Kayne McGladrey – Hyperproof | CISO on the Street | Season 3

My prediction for 2024: In response to increasing regulatory burdens and the risk of civil litigation, successful companies in 2024 will lean into enhancements in their compliance operations. They will actively collect and test evidence of security control effectiveness, linking these controls directly to their risks, across all critical assets or systems. This approach ensures companies are confident in accurately describing how well they manage their risk portfolio, including in SEC filings. The automation of compliance operations enables security and audit professionals to spend more time doing the parts of their jobs that they love. Furthermore, as supply chain risks intensify scrutiny of B2B transactions, companies will efficiently repurpose many of their controls and control evidence. This strategy not only allows companies to secure additional attestations or certifications such as ISO or SOC 2 without increasing their workforce, but it also provides a significant competitive business advantage.

The pandemic’s continuing effects on corporate budgets will result in a net reduction in cybersecurity budgets in 2021.

AI can also help improve retention rates by making entry-level cybersecurity jobs “less dull,” says Kayne McGladrey, CISO and CIO of Pensar and a member of the IEEE. “We get people out of school, and they are excited to be on the team. Then, on their first day, they’re handed a checklist: here’s the things you will do and the order in which you will do them.”

The primary emphasis of the new revision is that a ‘notification event’ now triggers the reporting process, described as any unauthorized acquisition of unencrypted customer information. This is a change from the earlier draft of the Rule, which used the term ‘security event’ to describe unauthorized system access or information misuse. This change may result in some confusion, unfortunately, described below.

“This will vary by industry and size of business,” notes Kayne McGladrey, cybersecurity strategist at Ascent Solutions. “A social media company losing control of their content for an hour has a very different risk profile than a manufacturing company being unable to manufacture products.”

While homomorphic encryption can require lots of computing power, it has a few big upsides. For one thing, according to Kayne McGladrey, IEEE Senior Member, it allows companies in highly regulated industries, such as finance or healthcare, to store data on a public cloud. “As the data remains encrypted in all phases, even a data breach of a third party will not provide a threat actor with access to encrypted data,” McGladrey said.