The pressure is on to navigate economic uncertainty. Gartner’s downward revision of projected worldwide IT spending in 2023 from 5.1% to 2.4% growth underscores how inflation, interest rate fluctuations, and consumer spending are reshaping forecasts, investment portfolios, and the CIO agenda. Regardless of your company’s investment posture during this period of instability, interactions with the CFO have likely increased and become more consequential in the last few months. 

To effectively traverse these interactions, CIOs must start with empathy. Walk in the shoes of the CFO. Acknowledge that they are fighting a battle on multiple fronts, from investors, creditors, board members, regulators, and peers, to name a few. Recognize that if your company’s top line is shrinking, the business is planning to recalibrate, and the CFO needs your help.  

In this moment of need, will the CFO view you as a business-savvy CIO with the chops to take on an expanded role in the C-Suite, or a barrier to visibility into a high-spend function? The answer hinges on your ability to keep tabs on three related topics that will likely surface in conversations with the CFO.  

Keep tabs on the keep the lights on (KTLO) budget 

If you fall on hard times in your personal life, you pay for your mortgage, health insurance, and groceries first to cover the necessities: shelter, security, and food, respectively. What are the necessities in your IT budget to keep the lights on (KTLO)? All things related to maintaining the systems to land, expand, and renew business at forecasted volumes are no brainers. Securing the technical estate from bad actors? Of course. While not an ideal situation, the CFO needs to know what the IT budget could be if the company shifted towards a “KTLO only” posture.  

To get here, we recommend inventorying spend across all categories (labor, projects, technology, etc.) to identify areas that could be paused or removed and estimating financial impact. Solicit input from trusted deputies and document the risks and implications of specific line items. Articulate how the budget could look in terms of operating and capital expenditure over the next 12 months, acknowledging that termination clauses and knowledge transfer may limit the speed of battening down the hatches, and that cancelling some investments are riskier than others. Build multiple budget scenarios with increasing levels of cost reduction to illustrate the plays you could run in response to various market conditions.  

Build compelling (and corroborated) cases for sustained investments 

If there are non-KTLO expenditures that you believe should be sustained, be prepared to explain why. Discuss the risky ones. Explain the tradeoffs. Be forthcoming if you think cutting too deep in the short run will lead to avoidable expenses in the future. In a soft market, initiatives that buoy margins will have the most staying power. 

In a tight financial climate, however, the business case may only go as far as the BU leader’s willingness to corroborate the benefits. Coordinate with your counterparts in the business to make sure you are speaking the same language and that your request isn’t artificially inflated by double-counted technology line items. Separate recurring and non-recurring operating expenses to identify annualization impacts and discover where EBITDA add-backs could help the cause. And remember that while new capital expenditures are spread across several periods on the income statement, it’s all cash going out the door in the eyes of a cost-conscious CFO.  

Deliver multiple views of labor spend 

IT personnel is likely the largest or second largest category in your budget, so prepare accordingly. Be ready to break your labor spend down in several ways: full time employees vs. contractors, operations vs. innovation, fixed vs. variable, and projects vs. KTLO, to name a few. If you have individuals, or teams structured around products, working on KTLO and new capabilities, estimate the breakdown at the individual or team level. Even if the findings only provide directional guidance, you will make inroads with the CFO for proactively thinking this way. If your top line is shrinking, prepare for questions on adjusting your cost structure to sustain margins during the storm. Finally, if your company is in dire straits, or if your CFO has a penchant for zero-based budgeting, be prepared for the resource-by-resource breakdown to explain exactly how each teammate is spending their time.  

Immediate and long-term implications for CIOs 

If this information is a few clicks away, consider yourself ahead of the game. If it feels more like a long putt, consider sharpening your pencil, especially if you see clouds on the horizon. An inability to produce this analysis quickly may create friction with the CFO and lead them to take matters into their own hands (or worse, shift matters to the hands of a third party carrying a blunt instrument and a deadline). Economic conditions aside, developing financial acumen was the leading skill CIOs surveyed at the December 2022 Metis Strategy Digital Symposium were looking to sharpen as they contemplate expanded roles in the C-suite. Now is the time to hone those skills.   

CFO, CIO, IT Leadership

The post-pandemic reality. Macroeconomic turbulence. Explosive technology innovations. Generational shifts in technological expectations. All these forces and more drive rapid, often confusing change in organizations large and small.

With every such change comes opportunity–for bad actors looking to game the system. Cybersecurity cannot stand still, or the waves of innovation will overrun the shores.

Adversaries continue to innovate. Keeping up–and hopefully, staying ahead–presents new challenges. Here is a short list of recent considerations for CIOs as they work with their teams to shore up their defenses.

Multifactor authentication fatigue and biometrics shortcomings

Multifactor authentication (MFA) is a popular technique for strengthening the security around logins. With MFA, the website or application will send a text message or push notification to the user with a code to enter along with their password.

MFA fatigue or ‘push phishing’ is a popular hack that targets MFA by repeatedly sending the user superfluous, malicious MFA notifications in hopes they inadvertently accept one or simply click to stop the annoying flood of messages.

