February 27, 2025
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Infostealers can amass massive quantities of credentials. To handle this glut, many cybercriminals create parsers to quickly ingest usernames and passwords for analysis, said Milivoj Raji?, head of threat intelligence at cybersecurity firm DynaRisk. The leaked internal communications of ransomware group Black Basta demonstrated this tactic, he said. Using a shared spreadsheet, the group identified organizations with emails present in infostealer logs, tested which access credentials worked, checked the organization's annual revenue and if its networks were protected by MFA. Using this information helped the ransomware group prioritize its targeting. Another measure of just how much data gets collected by infostealers: the Alien Txtbase records include 244 million passwords not already recorded as breached by Pwned Passwords. Hunt launched that free service in 2017, which anyone can query for free and anonymously, to help users never pick a password that's appeared in a known data breach, shortly after the U.S. National Institute for Standards and Technology began recommending that practice. Not all of the information contained in stealer logs being sold by criminals is necessarily legit. Some of it might be recycled from previous leaks or data dumps. Even so, Hunt said he was able to verify a random sample of the Alien Txtbase corpus with a "handful" of HIBP users he approached.
While some companies have successfully deployed strategic workforce planning in the past to reshape their workforces to meet future market requirements, there are also cautionary tales of organizations that have struggled with the transition to new technologies. For instance, the rapid innovation of smartphones left leading players such as Nokia behind. Periods of rapid technological change highlight the importance of predicting and responding to challenges with a dynamic talent planning model. Gen AI is not just another technological advancement affecting specific tasks; it represents a rewiring of how organizations operate and generate value. This transformation goes beyond automation, innovation, and productivity improvements to fundamentally alter the ratio of humans to technology in organizations. By having SWP in place, organizations can react more quickly and intentionally to these changes, monitoring leading and lagging indicators to stay ahead of the curve. This approach allows for identifying and developing new capabilities, ensuring that the workforce is prepared for the evolving demands these changes will bring. SWP gives a fact base to all talent decisions so that trade-offs can be explicitly discussed and strategic decisions can be made holistically—and with enterprise value top of mind.?
Fintech companies operate at the intersection of finance and technology, making them particularly vulnerable to cyber threats. These platforms process vast amounts of personal and financial data—from bank account details and credit card numbers to loan records and transaction histories. A single security breach can have devastating consequences, leading to financial losses, regulatory penalties, and reputational damage. Beyond individual risks, fintech platforms are interconnected within a larger financial ecosystem. A vulnerability in one system can cascade across multiple institutions, disrupting transactions, exposing sensitive data, and eroding trust. Given this landscape, cybersecurity in fintech is not just about preventing attacks—it’s about ensuring the integrity of the entire digital financial infrastructure. ... Governments and regulatory bodies worldwide recognise the critical role of cybersecurity in fintech. Frameworks like the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S. set stringent standards for data privacy and security. Compliance is not just a legal necessity—it’s an opportunity for fintech companies to build trust with users. By adhering to global security best practices, fintech firms can differentiate themselves in an increasingly competitive market while ensuring customer data remains protected.
If there's one certainty in business, it's change. The most successful entrepreneurs aren't just those who have great ideas — they are the ones who know how to adapt. Whether it's economic downturns, shifts in consumer behavior or emerging competition, the ability to navigate uncertainty is what separates sustainable businesses from those that struggle to survive. ... Instead of long-term strategies that assume stability, use quick experiments to validate new ideas and adjust quickly. When we launched new membership models at our office, we tested different pricing structures and adjusted based on user feedback within weeks rather than months. ... Digital engagement is changing. Entrepreneurs who optimize their messaging based on social media trends and consumer preferences gain a competitive edge. For example, when we noticed an increase in demand for remote work solutions, we adjusted our marketing efforts to highlight our virtual office plans. ... strong company culture that embraces change enables faster adaptation during challenging times. Jim Collins, in Good to Great, emphasizes that having the right people in the right seats is fundamental for long-term success. At Coworking Smart, we focused on hiring individuals who thrived in dynamic environments rather than just filling positions based on traditional job descriptions.
Who are your mission critical vendors? Do they present significant risks (for example, risk of a merger, or going out of business)? Where are your IT supply chain “weak links” (such as vendors whose products and services repeatedly fail). Are they impairing your ability to provide top-grade IT to the business? What countries do you operate in? Are there technology and support issues that could emerge in those locations? Do you annually send questionnaires to vendors that query them so you can ascertain that they are strong, reliable and trustworthy suppliers? Do you request your auditors periodically review IT supply chain vendors for resiliency, compliance and security? ... Most enterprises include security and compliance checkpoints on their initial dealings with vendors, but few check back with the vendors on a regular basis after the contracts are signed. Security and governance guidelines change from year to year. Have your IT vendors kept up? When was the last time you requested their latest security and governance audit reports from them? Verifying that vendors stay in step with your company’s security and governance requirements should be done annually. ... Although companies include their production supply chains in their corporate risk management plans, they don’t consistently consider the IT supply chain and its risks.
Even if the advantages are clear, the right story is also needed internally to initiate an introduction. Benedikt Ernst from the IBM spin-off Kyndryl sees a certain “shock potential,” especially in the financial dimension, which is ideally anticipated in advance: “The argumentation of costs is crucial because the introduction of AIOps is, of course, an investment in the first instance. Organizations need to ask themselves: How quickly is a problem detected and resolved today? And how does an accelerated resolution affect operating costs and downtime?” In addition, there is another aspect that he believes is too often overlooked: “Ultimately, the introduction of AIOps also reveals potential on the employee side. The fewer manual interventions in the infrastructure are necessary, the more employees can focus on things that really require their attention. For this reason, I see the use of open integration platforms as helpful in making automation and AIOps usable across different platforms.” Storm Reply’s Henckel even sees AIOps as a tool for greater harmony: “The introduction of AIOps also means an end to finger-pointing between departments. With all the different sources of error — database, server, operating system — it used to be difficult to pinpoint the cause of the error. AIOps provides detailed analysis across all areas and brings more harmony to infrastructure evaluation.”