Vigilance and Planning: Experts Share Their IT and Data Security Strategies

Kayne McGladrey (@kaynemcgladrey), security architect/strategy and GRC practice lead at Ascent Solutions, recommends following the Cybersecurity Maturity Model Certification 2.0, which was developed by the U.S. Department of Defense. It offers a framework that incorporates “Zero Trust tenets that will help companies maintain regulatory compliance and ensure that data are adequately protected against evolving threats from nation states and advanced persistent threats,” he says.

Denial of Service Attacks Expected To Get Bigger, Nastier

Denial of service attacks aren’t always top of mind for organizations dealing with cyber threats. Often, they’re seen as nuisance threats, said Kayne McGladrey, IEEE senior member and cybersecurity strategist at Ascent Solutions. When hit, companies can often just hire a mitigation vendor and block the attack traffic.

“And our politicians aren’t really talking about this,” he said. “They haven’t personally been affected by it.”

These kinds of attacks also don’t have the same kind of compliance implications as other types of cybersecurity incidents, he added. Data breaches, for example, have to be reported and remediated, both of which can be costly.

65 predictions about edtech, equity, and learning in 2022

Over the past year and a half, school administrators, teachers, and IT support staff and students themselves have been working in a complex threat environment. The pandemic and major increase in cyberattacks has resulted in closures for both in-person and online schools. While this will only continue into 2022, it will be importance for security and IT professionals that support schools to align their policies, procedures, and technical controls to a cybersecurity framework that fits the needs of their organization, such as the recently announced K-12 resources announced jointly by the FBI and CISA. Using a formal framework can help schools effectively identify and mitigate gaps in school security postures without substantial budget increases. Schools should also consider a quarterly exercise to re-audit their password stores, as the number of compromised passwords will only continue to increase in the year ahead. A password that was secure three months ago may have appeared in a data breach (especially since students and adults tend to use the same passwords for multiple accounts) and may no longer be a secure option. Although it’s hard to predict what’s to come for educational institutions moving forward and future of remote and hybrid learning is going to be uncertain, education professionals should expect to see threat actors continue to target schools that have not taken a proactive approach to cybersecurity and deployed the appropriate defenses.

Security in 2022 – Ransomware, APT groups and crypto exchanges pose key challenges

Adopting zero trust strategies are a potential solution to mitigate the challenges of ransomware, bulk intelligence data collection, and technical threats to cryptocurrency. As zero trust is predicated on a continuous authentication of user and device identities based on prior known-good behaviors, unusual events from previously unknown devices will be far less frequent and the telemetry far more obvious for investigation by blue teams.

Watch: Supply Chain Congestion: A Golden Opportunity for Hackers

Global supply chains have been under intense strain in recent months, a situation that has been made even worse by the growth of cyber attacks, especially in the form of ransomware. The transportation sector, which has been largely deregulated, needs to adopt recommendations by industry and government organizations for implementing measures that they might have overlooked in years. The price of failing to do so can be high, with ransomware attacks threatening to shut down critical logistics operations for days or even longer.

When More is Not Necessarily Better: The Impacts of Multiple Security Tools

“Organizational collaboration is difficult when different data protection tools perform similar functions, as it may be unclear how to allow a collaborator to access or modify data. Something as simple as data classification and labeling becomes overly complex and a nuisance to end users if they need to set a label in multiple locations, particularly when the labels are not consistent across tools.”

Key Security Challenges for Smart Offices and Their Solutions

“The future of work is not what we were collectively promised in the days before the pandemic. Despite being nearly two years into the global pandemic, organizations are still in the process of redefining how their offices should be used now and in the future, which has lead to a surge in the adoption of smart, digital technologies.”

Sinclair TV Stations Targeted in Weekend Ransomware Attack

Kayne McGladrey, an advisory board member for the Technology Alliance Group NW and cybersecurity strategist for the firm Ascent Solutions, says once the incident is resolved, Sinclair “should do an internal hot-wash” to identify lessons learned – allowing them to strengthen technical defenses and update/validate their incident response plan.