December 28, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Make no mistake, we are not talking about the application of AI in the usual sense when it comes to threat detection. Up until now, AI has seen Large Language Models (LLMs) used to do little more than summarise findings for reporting purposes in incident response. Instead, we are referring to the application of AI in its truer and broader sense, i.e. via machine learning, agents, graphs, hypergraphs and other approaches – and these promise to make detection both more precise and intelligible. Hypergraphs gives us the power to connect hundreds of observations together to form likely chains of events. ... The end result is that the security analyst is no longer perpetually caught in firefighting mode. Rather than having to respond to hundreds of alerts a day, the analyst can use the hypergraphs and AI to detect and string together long chains of alerts that share commonalities and in so doing gain a complete picture of the threat. Realistically, it’s expected that adopting such an approach should see alert volumes decline by up to 90 per cent. But it doesn’t end there. By applying machine learning to the chains of events it will be possible to prioritise response, identifying which threats require immediate triage.
A Sole source is a vendor that provides a specific product or service to your company. This vendor makes a specific widget or service that is custom tailored to your company’s needs. If there is an event at this Sole Source provider, your company can only wait until the event has been resolved. There is no other vendor that can produce your product or service quickly. They are the sole source, on a critical path to your operations. From an oversight and assessment perspective, this can be a difficult relationship to mitigate risks to your company. With sole source companies, we as practitioners must do a deeper dive into these companies from a risk assessment perspective. From a vendor audit perspective, we need to go into more details of how robust their business continuity, disaster recovery, and crisis management programs are. ... Single Source providers are vendors that provide a service or product to your company that is one company that you choose to do business with, but there are other providers that could provide the same product or services. An example of a single source provider is a payment processing company. There are many to choose from, but you chose one specific company to do business with. Moving to a new single source provider can be a daunting task that involves a new RFP process, process integration, assessments of their business continuity program, etc.
Beyond the infrastructure, financial inclusion would see a leap forward in CEMAC if the right policies and platforms exist. “The number two thing is that you have to have the right policies in place which are going to establish what would constitute acceptable identity authentication for identity transactions. So, be it for onboarding or identity transactions, you have to have a policy. Saying that we’re going to do biometric authentication for every transaction, no matter what value it is and what context it is, doesn’t make any sense,” Atick holds. “You have to have a policy that is basically a risk-based policy. And we have lots of experience in that. Some countries started with their own policies, and over time, they started to understand it. Luckily, there is a lot of knowledge now that we can share on this point. This is why we’re doing the Financial Inclusion Symposium at the ID4Africa Annual General Meeting next year [in Addis Ababa], because these countries are going to share their knowledge and experiences.” “The symposium at the AGM will basically be on digital identity and finance. It’s going to focus on the stages of financial inclusion, and what are the risk-based policies countries must put in place to achieve the desired outcome, which is a low-cost, high-robustness and trustworthy ecosystem that enables anybody to enter the system and to conduct transactions securely.”
Recommended by LinkedIn
By embracing localised data processing, companies can turn compliance into an advantage, driving innovations such as data barter markets and sovereignty-specific data products. Data sovereignty isn’t merely a regulatory checkbox—it’s about Citizen Data Rights. With most consumer data being unstructured and often ignored, organisations can no longer afford complacency. Prioritising unstructured data management will be crucial as personal information needs to be identified, cataloged, and protected at a granular level from inception through intelligent, policy-based automation. ... Individuals are gaining more control over their personal information and expect transparency, control, and digital trust from organisations. As a result, businesses will shift to self-service data management, enabling data stewards across departments to actively participate in privacy practices. This evolution moves privacy management out of IT silos, embedding it into daily operations across the organisation. Organisations that embrace this change will implement a “Data Democracy by Design” approach, incorporating self-service privacy dashboards, personalised data management workflows, and Role-Based Access Control (RBAC) for data stewards.
According to the van Dam article, burnout happens when an employee buries their experience of chronic stress for years. The people who burn out are often formerly great performers, perfectionists who exhibit perseverance. But if the person perseveres in a situation where they don't have control, they can experience the kind of morale-killing stress that, left unaddressed for months and years, leads to burnout. In such cases, "perseverance is not adaptive anymore and individuals should shift to other coping strategies like asking for social support and reflecting on one's situation and feelings," the article read. ... Employees sometimes scoff at the wellness programs companies put out as an attempt to keep people healthy. "Most 'corporate' solutions — use this app! attend this webinar! — felt juvenile and unhelpful," Eden says. And it does seem like many solutions fall into the same quick-fix category as home improvement hacks or dump dinner recipes. Christina Maslach's scholarly work attributed work stress to six main sources: workload, values, reward, control, fairness, and community. An even quicker assessment is promised by the Matches Measure from Cindy Muir Zapata.
Is it possible that embracing Non-Human Identities can help us bridge the resource gap in cybersecurity? The answer is a definite yes. The cybersecurity field is chronically understaffed and for firms to successfully safeguard their digital assets, they must be equipped to handle an infinite number of parallel tasks. This demands a new breed of solutions such as NHIs and Secrets Security Management that offer automation at a scale hitherto unseen. NHIs have the potential to take over tedious tasks like secret rotation, identity lifecycle management, and security compliance management. By automating these tasks, NHIs free up the cybersecurity workforce to concentrate on more strategic initiatives, thereby improving the overall efficiency of your security operations. Moreover, through AI-enhanced NHI Management platforms, we can provide better insights into system vulnerabilities and usage patterns, considerably improving context-aware security. Can the concept of Non-Human Identities extend its relevance beyond the IT sector? ... From healthcare institutions safeguarding sensitive patient data, financial services firms securing transactional data, travel companies protecting customer data, to DevOps teams looking to maintain the integrity of their codebases, the strategic relevance of NHIs is widespread.