5 areas IT leaders should be followers
Top executives tend to carry and have access to higher-value data. They also
tend to have the most relaxed attitudes toward mobile security, according to
MobileIron. Such executives find mobile security protocols frustrating,
limiting and confusing. Leadership and authority means that the c-suite has
the power to ignore security protocols -- using unsupported devices and apps
and skipping multi-factor authentication, to name just a few examples. But
this is a mistake, and a common one. Leadership doesn't confer expertise. It
simple means that your own personal mobile security tools and practices need
to be at least as strong as other employees, or you become the perfect target
-- easier to hack and more profitable to breach. ... Of course, every
organization has a different calculation to make on budgeting for
cybersecurity, taking into account existing infrastructure, number of
employees, the nature of the specific industry, the risks business impacts of
such spending and deployment. In a world where coronavirus crisis has forced
an acceleration of digital transformation, as well as other trends that
include remote work. The attack surface of the average organization has
suddenly increased. Both digital transformation and remote work increase cyber
risk.
Developing a Cloud Migration Framework
The processes that need addressing via cloud adoption may also sit in
different departments. A lack of institutional knowledge or documentation also
hinders proper assessment of a legacy application, applications suite, or
enterprise. These are tidbits your organization may not know off-hand. They
are the finding that can become known after a cloud migration team assesses
your cloud readiness. Your cloud migration team’s assessment may also find
other issues such as inadequate network bandwidth and the over-provisioning of
resources. Both problems can contribute to higher costs once your organization
is in the cloud. Having a joint solution provider and internal cloud migration
team lets you answer the challenging questions about your organization’s
actual state of cloud readiness. Team members from your development,
operations, and security teams need seats at the table. The full team’s
analyses and reports should help turn up where your enterprise excels or lags
in cloud support. Those answers come from meetings and interviews with your
organization’s business and application owners.
Digital Transformation: What Can Banks Learn From Other Sectors?
We’ve established that banks can profit by following the example of the big
tech companies when it comes to designing the technical architecture and
processes around digital transformation. But technology isn’t everything.
Successful digital transformation also has a strong human element. To see why
this is important, let’s look at a counterexample. Another fintech company
that has enjoyed rapid growth is Robinhood Markets, whose mobile app has made
it easy for a new generation of investors to start trading stocks, ETFs,
options and cryptocurrencies. However, in early March 2020, the Robinhood app
suffered a series of systemwide outages that prevented users from opening or
closing their positions. The cause of the problems was a technology failure.
In a subsequent blog post, the company’s founders noted that their
infrastructure couldn’t handle the combination of “highly volatile and
historic market conditions; record volume; and record account sign-ups.” But
the impact was human. When the app failed, there was no contact centre to act
as a backup for booking trades. The result? Many of Robinhood’s small
investors were helpless as the markets turned against their positions, or
unable to make trades to take advantage of opportunities they spotted during a
week when the coronavirus pandemic sparked a mass selloff.
How to future-proof CRM solutions for digital business
Louise Whitcombe, head of customer engagement at Ogilvy UK, explains that CRM
isn’t a magic bullet it’s an enabler. “The success of your business depends on
your business strategy and being consistently relevant to your customers. It
is the business model that drives the specification for the solution not the
other way around and this is where the challenge lies. As the speed at which
market change increases, so too must our ability as organisations to adapt to
it,” she says. Instead, Whitcombe believes that businesses need a “CRM
ecosystem that has the ability to cope with the demands of business models
that increasingly need to adapt to the changing consumer world around them.”
Luckily, she points out that the current tech map shows the marketplace is
absolutely teaming with shiny new solutions to businesses CRM challenges.
However, she warns that this myriad of opportunity can sometimes feel like a
minefield of choice making it tricky to offset and balance CapEx and OpEx
costs with the ROI and capabilities of differing solutions.
7 Tips for Effective Deception
Deception is an interesting and very old concept that has become quite popular
over the past few years says Tony Cole, CTO of Attivo Networks. "Deception can
work on almost any place in an enterprise where potential compromises can take
place," he says, adding it is especially useful where endpoint protection and
endpoint detection and response tools may have gaps in protection. "For
instance, when an endpoint is comprised and the adversary uses it to query
Active Directory, you can provide false information back to the adversary
without ever impacting the production environment." Rick Moy, chief marketing
officer at Acalvio, points to three main use cases for deception: to add an
additional layer of protection in mission-critical environments, to shore up
detection capabilities in areas with known security weaknesses, and to lure
out adversaries hiding in a sea of security information and event management
(SIEM) alerts. "Deploying attractive lures and decoys amid the various network
segments works much like the proverbial cheese or peanut butter in a mousetrap
that's strategically placed along the kitchen baseboards," Moy says. Here,
according to Moy and others, are seven best practices for using deception to
detect threats quickly.
