On The Hook Eps 9 w/ Kayne McGladrey – CISO Mansion of Madness

“There are too few defenders to collect, process, and analyze the overwhelming amount of available data to produce threat intelligence,” McGladrey told HITInfrastruture.com. “The promise of machine learning is to allow computers to do what they do well, in automating the collection and processing of indicators of compromise, and analyzing those data against both known and emerging threats.”

Fraud isn’t new, but the internet has provided hackers with the capabilities to easily use the threat vector to trick employees into providing access to their enterprises. Cyberfraud attacks, often distributed via phishing or spear-phishing campaigns, consistently plague and sometimes even completely disable enterprises. Despite the growing number of technologies available to detect and prevent such social engineering attacks from being successful, the weakest link remains human error — be it negligence, maliciousness or apathy. Here, Institute of Electrical and Electronics Engineers member Kayne McGladrey describes the types of cyberfraud attacks enterprises will inevitably face, from credential harvesting to typosquatting attacks. He also offers best practices for creating and instituting a cybersecurity awareness program to prevent employees from falling victim to such threats.

“McGladrey told us there is a grain of truth to the claim made in the Facebook post. He says on certain office landline phones, like corporate PBX systems, pressing a variation of those digits allows a call transfer to happen. But this does not affect cell phones or residential landlines.”

I’ll be speaking on WWJ-AM (Detroit, MI) today at 12:30 PM ET. Looking forward to discussing cyber security with Brian Larsen.