Quote for the day:
"The most powerful leadership tool you have is your own personal example." -- John Wooden
Bridging the IT and security team divide for effective incident response

One reason IT and security teams end up siloed is the healthy competitiveness
that often exists between them. IT wants to innovate, while security wants to
lock things down. These teams are made up from brilliant minds. However, faced
with the pressure of a crisis, they might hesitate to admit they feel out of
control, simmering issues may come to a head, or they may become so fixated on
solving the issue that they fail to update others. To build an effective
incident response strategy, identifying a shared vision is essential. Here,
leadership should host joint workshops where teams learn more about each other
and share ideas about embedding security into system architecture. These
sessions should also simulate real-world crises, so that each team is familiar
with how their roles intersect during a high-pressure situation and feel
comfortable when an actual crisis arises. ... By simulating realistic scenarios
– whether it’s ransomware incidents or malware attacks – those in leadership
positions can directly test and measure the incident response plan so that is
becomes an ingrained process. Throw in curveballs when needed, and use these
exercises to identify gaps in processes, tools, or communication. There’s a
world of issues to uncover disconnected tools and systems; a lack of automation
that could speed up response times; and excessive documentation requirements.
First Principles in Foundation Model Development

The mapping of words and concepts into high-dimensional vectors captures
semantic relationships in a continuous space. Words with similar meanings or
that frequently appear in similar contexts are positioned closer to each other
in this vector space. This allows the model to understand analogies and subtle
nuances in language. The emergence of semantic meaning from co-occurrence
patterns highlights the statistical nature of this learning process.
Hierarchical knowledge structures, such as the understanding that “dog” is a
type of “animal,” which is a type of “living being,” develop organically as the
model identifies recurring statistical relationships across vast amounts of
text. ... The self-attention mechanism represents a significant architectural
innovation. Unlike recurrent neural networks that process sequences
sequentially, self-attention allows the model to consider all parts of the input
sequence simultaneously when processing each word. The “dynamic weighting of
contextual relevance” means that for any given word in the input, the model can
attend more strongly to other words that are particularly relevant to its
meaning in that specific context. This ability to capture long-range
dependencies is critical for understanding complex language structures. The
parallel processing capability significantly speeds up training and
inference.
The best preparation for a password-less future is to start living there now

One of the big ideas behind passkeys is to keep us users from behaving as our
own worst enemies. For nearly two decades, malicious actors -- mainly phishers
and smishers -- have been tricking us into giving them our passwords. You'd
think we would have learned how to detect and avoid these scams by now. But we
haven't, and the damage is ongoing. ... But let's be clear: Passkeys are not
passwords. If we're getting rid of passwords, shouldn't we also get rid of the
phrase "password manager?" Note that there are two primary types of credential
managers. The first is the built-in credential manager. These are the ones from
Apple, Google, Microsoft, and some browser makers built into our platforms and
browsers, including Windows, Edge, MacOS, Android, and Chrome. With passkeys, if
you don't bring your own credential manager, you'll likely end up using one of
these. ... The FIDO Alliance defines a "roaming authenticator" as a separate
device to which your passkeys can be securely saved and recalled. Examples are
hardware security keys (e.g., Yubico) and recent Android phones and tablets,
which can act in the capacity of a hardware security key. Since your credentials
to your credential manager are literally the keys to your entire kingdom, they
deserve some extra special security.
Mind the Gap: Assessing Data Quality Readiness
Data Quality Readiness is defined as the ratio of the number of fully described
Data Quality Measure Elements that are being calculated and/or collected to the
number of Data Quality Measure Elements in the desired set of Data Quality
Measures. By fully described I mean both the “number of data values” part and
the “that are outliers” part. The first prerequisite activity is determining
which Quality Measures you want to implement. The ISO standard defines 15
different Data Quality Characteristics. I covered those last time. The Data
Quality Characteristics are made up of 63 Quality Measures. The Quality Measures
are categorized as Highly Recommendable (19), Recommendable (36), and For
Reference (8). This provides a starting point for prioritization. Begin with a
few measures that are most applicable to your organization and that will have
the greatest potential to improve the quality of your data. The reusability of
the Quality Measures can factor into the decision, but it shouldn’t be the
primary driver. The objective is not merely to collect information for its own
sake, but to use that information to generate value for the enterprise. The
result will be a set of Data Quality Measure Elements to collect and calculate.
You do the ones that are best for you, but I would recommend looking at two in
particular.
Why non-human identity security is the next big challenge in cybersecurity

What makes this particularly challenging is that each of these identities
requires access to sensitive resources and carries potential security risks.
Unlike human users, who follow predictable patterns and can be managed through
traditional IAM solutions, non-human identities operate 24/7, often with
elevated privileges, making them attractive targets for attackers. ... We’re
witnessing a paradigm shift in how we need to think about identity security.
Traditional security models were built around human users – focusing on aspects
like authentication, authorisation and access management from a human-centric
perspective. But this approach is inadequate for the machine-dominated future
we’re entering. Organisations need to adopt a comprehensive governance framework
specifically designed for non-human identities. This means implementing
automated discovery and classification of all machine identities and their
secrets, establishing centralised visibility and control and enforcing
consistent security policies across all platforms and environments. ... First,
organisations need to gain visibility into their non-human identity landscape.
This means conducting a thorough inventory of all machine identities and their
secrets, their access patterns and their risk profiles.
Preparing for the next wave of machine identity growth
First, let’s talk about the problem of ownership. Even organizations that have
conducted a thorough inventory of the machine identities in their environments
often lack a clear understanding of who is responsible for managing those
identities. In fact, 75% of the organizations we surveyed indicated that they
don’t have assigned ownership for individual machine identities. That’s a real
problem—especially since poor (or insufficient) governance practices
significantly increase the likelihood of compromised access, data loss, and
other negative outcomes. Another critical blind spot is around understanding
what data each machine identity can or should be able to access—and just as
importantly, what it cannot and should not access. Without clarity, it becomes
nearly impossible to enforce proper security controls, limit unnecessary
exposure, or maintain compliance. Each machine identity is a potential access
point to sensitive data and critical systems. Failing to define and control
their access scope opens the door to serious risk. Addressing the issue starts
with putting a comprehensive machine identity security solution in place—ideally
one that lets organizations govern machine identities just as they do human
identities. Automation plays a critical role: with so many identities to secure,
a solution that can discover, classify, assign ownership, certify, and manage
the full lifecycle of machine identities significantly streamlines the process.
To Compete, Banking Tech Needs to Be Extensible. A Flexible Platform is Key

