Daily Tech Digest - May 04, 2023

How CEOs Can Become Co-responsible for Cyber Resilience

Move from blind trust to informed trust. Many of the CEOs we interviewed admitted to blindly trusting their cyber and technology teams. But CEOs who had experienced a serious cyberattack said that, in hindsight, they wish they had personally known and understood more. So instead of blindly trusting their technology teams, CEOs should move to a state of “informed trust” about their enterprise’s state of cyber resilience. One way to achieve that is to seek independent, unbiased advice reporting results directly to the CEO, similar to important financial audits. Embrace the “preparedness paradox”. During our interviews, we asked CEOs to rate their companies’ preparedness for a serious cyberattack on a scale from one to ten. Only a few could be persuaded to give a number; many either dodged the question or openly said that they did not know. Of those who responded, the majority rated their preparedness relatively high. And therein lies a problem. As it turns out, the CEOs with cyberattack experience acknowledged that they, too, had previously believed they were well prepared – before recognising their misperception in hindsight.

How To Build And Sustain Trust: The Secret To Team And Organizational Effectiveness

Be the employee you wish to see! When leaders hold themselves to the same standards they do their employees, they create a culture of trust and accountability. These exemplary qualities may differ between individual managers, but “model behavior” generally entails being transparent and honest, honoring commitments and treating everyone with respect and dignity. In doing so, leaders foster a greater sense of care and sincerity among their team. ... Leaders who communicate effectively demonstrate that they value their employees and are committed to keeping them informed. Effective communication also helps to prevent misunderstandings and conflicts, which both damage trust. Communication is best when it’s clear, transparent and concise. Honoring your employees’ time heightens their sense of your reliability, too. Managers should always be willing to listen to their employees and be open to their feedback. Communicate regularly, whether it be through team meetings, one-on-one conversations or email updates.

Boards Are Having the Wrong Conversations About Cybersecurity

Our findings suggest that the CISO-board disconnect is exacerbated by their unfamiliarity with each other on a personal level (they do not spend enough time together to get to know each other and their attitudes and priorities in a productive way). Also contributing to this disconnect is the CISO’s difficulty in translating technical jargon into business language, such as risk, reputation, and resilience. ... Instead, the conversation needs to focus on resilience. We must assume, for planning purposes, that we will experience a cyberattack of some type, and prepare our organizations to respond and recover with minimal damage, cost, and reputational impact. For example, instead of going into detail in a board meeting on how our organization is set up to respond to an incident, we must focus on what the biggest risk might be and how we are prepared to quickly recover from the damage should that situation happen. To change their focus to resilience as the primary goal of cybersecurity, directors could ask their operating leaders to create a vision for how the company will respond and recover when an attack occurs. 

How an enterprise service mesh will ensure zero trust security for multi-cloud applications

Without an enterprise service mesh platform, contemporary applications with a microservices-based architecture would have a much larger overhead in terms of design, development, and maintenance. Right from maintaining separate business logic and configuration specs to complex authentication and authorization implementations that are custom to the application, ... A service mesh improves the microservices architecture as it enables companies or individuals to create robust enterprise applications, made up of many such microservices on a hosting platform of their choice. An enterprise service mesh solution allows developers to focus on adding business value to each service they build, rather than worrying about how each service communicates with the rest. For DevOps teams that have an established production continuous integration and continuous deployment (CI/CD) pipeline, a service mesh can be essential for programmatically deploying apps and application infrastructure to manage source code and test automation tools seamlessly.

Addressing OT security under the National Cybersecurity Strategy

Lessons learned from modernizing IT unfortunately won’t apply to OT because of OT’s unique operating requirements. Efforts taken under the NCS must first consider each individually and then together. For instance, when an IT system reaches end-of-life, an agency must decide to either continue using it at risk, pay for extended manufacturer service, or sunset and replace it all together. Each option has pros and cons, but agencies at least have options and can usually plan accordingly—sunset dates will be known in advance, diminishing potential impacts of the time variable. ... Because of how OT systems were designed, rip-and-replace isn’t a viable approach for them. Legacy OT systems were built on the engineering paradigm of twenty years ago—to be long-lasting and achieve the functional goals of monitoring and controlling critical processes. Connectivity wasn’t a functional requirement, so neither was security. Times have changed since these systems were put in place and security risks must now be a consideration. Further, because of the nature of what OT systems do, continuity requires that they can’t just be turned off and replaced with a new, more secure system. 

