Similar Posts
PCI Compliance & the Importance of Penetration Testing
ByKayne
By asking the right questions and implementing appropriate controls according to a defined standard, state and local agencies can go a long way toward improving security. “If you’re compliant with PCI, it really does reduce the likelihood of data breaches and the reputational damage associated with that,” says Kayne McGladrey, IEEE Senior Member and field CISO at compliance management platform Hyperproof.
ICS security challenges and how to overcome them
ByKayne
One of the biggest security challenges, however, might be IT/OT convergence — the merging of information technology with operational technology. IT teams are no strangers to infosec, but their OT counterparts working among industrial control systems (ICSes) have generally never worked in internet-connected networks. Yet, as the benefits of IoT and industrial IoT (IIoT) become apparent, more ICSes and OT environments are becoming connected — bringing multiple benefits but also creating multiple security threats. Compounding the risk is that IT teams don’t know how to handle threats in such environments, leaving many IT and OT teams unsure exactly where the security responsibility lies.
Here, Institute of Electrical and Electronics Engineers Inc. (IEEE) member Kayne McGladrey outlines the challenges of ICS security and explains how OT environments can counter such threats while still reaping the benefits of IoT.
How CISOs Follow The Money
ByKayne
Kayne posits, “If you want to see what your new product features are going to be in the next 12 to 18 months, see where the VCs are spending their dollars. If we’ve seen something consistently in the past, in the past 10 years we’ve seen $30 billion of investment inside of cyber security.”
McGladrey is a gadfly for cyber security leaders to forecast budgets based on the newest in new technology. Whether the CISO in question is a bleeding edge, leading edge, fast follower or back-with-the-pack type executive is up to them. Any which way you slice it, you should be able to see where you are spending money in the future based on where venture capitalists are putting their money now.
What to Know About the Proposed New HIPAA Rules
ByKayne
If approved, the proposed new HIPAA rules will reshape the landscape of healthcare cybersecurity, partially addressing the recent OIG report’s findings on the ineffectiveness of current HIPAA audits. For CISOs, these changes present both opportunities and challenges as they work to enhance their organizations’ cybersecurity practices. The updated compliance requirements for electronic protected health information promise significant benefits but also come with associated costs. As these rules are open for public comment over the next sixty days, healthcare CISOs have a window to provide their insights and influence the final regulations, ensuring they align with the practical realities of safeguarding sensitive health data.
Security in 2022 – Ransomware, APT groups and crypto exchanges pose key challenges
ByKayne
Adopting zero trust strategies are a potential solution to mitigate the challenges of ransomware, bulk intelligence data collection, and technical threats to cryptocurrency. As zero trust is predicated on a continuous authentication of user and device identities based on prior known-good behaviors, unusual events from previously unknown devices will be far less frequent and the telemetry far more obvious for investigation by blue teams.
A cybersecurity skills gap demands thinking outside the box
ByKayne
“There’s a perception that it is all hands-on-keyboards — people sitting in a basement somewhere drinking soda,” McGladrey said. “That perception, unfortunately, drives a lot of talented individuals who would have made a lot of meaningful contributions to the field to make other career choices.”
McGladrey wants security pros to talk to their colleagues, friends and families about the field and its diversity of roles. He also urges organizations to widen their candidate pools to include those with more varied backgrounds and life experiences.
“Right now in cybersecurity, we’re doing the same thing over and over and expecting a different result — the definition of insanity,” he said.