Blog

Fraud isn’t new, but the internet has provided hackers with the capabilities to easily use the threat vector to trick employees into providing access to their enterprises. Cyberfraud attacks, often distributed via phishing or spear-phishing campaigns, consistently plague and sometimes even completely disable enterprises. Despite the growing number of technologies available to detect and prevent such social engineering attacks from being successful, the weakest link remains human error — be it negligence, maliciousness or apathy. Here, Institute of Electrical and Electronics Engineers member Kayne McGladrey describes the types of cyberfraud attacks enterprises will inevitably face, from credential harvesting to typosquatting attacks. He also offers best practices for creating and instituting a cybersecurity awareness program to prevent employees from falling victim to such threats.

Featured Presentation: “Best practices for cyber security training programs” by Kayne McGladrey, CISSP Employees dread the meeting invitation that reads ‘Annual mandatory cyber security training in the break room at 1 PM Wednesday’. In this presentation, we’ll discuss best practices for creating a reality-based training program that encourages employee participation and builds organizational muscle memory for responding to active threats.

“The effectiveness of AI solutions this year can be measured via the time-to-discovery metric, which measures how long it takes an organization to detect a breach,” says Kayne McGladrey (@kaynemcgladrey), CISO, Pensar Development. “Reducing time to discovery can be achieved through AI’s tenacity, which doesn’t need holidays, coffee breaks, or sleep, which is unlike Tier 1 security operations center analysts who also get bored reading endless log files and alerts.”

“Human resources, in a lot of organizations, has become a regulatory control function and inhibits hiring because of its focus on certifications,” McGladrey says. This is partly why it’s difficult for blue teamers to jump to the red team, a process that “looks to be an insurmountable and very difficult series of certifications,” he points out.

The proverbial endpoint is everywhere. Consumers have more IoT and mobile devices than ever before. Industrial IoT is becoming ubiquitous and IoT malware is as common as cell phones. While conveniences are making their way into every facet of life, so are malicious software, social engineering attack and all manner of bad actors.

McGladrey advocated for “persistent engagement” with employees on cybersecurity risks as well as testing. Testing can include fake phishing attacks to see what “your users are susceptible to,” he said. The IRS has warned that phishing attacks are a top HR threat.

Episode 005 – “Don’t Forget the Cybersecurity!” A great chat with IEEE member, spokesperson and cybersecurity ninja, Kayne McGladrey @kaynemcgladrey all about the cybersecurity landscape and emerging technologies. He covers the ways cybersecurity is emerging too to address many cyber concerns providing better threat protection. We also discuss AI, Analytics, and Automation and the role they play in the cybersecurity landscape, and insights on the weird and wild world of Social Media and Cyber Awareness.