EPISODE · Apr 12, 2021 · 21 MIN
Episode 29: Jill Cagliostro on When Cyber-Crime Hits Close to Home, with Steven Sacks
from CPA Trendlines Podcasts · host CPA Trendlines
With cyber-crime growing by leaps and bounds, accountants are caught in the cross-hairs, cyber-security professional Jill Cagliostro tells Steven Sacks for CPA Trendlines.Cagliostro, senior product manager with Splunk, a data management and security company, says “cybercriminals are getting more advanced. They’re finding new avenues and new ways to get in every single day.”“And beyond that,” she says, “they’re also communicating with each other. So they’re able to share these new tactics and techniques amongst each other to become more proficient together.”Key Takeaways-- Bad actors are communicating in places like the dark web and in forums to share their ideas and to plan to breach private and government entities.-- Third-party vendors must go through security questionnaires before they are onboarded as a partner with a private entity.-- The questionnaires are employed to ensure that the third-party vendor has the necessary security mechanisms in place, such as two-factor authentication, encryption, and comprehensive policies that must be followed.-- There are key metrics to use to assess the risk of cyberattacks. KPIs that indicate how secure something is or how good the security team is doing at protecting the organization can be difficult.-- Clients are looking for different KPIs that they can show the level of success that they’ve had with identifying threats in their environment.-- Companies that experience security breaches will find it more difficult to attract future security talent because security professionals will not want to have on their resume companies that were victimized by a security breach as it will imply that they allowed a breach to occur.-- The most common way that companies get hacked is through phishing emails, which doesn’t always go to the executives. Security should really not just inform technology decisions, but business decisions as well.-- One of the best ways the IT team and security teams monitor for behaviors is by tracking activity on employees’ work computers. By connecting to a corporate VPN allows the IT and security teams to see what is going on internally.-- In addition to external threats, there are internal threats that could be very costly. Company employees can have access to trade secrets, confidential information, and insider trading information.-- There are a couple of different ways to monitor this behavior using data-loss prevention tools that can monitor files going in and out of a company’s network.Full transcript and video here: https://cpatrendlines.com/2021/04/11/fighting-cyber-crime-starts-close-to-home/
What this episode covers
With cyber-crime growing by leaps and bounds, accountants are caught in the cross-hairs, cyber-security professional Jill Cagliostro tells Steven Sacks for CPA Trendlines. Cagliostro, senior product manager with Splunk, a data management and security company, says “cybercriminals are getting more advanced. They’re finding new avenues and new ways to get in every single day.” “And beyond that,” she says, “they’re also communicating with each other. So they’re able to share these new tactics and techniques amongst each other to become more proficient together.” Key Takeaways -- Bad actors are communicating in places like the dark web and in forums to share their ideas and to plan to breach private and government entities. -- Third-party vendors must go through security questionnaires before they are onboarded as a partner with a private entity. -- The questionnaires are employed to ensure that the third-party vendor has the necessary security mechanisms in place, such as two-factor authentication, encryption, and comprehensive policies that must be followed. -- There are key metrics to use to assess the risk of cyberattacks. KPIs that indicate how secure something is or how good the security team is doing at protecting the organization can be difficult. -- Clients are looking for different KPIs that they can show the level of success that they’ve had with identifying threats in their environment. -- Companies that experience security breaches will find it more difficult to attract future security talent because security professionals will not want to have on their resume companies that were victimized by a security breach as it will imply that they allowed a breach to occur. -- The most common way that companies get hacked is through phishing emails, which doesn’t always go to the executives. Security should really not just inform technology decisions, but business decisions as well. -- One of the best ways the IT team and security teams monitor for behaviors is by tracking activity on employees’ work computers. By connecting to a corporate VPN allows the IT and security teams to see what is going on internally. -- In addition to external threats, there are internal threats that could be very costly. Company employees can have access to trade secrets, confidential information, and insider trading information. -- There are a couple of different ways to monitor this behavior using data-loss prevention tools that can monitor files going in and out of a company’s network. Full transcript and video here: https://cpatrendlines.com/2021/04/11/fighting-cyber-crime-starts-close-to-home/
NOW PLAYING
Episode 29: Jill Cagliostro on When Cyber-Crime Hits Close to Home, with Steven Sacks
No transcript for this episode yet
Similar Episodes
Jun 15, 2022 ·8m
May 25, 2022 ·20m
May 19, 2022 ·16m
May 15, 2022 ·34m
May 12, 2022 ·1m