The banking ecosystem includes three broad stages along the trajectory toward
extensibility, according to Ryan Siebecker, a forward deployed engineer at
Narmi, a banking software firm. These include closed, non-extensible systems —
typically legacy cores with proprietary software that doesn’t easily connect to
third-party apps; systems that allow limited, custom integrations; and open,
extensible systems that allow API-based connectivity to third-party apps. ...
The route to extensibility can be enabled through an internally built, custom
middleware system, or institutions can work with outside vendors whose systems
operate in parallel with core systems, including Narmi. Michigan State
University Federal Credit Union, which began its journey toward extensibility in
2009, pursued an independent route by building in-house middleware
infrastructure to allow API connectivity to third-party apps. Building
in-house made sense given the early rollout of extensible capabilities, but when
developing a toolset internally, institutions need to consider appropriate
staffing levels — a commitment not all community banks and credit unions can
make. For MSUFCU, the benefit was greater customization, according to the credit
union’s chief technology officer Benjamin Maxim. "With the timing that we
started, we had to do it all ourselves," he says, noting that it took about 40
team members to build a middleware system to support extensibility.
5 Strategies for Securing and Scaling Streaming Data in the AI Era

Streaming data should never be wide open within the enterprise. Least-privilege
access controls, enforced through role-based (RBAC) or attribute-based (ABAC)
access control models, limit each user or application to only what’s essential.
Fine-grained access control lists (ACLs) add another layer of protection,
restricting read/write access to only the necessary topics or channels. Combine
these controls with multifactor authentication, and even a compromised
credential is unlikely to give attackers meaningful reach. ... Virtual private
cloud (VPC) peering and private network setups are essential for enterprises
that want to keep streaming data secure in transit. These configurations ensure
data never touches the public internet, thus eliminating exposure to distributed
denial of service (DDoS), man-in-the-middle attacks and external reconnaissance.
Beyond security, private networking improves performance. It reduces jitter and
latency, which is critical for applications that rely on subsecond delivery or
AI model responsiveness. While VPC peering takes thoughtful setup, the benefits
in reliability and protection are well worth the investment. ... Just as
importantly, security needs to be embedded into culture. Enterprises that
regularly train their employees on privacy and data protection tend to identify
issues earlier and recover faster.
Supply Chain Cybersecurity – CISO Risk Management Guide

Modern supply chains often span continents and involve hundreds or even
thousands of third-party vendors, each with their security postures and
vulnerabilities. Attackers have recognized that breaching a less secure supplier
can be the easiest way to compromise a well-defended target. Recent high-profile
incidents have shown that supply chain attacks can lead to data breaches,
operational disruptions, and significant financial losses. The
interconnectedness of digital systems means that a single compromised vendor can
have a cascading effect, impacting multiple organizations downstream. For CISOs,
this means that traditional perimeter-based security is no longer sufficient.
Instead, a holistic approach must be taken that considers every entity with
access to critical systems or data as a potential risk vector. ... Building a
secure supply chain is not a one-time project—it’s an ongoing journey that
demands leadership, collaboration, and adaptability. CISOs must position
themselves as business enablers, guiding the organization to view cybersecurity
not as a barrier but as a competitive advantage. This starts with embedding
cybersecurity considerations into every stage of the supplier lifecycle, from
onboarding to offboarding. Leadership engagement is crucial: CISOs should
regularly brief the executive team and board on supply chain risks, translating
technical findings into business impacts such as potential downtime,
reputational damage, or regulatory penalties.
Developers Must Slay the Complexity and Security Issues of AI Coding Tools

Beyond adding further complexity to the codebase, AI models also lack the
contextual nuance that is often necessary for creating high-quality, secure
code, primarily when used by developers who lack security knowledge. As a
result, vulnerabilities and other flaws are being introduced at a pace never
before seen. The current software environment has grown out of control
security-wise, showing no signs of slowing down. But there is hope for slaying
these twin dragons of complexity and insecurity. Organizations must step into
the dragon’s lair armed with strong developer risk management, backed by
education and upskilling that gives developers the tools they need to bring
software under control. ... AI tools increase the speed of code delivery,
enhancing efficiency in raw production, but those early productivity gains are
being overwhelmed by code maintainability issues later in the SDLC. The answer
is to address those issues at the beginning, before they put applications and
data at risk. ... Organizations involved in software creation need to change
their culture, adopting a security-first mindset in which secure software is
seen not just as a technical issue but as a business priority. Persistent
attacks and high-profile data breaches have become too common for boardrooms and
CEOs to ignore.
No comments:
Post a Comment