Category: IT

4 Trends Driving Security Operations Center

Today, the need for organizational trust has been amplified by cyber threats that continue to grow in variety, volume and scope. According to the Cisco 2018 Annual Cybersecurity Report, 32 percent of breaches affected more than half of organizations’ systems, up from 15 percent in 2016. Network breaches shake customer confidence, and it’s essential that organizations protect intellectual property, customer records and other critical digital assets. A strong cybersecurity strategy is today’s foundation for creating confidence among partners and customers.

The Security Operations Center Gains Prominence

A key factor in establishing trust is the presence of a Security Operations Center (SOC). This is true whether the SOC functions internally or is provided by a third party, such as a managed security service provider (MSSP).

This team monitors, detects, investigates and responds to cyber threats around the clock. The SOC is charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems and brand integrity. This includes the connected controls found in networked industrial equipment. The SOC assumes overall responsibility for monitoring, assessing and defending against cyberattacks.

SOCs have grown in importance due to four primary trending needs:

  1. Departmental collaboration: It’s more important than ever that organizations maintain an environment where skilled people with the right tools can react quickly and collaborate to remediate system-wide as well as local problems.
  2. Cross-functional collaboration: People and cybersecurity tools must work together with other critical IT functions and business operations. These departments align with business objectives and compliance needs for a high-performing operation that is efficient and effective.
  3. Company-wide coordination and communication: As a security event takes place, it’s essential that there’s a centralized team to communicate with the rest of the organization and ensure efficient resolution. In turn, it’s also important that the organization knows who to turn to in the event of an incident.
  4. A holistic view: A view of all digital assets and processes that is centralized and real-time makes it possible to detect and fix problems whenever and wherever they occur. Centralization is critical for IoT systems. The sheer number of devices and the likelihood that they are widely dispersed make local monitoring impractical and inconsistent.

As security operations have changed, the associated job roles and responsibilities have evolved as well. Having the right team with the right skills in place is essential to optimizing an organization’s front-line defense.

SOC Member Roles

Within the SOC, there are many roles. While SOC teams are not all the same, these roles typically include:

  • Cybersecurity SOC Manager: Manages the SOC personnel, budget, technology and programs, and interfaces with executive-level management, IT management, legal management, compliance management and the rest of the organization.
  • Incident Responder: Investigates, evaluates and responds to cyber incidents.
  • Forensic Specialist: Finds, gathers, examines and preserves evidence using analytical and investigative techniques.
  • Cybersecurity Auditor: Monitors compliance of people, procedures and systems against cybersecurity policies and requirements.
  • Cybersecurity Analyst: Identifies, categorizes and escalates cybersecurity events by analyzing information from systems using cyber defense tools.

These individuals work together to identify and respond to cybersecurity incidents in real time.

Building a SOC: A Challenge and an Opportunity

As networks expand and grow in complexity, SOCs are emerging as the enterprise’s front and best line of defense. The SOC is a strategic, risk-reducing asset that strengthens the security of an organization’s systems and data. Building a SOC isn’t as easy as simply hiring new team members, however […] Read more »

 

 

The US Cities that are Best at Password Security

New research reveals the US cities that are best at password security, with Minneapolis topping the list.

A study by password manager Dashlane scores cities based on several metrics, including average password strength and average number of reused passwords.

The cities best at password security are:

  1. Minneapolis, MN
  2. Seattle, WA
  3. San Francisco – Oakland, CA
  4. Detroit, MI
  5. Chicago, IL
  6. Denver, CO
  7. New York, NY
  8. Saint Louis, MO
  9. Washington, DC
  10. Miami – Fort Lauderdale, FL
  11. Riverside, CA
  12. Boston, MA
  13. Philadelphia, PA
  14. San Diego, CA
  15. Tampa – St. Petersburg, FL
  16. Los Angeles, CA
  17. Dallas, TX
  18. Phoenix, AZ
  19. Houston, TX
  20. Atlanta, GA

Mess With Texas

Things might be bigger in Texas, but not when it comes to passwords: All of the Texas locations scored near the bottom in both rankings, the study said.

