Similar Posts
What are the pros and cons of shadow IT?
ByKayneAs workers develop and deploy technology without any reviews or security assessments, they often increase the organization’s exposure to various risks, said Kayne McGladrey, a senior member of the IEEE and field CISO at Hyperproof, a compliance management software company, based in Seattle.
Employees should be aware that the IT department conducts thorough research to ensure the organization’s technology is safe and compliant with company policies. The technology itself could be vulnerable to cyberattacks, as unauthorized tech rarely goes through the same level of scrutiny that technology selected and onboarded by IT does, he said.
The practice of shadow IT could open the organization to critical weaknesses. Hackers are known to look for such vulnerabilities, further upping the cybersecurity risk, McGladrey said. IT teams might face challenges in managing unfamiliar technologies not approved by the organization. As the unauthorized technology falls outside of IT’s knowledge and control, the IT team might have less visibility into and a diminished ability to monitor its use, he said.
An Analysis of Section 1C Disclosures in Q1 of 2024
ByKayneLate in 2023, the Securities and Exchange Commission (SEC) in the United States published Regulation S-K Item 106, which requires public companies to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats. Historically, companies were not required to disclose these processes to investors or market regulators, and there were no established guidelines for what a “good” disclosure would look like. Hyperproof reviewed disclosures from nearly 3,000 companies across over three hundred industries and have identified trends for what goes into a robust, meaningful disclosure.
When More is Not Necessarily Better: The Impacts of Multiple Security Tools
ByKayne“Organizational collaboration is difficult when different data protection tools perform similar functions, as it may be unclear how to allow a collaborator to access or modify data. Something as simple as data classification and labeling becomes overly complex and a nuisance to end users if they need to set a label in multiple locations, particularly when the labels are not consistent across tools.”
3 ways to fix old, unsafe code that lingers from open-source and legacy programs
ByKayneThe biggest issue with prioritizing software fixes is that there’s often a disconnect between security controls and business risk outcomes, according to Kayne McGladrey, IEEE senior member and field CISO at Hyperproof, a security and risk company. That makes it harder to get executive support, he says. Code maintenance and dependency management aren’t sexy topics. Instead, executive interest tends to focus “on the financial or reputational repercussions of downtime,” McGladrey tells CSO.
“To address this problem, organizations should document and agree upon the business risks associated with both first-party and third-party code. Then they need to determine how much risk they’re willing to accept in areas like reputational damage, financial damage, or legal scrutiny. After there’s executive-level consensus, business owners of critical systems should work to identify and implement controls to reduce those risks,” McGladrey says.
Setting The Four Cornerstones Of Cloud Security: Accountability, Strategy, Visibility & Enablement
ByKayneWe talk about ‘data breaches’ because of regulatory and statutory definitions that focus on the disclosure of data. An organization’s security strategy should work with the end in mind, and focus heavily on denying threat actors access to those data with the highest regulatory, statutory, or contractual risks.
Moving Compliance From Paperwork To Automation
ByKayneUnderstanding the risk to your business requires human intuition. But that doesn’t mean there aren’t a lot of things along the path to understanding risk that can’t be improved with automation. At Black Hat, David Spark spoke to Kayne McGladrey, field CISO, Hyperproof, about how having a security-focused company culture can help CISOs link their known risks to their controls in order to put their budget where it will have the most impact. This can allow organizations to operate within the reality that business risk and cyber risk are not separate things. With changing state regulations and rapidly advancing technology, staying on top of your risk in a simple and understandable way is more imperative than ever.