In other cases, MFA includes a biometric step–reading a fingerprint, scanning a face, and the like. Users appreciate the convenience of biometrics, but they have their flaws as well. 

Sometimes they simply don’t work, perhaps due to a change in contact lenses or a new tattoo. Any spy thriller aficionado will also know it’s possible to ‘steal’ someone’s fingerprint or facial image–and once an individual’s biometric is compromised, there’s no way to change it the way we change passwords.

Security implications of ChatGPT and its ilk

ChatGPT and other generative AI technologies have taken the world by storm, but the combination of their sudden popularity and a general lack of understanding of how they work is a recipe for disaster.

In reality, generative AI presents a number of new and transformed risks to the organization. For example, ChatGPT is eerily proficient at writing phishing emails–well-targeted at particular individuals and free from typos.

A second, more pernicious risk is the fact that ChatGPT can write malware. Sometimes the malware has errors, but with simple repetition the hacker can generate multiple working versions of the code. Such polymorphic malware is particularly hard to detect, because it may be different from one attack to another.

Securing the software supply chain

The Log4j vulnerability that reared its ugly head in late 2021 showed a bright light on the problem of software supply chain security.

Most commercial enterprise software products and nearly all open-source ones depend upon numerous software packages and libraries. Many of these libraries are themselves open-source and depend upon other libraries in a complex network of opaque interdependencies.

Some of these components have professional teams that test and maintain them, releasing security patches as needed. Other open-source components are the result of some lone developer’s moonlighting activities from years past. 

For each open-source component in your entire IT infrastructure, which are the well-maintained ones, and which are the forgotten work of hobbyists? And how do you tell?

Getting ahead of the ransomware gangs

Ransomware is big business for the criminal gangs who have figured out how to capitalize on it. The malware itself is easy to buy on the Dark Web. In fact, there’s a veritable bazaar of ransomware variations, as hackers maneuver to create the most pernicious version.

From the enterprise side, the ransomware problem is multifaceted and dynamic. The malware itself continues to evolve, as do the criminal strategies of the perpetrators. 

The most familiar strategy–encrypting files on servers and then demanding a ransom for the decryption key–is but one approach among many. Other attackers steal data and threaten to release it to the public. Another angle is to target the victim’s backups.

No list of strategies and techniques does the ransomware problem justice, as the bad guys continue to innovate. CIOs and CISOs must remain eternally vigilant.

Managing costs while supporting digital transformation

The Covid pandemic accelerated many digital transformation initiatives as executives struggled to meet the suddenly changing needs of both customers and employees.

Today, economic challenges generate digital transformation headwinds as the needs of customers and employees change once again to address post-pandemic realities.

Cybersecurity budgets are typically caught between these two forces. Given the importance of meeting customer needs on limited resources, how important is cybersecurity?

It’s vitally important, of course – but it’s only one of the many risks CIOs must mitigate. Other risks include operational risk (the risk of downtime), technical debt risk (the risk of failures of legacy technologies), as well as compliance risk.

There’s never enough money to drive all these risks to zero–so how should executives decide which risks to mitigate and how much money and time to spend mitigating them?

Organizations must be able to engineer comprehensive risk management that quantifies each type of risk and establishes risk targets that conform to budgetary and human resource limitations.

This ‘threat engineering’ gives CIOs a justifiable approach to making cybersecurity expenditure decisions while also mitigating the other risks facing the IT organization.

Advice moving forward

This article highlights modern security trends for CIOs that weren’t on anybody’s radar as little as five years ago. Five years from now, the list might once again be entirely different.

Such is the nature of cybersecurity risk management. The risks continue to evolve as adversaries improve their strategies. CIOs must remain vigilant while they leverage state-of-the-art cybersecurity tools and strategies to keep one step ahead of the bad guys.

Read the eBook: Views from the C-suite: Why endpoint management is more critical than ever before

© Intellyx LLC. Tanium is an Intellyx customer. Intellyx retains final editorial control of this article. No AI was used in the production of this article.

Security

Cloud architectures and remote workforces have effectively dissolved the network perimeter, the traditional line of defense for IT security. Lacking that decisive boundary, the work of security teams has changed. Now to guard against data breaches, ransomware, and other types of cyber threats, protecting network endpoints is more important than ever. 

But protecting endpoints is a priority with a massive scope. Endpoints encompass everything from employee laptops, desktops, and tablets to on-premises servers, containers, and applications running in the cloud. Endpoint security requires a comprehensive and flexible strategy that goes way beyond what security teams relied on a decade or more ago. Then IT assets were nearly all on-premises and protected by a firewall. Those days are over.

Ransomware continues to evolve

Ransomware continues to be a major threat to organizations of all sizes. After declining for a couple of years, ransomware attacks are on the rise again. They increased 23% from 2021 to 2022. 

Not only are attacks more frequent, they’re also more disruptive. In 2021, 26% of attacks led to disruptions that lasted a week or longer. In 2022, that number jumped to 43%.

On average, each of these attacks cost its victim $4.54 million, including ransom payments made as well as costs for remediation. As bad as these numbers are, they’re poised to get worse. That’s because in the past year, attackers have adopted new models for extorting money from victims.

