Tag: security

Categories
Cybersecurity Tech Magazine

10 Essential Steps to Ensure Cybersecurity

The U.K.’s National Cyber Security Centre (NCSC) proposes a series of cybersecurity guidelines for IT leaders and security experts to protect their company
Cyber Security guide

As businesses around the world begin preparations for the return to the office, a shadow still looms over IT departments: cybersecurity.

At the beginning and height of the pandemic, the surge in remote work and a new wave of malware attacks put extra strain on network and infrastructure security. Now, with some employees staying at home while others go back on-site, these challenges remain a priority.

In 2012, the U.K.’s National CyberSecurity Centre (NCSC) debuted a series of cybersecurity guidelines that are now used by most companies in the FTSE350. It is never a bad idea for IT leaders and security experts to consider these 10 proposed steps when assessing their company’s overall security measures.

Define risk management strategy for cybersecurity

First things first — Make a full inventory of all business-critical assets and infrastructure. Then, make sure you get the full picture of your strengths and weaknesses. Once that is done, IT and senior management should decide together what level of risk can be assumed and outline a comprehensive security strategy. All concerned stakeholders, from staff to partners and suppliers, must be made then aware of said policy.     

Secure configuration

Then, no one sets out on a journey without first doing a thorough check-up of the vessel. Make sure all your systems and tools are configured properly and that the latest updates are installed. Disable unnecessary functionalities and fix any issues that might compromise your ecosystem.  

Network security

The IT network of today’s businesses is vast, intricated and somewhat obscure. It combines different physical locations with cloud services and remote workers and collaborators. In this context, you must think of any and all vulnerable points of entry and put processes like VPNs in place to minimise risks.

Malware protection

Also, invest in the malware prevention tools, paying special attention to the functionalities offered in relation to your current and future needs. These tools can come in the form of both software solutions and policies regarding the exchange of information.  

Defining user privileges

Not all employees and users need access to everything in your network. So, split your users into levels and assign different privileges to each of these groups, limiting access to the most sensitive information to a few users. Moreover, it is a simple step that can save you a lot of trouble if an attack gets through, effectively serving as a firewall around the more critical parts of your network.

Incident management

In addition, outline and implement a clear process for identifying and managing incidents whenever they appear. When doing so, keep in mind response time and inter-departmental collaboration to ensure a smooth and efficient response.

User education and awarenes with cybersecurity

Then, put in place security awareness programs and carry out training when necessary. Human error is still the first cause behind enterprise data breaches. Therefore, simple-to-avoid malware tactics like phishing can be effectively managed by promoting a security-conscious culture across your stakeholders.

Home and mobile working

Also, COVID-19 has made it more evident than ever that work extends beyond the office doors. Your employee training and awareness programs should include recommendations on how to work remotely in a safe manner. Make sure you complement this approach with the proper software and network security tools like the aforementioned VPN.

Removable media controls

This is another area in which education and awareness play a big role. Removable devices such as USB sticks and hard drives are a great conduit for malware to spread. They also complicate the safeguarding of any information that is exported out of the system. Awareness initiatives in this area should be accompanied by specific software tools and policies, like limiting what information can be exported and by who.

Monitoring

Finally, remember to stay alert. None of the above steps will suffice unless you establish a comprehensive and ongoing surveillance system. Set up all the monitoring software that you will need to protect your network and train your IT staff to spot any irregularities early on.  

Categories
Press review Tech Magazine

Weekly News: We’re Okay with Surveillance Tech Now

Weekly News: We're Okay with Surveillance Tech Now
We're okay with surveillance tech now. Just a few months ago, criticism was mounting in the U.K. around the facial recognition technology being tested by London’s Metropolitan Police to safeguard the city streets.

Just a few months ago, criticism was mounting in the U.K. around the facial recognition technology being tested by London’s Metropolitan Police to safeguard the city streets.  

Then came COVID-19 and our focus and priorities changed. But as many non-essential stores get ready to re-open in mid-June, the general public is again facing the dilemma of adopting monitoring tech.  

Only this time is a more contested dilemma.  

A recent Intu survey revealed that 60% of shoppers actively encourage stores to implement surveillance technologies that help make shopping safer. The proposed measures include temperature scans at entry points and CCTV to control crowds.  

It’s not facial recognition. But we’re getting there. No wonder security experts are concerned that surveillance might be here to stay.

Switching focus to cyber viruses

One thing can’t be denied about the global response to the pandemic: we weren’t ready for it although we had been told to expect it.  

To help avoid future catastrophic mistakes, the World Economic Forum has issued a call to action for businesses and institutions to prepare for the cyber pandemic we know will come.  

