Effective IT governance is the cornerstone of cybersecurity as it is about leadership: how leaders treat IT as a cost-center vs. as an enterprisewide strategic asset. Governance is made more complex for central banks and regulatory and complex supervisory authorities due to regulation, supervision and compliance. There are many global models, frameworks and standards that can be referenced for complete cybersecurity governance and management, but ultimately, a mature organization chooses its own preferred guidance. The US National Institute of Science and Technology (NIST) Cybersecurity Framework (CSF). the US Federal Financial Institutions Examinations Council (FFIEC) Cybersecurity Assessment Tool, the International Organization for Standardization (ISO) standard ISO 27000 and COBIT® are valuable resources for effective IT governance. These frameworks clearly describe roles and responsibilities of top management, importance of IT strategic alignment to achieve the enterprise objectives, importance of leadership and top management support to address IT and cybersecurity issues, importance of effective IT risk management, and proper reporting strategies.
As Hadari sees it, “The challenge is that most up-and-coming IT professionals are trained to be technology implementers and innovators, and so are ill equipped for the management aspects of the job,” something that he experienced personally. In his first few years as CIO, Hadari’s comfort zone was data, analytics, and statistics, and that was the lens he used to lead IT. ... Hadari encourages his team to use data, surveys, and conversations to understand the perceptions of IT, and the problems that create those perceptions. He finds that comparing how IT rates itself to how the business rates IT reveals a great deal about where IT needs to focus. “Collecting all of that information is not an easy process, but it is the beginning of change,” says Hadari. “It means that we can accept our challenges, bring them out into the open, and do something about them.” At Biogen, Hadari’s extended leadership team, which is one level below his senior IT leadership team, owns the strategy and plan for IT improvement. “They build it, execute on it, and own it,” he says.
Different employee segments will require different messaging. The IT group will benefit from different messaging than the sales group. Don’t make the mistake, though, of believing IT employees don’t need security awareness—they do. Security teams should take steps to understand employees’ current comprehension of security messaging and where gaps may exist. And, of course, security awareness marketers need to understand the social and behavioral drivers of employee actions. What’s important to them? What motivates them? What are they concerned about? You can then create messaging to address employees’ pain points or motivators—to give them some reason to act, or not act, based on what they hear and learn. ... Security is a journey and a conversation, not a destination and a directive. Thinking like a marketer and taking steps to segment, understand and effectively connect with employees based on their needs, interests and concerns can help to better engage the organization in its cybersecurity efforts.
Almost half of younger people in the tech sector have at some point felt uncomfortable at work because of their gender, ethnicity, background or neurodivergence. Young people not already in the sector claimed they’re not confident about how to make tech their career, with a number of misconceptions about what is involved in a tech career still acting as a deterrent. Almost 15% of the young people asked who were not already in the sector said they know nothing about tech careers, with 29% believing they don’t have the right qualifications for a job in the sector. Women have more doubts about the sector than men – 23% of women believe their maths and science skills aren’t up to scratch enough for a tech job, compared with 13% of men; and 19% of women doubt they’re smart enough for the sector, compared with 13% of men. ... Only 5% of young people said that a lack of ethnic diversity is a deterrent to pursuing a tech career, although this varies based on the ethnicity of the person asked, with the breakdown being: 9% of young people from mixed raced backgrounds, 10% of people from an Asian background, and almost 36% of people from a black background.
In the age of employee turnover and the Great Resignation, organizations in nearly every field are finding it more difficult than ever to attract and retain top talent. As a leader, you need to make talent development a personal priority to stay competitive in recruiting and keeping the best people. Have a solid plan and communicate it widely to both prospective recruits and current employees. A truly thoughtful talent developing program lets people know how much you value them. It strengthens talent in new directions. Employees want to know that their leader sees their potential, and it’s important to be intentional about recognizing and reinforcing the strengths of your people. A one-size-fits-all approach to talent development isn’t good enough—you need to design a program for each individual based on their strengths, their goals and the organization’s needs. When you strengthen your talent, you strengthen your leadership. It improves productivity. According to a recent Gallup study, helping your employees make full use of their employees skills and strengths, and providing them with opportunities for growth and improvement, can make them up to six times more productive.
