June 06, 2023

CISOs, IT lack confidence in executives’ cyber-defense knowledge

CISOs need to understand precisely how and where the two risk environments — corporate and personal — intersect to get ahead of this problem. Here are four things to work on to ensure key executives are protected outside the office environment.Be vigilant for changes in leadership and executive team risk profiles. These blind spots can be a CEO who makes frequent media appearances, has stock market dealings that are open to public scrutiny, or is simply well enough known to be included in social media conversations. Identify the company’s “crown jewels” that need to be protected. This needs to include an evaluation of potential risks, including through personal attack, and developing mitigation strategies.?Ensure high-level executives get cybersecurity training. All staff should attend tailored awareness training which includes phishing simulation exercises and tabletop exercises, C-level and board executives included.?Shared responsibilities. CISOs should work with other high-level executives that shared responsibility is being carried across, this means understanding shared risk.

Cyber spotlight falls on boardroom ‘privilege’ as incidents soar

“With the growth and increasing sophistication of social engineering, organisations must enhance the protection of their senior leadership now to avoid expensive system intrusions,” added Novak. “When you look at the grand scheme of social engineering, the reason we see this increasing is because it’s a relatively easy thing for a threat actor to throw out there and try to hit a lot of organisations with,” Novak told reporters during a pre-briefing session attended by Computer Weekly. “This ties back to being financially motivated – most of these events are about fraudulent movement of money and, typically, that results in them getting paid very quickly.” ... “Globally, cyber threat actors continue their relentless efforts to acquire sensitive consumer and business data. The revenue generated from that information is staggering, and it’s not lost on business leaders, as it is front and centre at the board level,” said IDC research vice-president Craig Robinson. The research team added that the fact many organisations continue to rely on distributed workforces added to the challenges faced by defenders in creating and, crucially, enforcing human-centric security best practice.

Will companies use low code to run their businesses?

Today's low code platforms typically provide a visual, drag-and-drop interface for building form-based applications, or tools to build a visual workflow. The resulting apps can be used to automate business processes, create mobile apps, and integrate with other systems. The aim of low code technology is to make application development much more accessible and efficient, so that organizations can better respond to changing business needs and stay competitive. I've seen a lot of other benefits in my discussions with CIOs, for whom low code was certainly not a topic that rose to their pay grade until the last couple of years. Now it's clear that low code can reduce dependencies on hard-to-find development talent, lower the cost of development while speeding it up, and reduce backlogs. ... Low code is becoming a central part of the future of IT, and there are now increasing proof points to show that low code adoption can successfully happen in a substantial, even comprehensive way in both IT and the business.

5 Must-Know Facts about 5G Network Security and Its Cloud Benefits

With its low latency, higher bandwidth, and extensive security measures, 5G strengthens the security of cloud connectivity. This upgrade enables secure and reliable transmission of sensitive information as well as real-time data processing. 5G allows organizations to confidently use cloud services to store and manage their data, reducing the risk of data breaches. 5G offers superior fault tolerance when compared to cable connections, primarily due to the inherent resilience of wireless channels in mitigating communication failures. With a cable connecting an office or factory to a provider, it might be necessary to build a backup connection through an optical fiber or radio. But 5G has a reserved channel from the outset. If one base station fails, others will take over automatically, making downtime unlikely. In addition, 5G network slicing capabilities provide companies with dedicated virtual networks within their IT system. This enables better isolation and segregation of data, applications, and services, improving overall security.

Private 5G might just make you rethink your wireless options

“Cal Poly is a data-laden environment where, to unlock the true value of that data, the data must constantly move to where it is needed,” said Bill Britton, Cal Poly’s vice president for IT services and CIO. Unfortunately, the university’s legacy Wi-Fi networks were straining under the weight of that data. Before investigating 5G options, Cal Poly’s IT team audited their networks to see how, where, and why data overloaded existing networks. They tracked usage down to the component level and found things like a single Xbox downloading close to 2 terabytes of data, as a single student’s console served as a gaming hub for more than 1,500 other people worldwide, all gobbling up Cal Poly bandwidth. “What happens if an Xbox is consuming that much bandwidth during registration or final exams?” Britton asked. “There’s a myth that you can just add more bandwidth, but with Wi-Fi, the infrastructure itself will always be the major limiting factor,” he said. Without costly traffic management add-ons, legacy Wi-Fi has severe limitations, including issues with hand-offs, interference, and the insufficient roaming capabilities.

How to Boost Cybersecurity Through Better Communication

Cybersecurity feels like war. And that naturally leads to cybersecurity staff forming a combative mindset. Tasked with securing a massive and growing cybersecurity attack surface, constantly evolving threat landscape, vulnerability-prone software, insider threats, new and unprecedented challenges (like the recent shift to remote work), limited budgets, a persistent skills shortage and general understaffing and other constraints — users just seem like another set of problems coming at you. ... The larger conversation between cybersecurity staff and employees feels like the security pros have one set of objectives (preventing and dealing with cyberattacks) that feel at odds with the objectives of everyone else in the organization (winning customers, earning profits, achieving growth goals, minimizing customer loss and many others). The big picture is that the larger goals of the organization are shared goals. All those business objectives depend on cybersecurity — security is part of what makes them possible. By focusing on shared objectives, users will partner more readily.

Read more here ...