NorCal vs. SoCal

According to the study, NorCal officially takes cybersecurity bragging rights as their scores were dramatically better across the board. The trend does not follow a straight North-South progression, however, as San Diego came out on top of LA.

Southern Discomfort

Four out of the six lowest-scoring cities hail from the south: Dallas, Atlanta, Houston, and Tampa […] Read more »

 

 

Women in Information Technology

The turn of the millennium has seen an exponential rise in the field of technology which has shown no signs of decline, 18 years after. Opportunities are abundant, innovation is plenty making IT a preferred career choice for many. This brings us to an interesting question; A question that is not often asked. What is the role women play in technology today?

The field of IT has always been male dominant. From iconic figures like Steve Jobs and Bill Gates to billionaire entrepreneurs like Mark Zuckerberg, the biggest contributions to technology have been from males. However, women are starting to play a bigger role in tech with many entering both regular and high-level positions in global firms. Ursula Burns, for example, has risen through the ranks to become the first African-American woman to become the CEO of Xerox, a  Fortune 500 company. Ginni Rometty, another inspiration to women across the globe, was named the president and CEO of IBM in 2011. Adding to the tale of success there is Marisa Mayer, an exemplary coder role model who was the former president and CEO of Yahoo!.

While this shows that women can definitely leave their mark in the field, there is also a stark reality that is hidden behind these success stories. A study carried out by virtual event solutions company, Evia shows that even though women make up more than half the US workforce, they make up only 20 percent of the US tech jobs. Making matters even worse, studies also show that women tend to leave technology-related positions at a rate two times that of men, clearly pointing to an underlying problem that is giving rise to a gender gap within the sphere of Information Technology.

The problem of under-representation of women in IT is a complicated one. On one side there is the argument that the whole debate is moot; gender is irrelevant, as long as a person is capable of accomplishing and aligning themselves with a company’s business. It is not that companies discriminate based on gender, but rather the number of women with the required technical background is simply not enough to balance out the gender gap. This may very well be true as statistics show that the number of women taking up computer science for their higher education has decreased over time. But a lack of talent pool alone does not answer why women who are already in tech roles would leave their jobs at a rate much faster than men. Surveys point to possible reasons ranging from company environment to a lack of work-life balance which is especially true for women in development. Working long hours might not be an option for a woman while a man would be more tolerant of the same. What is overlooked in such a scenario is to have a work environment that is equally conducive for both genders. Also, while discrimination or sexism is not something most women experience in a work environment, there could still be an underlying condescension that could lead to a sense of isolation.

The need for gender diversity within technology is undisputed. The issue can be talked about, argued over or even fixed to an extent with many great initiatives happening now. Significant strides are being made by different movements placing an emphasis on how a balanced workforce could provide a positive impact on a company. There is also a call to fill the pipeline with more talented women. The argument here is to stop screaming at companies to hire more women and focus instead on encouraging women to pursue careers in Information Technology. Some of this may bring about changes in the short term while some has the opportunity to make the greatest impact in the long run. But the gender gap we see in technology could, in fact, be a much more deep-rooted problem that lies within the very society that we are brought up in. If this is the case, then there should be a shift in social norms and concepts that are reinforced to steer young girls away from technology while encouraging the same in boys. It is only then will we be capable of breaking down gender roles and reaching true gender parity in the field of Information Technology.

 

Investors Put Cybersecurity Top of the Business Threat List

Cyber attacks are the now the biggest threat to business in the eyes of investors, mirroring growing global concern from business leaders, according to a new study by PwC.

In the PwC Global Investor Survey 2018 the views of investors and analysts are compared with those of business leaders. The study found that 41% of investors and analysts are now extremely concerned about cyber threats, seeing it as the largest threat to business, rising to first from fifth place in 2017. A similar amount (40%) of business leaders see it as a top three threat, but business leaders rank over-regulation and terrorism higher in the global study.

