November 27, 2023

From Risk to Resilience: Safeguarding BFSI Against Increasing Threats

As financial transactions increasingly migrate to digital platforms, safeguarding sensitive data and systems has become the linchpin for maintaining trust and stability in the industry. Customer trust forms the bedrock of any successful financial institution. With the advent of digital banking and the proliferation of online transactions, customers expect their financial data to be treated with the utmost confidentiality and security. A single breach can erode trust irreparably, leading to customer attrition and reputational damage. To uphold trust, BFSI organizations must adopt a proactive cybersecurity posture. This entails not only implementing robust security measures but also fostering a culture of cybersecurity awareness among employees and customers alike. ... Converged IAM represents a paradigm shift in cybersecurity strategy. It combines traditional IAM, which manages user identities and access to resources, with Identity Governance and Administration (IGA), which ensures compliance with internal policies and external regulations. This convergence empowers organizations to have a unified view of user identities and their associated access rights, thereby bolstering security measures.

Innovation in data centers: Navigating challenges and embracing sustainability

Navigating the challenge of finding solutions that meet all constraints is a constant endeavour in the data center industry. Daily operations involve continuous optimization efforts, where sustainability and cost-effectiveness are pivotal considerations. Contrary to common perception, sustainable solutions are not invariably more expensive; their cost-effectiveness depends on the thorough assessment of environmental implications. Consider the approach the industry has taken to battery technology optimization as an example. Traditionally, lead batteries have been a standard industry solution. However, exploring new technologies, such as lithium-ion batteries, introduces a diverse range of options. While these batteries may be more intricate and expensive in the production phase, a holistic lifecycle analysis reveals their extended service life and lower total cost of ownership. This emphasises the need to evaluate innovation not only in terms of initial costs but also in terms of environmental impact and the overall project lifecycle.

Rise of the cyber CPA: What it means for CISOs

The biggest value-add these new talents are likely to deliver is in helping CISOs sell security programs more effectively. "CISOs are not known to speak in [terms of] ROI effectively, at least not in the practical ROI issues lines of business executives care about. And after hearing these ineffective arguments for years, many CFOs are eventually not listening," Yigal Rechtman, managing partner of Rechtman Consulting, a New Jersey-based compliance and forensic accounting firm, tells CSO. Even if the new cyber accountants don't immediately deliver better ROI arguments, argues Phil Neray, the VP of cyber defense security at Gem Security, their financial approach and different mindsets might prove quite valuable. "Fighting our cyber adversaries requires having different approaches and different viewpoints and different worldviews," he tells CSO. "Therefore, having a diversity of perspectives on your security team is going to make your team stronger. And these cyber accountants might do just that."

Why it’s the perfect time to reflect on your software update policy

The foundation of a sound software update policy begins with thorough pre-work. This involves setting the groundwork for delivering successful updates, creating an inventory of devices, documenting baseline configurations, and understanding the applications that are critical to business operations. Organizations must establish baseline configurations and communicate the requisite standards to users. A comprehensive inventory of all devices used for work, including BYOD and unmanaged devices, is essential. This also encompasses documenting the end of support for devices being phased out, noting the critical business applications in use, and understanding which devices and users depend on them.?Identifying devices that are no longer receiving security updates yet access critical applications should be a priority. Similarly, sufficient staff must be allocated to the help desks to cope with increased queries during update rollouts. Organizations should also prepare a diverse group of informed early adopters and testers from across the business spectrum to ensure that feedback is timely and representative.?

AI hype isn’t helping anyone

It’s easy to predict a rosy future but far harder to deliver it. Gates can gush that “agents will be able to help with virtually any activity and any area of life,” all within five years, but for anyone who has actually used things like Midjourney to edit images, the results tend to be really bad, and not merely in terms of quality. I tried to make Mario Bros. characters out of my peers at work and discovered that Caucasians fared better than Asians. ... “The key to understanding the real threat of prompt injection is to understand that AI models are deeply, incredibly gullible by design,” notes Simon Willison. Willison is one of the most expert and enthusiastic proponents of AI’s potential for software development (and general use), but he’s also unwilling to pull punches on where it needs to improve: “I don’t know how to build it securely! And these holes aren’t hypothetical, they’re a huge blocker on us shipping a lot of this stuff.” The problem is that the LLMs believe everything they read, as it were. By design, they ingest content and respond to prompts. They don’t know how to tell the difference between a good prompt and a bad one.

Scaling SRE Teams

Scaling may come naturally if you do the right things in the right order. First, you must identify what your current state is in terms of infrastructure. How well do you understand the systems? Determine existing SRE processes that need improvement. For the SRE processes that are necessary but are not employed yet, find the tools and the metrics necessary to start. Collaborate with the appropriate stakeholders, use feedback, iterate, and improve. ... SLOs set clear, achievable goals for the team and provide a measurable way to assess the reliability of a service. By defining specific targets for uptime, latency, or error rates, SRE teams can objectively evaluate whether the system is meeting the desired standards of performance. Using specific targets, a team can prioritize their efforts and focus on areas that need improvement, thus fostering a culture of accountability and continuous improvement. Error budgets provide a mechanism for managing risk and making trade-offs between reliability and innovation.?

Read more here ...