Engaging Employees to Accelerate Digital Banking Transformation
Many financial institutions are investing heavily in new technologies and
processes to support their digital banking transformation goals. Research by the
Digital Banking Report has found that banks and credit unions have increased
investment in digital transformation in each of the past four years. There is no
doubt that these investments are justified given the flight to digital by
consumers and the game-changing technology that can support digital customer
experience improvements. Unfortunately, with such a focus on data, analytics,
technology and systems, most firms ignore the need to invest in employees to
make sure they maximize the value of the new tools being deployed. Beyond open
communication around how employees can be a part of the digital banking
transformation process, it is important to invest in training the people to
ensure that the digital banking transformation efforts succeed. If you don’t,
it’s like buying a new car but failing to fill the gas tank (or charge the
batteries). To respond to the need to reskill and upskill current employees, new
models of managing learning and development have emerged. More than replicating
legacy training methods, new learning officer positions have been created with
the responsibility of not only creating ongoing learning opportunities, but also
supporting cultural transformation.
Here’s why upskilling is crucial to drive the post-COVID recovery
We have a pressing societal problem: how to equip people with the skills they
need to participate in the economy – now and in the future. As outlined in the
World Economic Forum’s latest Future of Jobs Report, half of all employees
around the world will need reskilling by 2025 – and that number doesn’t include
all the people who are currently not in employment. If we don’t act now, this
skills gap will only widen. With challenges come opportunities. Crisis events,
like the pandemic, can and should shape economic thinking and represent a rare
but narrow window of opportunity to reflect, reimagine, and reset priorities. So
let’s seize this opportunity. We’re calling on governments, business leaders,
and educators to join us in a global movement for upskilling. As you’ll see in
our new report – Upskilling for Shared Prosperity – published as part of Davos
Agenda Week to mark the first anniversary of the World Economic Forum’s
Reskilling Revolution Platform, there’s a clear social and economic case for
upskilling. If we commit to giving all people opportunities to build the skills
they will need to fully participate in the future workplace, it will, in turn,
lead to a prosperity dividend.
Law enforcement takes over Emotet, one of the biggest botnets
According to Europol, Emotet's infrastructure consisted of several hundred
servers located across the world and serving different purposes, including
making the botnet more resilient to takeover attempts. Law enforcement agencies
had to work together to develop a strategy that involved gaining control of the
infrastructure from the inside and redirecting victims to servers under their
own control. As part of the investigation, the Dutch National Police seized data
from the servers used by Emotet, including a list of stolen email credentials
abused by the botnet. The agency set up a web page where users can check if
their email address was among those affected. The information about infected
computers that was gathered during the operation was also shared with national
CERTs so the victims can be identified and contacted. "Only time will tell if
the takedown will have long-term impact to Emotet operations," Jason Passwaters,
COO of security firm Intel 471, tells CSO. "These groups are sophisticated and
will have baked in some sort of recovery. Emotet itself does not appear to have
any sort of inherent recovery mechanism, but a lot of the infected machines will
have other malware installed as well, such as Qbot, Trickbot or something else.
..."
Top 5 Evolving Cybersecurity Threats to Cloud Computing in 2021
According to the Sophos Threat Report of 2020, misconfigurations can drive
numerous data breaching incidents. Businesses are integrating themselves with
cloud computing which guarantees the possibilities of cloud jacking
emergence. Trend Marco predicts that code injection attacks can be utilized
to attack cloud platforms. These attacks can be carried out through third-party
libraries, from SQL injection and cross-site scripting. Attackers inject
malicious code through third-party libraries and ensure that the code is
downloaded and executed by individuals unintentionally. According to typical
public cloud vendors, they are only responsible for the security of their
infrastructure and individuals are responsible for protecting their data. ...
Social engineering acquires phishing scams to steal user credentials for
cloud-service tracks and on-premises attacks. Do you know that 78% of data
breaching incidents that occurred during 2019 were related to phishing? This
percentage increased in 2020. Innovative phishing attempts are launched through
cloud applications rather than traditional emails. Phishing kits make it easier
for cybercriminals to carry out illicit activities. Phishing kits require a very
small amount of technical skills to carry out phishing operations.
What Is Robomorphic Computing?
A robot’s operation is a three-step process: gathering data using sensors or
cameras; use mapping and localisation techniques to understand the environment;
plotting the course of action. Advances in embedded vision and SLAM technology
make data gathering and localisation easy. However, all these steps take a lot
of time, especially when calculations are done on CPUs. Previously, the
researchers have investigated the software side to develop an efficient
algorithm to speed up robots. The MIT folks concluded it’s time to look beyond
software. Hardware acceleration is the use of a specialised hardware unit to do
certain computing tasks more efficiently. While Graphic Processing Units or GPUs
have been availed for such tasks, the application is limited since the use cases
are different for different robots. Hence, the researchers at MIT developed
robomorphic computing to devise a customised hardware unit for individual
robots. It considers the physical parameters of the robot and the tasks it needs
to perform and translates it into mathematical matrices to design a specialised
hardware architecture. The resulting chip design is unique to the robot and
maximises its efficiency.
