Core systems strategy for banks
There are two main options (with a few variations) for banks that conclude
that they need to replace their core banking system: a traditional enterprise
core banking system (self-hosted or as a utility) and a next-generation
cloud-based core banking system. Most current implementations are still
of the traditional variety. But we are seeing an increase in banks of all
sizes putting off traditional core implementations with the aim of
experimenting with next-gen systems. There is some evidence to suggest
that banks will try and shift en masse to a cloud-based microservice
architecture in the next few years. The core method of communication between
machines will be APIs. Armed with a micro-service based architecture, the new
core banking applications will become core enablers of the shift to this
architecture. Traditional core banking providers have become aware of the need
and potential inherent in a cloud-based microservice architecture; banking
leaders should keep a close watch on developments here. We also expect to see
some M&A activity between traditional and next-gen core banking system
providers.
Cybersecurity In The M&A Process: A CISO's Strategy
IT departments and information security professionals are traditionally not
included in the discussions leading into a merger or acquisition and are
usually not given the liberty to conduct their own assessments prior to
M&A execution. This can lead to a dramatic increase in cyber risks or,
even worse, inheriting compromised networks. With the rapid scaling of
organizations in the world of M&A, it can become exponentially more
difficult to control cybersecurity risks when information security departments
are already struggling to keep attackers at bay with the limited personnel and
resources they have. However, there are strategies that can help get
information security professionals into business conversations regarding
M&As. If the cards are played correctly, this can lead to positive
financial and cybersecurity outcomes. Develop a proactive plan within your
organization to leverage cybersecurity as a tool at the negotiation table for
the M&A process. The equation is simple: If your organization inherits a
compromised network or an organization that has a poor security posture, this
will cost you extra dollars that are unseen through the lens of traditional
M&A cost calculations.
North Korean state hackers reportedly planning COVID-19 phishing campaign targeting 5M across six nations
SingCERT confirmed it received "information regarding a potential phishing
campaign" and, in response, posted an advisory on its website Friday. It said
there were "always" ongoing phishing attempts by various cybercriminals that
used different themes and baits and spoofed different entities. This tactic
remained a common and effective technique used to gain access to individuals'
accounts, deliver malware, or trick victims into revealing confidential data,
said SingCERT, which sits under Cyber Security Agency (CSA). ZDNet asked the
government agency several questions including whether there had been a
database breach and what tools the Manpower Ministry had adopted to prevent
their email accounts from spoofing attacks. It did not respond
specifically to any of the questions and, instead, issued a response that
confirmed CSA had reached out to relevant parties to notify them about the
potential phishing campaign. "Opportunistic cybercriminals have been using the
COVID-19 situation to conduct malicious cyber activities and with the
increasing reliance on the internet during this period, it is important to be
vigilant," the agency said
CIA Finds It Failed to Secure Its Own Systems
The report calls out the CIA's Center for Cyber Intelligence for not
prioritizing internal cybersecurity and focusing, instead, on developing
offensive cyber weapons. This lax attitude toward preventive cybersecurity
measures within the CIA continued even after previous high-profile data
breaches of the agency and other intelligence departments, the report states.
On Tuesday, Wyden wrote to John Ratcliffe, the director of national
intelligence, demanding to know if the U.S. intelligence community planned to
implement better cybersecurity practices and questioning why the CIA did not
do more to protect its internal security operations from both outside attacks
and internal threats. "The lax cybersecurity practices documented in the CIA's
WikiLeaks Task Force report do not appear to be limited to just one part of
the intelligence community," Wyden writes. "The Office of the Inspector
General of the Intelligence Community revealed in a public summary of a report
it published last year that it found a number of deficiencies in the
intelligence community's cybersecurity practices."
Cyber Security Careers Germany – Finding New Roles in a Burgeoning Sector
From machine learning to autonomous response, cyber security is a burgeoning
space and this is creating opportunities across Germany, from Berlin and
Frankfurt to Cologne, Munich and Hamburg. Whether local markets are largely
comprised of businesses still in lockdown or those that have returned to
socially distanced office environments, Glocomms Germany expert consultants
are able to ensure that organisations are able to meet their recruitment needs
and individuals can begin planning career-defining moves. As the business
world continues to adapt to the impact of COVID-19 on networks and systems,
cyber security remains at the top of the agenda across sectors. Luis Rolim,
Chief Marketing Officer at Glocomms commented "As the world emerges from the
COVID-19 pandemic, Glocomms remains at the forefront of delivering quality
talent to the technology sector. We're in this together and we look forward to
helping businesses across Germany with their recruitment and talent
acquisition." Glocomms Germany is part of the Phaidon International group and
is a trusted recruitment partner in Europe and beyond.
What is emotion AI and why should you care?
