CISOs, IT lack confidence in executives’ cyber-defense knowledge
CISOs need to understand precisely how and where the two risk environments —
corporate and personal — intersect to get ahead of this problem. Here are four
things to work on to ensure key executives are protected outside the office
environment.Be vigilant for changes in leadership and executive team risk
profiles. These blind spots can be a CEO who makes frequent media appearances,
has stock market dealings that are open to public scrutiny, or is simply well
enough known to be included in social media conversations. Identify the
company’s “crown jewels” that need to be protected. This needs to include an
evaluation of potential risks, including through personal attack, and developing
mitigation strategies. Ensure high-level executives get cybersecurity
training. All staff should attend tailored awareness training which includes
phishing simulation exercises and tabletop exercises, C-level and board
executives included. Shared responsibilities. CISOs should work with other
high-level executives that shared responsibility is being carried across, this
means understanding shared risk.
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar
“With the growth and increasing sophistication of social engineering,
organisations must enhance the protection of their senior leadership now to
avoid expensive system intrusions,” added Novak. “When you look at the grand
scheme of social engineering, the reason we see this increasing is because it’s
a relatively easy thing for a threat actor to throw out there and try to hit a
lot of organisations with,” Novak told reporters during a pre-briefing session
attended by Computer Weekly. “This ties back to being financially motivated –
most of these events are about fraudulent movement of money and, typically, that
results in them getting paid very quickly.” ... “Globally, cyber threat actors
continue their relentless efforts to acquire sensitive consumer and business
data. The revenue generated from that information is staggering, and it’s not
lost on business leaders, as it is front and centre at the board level,” said
IDC research vice-president Craig Robinson. The research team added that the
fact many organisations continue to rely on distributed workforces added to the
challenges faced by defenders in creating and, crucially, enforcing
human-centric security best practice.
Will companies use low code to run their businesses?
Today's low code platforms typically provide a visual, drag-and-drop interface
for building form-based applications, or tools to build a visual workflow. The
resulting apps can be used to automate business processes, create mobile apps,
and integrate with other systems. The aim of low code technology is to make
application development much more accessible and efficient, so that
organizations can better respond to changing business needs and stay
competitive. I've seen a lot of other benefits in my discussions with CIOs, for
whom low code was certainly not a topic that rose to their pay grade until the
last couple of years. Now it's clear that low code can reduce dependencies on
hard-to-find development talent, lower the cost of development while speeding it
up, and reduce backlogs. ... Low code is becoming a central part of the future
of IT, and there are now increasing proof points to show that low code adoption
can successfully happen in a substantial, even comprehensive way in both IT and
the business.
5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
With its low latency, higher bandwidth, and extensive security measures, 5G
strengthens the security of cloud connectivity. This upgrade enables secure and
reliable transmission of sensitive information as well as real-time data
processing. 5G allows organizations to confidently use cloud services to store
and manage their data, reducing the risk of data breaches. 5G offers superior
fault tolerance when compared to cable connections, primarily due to the
inherent resilience of wireless channels in mitigating communication failures.
With a cable connecting an office or factory to a provider, it might be
necessary to build a backup connection through an optical fiber or radio. But 5G
has a reserved channel from the outset. If one base station fails, others will
take over automatically, making downtime unlikely. In addition, 5G network
slicing capabilities provide companies with dedicated virtual networks within
their IT system. This enables better isolation and segregation of data,
applications, and services, improving overall security.
Private 5G might just make you rethink your wireless options
“Cal Poly is a data-laden environment where, to unlock the true value of that
data, the data must constantly move to where it is needed,” said Bill Britton,
Cal Poly’s vice president for IT services and CIO. Unfortunately, the
university’s legacy Wi-Fi networks were straining under the weight of that data.
Before investigating 5G options, Cal Poly’s IT team audited their networks to
see how, where, and why data overloaded existing networks. They tracked usage
down to the component level and found things like a single Xbox downloading
close to 2 terabytes of data, as a single student’s console served as a gaming
hub for more than 1,500 other people worldwide, all gobbling up Cal Poly
bandwidth. “What happens if an Xbox is consuming that much bandwidth during
registration or final exams?” Britton asked. “There’s a myth that you can just
add more bandwidth, but with Wi-Fi, the infrastructure itself will always be the
major limiting factor,” he said. Without costly traffic management add-ons,
legacy Wi-Fi has severe limitations, including issues with hand-offs,
interference, and the insufficient roaming capabilities.