Digital Identity Is the New Security Control Plane
Digital identity — in the form of trusted contextual data defining who is
accessing a system and how — provides this control plane. Users are already
providing identity (and likely at multiple points). Systems are already
consuming it — in the case of software-as-a-service (SaaS) environments, it may
be one of the few configurable security controls available — but the decoupling
of security from location and IP address is present in many other solutions. It
can be tailored to an organization's needs and be risk-sensitive, with different
methods and phases required, depending on the resource accessed. Even better,
it's a control plane that can and should be implemented in a phased approach and
provides a path to a zero-trust network architecture. The steps to building this
are conceptually simple, and we can do extensive preparation. First, ensure even
before you implement that the technologies you are investing in are
identity-aware and able to make differentiated security decisions in the data
plane based on that identity. This must extend to SaaS applications — one of the
largest benefits of using identity as your control plane is the ability to bring
these into the fold, as it were, and to match them to your security model.
Second, consolidate identity to a single "source of trust" — that is, a single
secure, consistent, and accurate repository for identity.
Data Privacy Day 2021: What to consider in the wake of Covid-19
The exit of the UK from the EU means that companies across the country that
deal with Europe need to take extra steps to ensure correct compliance.
According to Rich Vibert, CEO and co-founder of Metomic, this can be aided by
considering this aspect at the start of any deployment. “This Data Privacy
Day, we must confront the fact that UK companies aren’t equipped to protect
their data now that we’ve Brexited,” said Vibert. “A large proportion of the
responsibility for this lies with the UK government, whose failure to deliver
guidance during the transition period resulted in businesses adopting a ‘wait
and see’ approach. “Businesses need to take charge; proactively adapting
compliance to UK-GDPR and analysing how a lack of adequacy could impact them
and their customers. Only by doing so will they avoid the financial and
reputational damage caused by non-compliance. “Regardless of whether the
government holds the blame for the current status quo or not, leaders must see
this as an opportunity to reset their approach to data protection. This means
putting the privacy, compliance and security of data at the heart of their
business strategy and using technology to facilitate this.
Marry IGA with ITSM to avoid the pitfalls of Identity 2.0
IAM solutions are too coarse-grained to handle such moves, in my experience.
That forces admins to do IGA the hard way – taking care of onboarding, job
changes, terminations, and so forth by hand. In addition to being a time- and
labor-intensive hassle, manual IGA leads to numerous identity management
errors. All too often, manual IGA grants access to new applications or
information sources but doesn’t take away old ones, which exposes companies to
security and compliance risks. Manual processes for managing patches, password
resets, software updates, and more also increase risks. You don’t want an
executive accessing highly confidential information from an app that doesn’t
require two-factor authentication on a laptop that hasn’t been updated. But if
IGA is managed from a spreadsheet, that’s exactly what happens. The employee
lifecycle is only one of the IGA challenges that Identity 2.0 systems are not
well-positioned to address. Take for example the expense and integration
hassle of onboarding traditional IAM into manual IGA systems. The typical IGA
system, like most enterprise systems, exists in a silo. Implementing manual
IGA on systems such as HR, CRM, finance, and operations means writing numerous
custom integrations.
What Happens If a Cloud Provider Shuts You Out?
There are other reasons, such as sudden outages or the shutdown of a cloud
provider, for organizations to create plans to salvage their code and get back
online quickly, Valentine says. Heikki Nousiainen, CTO at Aiven, also says the
threat of getting cut off by all three major cloud providers is very low for
most other businesses -- yet companies may want to maintain the ability to
move code around for disaster recovery needs. “They are rare, but we sometimes
see these big outages touch Google, AWS, or Azure in one or more regions,” he
says. Companies with very time-sensitive online business needs, for example,
may want to maintain the ability to roll over to a backup elsehwere,
Nousiainen says. He recommends exploring true multi-cloud options where
companies can select providers freely without being locked in, and also going
with open source technology because that lets the same set of services run in
different clouds. Some of these options can come at a bit of premium, though
Nousiainen says the overall benefits may be worth it. “There are costs
associated but typically when that investment goes into preparing
infrastructure as a code it also helps for many other problems such as
disaster recovery.”
Dead System Admin's Credentials Used for Ransomware Attack
In a case study published Tuesday, the researchers say the system
administrator had died three months previously, but the account remained
active. The researchers note that there are numerous reasons why the account
could have been left open, including the possibility that the system admin had
helped with the initial setup of the targeted firm's services. "Closing down
the account would have stopped those services working, so keeping the account
going was, we'd imagine, a convenient way of letting the dead person's work
live on," according to the report. The Sophos report also notes that these
types of "ghost" accounts are an increasing problem for security teams,
especially if other parts of the company forget that they remain active after
an employee has left or died. "In this case, the active use of the account of
a recently deceased colleague ought to have raised suspicions immediately -
except that the account was deliberately and knowingly kept going, making its
abuse look perfectly normal and therefore unexceptionable, rather than making
it seem weirdly paranormal and therefore raising an alarm," according to
Sophos.
Quote for the day:
"The leadership team is the most
important asset of the company and can be its worst liability." --
Med Jones
No comments:
Post a Comment