One of the areas of emotion AI is sentiment analysis, a field that has existed
since at least the early 2000s. Sentiment analysis is usually conducted on
textual data, be it emails, chats, social media posts, or survey responses. It
uses NLP, computational linguistics, and text analytics to infer positive or
negative attitudes (aka “orientation”) of the text writer: Do they say good or
bad things about your brand and your products or services? The obvious
applications of sentiment analysis have been brand/reputation management
(especially on social media), recommender systems, content-based filtering,
semantic search, and understating user/consumer opinions, and the need to
inform product design, triaging customer complaints, etc. Several of the
conference presentations were devoted to this topic, which, despite all the
recent progress in NLP and related fields, is still hard. Not least because
there is little agreement among researchers on even what constitutes basic
human emotions and how many of them are there, said Bing Liu, Professor of
Computer Science at the University of Illinois at Chicago. Emotions are also
notoriously hard to identify and code (label), since they are ambiguous,
shifting, overlapping, and adjacent. For example, one can feel anger, sadness,
and disgust at the same time. Moreover, emotions are not always easy to pin
down.
Security surprise: Four zero-days spotted in attacks on researchers' fake networks
To examine the security threats to industrial systems, the researchers used a
network of 120 high-interaction honeypots – fake industrial infrastructure –
in 22 countries to mimic programmable logic controllers and remote terminal
units. Over a period of 13 months, there were 80,000 interactions with the
honeypots – mostly scans – and nine interactions that made malicious use of an
industrial protocol. While that might sound like a small number, four of the
nine interactions also featured previously unknown attacks, or zero-days, one
being the first use of a previously identified proof-of-concept attack in the
wild. The attack types include denial-of-service and command-replay
attacks. These vulnerabilities and associated exploits were disclosed to the
device manufacturers. "While the yield was small, the impact was high, as
these were skilled, targeted exploits previously unknown to the ICS
community," the researchers said. The research was presented at a NATO-backed
cybersecurity conference.
Revised DOJ compliance guidance offers risk-management lessons for cybersecurity leaders
“One of the reasons the DOJ puts this out is to help compliance officers and
security teams and people who are worried about bribery and corruption to
ensure that the board and leadership give enough attention to these issues and
properly fund them to mitigate risk,” Penman says. Regardless of whether civil
or criminal litigation is involved, the kind of guidance DOJ puts out is
devoured by compliance officers across all organizations, Penman says, and
when it comes to compliance, cybersecurity is top of mind for those
executives. “We’re just about to publish results of the survey of around 1,400
compliance officers. The highest priority or concern for risk compliance
programs in that survey was enhancing data privacy and cybersecurity and data
protection.” Compliance programs are more critical than ever given the
COVID-19 crisis, Alison Furneaux, vice president of marketing for
cybersecurity compliance management company CyberSaint, tells CSO. “The attack
surface has expanded dramatically. Organizations are being forced to innovate.
They’re being forced to put into place processes that they didn’t have before.
They’re being forced to document and prepare for audits in a much more
proficient way.”
The Difference Between Enterprise Architecture and Solutions Architecture
Perhaps it’s misleading to use “versus” to describe the difference between
enterprise architecture and solutions architecture. They are very much
collaborators in the organization and should not be looked at as competitive
in terms of which provides more value. A better way of highlighting the
difference between the two is through their focus on strategy vs. technology.
A focus on strategy implies a broad understanding of the mechanics of any
given technology. This is because there is a lot more to strategy than just
the technology needed to implement it. A skewed focus on technology would mean
that the processes, people and other variables required to inform strategy are
ignored. Conversely, a focus on technology is necessary to ensure
implementations and operations can run smoothly. By its nature, it is more “in
the weeds” and so the necessary holistic perspective of the organization can
be harder to understand and/or account for. With their holistic view of the
organization, enterprise architects take on the strategy. They then use their
strategic planning perspective to inform and delegate to solutions architects.
Police ties to Ring home surveillance come under scrutiny
The idea of cameras in police investigations isn’t new. Grainy black-and-white
footage has been used for surveillance for years. But newer products that cost
as little as $100 and connect with a cellphone make the market much more
accessible. And the more people have the cameras, the more appealing their
potential becomes for police and government officials. More localities are
joining the registry trend. At least 75 police departments and municipalities
in 21 states announced programs since 2018, according to a Stateline review.
“I do think for law enforcement it’s easy to understand the appeal,” said Lior
Strahilevitz, a professor at the University of Chicago’s Law School. “There
are a lot of instances where if only there had been a bystander on that corner
at that time, the crime could have been solved.” The registries come in a
variety of forms — some a simple spreadsheet, others a more sophisticated
account with vendors such as a Motorola-run program called CityProtect. (A
Motorola spokeswoman declined to give a specific number but said “hundreds” of
police agencies use its CityProtect service for registering cameras and/or
reporting crime.) The registries can include any kind of camera from Ring to
Nest to lesser known brands.
Quote for the day:
No comments:
Post a Comment