Business email compromise attacks

Another prevalent form of attack is business email compromise (BEC), where criminals send an email impersonating a trusted business contact, such as a company CEO, an HR director, or a purchasing manager. The email, often written to convey a sense of urgency, instructs the recipient to pay an invoice, wire money, send W-2 information, send serial numbers of gift cards, or to take some other action that appears legitimate, even if unusual. If the recipient follows these instructions, the requested money or data is actually sent to the criminals, not the purported recipient.

Between June 2016 and December 2021, the FBI recorded over 240,000 national and international complaints about BEC attacks, which cumulatively resulted in losses of $43 billion. Ransomware might make more headlines, but BEC attacks are 64 times as costly. And they are becoming more frequent, increasing 65% between 2019 and 2021.

“Endpoint monitoring won’t stop a BEC attack,” explains Tim Morris, Chief Security Advisor, Americas at Tanium. “But it might tell you a little more about the person who opened the email and what they did with it. Context can give you the clues you need for determining whether the attack is part of a broader campaign, reaching other recipients with deceptive messages.”

Practical tips for endpoint management

How should CIOs and other IT leaders respond to these evolving threats? Here are five tips.

Treat endpoints as the new network edge.

With so many people working remotely and 48% of applications running in the cloud, it’s time to recognize that the new line of defense is around every endpoint, no matter where it is and what type of network connection—VPN or not—it’s operating with.

2. Identify all devices connecting to the network, even personal devices not officially authorized.

“You can’t secure what you can’t manage,” says Morris. “And you can’t manage what you don’t know.” Security Operations Centers (SOC) need to know all the endpoints they’re responsible for. Audits of enterprise networks routinely find endpoint management systems miss about 20 percent of endpoints. SOC teams should put tools and processes in place to ensure they have a complete inventory of endpoints and can monitor the status of endpoints in real time.

3. Patch continually.

Patching has always been important to ensure endpoints have access to the latest features and bug fixes. But now that software vulnerabilities have emerged as a major inroad for attackers, it’s critically important to ensure patches are applied promptly. Organizations can’t hope to respond to supply chain attacks like Log4j without putting in place automated solutions for software bills of materials and patching.

4. Drill.

Once you have a cybersecurity plan, a cybersecurity toolset, and a trained staff, it’s important to practice hunting for threats and responding to attacks of all kinds. It’s helpful to take a Red Team/Blue Team approach, assigning a team of security analysts to break into a network while another team tries to defend it. These drills almost always uncover gaps in security coverage. Drills also help teams build trust and work together more effectively.

5. Get endpoint context.

When attacks occur, it’s important to respond as quickly as possible. To respond effectively, security teams need to understand what’s happening on affected endpoints, no matter where they are. Which processes are running? What network traffic is taking place? What files have been recently downloaded? What’s the patch status?

Analysts often need answers in minutes from endpoints thousands of miles away. And they don’t have time to install new software or hope the remote user can help them set up a connection. Security teams need to have a system already in place for analyzing endpoints and collecting this data, so that when any type of attack occurs—even attacks like BEC attacks—they can collect the contextual information needed for understanding what happened and what threats remain active.

Cyber threats are becoming more prevalent, more sophisticated, and harder to identify and track. For more tips—five more in fact—on how to reduce the risk of cyberattacks and ensure that when attacks occur, they can be contained quickly and efficiently, check out this eBook.

Security

Purchase a cheap card swipe cloner off the Dark Web. Distract a hotel housekeeper for a moment and clone their master key.

Use your mark’s email address to access a login page. Choose to reset the password and have the code sent to the mark’s phone. Check their voicemail using the default last four digits of the number as the PIN.

Watch someone accessing their bank info or email account on their laptop in an airport lounge. They log off to get a drink but leave the laptop open. Quickly reset their password, sending the code to their phone which they conveniently left by their computer. Read the code off the phone screen without even unlocking the phone.

Or perhaps the easiest of all: wait for your victim to step away from their unlocked workstation and quickly copy down their plaintext passwords from their password manager app.

There are multiple takeaways from the examples above. First, attack surfaces continue to expand dramatically. The number and variety of endpoints are limited only by the imagination of the cybercriminal. 

Second, none of these attacks requires much technical sophistication. Even the Dark Web might be optional. Simply google for a variety of tools to accomplish the malicious goal.

But perhaps most importantly: no amount of expensive cybersecurity gear will keep someone from typing in their password in view of prying eyes, losing sight of their RFID badge for a moment, or unlocking their phone in the presence of a threat actor. In recent years, researchers have reported that 73% of mobile device users have (deliberately or accidentally) observed someone else’s PIN being entered.

Multifactor authentication and employee training help, but given time and opportunity, even less-experienced attackers can break into poorly secured accounts.

We call this a basic type of social engineering attack shoulder surfing

The simplest examples indeed involve looking over someone’s shoulder. The problem with shoulder surfing attacks is that there is no way to prevent all of them. Some of them are bound to succeed. 

As with the more widely known phishing attacks, all it takes is one vulnerable individual to break into an account—or into an entire organization.

Shoulder surfing mitigation: start with good cyber hygiene

Prevention will never stop all attacks, but an ounce of cyber hygiene still goes a long way. MFA is a must-have. Employee training should also include shoulder surfing awareness. 

