“The monetization and weaponization of digital threats was comparably new when the critical infrastructure components that manage our modern world were being designed for reliability a decade or two ago,” said IEEE Senior Member Kayne McGladrey. McGladrey says that it’s time consuming to patch security flaws in many of these older components, some of which were designed to run uninterrupted for decades.
“We can anticipate that any nation-state with a propaganda department or agency is working to right-size their capabilities to spread disinformation.” It’s especially true, he adds, among nation-states with larger budgetary allocations since they can use automation and “office employees” to distribute the narratives.
The affirmative defenses combined with making strategic decisions based on published facts is a compelling reason for organizations to select and plan to adopt a framework before the start of the next budgetary year.
To further diversify, our field needs better to present the career options and benefits to young people. Most new people in cybersecurity quickly learn that this is a collaborative, team-oriented job. Not everyone needs to write code; there are project managers, analysts, trainers, consultants, and marketing professionals. Our jobs pay a middle-class salary and are generally recession-proof.
“This is a journey, not a one-and-done conversation,” he says. Make a habit of checking in with kids about what they saw on the internet that day, what they thought about it, and if they thought it was safe or not, and why. And you can’t outsource your parenting to a computer, so McGladrey cautions parents not to solely rely on controls and monitoring programs.
Kayne McGladrey, an advisory board member for the Technology Alliance Group NW, warns that these scams can be effective when highly targeted. He says the schemes work when supporting larger campaigns underway prior to any SMS outreach.
It is a matter of whether the threat actor has sufficient resources (both staffing and financial resources) and the motivation. The real question is about the likelihood of a threat: an always-on internet-connected medical device will have a very different threat profile than a medical device that requires direct physical access.
“The modern business has far more potential cybersecurity events to investigate than can be reasonably reviewed by people, and machine learning has the benefit of quickly focusing people’s attention on the signal, not the noise, so that organizations can rapidly respond to potential incidents before threat actors can establish persistence in an environment.” — Kayne McGladrey (@kaynemcgladrey), cybersecurity strategist at Ascent Solutions
“While the use of telehealth has surged during the COVID-19 pandemic, the data security and privacy concerns for both patients and healthcare providers have also increased, says cybersecurity strategist Kayne McGladrey”
“Tying data security to user identities is the easiest, lowest-effort way to modernize security for small to medium businesses,” says Kayne McGladrey (@kaynemcgladrey), cybersecurity strategist at Ascent Solutions (@meetascent). “Establishing data security based on user identity means that data remains secure regardless of storage location or medium.”
“If an organization learns that there is a vulnerability being actively exploited — or that a proof of concept for a vulnerability has been developed and is in the wild — they can accelerate patching the affected, vulnerable assets to reduce the likelihood of a successful attack.”
“The absolute best thing is getting up every day and knowing that you’re making a difference, and knowing that your actions are going to help people.”