Trust among business stakeholders is a necessary component of digitally resilient cultures; without it, organizations will have a difficult time successfully shielding the customer data that nowadays is so critical for achieving business goals. The board needs to trust that senior management has a long-term view of cybersecurity, with a strategic road map and plans in place to adequately protect information assets and IT systems, regardless of where and how new threats emerge. The business units, the IT organization, and the cybersecurity team need to trust one another enough to get to a mutual agreement about how security protocols can be integrated into daily business processes without creating operational challenges and frustrations. Companies need to have faith that external partners—for instance, cloud vendors—are willing and able to protect shared data and infrastructure.
Businesses have to be more data driven even where there is significant competition for data scientists, PhDs, and quants. That mean most firms have to be creative and leverage technologies and practices that enable more people across the organization to perform analysis and deliver insights. Citizen data scienceprograms are a combination of technology, practices, and governance that enable business analysts in marketing, operations, finance, and other departments to self-serve the analytics they require to drive their organizations. Similarly, CIOs can leverage low code and citizen development platforms to enable departments to create the applications they need to drive collaboration and workflow. Between citizen data science programs and low code development platforms, CIOs can use IT resources on the most strategic projects and extend the boundaries of traditional IT to departmental technology practices.
Traditionally, the focus for cyber security was on using products or services that protected you from potential attacks or detected virus or malware. However now, especially within the current IT security landscape, this approach doesn't hold enough power. A cyber security strategy needs to first hone in on your company’s unique risk profile, considering what assets are of interest to hackers, and how and why they might seek to attack your business. From this position of knowledge, you’ll have a much more effective level of protection. Plus with small businesses, on the whole, having fairly limited budgets, this strategy will ensure you focus your time and energy on the products and services that work for you, and protect the data that you believe is most likely to get hit. This approach requires you to conduct a threat and risk analysis. From this, you’ll be able to create a profile of the current threats to your business and how attackers might gain access.
BitConnect has two months to prove “cause to the contrary” until the decision has been formally enforced, according to an official filing on the British Companies House website. Should the company fail to comply with these terms, the government agency will strike off its registration and seize its assets. “Upon dissolution all property and rights vested in, or held in trust for, the company are deemed to be bona vacantia, and accordingly will belong to the crown,” the document reads. Many have speculated that BitConnect likely stashes its funds abroad, though there is no evidence to back this up. ... While the notice makes no mention of the people behind the shifty Bitcoin investment platform, another filing reveals BitConnect was registered by a British man going by the name of Ken Fitzsimmons. According to the same filing, Fitzsimmons holds 75 percent or more of the shares in the company.
Whichever combination of frameworks the company decides to incorporate for its risk assessment, it is essential to relate the process back to the organisation’s unique operational structure and business objectives. One of the most important activities in preparing a comprehensive assessment is to conduct in-depth interviews with senior management, IT administrators and other stakeholders across the organisation. This will help to develop a much more realistic understanding of the organisation’s potential threats, likelihood of compromise and the impact of the loss, as well as relating everything back to its business priorities. It is also essential that the risk assessment is understood and supported at the highest level of the organisation. PwC’s survey found that only 44% of boards are actively participating in their security strategy.
“It is encouraging that IT professionals are understanding that it is a matter of when, not if, their organisation will be hit by a damaging cyber attack,” said John Carlin, chairman of Morrison & Foerster’s global risk and crisis management practice. “However, their level of confidence, when it comes to security, is inconsistent with what we see in practice. “The reality is that businesses are consistently failing to restrict access to sensitive information and are regularly experiencing issues such as data loss, data theft and extortion in the form of ransomware.” But Varonis CMO David Gibson said that while attackers are upping their game by using more sophisticated, blended attacks, valuable data remains vulnerable to attacks that require little to no sophistication, such as disgruntled employees snooping through overly accessible folders.
The survey found that a combination of top-down executive support, proper security tools and audits instil greater confidence in device visibility. 48pc of all respondents stated that improving awareness and visibility of IoT devices is a top priority for improving IoT security overall, and 82pc of respondents expect their IoT or OT security spend to increase over the next one to two years. “IoT and OT bring significant benefits to organisations around the world,” said a spokesperson at Forrester. “Enterprises are heading in the right direction when it comes to IoT security investments, and our hope is to bring greater awareness to both the challenges as well as the best practices. However, this survey brings to light that more is needed to be done around IoT security.”
This hack was not conducted in a laboratory, but on a 757 parked at the airport in Atlantic City, N.J. And the actual hack occurred over a year ago. We are only now hearing about it thanks to a keynote delivered by Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate. “We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” Hickey said in an article in Avionics Today. “[That] means I didn’t have anybody touching the airplane; I didn’t have an insider threat. I stood off using typical stuff that could get through security, and we were able to establish a presence on the systems of the aircraft.” While the details of the hack are classified, Hickey admitted that his team of industry experts and academics pulled it off by accessing the 757’s “radio frequency communications.”
Defense applications of artificial intelligence and robotics are nascent and recent Defense Science Board and Department of Defense documents speak to the challenges, gaps, and goals of incorporating autonomous systems into military operations. The key technical challenges include human-system collaboration, perception and understanding, manned and unmanned teaming, and test and evaluation. One of the primary gaps that needs to be addressed includes the testing and lifecycle maintenance of autonomous systems that learn and adapt. Military operations are soldier-centric and the goal of autonomous systems is not to replace the soldier, but to give him another tool in his arsenal that improves his survivability and mission effectiveness. Thus, autonomous system technology developments alone will not suffice.
The European Union’s General Data Protection Regulation (GDPR) goes into effect in May 2018, which means that any organization doing business in or with the EU has six months from this writing to comply with the strict new privacy law. The GDPR applies to any organization holding or processing personal data of E.U. citizens, and the penalties for noncompliance can be stiff: up to €20 million (about $24 million) or 4 percent of annual global turnover, whichever is greater. Organizations must be able to identify, protect, and manage all personally identifiable information (PII) of EU residents even if those organizations are not based in the EU. Some vendors are offering tools to help you prepare for and comply with the GDPR. What follows is a representative sample of tools to assess what you need to do for compliance, implement measures to meet requirements, and maintain compliance once you reach it.
Quote for the day:
"The role of leadership is to transform the complex situation into small pieces and prioritize them. -- Carlos Ghosn