You already have some form of social engineering mitigation (or if you don’t, then you should!). Shoulder surfing is technically a form of social engineering, but it differs from the more familiar approaches insofar as the target is often completely unaware they’re being pwned. 

Social engineering prevention techniques focus on awareness of social interactions and identifying suspicious behaviors. While this is an important piece of the puzzle, some attacks will still go unnoticed, no matter how diligent the victim is. 

Perhaps most important: adopt a zero-trust philosophy across your organization and cybersecurity roadmap. There is no longer any such thing as perimeter security. Do not grant trust without real-time evaluation of whatever network, device, or user account is accessing a resource. Trust, after all, is the most valuable asset an attacker can exploit.

The best solution: real-time detection of suspicious endpoint behavior

Regardless of the attack vector, or even the attacker’s level of stealth, shoulder surfing attacks are the beginning of an attack chain. All attack chains have one thing in common: the attacker wants to do something with their access that a compromised user wouldn’t normally do themselves.

In other words, fighting shoulder surfing and the attacks that it spawns depends upon behavioral analysis. What are the normal user behaviors when someone logs in or otherwise accesses an endpoint? Compare those to the actual behaviors for each attempt. Are they out of the norm?

Such behavioral analysis is a cybersecurity mainstay. When hunting or responding to abnormal behavior in your environment, there are some specific priorities to keep in mind:

Catching the perpetrators in real time is essential. Once the attacker has uploaded malware to the target system and begun the process of lateral movement, the scope of the attack (and cost of containment and recovery) has expanded. Effective behavioral analysis in real-time provides the opportunity to detect and respond to suspicious actions in seconds, not hours.The sorts of behaviors to look for are varied. It might be unfamiliar network traffic, newly installed software, or the plugging in of a new device. Suspicious behavior might also include unusual use of already installed apps or services, including uncommon usage patterns of common administrative tools like PowerShell.Something that is supposed to exist might be missing. Real-time awareness of health and configuration issues of critical security and incident response tooling is essential. Prime your environment operational efficacy at any moment by monitoring for disruptions to critical endpoint agents and endpoint detection and response (EDR) products.

Tools like the Tanium platform are adept at addressing all these priorities.

Be proactive

Despite huge investments in cybersecurity protection across the industry, breaches still occur and demand a multilayered approach to visibility, security policy enforcement, detection, and incident response. Security admins can then configure the appropriate endpoint security policies ahead of time, enabling the platform to evaluate behaviors in accordance with policies in real time.

Tanium can quickly assess your environment, and report on endpoint configuration and anomalies, apply configuration policies and automate updates and configuration to ensure that everything is in a ready state for rapid response when necessary. 

While social engineering and other shoulder surfing attacks may bypass much security tooling, the goal is to identify such anomalous use of access rapidly and evict the attacker before they accomplish their goals.

The Intellyx take

Endpoint protection has always been a cat-and-mouse game. The attackers are numerous, persistent, and imaginative.

Given the inexorable pace of technology innovation, with all the devices, applications, and protocols hitting the market every day, there are always new opportunities for hackers to find some new way to achieve their nefarious ends.

Individuals and their organizations must therefore take an active, multilayered approach to protecting themselves. Don’t trust any endpoint. Expect to be breached, nevertheless. And implement a platform like Tanium’s to keep one step ahead of the attackers.

Security

In today’s cybersecurity environment—with new types of incidents and threat vectors constantly emerging—organizations can’t afford to sit back and wait to be attacked. They need to be proactive and on the offensive when it comes to defending their networks, systems, and data.

It’s important to understand that launching an offensive cybersecurity strategy does not mean abandoning traditional defensive measures such as deploying firewalls, intrusion detection systems (IDS), anti-malware software, patch management, security information and event management (SIEM), and other such tools.

Going on the offensive with cybersecurity involves taking extra steps to preemptively identify weaknesses before bad actors can take advantage of them. It means thinking like they do and anticipating their moves. While the idea of taking a proactive approach to security is not new, it has taken on greater significance given the level of risk so many organizations face today.

Threat hunting strategy

One of the most effective ways to be proactive with security is to deploy a threat-hunting strategy. Cyber threat hunting is a proactive defense initiative in which security teams search through their networks to find and isolate advanced threats that evade existing security tools.

Whereas traditional solutions such as firewalls and IDS generally involve investigating evidence-based data after an organization has received a warning of a possible threat, threat hunting means going out to look for threats before they even materialize.

Gain visibility

Several key components make up the foundation of a strong threat-hunting program. The first is the ability to maintain a complete, real-time picture of the organization’s environment so that threats have no place in which to hide. If the security team is not able to see the threats within their organization’s environment, how can it take the necessary steps to stop them?

Having the kind of visibility that’s needed can be a challenge for many organizations. The typical IT infrastructure today is made up of diverse, dynamic, and distributed endpoints that create a complex environment in which threat vectors can easily stay out of sight for weeks or even months.

That’s why an organization needs technology that allows it to locate each endpoint in its environment and know if it’s local, remote or in the cloud; identify active users, network connections, and other data for each of the endpoints; visualize lateral movement paths attackers can traverse to access valuable targets; and verify whether policies are set on each of the endpoints so they can identify any gaps.

