A Perfect Storm: 7 Reasons Global Attacks Will Soar in 2023
The Cybersecurity Venture report correctly identified the talent crunch as a
reason for concern. But the problem has even deeper roots. The worldwide
economic outlook continues to face stiff headwinds. Inflation, the energy crisis
and supply chain issues are affecting every industry. Inflation will increase
the overall cost of cyber crime as preventive and remediation costs rise. While
inflation is not directly related to the number of incidents, it does impact
company budget decisions. In response, some of the biggest tech brands are
reducing headcounts and implementing hiring freezes. Meanwhile, security teams
have been stretched thin for years. If security budgets don’t rise with
inflation, security leaders will have even less buying power to implement strong
security and capable teams. ... While the big, high-profile breaches fill
headlines, many intruders prefer to target smaller organizations. Between
2020-2021, cyberattacks on small companies surged by more than 150%, according
to RiskRecon, a Mastercard company that evaluates companies’ security risk.
How CIOs can be pillars of stability in an uncertain world
One of the guiding principles for those who would master uncertainty is to
recognize that there has always been something irresistible about advice in
mathematical form. Over-reliance on metrics has given rise to the term “McNamara
fallacy” referring to the tragic missteps associated with the misaligned
quantifications used during the Vietnam War. Instead of flailing around trying
to enumerate everything that could happen, executives need to place intense
scrutiny on a subset of critical uncertainties. In other words, neglect the
right uncertainties. ... Finding workers might be an uncertain undertaking but
retaining key performers is not. Leaders have it in their power to know what
their high performers are thinking. For these key employees it is possible to
paint reasonably clear pictures of what happens next. Mike McSally, a human
capital advisor with 20-plus years of experience in executive recruiting, does
not believe recruiting has to be a problem. Reducing talent uncertainty is a
simple matter of managing personal networks.
14 Cybersecurity Best Practices to Instill In Your End-Users
Employees should have no choice but to comply with the password policy rules
of your organization. With Specops Password Policy, for instance,
organizations can enforce length and complexity requirements to ensure that
their password is as strong as possible while blocking over 3 billion known
breached passwords. ... To further secure end-user accounts, the
implementation of multifactor authentication (MFA) should be mandatory for
end-users logging into work apps, or making a change like resetting their
passwords. When it comes to the MFA process, the more ways you can verify your
identity when logging in, the harder it is for someone to steal your
information. ... Another best practice pertaining to account information is to
encourage employees to lock their screens when they’re not around. Leaving
screens unlocked increases the risk of someone viewing or accessing sensitive
data. ... To start, all new purchases should come directly through the IT
department. IT is responsible for not only setting up the employee on the
company’s network, but also for making sure the computer is properly equipped
with security and OS or system support.
Transformational Inertia: Why So Few Digital Transformation Projects Succeed
Key to success is a company’s ability to embrace change and for the staff at
all levels to reframe the transformation as something they are an owner of and
a strategic investor in, rather than it being something that is happening to
them. This often requires a major change in company mentality and behavior.
Altering the attitudes towards transformation in this manner can help the
staff to challenge assumptions and redefine problems in an attempt to identify
alternative strategies and solutions that are very likely not apparent to the
leadership of the transformation. Adopting the idea that everyone is leading
the transformation, and has the opportunity to be an active contributor to it,
is the objective. This requires promoting psychological safety and open
communication as a cornerstone of company culture. Close collaboration and
constant, effective communication with all parties can ensure the success of
any given initiative, most significantly, digital transformation. This
communication ensures that respect is granted to all members of the company
and that they are supported throughout the transformation process.
Why remote and hybrid work could fuel cyber attacks in 2023
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/thenational/3KWXFYEXONHZPLASIY5FIO6HQE.jpg)
Attackers will lean more on their powers of persuasion than on their malware
kits as they step up social engineering attacks in the cloud … a single fake
social media profile, leveraged in the right way, can allow a threat actor to
impersonate a trusted vendor,” said Morey Haber, chief security officer at
Boston-based security firm Cybereason. “The threat actor will persuade victim
after victim to divulge secrets or act in other ways contrary to their
interest or that of their employer. The Lapsus$ [ransomware] group used social
media to become an employee and then spoof access by calling a support
helpdesk.” In March, the UK police arrested seven people, including a teenage
boy, following a series of online attacks by the Lapsus$ hacking group that
hit major technology companies, including Okta and Microsoft. Lapsus$ has
publicly taunted its victims, leaking their source codes and internal
documents. It has reportedly gone as far as to join the Zoom calls of
companies they’ve breached, during which they have taunted employees and
consultants trying to manage the hack. The group has claimed to breach
companies such as Samsung, Vodafone and Ubisoft.
