Maturity Model comes in.

Hyperproof’s GRC Maturity model is a practical roadmap for organizations to improve their GRC maturity business processes to enter new markets and successfully navigate our rapidly changing regulatory and legal space. By providing a vendor-agnostic roadmap for how companies can improve key business operations, we can help even the playing field for everyone in GRC.

This extensive, peer-reviewed model written by Kayne McGladrey includes:

• An overview and definition of Governance, Risk, and Compliance (GRC)

• A summary of the four maturity levels defined in the model: Traditional, Initial, Advanced, and Optimal

• An overview of the most common business practices associated with governance, risk, and compliance

• A simplified maturity chart listing the attributes associated with each maturity level

• A list of observable behaviors or characteristics associated with the maturity level to help you assess where your organization falls

• A set of high-level recommendations for how to move from a lower level to a higher level

As far as attacks by state espionage services, McGladrey said airlines aren’t the only target within the travel industry. An attack on the reservation system of Marriott’s Starwood brands in 2018, which exposed nearly 500 million customer records, is believed to have been perpetrated by China. Generally, espionage attacks aren’t geared toward credit card fraud and personal account takeovers the way criminal cyberattacks can be, McGladrey said, but there’s always a chance a government hacker will moonlight on the dark web.