Proactively hunt for threats

The second key component of threat hunting is the ability to proactively hunt for known or unknown threats across the environment within a matter of seconds. Security teams need to know if there are active threats already in the environment.

They need to be able to search for new, unknown threats that signature-based endpoint tools miss; hunt for threats directly on endpoints, rather than through partial logs; investigate individual endpoints as well as the entire environment within minutes without creating a strain on network performance; and determine the root causes of any incidents experienced on any endpoint devices within the environment.

Remediating threats

The third foundational component of threat hunting is the ability to respond to and resolve any threats that the security team finds within the same unified platform. Finding a threat is not enough—it has to be obliterated.

A threat-hunting solution should enable security teams to easily shift from threat hunting to response by using a single dataset and platform; quickly applying defensive controls to endpoints during an incident; learning from incidents and, through this knowledge, hardening the environment to prevent similar attacks,and streamlining policy management to keep endpoints in a secure state at all times.

What to look for in a threat-hunting solution 

A key factor to look for in a threat-hunting solution is the ability to use statistical analyses to better understand whether particular incidents are notable. That can only happen when a system can enrich data telemetry in real time, at scale, and in constantly changing situations.

Security teams can leverage every log source, piece of telemetry, and bit of endpoint metadata and traffic flow in an aggregated manner to get a clear understanding of what’s going on. Threat actors will not be able to get into an organization’s environment completely undetected. It’s only a matter of whether the threat-hunting team is leveraging the right data to track them down.

It’s important for security hunting teams to have high-confidence threat intelligence and to follow the right feeds. While enriching alerts with real-time intelligence is not always easy, it’s vital for success. Teams need to work with trusted sources of data and must be able to filter the data to reduce false positives as well as false negatives.

In addition to threat hunting, organizations can leverage services such as penetration testing and threat intelligence. With penetration testing, an organization hires a service provider to launch a simulated attack against its networks and systems to evaluate security.

Such tests identify weaknesses that might enable unauthorized actors to gain access to the organization’s data. Based on the results, the security team can make any needed enhancements to address the vulnerabilities.

Cyber threat intelligence is any information about threats and threat actors that is intended to help companies mitigate potential attacks in cyberspace. Sources of the information might include open-source intelligence, social media, device log files, and others.

Over the past few years, threat intelligence has become an important component of cybersecurity strategies, because it helps organizations be more proactive in their approach and determine which threats represent the greatest risks.

By being proactive about security, organizations can be out in front of the ever-expanding threat landscape. They can help to ensure that they’re not just waiting impassively for attacks to come, but taking initiatives to stop bad actors before they can act.

Learn how a converged endpoint management platform can help CIOs keep pace with tomorrow’s threats. Check out this eBook, The cybersecurity fail-safe: Converged Endpoint Management.

Security

Ensuring strong software security and integrity has never been more important because software drives the modern digital business. High-profile vulnerabilities discovered over the past few years, with the potential to lead to attacks against organizations using the software, have hammered home the need to be vigilant about vulnerability management.

Perhaps the most dramatic recent example was the zero-day vulnerability discovered in Apache’s popular open-source Log4j logging service. The logging utility is used by millions of Java applications, and the underlying flaw—called Log4Shell—can be exploited relatively easily to enable remote code execution on a compromised machine. The impact of the vulnerability was felt worldwide, and security teams had to scramble to find and mitigate the issue.

In November 2022, open-source toolkit developers announced two high-severity vulnerabilities that affect all versions of OpenSSL 3.0.0 up to 3.0.6. OpenSSL is a toolkit supporting secure communications in web servers and applications. As such, it’s a key component of the Transport Layer Security (TLS) protocol, which ensures that data sent over the internet is secure.

SBOMs as a solution

One of the most effective tools for finding and addressing such vulnerabilities and keeping software secure is the software bill of materials (SBOM). SBOMs are formal, machine-readable records that contain the details and supply chain relationships and licenses of all the different components used to create a particular software product. They are designed to be shared across organizations to provide transparency of the software components provided by different players in the supply chain.

Many software providers build their applications by relying on open-source and commercial software components. An SBOM enumerates these components, creating a “recipe” for how the software was created.

For example, something like the OpenSSL toolkit includes dependencies that are difficult or, in many cases, impossible for traditional vulnerability scanners to uncover. It requires a multilayered approach to help security teams identify third-party libraries associated with a software package. This is where an SBOM can help.

The U.S. Department of Commerce has stated that SBOMs provide those who produce, purchase, and operate the software with information that enhances their understanding of the supply chain. This enables multiple benefits, most notably the potential to track known newly emerged vulnerabilities and risks.

These records form a foundational data layer on which further security tools, practices, and assurances can be built, the Commerce Department says, and serve as the foundation for an evolving approach to software transparency.

A 2022 report by the Linux Foundation Research, based on a survey of 412 organizations from around the world, showed that 90% of the organizations had started their SBOM journey.

More than half of the survey participants said their organizations are addressing SBOMs in a few, some, or many areas of their business, and 23% said they are addressing them across nearly all areas of their business or have standard practices that include the use of SBOMs. Overall, 76% of organizations had a degree of SBOM readiness at the time of the survey.

