Why a return to the office brings identity and mental health challenges

Schools also contend with risk born of constant user shifts in the student population. This puts schools in an unusual and unenviable position, Kayne McGladrey, field CISO at Hyperproof, said via email. “Being able to apply real-time policies based on user and device behavior via zero-trust networking becomes critical in this environment,” McGladrey said. Absent these tools, strategies and adequate staff, schools will remain a frequent target for cybercriminals. They could also, at the very least, give schools the confidence needed to refuse ransom demands.

Based on the Consent Order, firms in this space should be prepared to demonstrate to NYDFS how their compliance programs meet the standards outlined in DFS regulations, particularly the Virtual Currency Regulation, the Money Transmitter Regulation, the Cybersecurity Regulation, and the Transactions Monitoring Regulation. Firms should also ensure that they have documented policies and procedures required by the Cybersecurity Regulation.

The proverbial endpoint is everywhere. Consumers have more IoT and mobile devices than ever before. Industrial IoT is becoming ubiquitous and IoT malware is as common as cell phones. While conveniences are making their way into every facet of life, so are malicious software, social engineering attack and all manner of bad actors.

All controls and tools should be linked to a reduction in the probability or likelihood of a risk that’s above the organization’s tolerance level, says Kayne McGladrey, CISO at risk management provider Hyperproof and a senior member of IEEE. If there’s no longer a need for a product, it should go.

“Administrative passwords — they’re sort of interesting,” McGladrey says. “If you can get an application’s password, that’s what got us to the Panama Papers a few years ago, where the third-party attacker was able to compromise the WordPress password, which, because of poor password storage technologies, happened to be the same as their database password.

“All of a sudden we got — three terabytes or something like that; it was something absurd — of ex-filtrated client data. The prime minister of Iceland got in a little bit of trouble about that, as well as people like Jackie Chan, all because the organization didn’t have a good mentality around rotating the passwords that were associated with apps. That problem transitions. It’s not a technology problem. It’s a cultural problem. And it transitions, regardless of environment.”

“Realistically, the use of AI in cybersecurity will help to reduce the punishing cognitive load on tier one analysts in the security operation center,” said IEEE Senior Member Kayne McGladrey. “Rather than having to comb through a needlestack looking for a needle, AI promises to automate much of the correlation across vast amounts of data that humans struggle with.”