IoT security remains one of the most challenging security vulnerabilities to businesses and consumers,” says Kayne McGladrey (@kaynemcgladrey), Director of Information Security Services at Integral Partners. “The Mirai and Reaper botnets are results of threat actors leveraging poor security controls on IoT devices, building attack infrastructure out of those devices, and using that stolen infrastructure to attack organizations. Organizations purchasing IoT/IIoT devices should treat them the same as any other endpoint device connecting to the corporate network.”

Device location and user behavior can shed a lot more light on a login attempt, yet not all MFA solutions currently incorporate them, says McGladrey. If organizations switched to better access management systems, the cost to successfully infiltrate accounts would rise exponentially, barring “all but the best-funded nation-state actors and APTs.”

Migration is a transformative process, which means it needs the full backing of the C-suite. Kayne McGladrey, Director of Information Security Services for Integral Partners, LLC, says it is vital to offer “an effective presentation to the board about the benefits and challenges associated with
the migration, and it has to have a narrative. You have to find stories of success and failure inside
of your industry in order to present the full picture to the board.”

“There are many lessons that the enterprise will learn through piloting—whether it’s identified
security risks, user communication risks, or education risks—all of which provide future guidance,” says Kayne McGladrey, Director of Information Security Services for Integral Partners LLC. “By the time you get to the harder transition elements, including full infrastructure rollout, you’ve already sorted through the main issues, thanks to your pilot-based learning journey.”

“Administrative passwords — they're sort of interesting," McGladrey says. "If you can get an application’s password, that's what got us to the Panama Papers a few years ago, where the third-party attacker was able to compromise the WordPress password, which, because of poor password storage technologies, happened to be the same as their database password.

"All of a sudden we got — three terabytes or something like that; it was something absurd — of ex-filtrated client data. The prime minister of Iceland got in a little bit of trouble about that, as well as people like Jackie Chan, all because the organization didn't have a good mentality around rotating the passwords that were associated with apps. That problem transitions. It's not a technology problem. It's a cultural problem. And it transitions, regardless of environment.”

Cybersecurity is a game of cat and mouse. As a threat hunter, you're the cat. "This role is close to that of a field biologist, as the threat hunter observes their prey - third party attackers - in the wild," says Kayne McGladrey, director of information security services at Integral Partners, a cybersecurity firm whose specialty is identity and access management, and a member of the Institute of Electrical and Electronics Engineers. "Threat hunters set traps and snares that appeal to (cybercriminals) and lead to fake computers where the threat hunter can monitor an attacker's behavior before shutting down the breach."

“There are too few defenders to collect, process, and analyze the overwhelming amount of available data to produce threat intelligence,” McGladrey told HITInfrastruture.com. “The promise of machine learning is to allow computers to do what they do well, in automating the collection and processing of indicators of compromise, and analyzing those data against both known and emerging threats.”

The team at Aurora IT interviewed me for a feature-length podcast on cybersecurity. Listen to hear about third-party attacker tactics, managing cyber risk, multi-factor authentication, and why a lack of diversity is a threat to public safety.