Data loss prevention vendors tackle gen AI data risks

Kayne McGladrey, an advisory board member for the Technology Alliance Group NW and cybersecurity strategist for the firm Ascent Solutions, tells ISMG, “These [various legislative efforts] all stem from the issue that there is no single source of truth on the volume or scope of cyberattacks, which has led to the perception that it is difficult to apply commensurate public and private policy responses.”

Last month at the #ATTBizSummit, Javvad Malik and I talked about increasing diversity in cybersecurity, and I unveiled my secret weapon for tweets. (Spoiler: she’s 11).

“We talk about ‘data breaches’ because of regulatory and statutory definitions that focus on the disclosure of data. An organization’s security strategy should work with the end in mind and focus heavily on denying threat actors access to those data with the highest regulatory, statutory, or contractual risks.” Kayne McGladrey, Field CISO at Hyperproof

“Businesses and organizations would need to … educate their workforce on how to validate that a certificate was correct,” he says. “And there would need to be a substantial educational investment to combat the inevitable phishing campaigns that’d spring up, such as fake websites to collect personally identifiable information and fake security alerts associated with these digital certificates.”

Keeping an organization secure is every employee’s job. Instead of the obligatory employee training, Director of Security & IT for Pensar Development Kayne McGladrey recommends continuous engagement with the end-user community. “Provide opportunities and instrumentation to demonstrate policy violations rather than lecture at people.” Examples include leaving a USB data stick in a break room or using phishing tools to falsify emails from known employees that seem suspicious. “This helps educate and creates healthy suspicion,” said McGladrey.