Threat Hunters, Multi-factor Authentication and Mental Agility

“We can anticipate a significant increase in disinformation and phishing attacks as the United States prepares for early or mail-in voting in the 2024 elections. The majority of these attacks will likely come from cybercriminals spreading disinformation about how and where to vote. This year’s phishing campaigns may be more sophisticated and widespread, as non-native English or Spanish speakers will be able to leverage large language models to produce realistic messaging,” says Kayne McGladrey, IEEE Senior Member.

Featured Presentation: “Best practices for cyber security training programs” by Kayne McGladrey, CISSP Employees dread the meeting invitation that reads ‘Annual mandatory cyber security training in the break room at 1 PM Wednesday’. In this presentation, we’ll discuss best practices for creating a reality-based training program that encourages employee participation and builds organizational muscle memory for responding to active threats.

“This is a journey, not a one-and-done conversation,” he says. Make a habit of checking in with kids about what they saw on the internet that day, what they thought about it, and if they thought it was safe or not, and why. And you can’t outsource your parenting to a computer, so McGladrey cautions parents not to solely rely on controls and monitoring programs.

McGladrey finds an increased need in cybersecurity as the pandemic has forced an increase in online resources. “Cybersecurity is a way of protecting our friends, family, and communities from financial losses and the loss of their privacy,” McGladrey said.

Cloud computing will continue to grow despite the frequency of breaches due to a lack of administrative controls and unintentional configuration errors. When an administrator had access to an on-premises server, they could only administer that server; a “cloud administrator” can administer all the assets in a given cloud instance, including backing up and exfiltrating entire servers. This is like the unintentional configuration errors that have plagued so many Amazon S3 buckets in 2019, where organizations have stored PII in S3 in a default configuration, and then those data have been accessed by security researchers.

As we approach 2023, it’s natural to look back on the biggest security events that took place this year and anticipate their effect next year. The previous two years have shown that our world is full of complexity and uncertainty, despite all the advances in data collection, compliance operations automation, and SaaS technology. Risk modelers and analytics experts know we can’t predict or control the world with any degree of certainty, but it’s important to brace ourselves for the upcoming threats and new opportunities the coming year will present. Here are three key risk management predictions we have for 2023 that will shape the risk management industry.