What are the biggest ethical considerations of security technology?

Full video of my presentation on Managing the Risks of the Future Internet of Things at the 2019 IEEE VICS in San Diego, CA.

Global supply chains have been under intense strain in recent months, a situation that has been made even worse by the growth of cyber attacks, especially in the form of ransomware. The transportation sector, which has been largely deregulated, needs to adopt recommendations by industry and government organizations for implementing measures that they might have overlooked in years. The price of failing to do so can be high, with ransomware attacks threatening to shut down critical logistics operations for days or even longer.

In this live episode of the Virtual CISO Happy Hour, our cybersecurity experts discuss the critical steps companies must take to navigate the complex landscape of data privacy. They discuss the importance of establishing regular data inventories and minimization efforts to ensure that only business-critical information is retained, thereby reducing the attack surface for threat actors.

The conversation shifts to the pitfalls of treating privacy audits as one-off events rather than ongoing processes. Our experts argue for the automation of data control operations and the continuous evaluation of their effectiveness, which is crucial for maintaining compliance and achieving certifications like ISO or SOC 2.

The episode also tackles the misconception of ‘cyber risk,’ advocating for a broader understanding of business risk and its real-world consequences. The discussion highlights the importance of aligning cybersecurity strategies with business KPIs and KRIs to effectively communicate the value of security measures to executives and boards.

Furthermore, they explore the role of CISOs in control design and effectiveness, emphasizing collaboration with CFOs to leverage their experience with regulatory compliance for more nuanced and effective control strategies. They also touch upon the significant cost savings that can be realized by reevaluating and updating corporate risk registers in response to changes in data storage and access patterns.

This episode is a must-listen for any professional involved in data privacy and cybersecurity, offering practical insights into making informed decisions that align with both security and business objectives.

Fraud isn’t new, but the internet has provided hackers with the capabilities to easily use the threat vector to trick employees into providing access to their enterprises. Cyberfraud attacks, often distributed via phishing or spear-phishing campaigns, consistently plague and sometimes even completely disable enterprises. Despite the growing number of technologies available to detect and prevent such social engineering attacks from being successful, the weakest link remains human error — be it negligence, maliciousness or apathy. Here, Institute of Electrical and Electronics Engineers member Kayne McGladrey describes the types of cyberfraud attacks enterprises will inevitably face, from credential harvesting to typosquatting attacks. He also offers best practices for creating and instituting a cybersecurity awareness program to prevent employees from falling victim to such threats.

We thought it would be a great idea to get Kayne’s take on some key issues facing the world from a cybersecurity perspective, and also learn more about his journey. We get lots of questions from readers about how to break into the cybersecurity industry, how to get their foot in the door, and all manner of other questions relating to getting started. This is why we think it’s so important to share the experiences of those in the industry.

A key ingredient for success in cybersecurity is a passion for all things tech and security. Needless to say, we were also impressed to learn that Kayne has over fifty smart devices and a handful of robots! Let’s take a look at what Kayne had to say: