Quote for the day:
"Good management is the art of making problems so interesting and their solutions so constructive that everyone wants to get to work and deal with them." -- Paul Hawken
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
Data on the most significant threats and what technologies and processes can
have the greatest preventative impact on those threats are extremely valuable,
says Andrew Braunberg, principal analyst at business intelligence firm Omdia.
"It's great data for the enterprise, no question about it — that kind of data is
going to be more and more useful for folks," he says. "As insurers figure out
how to collect more standardized data, and more comprehensive data, at a quicker
cadence — that's good news." ... While most companies do not consider their
cyber-insurance provider as a security adviser, they do make decisions based on
the premiums presented to them, says Omdia's Braunberg. And many companies seem
ready to rely on insurers more. "Nobody really thought of these guys as security
advisors that they should really be turning to, but if that shift happens, then
I think the question gets a lot more interesting," he says. "Companies may have
these annual sit-downs with their insurers where you really walk through this
data and decide what kind of investments to make — and that's a different world
than the way most security investment decisions are done today." The fact that
cyber insurers are moving into an advisory role may be good news, considering
the US government's pullback from aiding enterprises with cybersecurity, says
At-Bay's Tyra.
How to Handle a Talented, Yet Quirky, IT Team Member
Balance respect for individuality with the needs of the team and organization.
By valuing their quirks as part of their creative process, you'll foster a sense
of belonging and loyalty, Honnenahalli says. "Clear boundaries and open
communication will prevent potential misunderstandings, ensuring harmony within
the team." ... Leaders should aim to channel quirkiness constructively rather
than working to eliminate it. For instance, if a quirky habit is distracting or
counterproductive, the team leader can guide the individual toward alternatives
that achieve similar results without causing friction, Honnenahalli says. Avoid
suppressing individuality unless it directly conflicts with professional
responsibilities or team cohesion. Help the unconventional team member channel
their quirks productively rather than trying to reduce them, Xu suggests. "This
means offering support and guidance in ways that allow them to thrive within the
structure of the team." Remember that quirks can often be a unique asset in
problem-solving and innovation. ... In IT, where innovation thrives on diverse
perspectives, quirky team members often deliver creative solutions and
unconventional thinking, Honnenahalli says. "Leaders who manage such individuals
effectively can cultivate a culture of innovation and inclusivity, boosting
morale and productivity."
A Guide to Managing Machine Identities
Limited visibility into highly fragmented machine identities makes them
difficult to manage and secure. According to CyberArk's 2024 Identity Security
Threat Landscape Report - a global survey of 2,400 security decision-makers
across 18 countries - 93% of organizations experienced two or more
identity-related breaches in 2023. Machine identities are a frequent target,
with previous CyberArk research indicating that two-thirds of organizations have
access to sensitive data. A ransomware attack on a popular file transfer system
last year exposed the sensitive information of approximately 60 million
individuals and impacted more than 2,000 public and private sector
organizations. ... To address the challenges associated with managing fragmented
machine identities, CyberArk Secrets Hub and CyberArk Cloud Visibility can help
standardize and automate operational processes. These tools provide better
visibility into identities that require access and determine whether the request
is legitimate. ... Organizations should identify and secure their machine
identities across multiple on-premises and cloud environments, including those
from different cloud service providers. The right governance tool can help
organizations meet the unique needs of each platform, while also making it
easier to maintain a unified approach to machine identity management.
7 strategic insights business and IT leaders need for AI transformation in 2025
AI innovation continues rapidly, but enterprises must distinguish between
practical AI that delivers tangible ROI and aspirational solutions that lack
immediate business value. Practical AI enhances agent productivity, reduces
handle times, and personalizes customer interactions in ways that directly
impact revenue and operational efficiency. Business leaders must challenge
vendors to demonstrate clear business cases, ensuring AI investments align with
specific organizational objectives rather than speculative, unproven technology.
Also, every AI initiative must have a roadmap with clearly defined focus areas
and milestones. ... Enterprises now generate vast amounts of interaction data,
but the true competitive advantage sits with AI-powered analytics. Real-time
sentiment analysis, predictive modeling, and conversational intelligence
redefine how organizations measure and optimize performance across
customer-facing and internal communications. Companies that harness these
insights can proactively address customer needs, optimize workforce performance,
and drive data-driven decision-making -- at scale. ... Automation is no longer
just a convenience but a necessity for streamlining complex business processes
and enhancing customer journeys.
Bryson Bort on Cyber Entrepreneurship and the Needed Focus on Critical Infrastructure
Most people only know industrial control systems as “Stuxnet” and, even then,
with a limited idea of what exactly that means. These are the computers that run
critical infrastructure, manufacturing plants, and dialysis machines in
hospitals. A bad day with normal computers means ransomware where a business
can’t run, espionage where a company loses valuable data, or a regular person
getting scammed out of their bank account. All pretty bad, but at least everyone
is still breathing. With ICS, a bad day can mean loss of life or limb and that’s
just at the point of use. The downstream effects of water or electricity being
disrupted sends us to the Stone Ages immediately and there is a direct
correlation to loss of life in those scenarios. ... As an entrepreneur, it’s the
same and the Law of N is the variable number of people that you can lead where
you personally have a visible impact on their daily requirements. The second you
hit N+1, it is another leader below you in the chain who now has that impact. In
summary: 1) you can’t do it alone, being an individual contributor (no matter
how talented) is never going to be as impactful as a squad/team; 2) the
structure you build is going to dictate the success or failure of the execution
of your ideas; and 3) you have leadership limits of what you can control.
