February 20, 2025
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Network tokenization replaces sensitive Primary Account Numbers with tokens, rendering stolen data useless to fraudsters and addressing a major area of fraud: online payments. "Fraud rates are seven times higher online than in physical stores, as criminals exploit exposed card numbers," Mastercard's chief digital officer Pablo Fourez told Information Security Media Group. Shifting to tokenization protects businesses from financial losses and safeguards reputation and customer trust. ... But adoption of network tokenization does come with challenges including issuer readiness, regulatory hurdles and inconsistent implementations. Integrating network tokenization across multiple card networks requires multiple integrations, ensuring interoperability and maintaining high security standards, Fourez said. Compliance with varying regulatory requirements and achieving scalability without performance issues can be resource-intensive, he said. Ramakrishnan points to delays in token provisioning that may slow the speed of transactions if the technology is not scalable. Situations in which one entity in the payment ecosystem does not use network tokens can be major failure points that can lead to transaction failure and cart abandonment.
There’s a big difference between disaster recovery (DR) and cyber recovery. For DR, infrastructure and backup teams are the central players and an organization can be up and running in no time. Cyber recovery, however, involves the entire business — backup teams, network teams, cloud personnel, incident response teams from security, teams that are validating the active directory before restores, as well as the application owners and business owners that depend on those functions. ... “There are bigger questions that you only get to by testing your process,” Grantham says. “Whatever your business is, it’s about looking at that data and saying, how do I provide access in this modified environment? For every one of the applications supporting that, having a run book to say, this is the people, the process, linked to the technology to get me to a user in the system performing their daily function because they need to be able to do their job. That run book gets them there. If your data is just sitting on a hard drive in the middle of a data center, how does that help your business?” ... “The idea that cyber recovery strategies require continual evolution, just like zero trust is an evolution of different identity standards, is not something that a lot of businesses have accepted yet,” Grantham says.?
While it’s been working on its own quantum computing hardware, Microsoft has also been building out a quantum computing stack, with its Q# development language and quantum algorithms that can run on the quantum hardware from IonQ, Pasqal, Quantinuum, QCI, and Rigetti that’s available through Azure — but the most powerful systems so far are still in the 20-30 qubit range. ... A prototype fault-tolerant quantum computer will be available “in years, not decades,” promised Chetan Nayak, Microsoft’s VP of quantum hardware. The potential of topological qubits is why DARPA announced earlier this month that Microsoft is one the first two companies to be invited to join its rigorous program for investigating whether it’s possible to build a useful quantum computer — where the value of the computing it can do is worth more than what it costs to build and run — by 2033, using what the agency calls underexplored systems. ... Initially, there are just eight physical qubits in the Majorana 1 QPU, which Microsoft can assign in different ways to get the number of logical qubits it wants. Calling it a QPU is a reminder that there will probably be a lot of different kinds of quantum computer, and that researchers will pick the one that suits them — like choosing a different GPU for a specific workload.
A CISO can only be as good as the security team. Assembling a strong team requires good selection and effective management: that is, who do you recruit, and how do you maintain top efficiency? Recruitment is a balance between multiple individual rock stars and a single cohesive team. That’s a personal choice for each CISO, but usually involves a compromise: the best possible individuals with the widest possible range of diversity that will still make a single team. Having recruited the team, the CISO must help them excel both as individuals and one team. “I love the Japanese concept of ‘ikigai’,” said Marcus. Ikigai can be defined as finding your life’s purpose – the meeting point of personal passion, skills, mission, and vocation. “I think you need to deliver an experience for the security team that checks all these boxes. They need to have interesting problems. They need to be using modern technology with some autonomy over what they use. You need to provide a sense of purpose – that what they’re doing is not just about the immediate technical work, but will have a broader impact on the company, the industry, and the world at large. And of course, you must pay them what they’re worth. I think if you do all these things, you’ll have a very happy and motivated and engaged team.”
Today's AI models do more than automate. They engage. They understand user input conversationally, simulate thought processes, and adapt to preferences. AI's ability to adapt comes from machine learning constantly improving by analyzing huge amounts of data. This has made AI smarter and easier for people and businesses to use. The impact is undeniable in creative industries as AI tools can design logos, generate intricate artwork, and write compelling narratives, offering creators new possibilities. These advancements are transforming how people work, create, and innovate.?Generative AI is now the focus of business strategies, with companies using these technologies to enhance efficiency and engage with their audiences in new ways. ... That said, the role of human creativity isn't being erased; it's evolving. Perhaps the designers and writers of tomorrow aren't disappearing but transforming into prompt engineers and crafting ideas in collaboration with these tools, mastering a new kind of artistry. Let's face it: Just because AI creates something doesn't mean it's good. The ability to discern, curate, and refine that intangible "eye" for greatness will always remain profoundly human. Unless, of course, Skynet becomes a reality.
Asset visibility remains a critical issue because organizations often lack a real-time, unified view of their IT, OT, and cloud environments.?Shadow IT, unmanaged endpoints, remote work and third-party integrations create blind spot which increases attack vectors. Without complete visibility, security teams struggle to detect and respond to threats effectively, leaving organizations vulnerable to breaches and compromises. Good visibility across enterprise assets is no longer just a nice to have, it’s a necessity to survive in the digital world. ... Improving visibility of digital assets is critical for all organizations, otherwise, blind spots will exist in networks which criminals can exploit. Organizations must treat every endpoint as a potential entry point, ensuring it is seen and secured. It’s also important to remember that perfect technology doesn’t exist, vulnerabilities will always surface in products, so organizations must not only have an inventory of their assets, but also the ability to apply patches and security updates automatically, without necessarily having to pull all systems down. Improving OT visibility requires a specialised approach due to the sensitive nature of legacy and ICS systems.