BBC Tech

Copycat coders create ‘vulnerable’ apps

Lazy developers who copy solutions to tricky programming problems are creating apps that are vulnerable to attack, research suggests. A team of computer scientists looked at more than 72,000 chunks of code found on the Stack Overflow website. The site is popular with developers seeking advice
/
Quartz

Deepfake videos are a far, far bigger problem for women

The number of deepfake videos found online has nearly doubled since 2018, and most of them are pornographic videos featuring women without their consent. The term “deepfake” refers to video altered using machine-learning technology to present a situation that didn’t occur, such as this video of filmmaker
/
Vibhav Agarwal

Cloud And Cybersecurity: 5 Things CISOs Need To Consider

The Cloud and Cybersecurity

Tomorrow’s digital enterprise is at war today. War not only with external cybersecurity hackers and viruses, but also within the organization itself – a conclusion based on my discussions with information security managers and cloud architects around the world. While most executives understand the importance of a business driven, risk management-focused cybersecurity model, they do not address cybersecurity as an organizational issue, but more as a compliance or IT checklist issue.

As business models transform, becoming the leading and modern digital enterprises of the future, we see a shift in other areas as well. This is the age of the customer, and in a digital world, customer service or dis-service can be decided by one successful phishing attempt on an organization’s website. As recent events have proven, a successful cyber-attack has the ability to not only bring the organization down to its knees in minutes, but makes getting up quickly nearly impossible.

Furthermore, as business leaders lean more and more on the Cloud as a default choice for newer, faster systems of engagement with customers, new complexities come into the picture. Fast speed and customer centric front-end application characteristics like zero downtime, instant cross channel functionality deployment, and real time performance management make the cloud an ideal environment. But cloud and cybersecurity – how do we take care of that?

There are five key things that every IT Manager and Architect should think about as they aspire to be the CISO of tomorrow’s leading digital enterprise:

1. It’s a Business Problem:

As custodians of sensitive customer information and business value delivery, the CISOs of tomorrow should understand the importance of keeping data safe and secure. CISOs should ensure that they are part of a core team looking at the organizational risk appetite, which includes aspects like loss of IP, customer information loss, business operation disruption, and more. The CISO should present the organizational cybersecurity risk in the context of business by correlating IT assets and their residual scores with their business importance. The trade-offs of newer cybersecurity investments versus the status quo need to be examined from a more strategic and organizational perspective, rather than mere annual investment or upgrade perspective.

2. The First C of an Effective Cloud Strategy is Controls:

The focus needs to be on controls, not on cost. If the CISO of tomorrow is not able to effectively implement controls with regards to data segregation, data security and infrastructure security, then the cost of keeping the data in the cloud can be prohibitive. Incorporating the right set of controls into your organization’s cloud deployments from the start and establishing a sustainable monitoring mechanism is key to ensuring that cloud investments have a positive trade-off from a total cost of ownership perspective.

3. Effective Governance and Reporting is Not an Afterthought:

Keeping business stakeholders informed on IT policies and controls from the start, especially those critical to business operations and cybersecurity, is important. The CISO of tomorrow should put in place a granular governance and reporting mechanism to encapsulate not only the organizational IT assets and ecosystem, but also cloud deployments. This system should handle all risk and compliance reporting related-requirements and their correlation with the business operations in order to make sense to business heads.

4. Is the Business Continuity Plan in Place:

Cyber attack planning and response is one of the biggest challenges for the CISO of tomorrow. With cloud-based infrastructure, the problem gets even more complicated. Having a clear incident response strategy and manual, a well-defined business impact analysis, and a mass notification and tracking mechanism are just some of the aspects that will be highly critical for ensuring that business disruptions are handled in a tightly coordinated manner. Again, having business context is important to achieve this.

5. Should we Consider Cyber-Insurance:

Indemnification against cyber attacks and the resulting loss of reputation, data and revenue is going to become a trend fairly soon. The CISOs of tomorrow should monitor the need and requirements of getting cyber insurance proactively, and counsel business stakeholders appropriately. This will be an important hedging strategy to minimize possible financial losses from lawsuits, business disruptions and data losses.

Today, with ubiquitous Internet connectivity, cloud-based IT ecosystems and an ever-evolving cyber-engagement business model, cybersecurity is a growing social and business issue. The CISO and CIOs of tomorrow need to ensure sustained support and focus from top management if they want to succeed in their cyber-fortification efforts. They also need to enhance their horizons across the business context, financial aspects and wider strategic objectives to guarantee that the organization’s data security is evolving in line. If the digital enterprise of tomorrow wants to grow and innovate, the question is not “are we doing enough today”, but rather, “are we thinking enough about tomorrow?

By Vibhav Agarwal

  • Recent Posts
Vibhav Agarwal Contributor
Product Marketing at MetricStream
Vibhav Agarwal is the Director, Product Marketing at MetricStream. Vibhav has 11+ years of progressive experience in Enterprise product marketing, sales management, ERP & CRM program planning and delivery, software vendor selection and implementation across Hi-Tech, Trading & Capital Markets and Internet domains. Worked extensively in various roles dealing with multinational conglomerates as well as mid-sized companies like Info Edge India, in deals ranging between 0.5-30 million USD. Exposure to all stages of product and IT applications, sales & marketing, product management, and enterprise implementations.

POWERPOINT COMIC LICENSING | CLICK TO SEE MORE

How Can We Use Artificial Intelligence When We Can't Handle Real Intelligence?

How Can We Use Artificial Intelligence When We Can’t Handle Real Intelligence?

Artificial Versus Real Intelligence In this article we will be discussing the pitfalls of societal disillusionment with facts, and how this trend may become troubling ...
John Pientka

As Personal Tech Moves Into Medicine Will We Get Better Health or Precrime?

Better Health or Precrime? Smartphones, Fitbits, Apple watches, and much more are examples of personal technology that will measure all sorts of bodily functions. Instead ...
Steve Prentice CloudTweaks

Thought Leaders

CLOUDHUBS: OPTIMIZING APPLICATION PERFORMANCE It may seem hard to believe, but even in this day and age, there are still some enterprises that are cloud-averse ...
Data Vulnerability Tools

Data Vulnerability Tools

BREACH LEVEL INDEX The service provided by The Breach Level Index tracks publicly disclosed data breaches and offers a risk assessment service. Their Risk Calculator ...