Rethinking talent strategy: What happens when you merge performance with development
Often, performance and development live on different systems, with no unified
view of progress, potential, or skill gaps. Without a continuous data loop,
talent teams struggle to design meaningful interventions, and line managers
lack the insight to support growth conversations effectively. The result?
Employee development efforts become reactive, generic, and in many cases,
ineffective. But the problem isn’t just technical. According to Mohit Sharma,
CHRO at EKA Mobility, there’s a strategic imbalance in focus. “Performance
management often prioritises business metrics—financials, customer outcomes,
process efficiency—while people-related goals receive less attention,” he
says. “This naturally sidelines employee development.” And when development is
treated as an afterthought, Individual Development Plans (IDPs) become little
more than checkboxes. “The IDP often runs as a standalone activity,
disconnected from performance outcomes,” Sharma adds. “This fragmentation
means development doesn’t feed into performance—and vice versa.” Moreover,
most organisations struggle with systematic skill-gap identification. In
fast-changing industries, capability needs evolve every quarter.
How cybercriminals are using AI to power up ransomware attacks
Ransomware gangs are increasingly deploying AI across every stage of their
operations, from initial research to payload deployment and negotiations.
Smaller outfits can punch well above their weight in terms of scale and
sophistication, while more established groups are transforming into fully
automated extortion machines. As new gangs emerge, evolve and adapt to boost
their chances of success, here we explore the AI-driven tactics that are
reshaping ransomware as we know it. Cybercriminal groups will typically pursue
the path of least resistance to making a profit. As such, most cases of malign
AI have been lower hanging fruit focusing on automating existing processes. That
said, there is also a significant risk of more tech-savvy groups using AI to
enhance the effectiveness of the malware itself. Perhaps the most dangerous
example is polymorphic ransomware, which uses AI to mutate its code in real
time. Each time the malware infects a new system, it rewrites itself, making
detection far more difficult as it evades antivirus and endpoint security
looking for specific signatures. Self-learning capabilities and independent
adaptability are drastically increasing the chances of ransomware reaching
critical systems and propagating before it can be detected and shut down.
IBM Quantum CTO Says Codes And Commitment Are Critical For Hitting Quantum Roadmap Goals
The technique — called the Gross code — shrinks the number of physical qubits
required to produce stable output, significantly easing the engineering burden,
according to R&D World. “The Gross code bought us two really big things,”
Oliver Dial, IBM Quantum’s chief technology officer, said in an interview with
R&D World. “One is a 10-fold reduction in the number of physical qubits
needed per logical qubit compared to typical surface code estimates.” ... IBM’s
optimism is grounded not just in long-term error correction, but in near-term
tactics like error mitigation, a strategy to extract meaningful results from
today’s imperfect machines. These techniques offer a way to recover accurate
answers from computers that commit errors, Dial told R&D World. He sees this
as a bridge between today’s noisy intermediate-scale quantum (NISQ) machines and
tomorrow’s fully fault-tolerant quantum computers. Competitors are also racing
to prove real-world use cases. Google has published recent results in quantum
error correction, while Quantinuum and JPMorgan Chase are exploring secure
applications like random number generation, R&D World points out. IBM’s bet
is that better codes, especially its low-density parity check (LDPC) approach
refined through the Gross code, will accelerate real deployments.
Defining leadership through mentorship and a strong network
While it’s a challenge to schedule a time each month that works for everyone,
she says, there’s a lot of value in them to build strong team camaraderie. It’s
also helped everyone better understand diverse backgrounds, what everyone’s
contributing, and how the team can lean into those strengths and overcome
challenges. ... While she wasn’t sure how it would land, it grabbed the
attention of the CIO, who had never seen this approach before, and opened the
dialogue for Schulze to be a candidate. She decided to push past any
insecurities or fears, and go for a position she didn’t necessarily feel totally
qualified for, but ended up landing the job. Schulze knows not everyone feels
comfortable stepping out of their comfort zone, but as a leader, she wants to
set that example for her employees. She identifies opportunities for growth and
advancement, regardless of background or experience, and helps them tap into
their potential. She understands it’s difficult for women to break through the
boys club mentality that can exist in tech, and the challenge to fight
stereotypes around women in IT and STEM careers. In her own career, Schulze had
to apply herself extra hard to prove her worth and value, even when she had the
same answers as her male counterparts.
Cracking the Code on Cybersecurity ROI
Quantifying the total cost of cybersecurity investments — which have long been
at the top of most companies' IT spending priorities — is easy enough. It
entails adding up the cost of the hardware resources, software tools, and
personnel (including both internal employees as well as any outsourced
cybersecurity services) that an organization deploys to mitigate security risks.
But determining how much value those investments yield is where things get
tricky. This is primarily because, again, the goal of cybersecurity investments
is to prevent breaches from occurring — and when no breach occurs, there is no
quantifiable cost to measure. ... Rather than estimating breach frequency and
cost based on historical data specific to your business, you could look at data
about current cybersecurity trends for other companies similar to yours,
considering factors like their region, the type of industry they operate in, and
their size. This data provides insight into how likely your type of business
will experience a breach and what that breach will likely cost. ... A third
approach is to measure cybersecurity ROI in terms of the value you don't create
due to breaches that do occur. This is effectively an inverse form of
cybersecurity ROI. ... Using this data, you can predict how much money you'd
save through additional cybersecurity spending.
No comments:
Post a Comment