Consider the millennial who felt stuck at a small company with no room for growth. Or the older generation of workers who thought they should retire early because the future was so uncertain and accepting a complete shift to digital felt daunting. For Gen Z, the prospect of never meeting managers or colleagues – because of virtual interviews and remote jobs – was foreign and left some without a sense of belonging. Not only were we physically absent from workspaces, but many of us also struggled mentally with the sudden, enormous changes to our daily routines and goals. It became a time of contemplation, where many professionals began reassessing their careers (and lives). And the realization for many? They felt stuck. What are your options if you want to take a big leap out of your current situation? How do you find motivation, especially after a couple of very stressful years outside of your control? What inspires you to take on a new challenge?
Lack of interest, patience, and time; change of profession and creative differences are some of the issues that push developers to close an open-source project. But the biggest reason why developers quit is that they drain out of energy. People like John Resig, creator of jQuery, and Ryan Dahl, creator of Node.js, too have most likely exited from their respective OSS project because they couldn’t keep up with the energy it demanded. Fakerjs’ Mark Squires’ sentiment was understandable. It’s very difficult to offer non-paid work for a long period of time and at a certain point an open-source project can become more hassle than it’s worth. It also depends, of course, on your motivations for developing open-source software, but more on that later. The best open-source projects are typically those that are maintained by developers who are compensated for their work on them and can maintain a work-life balance. Those who can devote their entire attention on enhancing them.
Social engineering was a driver for hacking over 20 years ago and, apparently, we still haven't moved away from it. Adding insult to injury, successful social engineering isn't restricted to non-technical organizations. It's very plausible that an unsavvy user in a backwater government department might fall for social engineering, for example, but much less so someone working at a leading tech firm – and we see that both Uber and Rockstar Games were impacted by social engineering. At some point, as a cybersecurity practitioner with the responsibility of educating your users and making them aware of the risks that they (and by extension the organization) are exposed to, you'd think that your colleagues would stop falling for what is literally the oldest trick in the hacking playbook. It's conceivable that users are not paying attention during training or are simply too busy with other things to remember what someone told them about what they can click on or not. However, social engineering attacks have so consistently been in the public news – not just cybersecurity news – that the excuse "I didn't know I shouldn't click email links" is getting harder and harder to accept.
For technology and compliance lawyer Jonathan Armstrong, the most significant driver of change in cyber insurance is demand for financial protection from litigation against organizations in the wake of cyber incidents. “We have seen that an attack or breach can be followed in the next day or so by lawyers claiming that they are investigating litigation against the company that has been hit.” This issue has been under the spotlight recently in the Lloyd v Google case in the UK. Richard Lloyd alleged that Google collected data from around 4 million iPhone users between 2011 and 2012 regarding their browsing habits without their knowledge or consent for commercial purposes, such as targeted advertising. He looked to bring representative action on behalf of all affected individuals against Google for compensation, which Google opposed. The UK Supreme Court sought to establish whether such a claim for a breach of data protection legislation can succeed without distinctive personal damage and if claimants can bring group action on behalf of unidentified individuals, including people who may not even be aware that they were affected.
When companies manage their product data efficiently, they can be flexible while launching their new products. With error-free product data of new items, brands can customise information as per the marketplace and the promotion period. PIM possesses high-quality product information that is scalable, and offers complete freedom to be deployed across any technology environment. Product data can be easily imported from various vendors in multiple file formats and mapped to a single point of truth. ... In the wake of technological advances, fluctuating consumer expectations, competitive pressures, and turbulent market dynamics, operational agility is vital to survive and succeed. Faster time-to-market is one of the parameters that determines business agility. To continuously deliver high-quality, novel, and faster services, companies need to deploy PIM, which enhances product information, and improves conversion rates and customer retention. Businesses can also make data-driven decisions and create joyous customer journeys with the available data.
Quote for the day:
"If you don't demonstrate leadership character, your skills and your results will be discounted, if not dismissed." -- Mark Miller