Similar Posts

Yahoo porn hacking breach shows need for better security: 5 ways to protect your company

ByKayne

Security expert Kayne McGladrey, who serves as director of security and IT at Pensar Development and is a member of the Institute of Electrical and Electronics Engineers, said companies need to add extra steps to everything.

“The company could choose to add friction, whether it’s multi-factor authentication or an email link just to put a little additional scrutiny and raise the bar so it is materially more difficult for threat actors who have obtained someone’s credentials to be able to reuse those,” he said.

“The benefit of this strategy is that it applies universally. All of the automated attacks these days around credential stuffing and credential spraying do what the Yahoo hacker had done on a much larger scale. They get compromised credentials and test them across a whole bunch of websites using a distributed botnet.”

What are your predictions for Cybersecurity in 2022?

ByKayne

Ransomware threat actors will continue to find new and innovative ways of generating revenue for their criminal operations throughout 2022. If organizations deploy adequate governance and technical controls in 2022 alongside an effective multinational policy response, we can anticipate a gradual ransomware slowdown in the fourth quarter as those threat actors not in prison re-skill as part of a workforce transition to other profitable criminal enterprises. Those countries giving license to ransomware threat actors inside their borders have a unique opportunity to provide a path to legitimate careers for those criminals who choose to voluntarily leave the market, and while this should not necessarily relieve them of any legal actions pending, it may be a useful incentive when considering sentencing.

How to Upgrade Your Security Program from ISO 27001:2013 to ISO 27001:2022

ByKayne

Since the initial release of ISO 27001, the threat actor economy has diversified substantially, with both criminal groups and nation states developing and selling offensive cyber products and cyber surveillance solutions. In response, cybersecurity experts have documented and developed best practices and actionable guidance for organizations to effectively manage their cybersecurity risks. ISO 27001:2022 provides a risk-based reference set of information security, cybersecurity, and privacy controls that have been adopted by modern organizations as part of deploying cloud technologies and addressing data protection requirements driven by GDPR.

Compliance as a Critical Business Enabler (podcast)

ByKayne

Kayne McGladrey, the Field CISO at Hyperproof, is a renowned cybersecurity expert with an extensive background in enhancing security landscapes across various industries. His career is marked by significant contributions in developing robust security frameworks, managing complex risk scenarios, and driving comprehensive compliance initiatives. With a deep commitment to transforming the cybersecurity field, Kayne’s insights and strategies continue to influence how organizations approach security and regulatory compliance, making him a sought-after voice in the industry.

Opening keynote speech at the Seattle Electrical Conference

ByKayne

“I hope that you want to create safe products that benefit individuals and society, that make life better.

That you want to reverse course, and can advocate for security in face of lean IT, DevOps, and less money and less time and less people.

IEEE code of ethics includes the phrase “disclose promptly factors that might endanger the public or the environment”.

Not as strong as language as the other code of ethics I’m bound to follow as a CISSP, to “protect society, the common good, necessary public trust and confidence, and the infrastructure”

Regardless of which code of ethics you’re following, we have responsibility to society to turn this around.”