Daily Tech Digest - August 23, 2023

“While saying ‘yes’ to a project can seem like the easiest way to spark innovation, the ability to say ‘no’ is vital to ensure companies focus on projects primed to deliver long-term value,” says Prasad Ramakrishnan, CIO at software company Freshworks. “Evaluating these decisions requires a deep understanding of company and stakeholder priorities.” ... IT leaders facing a surfeit of worthwhile technical projects, however, can find themselves in a difficult — and nerve-racking — position, says Barry Shurkey, CIO at NTT Data Services. What if the chosen initiatives don’t work out? What if you make the wrong choice and foregoing other options ends up having a negative or detrimental impact on the business? “Sometimes, this forces CIOs to delve in and quantify the potential success and the impact of failure for each initiative,” Shurkey says. “To enable us to be connected with the pulse of the business and to strike the right balance and prioritize the right projects, it’s also important for IT leaders to build strong relationships with their counterparts in the C-suite and with the next level of leaders in the business functions.”

Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit

The cases come at a pivotal time as the discussion and potential legislation around software vendor liability heats, and the Biden administration ponders its response. The National Cybersecurity Strategy, released by the Biden Administration in March, has acknowledged that under the currently recognized liability paradigm, software vendors are rarely held to account for exploited flaws in their solutions. "Whether under contract, product liability, or common-law negligence theories, software makers to date have been nearly universally successful avoiding meaningful liability," notes Mark Millender, senior advisor, global executive engagement at Tanium, a provider of converged endpoint management The National Cybersecurity Strategy proposes a joint effort between the administration, Congress, and the private sector to develop legislation to establish such liability, a process that will take time but is ultimately necessary, he says. "It is critical to address the lack of accountability to drive the market to produce safer products and services while preserving innovation," Millender says.

Creating a Successful Data Quality Strategy

One of the most powerful ways data quality management teams can build a unified systems mission with upper management is to present data as a product in operations – a thing that can be measured and measured again. “Things that you don’t continue to measure can easily spin out of control: like money, like weight,” Kapoor quipped. However, team members need a clear sense of where to target indicative measurement and locate problem areas in the chain of operations. The team needs to have a realistic vision as it makes timetables for improving data projections. In setting up ongoing data quality metrics that help reveal where data failures recur, Kapoor presented the innovative view that in the end, data is defined by a company’s consumers. “When the data is wrong,” she mused, “who bleeds – the producer or the consumer? The consumer! So they need to become part of the game.” Just as management needs to steer the ship in a way to implement evolving data needs, data quality teams must communicate with consumers in order to look for persistent ways that data fails them. 

How Organisations Can Manage Underperforming Employees

People are happiest in roles where they get ample opportunities to apply themselves and play to their strengths. Underperformance could therefore also be owing to a mismatch in role expectations and deliverables vis-a-vis the strengths of a person. An average performer in one role might do a stellar job in a different role. It is therefore worth the while of the business and HR leaders to look at the competencies and personality traits of the individual and figure whether the employee has been given the right professional opportunities. At times, a small tweak in the current job role or a completely new responsibility might be the right solution to bring about the change from average to good performance, as the employee is able to shift mind share from their development areas and focus on leveraging their strengths. ... If you still fail to see the desired results, create a personalised performance improvement plan and set clear goals for them to achieve in a designated time period. Make sure that the goals are specific enough and are relevant to the organisational objective. 

The Physical Impact of Cyberattacks on Cities

Cities have a multitude of responsibilities, like keeping the lights on, keeping water flowing, keeping EMS staffed and operating, and these functions rely on technology and digital connection to keep themselves running. In essence, every department is its own tech company that is not only susceptible to cyberattacks but can be crippled if an attack is managed properly. Government officials must always have these threats top of mind when planning for attacks, as one seemingly isolated cyber incident can have the power to physically shut down needed resources. Once an attack hits a city, it is difficult for officials to regain the trust of the public. This cannot be seen as simply a byproduct of an attack — reputational impact is often a central goal of bad actors. Ransomware attacks can look like targeted campaigns to discredit a city, which in turn impacts the city's ability to generate revenue with a potential loss in residents and tourists, which are all critical for sustaining a city's viability. 