The research showed that the use of open-source software is widespread and that software security is a top organizational priority. Given the worldwide efforts to address software security, SBOMs have emerged as a key enabler, it said. Growth of SBOM production or consumption was expected to accelerate by about 66% during 2022, leading to SBOM production or consumption use by 78% of organizations.

The top-three benefits of producing SBOMs identified by survey participants were that SBOMs made it easier for developers to understand dependencies across components in an application, monitor components for vulnerabilities, and manage license compliance.

Key features to consider

SBOMs are a key to quickly finding and fixing vulnerabilities before it’s too late. That’s because they dig deep into the various dependencies among software components, examining the compressed files with applications to effectively manage risk. It might take a software vendor days or weeks to confirm with its developers whether its products are affected or not. That’s too long a window of opportunity in which cybercriminals can exploit vulnerabilities.

With SBOMs, security teams can know exactly where an affected component is being used across applications in use within their organizations.

It’s important for organizations to understand that not all SBOM offerings from vendors are alike. An ideal solution delivers critical, real-time visibility into an organization’s software environments, enabling them to make better-informed decisions to manage risk.

SBOMs should be able to answer questions such as:

Exactly where is a particular software package located?Which open-source dependencies, if any, does an application use?Which version of the software package is running?Do any other applications use the software package?

A key capability includes having the ability to understand every software component at runtime, uncover software packages and break them apart to examine all constituent components without the need to engage the software vendor.

SBOMs should also be able to address any vulnerabilities or misconfigurations found in the various software components; take quick action to mitigate supply chain risk, even removing applications completely across affected endpoints; and optimize an organization’s investments in third-party tools by populating them with granular, accurate and real-time SBOM data.

The takeaway 

Digital businesses today rely on software to support all kinds of processes. In fact, it’s difficult to imagine any company operating without applications. Keeping software secure and reliable is essential for success today.

With solutions such as SBOMs, security teams at organizations can be confident that they have a good handle on all the complexities inherent in the software world, and that they are keeping up on any flaws that need to be addressed to keep applications secure.

Learn how Tanium’s Converged Endpoint Management (XEM) platform can address SBOMs to give your organization real-time visibility—even in the most complex software environments.

Security

Oracle is extending its MyLearn program, offered via the company’s University portal, to cover its NetSuite midmarket ERP products.

Like the Oracle University version of MyLearn, NetSuite’s MyLearn program — which offers courses on Oracle Cloud Infrastructure (OCI) and SaaS offerings such as Fusion applications — will offer courses on its product fundamentals and implementation. The courses will be available through a sub-portal, Oracle said Wednesday.

The courses, live training and on-demand modules can be used by enterprises to accelerate NetSuite implementations, simplify employee training, and identify new features in products and experiment with them for new use cases, the company said.

Under the NetSuite MyLearn program, the company offers two options: NetSuite Explorer Pass, which is free, and NetSuite Learning Cloud Support Company Pass, which is offered for a fee and is only available to NetSuite users.  

For Explorer Pass, a user needs to create a free account to access the program content, which includes a total of 63 courses on  topics such as introduction to NetSuite, accounting and finance, human capital management, inventory management, sales and marketing.

In order to get access to more detailed content, live webinars and hands-on training, a user has to choose the NetSuite Learning Cloud Support Company pass. This paid version, according to the company, offers detailed courses in multiple languages and formats, including role-based personalized learning paths, on-demand modules, live interactive webinar trainings, and practice environments.

The languages currently on offer includes English, Japanese, French, German, Chinese, Portuguese, and Spanish.

For all users accessing the NetSuite MyLearn courses library, the company provides a customizable dashboard to monitor their learning progress and recommend content, NetSuite said.

Oracle did not immediately provide information on the fee structure for Company Pass content.

Enterprise Applications, ERP Systems

In today’s era of economic uncertainty, enterprises must embrace digital transformation to stay relevant. By 2026, global spending on digital transformation is expected to reach US$3.4 trillion, and this trend is accelerating. For most enterprises, digital transformation encompasses the infrastructure needed to facilitate computing, storage, and networking, while digital technologies such as the cloud, Artificial Intelligence (AI), and advanced networks are critical enablers for future digital development.

To further the discussion on these technologies, Huawei hosted its 5th Industry Digital Transformation Summit at the Mobile World Congress (MWC) 2023 in Barcelona. The Summit acted as a platform that engendered meaningful conversations among global enterprise customers and digital industry leaders, and facilitated discussions on innovation and development in the realms of digital infrastructure and digital technologies.

Developing Tailored Digital Solutions for Industry Applications

As digital technology matured, so have the demands for tailored, scenario-specific digital solutions in various sectors. Solutioning requirements across industries, or even within industry verticals, often appear similar at first. However, to fully realise the benefits of digital innovation, organisations need to match specific scenarios to specific solutions.

At MWC 2023, Huawei showcased how it works closely with diverse global and local partners to provide a range of scenario-specific solutions for public services, healthcare, education, and electric power suppliers.

