November 22, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
This new category includes instances when online criminals directly target consumers, often through a text, call, or email, rather than by obtaining a person’s personal information at the institutional level, a change in tactics in recent years that has significant consequences for both individuals and the companies they do business with. The consumer, Javelin says, has become “the path of least resistance.” Consumers aren’t the only ones affected by this change in approach. It has significantly altered the advice we give our banking and financial services customers, as well. ... Identity verification platforms with multi-modal biometrics and liveness detection offer next-generation levels of security. Even better, platforms now entering the market combine multi-modal biometrics and liveness detection with a frictionless, easy-to-use interface. With some, customers simply look into their phones or laptop cameras and say a phrase to easily and securely access an online account. This is the conversation my colleagues and I are having with our banking and financial institution customers.
Confirmation bias is the tendency to search for information proving your already-established worldview, rather than disproving it. It is obvious that it’s crucial to try to avoid this when constructing your idea or product validation tests or when talking to customers. Don’t try to defend your assumptions and decisions - instead, try to gather unbiased feedback so that you would have a higher confidence level in the results of your tests. Fake confirmation of your ideas might make your life easier as it would give you a scapegoat for your failure. Yet, in the long run, it’s much better to have to overcome your ego and succeed than to defend it but ultimately fail. The tendency to rely heavily on the first piece of information you have on a topic. The anchoring bias is often used in negotiations as a trick to bring the expectations of the opposing party closer to your desired outcome. In startups, it is very important not to unwittingly play this trick on yourself. For example, if you’ve been offering a service for free you might feel reluctant to raise the price significantly even if it is the right thing to do for your business.
Even as the metaverse continues to gain popularity, it’s important for retailers to remember that it is still relatively new, she observed. “The reality is there are so many other channels for retailers to engage customers, such as web, mobile, in-store and social, and they need to also focus on strengthening those experiences,” Estes said. Brands should not be trying to match virtual experiences with traditional in-store experiences, Mason noted, as they are very different mediums and have different strengths for connecting with customers. “The key thing to remember is that metaverse experiences are new and opt-in,” he said. “They need to be fun and engaging for the user to find something worthwhile in them. After all, moving to a competing brand’s metaverse experience is just a click or a hand-wave away. It is important for companies to consider how their brand will translate to a new medium.” Brands should consider how their brand representatives will greet consumers. Will they be serious, fun or edgy? What kind of language and voice will be used, and how will their brand avatar present itself visually?
领英推荐
As organizations automate their business processes, there are many potential hazards to avoid. “The main one is ignoring your people and underestimating that,” Butterfield said. “Although the outcome is driven by using a technology, everything up to the actual automation of a process is generally very people-focused. A lack of change management will unfortunately cause many issues in the long term. Organizations need to keep their people aligned with their overall goals.” Security, mainly authentication, is also a key concern, Barbin said. “Any automation, API [application programming interface] or other, requires some means to pass access credentials,” he said. “If the systems that automate and contain those credentials are compromised, access to the connected systems could be too.” To help minimize that risk, Barbin suggests using SAML 2.0 and other technologies that take stored passwords out of the systems. Another pitfall is selecting only one technology as the automation tool of choice. Typically organizations need multiple technologies to get the best results, said Maureen Fleming, program vice president for intelligent process automation research at IDC.
While this is less likely to be an issue if staff are driven by the organisation’s vision and purpose, as is often the case with tech startups, it is still “important to look at what the expectations are on both sides, what’s reasonable and where compromises could be made”, she says. Klotz also suggests that part of the reason why some IT leaders, among others, have reacted so negatively to the idea of quiet quitting idea is over concerns that “paying extra for everything” could hit profit margins, which in turn could put the company out of business, particularly in economically difficult times. But he also points to the dynamic nature of the tech industry, which requires discretionary working at times simply to deliver on projects. “It’s only if you ask people to go above and beyond without compensation that it gets exploitative rather than being part of a healthy functioning relationship,” Klotz says. “But many companies ask employees to do extra almost as part of the job description, which is partly why they provide amazing benefits and such good compensation – people know what they’re getting into and are rewarded for it.”
Both the reality of cyberthreats and regulatory changes should make it clear to boards, owners and management that there is a need for better management of cybersecurity. Enterprise risk management (ERM) is a tool that management and the board can use to help manage risk across the enterprise, including cyberrisk. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) ERM framework and International Organization for Standardization (ISO) 31000 are two prominent frameworks for ERM. Both frameworks emphasize that for effective ERM, an organization needs to have oversight from senior management, organizational structure to support ERM and qualified staff. These and other capabilities that are needed to support ERM are also necessary to support cybersecurity and manage cyberrisk; therefore, the contents of both frameworks are easily and aptly applied to cybersecurity. Organization can learn about the consequences of ineffective enterprise management of cybersecurity from many examples around the world including the 2021 ransomware attack on Ireland’s Health Services Executive (HSE).?