In today’s interconnected world, a global cyberattack with a behaviour similar to COVID-19 (highly infectious and with high rates of asymptomatic infections) could lead to major cyber outages costing $50 billion per day.  

WannaCry and other large-scale breaches were the wake-up call, just like SARS and MERS foretold the current crisis. Let’s do something about it this time.

Building a solid AI foundation

Many are the companies looking to jump on the bandwagon of the AI boom. Sometimes even too quickly.  

Stephanie Overby at The Enterprisers Project shares some counterintuitive tips on how to implement artificial intelligence into business processes. Building a solid foundation is the crux of proper AI adoption.  

Key points include taking time to evaluate current needs, as well as investing in talent and skills before tools.

Discover 5 Online Courses to Get You Up-To-Speed with AI

News from the frontlines…

This is what the tech world is doing to help fight the pandemic:  

Biotech entrepreneurs are proposing another approach to mass testing: biosensors. Different sensor technologies currently under development could be advantageous over existing testing methods like the PCR test, providing faster and more accurate results. At a privacy cost, of course.      

Also, a new wristband helps avoid blood clots in patients that remain immobilised for long periods of time due to COVID-19.    

? ? ?

Finally, tech has always been about connecting people. But how about connecting people and animals? Folks in Palo Alto have created a website through which you can feed a flock of happy chickens in real time.   And don’t worry – it’s animal safe, solar-powered and you can even donate money to a pet rescue organisation.

Categories
DSI challenges IT Decision-makers

Finding security experts in the COVID-19 crisis: a major challenge for IT departments

Finding security experts in the COVID-19 crisis: a major challenge for IT departments
Find and assembling the right security experts & security team is proving even more difficult than it usually is already.

How to find the good security experts? About a third of the world’s population is estimated to be currently under confinement to stop the spread of the novel coronavirus. As a result, businesses across the globe are resorting to remote work to continue operations in those areas where that is possible. This is adding unprecedented amounts of stress to already understaffed IT departments. 

CIOs and other IT leaders find themselves racing against the clock to adapt the whole company’s infrastructure to a work-from-home scenario while tackling their biggest concern: cybersecurity. And for good reason – threats are increasing exponentially. 

But assembling the right security experts & security team is proving even more difficult than it usually is already. 

Security threats give no quarter  

Hackers are certainly not going to close shop because of a tiny microorganism. If anything, they are using it to their benefit. For instance; phishing emails; were already the most common form of attack experienced by organisations. But the past days have seen a great surge in attacks trying to lure employees into clicking on an email sent by “their boss” or containing virus-related information.  

Among the most reprehensible of attacks are those being experienced by health and medical institutions. Not even the World Health Organisation was spared, targeted earlier last month by a false-domain attack aimed at stealing passwords from agency staffers. The situation is so dire that a group of 400 security experts from international giants like Microsoft and Amazon has volunteered to fight hacking tied to the coronavirus.  

Yet that is not the main issue. The pressure being put on enterprise networks is quickly revealing system vulnerabilities. And especially for those companies least used to distributed work and that rely too much on local networks. In short, the soaring numbers of employees working from home are finally making most decision-makers aware of what IT leaders have been warning us for a while. The business world’s generalised lack of a comprehensive security policy and employee awareness training.    

Although effective measures like VPNs have gained adoption in recent years, problems generated by shadow IT and BYOD remain largely unresolved. Many staffers will be accessing company resources through their personal devices and networks in the coming weeks. Multiplying exponentially the potential points of entry for attackers.  

Experts are becoming even harder to find 

In turn, this increase in cyberthreats is exacerbating the skill and personnel shortages the security sector was already experiencing. According to a recent study by ISC, the global security industry lacks more than 4 million security professionals. The world’s security workforce would need to grow 145% yearly just to meet the demand for skilled talent.  

The shortage of skills impacts some of the most critical roles within IT security. Such as those related to identifying threats or patching and updating vulnerable systems. However, the deficit is more acute in areas tied to rapidly emerging or evolving technologies. For instance, and in this WFH crisis more than ever, security in multi-cloud environments is key. Unfortunately, few organisations have dedicated cloud security experts or proper encryption protocols for their data in the cloud.   

Not surprisingly, the cost of security expertise has also become a problem as the lack of skilled talent drives wages up. And so the vicious circle goes.   

Hire or outsource? 

With everyone battling over the same security experts. Defining a solid talent strategy and identifying the right partners can make the difference; between a multi-million breach and your department’s success.  

