March 04, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Gen Z will look for jobs in organizations that share their values. Gen Z is likely to remind their superiors of such values if they find themselves being asked to do something that goes against such. Be ready for situations like this and make sure the company’s values isn’t just a marketing creation. Another way to look at this is to proactively go after individuals whose values resonate with the company’s. All working generations have experienced pros and cons of work from home, the office or a mix of both. This is unlikely to be a Gen Z-only preference, but younger generations may be more prone to think, “Why do I need to go to a specific location to do a job I can perform from anywhere?†... The two aspects here are peer training and paid training. Gen Z is eager to learn but also to move forward, now even though this may not be effective to all roles it can be a positive in cybersecurity where attackers and attacks are always evolving fast.
While LastPass has made it clear that several course corrective activities have taken place post-incident to prevent similar hacks, the argument that this type of exploitation was preventable persists. Specifically, one control that should be scrutinized is the LastPass Acceptable Use Policy (AUP). These important documents provide employees with a set of rules applied by the company that explain the methods through which employees may access or use corporate networks, devices or data. Many of these policies require that corporate data may only be accessed and managed on corporate systems. This specific provision allows the organization to control both physical and logical access to important information, such as business operations and client data. As the business world has morphed with a more distributed and remote configuration, corporate AUPs require additional scrutiny as well. Specifically, companies should take a hard look as to the applicability of the Bring Your Own Device (BYOD) mentality and consider the security implications that could emerge through mismanagement.
In practice, a strong data culture is a “decision culture†according to McKinsey research, which is a culture where an organization can accelerate the application of advanced analytics, powering improved business performance and decision-making. Furthermore, Forrester found that organizations that use data to derive insights for decision-making are almost three times more likely to achieve double-digit growth. So why is it such a challenge to create this type of culture? ... Data creation is the process of creating high-quality, contextual behavioral data to power AI and other advanced data applications. Instead of working with the data exhaust which happens as a result of SaaS applications and black box analytics tools, data creation allows a choice of metrics that would best reflect the organization’s needs. The great thing about this is that it saves data teams quite a lot of time as it continuously delivers a highly trusted real-time stream of data that evolves with the business.
领英推è
In a hyper-competitive and increasingly cloud-based business environment, it's clear that digital-first is the only way forward. Of course, the transformation could have been smoother. For most businesses, it's happened in fits and starts—a program written here, a piece of software implemented there. The end result, in many cases, has been a patchwork: out-of-date applications, redundant or overly complicated programs, and generally clogged internal processes. Think of a big, tangled pile of extension cords—it's unclear what goes where, what can be safely removed, what needs replacing, and so forth. These clogged processes present a serious problem for businesses engaged in digital transformation. They can slow down a company's inner workings and, over time, lead to lost productivity and revenue. That's why it's imperative for companies to clear away the cobwebs and redesign their internal processes for maximal productivity—to, in other words, embark on an organization-wide program of enterprise architecture.
Central to any cybersecurity strategy being developed is the role of the IT infrastructure teams and storage administrators in the secure storage and protection of data.However, formulating and implementing a strategy alone will not be enough, organisations must rigorously test their resiliency plans. It is essential to identify the cracks in the defences as a proactive strategy, even as learnings are applied reactively. A key reason behind the rise of ransomware attacks is that the attack surface, the systems that are accessible and could be compromised, is massive and constantly growing. The larger the enterprise, the larger the attack surface, as the vulnerable endpoints and pieces of software being used are many. Any breach that occurs, thus must be quickly contained, and its impact as minimised as possible. Merely adding more storage to a data centre is not the solution. Enterprises will need to incorporate immutable storage and encryption technology and optimize the recovery process.?
The administration envisions that it will roll out more stringent software development practices, work with vendors to implement them in the software development process and then work with industry and Congress to establish a liability shield for companies that adopt those practices. That process will take well over a year, the senior administration official predicts. Veracode founder and Chief Technology Officer Chris Wysopal says drawing from the NIST Secure Software Development Framework for the safe harbor law is more aspirational than realistic since the liability shield must consider a company's maturity and security posture. Kalember says no current institutions are well positioned to assess compliance with NIST or assign blame after a security incident. "We need a few different levels of what building safe software means," Wysopal tells ISMG. "The SSDF is a good starting point, but I think it does need to be more practical and more basic."
Sales Associate at American Airlines
2 å¹´Thanks for sharing