The CISO Role Transformation: The Shift from Security to Trust Assurance

There is a critical link between trust and revenue, asserting that companies that lead with trust and communicate it effectively go to market with an advantage. This new approach to cybersecurity allows companies to close deals faster, increase customer retention, and reduce the time to renewal. When cybersecurity is aligned with trust, it becomes an integral part of the revenue journey, contributing positively to customer acquisition costs, lifetime value, and overall business performance. ... The conversation shifted to the relationship between the SEC's final ruling on cybersecurity risk management and the concept of trust assurance. Marquez pointed out that while the ruling introduces regulatory requirements for companies to attest to their safety posture, it can be seen as a hammer approach rather than a carrot approach to trust assurance. He emphasized that businesses should proactively embrace trust practices to demonstrate value, rather than only reacting to regulatory pressure.

The IoT security enigma: Safely navigating an interconnected realm

The question of IoT security is a crisis waiting to happen. Inadequate passwords, obsolete software, and absence of proper encryption are an open invitation for hackers to breach sensitive information or seize control of these devices. The fallout can be severe, ranging from identity theft to financial damage and even physical harm. Data privacy is another significant concern. IoT devices amass and generate vast quantities of data, including potentially sensitive information such as location, health data, or financial transactions. Safeguarding this data is paramount to preserving individual privacy and security. Identity theft is another concern. By compromising IoT devices, hackers can gather personal information like login credentials or credit card details, causing chaos for victims. ... The convenience and benefits of the interconnected world are inseparable from cyber threats that call for immediate redress. The principal challenges surrounding IoT security range from a lack of inbuilt security measures to weakly encrypted communication protocols.

4 Popular Master Data Management Implementation Styles

The Registry approach is the dominant one among organizations that deal with many disparate data sources, particularly smaller and mid-sized ones. It works by placing data from all of those sources into one central repository where the data can be cleaned, consolidated, and aligned. Matching algorithms are used to identify and remove duplicates. An advantage of this approach is that the original data isn’t altered—changes are made directly within source systems as opposed to a separate MDM repository. Anyone verifying the truth of data, therefore, can use global identifiers to track it back to the original unaltered source. ... The Coexistence style of MDM implementation enables the MDM hub and the original data sources to all coexist fully in real time. Because there is no delay in updating records from one system to another, the golden record remains accurate at all times—as do the related applications that feed the data—leading to efficiency, timeliness, and complete accuracy.

Balancing risk and compliance: implications of the SEC’s new cybersecurity regulations

Guaranteeing that sensitive information is protected while ensuring companies demonstrate compliance requires the striking of a delicate balance. Consideration of how and when the attorney-client privilege - both the one that belongs to corporate communications and one that can be exclusive to the board - comes into play when conducting internal policy and reporting reviews, preparing draft reports that identify gaps and suggestions for closing them, determining what external vendors to use and communications with them, and related aspects of cyber readiness. ... The new SEC rules signal a shift in corporate cybersecurity management. These rules, although challenging, offer an opportunity for companies to exhibit their commitment to managing these risks. With the right tools, services, and advice, businesses can not only comply with these new rules but also bolster their overall cybersecurity posture, thereby protecting their operations, reputation, and bottom line.

How AI brings greater accuracy, speed, and scale to microsegmentation

Bringing greater accuracy, speed and scale to microsegmentation is an ideal use case for AI, ML and the evolving area of new generative AI apps based on private Large Language Models (LLMs). Microsegmention is often scheduled in the latter stages of a zero trust framework’s roadmap because the large-scale implementation can often take longer than expected. AI and ML can help increase the odds of success earlier in a zero-trust initiative by automating the most manual aspects of implementation. Using ML algorithms to learn how an implementation can be optimized further strengthens results by enforcing the least privileged access for every resource and securing every identity. Forrester found that the majority of microsegmentation projects fail because on-premise private networks are among the most challenging domains to secure. Most organizations’ private networks are also flat and defy granular policy definitions to the level that microsegmentation needs to secure their infrastructure fully.

Quote for the day:

"Good leadership consists of showing average people how to do the work of superior people." -- John D. Rockefeller

No comments:

Post a Comment