How CEOs Can Become Co-responsible for Cyber Resilience
Move from blind trust to informed trust. Many of the CEOs we interviewed
admitted to blindly trusting their cyber and technology teams. But CEOs who had
experienced a serious cyberattack said that, in hindsight, they wish they had
personally known and understood more. So instead of blindly trusting their
technology teams, CEOs should move to a state of “informed trust” about their
enterprise’s state of cyber resilience. One way to achieve that is to seek
independent, unbiased advice reporting results directly to the CEO, similar to
important financial audits. Embrace the “preparedness paradox”. During our
interviews, we asked CEOs to rate their companies’ preparedness for a serious
cyberattack on a scale from one to ten. Only a few could be persuaded to give a
number; many either dodged the question or openly said that they did not know.
Of those who responded, the majority rated their preparedness relatively high.
And therein lies a problem. As it turns out, the CEOs with cyberattack
experience acknowledged that they, too, had previously believed they were well
prepared – before recognising their misperception in hindsight.
How To Build And Sustain Trust: The Secret To Team And Organizational Effectiveness
Be the employee you wish to see! When leaders hold themselves to the same
standards they do their employees, they create a culture of trust and
accountability. These exemplary qualities may differ between individual
managers, but “model behavior” generally entails being transparent and honest,
honoring commitments and treating everyone with respect and dignity. In doing
so, leaders foster a greater sense of care and sincerity among their team. ...
Leaders who communicate effectively demonstrate that they value their employees
and are committed to keeping them informed. Effective communication also helps
to prevent misunderstandings and conflicts, which both damage trust.
Communication is best when it’s clear, transparent and concise. Honoring your
employees’ time heightens their sense of your reliability, too. Managers should
always be willing to listen to their employees and be open to their feedback.
Communicate regularly, whether it be through team meetings, one-on-one
conversations or email updates.
Boards Are Having the Wrong Conversations About Cybersecurity
Our findings suggest that the CISO-board disconnect is exacerbated by their
unfamiliarity with each other on a personal level (they do not spend enough
time together to get to know each other and their attitudes and priorities in
a productive way). Also contributing to this disconnect is the CISO’s
difficulty in translating technical jargon into business language, such as
risk, reputation, and resilience. ... Instead, the conversation needs to focus
on resilience. We must assume, for planning purposes, that we will experience
a cyberattack of some type, and prepare our organizations to respond and
recover with minimal damage, cost, and reputational impact. For example,
instead of going into detail in a board meeting on how our organization is set
up to respond to an incident, we must focus on what the biggest risk might be
and how we are prepared to quickly recover from the damage should that
situation happen. To change their focus to resilience as the primary goal of
cybersecurity, directors could ask their operating leaders to create a vision
for how the company will respond and recover when an attack occurs.
How an enterprise service mesh will ensure zero trust security for multi-cloud applications
Without an enterprise service mesh platform, contemporary applications with a
microservices-based architecture would have a much larger overhead in terms of
design, development, and maintenance. Right from maintaining separate business
logic and configuration specs to complex authentication and authorization
implementations that are custom to the application, ... A service mesh
improves the microservices architecture as it enables companies or individuals
to create robust enterprise applications, made up of many such microservices
on a hosting platform of their choice. An enterprise service mesh solution
allows developers to focus on adding business value to each service they
build, rather than worrying about how each service communicates with the rest.
For DevOps teams that have an established production continuous integration
and continuous deployment (CI/CD) pipeline, a service mesh can be essential
for programmatically deploying apps and application infrastructure to manage
source code and test automation tools seamlessly.
Addressing OT security under the National Cybersecurity Strategy
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/archetype/4HHTBDEPMVH37L7LGPSJZIIPMI.jpg)
Lessons learned from modernizing IT unfortunately won’t apply to OT because of
OT’s unique operating requirements. Efforts taken under the NCS must first
consider each individually and then together. For instance, when an IT system
reaches end-of-life, an agency must decide to either continue using it at
risk, pay for extended manufacturer service, or sunset and replace it all
together. Each option has pros and cons, but agencies at least have options
and can usually plan accordingly—sunset dates will be known in advance,
diminishing potential impacts of the time variable. ... Because of how OT
systems were designed, rip-and-replace isn’t a viable approach for them.
Legacy OT systems were built on the engineering paradigm of twenty years
ago—to be long-lasting and achieve the functional goals of monitoring and
controlling critical processes. Connectivity wasn’t a functional requirement,
so neither was security. Times have changed since these systems were put in
place and security risks must now be a consideration. Further, because of the
nature of what OT systems do, continuity requires that they can’t just be
turned off and replaced with a new, more secure system.
