Daily Tech Digest - June 06, 2023

CISOs, IT lack confidence in executives’ cyber-defense knowledge

CISOs need to understand precisely how and where the two risk environments — corporate and personal — intersect to get ahead of this problem. Here are four things to work on to ensure key executives are protected outside the office environment.Be vigilant for changes in leadership and executive team risk profiles. These blind spots can be a CEO who makes frequent media appearances, has stock market dealings that are open to public scrutiny, or is simply well enough known to be included in social media conversations. Identify the company’s “crown jewels” that need to be protected. This needs to include an evaluation of potential risks, including through personal attack, and developing mitigation strategies. Ensure high-level executives get cybersecurity training. All staff should attend tailored awareness training which includes phishing simulation exercises and tabletop exercises, C-level and board executives included. Shared responsibilities. CISOs should work with other high-level executives that shared responsibility is being carried across, this means understanding shared risk.

Cyber spotlight falls on boardroom ‘privilege’ as incidents soar

“With the growth and increasing sophistication of social engineering, organisations must enhance the protection of their senior leadership now to avoid expensive system intrusions,” added Novak. “When you look at the grand scheme of social engineering, the reason we see this increasing is because it’s a relatively easy thing for a threat actor to throw out there and try to hit a lot of organisations with,” Novak told reporters during a pre-briefing session attended by Computer Weekly. “This ties back to being financially motivated – most of these events are about fraudulent movement of money and, typically, that results in them getting paid very quickly.” ... “Globally, cyber threat actors continue their relentless efforts to acquire sensitive consumer and business data. The revenue generated from that information is staggering, and it’s not lost on business leaders, as it is front and centre at the board level,” said IDC research vice-president Craig Robinson. The research team added that the fact many organisations continue to rely on distributed workforces added to the challenges faced by defenders in creating and, crucially, enforcing human-centric security best practice.

Will companies use low code to run their businesses?

Today's low code platforms typically provide a visual, drag-and-drop interface for building form-based applications, or tools to build a visual workflow. The resulting apps can be used to automate business processes, create mobile apps, and integrate with other systems. The aim of low code technology is to make application development much more accessible and efficient, so that organizations can better respond to changing business needs and stay competitive. I've seen a lot of other benefits in my discussions with CIOs, for whom low code was certainly not a topic that rose to their pay grade until the last couple of years. Now it's clear that low code can reduce dependencies on hard-to-find development talent, lower the cost of development while speeding it up, and reduce backlogs. ... Low code is becoming a central part of the future of IT, and there are now increasing proof points to show that low code adoption can successfully happen in a substantial, even comprehensive way in both IT and the business.

5 Must-Know Facts about 5G Network Security and Its Cloud Benefits

With its low latency, higher bandwidth, and extensive security measures, 5G strengthens the security of cloud connectivity. This upgrade enables secure and reliable transmission of sensitive information as well as real-time data processing. 5G allows organizations to confidently use cloud services to store and manage their data, reducing the risk of data breaches. 5G offers superior fault tolerance when compared to cable connections, primarily due to the inherent resilience of wireless channels in mitigating communication failures. With a cable connecting an office or factory to a provider, it might be necessary to build a backup connection through an optical fiber or radio. But 5G has a reserved channel from the outset. If one base station fails, others will take over automatically, making downtime unlikely. In addition, 5G network slicing capabilities provide companies with dedicated virtual networks within their IT system. This enables better isolation and segregation of data, applications, and services, improving overall security.

Private 5G might just make you rethink your wireless options

“Cal Poly is a data-laden environment where, to unlock the true value of that data, the data must constantly move to where it is needed,” said Bill Britton, Cal Poly’s vice president for IT services and CIO. Unfortunately, the university’s legacy Wi-Fi networks were straining under the weight of that data. Before investigating 5G options, Cal Poly’s IT team audited their networks to see how, where, and why data overloaded existing networks. They tracked usage down to the component level and found things like a single Xbox downloading close to 2 terabytes of data, as a single student’s console served as a gaming hub for more than 1,500 other people worldwide, all gobbling up Cal Poly bandwidth. “What happens if an Xbox is consuming that much bandwidth during registration or final exams?” Britton asked. “There’s a myth that you can just add more bandwidth, but with Wi-Fi, the infrastructure itself will always be the major limiting factor,” he said. Without costly traffic management add-ons, legacy Wi-Fi has severe limitations, including issues with hand-offs, interference, and the insufficient roaming capabilities.

