April 05, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Increasingly, CIOs are tasked with the adoption and orchestration of many technology platforms that influence digital transformation and enable the business strategy. This adoption involves a delicate balance of ensuring adequate guardrails exist through technology and security governance, while at the same time striving for speed and agility. When an employee develops a reputation for being a blocker, it starts to create an adversarial relationship between the business and IT. That often leads to shadow IT, in which employees start going around the IT or information security departments to get things done. Certainly, IT and information security need to have a strong voice in highlighting risks or technical barriers, but it’s equally important that we do our best to be solution-oriented, finding creative ways to make technology work for the business and implementing it securely. When an employee becomes a chronic blocker to business objectives and every issue becomes an immovable object, it undermines the trust and collaboration that the CIO is working to promote with the business.
Unfortunately, many respond to complexity by increasing complication—and thus increasing inelegance—through extensive bureaucracy with a rule for every contingency. Instead, leaders would be wise to pursue elegant simplicity: the fewest rules possible or, even better, a few rock-solid principles. This enables and empowers individuals and teams to quickly respond to the dynamism inherent in complexity. For example, look at Netflix’s five-word expense policy—“Act in Netflix’s best interest”—or Metro Bank’s customer service principle that requires only one person to say “yes” to a customer request, but two to say “no.” Authors Marc Effron and Miriam Ort, in their book, One Page Talent Management: Eliminating Complexity, Adding Value, argue, “Simplicity plays to basic human desires and cognitive processes. We crave it.” Insisting on simplicity rewards concise, coherent thinking and action; elegance recognizes and works with our core humanity. How better to engage and energize your workers? A fundamental challenge for leaders today is to reset and refocus their organizations to move with hope and confidence into an uncertain future.
A standard approach to addressing spoofed domains is to compare them to a database of known domains and to look for differences. When an email arrives, the cybersecurity solution counts the number of changes between the attacker’s signature and each instance in the known domain database. If there are a few changes, the domain is deemed suspicious. Measuring the number of changes between two sequences in this traditional way is done via the Levenshtein distance. While this technique works in some instances – such as when it detects a spoofed domain like m1crosoft – it struggles to identify more significant obfuscations such as MlCR0S0FT (with an “L” in place of an “I” and zeros in place of the letter “O”). The Levenshtein distance metric also finds it challenging to distinguish between microsoft-support and a microsoft domain. Since the traditional method is sometimes insufficient in detecting phishing scams, researchers have turned to nature and to a method called biomimicry.
领英推荐
While the financial services industry has always been an attractive target for hackers, the impact of how work has changed during COVID-19 has raised the stakes even higher. Research done with UK-based IT and security professionals points out that most believe COVID-induced work-from-home practices and remote work are accelerating attack risks in the financial services industry. I’m sure no one was surprised by these revelations, given the attractiveness of financial services data, such as customer records and personally identifiable information…let alone the ability to actually steal money and other financial assets. Many of us also know that cyber thieves are using “machines” to do their dirty work, such as automated attack tools, as well as artificial intelligence and machine learning algorithms. Another challenge is that our industry has an increased use of what I call “ephemeral computing,” such as cloud services and on demand technology services. While cloud is arguably more secure than any single organization’s data center, misconfigurations and oversight can leave an organization’s crown jewel data exposed in public, as we’ve seen with an increased number of highly public stories.
Looking at stories like the one outlined before, a pattern becomes visible: adaptability is mainly about organisational capabilities like situational awareness, clear alignment and focus on goals, and the ability to react fast to changes and to learn and improve and to deliver customer value constantly. Practically, there are many ways this can be accomplished. There is not “the one” blueprint that fits all organisations because much depends on the business, the environment, the evolution, and last but not least, the culture. This key insight triggered the idea to work on the travel guide for growing an adaptive organisation to give guidance, inspiration, orientation and ideas for experimenting in your concrete context so that you can find out what works for you - every transformation journey is different in the end. The idea of the travel guide is, that while we cannot give people a recipe for doing an agile transformation, we can share the transformation journeys we have lived through and show emerging success patterns that can guide others in their journey.?
Since the nodes in a mesh can act as repeaters, the range of the network can be extended beyond that of a single radio. Due to these advantages, wireless communication protocols that are designed for IoT applications have included mesh networking capability in their standards to enable scaling the network geographically through multi-hop operations. ... Many basic features of mesh networking are supported by all of these three protocols. For example, they all include the ability to self-heal, meaning that if a node is disabled or removed, the network reconfigures automatically to repair itself. However, there are major differences between these protocols. For instance, Bluetooth mesh uses a technique known as managed flooding to route data packets through the network where messages are simply broadcast to all nearby nodes, while Zigbee and Thread use the full routing technique in which. a specific path is chosen for the messages going from node A to node B. Such differences can have a significant impact on the network performance depending on the application requirements and conditions. Evaluating certain aspects of the Bluetooth mesh technology, such as the network latency, reliability, scalability, etc., might not be straightforward in some cases.