Why a return to the office brings identity and mental health challenges

I’ll be speaking on WWJ-AM (Detroit, MI) today at 12:30 PM ET. Looking forward to discussing cyber security with Brian Larsen.

“It’s low effort for them. Once they set up the subscription and unless the subscription is canceled, they don’t have to do any other work and they can resell access to that subscription,” he said. “So it’s a guaranteed line of profit for them until somebody goes and notices there’s been a problem.”

Criminals typically resell access to the services on secondary markets, McGladrey said. Criminals may resell a streaming service that’s normally $10 per month for $5, netting the thieves $5 monthly. While a single crime is not that profitable, there have been cases where groups have reaped millions of dollars by charging small amounts to hundreds of thousands of consumers, he said.

Identity management of users and devices is key for CISOs to manage the risks associated with unauthorized access to sensitive data and systems, according to Kayne McGladrey, Field CISO at Hyperproof and IEEE senior member. “From a control operations standpoint, the two most important capabilities are the ability to validate a user’s behavior when it deviates from the norm, and the ability to quickly de-provision access when it is no longer needed,’’ McGladrey told VentureBeat.

For example, if a user regularly logs in from Washington State using their Windows-powered computer to access a single program, there’s little reason to prompt them for a second authentication factor, he said. “But when the device changes, perhaps a new Mac computer that’s not configured correctly, or their location suddenly changes to Australia, they should be prompted for multifactor authentication as part of identity validation before being allowed to access those data,” McGladrey said. When a user leaves an organization, their identity access should be rapidly revoked across all platforms and devices. Otherwise, organizations run the risk of a threat actor using the older access and credentials, McGladrey added.

Although motivations like that mean any organization using AI could be a victim, Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers (IEEE), a nonprofit professional association, and field CISO at Hyperproof, says he expects hackers will be more likely to target the tech companies making and training AI systems.

But CISOs shouldn’t breathe a sigh of relief, McGladrey says, as their organizations could be impacted by those attacks if they are using the vendor-supplied corrupted AI systems.

In a world where compliance and engineering teams must work together to build compliant products, competing goals and philosophies can make collaboration frustrating for both sides. Join representatives from Instacart as they share their story on how they worked with engineering to build a compliant product, best practices for collaborating across teams to build scalable, compliant solutions and how to foster a culture of security and compliance across your organization.

After completing this session, participants will be able to:

• Build more credibility with engineering teams.

• Incorporate features that enable compliance into products.

•  Work with your engineering team—not against them—to build high-quality, compliant products.

•  Make long-term continuous compliance a reality with automation tools.

Besides working nights, I learned in my fifteen-minute conversation that Rosa volunteers at an elementary school. She’d met no one who worked in cyber security, and the kids she worked with hadn’t considered it as a career option. They wanted to be rappers, they wanted to be marine biologists; they didn’t know there was a high-paying position called “security operations center analyst.”