3 Tips To Thwart Insider Attacks: An Essential Guide For Summer Travels
Dos And Dont’s For Privileged Accounts
Dos And Dont’s For Privileged Accounts
When a “pay restroom” 100 miles from the nearest major city accepts frictionless mobile payments, stores that force buyers to wait a minute for a chip-and-PIN transaction seem dated, and cash-only transactions are inconvenient.
The regulatory environment for health-care organizations places a high value on personal health information, writes Kayne McGladrey of Integral Partners. However, the dark web market value of PHI has cratered, according to cybersecurity firm Flashpoint. A PHI record that sold for an average of $75 to $100 in 2015 would net $0.50 to $1 in 2017, he writes.
Tune in KXL-FM (Portland, OR) at 4 PM Pacific for a discussion on the intersection of cyber security, agriculture, and the cloud.
“IoT security remains one of the most challenging security vulnerabilities to businesses and consumers,” says Kayne McGladrey (@kaynemcgladrey), Director of Information Security Services at Integral Partners. “The Mirai and Reaper botnets are results of threat actors leveraging poor security controls on IoT devices, building attack infrastructure out of those devices, and using that stolen infrastructure to attack organizations. Organizations purchasing IoT/IIoT devices should treat them the same as any other endpoint device connecting to the corporate network.”
Device location and user behavior can shed a lot more light on a login attempt, yet not all MFA solutions currently incorporate them, says McGladrey. If organizations switched to better access management systems, the cost to successfully infiltrate accounts would rise exponentially, barring “all but the best-funded nation-state actors and APTs.”
Migration is a transformative process, which means it needs the full backing of the C-suite. Kayne McGladrey, Director of Information Security Services for Integral Partners, LLC, says it is vital to offer “an effective presentation to the board about the benefits and challenges associated with
the migration, and it has to have a narrative. You have to find stories of success and failure inside
of your industry in order to present the full picture to the board.”
“There are many lessons that the enterprise will learn through piloting—whether it’s identified
security risks, user communication risks, or education risks—all of which provide future guidance,” says Kayne McGladrey, Director of Information Security Services for Integral Partners LLC. “By the time you get to the harder transition elements, including full infrastructure rollout, you’ve already sorted through the main issues, thanks to your pilot-based learning journey.”
“Administrative passwords — they’re sort of interesting,” McGladrey says. “If you can get an application’s password, that’s what got us to the Panama Papers a few years ago, where the third-party attacker was able to compromise the WordPress password, which, because of poor password storage technologies, happened to be the same as their database password.
“All of a sudden we got — three terabytes or something like that; it was something absurd — of ex-filtrated client data. The prime minister of Iceland got in a little bit of trouble about that, as well as people like Jackie Chan, all because the organization didn’t have a good mentality around rotating the passwords that were associated with apps. That problem transitions. It’s not a technology problem. It’s a cultural problem. And it transitions, regardless of environment.”
Cybersecurity is a game of cat and mouse. As a threat hunter, you’re the cat. “This role is close to that of a field biologist, as the threat hunter observes their prey – third party attackers – in the wild,” says Kayne McGladrey, director of information security services at Integral Partners, a cybersecurity firm whose specialty is identity and access management, and a member of the Institute of Electrical and Electronics Engineers. “Threat hunters set traps and snares that appeal to (cybercriminals) and lead to fake computers where the threat hunter can monitor an attacker’s behavior before shutting down the breach.”
According to IEEE Member and Integral Partners Director of Information Security Services, Kayne McGladrey, healthcare sectors embody “Lean IT” as they are not in the cybersecurity line of business.
On a more explicitly enterprise level, “IoT technologies that have a rapid return on investment (ROI) are the most likely to take off first, and that means “reducing costs through automation,” said Kayne McGladrey, director of Integral Partners, an identity and access management (IAM) consultant firm.
Cybersecurity in a Hyperconnected World: By Kayne McGladrey, IEEE Member, and Stephen Cass, IEEE Spectrum Senior Editor