Consumer cyber hygiene makes significant gains, report shows
The new survey shows 75% of respondents were at least somewhat concerned about
privacy of personal data collected online. Of those who showed little concern
about the issue, 24% said it was because, “there’s nothing I can do about it
anyway.” Another 18% of that group said, “I take all of the privacy precautions
that I can, so I believe the security and privacy of my personal data is out of
my hands.” According to the report, when asked “who should be most
responsible for protecting the online privacy of Americans,” 32% said companies,
33% said the federal government, and 25% said it was consumers
themselves. “This isn’t a surprise,” said Harvard Kennedy School fellow and
lecturer Bruce Schneier. “Surveys consistently demonstrate that people are
concerned about their privacy in the face of both governments and corporations.
The reason people don’t often act on those concerns is that they feel powerless.
There are often no easy ways people have to protect the privacy of their
personal data, nor are there reasonable alternatives to the tech monopolies that
make surveillance their business model.”
Australia moots changes to privacy laws after Optus data breach
The proposed regulatory changes would allow telcos in the country to temporarily
share certain government identifier data, such as Medicare and passport numbers,
with financial services providers. This aimed to facilitate enhanced monitoring
and safeguards for customers affected by a data breach, the office of Australian
Treasurer Jim Chalmers said in a statement Thursday. He added that the
amendments would enable better coordination between the telcos, financial
institutions, as well as federal and state government agencies to detect and
mitigate the risks of cybersecurity incidents. "The proposed regulations have
been carefully designed with strong privacy and security safeguards to ensure
that only limited information can be made available for certain purposes,"
Chalmers said. The amendments will apply to all financial institutions regulated
by Australia's Australian Prudential Regulation Authority (APRA), excluding
branches of foreign banks, with the personal identifier information only to be
used for "preventing or responding" to cybersecurity incidents, fraud, scam
activities, or instances of identity theft.
How to Transition from General IT to Cybersecurity
People often ask, “How do I change my career to cybersecurity with no
experience?” or “Can I get into cybersecurity without IT experience?” It is
critical that employers can distinguish you from your peers. Employers
certainly prefer job candidates with experience; however, degrees and
certifications also demonstrate your understanding of relevant topics and can
set you apart from other applicants. Nearly 9 in 10 (88 percent) of
respondents to ISACA’s survey reported that a cybersecurity candidate’s
credentials are somewhat or very important in determining if they are
qualified. How quickly can you learn cybersecurity? It depends on your
path—degrees typically take two to four years, depending on the level of
education and focus of the subject matter. Certifications are less of a time
commitment but be sure to pick the one that is right for your background and
level of experience. For example, ISACA’s Cybersecurity Fundamentals
Certificate is designed for entry-level professionals, but the CISM and CSX-P
certifications are meant for more seasoned practitioners.
ESG and Cybersecurity Compliance Are Every Employee’s Concern
For the rapidly changing worlds of both cybersecurity and ESG, past
performance cannot be considered an indicator of future success. Instead,
companies need to train up existing employees, hire new talent, and bring in
external consultants to develop and vet their plans for both regulatory
compliance and how to showcase that hard work. New hires and specific employee
designations are only one piece of achieving legal compliance (and, of course,
great PR). Thoughtful training and awareness maintenance is key here as well.
In cybersecurity, an organization is only as strong as its weakest link; in
ESG, employees with multifaceted skill sets (namely, strategic plan evaluation
and ability to analyze both qualitative and quantitative inputs) will be the
ones who drive value in meeting this multifaceted and demanding acronym. The
best training and awareness programs not only account for legal obligations,
but they also consider employees’ specific responsibilities and how everyone
interacts with cybersecurity and ESG sectors in differing ways. Dynamic
workshops, lecture sessions, and specialized training are solid paths to
showcase compliance in both cybersecurity and ESG
Three Ways To Close Your Cyber Skills Gap
If hiring outside talent is too difficult, time-consuming or expensive, it may
be time to look inward and develop your own talent pipeline from within your
organization. Good cybersecurity employees must be curious, measured and
driven with an attitude of “I don’t know the answer, but I can figure it out.”
The rest you can teach. I have personally transitioned employees from DevOps
and infrastructure teams into roles as IAM specialists, senior security
architects and engineers. Unfortunately, internal development programs are
often hampered by a lack of time and resources or leadership turnover, which
makes it impossible to settle on a strategy for longer than a single
technology refresh cycle. But if you make the investment and look beyond
certifications and formal training, you will often find passionate existing
employees who simply need an opportunity and a nudge in the right direction.
Personally, I’ve found that web developers, network administrators, cloud
engineers and operations personnel all make fantastic cybersecurity candidates
with the right support.
