July 28, 2016

CISO challenges: Addressing cybersecurity blind spots

"We had one of our clients tell us 'A layer in our SAP system was not being taken care of that included managing roles, profiles, authorizations and permissions tied to business functions'," said Juan Perez-Etchegoyen, CTO at Onapsis, a cybersecurity firm based in Boston that focuses on SAP software. "SAP is so complex that the landscape is hard to control. The security of business-critical apps tends to be outdated and misconfigured. It often takes 18 months for SAP to fix the vulnerabilities uncovered in the market." Members of the CISO panel at RSA Conference also recommended that when it comes to application security, make sure interactions are taking place from within the apps and not through a service behind the scenes.


How predictive analytics discovers a data breach before it happens

The traditional approach to fighting cyberattacks involves gathering data about malware, data breaches, phishing campaigns, etc., and extracting relevant data into signatures, i.e. the digital fingerprint of the attack. These signatures will then be compared against files, network traffic and emails that flow in and out of a corporate network in order to detect potential threats. While signature-based solutions will continue to remain a prevalent form of protection, they do not suffice to deal with the advanced and increasingly sophisticated cybercriminals who threaten organizations. “In the past decade or so, the landscape of cyber security threats has changed dramatically,” explains Amir Orad, CEO of analytics company Sisense.


Millennials & Fintech: A Different Kind of Trust

Fraud and identity theft are more likely to occur when people overshare information or are not diligent about securing personal details that can be used to determine passwords and answer security questions. Younger people are also more apt to use new applications before a reputation and a basis of trust can be formed. Because of Know Your Customer (KYC) regulations, financial applications must ask for information such as social security numbers, birthdates, and credit card numbers, and there is always a risk this information will be used for purposes other than what they were intended for. As millennials look for new and innovative technical solutions to manage their investment portfolios, they need to always be wary about the security of their information and their money.


Information Security - Reducing Complexity

he complexity makes the detection of a compromise difficult. Having to handle and correlating large volume of logs from different devices and that too different vendors will always be a challenge and this makes timely and accurate detection a remote possibility. A successful counter measure require accurate detection in the pre-infection or at least in the infection stage. The later it is detected, it is complex to counter the same. ... Complexity is certainly bad and reducing complexity will beneficial both in terms of cost and otherwise. However, simplification by any means should not result in compromising the needed detection and protection abilities. A balanced approach is necessary so that the risk, cost and complexity are well balanced and beneficial to the organization.


The Power of Big Data in Strategic Planning

As with any new business tool, adopting big data necessitates change throughout an organization. After all, with so many new processes, and so much more information to take into account, employees and leaders have to revamp their current strategies to take advantage of the benefits that big data has to offer. Those businesses that have been the most successful with their big data deployments are those that have embraced these changes, transforming their organizations so that the insights gained through big data analysis can actually make a difference by becoming actionable. However, such a transformation can only take place when all stakeholders in the company are committed to data-driven decision-making.


How To Attract A Board-Level Cyber Security Expert

It’s no surprise that “board candidates are getting quite picky,” says Mike Dickstein, a consultant in the technology practice at Spencer Stuart. ... “They know that joining a board as ‘the cybersecurity expert’ puts them in a unique position at least for reputational risk if something were to happen at that company from a cybersecurity standpoint,” Dickstein says. “They want to make sure that they’re not being set up as the fall guy, that the company has a true commitment by the board and the management team toward managing security, that leadership has a clear and consistent understanding of the risk relative to that business, and that cybersecurity is going to be appropriately funded and resourced. If they don’t see those things in place,” they may not want to risk their reputation on the company, he says.


Intel slated to show off its version of the HoloLens next month

The smart glasses give a fascinating clue into Intel’s AR strategy. Augmented reality blends real and virtual worlds, and can be used to build 3D objects, chat on Skype, or even play 3D games with the real world as a background. Intel’s Remote EyeSight could enable interactive remote communication on smart glasses, kind of like having Skype on a wearable. That could promote freedom of movement and communication, and blend in real and virtual world scenes into video chats. In the enterprise, it could be used in areas like repair, medicine, and education. Bulky headsets like Microsoft HoloLens restrict movement, a problem Intel’s smart glasses could alleviate if they are the right size. But like Google Glass, they may not be welcome in areas like bars and restaurants, so they could be limited to use in specific areas.


New US cybersecurity plan makes it easier for businesses to get help after an attack

In terms of specific efforts involved, the directive listed three lines of effort that must happen concurrently: threat response, asset response, and intelligence support and related activities. If the victim if a federal agency, an additional line of effort will be enacted to keep operations running smoothly. To coordinate efforts against significant cyber incidents, a Cyber Unified Coordination Group (UCG) will be formed to facilitate the responses among federal agencies. Threat response for significant cyber incidents will be handled by "the Department of Justice, acting through the Federal Bureau of Investigation and the National Cyber Investigative Joint Task Force." Asset response will be handled by the "Department of Homeland Security, acting through the National Cybersecurity and Communications Integration Center,"


Innovating Bnk Compliance: The Real Benefits Of Artificial Intelligence

AI can solve this problem by creating domain-centric models that replicate the “real world” of banking and regulatory compliance. The advantage of AI systems is that they are able to perform tasks that normally require human intelligence, such as pattern recognition and even lower-level decision-making.  Importantly, AI enables the creation of “learning systems” that can become more expert with each subsequent investigation. AI does not replace human intelligence, but it can perform lower-level knowledge functions efficiently, enabling team members to save their time and effort for higher-level decision-making.  While this example has focused on AML compliance, AI systems have applications for other compliance areas, such as KYC, insider trading monitoring and Basel III liquidity solutions.


Growing Agile… Not Scaling!

I like to use the term growing agility, rather than “scaling” because connects better with the fact that developing agility within an organization has more to do with an organic system, rather than with a mechanical one. If culture eats strategy for breakfast, then we have to recognize that the way towards agility, requires addressing culture and mindset as first class citizens. Over the past years, I have came to particularly appreciate the impact of culture on the effectiveness with which human systems operate. So growing agile, means both focusing on culture, and on co-evolution of practices and tools. In every high performing environment I had the pleasure to work, people were having control of values, principles, practices and tools



Quote for the day:


"When data lacks high quality, it is useless regardless of the supporting ERP system in place." -- Marianne Bradford