Compliance as a Critical Business Enabler (podcast)

In recent years, we’ve seen a significant shift in the threats targeting businesses. “Everybody focused on the human harms, people couldn’t check into their hotel rooms; people couldn’t use an ATM… the nature of the technical exploits is not what we focus on in terms of harm… that’s not what we focus on in terms of harm,” states Kayne McGladrey, a field CISO at Hyperproof and senior IEEE member. This reiterates the transition from mere inconvenience to significant operational disruptions and economic consequences that cyber threats now pose.

An ‘acceptable trade-off’ if bankruptcy is the only other option

Kayne McGladrey (@kaynemcgladrey), Cybersecurity Strategist at Ascent Solutions, said delaying or cancelling security projects is “an acceptable trade-off” only if bankruptcy is the alternative.

“Due to the pandemic, this is the choice that some organizations face today,” he continued. “Other organizations should first prioritize their security projects to mitigate those risks with the highest potential impact to the business. Organizations should then have a difficult conversation about residual risks with their cyber insurance providers, and plan to implement monitoring of those risks not transferred to insurance or mitigated through implementation of technical controls.”

Although organizations believe the cloud to be inherently more secure, this two-step strategy will improve the security of cloud-based solutions for each organization. When combined with a larger cyber security program, these reduce the risks of a damaging breach.

“Out of all the CISO’s and security leaders I’ve spoken with over the last three months, the main theme of 2023 is going to be ‘the year of risk,’ and a lot of that risk we’re talking about at this level is regulatory,” said Kayne McGladrey, Field CISO at Hyperproof.

Since the 1990s, security convergence evolved from merging physical and network security into integrating physical, digital, and operational security. Initially, organizations combined controls to address risks from siloed measures. In the 2000s, connections between physical systems and IT security led to unified governance frameworks. By the 2010s, convergence became holistic, driven by cloud computing and mobile devices. Today, a unified framework aligns all security domains, integrating controls for cloud services, IoT, and industrial systems. Looking ahead, convergence will leverage AI, machine learning, and predictive analytics to enhance threat detection and response, while privacy regulations like GDPR and CCPA shape measures to protect user privacy.