Managing the Risks of the Future Internet of Things

While homomorphic encryption can require lots of computing power, it has a few big upsides. For one thing, according to Kayne McGladrey, IEEE Senior Member, it allows companies in highly regulated industries, such as finance or healthcare, to store data on a public cloud. “As the data remains encrypted in all phases, even a data breach of a third party will not provide a threat actor with access to encrypted data,” McGladrey said.

“If an organization learns that there is a vulnerability being actively exploited — or that a proof of concept for a vulnerability has been developed and is in the wild — they can accelerate patching the affected, vulnerable assets to reduce the likelihood of a successful attack.”

For some organizations CCPA will require a total overhaul on their privacy policies, while others might only need to make minor changes due to existing GDPR compliance. But as Kayne McGladrey, Chief Information Security Officer at Pensar Development, pointed out, there will certainly be another round of endless privacy disclosure emails.

“The monetization and weaponization of digital threats was comparably new when the critical infrastructure components that manage our modern world were being designed for reliability a decade or two ago,” said IEEE Senior Member Kayne McGladrey. McGladrey says that it’s time consuming to patch security flaws in many of these older components, some of which were designed to run uninterrupted for decades.

Kayne McGladrey (@kaynemcgladrey), security architect/strategy and GRC practice lead at Ascent Solutions, recommends following the Cybersecurity Maturity Model Certification 2.0, which was developed by the U.S. Department of Defense. It offers a framework that incorporates “Zero Trust tenets that will help companies maintain regulatory compliance and ensure that data are adequately protected against evolving threats from nation states and advanced persistent threats,” he says.