To improve trust with consumers, investors believe businesses should prioritize investment in cyber security protection (64% investors; 47% CEOs).

Investors rank geopolitical uncertainty (39% extremely concerned), speed of technological change (37%), populism (33%) and protectionism (32%) in the top five threats to growth.

Hilary Eastman, head of global investor engagement at PwC, said: “The top concerns of investors and CEOs emphasise the different internal and external perspectives on, and day to day experiences of, businesses. While on-the-ground challenges such as finding the right skills are high on business leaders’ agendas, investors are preoccupied with the impact that wider societal trends, such as geopolitical uncertainty, populism and protectionism, have on businesses generally.”

Overall, PwC finds that both investors and CEOs are more confident about the global growth outlook than they were last year. 54% of investors (+9%) believe global economic growth will improve and 57% of CEOs (+19%) […] Read more »

 

Beyond Talking the Talk: Building Cybersecurity into a Company’s DNA

Security is constant. It’s fast-paced with a high burnout rate, and many companies continue to struggle with implementing basic security controls. Given the overwhelming reality of resources and time that are already being dedicated to a company’s security strategy, how can organizations begin to build security into a company’s DNA in a realistic way?

While it may seem onerous or unrealistic to some, it is possible to create more than a cyber-aware culture. Changing the fabric of a company’s DNA is more than just a Pollyanna goal, it’s a necessary reality. But it will take time and leadership buy-in. The very basic building blocks require a shift in the way companies think about accountability. It starts with making everyone in the organization responsible for cybersecurity.

Let’s be clear that there is a difference between corporate culture and a company’s DNA. The DNA encompassing everything that relates to the very fibers of the organization. All those aspects of the company that we don’t think about it. When we talk about building cyber into the company DNA, we want it to be part of the normal day-to-day operations. Security needs to be part of what we are investing into the organization and people throughout the year. So that limited resources of time and money never diminish the way the company values security, it must be part of the corporate development life cycle.

When security is a part of the profit and loss statement, it inherently becomes a priority of the company’s goals. These are the ideas and behaviors we need to be going after in order to make security a priority for the organization.

So, what are some realistic steps you can take today? Here are a few ways to rebuild a company’s DNA and make a real difference in the way employees, the C-Suite, and the board value security[…] Read more »

 

 

Study Shows Which Phishing Attacks are Most Successful

A new phishing study of six million users shows insurance organizations and not-for-profits lead all other industries with greater than thirty percent of users falling for baseline phishing tests.

The study shows these types of organizations rank higher (in the low 30 percentiles) than the overall average of 27 percent across all industries and size organizations. Large business services organizations had the lowest Phish-prone benchmark at 19 percent.

The Phish-prone percentage is determined by the number of employees that click a simulated phishing email link or open an infected attachment during a testing campaign using the KnowBe4 platform.

The study, drawn from a data set of more than six million users across nearly 11,000 organizations, benchmarks real-world phishing results. Results show a radical drop of careless clicking to just 13 percent 90 days after initial training and simulated phishing and a steeper drop to two percent after 12 months of combined phishing and computer based training (CBT).

The study anonymously tracks users by company size and industry at three points: 1) a baseline phishing security test, 2) results after 90 days of combined CBT and simulated phishing, and 3) the result after one year of combined CBT and phishing […] Read more »

 

 

Big Data’s Big Peril: Security

We live in a world that is more digitally connected than ever before, and this trend will continue well into the foreseeable future. Mobile phones, televisions, washers and dryers, self-driving cars, traffic lights, and the power grid – all will be connected to the Internet of Things. It has been said that by 2020 there will be 50 billion connected things. These devices produce exponentially growing amounts of data such as emails, text files, log files, videos, and photos.

