October 08, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Financial institutions collect massive volumes of transactional data daily, making it impractical for human experts to review each transaction for signs of money laundering manually. AI systems, on the other hand, can efficiently process this data, flagging transactions that exhibit unusual patterns or deviate from established norms. These AI systems utilise advanced algorithms to develop customer behavior profiles, creating a baseline against which future transactions can be compared. Any deviation from the norm, such as sudden large transfers, frequent cash deposits, or transactions with high-risk jurisdictions, triggers an alert for further investigation. This allows institutions to focus their resources on genuinely suspicious activities rather than drowning in false positives. Analysing data to recognise suspicious activities: AI algorithms excel at analysing enormous?datasets, identifying hidden patterns and correlations that could signify money laundering activities. By examining transaction history and customer behavior, AI-enabled tools can uncover links between seemingly unrelated events.
At current levels, 2023 is on course to be the biggest year on record for victim naming on so-called ‘name and shame’ sites since this practice began in 2019. It is expected the 10,000th victim name was posted to leak sites in late summer 2023, but this has not yet been confirmed by Secureworks. ... The 2023 report found that ransomware median dwell time was under 24 hours, representing a dramatic fall from 4.5 days during the previous 12 months. In 10% of cases, ransomware was deployed within five hours of initial access. Smith believes this trend is due to improved cyber detection capabilities, with cyber-criminals speeding up their operations to reduce the chances of being stopped before deploying ransomware. “As a result, threat actors are focusing on simpler and quicker to implement operations, rather than big, multi-site enterprise-wide encryption events that are significantly more complex. But the risk from those attacks is still high,” commented Smith.
At the end of the day, backup as a service is kind of just that. It operates like a regular backup application, using a schedule and point-in-time backups. DRaaS is more about failing over if something comes up as a disaster recovery process. It's designed to replicate or restore data environments automatically; it doesn't transform data in the same sense that a backup may have a particular data format. DRaaS is about moving the data from point A to point B and being able to get back to it as quickly as possible, especially in the context of a failover. ... But with the flexibility that cloud data protection affords, a lot of these solutions can essentially get updated whenever you log on because they're SaaS-based. Also, there's so much data in the cloud now and lots of investment in digital transformation, new platforms and cloud-native applications, which is triggering some rethinking of cloud data protection strategies. All of this I think is shortening the review cycles. It's actually a domino effect: Data protection follows data production.?
领英推荐
It’s easy for remote workers to feel disconnected from their teams and employers, which is why it’s important to keep communication consistent. Having the right collaboration tools can make all the difference in keeping remote workers engaged and more likely to follow security protocols. Video calls can help team members meet face-to-face, reducing miscommunication and misunderstandings. It’s also important to have an easy way to collaborate on projects so everyone can stay on the same page and work moves forward efficiently. Of course, any technology you use should be easy to use and easy to keep secure. With the right communication tools, your remote team members can collaborate effectively, stay connected with team members, and generally remember that they aren’t at home alone — they belong to a larger organization. This feeling of connection will encourage and remind them to implement the company’s security standards even though they work from home. As remote work becomes more popular, the need for strong security practices becomes even more vital.?
One might be inclined to believe (from the Trellix example) that the returns and competitive business risks of adopting and not adopting AI in cyber-security processes are quite high from a sales perspective. This point can be rationalised by seminal academic theory in the strategic management sciences. Based on insights from the widely popular Five Forces strategy model by Michael Porter of the Harvard Business School, the threat of new entrants (Trellix competitors), product substitutes (competitor products churned from AI-driven platforms like HVS), high bargaining power of customers (clients of Trellix-like products), and low bargaining power of suppliers (Trellix) should push enterprises to necessarily adopt AI as a cyber-security strategy to boost sales. ... On top of everything, AI as a business strategy for the modern IT/OT-driven business ecosystems has the potential to adhere very well with certain elements of the seminal Eight-Fold strategy proposed by Michael Cusumano of the MIT Sloan School of Management for software-driven businesses
Establishing a data governance culture requires the right combination of people, process, and technology. Defining the right roles and responsibilities (people) and developing the right data governance framework (process) are steps in the right direction. But without the right tools (technology), it becomes difficult at best for a data governance culture to succeed. A data catalog is a critical tool for organizations looking to establish a data governance culture. It gives business users, many of whom are not data experts, clarity on data definitions, synonyms, and essential business attributes so they can understand and use their data more effectively. Data catalogs show who owns the data, allowing for greater collaboration across the business. They provide a self-service way for everyone in the organization to find the data they need and turn what used to be tribal knowledge into useful and accessible information that they can use to make better business decisions.