August 17, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Attacks on industrial control systems (ICS) may not be just about ransomware or accessing information but about deliberately making machines misbehave. Attackers can exploit vulnerabilities to make machines overheat, or robotic arms swing unpredictably. A failed attack on a water utility in Florida attempted to raise the amount of lye in the drinking water; success might have killed thousands. ... When operations in your factory, plant, or substation shut down, revenue will cease. So, an important question not just for the CISO, but for Operations, Finance, and other chiefs is how long you can go without the expected revenue that you may never see??... There will be significant damage to an organization's public reputation as news of an attack gets out. The customer trust that took years to build may be gone in an instant, and customers forced to find another supplier while you're shut down may not come back. After all, your shutdown not only inflicted damage to companies further down the chain, it may also have created an impression that you were careless in letting it happen.
Legal concerns could stem from the nature of risk quantification. This process is designed to uncover problems with an actionable amount of detail. Anything that is discoverable in a legal proceeding can find its way into a court case and embarrassing fallout may ensue. The fear is that the very detailed CRQ risk assessment results will be made public. For many organizations that have not adopted CRQ, such results may include lists of broken or missing controls and audit results, all with corresponding verbal risk labels (e.g., high, medium, low). They could (and really should) also include a list of scenarios with the same risk labels attached to them. These results alone could be damning to some organizations. Specific CRQ concerns stem from having all of these elements tied to a potential amount of loss and frequency. However, it is difficult to imagine a court proceeding where strictly qualitative results would allow an organization to walk free.
The report highlighted a number of key challenges facing organizations in the EMEA, which are clearly now being discussed in the C-Suite. These challenges include the level of regulatory compliance that organisations now face, especially those operating in these regions. In my opinion, the General Data Protection Regulation (GDPR) is still a massively misunderstood piece of legislation that organisations need help with, yet, the C-Suite recognises the importance of it. Added to this is the ongoing threat cybercrime, as organisations large and small are facing an increasing number of cyberattacks, including ransomware attacks, data breaches, and Distributed Denial of Service (DDoS) attacks. ... To embed cybersecurity and data protection within an organisation, you do not look to build a security culture, but rather, you look to build a culture that respects the importance of Security. This is a simple, yet profound distinction. Every organization possesses a culture, which might either emerge naturally or be intentionally and meticulously developed. Regardless of its origins, the influence of this culture on an organization remains undeniable.
领英推荐
No matter how you choose to leverage AI in the data management space — whether you're using AI for more basic needs or you're taking advantage of next-generation AI technologies — your goal should be to identify ways that AI can accelerate workflows and reduce toil for data engineers. Much of the work that data engineers perform on a daily basis can be tedious and time-consuming. Converting data from one format to another by hand could take enormous amounts of time and is a boring task, to put it mildly. So is sifting through vast volumes of information to find data quality issues like redundant or empty cells. Even if you leverage tools to help search and sort data automatically, you're still likely to find yourself investing an inordinate amount of time on data quality if you have to write complex queries by hand to detect quality problems. But if you can substitute AI-based workflows for these tasks, you save yourself a lot of time and labor.?
Low and no-code continue to gain popularity because organizations "are realizing that these tools are not just for early-stage or beginner citizen developers but also for sophisticated, senior developers to save them valuable time and effort," says Pulijala. "Low-code/no-code helps, whether it's addressing talent shortages or freeing up other developers' time. With low-code/no-code solutions, a junior product manager can build a basic prototype, freeing up more senior engineers to focus on customized, higher code solutions. In addition to mitigating talent shortages, low-code/no-code tools improve business agility and contribute to cost savings since it significantly reduces hiring costs and application maintenance costs." ... "While no-code solutions are built from the point-of-view of a non-developer user, they will at times still require professional IT intervention. Enterprise applications can be complex and outages can happen, requiring IT to step in to triage and get things running again."
Data center equipment and infrastructure solutions provider CyberPower's PowerPanel Enterprise DCIM platform allows information technology teams to manage, configure and monitor the infrastructure within a data center through the cloud, serving as a single source of information and control for all devices. "These platforms are commonly used by companies managing on-premises server deployments to larger, co-located data centers - like those from major cloud providers AWS, Google Cloud and Microsoft Azure," the researchers said. Dataprobe manufactures power management products that assist businesses in monitoring and controlling their equipment. The iBoot-PDU allows administrators to remotely manage the power supply to their devices and equipment via a "simple and easy-to-use" web application, according to the researchers, who added that the devices are "typically found in small to midsized data centers and used by SMBs managing on-premises server deployments."