The world will create 163 zettabytes (a zettabyte equals one sextillion bytes) of data annually by 2025. Enterprises of all sizes can gain competitive advantages and valuable insights by incorporating big data and predictive analytics into their business strategies to fuel growth and drive operational efficiencies. But with all this data at hand, it’s vital to understand which data is actionable, and how it needs to be considered. Here are two examples of ways businesses are utilizing big data to improve the bottom line.

First, big data analytics can reduce customer churn. Predictive models are being built using customer demographics, product profile, customer complaint frequency, social media, and disconnect orders to flag customers who are likely to churn. Companies can identify these customers to better understand their issues and improve inefficient business processes. They can also recommend products that meet customer feature and price needs.

Second, big data can help prevent network outages. This is especially critical with government, medical, and emergency services networks, where outages can have severe impacts. Predictive models can ingest network logs to look at past device performance and predict hours in advance when an outage may occur, giving network engineers time to replace faulty equipment […] Read more »

 

 

The Shift in Security Operations in a Multi-Cloud World

As cybersecurity continues to become more complex and harder to manage, the role of security operations for organizations is also shifting across the board. Long gone are the days where firewalls or intrusion detection systems (IDS) could keep adversaries outside the perimeter. Instead, we are seeing increases in both size and frequency of attacks leading to more pronounced impacts to the business.

There are two primary factors that driving this change. To be successful today, modern security operations needs to understand these drivers and evolve their processes, procedures and tools to meet these new challenges.

The first driver has little to do with security as we think about it today. The modern IT organization is being required to deliver more business value at higher velocity with reduced costs. The most recent Rightscale State of the Cloud Report states that 85 percent of enterprises now rely on multiple clouds. This trend makes perfect sense as IT organizations reach for the best tools possible to meet their goals. However, the diversity of platforms and tools has driven more complexity in to the security operations than they were designed or resourced to accept. In my experience, most organziations have difficulty understanding where their data resides in the suite of platforms in use, let alone how that data is being protected.

The second driver is directly related to the security landscape. Over the past five years, we’ve seen the results from the investments adversaries have made in expertise. Modern attacks performed by advanced persistent threat (APT) groups rarely use sophisticated methods like zero-day attacks. Instead, these groups are characterized by the “persistent” component of their moniker. A consistent set of attacks, powered by cybersecurity expertise, is capable of breaching most organizations using traditional prevention or deterrence techniques […] Read more »

 

 

 

The Race to Adopt AI

Artificial Intelligence. A buzzword that immediately makes us picture self-aware computer networks taking over the world, or highly intelligent robots waging war against humanity itself. Thankfully, this is well beyond the realms of reality and still a thing of science fiction. The idea that AI is somehow a hostile piece of technology that could potentially destroy the world as we know it is a widespread misconception. A misconception fueled by captivated human minds and spread across to the general public, the technology industry and even within academic communities. But this does not mean AI is not among us. On the contrary, Artificial Intelligence has well and truly arrived, and is changing the world as we know it, for the better.

Think of AI as a tool to serve us. Although not quite apparent, it has already crept into our everyday life in various forms such as Virtual Personal Assistants, aspects of Online Customer Support, advertising and even video games just to name a few. Companies have realized it’s potential and have already invested millions into AI research for underlying business integration. But the fact of the matter is, AI is still at its infancy, and the waters are still largely untested. So the question remains, what will it take for industry wide adoption?

The early movers in AI are the usual suspects. The cutting-edge, cash-rich tech giants like Google, Facebook, Microsoft and Amazon and companies like Netflix to a lesser degree, have caught mainstream attention with their AI research. Not so long ago, Google’s AlphaGo managed to beat the Go world champion. The significance lies in the possibility of a more widespread set of use cases for the technology that made it all possible. In contrast, Deep Blue the chess engine that famously beat Garry Kasaprov was really good at chess, but useless at everything else. Amazon is not only transforming eCommerce, but is also pushing towards the grocery industry through its emerging initiative Amazon Go. The idea is to eliminate the need for a traditional checkout system with the help of computer vision, sensor fusion and deep learning. Microsoft, another big player in the field of AI is actively pursuing a General Artificial Intelligence that can effectively address problems in a range of different areas. The tech giants have taken the first steps, but keenly watching on the sidelines are the smaller, less tech-savvy firms trying to identify what might be genuinely valuable for them, going into the future. After all for businesses, AI adoption boils down to whether it can provide a good ROI.

