This new category includes instances when online criminals directly target consumers, often through a text, call, or email, rather than by obtaining a person’s personal information at the institutional level, a change in tactics in recent years that has significant consequences for both individuals and the companies they do business with. The consumer, Javelin says, has become “the path of least resistance.” Consumers aren’t the only ones affected by this change in approach. It has significantly altered the advice we give our banking and financial services customers, as well. ... Identity verification platforms with multi-modal biometrics and liveness detection offer next-generation levels of security. Even better, platforms now entering the market combine multi-modal biometrics and liveness detection with a frictionless, easy-to-use interface. With some, customers simply look into their phones or laptop cameras and say a phrase to easily and securely access an online account. This is the conversation my colleagues and I are having with our banking and financial institution customers.
Confirmation bias is the tendency to search for information proving your already-established worldview, rather than disproving it. It is obvious that it’s crucial to try to avoid this when constructing your idea or product validation tests or when talking to customers. Don’t try to defend your assumptions and decisions - instead, try to gather unbiased feedback so that you would have a higher confidence level in the results of your tests. Fake confirmation of your ideas might make your life easier as it would give you a scapegoat for your failure. Yet, in the long run, it’s much better to have to overcome your ego and succeed than to defend it but ultimately fail. The tendency to rely heavily on the first piece of information you have on a topic. The anchoring bias is often used in negotiations as a trick to bring the expectations of the opposing party closer to your desired outcome. In startups, it is very important not to unwittingly play this trick on yourself. For example, if you’ve been offering a service for free you might feel reluctant to raise the price significantly even if it is the right thing to do for your business.
Even as the metaverse continues to gain popularity, it’s important for retailers to remember that it is still relatively new, she observed. “The reality is there are so many other channels for retailers to engage customers, such as web, mobile, in-store and social, and they need to also focus on strengthening those experiences,” Estes said. Brands should not be trying to match virtual experiences with traditional in-store experiences, Mason noted, as they are very different mediums and have different strengths for connecting with customers. “The key thing to remember is that metaverse experiences are new and opt-in,” he said. “They need to be fun and engaging for the user to find something worthwhile in them. After all, moving to a competing brand’s metaverse experience is just a click or a hand-wave away. It is important for companies to consider how their brand will translate to a new medium.” Brands should consider how their brand representatives will greet consumers. Will they be serious, fun or edgy? What kind of language and voice will be used, and how will their brand avatar present itself visually?
As organizations automate their business processes, there are many potential hazards to avoid. “The main one is ignoring your people and underestimating that,” Butterfield said. “Although the outcome is driven by using a technology, everything up to the actual automation of a process is generally very people-focused. A lack of change management will unfortunately cause many issues in the long term. Organizations need to keep their people aligned with their overall goals.” Security, mainly authentication, is also a key concern, Barbin said. “Any automation, API [application programming interface] or other, requires some means to pass access credentials,” he said. “If the systems that automate and contain those credentials are compromised, access to the connected systems could be too.” To help minimize that risk, Barbin suggests using SAML 2.0 and other technologies that take stored passwords out of the systems. Another pitfall is selecting only one technology as the automation tool of choice. Typically organizations need multiple technologies to get the best results, said Maureen Fleming, program vice president for intelligent process automation research at IDC.
While this is less likely to be an issue if staff are driven by the organisation’s vision and purpose, as is often the case with tech startups, it is still “important to look at what the expectations are on both sides, what’s reasonable and where compromises could be made”, she says. Klotz also suggests that part of the reason why some IT leaders, among others, have reacted so negatively to the idea of quiet quitting idea is over concerns that “paying extra for everything” could hit profit margins, which in turn could put the company out of business, particularly in economically difficult times. But he also points to the dynamic nature of the tech industry, which requires discretionary working at times simply to deliver on projects. “It’s only if you ask people to go above and beyond without compensation that it gets exploitative rather than being part of a healthy functioning relationship,” Klotz says. “But many companies ask employees to do extra almost as part of the job description, which is partly why they provide amazing benefits and such good compensation – people know what they’re getting into and are rewarded for it.”