Life as a CISO: Challenges, certifications, and more
We all struggle with information overload. It’s hard to organize and
prioritize the firehose of information—not only external information from
intelligence feeds and news sources, but also internal problems, concerns, or
tasks. Humans are not able to multitask well. Structuring how you process
information, prioritize things, and stay on top of key elements is critical
for your success. One of my mentors said, “look back from quarter to quarter
at what you’ve done successfully and do more of those things. Be sure to cover
yourself in the areas that will really affect your business. Those other
things that won’t keep you up at night? Leave them behind or at least wait
until they bubble up to the front.” ... In engineering, there are “first
principles,” meaning you can deconstruct any problem if you understand the
basic building blocks. The same concept applies to cyber security. Working
with big frameworks, such as the National Institute of Standards and
Technology (NIST) or the International Organization for Standardization (ISO)
standards, helps you organize and effectively prioritize what you’re doing.
From Ferrari to Ford, Cybersecurity Bugs Plague Automotive Safety
Even though security vulnerabilities have been an issue in the industry for
some time (going back to Charlie Miller and Chris Valasek's infamous 2015 Jeep
hack detailed at Black Hat USA), automakers have been slow to recognize the
potential severity of the developments, says Gartner automotive industry
analyst Pedro Pacheco. He explains that as automakers transition into becoming
software developers, they are struggling to address all points of that
development cycle — including security. "One very simple notion is if you're
not good in software, you're probably not going to be very good in making that
software safe," he says. "That is guaranteed." From his perspective,
automakers are also too complacent when it comes to addressing and patching
security vulnerabilities right away. "Automakers look at this in a more
reactive way than a proactive way, basically saying we'll address the small
number of customers affected and solve the issue and then everything goes back
to normal," he says. "That's the way of thinking for many carmakers."
Laid Off by Big Tech? Cybersecurity is a Smart Career Move
For IT professionals recently laid off from big tech jobs, the move to
cybersecurity can feel like a strange shift. Consider a software engineer or
application developer out of a job and looking for new opportunities. They may
bypass infosec openings simply because they’re not sure security would be a
good fit. They’re not wrong. While cybersecurity is on the same spectrum as
other IT opportunities, it comes with a different approach. Conflict rather
than consistency is at the heart of these protective positions. Despite its
significant departure from other roles, it offers a unique opportunity for
growth. Put simply? Having an adversary fuels innovation. Instead of working
on projects with a consistent path between point A and point B, cybersecurity
staff must be ready to respond at a moment’s notice. Even as they’re busy
implementing strategies and solutions to detect attackers earlier and mitigate
malware impacts, they’re also the first line of defense against attacks in
progress. ... As one digital door closes, however, another opens. And
strangely enough, it’s one that sees technology experts finding ways to keep
network doors shut tight against potential attackers.
What it takes to succeed as a CIO today
You’ve got to have leaders who can articulate the digital vision, be that
‘tech whisperer’ to explain to senior executives your journey into the future,
and then you need to be able to properly manage the change management
initiative — or all your great strategies won’t deliver their promised value.
Another big skill set that’s absolutely required is financial and business
acumen, because you need to be able to explain to people the value that will
be created. Yes, you need to know technology, but, boy, you need to be a
leader that can get things done quickly in a commercially sound manner,
creating a lot of value and articulating not only the business model but the
overall strategy for the organization. That means you also need to understand
all the global forces, and you need to understand the pulse and the heartbeat
of the organization from a cultural perspective. ... In addition to financial
acumen, what many CIOs need if they aspire to be a CEO is desire for the role,
and a kind of toughness, because being a CEO can be a lonely job. You’ve got
to make some really tough choices. It’s less a collaborative team sport than
the CIO position.
From School Dropout to CEO: Advice for Creative Entrepreneurs
Entrepreneurship is not for the faint of heart: New problems, scary unknowns
and intriguing (but distracting) opportunities will challenge you every day.
And you'll second-guess yourself every step of the way while others rely on
you to make decisions. People will rely on you to make the right decisions —
and they expect you to do it with a degree of confidence, whether you have any
or not! Movies love to depict entrepreneurs with automatic access to lavish
parties, luxury cars and a golden ticket to Silicon Valley. In this case, life
doesn't imitate art. Entrepreneurship includes many struggles. And if you're
lucky, and your company begins to grow, your struggles grow as well. In fact,
you can compare entrepreneurship to parenting. Some of the most difficult,
challenging and stressful moments in life involve raising a child. The bigger
the child, the bigger the mess, right? It often feels like an uphill battle
trying to keep the house clean. But parenting is also magic. It includes some
of the most moving and memorable moments of your life. Parents and
entrepreneurs often find themselves in high-pressure situations, managing
unique personalities and getting zero credit.
Quote for the day:
"Leadership is the creation of an
environment in which others are able to self-actualize in the process of
completing the job." -- John Mellecker
No comments:
Post a Comment