37 Cybersecurity Awareness Month Quotes from Industry Experts in 2023

Migration is a transformative process, which means it needs the full backing of the C-suite. Kayne McGladrey, Director of Information Security Services for Integral Partners, LLC, says it is vital to offer “an effective presentation to the board about the benefits and challenges associated with
the migration, and it has to have a narrative. You have to find stories of success and failure inside
of your industry in order to present the full picture to the board.”

“There are many lessons that the enterprise will learn through piloting—whether it’s identified
security risks, user communication risks, or education risks—all of which provide future guidance,” says Kayne McGladrey, Director of Information Security Services for Integral Partners LLC. “By the time you get to the harder transition elements, including full infrastructure rollout, you’ve already sorted through the main issues, thanks to your pilot-based learning journey.”

“Employees across industries are finding new and innovative ways to perform their tasks at work faster,” says Kayne McGladrey, IEEE senior member and field CISO at Hyperproof. “However, this can lead to the sharing of confidential or regulated information unintentionally. For instance, if a physician sends personal health information to an AI tool to assist in drafting an insurance letter, they may be in violation of HIPAA regulations.” The problem is that many public AI platforms are continually trained based on their interactions with users. This means that if a user uploads company secrets to the AI, the AI will then know those secrets — and will spill them to the next person who asks about them. It’s not just public AIs that have this problem. An internal large language model that ingested sensitive company data might then provide that data to employees who shouldn’t be allowed to see it.

Another way to thwart cyberattacks is to increase the number of cybersecurity experts, McGladrey says. According to the 2017 cybercrime report from the Herjavec Group, cybersecurity firms estimate such crimes are going to cost about $6 trillion annually by 2021. Companies are experiencing shortages in qualified applicants for cybersecurity jobs. The U.S. Department of Commerce estimates there are now about 350,000 unfilled positions, and that number is only going to increase. McGladrey says.

Kayne sees a greater challenge educating younger generations about creating similar habits. How young is too young? “If you’re targeting high school-age students, you are probably too late. Focus on teaching healthy skepticism at middle school along with identifying phishing and the importance of updating devices with security patches.” The adage that if something is too good to be true, it probably is may not be familiar to this age group because they have not been personally impacted. “Question the benefit or reward claims made by a mobile game before it’s downloaded and installed. Be suspicious.”

This week’s special guest Kayne McGladrey, (blog: kaynemcgladrey.com ), CISO-in-Residence at Hyperproof, outlines the business challenges that CISO’s face, as we discuss new types of risk in daily threat management.

Denial of service attacks aren’t always top of mind for organizations dealing with cyber threats. Often, they’re seen as nuisance threats, said Kayne McGladrey, IEEE senior member and cybersecurity strategist at Ascent Solutions. When hit, companies can often just hire a mitigation vendor and block the attack traffic.

“And our politicians aren’t really talking about this,” he said. “They haven’t personally been affected by it.”

These kinds of attacks also don’t have the same kind of compliance implications as other types of cybersecurity incidents, he added. Data breaches, for example, have to be reported and remediated, both of which can be costly.