October 21, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Along with being commonplace, phishing attacks have become so profitable (to the attackers) that the biggest cybercriminals have largely moved beyond individual customers. Rather, they target enterprise employees who can be duped into revealing information that’s much more sensitive, on a much larger scale. ... Since phishing attacks overwhelmingly target the human element, cybersecurity experts agree that the best defense against this is providing security awareness training to enterprise employees. This helps in early identification of attacks and increasing overall security hygiene. ... In-house cybersecurity training is no longer a time- and skill-intensive process, given the prevalence of AI-based phishing awareness platforms. Today, ML enables gamified, personalized security training programs for each individual based on their current level of awareness, position in the organization, and browsing behavior. Further, AI is a potent tool in the arms of cybersecurity experts. It enhances the efficiency and effectiveness of security policies by improving and automating routine threat detection procedures.
DX is about providing the best ecosystem for developers to improve business agility. For difficult areas such as deployment, security and incident resolution, ensure that the options you have chosen also work well on local workstations, in addition to meeting your business requirements. You will then build secure and reliable software with simpler code. It is also a gradual journey, and technical goals must be traded against business priorities. It should be possible to articulate all DX objectives in terms of their business value, whether this is faster web development, better data protection or fewer incidents. This will help you to win support for technical initiatives and implement them gradually as part of a technical roadmap. At Curity, we realize the importance of DX to your business. We therefore continually improve our developer resources, including guides for web, mobile and API development. The OAuth family of specifications enables you to implement many security solutions, and we also ensure that our advanced options can be run end-to-end on a development computer.
Despite advances like the US government’s Electronic Consent-Based Verification Service, or eCBSV—which allows some entities to verify whether a given combination of social secuirty number, name and date of birth match an existing Social Security Record—the issue remains a serious one in large part because it’s still easy to create this type of manipulated identity, thanks in part to the lack of incentives for financial institutions to combat them. “Today, the positive value of a good banking relationship is roughly the same as the negative cost of a fraudulent account (roughly $250-$400, depending on the bank or fintech),” the report said. “When considering the downside cost of a fraudulent banking relationship, generally the dollars are very low because financial losses like Peer to Peer, or P2P, scams are absorbed largely by the consumer, and nefarious activities like human and drug trafficking, terrorism, fraudulent PPP [Paycheck Protection Program] and unemployment deposits and low levels of money laundering do not carry a financial loss for the bank.”
Recommended by LinkedIn
Distributed Application Runtime (Dapr) is a CNCF project like Kubernetes. It is not just a framework or set of reusable libraries. It is rather a runtime that provides capabilities to solve many common concerns like service discovery, service-to-service communication, state management, configuration, secrets management, and others. Dapr exposes APIs for each of these capabilities which can be invoked from applications using HTTP or gRPC. With this approach, Dapr’s footprint in application code is limited to an API call, allowing Dapr to easily integrate with any language or runtime. The figure below depicts capabilities provided by Dapr, supported infrastructure platforms, and integration options using APIs. ... Dapr can be self-hosted as a process running on an operating system or it can be configured to run as a sidecar on Kubernetes. This allows all kinds of applications, whether they are containerized or not, running on cloud or on-premise or on edge infrastructure, deployed on physical or virtual machines, to make use of its capabilities.
Maximum benefits can be realized when an organization not only employs continuous improvement, but measures and proves results to their staff and customers, says Chris Lepotakis, a senior associate at global cybersecurity assessor Schellman. “This provides a greater trust in service and products offered by an organization and fosters higher fidelity between the organization, employees, and customers,” he explains. “Being able to show your customers what you're doing to improve your business, and what it means to their benefit, shows care and transparency on how the organization has recognized and improved on weak points.” It also proves that the organization is always looking for ways to provide continued value and trust, Lepotakis adds. Organizations looking to develop a continuous improvement culture should begin by creating a framework to support delivery resources. Such a framework should include processes for identifying, assessing, and implementing changes, as well as metrics to measure service quality, McIntire advises.
Public blockchain is highly secure and practically impossible to counterfeit due to the underlying cryptography used. While companies may attempt to manipulate private blockchain records, an independent auditor can monitor mischief in the network. Blockchain provides the trust and security needed for multiple organisations to connect on the shared ledger. This is because all users have access to a copy of the whole blockchain, meaning they can see if any meddling is going on. If there’s a hash match throughout the chain, the records are trustworthy. Furthermore, smart contracts represent the future of transactions and are interwoven with blockchain. Smart contracts are a piece of code that can outline each step of a transaction, with the ability to connect multiple blockchains and assets. When terms of the contract are met, they are automatically initiated. For start-ups, these coded contracts can revolutionise the way they conduct business. For example, smart contracts are perfectly suited for supply chain management.