Telehealth is Booming: Here’s What You Need to Know

Telehealth, often referred to as virtual doctor appointments, has been utilized in remote regions that do not have local medical resources for several decades. But when COVID-19 began impacting many countries across the globe, telehealth became the go-to method for checking in with your doctor about possible COVID-19 symptoms or other healthcare check-ups.

Interview with Kayne McGladrey – vCISO / Spokesperson / Global Cybersecurity Thought Leader / Strategy and GRC Practice Lead

Hey Guys, Today I have an interview with Kayne McGladrey, he is a vCISO / Spokesperson / Global Cybersecurity Thought Leader / Strategy and GRC Practice Lead who I follow on twitter  and find extremely interesting J He is a national cybersecurity expert, helping clients develop proactive programs to manage cyber-risk. He is the cybersecurity…

Cross-Site Scripting Attacks: How to Prevent XSS Vulnerabilities

“If an attacker can steal the user’s cookies, that attacker can impersonate that end user,” says Kayne McGladrey, a senior member and impact creator of the Institute of Electrical and Electronics Engineers. “In an XSS exploit, if I can steal your cookies, I can become you or impersonate you. I can change your password. I can change your backup email account. I can take over that entire account.”

The COVID-19 Pandemic Has Become a Catalyst for Cyberattacks

An ‘acceptable trade-off’ if bankruptcy is the only other option

Kayne McGladrey (@kaynemcgladrey), Cybersecurity Strategist at Ascent Solutions, said delaying or cancelling security projects is “an acceptable trade-off” only if bankruptcy is the alternative.

“Due to the pandemic, this is the choice that some organizations face today,” he continued. “Other organizations should first prioritize their security projects to mitigate those risks with the highest potential impact to the business. Organizations should then have a difficult conversation about residual risks with their cyber insurance providers, and plan to implement monitoring of those risks not transferred to insurance or mitigated through implementation of technical controls.”

Extracting value from data: How the cloud can help

“Where cloud analytics shine is in detecting a repeated series of risky actions by an individual user account [that signal] a business email compromise followed by a ransomware attack,” he said. “Cloud analytics allow organizations to detect and prevent these and other attacks not only at scale but also faster than traditional investigative techniques.”

How CISOs Follow The Money

Kayne posits, “If you want to see what your new product features are going to be in the next 12 to 18 months, see where the VCs are spending their dollars. If we’ve seen something consistently in the past, in the past 10 years we’ve seen $30 billion of investment inside of cyber security.”

McGladrey is a gadfly for cyber security leaders to forecast budgets based on the newest in new technology. Whether the CISO in question is a bleeding edge, leading edge, fast follower or back-with-the-pack type executive is up to them. Any which way you slice it, you should be able to see where you are spending money in the future based on where venture capitalists are putting their money now.

Data Is The New Perimeter

The focus has been on knowing where the crown jewels sit and protecting that space. CSHub Executive Board Member and IEEE Public Visibility Initiative spokesperson Kayne McGladrey notes, “if you don’t know where your data live, you can’t apply any effective policies around access controls or do any meaningful incident response or do any meaningful security awareness.”

The New CISO Journey Includes Tried & True Old Steps

“It remains a very complicated role because you have to ultimately be able to speak, to three separate audiences: the business folks- who are interested in cost controls and also cost savings and cost improvements, and material effect of the business. The technology folks: who want to know that you’re doing the cyber right. And legal folks: who want to know that they’re adequately shielding the business from legal and regulatory risk.”

Data privacy and data security are not the same

While data privacy is becoming more regulated every year, it is still a matter that, today, largely comes down to trust, said Kayne McGladrey, a cybersecurity strategist at Ascent Solutions. As the backlash in the wake of the Cambridge Analytica scandal shows, what people expect from the companies they do business with is just as important as the laws that govern the use of their data.

“Today’s data privacy is primarily concerned with the processing of personal data based on laws, regulations, and social norms,” McGladrey said. “Often this is represented by a consumer ignoring an incomprehensible privacy policy (that would take nearly 20 minutes to read) before clicking a button to acknowledge their consent to that policy. Their acceptance of the policy allows the organization to handle their data in documented ways, such as using it to show them targeted advertising based on their inferred interests. However, if that organization sold those personal data to another organization to do something unexpected (like using it to suppress protected free speech) without the consumer’s consent, that would be a breach of privacy, either by regulatory control or by a violation of social norms.”

What Is The Most Cogent CISO Reporting Structure?

“Ultimately the CSO should report to the Chief Risk Officer, the CRO- because ultimately cyber security is about managing risk at a technical level and at a regulatory level. The natural alignment is with risk. Also maintain a very healthy relationship with internal counsel- especially if there’s chief counsel. Have a coffee every once in a while. And have a healthy relationship with the CIO.”

Video: Futureproofing Now (Season #2, Ep. 11) – Cybersecurity & Cybertrust – Predictions & Implications

“Bob Gourley emphasized that despite the dark topic of cyberthreats, we all leave with optimism. Carol Tang addressed the importance of continuous learning as part of a business leader’s proactive approach to mitigating risk and providing safety for customers. Kayne McGladrey emphasized the dual responsibility of today’s corporate decision makers with regard to cybersecurity: understand the complexity but act with transparency and specificity. It’s important to integrate cybersecurity awareness into the fabric of the organization, not sequester cybertrust solely within the domain of technology.”