Keep Learning or Keep Losing: There's No Finish Line
Traditional training and certifications are a starting point, but they're often
not enough to prepare professionals for real-world challenges. Current research
supports a need for cybersecurity education to be interactive, with practical
approaches that deepen both engagement and understanding. ... For cybersecurity
professionals, a commitment to lifelong learning is a career advantage. Those
who prioritize continuous education stand out, not only because they keep pace
with industry advancements but also because they demonstrate a proactive mindset
valued by employers. Embracing lifelong learning positions professionals for
growth, higher responsibility and leadership opportunities within their
organizations. Organizations that foster a culture of continuous learning create
an environment in which employees feel empowered and supported in their growth.
These organizations often find they retain talent longer and perform better in
crisis situations because their teams are both knowledgeable and resilient. By
prioritizing ongoing education, companies can cultivate a workforce that's
agile, engaged and better prepared to face cyberthreats head-on. In
cybersecurity, the question isn't whether you'll keep learning - it's how you'll
keep learning.
Top 5 security mistakes software developers make
“A very common practice is the lack of or incorrect input validation,” Tanya
Janca, who is writing her second book on application security and has
consulted for many years on the topic, tells CSO. Snyk also has blogged about
this, saying that developers need to “ensure accurate input validation and
that the data is syntactically and semantically correct.” Stackhawk wrote,
“always make sure that the backend input is validated and sanitized properly.”
... One aspect of lax authentication has to do with what is called “secrets
sprawl,” the mistake of using hard-coded credentials in the code, including
API and encryption keys and login passwords. Git Guardian tracks this issue
and found that almost every breach exposing such secrets remained active for
at least five days after the software’s author was notified. They found that a
tenth of open-source authors leaked a secret, which amounts to bad behavior of
about 1.7 million developers. ... But there is a second issue that goes to
understanding security culture so you can make the right choices of tools that
will actually get deployed by your developers. Jeevan Singh blogs about this
issue, mentioning that you have to start small and not just go shopping for
everything all at once, “so as not to overwhelm your engineering organization
with huge lists of vulnerabilities. ..."
There is No Autonomous Network Without Observability
One of the best things about observability is how it strengthens network
resilience. Downtime can not only damage your reputation and frustrate your
customers; it is also flat-out expensive. Observability helps you spot
vulnerabilities before they become major issues. With real-time insights, you
can jump in and make fixes before they lead to downtime or degraded
performance. Plus, observability works hand-in-hand with AI-driven assurance
systems. By constantly monitoring performance, these systems diligently look
for patterns that might hint at future problems. They can make proactive
adjustments, which cut down on the need for manual intervention. The result? A
network that is more self-reliant, adaptive, and able to keep running
smoothly. Observability doesn’t just stop there—it also steps up your security
game. With threat detection built into every layer of the network,
observability helps your network identify and deal with security issues in
real time, making it not just self-healing but self-securing. ... Today’s
networks are not confined to one domain anymore. We are working with
multi-domain networks that tie together radio, transport, and cloud
technologies. That creates a massive amount of data, and managing that data in
real time is a challenge.
Building a better future: The enterprise architect’s role in leading organizational transformation
Architects bring unique capabilities that make them well-suited for leadership
roles in an evolving business landscape. Their core strength lies in aligning
technology with business goals. This keeps innovation and growth
interconnected. Unlike traditional executives, architects have a holistic view
of both domains, allowing them to see the big picture and drive meaningful
change. With deep technical expertise, architects can navigate complex
systems, platforms, and infrastructures. But their strategic thinking sets
them apart—they don’t just focus on technology in isolation. They understand
how it drives business value, enabling them to make informed decisions that
benefit both the organization and its customers. Moreover, architects are
natural collaborators. They excel at bridging gaps between different business
units, fostering cross-functional teams, and ensuring integrated solutions
that work for the entire organization. This ability to collaborate across
departments makes them ideal for leadership in a world that values
adaptability, inclusivity, and alignment over rigid command structures. The
shift from a ‘command and control’ leadership mode to one of ‘align and
collaborate’ is transforming how organizations are managed.
How ‘Cheap Fakes’ Exploit Our Psychological Vulnerabilities
Cheap fakes exploit a range of psychological vulnerabilities, like fear,
greed, and curiosity. These vulnerabilities make social engineering attacks
prevalent across the board -- over two-thirds of data breaches involve a human
element -- but cheap fakes are particularly effective at leveraging them. This
is because many people are unable to identify manipulated media, particularly
when it aligns with their preconceptions and existing biases. According to a
study published in Science, false news spreads much faster than accurate
information on social media. Researchers found several explanations for this
phenomenon: false news tends to be more novel than the truth, and the stories
elicited “fear, disgust, and surprise in replies.” Cheap fakes rely on these
emotions to spread quickly and capture victims’ attention -- they create
inflammatory imagery, aim to increase political and social division, and often
present fragments of authentic content to produce the illusion of legitimacy.
At a time when cheap fakes and deepfakes are rapidly proliferating, IT teams
must emphasize a core principle of cybersecurity: Verify before you trust.
Employees should be taught to doubt their initial reactions to digital
content, particularly when that content is sensational, coercive, or
divisive....
