The CISO in 2021: coping with the not-so-calm after the storm
Naturally, the challenges facing the modern CISO are not focused on one front.
Those on the receiving end of cyber attacks are of just as much concern as those
behind them. More than half believe that users are the most significant risk
facing their organisation. And just like the threats from the outside, there are
several causing concern from within. Human error, criminal insider attacks and
employees falling victim to phishing emails are just some of the issues keeping
CISOs up at night. With many users now out of sight, working remotely, at least
some of the time, these concerns are more pressing than they may once have been.
Nearly half of UK CISOs believe that remote working increases the risk facing
their organisation. And it’s easy to see why. Non-corporate environments tend to
make us more prone to errors and misjudgement, and in turn, more vulnerable to
cyber attack. Working from home also calls for slight alterations to security
best practice. The use of personal networks and devices may require increased
protocols and protections.
How do I select an automated red teaming solution for my business?
There are, however, tools that can help train defenders or aid in discovering
gaps in defensive investment. There are three initial considerations for these
tools. For the best defenders, identifying behavior, not static signatures or
tools, is crucial. By correlating events and telemetry, they can spot new /
unknown tools and react faster. To create this, the simulation tool must run
complex chains of techniques based on the environment; checking the OS,
downloading an implant, executing persistence, then searching local files before
moving laterally, as an example. Secondly, the solution’s techniques must be
relevant, basing them on updated imitations of those observed from real actors.
Use of threat intelligence will benchmark against genuine attackers instead of
generic outdated threats, decreasing the likelihood of defensive gaps. Finally,
being able to get metrics on the performance of the current defensive set-ups it
requires the solution to integrate with the SIEM. Without this, the ability to
gain evidence on MITRE mapped control failing becomes cumbersome and error
prone.
What Enterprises Can Learn from Digital Disruption
Operating in today's climate means updating mindsets, processes, budgeting
cycles, incentive systems and traditional ways of working. It's not about ping
pong tables and arcade rooms. It's being better at delivering on core
competencies than competitors and having the digital savviness required to
succeed in a digital-first world. However, the most valuable trait is curiosity
because curiosity leads to experimentation, innovation, optimization, and
learning. “Disruptors face the challenge of explaining the concept and the
benefits of the new approach. Many organizations struggle to grasp it and
operate under the inertia of business as usual,” says Greg Brady, founder and
chairman of supply chain control tower provider One Network Enterprises. “The
COVID-19 pandemic has opened the eyes of many executives to the shortcomings of
the old way of doing business.” Some organizations attempt to mimic what the
digital disrupters do. However, their success tends to depend on the context in
which the concept was executed.
Break the Cycle of Yesterday's Logic in Organizational Change and Agile Adoption
Like Tibetan-prayer-wheels, each framework promises to be the best business
changer if one follows their special consultancy. Affected by the marketing
machinery, executives and senior managers pick one of them. Hoping it will suit
them instead of looking to their inner and outer organizational opportunities
and boundaries to find real value adding outcomes for their business. These
artificial dual operating systems get designed alongside the line organisations
with their job descriptions, hierarchies, performance contracts, engineering
models and cultural values. Hurdles are preprogramed because for many technical
driven enterprises, industrial standards simply don’t scale with agile
frameworks. A logical inference is that the necessary variety is very much lost.
Operationalization of variety with minimal investment costs are entrapped.
Consequently, the change system behavior will be like dandelion seeds - the
change will take time, costs will spread, and development transaction costs will
increase.
How to choose the best NVMe storage array
NVMe’s parallelism is fundamental to its value. Where SAS-based storage supports
a single message queue and 256 simultaneous commands per queue, NVMe ramps this
all the way up to 64,000 queues, each with support for 64,000 simultaneous
commands. That massive increase is key to enabling you to ramp up the number of
VMs on a single physical host, driving greater efficiency and easing management.
Identifying individual workloads and planning for growth over time--along with
high availability needs and continuity requirements (backup/restore,
replication, geo-redundancy, or simply disaster recovery)--can help paint a
picture of what you need in an NVMe array. While each of these considerations
has the potential to drive up the initial cost of whichever NVMe array you
select (or multiple arrays, when you consider redundancy), smart investments
that match your needs ultimately reduce your cost of ownership in the long run.
NVMe arrays are big-ticket items, so efficient storage practices are critical to
making the most of the hardware you buy and extending the lifecycle of your
storage media.