Despite having already launched more than 100 scenario-based solutions, David Wang, Executive Director of the Board, Chairman of the ICT Infrastructure Managing Board, and President of Enterprise BG, Huawei, emphasised the company’s continued commitment to deepen its roots in the enterprise market and go further in its pursuit of innovation.

“We are ready to use leading technologies and dive deep into scenarios. Together with our partners, we will enable industry digitalisation, help SMEs access intelligence, and promote sustainable development to create new value together.” added Wang.

David Wang delivered an opening speech for the Industry Digital Transformation Summit

Huawei

Huawei’s scenario-based approach is already transforming diverse industries, including education and finance. Some notable examples include:

Huawei Smart Classrooms

In traditional school systems, teaching resources tend to be unevenly distributed due to infrastructure and economic differences. Over the last five years, China invested over 1.7 trillion yuan to solve this imbalance, developing smart classrooms in 90% of the country’s schools.

Students from all regions, rural and urban, now have the same access to immersive learning and high-quality teaching resources via a national smart education platform. At MWC 2023, Huawei announced the launch of the Smart Classroom 2.0 solution, leveraging Wi-Fi 7 and intelligent edge devices to enable smart teaching practices through cloud-edge synergy.  The smart classroom solution has opened a world of equal educational opportunities to students of all backgrounds.

Intelligent Finance

Mobile payment is fast becoming a global norm: two billion people were using mobile payments worldwide, with a total transaction volume exceeding US$17 trillion, with an annual growth rate of 27% in 2021. But not everyone has access to a mobile phone or formal banking facilities. In Ghana, two thirds of the population lack a bank card, and 60% of people use feature phones rather than smartphones.

Recognising these challenges, Ghana Commercial Bank launched the mobile money platform G-Money which allows Ghanaians to use their mobile phones for deposits and money transfers; this attracted over 700,000 mobile money users. At the heart of Mobile Money is Huawei’s mobile wallet solution, designed to enable basic financial services on feature phones and smartphones, just one example of Huawei’s work with global partners to build payment and micro-finance solutions. Today, Huawei’s Intelligent Finance Solution is a trusted service provider for 400 million users worldwide, from street vendors in China to migrant workers in Ghana.

Collaborating with Global Partners and Helping SMEs Access Artificial Intelligence

To build effective solutions that enable digitalisation, Huawei leverages its global partnership ecosystem of more than 35,000 partners. Huawei works closely with these partners to constantly build stronger capabilities within the ecosystem, while cultivating a deep pool of ICT talent. To date, Huawei has certified over 750,000 ICT professionals and has collaborated with over 2,400 talent alliances.

Huawei is also focused on enabling SMEs, by making it easier for small enterprises to get access to a range of digital infrastructure, technologies, expertise, and Artificial Intelligence.

Holding True to Social Values

As societies worldwide grapple with the effects of climate change and the challenges of ensuring environmental sustainability, technology is playing a critical and growing role in mitigating human impact on the environment.

Digital technology has immense potential to promote sustainable development while creating greater social value through innovation and collaboration. Whether it’s ensuring biodiversity through digital solutions or achieving energy efficiency through better-designed ICT infrastructure and networks, Huawei is constantly pushing boundaries, developing solutions that help industries address the growing challenges of climate change and biodiversity loss.

Driving Technology Forward for the Future

Research and development (R&D) are the key to innovative new products, services, and business models, but to deliver genuine value, R&D must be deeply embedded in the organisation’s mission and culture. Huawei’s commitment to innovation and driving digital technology is evident in its consistent commitment to R&D: 54.8% of Huawei’s workforce is engaged in R&D, working on US$132.5 billion worth of R&D investments in the last decade. Today, Huawei possesses one of the largest patent portfolios in the world, with active patents across over 45,000 patent families.

At MWC 2023, Huawei launched its latest innovations:

A new series of smart campus network solutions, built on Wi-Fi 7 and 50G PON technologies.

The first data centre ransomware protection solution, powered by network-storage collaboration.

Huawei Cloud’s KooVerse unified cloud infrastructure and new cloud services, such as LandingZone and GaussDB, to help enterprises of all sizes embrace and leverage the cloud.

“Digital technology is the right place for us to help industries go digital. Huawei will focus on connectivity, computing, cloud, and other digital technologies. We will continue inspiring innovation to drive industry digital transformation.” said Bob Chen, Vice President of Enterprise BG, Huawei, at the summit.

In his keynote speech, Bob Chen outlined how digital technologies have impacted the development of the world’s economy, cultures, societies, and environment.

Huawei

Huawei today is a trusted partner to over 700 cities as well as 267 Fortune 500 companies around the world. Looking to the future, Huawei will continue to build on its strengths in the digital enterprise segment, grow with customers and partners, and lead innovation in digital infrastructure.

Learn more about Huawei’s latest innovations and how the company creates new value together with global partners here.

Digital Transformation

It’s time to get back to the basics of productivity. The IT pendulum is swinging back toward operational excellence as companies must now recover from a whirlwind of digital transformation investments made over the past three years. Today, CIOs need to operationalize new technologies and online business models. But with IT teams already overexerted, how can companies champion this new workload?