Cloud vs. On-Prem: Comparing Long-Term Costs
You’ve seen many reports of companies saving millions of dollars by moving a
portion or majority of their workloads out of the cloud. When leaving the
cloud becomes financially viable, the price point will depend on your
workload, business requirements, and other factors, but here are some basic
guidelines to consider. Big cloud providers have historically made moving all
your data out of their cloud cost-prohibitive. Saving millions of dollars on
computing will not make sense if it costs millions to move your data. ... You
would have to reduce your cloud spend by 90-96% to save as much money as
buying hardware. Reserved instances and spots may save money, but never that
much. Budgeting hardware and collocation space will be easier to engineer and
more predictable for your long-term projected spending. Spending this much
money also means you are likely continuously upgrading based on your cloud
provider’s upgrade requirements. You will frequently upgrade operating
systems, database versions, Kubernetes clusters, and serverless runtimes. And
you have no agency to delay them until it works best for your business. But
saving people’s costs isn’t the only benefit. A frequent phrase when using the
cloud is “opportunity cost.”
Data Center Regulation Trends to Watch in 2025
Governments are increasingly focused on creating new or updated regulations to
strengthen digital resiliency and cybersecurity because of the growing
importance of IT in critical services, rising geopolitical tensions, explosion
of cyberattacks and increased outsourcing to cloud, according to the Uptime
Institute. EU’s DORA requires the finance industry to establish a risk
management framework, which includes business continuity and disaster recovery
plans that include data backup and recovery; incident reporting; digital
operational resilience testing; information sharing of cyber threats with
other financial institutions; and managing the risk of their third-party
information and communications technology (ICT) providers, such as cloud
providers. “You’ve got to make sure your data center is robust, resilient, and
that it doesn’t go down. And if it does go down, you’re responsible for it,”
said Rahiel Nasir, IDC’s associate research director of European Cloud and
lead analyst of worldwide digital sovereignty. Financial businesses will have
to ensure their third-party providers meet regulatory requirements by
negotiating it into their contracts. As a result, both the finance sector and
their service providers will need to implement the tools and procedures
necessary to comply with DORA, an IDC report said.
How AI will shape the next generation of cyber threats
In essence, AI turns advanced attack strategies into point-and-click
operations, removing the need for deep technical knowledge. Attackers won’t
need to write custom code or conduct in-depth research to exploit
vulnerabilities. Instead, AI systems will analyze target environments, find
weaknesses and even adapt attack patterns in real time without requiring much
input from the user. This shift greatly widens the pool of potential
attackers. Organizations that have traditionally focused on defending against
nation-state actors and professional hacker groups will now have to contend
with a much broader range of threats. Eventually, AI will empower individuals
with limited tech knowledge to execute attacks rivaling those of today’s most
advanced adversaries. To stay ahead, defenders must match this acceleration
with AI-powered defenses that can predict, detect and neutralize threats
before they escalate. In this new environment, success will depend not just on
reacting to attacks but on anticipating them. Organizations will need to adopt
predictive
AI
capabilities that can evolve alongside the rapidly shifting threat landscape,
staying one step ahead of attackers who now have unprecedented power at their
fingertips.
Navigating Privacy and Ethics in the Military use of AI
The report articulates the importance of integrating data governance into the
development and deployment of military AI systems, and stresses that as
military AI becomes increasingly central to national defense, so too does the
need for clear, ethical, and transparent practices surrounding the data used
to train these systems. “Data plays a critical role in the training, testing,
and use of artificial intelligence, including in the military domain,” the
report says, emphasizing that “research and development for AI-enabled
military solutions is proceeding at breakneck speed” and therefore “the
important role data plays in shaping these technologies have implications and,
at times, raises concerns.” The report says “these issues are increasingly
subject to scrutiny and range from difficulty in finding or creating training
and testing data relevant to the military domain, to (harmful) biases in
training data sets, as well as their susceptibility to cyberattacks and
interference (for example, data poisoning),” and points out that “pathways and
governance solutions to address these issues remain scarce and very much
underexplored.” Afina and Sarah Grand-ClĂ©ment said the risk of data breaches
or unauthorized access to military data also is a critical concern.
AI in Cybersecurity: Balancing Innovation with Risk
Generative AI has advanced to a point where it can produce unique,
grammatically sound, and contextually relevant content. Cybercriminals utilise
this technology to create convincing phishing emails, text messages, and other
forms of communication that mimic legitimate interactions. Unlike traditional
phishing attempts, which often exhibit suspicious language or grammatical
errors, AI-generated content can evade detection and manipulate targets more
effectively. Furthermore, AI can produce deepfake videos or audio recordings
that convincingly impersonate trusted individuals, increasing the likelihood
of successful scams. ... AI, particularly Machine Learning (ML) and deep
learning, can be instrumental in detecting suspicious activities and
identifying abnormal patterns in network traffic. AI can establish a baseline
of normal behavior by analysing vast datasets, including traffic trends,
application usage, browsing habits, and other network activity. This baseline
can serve as a guide for spotting anomalies and potential threats. AI’s
ability to process large volumes of data in real-time means it can flag
suspicious activities faster and more accurately, enabling immediate
remediation and minimising the chances of a successful cyberattack.
Quote for the day:
“It’s better to look ahead and
prepare, than to look back and regret.” -- Jackie Joyner Kersee
No comments:
Post a Comment