As we are about to step into 2024, it is time to take a moment for self-reflection. For me, 2023 has been another great year of spreading cyber awareness. Despite the availability of the greatest technologies, and the stalwarts fighting cybercrimes, cyberattacks don’t stop. The main reason is the lack of basic awareness in the public domain. Hence, my small effort to spread cyber awareness to the general public by taking out the jargon as much as possible via various channels such as :
My website: https://madhubhat.com/
YouTube Channel: https://lnkd.in/gNXfUGqf
Facebook Page: https://lnkd.in/gVU8ij2Y
My Key 2023 articles are listed below (This is part list. The rest will be summarised in a subsequent post for better reading).
Cybersecurity is an enabling function. Security controls such as employee monitoring might seem that organizations don’t trust their people. Frisking in the airport makes air travel secure; if we take this as an embarrassment, we might lose our lives to the deadly acts of hijackers. The organizations need to communicate with employees as to why they need to monitor and be transparent about it. As the threat landscape changes, security controls need to evolve and provide the right level of protection and confidence to organizations and employees. While physical ODCs might have hibernated for a while partially; before anything bad happens, organizations need to smartly adapt to new ways of hybrid working without compromising security.
Identity Access Management (IAM) is defined by Gartner as “the security discipline that enables the right individuals to access the right resources at the right times for the right reasons” The definition looks simple, but the implementation is not! Contrary to the popular belief, IAM is not mere technology implementation, but rather a business-focused enterprise-wide strategic set-up. Hence, like any other Cybersecurity transformation, IAM implementation needs a clear strategy aligned to the Organization’s strategic priorities as well as long term view. It is important to remember that IAM impacts every employee (internal user of IT applications), contractors, and in some cases customers in case they access your IT systems. Hence, the user experience should be the centre of IAM implementation. Million-dollar technology investments will go down the drain if the users are not happy due to usability issues.
Cybersecurity capability set up are not merely Information Technology (IT) rollouts. Hence, benefits realization doesn’t happen with just the Technology set-up. The equally important and in many cases even more critical is the operationalization of technology delivery to ensure that the project objectives are fully achieved. Many times, Technology product vendor demos may seem that roll out of security tools is very straightforward. But benefits realization gets stuck in the post-implementation operationalization unless this is well thought through from day one of the project kick-offs. Nothing wrong with getting demos, but they provide a simplified view of the Technology product capability. The demos are often good to understand basic functionality as well as to compare different product features. But, these demos will not provide an overall impact on the upstream as well as downstream processes. When seeing the product in silos it might look fantastic, but when we try fitting the product in the overall ecology, we will come to know the overall impact. While this could be true for any technology rollouts, this is even more prominent in the security space.
There are a lot of discussions about ChatGPT. As per REUTERS, ChatGPT has already reached 100 million monthly active users as of January’23. This is remarkable adoption within just 2 months after this is launched for public usage. There are conflicting views about ChatGPT all over the world. An article from one of the famous newspaper dailies compared AI chatbots to threats bigger than nuclear bombs and opined that they can be disastrous to the human race unless regulated. On the other hand, another article described ChatGPT as an incredible Artificial Intelligence (AI) tool.
A number of organizations have already put ChatGPT to their benefit, some are evaluating and some others are watching. It really depends on the use case that determines how useful this tool is irrespective of how much people talk about this. No doubt that ChatGPT is a marvellous invention, which has taken Artificial Intelligence(AI)to its next stage. But lot more to come in this space!
When you click a button to accept all cookies on a website have you ever thought that it might impact your privacy? While cookies are important to provide a good browsing experience, it is important to know how they might impact your privacy.
Cloud ranks top amongst the emerging technologies for the past couple of years. COVID-19 effect pushed the digitization wave further, making Cloud even more prominent. With this, even the highly regulated industries such as Financial Services and Pharmaceuticals are now keen on Cloud adoption. The key questions that we keep hearing are :
- Is Cloud as secure as our on-premise Data Centers?
- Can we trust a third party in storing sensitive data?
- How do we ensure compliance with regulations such as GDPR(General Data Protection Regulation)?
In simple terms, encrypting viruses are malicious software programs purposefully designed to encrypt files on a victim's system. Once the attackers encrypt the files, they ask for ransom for supplying the decryption key required for decrypting files for the victim to get the access back. In other words, encrypting viruses are nothing but ransomware. For businesses, it poses a do-or-die scenario.
Can these be prevented? The answer is yes:
1. Awareness and security education- This is the best weapon to ensure your employees don’t fall into a hacker’s social engineering trap.
2. Regular patching to ensure your operating system and software is up to date with the latest security patches
3. Have a well thought backup strategy
4. Zero Trust and Micro-segmentation
5. Have well-rehearsed Incident Response ahead of time