9 things you shouldn’t virtualize
Although virtualization has kept up to date with the ability to handle
streaming and other relatively high-performance processes, some
memory-intensive projects aren’t a good fit. Not having enough memory or
overcommitting the memory you do have can lead to performance issues. Server
virtualization may make it easier for you to save physical space, but it still
requires a lot of memory. ... When it comes to power sources, it’s best
practice to always have a backup. The same is true of virtualizing servers.
Don’t go out on a limb with virtualizing something and end up removing the
redundancy the original had. Make sure you’ve tested that the virtualized
server and its backup work well before you make any changes you can’t reverse.
... What if the VM you’re trying to repair also controls the retinal scanner
that is supposed to let you into the building? Now you have a second problem.
Software on VMs shouldn’t be the only way to access physical controls,
especially if they’re mission critical or could cause problems for the people
working on the servers themselves.
8 signs your low-code platform is overpromising and underdelivering
Many low-code and no-code platforms allow developers to customize the
implementation with custom code. But if you are adding too much pro code,
being confined to a low-code platform may be constrictive. Alternatively, if
business stakeholders are writing requirements and aren’t open to the
solutions accelerated through low-code platforms, you might as well develop a
custom solution. David Brault, product marketing manager at Mendix, agrees, “A
low-code solution that requires developers to leave the platform and revert to
full-code development environments to make enhancements to an application is
one that will consistently underdeliver.” Guljeet Nagpaul, chief product
officer at ACCELQ, adds, “One sign that your low-code platform is not working
concerns customizations. If you find that your platform needs constant
customizations, that suggests that the code is being written without the
discipline of architecture and sound design. The maintenance of this
customization will quickly become unsustainable and ultimately drag down the
return on investment.”
Mentor Magic: How To Make Mentorship Work for Your Career
Before looking for a mentor, think hard about whether you are ready to be
mentored and ready to invest in the relationship. Being a mentee isn’t sitting
at the foot of a mentor and having them impart wisdom. The mentor is offering
their valuable time and hard-won wisdom; these are gifts that you acknowledge
and express gratitude for not just with words, but by your attitude and your
actions. Being a great mentee means being open-minded, ready to change,
dedicated to preparing ahead of time for sessions with your mentor, and
committed to following through on goals or projects established with your
mentor. How do you prepare? Know what skill or competency you are looking to
build, or the question you need help with. Before the meeting, send an email
with a subject line that succinctly telegraphs the topic of the meeting and
outlines what you’d like to discuss. This ensures that valuable time during
your meeting won’t be wasted on laying out why you are there, and it gives
your mentor time to prepare as well. Next, prepare for the meeting itself.
Detail the steps you have already taken to build the skill or answer the
question yourself.
CIO role: 5 secrets to success
IT is not a function to be hidden in the shadows anymore. Today, every company
is a tech company – and they need to think and act like one. That puts the CIO
in a high-visibility/high-impact role. Use a products-and-platforms approach:
Prioritize the design and build for the organization’s “customer” or “consumer.”
More and more CIOs are talking about business and motivating people inside and
outside their organizations. ... Engage business leaders in your vision that
information technology is at the heart of the organization. How technology and
data are woven into business priorities and support the company’s evolution is a
critical conversation that you should be driving and engaging people in. The IT
Vision should feel like it is owned by more than just the CIO. The CIO provides
the inspiration, the experience, and the direction, but to get true ownership,
accountability, and trust, the vision needs to be owned and delivered by the
leadership team. Engaging cross-functional and internal leaders in this vision
will accelerate the journey toward achieving this transformation.
Have Some CAKE: The New (Stateful) Serverless Stack
C Is for CockroachDB Serverless - To power these next-generation serverless
applications, we need a database that solves your scale-up and scale-down
problems. And it needs to be a consistent data store so you can use it for your
most business-critical applications. ... A Is for Auth - To enable all
those different endpoints to have common access controls, we also need
next-generation authorization, authentication, session and user management.
... K Is for Kubernetes - Distributed systems are inherently complex,
so we need a way to orchestrate all the moving pieces. The essential anchor of
our new stateful serverless stack is Kubernetes, since the big K8s vendors are
offering dynamic, low-friction scaling mechanisms for our orchestration layer.
... E Is for Serverless Frameworks - Of course, we need to host and
deploy our serverless, event-driven architecture. At this point in the stack
there are two moving pieces to select: serverless frontend and backend
frameworks.
Quote for the day:
Good leaders value change, they
accomplish a desired change that gets the organization and society better. -
Anyaele Sam Chiyson
No comments:
Post a Comment