Blog

Companies should pay special attention to consistent classification and labeling of data, as it’s one of the biggest hurdles to effective data governance. Setting default labels for new data (for example, dubbing them confidential) can ensure that policies and technical controls are applied consistently across the organization. This also frees up data creators from having to manually label all newly created information. “In that way, a data steward only needs to review data labels when that data is crossing a security barrier such as preparing a file to send to a client or third-party vendor,” notes Kayne McGladrey (@kaynemcgladrey), director of security and information technology at Pensar Development.

“The CIO won’t see the business impact if there’s not a culture of risk mitigation,” says Kayne McGladrey, director of security and IT for Pensar Development and a member of the professional association IEEE (The Institute of Electrical and Electronics Engineers).

“A culture where security is seen as someone else’s problem will derail any conversation around security, so the biggest thing for CISOs is to make the conversation with CIOs around risk – not around technologies or shiny objects but around risks to the business.”

My slides from the 2019 IEEE Vision Innovation Challenges Summit

You receive a text message or an email notification from your mobile carrier about an account change you didn’t make and, thirty minutes later, your cell phone has no signal, even after a reboot. You can’t log into your email. You’re locked out of your bank account.

In the past few years, security researchers and advanced persistent threat actors have demonstrated attacks on the BIOS, said Kayne McGladrey, IEEE member and director of security and IT at Seattle-based Pensar Development.

These rare attacks can provide a persistent and hidden bridgehead into an enterprise network, McGladrey said.

An organization that doesn’t understand or appreciate security won’t be able to adequately identify and prioritize risk, nor articulate its tolerance for those risks based on business goals and objectives, says Kayne McGladrey, director of security and IT for Pensar Development and a member of the professional association IEEE (The Institute of Electrical and Electronics Engineers).

“The CIO won’t see the business impact if there’s not a culture of risk mitigation,” McGladrey says. “A culture where security is seen as someone else’s problem will derail any conversation around security, so the biggest thing for CISOs is to make the conversation with CIOs around risk – not around technologies or shiny objects but around risks to the business.”

Sharing information about threats can help boost overall cybersecurity by alerting others to those risks, as well as providing successful ways to counteract them, said Kayne McGladrey, national cybersecurity expert, director of security and information technology for Pensar Development, and member of the Institute of Electrical and Electronics Engineers.

“They could actually see a reduction in those threats that are commodity threats — threats that are crimes of opportunity [vs. targeted attacks],” he said.