Three Preventative Measures for Cybersecurity Health-Care Disorders

ByKayne

The regulatory environment for health-care organizations places a high value on personal health information, writes Kayne McGladrey of Integral Partners. However, the dark web market value of PHI has cratered, according to cybersecurity firm Flashpoint. A PHI record that sold for an average of $75 to $100 in 2015 would net $0.50 to $1 in 2017, he writes.

IoT, Cloud, or Mobile: All Ripe for Exploit and Need Security’s Attention

ByKayne

IoT security remains one of the most challenging security vulnerabilities to businesses and consumers,” says Kayne McGladrey (@kaynemcgladrey), Director of Information Security Services at Integral Partners. “The Mirai and Reaper botnets are results of threat actors leveraging poor security controls on IoT devices, building attack infrastructure out of those devices, and using that stolen infrastructure to attack organizations. Organizations purchasing IoT/IIoT devices should treat them the same as any other endpoint device connecting to the corporate network.”

Passwords, Multi-Factor Authentication and Cybersecurity

ByKayne

Device location and user behavior can shed a lot more light on a login attempt, yet not all MFA solutions currently incorporate them, says McGladrey. If organizations switched to better access management systems, the cost to successfully infiltrate accounts would rise exponentially, barring “all but the best-funded nation-state actors and APTs.”

AT&T Cybersecurity Insights, Vol. 7

ByKayne

Migration is a transformative process, which means it needs the full backing of the C-suite. Kayne McGladrey, Director of Information Security Services for Integral Partners, LLC, says it is vital to offer “an effective presentation to the board about the benefits and challenges associated with
the migration, and it has to have a narrative. You have to find stories of success and failure inside
of your industry in order to present the full picture to the board.”

“There are many lessons that the enterprise will learn through piloting—whether it’s identified
security risks, user communication risks, or education risks—all of which provide future guidance,” says Kayne McGladrey, Director of Information Security Services for Integral Partners LLC. “By the time you get to the harder transition elements, including full infrastructure rollout, you’ve already sorted through the main issues, thanks to your pilot-based learning journey.”

Cybersecurity experts talk about the digital world

ByKayne

“Administrative passwords — they’re sort of interesting,” McGladrey says. “If you can get an application’s password, that’s what got us to the Panama Papers a few years ago, where the third-party attacker was able to compromise the WordPress password, which, because of poor password storage technologies, happened to be the same as their database password.

“All of a sudden we got — three terabytes or something like that; it was something absurd — of ex-filtrated client data. The prime minister of Iceland got in a little bit of trouble about that, as well as people like Jackie Chan, all because the organization didn’t have a good mentality around rotating the passwords that were associated with apps. That problem transitions. It’s not a technology problem. It’s a cultural problem. And it transitions, regardless of environment.”

USA Today: Cool cyber jobs

ByKayne

Cybersecurity is a game of cat and mouse. As a threat hunter, you’re the cat. “This role is close to that of a field biologist, as the threat hunter observes their prey – third party attackers – in the wild,” says Kayne McGladrey, director of information security services at Integral Partners, a cybersecurity firm whose specialty is identity and access management, and a member of the Institute of Electrical and Electronics Engineers. “Threat hunters set traps and snares that appeal to (cybercriminals) and lead to fake computers where the threat hunter can monitor an attacker’s behavior before shutting down the breach.”