Accelerate Innovation and Create Business Value with IT Democratization
Over the next two years, it's expected that employees who aren't full-time
technical specialists will produce close to 80% of IT services and goods.
These non-IT employees who develop their own tech solutions work mostly in
business roles, but they recognize the benefits of technology and want to use
it independently. Although this signifies a shift in authority toward business
divisions, IT executives should view this new dynamic as an advantage, not a
risk. By embracing the trend and helping business users take on technical
initiatives, IT teams can free up the time and resources they need to manage
their own growing queue of initiatives. Additionally, when multiple
departments within a company hire new "citizen developers," creativity
accelerates exponentially. Many IT services offered now are designed to
provide users with more autonomy while lightening the load on technical
experts. Thanks to Software-as-a-Service (SaaS) solutions with service-based
models, IT professionals no longer have to devote time installing, deploying,
and maintaining software tools.
Data Sovereignty, Compliance Shape IT Leadership
“The topic of data sovereignty is more urgent than ever as we try to
counter-balance these considerations,” explains Jason Conyard, CIO of VMware.
“Privacy and privacy-adjacent laws is also an ever-growing topic not only on a
national level, but on a consumer level as well.” He points out customers want
assurances about their data -- how it is used, who it is shared with, and how
it is protected. “If a company can demonstrate competency in meeting its
commitments, it builds trust and customer loyalty and ultimately leads to
increased profitability,” Conyard says. Spencer Kimball, co-founder and CEO of
Cockroach Labs, adds while risk mitigation is the obvious impetus for change,
a strategic embrace of the challenge of data sovereignty can pave the way to
more frictionless expansion into new markets. "Very few businesses in today’s
connected digital economy are not looking towards a future of global
expansion,” he points out. He says with the inevitability of new regulations
always on the horizon, it’s increasingly important to build on infrastructure
designed to overcome these challenges.
AIOps: Site Reliability Engineering at Scale
AIOps (Artificial Intelligence for IT Operations) can significantly improve
cross-functional engagement in a business. In traditional IT operations,
different teams may work in silos, resulting in communication gaps,
misunderstandings, and delays in issue resolution. AIOps can help bridge these
gaps and facilitate collaboration between different teams. One way AIOps
improves cross-functional engagement is through its ability to provide
real-time insights and analytics into various IT processes. This enables
different teams to access the same information, which can help improve
communication and reduce misunderstandings. For example, the data provided by
AIOps can help IT teams and business stakeholders identify potential issues
and proactively take action to prevent them from occurring, leading to better
outcomes and higher customer satisfaction. Another way AIOps improves
cross-functional engagement is through its ability to automate various IT
processes. By automating routine tasks, AIOps can free up time for IT teams to
focus on strategic initiatives, such as improving customer experiences and
innovating new solutions.
The hidden security risks in tech layoffs and how to mitigate them
When an employee leaves a business, abruptly or not, the potential for data or
code loss can significantly impact the organization's security posture. While
most employees don't think of themselves as a cybersecurity risk, a study done
by DTEX Systems shows that “roughly 50% of people in any organization” save
confidential intellectual property from projects to which they’ve contributed.
They do it just in case they leave the company, Mahbod says. What’s even more
concerning is that 12% of these employees take data from projects they haven't
even worked on. Enterprises should realize that “the real risk is coming from
within their own corporate firewall,” Mahbod adds. “The future of data loss
prevention and protection is human-centric, not data-centric.” Businesses
should monitor data loss activities and implement policies to limit
unnecessary data movement within and outside of the organization. This could
include enforcing device lockdowns on file uploads to personal webmail,
file-sharing sites, or USB ports to prevent successful exfiltration events,
especially those that occur from layoffs.
On the verge of a digital banking revolution in the Philippines
While the Philippines presents highly attractive opportunities for expansion,
the way foreign firms and existing Filipino conglomerates choose to enter the
fintech sector will have a major impact on their growth and competitiveness.
Universal banking licenses are available to fully foreign-owned banks that are
established, reputable, financially sound, and willing to share banking
technology. Domestic and foreign banks no longer require separate licenses and
are subject to the same minimum capital requirement of $55 million to obtain a
universal banking license. In 2020, the government approved the creation of a
digital banking license that allows for full foreign ownership and entails a
capital requirement of just $19 million, provided that the bank maintains a
principal or headquarters in the Philippines. Six digital banks are licensed
under this dedicated regime, but no new applications will be accepted until
2024. Expert advice from a partner with detailed knowledge of the application
process will be a critical asset for any firm that wishes to obtain a license
when the process reopens.
Quote for the day:
"Truly great leaders spend as much
time collecting and acting upon feedback as they do providing it." --
Alexander Lucia
No comments:
Post a Comment