January 29, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
With many aspects of performance, upfront clarity is needed about the target, standard, and minimum acceptable levels. General criteria such as “5 SMART Objectives” etc risk constraining top performers or providing insufficient clarity to poor performers or those in developmental stages. General organisation-wide processes should be seen by managers as minimum requirements, not the best. Expectations should be calibrated for fairness at this stage—like setting a handicap before the metaphorical contest begins, not after the contest has ended. Monitoring and measuring is about ensuring that both the manager and the employee are engaged in monitoring and measuring all key aspects of performance (WHAT, HOW, and GROWTH). Only then will each individual receive sufficient, timely, and useful feedback to support improvement. This element also ensures that future assessment can be evidence-based. Enabling and enhancing is the key to performance management and oftentimes given insufficient attention. We know that every interaction between a manager and a member of staff can have a significant impact on that individual’s motivation and performance.?
“The speed of AI development is incredibly exciting, as the finance industry stands to benefit in several ways. But we’d be naive to think such rapid technological change cannot outstrip the speed at which regulations are created and implemented. “Ensuring AI is adequately regulated remains a huge challenge. Regulators can start by developing comprehensive guidelines on AI safety to guide researchers, developers and companies. This will also help establish grounds for partnerships between academia, industry and government to foster collaboration in AI development, which brings us closer to the safe deployment and use of AI. “We can’t forget that AI is a new phenomenon in the mainstream, so we must see more initiatives to educate the public about AI and its implications, promoting transparency and understanding. It’s vital that regulators make such commitments but also pledge to fund research into AI safety and best practices. To see AI’s rapid acceleration as advantageous, and not risk reversing the fantastic progress already made, proper funding for research is non-negotiable.”
This time around, though, Midnight Blizzard didn’t have to build a sophisticated hacking tool. To attack Microsoft, it used one of the most basic of basic hacking tricks, “password spraying.” In it, hackers type commonly-used passwords into countless random accounts, hoping one will give them access. Once they get that access, they’re free to roam throughout a network, hack into other accounts, steal email and documents, and more.?In a blog post, Microsoft said Midnight Blizzard broke into an old test account using password spraying and then used the account’s permissions to get into “Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions,” and steal emails and documents attached to them. The company claims the hackers initially targeted information about Midnight Blizzard itself, and that “to date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.” As if to reassure customers, the company noted, “The attack was not the result of a vulnerability in Microsoft products or services.”
领英推荐
Good decisions rely on shared data, especially the right data at the right time. Sometimes, the challenge is that the data itself often raises more questions than it answers. This trend will continue to worsen before it improves, as disjointed data ecosystems with disparate tools, platforms, and disconnected data silos become increasingly challenging for enterprises. This is why the concept of a data fabric has emerged as a method to better manage and share data. Data fabric’s holistic goal is the culmination of data management tools designed to manage data from identification, access, cleaning, and enrichment to transformation, governance, and analysis. That is a tall order and will take several years to mature before adoption happens across enterprises. Current solutions were not fully developed to deliver all the promises of a data fabric. In the coming year, organizations will incorporate knowledge graphs and artificial intelligence for metadata management to improve today’s offerings, and these will be a key criterion for making them more effective. Semantic metadata will enable decentralized data management, following the data mesh paradigm.?
The “Creatorverse” work environment fosters creativity and collaboration through its blend of virtual work and state-of-the art physical workspaces, Wenhold says. “All of this keeps our culture alive and keeps Business Technology a destination department,” he adds. An obsessive focus on simplicity anchors the belief and value system underpinning IT culture at the Pacific Northwest National Laboratory (PNNL), according to Brian Abrahamson, associate lab director and chief digital officer for computing and IT. For years, the lab struggled under the weight of decentralized IT and government standards and regulations, which complicated procedures and spurred too many overly complex systems that didn’t talk to one another. Under Abrahamson’s direction, the IT organization spent the past decade embracing human-centered design principles, delivering mobile accessibility, and creating personalized and effortless consumer-grade experiences designed to create connections among scientists and give them ready access to a workbench primed for scientific discovery.
Financial institutions handle sensitive consumer data every day, which is a responsibility integral to maintaining the trust consumers place in banks, credit unions, and similar entities. Safeguarding this data is not only a critical duty but also subject to rigorous regulation. The gravity of this responsibility is underscored by the potential ramifications of cyber incidents, which not only jeopardise consumer information but also strain a financial institution’s technological infrastructure. The fallout may include financial losses, reputational damage, and legal consequences. While many organisations have existing cybersecurity plans and incident response programs, the focus in 2024 is expected to shift towards rigorous testing. The dynamic nature of cybersecurity threats necessitates a proactive approach to ensure these plans and programs remain effective in the face of evolving challenges. Financial institutions may increasingly turn to external consultants for assistance in developing cybersecurity incident response policies or reviewing existing plans to ensure alignment with regulatory requirements.