In futurist William Gibson’s own words, “The future has arrived — it’s just not evenly distributed yet.” Clearly, AI adoption is not going to be uniform across business sectors. But what is widely agreed upon and is of paramount importance is that business owners do not ignore it. Promising research has shown the potential for disruptive changes in fields such as healthcare, transportation, marketing, manufacturing, entertainment and even climate change. It is important to try and stay ahead of the curve or be at risk of losing out in the long run. Having said that, there are still very real hurdles that has to be overcome for AI to reach its true potential across all industries. One such challenge lies in the very lifeblood of AI, that is data.

Data powers AI. Training algorithms to be good at something requires volumes and volumes of data. So it is no coincidence that the leading AI researchers in the industry have troves of continuously evolving data at their disposal. Facebook has publicly announced that it processes 2.5 billion pieces of content and 500+ terabytes of data each day. Google has billions of search queries running through its servers on any given day. The sheer volume, growth, and accessibility of data in recent years have been a driving factor towards the advancements seen in the field of Artificial Intelligence. However moving forward, this is a major source of bottleneck for industries and business sectors that are less focused on digitized, data-driven work. Not every company has the capacity or the means to gather and store data at the level of say, Facebook or Google. Not every business sector generates large enough quantities of data that could be channeled towards AI development. Take healthcare for example. Diagnosis support for doctors is an area that has seen significant progress in recent years. But gathering the data required to further this research has proved to be problematic. Partly, the problem is ethical due to the sensitive nature of patient data that might be required for research work. Another problem lies in the traditional nature of the industry, which has not embraced digitization as readily as some others have. The end result is, of course, data lacking in both quantity and quality.

Today, AI is poised at an interesting position. The world has come to realize the potential impact it could have on a wide range of fields, yet does not completely understand where the roads could lead to. There’s exciting developments but the biggest opportunities are still untapped. Some companies have taken giant leaps while some have taken more conservative approaches. The immediate future may churn out solutions to business problems that will require substantial pilot programs before being industry ready. Statistics show that although many business leaders believe a massive cross-industry impact is possible, there is still a sense of reluctance within businesses to move into early adoption. Reasons for this could range from budgetary restrictions to availability of in-house talent and talent acquisition.

The bottom line is, in Artificial Intelligence we have a general-purpose technology with the potential to change the world as we know it. What this change may bring along is still up for debate.  Expert opinions range from a fully fledged sentient Artificial Super Intelligence to more realistic real-world applications. The trajectory of AI is such that neither can be disregarded. But what we do know is the journey ahead promises to be one of a lifetime. So let’s enjoy the ride.

Focus Areas and Trends for the 2018 CIO

A new fiscal year has come and businesses have started – or finished to – re-evaluate their approach for the upcoming year. CIOs, just like in previous years, have started to slowly come out of their shells and become more active towards business-related aspects. They’re not just the guys in charge of the PC systems anymore and in this article, we explore as to what are the expected trends we should expect from our 2018 CIOs.

Given technology’s extremely fast paced advancements, you can almost expect that amongst the company’s organization structure, the CIO would have the most dynamic role. The CEO may have the most daunting of names, but the CIO would have to be flexible in the name of the ever changing environment.

From being a delivery executive to a business executive, the workplace has started to expect a more hands-on CIO when it comes to managerial duties. This includes being concerned with reducing costs, exploiting data centers for profit, and reevaluating processes to increase revenue. This change in trend is not a sudden shift and actually, 78 percent of CIOs are becoming more adaptable and welcoming to change in their respective IT organizations.