How to Boost Cybersecurity Through Better Communication

Cybersecurity feels like war. And that naturally leads to cybersecurity staff forming a combative mindset. Tasked with securing a massive and growing cybersecurity attack surface, constantly evolving threat landscape, vulnerability-prone software, insider threats, new and unprecedented challenges (like the recent shift to remote work), limited budgets, a persistent skills shortage and general understaffing and other constraints — users just seem like another set of problems coming at you. ... The larger conversation between cybersecurity staff and employees feels like the security pros have one set of objectives (preventing and dealing with cyberattacks) that feel at odds with the objectives of everyone else in the organization (winning customers, earning profits, achieving growth goals, minimizing customer loss and many others). The big picture is that the larger goals of the organization are shared goals. All those business objectives depend on cybersecurity — security is part of what makes them possible. By focusing on shared objectives, users will partner more readily.

4 Big Regulatory Issues To Ponder in 2023

Ensuring regulatory compliance can feel like a delicate juggling act. Large enterprises with operations in multiple states and countries are faced with a patchwork of laws that are evolving in an attempt to keep up with today’s proliferation of data and technology. “It’s challenging to stay on top of what seems to be a never-ending list of new requirements, some of which overlap but do not align,” Hodge says. Enterprises may not even have the necessary knowledge to understand where they stand with regulatory compliance. “Many companies don’t even know everywhere sensitive data resides in their technical stack. Companies that had to comply with GDPR or CCPA may have done proper data mapping, but most haven’t. This generally tends to be the most time- and resource-intensive,” according to Robin Andruss, chief privacy officer at data privacy company Skyflow. Budgetary and staffing constraints complicate that juggling act. Enterprises need technology, people, and training to keep up with compliance. Getting an adequate share of the budget for those resources can be particularly challenging for smaller companies.

Generative AI and the future of HR

Generative technology can actually pull on the skills that are required to be successful in the job. That’s not to say managers don’t need to check the end product. They’ll need to be that human in the loop to make sure the job requirement is a good one. But gen AI can dramatically improve speed and quality. The other application in recruiting is candidate personalization. Right now, if you’re an organization with tens of thousands of applicants, you may or may not have super customized ways of reaching out to the people who have applied. With generative AI, you can include much more personalization about the candidate, the job, and what other jobs may be available if there’s a reason the applicant isn’t a fit. All those things are made immensely easier and faster through generative AI. ... The best application of gen AI is in large skill pools where you’re trying to fill a reasonably well-known job. We need a more productive and efficient way to navigate all the profiles coming through. Where it makes me a little anxious is anytime it’s a novel job—a new role—or even, in US law, a job that’s changed more than 25 percent or 33 percent. 

How to move the needle on innovation

“You can’t talk about innovation without considering culture, but I view that in a very practical fashion: it’s got to be more than philosophy and ideology,” says Marchand. “Creating the right culture has to start at the top with an appreciation for and a dedication to innovation.” In considering the innovation-savvy leaders with whom she has worked, Marchand finds that they all have a passion for problem-solving, an insatiable sense of curiosity, and a willingness to embrace change. “They like to be involved in transformations and don’t mind a little bit of ambiguity,” she says. “They also have an appreciation for the fact that even though they’re there to support the shareholders, they’re going to enable innovation—new products, services, and ideas—to flourish.” Weaving innovation into the business. Enabling innovation includes devoting resources to innovation in an integrated manner. “One major pharma company created a little startup unit staffed by its ten best project managers and gave them [US]$20 million and 18 months to see what they could come up with,” recalls Marchand. 

If You Want to Deliver Fast, Your Tests Have the Last Word

We need to have something that doesn’t change, that feels safe and that frees our mind from the burden of thinking whether or not it actually fits. We enter autopilot mode. The problem with that is that we want software development to behave like an assembly line: once the assembly line is built, we never touch it. We operate in the same way all the time. That may work with our CI/CD lanes for a while, but sadly it doesn’t always work well with our code. It even gets worse because sometimes the message is transmitted so many times that it loses its essence and at some point, we take that practice as part of our identity, we defend it, and we don’t let different points of view in. ... We try to achieve this responsiveness with practices of different natures: technical, such as CI/CD (Continuous Integration/Continuous Deployment), and strategic, such as developing in iterations. However, we often forget about agility when we deal with the core of Software Development: coding. Imagine preparing your favorite meal or dessert without the main ingredient of the recipe.

Quote for the day:

"Rank does not confer privilege or give power. It imposes responsibility." -- Peter F. Drucker

No comments:

Post a Comment