January 22, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
In this new world, private clouds and private infrastructure are a safer place to be. It's critical for security posture, especially for a brand that's been around a long time and its core functionalities haven't changed — it's critical to any modern environment despite the new threats. The basics haven't changed; they've just increased. Organizations need to be critical about their ITOps strategy to ensure configuration management and drift control, which is key to maintaining the security posture for an organization. Organizations will depend more on agents to manage configurations and prevent drift with the right set of technologies while tracking any and every change made to the golden images for configuration in their estate and keep their infrastructure inline as part of the security posture while also being secure in compliance standards. ... That fact won't stop startups from claiming that they have used GenAI to create a security silver bullet. While AI, particularly deep learning, will always have a place in solving security challenges, organizations will be better served by avoiding the AI panic and ensuring any security solutions help them optimize the security basics
This is not the first time Midnight Blizzard or Nobelium has targeted the company. Last year, Microsoft had accused it of using social engineering to carry out a cyberattack on Microsoft Teams. Though the attack was initiated in late November 2023, it was detected only on January 12, 2024. “The incidence shows, like in earlier such cases, that even the most sophisticated cyber security systems are far from being adequate. ... Microsoft stressed that the attack was not because of a vulnerability in its products or services. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,” the company blog post read. However, analysts believe that possibly not enough was done to secure the email accounts of senior leadership. “The breach also hints at the possibility that best practices, such as zero-trust security, are not necessarily being applied to email accounts of senior leadership, who have been the primary targets in this case,” said Kumar. He added that a “weak link the security chain” might have led to the compromise of the employee emails.
Corporations are now looking beyond the bottom line to uphold ethical practices as they leverage big data and AI. The first step in this direction is ensuring transparency. Companies need to be clear about how they are collecting data, what they’re using it for, and how AI algorithms make decisions. This transparency is crucial in building trust with consumers and stakeholders. Another pivotal aspect is the prevention of biases in AI. Machine learning algorithms can inadvertently perpetuate and amplify existing biases if they are fed with skewed datasets. Corporations must actively engage in ‘debiasing’ techniques and diversity initiatives to ensure fairness and inclusivity in AI-driven decisions. Privacy, too, cannot be an afterthought. With regulations like the General Data Protection Regulation (GDPR) setting a precedent, businesses are more accountable for protecting individual’s data. Implementing robust privacy measures and giving users control over their data is both an ethical obligation and a business imperative. Various ethical frameworks have been proposed to guide businesses in this new terrain.?
领英推荐
It’s not surprising that these hijacking methods have gained prominence in India in recent years, as up to 96% of applications contain at least one open-source component. As Indian developers collaborate on software production, there is one word they should become familiar with when it comes to securing the software development pipeline: Curation. At a high level, the word Curation is defined as the act of thoughtfully selecting and organising items, a process typically associated with articles, images, music, and so on. In this case, however, the items being curated are open-source software components, acting as an automated lock to safeguard the gateway of the software pipeline. It entails filtering, tracking, and managing software packages based on preset policies to ensure the use of reliable components across the development lifecycle. Curating software components streamline development by guaranteeing the safety, reliability, and current status of packages. The idea is to protect against both known and unknown risks through a comprehensive approach that strengthens the organisation’s software supply chain by establishing a trusted source of packages. Approved packages could then be cataloged for re-use, or to point.
Effective navigation of this intricate regulatory landscape extends beyond mere compliance: it necessitates strategic, ongoing commitment. While data owners may define policies, custodians are responsible for implementing and ensuring adherence to these policies. The landscape of data custodianship in the digital age is one defined by constant evolution, where CISOs emerge as the linchpins of responsible information management. As organizations navigate the complexities of the regulatory and compliance landscape, understanding and embracing the essentials of data custodianship becomes paramount to fostering a culture of trust, accountability, and ethical data practices. The proactive role of CISOs, positioned as natural custodians, is central to fortifying organizations against evolving cyber threats and ensuring compliance with privacy regulations. By systematically integrating stringent measures aligned with prevailing industry standards, these CISOs exemplify the commitment required to uphold privacy and security imperatives. In the face of an ever-evolving regulatory panorama, such organizations demonstrate the resilience necessary to navigate complexities and ensure ethical data practices.
In the realm of software development—particularly with the advent of real-time application monitoring—employee retention, especially of developers, is paramount. Their deep understanding of the nuances of our applications and their ability to respond swiftly to the insights provided by real-time monitoring are invaluable. Maintaining a team of satisfied, engaged developers is crucial in this context. It’s not just about reducing turnover; it’s about fostering a culture where the engineers feel invested in the continuous improvement and success of our products. When developers are genuinely satisfied with their work and their environment, it reflects in the quality of their output. They become proactive in identifying and addressing issues, often before they escalate, thanks to the real-time data at their fingertips. The shift toward more dynamic monitoring practices has underscored the need for a supportive, collaborative environment. A culture where developers are encouraged to share insights and take initiative leads to a more responsive and adaptable team. This environment not only supports the technical aspects of our work but also enhances the overall morale and commitment of our developers.