Both the reality of cyberthreats and regulatory changes should make it clear to boards, owners and management that there is a need for better management of cybersecurity. Enterprise risk management (ERM) is a tool that management and the board can use to help manage risk across the enterprise, including cyberrisk. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) ERM framework and International Organization for Standardization (ISO) 31000 are two prominent frameworks for ERM. Both frameworks emphasize that for effective ERM, an organization needs to have oversight from senior management, organizational structure to support ERM and qualified staff. These and other capabilities that are needed to support ERM are also necessary to support cybersecurity and manage cyberrisk; therefore, the contents of both frameworks are easily and aptly applied to cybersecurity. Organization can learn about the consequences of ineffective enterprise management of cybersecurity from many examples around the world including the 2021 ransomware attack on Ireland’s Health Services Executive (HSE).
“CISOs are increasingly challenged in their efforts to secure payment security compliance, and in convincing board members and other stakeholders of the importance and significance of securing strategic support and resources,” Hanson explains. In the 2022 Payment Security Report, it's pointed out how CISOs are often using outdated methods to secure support, and a change is needed for all stakeholders in approach. “Rather than taking a check-the-box approach to compliance, CISOs and other security leaders need to take an out-of-the box, thinker’s approach that involves implementing frameworks and models,” Hanson says. “This is especially true for those taking the Customized approach to compliance.” MacLeod says there are several key stakeholders in organizations who ensure payment security compliance, from the CEO and CIO across to the CISO and CFO -- and these roles are changing as the payments industry evolves. ... As a result, stakeholders such as the CIO and CISO are playing an increasingly important role in ensuring payment security compliance.
Businesses have many wonderful applications at their fingertips, with the average user having access to 5-10+ high-value business apps. These contain sensitive resources such as customer information, intellectual property, and financial data, making them a key target for attackers. Unfortunately, 80 per cent of businesses have faced users misusing or abusing these apps in the last year. Simply requiring a login is not enough to keep them safe – the moment a user steps away from their screen while still logged in, all of that valuable data is exposed. The defensive layer: a login only verifies a user’s identity at one point – so effective security controls here will continue to monitor, record, and audit user actions after authentication. Enhancing the visibility available to security teams offers many benefits, including being able to identify the source of a security incident (and therefore respond) much quicker. ... Almost all businesses benefit from using third party tools, but they offer risks too, as integration often requires creating super-user access to clients’ systems.
As the role of IT evolves and collaboration increases, IT leaders are increasingly working as partners – rather than technology gatekeepers – with department heads. This collaboration and decentralization of IT across the enterprise gives employees self-sufficiency and autonomy when making technology decisions for their departments. They no longer depend on the IT team for their process automation, tool choices, or technology operations. ... IT personnel must clarify to all employees which applications are allowed on the corporate network. Employees should always inform IT personnel about their use of non-sanctioned applications and devices. If employees are downloading non-sanctioned apps and using non-sanctioned devices to access the corporate network, the IT department may have trouble preventing malware from accessing the network. When employees are open and honest about the devices and applications they use, it is much easier for IT personnel to mitigate rogue downloads and keep the network safe. Also, with social engineering efforts on the rise, IT must teach all other employees about popular attack methods, such as phishing and business email compromise.
There are other common practices in software development that apply to management. First, organize your budgeting process as a CI/CD pipeline. Make budget definition something that is easily repeatable, and that fits in your organization. CI/CD allows you to get rid of fastidious tasks by putting them in a pipeline. Budgeting is one of the most fastidious things I have found I have to do as a manager. Second, master your tools. If MS Excel is the tool used by the managers in your organization, be an Excel master. Third, try to be reactive in your decisions, as in reactive programming. Be asynchronous when making decisions; as much as possible, try to reduce the “commit” phase, that is, the meetings where everyone must be present to say they agree. In my case, I think that it is necessary to maintain these meetings where everybody agrees on different things. Yet, in these meetings, I never address an issue that I haven’t had the time to discuss thoroughly with everyone beforehand- this could be through a simple asynchronous email loop where everyone had a chance to give his or her opinion.
Quote for the day:
"Successful leadership requires positive self-regard fused with optimism about a desired outcome." -- Warren Bennis