Accelerate Innovation and Create Business Value with IT Democratization

Over the next two years, it's expected that employees who aren't full-time technical specialists will produce close to 80% of IT services and goods. These non-IT employees who develop their own tech solutions work mostly in business roles, but they recognize the benefits of technology and want to use it independently. Although this signifies a shift in authority toward business divisions, IT executives should view this new dynamic as an advantage, not a risk. By embracing the trend and helping business users take on technical initiatives, IT teams can free up the time and resources they need to manage their own growing queue of initiatives. Additionally, when multiple departments within a company hire new "citizen developers," creativity accelerates exponentially. Many IT services offered now are designed to provide users with more autonomy while lightening the load on technical experts. Thanks to Software-as-a-Service (SaaS) solutions with service-based models, IT professionals no longer have to devote time installing, deploying, and maintaining software tools. 

Data Sovereignty, Compliance Shape IT Leadership

“The topic of data sovereignty is more urgent than ever as we try to counter-balance these considerations,” explains Jason Conyard, CIO of VMware. “Privacy and privacy-adjacent laws is also an ever-growing topic not only on a national level, but on a consumer level as well.” He points out customers want assurances about their data -- how it is used, who it is shared with, and how it is protected. “If a company can demonstrate competency in meeting its commitments, it builds trust and customer loyalty and ultimately leads to increased profitability,” Conyard says. Spencer Kimball, co-founder and CEO of Cockroach Labs, adds while risk mitigation is the obvious impetus for change, a strategic embrace of the challenge of data sovereignty can pave the way to more frictionless expansion into new markets. "Very few businesses in today’s connected digital economy are not looking towards a future of global expansion,” he points out. He says with the inevitability of new regulations always on the horizon, it’s increasingly important to build on infrastructure designed to overcome these challenges.

AIOps: Site Reliability Engineering at Scale

AIOps (Artificial Intelligence for IT Operations) can significantly improve cross-functional engagement in a business. In traditional IT operations, different teams may work in silos, resulting in communication gaps, misunderstandings, and delays in issue resolution. AIOps can help bridge these gaps and facilitate collaboration between different teams. One way AIOps improves cross-functional engagement is through its ability to provide real-time insights and analytics into various IT processes. This enables different teams to access the same information, which can help improve communication and reduce misunderstandings. For example, the data provided by AIOps can help IT teams and business stakeholders identify potential issues and proactively take action to prevent them from occurring, leading to better outcomes and higher customer satisfaction. Another way AIOps improves cross-functional engagement is through its ability to automate various IT processes. By automating routine tasks, AIOps can free up time for IT teams to focus on strategic initiatives, such as improving customer experiences and innovating new solutions. 

The hidden security risks in tech layoffs and how to mitigate them

When an employee leaves a business, abruptly or not, the potential for data or code loss can significantly impact the organization's security posture. While most employees don't think of themselves as a cybersecurity risk, a study done by DTEX Systems shows that “roughly 50% of people in any organization” save confidential intellectual property from projects to which they’ve contributed. They do it just in case they leave the company, Mahbod says. What’s even more concerning is that 12% of these employees take data from projects they haven't even worked on. Enterprises should realize that “the real risk is coming from within their own corporate firewall,” Mahbod adds. “The future of data loss prevention and protection is human-centric, not data-centric.” Businesses should monitor data loss activities and implement policies to limit unnecessary data movement within and outside of the organization. This could include enforcing device lockdowns on file uploads to personal webmail, file-sharing sites, or USB ports to prevent successful exfiltration events, especially those that occur from layoffs.

On the verge of a digital banking revolution in the Philippines

While the Philippines presents highly attractive opportunities for expansion, the way foreign firms and existing Filipino conglomerates choose to enter the fintech sector will have a major impact on their growth and competitiveness. Universal banking licenses are available to fully foreign-owned banks that are established, reputable, financially sound, and willing to share banking technology. Domestic and foreign banks no longer require separate licenses and are subject to the same minimum capital requirement of $55 million to obtain a universal banking license. In 2020, the government approved the creation of a digital banking license that allows for full foreign ownership and entails a capital requirement of just $19 million, provided that the bank maintains a principal or headquarters in the Philippines. Six digital banks are licensed under this dedicated regime, but no new applications will be accepted until 2024. Expert advice from a partner with detailed knowledge of the application process will be a critical asset for any firm that wishes to obtain a license when the process reopens.

Quote for the day:

"Truly great leaders spend as much time collecting and acting upon feedback as they do providing it." -- Alexander Lucia

No comments:

Post a Comment