How do we stop hackers without understanding their true nature? What are they after, what is valuable to them? And how does what is valuable to them translate to our losses?
Being in the business of threat intelligence, we see how disproportionate hackers’ gains are when compared to the losses they inflict upon affected organizations. By far, not every stolen record gets abused. Yet, since there is no easy way to determine what becomes of the stolen data, the organization has to declare a total loss, even in a case of a minor breach.
Let’s try to understand hackers a little bit more. Who are they? Who do they work for? Where do they reside? What motivates them? How did they learn their craft? What do they do with the stolen data? What are they afraid of?
Deloitte Technology, Media and Telecommunications predicted recently that more than 1B devices would be reader-enabled for biometrics by the end of 2017. This is a very significant milestone for many reasons.
Over the years, there has been a lot of hype about the potential of biometrics for authentication and other purposes, but the lack of availability to consumers meant adoption was behind the hype curve. Device manufacturers have since changed this picture with native biometric support of mobile and tablet devices.
One of the most influential conversations in Cheryl Santor’s career required plenty of gumption.
Santor, working in IT at a mortgage banking firm in the 1990s, had major concerns about non-proprietary memory that had been installed, jeopardizing the main system for collecting loan information. She voiced her concerns to her CIO in no uncertain terms, believing the integrity of the loan origination system was at stake.
It turns out, Santor’s candor – and insights – were respected more than she could have anticipated. About a year later, that same CIO hired her to work at a national bank where she eventually became CISO.
Business leaders must take accountability for governing and managing IT-related assets within their units and functions just as they would other assets, such as those involving physical plant or human resources.
This is critical as achieving enterprise goals becomes increasingly interconnected with successfully managing and governing its technology. COBIT 5 provides the framework needed to connect business goals with IT goals while utilizing non-technical, business language, as explored in a recent ISACA podcast. John Jasinski, a COBIT certified assessor, discusses the framework’s core principles and enablers, and ways in which enterprises can successfully leverage them.
Editor’s note: Daymond John, the FUBU clothing founder, Shark Tank reality TV judge and a self-made multimillionaire, will deliver the closing keynote address at ISACA’s North America CACS 2017 conference, which will take place 1-3 May in Las Vegas, Nevada, USA. John visited with ISACA Now about what innovation means to him, his approach to taking business risks and the Shark Tank experience. The following is an edited transcript:
ISACA Now: The word ‘innovative’ is thrown around a lot. What does that mean to you, and in what ways has that kind of mindset allowed you to achieve such a high level of success with FUBU and your other ventures?Innovation is the process of creating something new, which oftentimes is just a newer version of something that already existed. For example, to me, Twitter was a note on a pigeon's leg hundreds of years ago. It’s just a new form of delivery.
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.