Similar Posts
Podcast Cybersecurity Briefing for Senior Executives With Kayne McGladrey: #AskTheCEO Episode 63
ByKayne[01:23] What are the most pressing Cyber threats to businesses?
[03:30] Why is diversity, and hiring more women, so important for Cybersecurity?
[07:54] Why do cybercriminals go after our data?
[24:11] With cybercriminals spoofing GPS signals, how concerned should we be about them redirecting self-driving cars?
[25:21] What’s next in Cybersecurity and Cybercrime?
Are we building cyber vulnerability into EV charging infrastructure?
ByKayne“Right now, there’s a bit of a Wild West mentality out there,” said Kayne McGladrey, field chief information security officer at security software company Hyperproof and a senior member of the Institute of Electrical and Electronics Engineers. “Companies are incentivized for being first to market, not necessarily most secure to market. Because security costs money and because it requires time and resources, naturally that becomes a lower priority.”
What are your predictions for Cybersecurity in 2022?
ByKayneRansomware threat actors will continue to find new and innovative ways of generating revenue for their criminal operations throughout 2022. If organizations deploy adequate governance and technical controls in 2022 alongside an effective multinational policy response, we can anticipate a gradual ransomware slowdown in the fourth quarter as those threat actors not in prison re-skill as part of a workforce transition to other profitable criminal enterprises. Those countries giving license to ransomware threat actors inside their borders have a unique opportunity to provide a path to legitimate careers for those criminals who choose to voluntarily leave the market, and while this should not necessarily relieve them of any legal actions pending, it may be a useful incentive when considering sentencing.
3 Tips To Thwart Insider Attacks: An Essential Guide For Summer Travels
ByKayneDos And Dont’s For Privileged Accounts
Hack Me If You Can
ByKayneA hacker can say that an institution has 90 days to fix a vulnerability before publicly divulging the secret, and for the vulnerable bank or credit union, that might come off as extortion or a threat. However, it is well within the boundaries of normal security research to do that, according to Kayne McGladrey, Field CISO for the security and compliance company Hyperproof.
“If the company doesn’t respond in a timely manner, that’s where you can get vulnerability disclosures after a reasonable period of time, like 90 or 120 days, or 180 days, depending on which philosophy the researcher subscribes to,” McGladrey said. “That’s all well within the ethical boundaries of a normal security researcher.”
The key difference between an ethical and unethical hacker — between extortion and responsible disclosure — is what the hacker does with the vulnerability.
“I think it’s very possible to say you can prove you can use this vulnerability — maybe it’s to steal a whole bunch of credit card information — without actually doing it,” McGladrey said. “You just show that you can.
Top cybersecurity threats for 2023
ByKayne“Out of all the CISO’s and security leaders I’ve spoken with over the last three months, the main theme of 2023 is going to be ‘the year of risk,’ and a lot of that risk we’re talking about at this level is regulatory,” said Kayne McGladrey, Field CISO at Hyperproof.