cybersecurity

“Bob Gourley emphasized that despite the dark topic of cyberthreats, we all leave with optimism. Carol Tang addressed the importance of continuous learning as part of a business leader’s proactive approach to mitigating risk and providing safety for customers. Kayne McGladrey emphasized the dual responsibility of today’s corporate decision makers with regard to cybersecurity: understand the complexity but act with transparency and specificity. It’s important to integrate cybersecurity awareness into the fabric of the organization, not sequester cybertrust solely within the domain of technology.”

“Few companies had a binder marked `global pandemic,’ but many had policies that called for annual DR testing that they didn’t enact,” said Kayne McGladrey, CISSP and cybersecurity expert. “Teams play how they train, but not having table-topped crisis communications, DR, or IR hurt their responses.”

People may aptly sum up 2020 in a single word: crisis. An inadequate response to the COVID-19 pandemic has led to the deaths of hundreds of thousands of people globally. The underlying data are more tragic, as the pandemic has disproportionately affected communities of color that have lived with the daily existing threats of shrinking economic mobility and racism. At the same time, both public and private organizations have struggled to mount an effective defense against cybercrime, which represents not only one of the largest transfers of wealth in human history but also threatens public trust in democracy and civil society. This article provides context and actionable steps to begin to dismantle the underpinnings of these long-standing crises; however, this article is not the solution. Only sustained action will lead to meaningful change.

“The SaaS vendor should be upfront about data sovereignty and optional localization,” McGladrey adds. “While this is particularly important for multinational organizations selecting SaaS solutions, those organizations bound to a single geography would likely want to avoid awkward situations, such as [personal information] for Americans being intentionally processed and stored in a foreign data center.”

“For some organizations, regulatory and legal risks associated with storing data will be at the top of the [risk] rankings,” says Kayne McGladrey (@kaynemcgladrey), IEEE member. “For others, the reputational damages associated with a data breach will claim the top spot.”

For years, security budgets seemed to go only one direction: up. As recently as February of this year, some 62% of organizations said they planned to increase their cybersecurity spending for 2020, according research by analyst firm ESG.

But that was then.

Like their C-suite peers, CISOs today are being asked to do more with less – and probably will be for some time, as the world continues in these uncertain economic times.

AI can also help improve retention rates by making entry-level cybersecurity jobs “less dull,” says Kayne McGladrey, CISO and CIO of Pensar and a member of the IEEE. “We get people out of school, and they are excited to be on the team. Then, on their first day, they’re handed a checklist: here’s the things you will do and the order in which you will do them.”

“Businesses and organizations would need to … educate their workforce on how to validate that a certificate was correct,” he says. “And there would need to be a substantial educational investment to combat the inevitable phishing campaigns that’d spring up, such as fake websites to collect personally identifiable information and fake security alerts associated with these digital certificates.”

As the world adjusts to a “new normal” of remote education and work, video conferencing services have surged in demand as people take to these platforms to connect digitally. Yet, these platforms are susceptible to a variety of intrusions that could lead to the theft of private and company data or inappropriately distracting calls and meetings that leave participants feeling they have no control. To protect your students, employees, families and yourself from these types of cyber disruptions, we asked IEEE Member Kayne McGladrey for cybersecurity tips for safe video conferencing.

Phishers want taxpayers’ refund money. “The emails may say that you must immediately file your taxes via e-File, using a link to a website that looks like the real IRS website,” says Kayne McGladrey, a member of IEEE and director of security and IT at Seattle-based product design and engineering firm Pensar Development; “Then the fraudsters file taxes on your behalf, but with a different mailing address for the refund check.”

“I think we’re going to have an unprecedented number of breaches being announced following the pandemic,” said Kayne McGladrey, member of the Institute of Electrical and Electronics Engineers.

Communications are critical for an organization when an incident occurs. Leadership must effectively share information with the workforce. For some organizations, this requires enacting the critical communications plan that has been drilled. For others, an incident is a disruption to the normal course of business, which is where business continuity planning demonstrates its value to the organization.