How to Boost Cybersecurity Through Better Communication
Cybersecurity feels like war. And that naturally leads to cybersecurity staff
forming a combative mindset. Tasked with securing a massive and growing
cybersecurity attack surface, constantly evolving threat landscape,
vulnerability-prone software, insider threats, new and unprecedented challenges
(like the recent shift to remote work), limited budgets, a persistent skills
shortage and general understaffing and other constraints — users just seem like
another set of problems coming at you. ... The larger conversation between
cybersecurity staff and employees feels like the security pros have one set of
objectives (preventing and dealing with cyberattacks) that feel at odds with the
objectives of everyone else in the organization (winning customers, earning
profits, achieving growth goals, minimizing customer loss and many others). The
big picture is that the larger goals of the organization are shared goals. All
those business objectives depend on cybersecurity — security is part of what
makes them possible. By focusing on shared objectives, users will partner more
readily.
4 Big Regulatory Issues To Ponder in 2023
Ensuring regulatory compliance can feel like a delicate juggling act. Large
enterprises with operations in multiple states and countries are faced with a
patchwork of laws that are evolving in an attempt to keep up with today’s
proliferation of data and technology. “It’s challenging to stay on top of what
seems to be a never-ending list of new requirements, some of which overlap but
do not align,” Hodge says. Enterprises may not even have the necessary knowledge
to understand where they stand with regulatory compliance. “Many companies don’t
even know everywhere sensitive data resides in their technical stack. Companies
that had to comply with GDPR or CCPA may have done proper data mapping, but most
haven’t. This generally tends to be the most time- and resource-intensive,”
according to Robin Andruss, chief privacy officer at data privacy company
Skyflow. Budgetary and staffing constraints complicate that juggling act.
Enterprises need technology, people, and training to keep up with compliance.
Getting an adequate share of the budget for those resources can be particularly
challenging for smaller companies.
Generative AI and the future of HR
Generative technology can actually pull on the skills that are required to be
successful in the job. That’s not to say managers don’t need to check the end
product. They’ll need to be that human in the loop to make sure the job
requirement is a good one. But gen AI can dramatically improve speed and
quality. The other application in recruiting is candidate personalization. Right
now, if you’re an organization with tens of thousands of applicants, you may or
may not have super customized ways of reaching out to the people who have
applied. With generative AI, you can include much more personalization about the
candidate, the job, and what other jobs may be available if there’s a reason the
applicant isn’t a fit. All those things are made immensely easier and faster
through generative AI. ... The best application of gen AI is in large skill
pools where you’re trying to fill a reasonably well-known job. We need a more
productive and efficient way to navigate all the profiles coming through. Where
it makes me a little anxious is anytime it’s a novel job—a new role—or even, in
US law, a job that’s changed more than 25 percent or 33 percent.
How to move the needle on innovation
“You can’t talk about innovation without considering culture, but I view that in
a very practical fashion: it’s got to be more than philosophy and ideology,”
says Marchand. “Creating the right culture has to start at the top with an
appreciation for and a dedication to innovation.” In considering the
innovation-savvy leaders with whom she has worked, Marchand finds that they all
have a passion for problem-solving, an insatiable sense of curiosity, and a
willingness to embrace change. “They like to be involved in transformations and
don’t mind a little bit of ambiguity,” she says. “They also have an appreciation
for the fact that even though they’re there to support the shareholders, they’re
going to enable innovation—new products, services, and ideas—to flourish.”
Weaving innovation into the business. Enabling innovation includes devoting
resources to innovation in an integrated manner. “One major pharma company
created a little startup unit staffed by its ten best project managers and gave
them [US]$20 million and 18 months to see what they could come up with,” recalls
Marchand.
If You Want to Deliver Fast, Your Tests Have the Last Word
We need to have something that doesn’t change, that feels safe and that frees
our mind from the burden of thinking whether or not it actually fits. We enter
autopilot mode. The problem with that is that we want software development to
behave like an assembly line: once the assembly line is built, we never touch
it. We operate in the same way all the time. That may work with our CI/CD lanes
for a while, but sadly it doesn’t always work well with our code. It even gets
worse because sometimes the message is transmitted so many times that it loses
its essence and at some point, we take that practice as part of our identity, we
defend it, and we don’t let different points of view in. ... We try to achieve
this responsiveness with practices of different natures: technical, such as
CI/CD (Continuous Integration/Continuous Deployment), and strategic, such as
developing in iterations. However, we often forget about agility when we deal
with the core of Software Development: coding. Imagine preparing your favorite
meal or dessert without the main ingredient of the recipe.
Quote for the day:
"Rank does not confer privilege or give
power. It imposes responsibility." -- Peter F. Drucker
No comments:
Post a Comment