Robotics in business: Everything humans need to know
IDC found that spending on robotics hit $135.4 billion in 2019, up from $71
billion two years earlier. According to the report, services such as training,
deployment, integration, and consulting will account for $32 billion of that,
which accounts for a lot of new jobs. Even the oft-cited PWC report isn't all
doom and gloom. Robots increase productivity, and productivity gains tend to
generate wealth. Historically, that's led to an increase in service sector
jobs, which aren't easy to automate. There are plenty of holes to poke in the
methodology of all these reports. And that's the point: An accurate method for
predicting how technologies will change the future is elusive -- and that's
especially true when the technologies under consideration will fundamentally
alter the economic paradigm. In the broad wake of that uncertainty, you have
Ray Kurzweil predicting utopia and author Martin Ford predicting something
much bleaker. Ultimately, the PWC report comes to what may be the most
sensible, albeit frustratingly vague, conclusion. It's not really clear what's
going to happen. Average pre-tax incomes should rise with increases in
productivity. But the benefits won't be spread evenly across income or
education groups.
The Cyberthreat You Didn't Even Know Was Out There
Cybercrime has become today's fastest-growing form of criminal activity.
Cybersecurity Ventures predicted that cybercrime will become "more profitable
than the global trade of all major illegal drugs combined" and "cost the world
$6 trillion annually by 2021." While the majority of attacks continue to be
aimed at small to mid-sized businesses with less sophisticated IT
infrastructure, organizations that collect massive amounts of sensitive data
will always be natural targets and "white whale" prizes for cybercriminals.
Chasing such an enticing payday means hackers are willing to launch thousands,
maybe even hundreds of thousands, of digital attacks. Only one of them needs
to connect in order to unlock scores of lucrative personal information. That
means companies that handle our most sensitive data must level up their
security beyond that of other high-profile or large organizations in order to
ensure this precious data is safeguarded against a constant barrage of
threats. The good news is that modern IT infrastructure and security and
identity tools are more powerful and sophisticated than ever to stymie
malicious access attempts — but only if we are proactive about staying one
step ahead of security threats.
European Bank Targeted in Massive Packet-Based DDoS Attack
In the bank incident, the attackers used a packet per second, or PPS, method
instead of the more commonly used bits per second, or BPS, method. In the BPS
approach, the attacker's goal is to overwhelm the inbound internet pipeline,
sending more traffic to a circuit than it's designed to handle, according to
the report. Akamai believes the attackers went with a PPS attack to overwhelm
the target's DDoS mitigation systems via a high PPS load. A PPS attack is
designed to overwhelm a network's gear and applications in the customer's data
center or cloud environment, the report notes. A PPS attack exhausts the
resources of the gear, rather than the capability of the circuits - as in a
BPS attack. "One way to think about the difference in DDoS attack types is to
imagine a grocery store checkout," Emmons explains. "A high-bandwidth attack,
measured in bps, is like a thousand people showing up in line, each one with a
full cart ready to check out. However, a PPS-based attack is more like a
million people showing up, each to buy a pack of gum. In both cases, the final
result is a service or network that cannot handle the traffic thrown at it."
How enterprises need to rethink business continuity planning
Corporate culture is another important but often overlooked element of
business resiliency. Before COVID-19, remote work was already rising in
popularity as more digitally savvy millennials and Gen-Zers entered the
workforce. But there was still a deeply ingrained preference among corporate
leaders to have most workers physically present in corporate facilities. Some
believe employees lose creativity and productivity when working from home,
analysts say. Others think it's just human nature to slack a bit when not
under the watchful eye of management. Neither sentiment is necessarily
validated by statistics (the opposite may actually be true). And if
enterprises are to going to evolve and enable more remote workers, their
cultures will also need to adjust to make way for that, analysts say. "We've
always had a lot of societal and cultural resistance to remote work where
management just felt that if it didn't see you, it couldn't be confident you
were doing your job," says Grossner. "But when COVID-19 hit, guess what? All
of a sudden, everyone is working from home, and we find out the model actually
can work. A big cultural barrier now seems to be permanently lifting. I don't
know if we'll ever go back to that old way of thinking, and future continuity
planning should not allow it.
How IT Pros Can Lead the Fight for Data Ethics
A key challenge lies in the many ways IT teams must determine and respond to
data ethics within the technical specification of a given system. Examining how
data is processed helps to surface the norms at risk. The decision from Amazon,
IBM, and Microsoft to halt the availability of their facial recognition AI
software to police departments is an example. The decision is partly a response
to police brutality protests in the wake of the police killings of George Floyd,
Tony McDade, Breonna Taylor, and other Black people across the country. It is
also a response to raised questions regarding regulating surveillance tech and
negative bias of face recognition involving people of color. So how can IT best
lead the ethics fight? Establishing an observability process within given DataOp
and AIOps initiatives can help. Observability is a collection of processes to
monitor and analyze data within a system. The purpose of observability is to
assist developers and operators in understanding issues that appear within
distributed systems. Observability reveals critical paths, reducing development
time to remove errors and programmatic bugs. The issues associated with those
errors and bugs can lead to ethical breaches
Quote for the day:
No comments:
Post a Comment