Progressive Delivery: A Detailed Overview
In a traditional waterfall model, teams release new features to an entire user
base at one time. Using progressive delivery, you roll out features gradually.
Here’s how it works: DevOps managers first ship a new feature to release
managers for internal testing. Once that’s done, the feature goes to a small
batch of users to collect additional feedback, or is incrementally released to
more users over time. The final step is a general launch when the feature is
ready for the masses. It’s a bit like dipping your toes into the water before
diving in. If something goes wrong during a launch, you haven’t exposed your
entire user base to it. You can easily roll the feature back if you need to and
make changes. Progressive delivery emerged in response to widespread
dissatisfaction with the continuous delivery model. DevOps teams needed a way to
control software releases and catch issues early on instead of pumping out
bug-filled versions to their users, and progressive delivery met this
requirement.
Employees Can Be Insider Threats to Cybersecurity. Here's How to Protect Your Organization.
Politics are another strong motivation for employees to become insider threats.
For example, an employee might be upset with his or her work situation or job
title but can't see a way to fix it because of inter-office politics. This could
lead to that employee becoming disgruntled and wanting to take revenge on the
company. This situation is common in enterprise-level organizations, where
management doesn't take the time to get to know their employees or address their
concerns. Providing an environment where employees can reach their full
potential and have open lines of communication with their chain of command can
help mitigate potential political concerns. This ties closely to professional
reasons. For example, employees might feel slighted after being passed over for
a promotion, or they might be the target of an internal investigation for
misconduct. On the other hand, they could find themselves the target of
misconduct by a peer or boss, which could lead them to take matters into their
own hands. Humans are emotional creatures, and this, of course, applies to
employees as well.
Three reasons why ransomware recovery requires packet data
SecOps team members or external consultants can comb through the data to find
the original malware that caused the attack, determine how it got onto the
network in the first place, map how it traversed the network and determine which
systems and data were exposed. Note that the storage capacity required to store
even a week’s worth of packet data can quickly become prohibitively expensive
for high-speed networks. To have a realistic chance of storing a large enough
buffer, these organizations will need to be smart about where to capture and how
much to capture. One way to do this is to use intelligent packet filtering and
deduplication by front-ending the packet capture devices with a packet broker to
reduce the amount of data saved. Another method is using integrations between
the security tools and the capture devices to only capture packet data
correlated with incidents or high alerts. Using a rolling buffer strategy to
overwrite the data after a “safe period” has passed will also reduce storage
requirements.
The key to mobile security? Be smarter than your device
What people often forget is that the shiny all-singing, all-dancing device in
their pocket is also a highly capable surveillance device, boasting advanced
sensory equipment (camera and microphone), and a wealth of tracking information.
People just assume that their mobile device is secure and often use it with less
care (from a security point of view) for things that they wouldn’t do on a
laptop. To this end, we now have a vast industry that sets out to secure and
empower productivity on the basis that people can work anywhere and often use
their devices for both work and personal use. Mobility and cloud technology have
become essential with most people now working and managing their personal lives
in a digital fashion. To coin a saying from the world of Spiderman (slightly out
of context) — with great power comes great responsibility. We now live in a
world where the once humble communication device is now a very powerful tool
that needs to be used responsibly in the face of those wishing to act in a
nefarious way.
How to Develop a Data-Literate Workforce
You probably already know the importance of data literacy, but to frame this
article, let's position the benefits in a modern data governance setting. The
best way to do so is to use an example where the absence of data literacy led to
disastrous consequences. There are many well-known examples of data literacy
issues leading to extreme failures. However, one of the most significant
occurred at NASA in 1999 and led to the loss of a $125 million Mars probe. The
probe burnt up as it descended through the Martian atmosphere because of a
mathematical error caused by conflicting definitions. The navigation team at
NASA's Jet Propulsion Laboratory (JPL) worked in the metric system (meters and
millimeters), while Lockheed Martin Astronautics, the company responsible for
designing and building the probe, provided the navigation team with acceleration
data in imperial measurements (feet, pounds, and inches). Because there were no
common terms or definitions in place, the JPL team read the data inaccurately
and failed to quantify the speed at which the craft was accelerating. The result
was catastrophic, but it could have been easily avoided if a system of data
literacy had been in place.
Quote for the day:
"The first key to leadership is
self-control" -- Jack Weatherford
No comments:
Post a Comment