Data loss prevention vendors tackle gen AI data risks

McGladrey finds an increased need in cybersecurity as the pandemic has forced an increase in online resources. “Cybersecurity is a way of protecting our friends, family, and communities from financial losses and the loss of their privacy,” McGladrey said.

Ever wonder why hackers wear hoodies? Or why should you be concerned if your government job has a good view? Or what the most money-sucking board game is? Well this is the episode for you! We met Kayne’s cat, talked about old computers, ethics issues in AI, funny stories from Kanye’s first job, comical failings of physical security from Kayne’s audit days, and of course board games again!

Identity management of users and devices is key for CISOs to manage the risks associated with unauthorized access to sensitive data and systems, according to Kayne McGladrey, Field CISO at Hyperproof and IEEE senior member. “From a control operations standpoint, the two most important capabilities are the ability to validate a user’s behavior when it deviates from the norm, and the ability to quickly de-provision access when it is no longer needed,’’ McGladrey told VentureBeat.

For example, if a user regularly logs in from Washington State using their Windows-powered computer to access a single program, there’s little reason to prompt them for a second authentication factor, he said. “But when the device changes, perhaps a new Mac computer that’s not configured correctly, or their location suddenly changes to Australia, they should be prompted for multifactor authentication as part of identity validation before being allowed to access those data,” McGladrey said. When a user leaves an organization, their identity access should be rapidly revoked across all platforms and devices. Otherwise, organizations run the risk of a threat actor using the older access and credentials, McGladrey added.

Financial institutions can avoid becoming the next victim of a costly cyberattack by leveraging automation and existing legislation. Automation can help to mitigate risk when handling personal client information by storing records efficiently and securely, Kayne McGladrey, field chief information security officer at Hyperproof, told Bank Automation News. “If you don’t automate, that has a cost, because now people are spending their time doing control testing,” he said. “The organizations that recognize that are going to probably spend a lot less time on compliance and have a happier team, because they’re not doing routine stuff that they should have automated.”

Companies with mature GRC programs have an advantage over their competitors. However, something has been missing in the GRC world: the ability to truly understand an organization’s GRC maturity and the steps it would take to build the business case for change. That’s where the GRC Maturity Model comes in.

Hyperproof’s GRC Maturity model is a practical roadmap for organizations to improve their GRC maturity business processes to enter new markets and successfully navigate our rapidly changing regulatory and legal space. By providing a vendor-agnostic roadmap for how companies can improve key business operations, we can help even the playing field for everyone in GRC.

This extensive, peer-reviewed model written by Kayne McGladrey includes:

• An overview and definition of Governance, Risk, and Compliance (GRC)

• A summary of the four maturity levels defined in the model: Traditional, Initial, Advanced, and Optimal

• An overview of the most common business practices associated with governance, risk, and compliance

• A simplified maturity chart listing the attributes associated with each maturity level

• A list of observable behaviors or characteristics associated with the maturity level to help you assess where your organization falls

• A set of high-level recommendations for how to move from a lower level to a higher level