Running Away From Zombies and Better Protecting Infrastructures
Cybersecurity in a Hyperconnected World: By Kayne McGladrey, IEEE Member, and Stephen Cass, IEEE Spectrum Senior Editor
Similar Posts
A 10-point plan to vet SaaS provider security
“The SaaS vendor should be upfront about data sovereignty and optional localization,” McGladrey adds. “While this is particularly important for multinational organizations selecting SaaS solutions, those organizations bound to a single geography would likely want to avoid awkward situations, such as [personal information] for Americans being intentionally processed and stored in a foreign data center.”
A lack of communications enables breaches and helps derail cybersecurity projects
When planning any migration or deployment of new technology, businesses should carefully consider the best way to communicate the intent and need of the new technology to those users affected by it, as well as to those who work in supporting roles. This article will examine the effects of communication (and lack thereof) on two different client projects.
How can a security automation tool help mitigate unknown threats?
A security automation tool allows people to focus on the more interesting threats — those alerts that have passed a threshold that the automation algorithms can’t sufficiently remediate, or where closing the threat might alert the adversary to a forensic investigation. This is the type of work that security teams enjoy — actively hunting for adversaries and ethically engaging before cleaning up the damages and closing any observed vulnerabilities that were exploited.
Three US state laws are providing safe harbor against breaches
The affirmative defenses combined with making strategic decisions based on published facts is a compelling reason for organizations to select and plan to adopt a framework before the start of the next budgetary year.
Passwords, Multi-Factor Authentication and Cybersecurity
Device location and user behavior can shed a lot more light on a login attempt, yet not all MFA solutions currently incorporate them, says McGladrey. If organizations switched to better access management systems, the cost to successfully infiltrate accounts would rise exponentially, barring “all but the best-funded nation-state actors and APTs.”
Zero trust secures agile business transformation
CIOs should collaborate closely with CISOs to evaluate which zero trust controls will offer the most significant mitigation of agreed-upon business risks. Once specific controls are implemented, they can be centralized and reused across the various compliance standards like SOC 2 Type 2, ISO 27001, and PCI, delivering greater flexibility. “The key lies in the deliberate selection of zero trust controls aimed at reducing specific business risks while potentially streamlining existing compliance efforts,” explains Kayne McGladrey (@kaynemcgladrey), field CISO at Hyperproof and senior IEEE member.