Most of the change comes from digitalization or the use of technology to alter business models to create more avenues for revenue and opportunities. Embracing this would certainly mean an inevitable shift of priorities such as:

  • IT-outcome to Business-outcome
  • Assisting or taking orders to compelling or being collaborative
  • Cost control to revenue building
  • Sourcing to creating
  • Within the box of IT to everywhere in the workplace

What we can takeaway from here is that the workplace is broadening the CIO’s role from being just focused on the company’s IT structure to being more involved and proactive towards its business decisions. Doing this harnesses one of the most valuable thing in the business world – growth. Growth is still the most prioritized business objective amongst companies.

However, despite the obvious favorite – focusing on the other business objectives namely:

  • Digitalization to reap economies of scale
  • Profitability
  • Innovation, research & development, new products
  • Customer focusing
  • Possible mergers, acquisition, and transaction that would bring in a new pool of talent

Albeit indirect, these would still provide areas for growth. Also since IT budgets across the world have increased between 2.0 percent to 5.1 percent, there is funding available to support such growth. However, it is worth noting that companies could perhaps allot some of this budget towards strengthening cybersecurity as 95 percent of CIOs expect threats to continue and increase.

Growth means larger and more output. Companies strive to attain this through economies of scale where larger production derives a lower cost. However, this can be tricky for companies to achieve and would mean rethinking their business model and “jumping the curve”. They have to innovate processes in order to avoid stagnancy and being left out.

By 2020, it is expected that half of company sales would come from digital business – and executives are aware of this.

As seen on the chart, companies in several industries all believe that digitalization has a wider impact on their sales than it did on prior years with them estimating that share of products sold online account for more or less half of their total sales. While industries such as industrial products are harder to market online, telecommunications and retail figures show that online shopping is becoming more and more accepted as an avenue for revenue.

This itself already shows that business objectives would inevitably lean towards the hands of the CIOs as who else is better fit to guide the company towards this innovation but them.

The digital world is anything but lacking from innovation however CIOs face walls whenever they attempt to jump into the larger waters. CIOs cite a broad-based culture change and their imposed job objectives as some of the ‘bricks’ they have to tear down in order to facilitate scale improvements.

This is where the trend shift comes in. CIOs have started to spend more time on executive leadership now than from previous years. In addition, their priorities also imply where they would spend their time the most. While BI/analytics takes the cake on being prioritized the most, digitalization and cloud services are also up there. However, there have been discrepancies between the priorities of tech companies relative to their performance in the industry.

Top-performing companies pay less attention to customer relationships perhaps due to the fact that they’re more established in the marketplace and thus, they do not need to allot more resources towards retaining or gaining market position. They are also able to explore the ever-so-fascinating artificial intelligence where there are still a lot of room for growth. On the other hand, trailing companies focus on enterprise resource planning which tends to focus more on the company’s core business processes which, given their standing, might have more areas of improvement. But regardless these differences, the CIOs’ inclination towards BI/analytics imply that they have started to become more ingrained towards business growth.

With all these possible shifts and trends for 2018, it would seem as if change is coming. Despite its inevitability, 78 percent of CIOs say that they’re armed and ready, mainly due to digitalization. If there is a time to accept the shift with an open arm, now is the time to do so. There is so much talent and opportunity to become pioneers in the industry. Scaling the business has never looked so friendlier with all the advancements in technology. It is now the time to build up your team to become more resilient and adaptive towards the ever changing industry. Of course there still are doubts but having an open mindset is the start of something promising. It would suck to be left behind peer companies so leadership teams should start becoming more accommodating on what is bound to happen.

CIOs are no longer just expected to build and create. They are now expected to integrate services and produce efficiency in all the aspect of the business. CIOs need to invest in technologies that are able to provide such services that will in turn have an impact on the IT organization. So get ready to see more of your CIOs in action and discussion and more proactive in the business cycle.