cybersecurity

Financial institutions can avoid becoming the next victim of a costly cyberattack by leveraging automation and existing legislation. Automation can help to mitigate risk when handling personal client information by storing records efficiently and securely, Kayne McGladrey, field chief information security officer at Hyperproof, told Bank Automation News. “If you don’t automate, that has a cost, because now people are spending their time doing control testing,” he said. “The organizations that recognize that are going to probably spend a lot less time on compliance and have a happier team, because they’re not doing routine stuff that they should have automated.”

The updates to Noberus are concerning but expected. “This is the new normal. Criminal groups will continue to reinvest part of their profits in research and development to drive the innovation cycle of development and distribution of their unwanted products,” says Kayne McGladrey, field CISO at Hyperproof.

“Choosing the right GRC platform is hard, but knowing what’s most important for you and your organization is key to choosing the right one. Ultimately, what matters most is that you find a platform with all the features listed above that will enable your team to maintain compliance without the headache of manual processes or inflexible legacy solutions.”

Schools also contend with risk born of constant user shifts in the student population. This puts schools in an unusual and unenviable position, Kayne McGladrey, field CISO at Hyperproof, said via email. “Being able to apply real-time policies based on user and device behavior via zero-trust networking becomes critical in this environment,” McGladrey said. Absent these tools, strategies and adequate staff, schools will remain a frequent target for cybercriminals. They could also, at the very least, give schools the confidence needed to refuse ransom demands.

Another issue associated with connected vehicles is around the data they collect and transmit. ”We have seen nation states that want to conduct surveillance, whether on their own domestic population or on foreign populations, use telemetry from hotels, airports, and rental car carriers to determine where individuals are moving,” notes McGladrey. “If it is possible for a dedicated adversary to subvert that communications channel—either directly with a vehicle or by gaining a foothold inside of some telemetry aggregator service, probably the manufacturer—all of a sudden they can know where people are going within in a few feet. If you can associate a user’s identity with their vehicle or location, you have a high degree of fidelity to conduct attacks.”

“This means those organizations facing advanced persistent threats (from nation-states, in particular) now have guidance on how to select quantum-resistant encryption for their highest-secrecy data moving forward,” said Kayne McGladrey, IEEE senior member.

To reduce the risks of an accidental or intentional cybersecurity incident, companies must deploy an effective data loss prevention and associated data retention strategy across endpoints and data storage locations, including cloud services, noted Kayne McGladrey (@kaynemcgladrey), Security Architect at Ascent Solutions LLC.

“Many data breaches would have been less extensive and severe if organizations had automated data disposition schedules, as threat actors cannot steal what companies are not storing,” he continued. “Data covered by one or more regulatory or statutory requirements should be automatically labeled where possible so that controls (like encryption) follow the data regardless of storage location.”

“Cybersecurity remains a clear path to a middle-class salary for people with a two-year degree, a relevant certification to overcome gatekeeping by HR departments, a desire to help protect one’s friends and community, and a willingness to continuously learn as part of a team,” he tells Fortune.

Save the date for a very special “The CISO Experience” hosted by myself with our star guest Kayne McGladrey taking a Macro Economic view of the industry. Kayne McGladrey, CISSP is the cybersecurity strategist for Ascent Solutions and a senior member of the @IEEE. He has over two decades of experience in cybersecurity and has served as a CISO and advisory board member, and focuses on the policy, social, and economic effects of cybersecurity lapses to individuals, companies, and the nation.

Very honoured to have Kayne as a speaker where we will be discussing a variety of topics including:

• Industry hiring practises

• Gatekeeping

• Burnout

• Followed by a LIVE Q and A for the audience to participate

“As a result, those companies with solutions and products in the cybersecurity industry are heavily reinvesting their profits into research and development of artificial intelligence-based solutions intended to automatically detect and remediate actions from these increasingly well-funded adversaries,” McGladrey tells Fortune. “This cycle will continue so long as it remains profitable for cybercrime actors, barring remarkable changes in how companies prioritize and address their cyber risks.”

“We already have security challenges that we haven’t been able to adequately address,” said Kayne McGladrey, IEEE Senior Member. “The metaverse is likely to inherit these challenges – for example, phishing and theft of credentials has, unsurprisingly, carried over to the metaverse. We’ve seen NFT and cryptocurrency scams, too, in the metaverse.”

Kayne McGladrey (@kaynemcgladrey), security architect at Ascent Solutions LLC, said that providing secure access to corporate data for employees regardless of the location of either the employees or the data is still the biggest concern for companies with a hybrid workforce. “Solving this is the core of a Zero Trust strategy, he added. “Zero Trust is now the foundation of modern defensive architectures that companies should use to reduce the material risks associated with legitimate threats.”