Regarding your talent strategy, you first need to decide whether you want to expand your team or rely on the temporary help of consultants. If you had been planning on bringing more people on board for some time, this might be the perfect time to create new permanent positions or fill vacant ones.  

On the other hand, calling on a freelancer will most likely allow you to speed up the selection process and provide a quicker response to the crisis. Working with an independent contractor can also help you secure exactly the skills you need at a more competitive cost. As the freelance talent market tends to be more agile and flexible. 

No matter which option you are leaning towards, don’t hesitate to seek the guidance and help of talent experts. Time is of the essence in the cybersecurity wars. Partnering up with the right IT staffing specialists will not only allow you to access the best talent; it will help you secure it before another company closes the deal.  

Need Extra IT Support? Avoid Mistakes When Hiring Tech Freelancers

Join our community and find your next job or expert in IT

Categories
IT Decision-makers Tips & errors to avoid

The Case for Automation in Software Development

The Case for Automation in Software Development
The rapid growth of automation in software development is not only prompting significant media buzz around its promising capabilities...

Robotic Process Automation (RPA) has made great strides in the enterprise world over the past few years. According to Gartner’s most recent study on the topic,  90% of robotic process automation (RPA) vendors will offer generative-AI-assisted automation by 2025. The rapid growth of automation (and here the case of automation in software development) is not only prompting significant media buzz around its promising capabilities, but also raising concerns about its long-term impact on overall employment.

Need advice on how to start or develop your freelance consulting business in tech or IT? Need to start a new permanent or freelance assignment? Join Mindquest and get support from our team of experts.

AI in the workplace: productivity gains and fears of trust

Surely, companies are increasingly relying on virtual employees — from chatbots to AI-powered personal assistants — to increase productivity and lessen the burden imposed on staff by time-consuming and repetitive tasks better left to machine learning algorithms. However, as it tends to be the case with artificial intelligence, there exists a generalised mistrust of synthetic agents and their overblown potential to replace humans.

As we have mentioned in the past, we should look at new technological developments from a more practical perspective rather than from a position of worry. Automation and artificial intelligence are tools that we can leverage to enhance the quality and speed of our work.

Embedded in the DevOps DNA

This is particularly true in a discipline like software engineering, which requires the full power of human ingenuity while also encompassing a series of tasks that burn through a lot of time and resources. Not surprisingly, automation is deeply ingrained within agile development methodologies and represents a big part of the day-to-day in DevOps.

In their effort to optimise software production pipelines, DevOps engineers take advantage of various automation tools that allow for faster, more robust development – although how much automation should exactly be involved in the process remains a cause of debate.

In any case, benefits of automation in software development are too great to ignore: speed, more resources and increased quality and security.   

Increased resource availability

Firstly, the continuous improvement and delivery (CI/CD) paradigm is an intensive process that involves many steps and requires increased collaboration between teams. Accordingly, automation has a great role to play to help with code testing, the updating of repositories and the integration of various software components.

Moreover, automation offers a possible solution for understaffed teams of developers. Skill and personnel shortages are a prevailing issue for the industry. Development teams can greatly benefit from eager bots and other automation tools tackling all those lower-level, time-consuming tasks.                                

Maintaining quality and app security together with speed

Given today’s accelerated and competitive product lifecycle and the need for companies to adapt to ever-changing markets, speed is key in the delivery of software solutions. However, it is hard to achieve optimum levels of speeds while preserving code integrity and ensuring security across your universe of solutions.  

Automation not only helps ensure the production of robust and quality code with fewer resources — it also leads to greater security standards by allowing developers to continuously monitor for vulnerabilities while maintaining the focus on higher-level aspects of software creation.

In fact, a recent report by Ponemon Institute and IBM revealed that organizations without security automation experienced in 2019 breach costs that were 95% higher than those companies with fully-deployed automation ($5.16 million average total cost of a breach without automation vs. $2.65 million for fully-deployed automation).

AI fuels innovation in business, but a shortage of qualified talent hampers its widespread adoption. To overcome the AI talent gap and gain a competitive edge, companies need effective strategies. Explore our infographic for the top 5 strategies to build a strong AI team.

Conclusion

This data underscores the ongoing significance of security automation in the contemporary cybersecurity landscape. As organizations grapple with evolving cyber threats and vulnerabilities, the adoption of automated security measures emerges as a key strategy for not only enhancing overall cybersecurity posture but also for minimizing the financial impact associated with data breaches. Therefore, as we progress into 2023, these insights serve as a compelling reminder for businesses to prioritize and invest in advanced security automation solutions to safeguard their digital assets and maintain resilience in the face of evolving cyber risks.

🔊 Subscribe to the podcast

Join our community and find your next job or expert in IT