Expedited innovation has brought IT productivity concerns to the forefront:

Technology adoption has accelerated, leaving IT with more tools, services, and providers to manage.The cloud and network edge have expanded, forcing IT to accept broader responsibilities across distributed IT environments that make visibility difficult and control more time-consuming. Engineers are known to spend 50% of their time monitoring and troubleshooting the network.Today’s cybersecurity strategies require IT teams to make significant changes, updating systems and processes in response to new security frameworks. Staffing challenges slow operations with hiring, training, and learning curves. About 1 million people work in cybersecurity in the U.S., but there are nearly 600,000 unfilled positions.Fluctuating business needs and evolving security threats consistently keep teams in response mode, distracting them from continuous improvement.

When innovation multiplies functional tasks, it’s even more important to step up productivity. Here are the secret ingredients for keeping IT simple and speedy, so the business can perform faster, recognizing more value from newly adopted technologies.

Secrets to IT productivity: gathering momentum in teams, talents, and tasks

Operational vigor is necessary to ensure expedited innovation is working the way it should. At the heart of logistics are people and process management. Accelerating operations starts with assessing the three “Ts” of productivity: Teams, Talents, and Tasks.

Teams: Is the IT team and their priorities aligned to the business outcomes, and can the team see or understand how their joint contribution is driving corporate strategy? When IT is an ecosystem converging the network and security with every department and major initiative, is the team connected to each relevant business unit in ways that help it co-innovate and co-orchestrate success?

Management shapes team culture, and when teams feel connected to their work, their leaders, and each other, companies grow faster and more efficiently gaining 7.4% more revenue growth.

Talents: How are you making sure people have the right skills to operate at maximum capacity? Do you know what unlocks each person’s potential, and are you tailoring resources to their specific needs? When management styles and remote work policies impact the amount of energy employees can bring from their personal lives into the workplace, is your approach enhancing individual contributions?

Leaders focused on meeting the individual needs of their people are 1.2x more likely than their peers to achieve hypergrowth of 10% or more.  

Tasks: Has the IT team benchmarked the amount of time required to perform critical tasks? Are processes standardized and documented for repeatability and scalability? Are projects prioritized across the business units to produce timely results when and where they’re needed now? When priorities are always shifting, does your change management streamline communication and responsive action? Do you both think and act using agile best practices? Are projects and tasks visible? How have you explored new ways of working, reinventing processes to make things go faster?

Overconfidence slows performance

In poising IT for expansion, task management must be honed as a continuous process. Focusing on the three “Ts” of productivity can build capacity, but be careful not to get overconfident. Leaders tend to overestimate how connected teams are, how satisfied employees are, and how streamlined processes are, which explains why reassessment is necessary. Most importantly, don’t be afraid to shed legacy mindsets, inviting creative ideas and experimentation that foster an adaptive and resilient workforce.

Secrets to IT productivity: handling more of everything

Today there is vastly more for IT teams to manage: more technologies, more services, more providers, and more distributed environments—and all with more changes. It’s a bit like trying to manage the world’s oceans at once, keeping tabs on all the schools of fish.

So, the question at the center of productivity becomes: “How can we automate the management of it all?”

Sure, there are hundreds of service providers willing to work for you (and we’ll get to that later), but how do you really arrive at automated management? To get there, it helps to break down each functional area, defining what (and who) must be managed:

Network Management: Network connections – each with their services and providersSecurity Management: Security capabilities and applications – each with their services and providersCloud Management: Infrastructure and applications – each with their services and providersEndpoint Management: Mobile devices – each with their services, providers, and applications in use

Getting started: an approach to automated management

An automated approach to management starts with a computer-driven system collecting information across all the assets in all the oceans listed above. Next, it applies artificial intelligence (AI) and advanced analytics and leverages robotic process automation (RPA) as well as integration to accelerate management in three primary areas:

Vendor Management: API integration establishes an inventory of all current assets, creating an accurate catalog of services, providers, and users. Now, an automated system can be created to apply due diligence to the processes of vendor tracking, contract negotiations, anticipated upgrades, as this helps with economies of scale and efficiencies of scale.Service & Device Management: Advanced analytics recognize redundant, unused, or underutilized services and mobile devices. Now, an automated process can dissolve, consolidate, and reallocate assets to get more value out of existing investments. Likewise, you can automate service order approvals, device procurement, and service implementations.Billing Management: API integration collects all service invoices, making it easy to automate workflows to validate and pay invoices. Removing manual tasks also makes accounting and cost allocation more accurate. 

Productivity isn’t the only advantage. Automation helps with everything from IT budget forecasting to business continuity—when outages are avoided because services get paid on time.

But AI automation can also be used more broadly.

Secrets to IT productivity: gaining speed from AI-Powered automation

Competitive advantage today is defined by speed, and swift action is driven by digitized processes, advanced analytics, and hyper-automation built into the core of the IT organization.

Digitization makes the architectural building blocks of IT more nimble and responsive. By moving to the cloud and by switching from hardware to software, the network infrastructure establishes a foundation for acceleration. Modular architectures are virtual, allowing for extreme flexibility. This transition also makes data easy to access, which is fundamental in using advanced analytics.

When machine learning, behavioral analytics, and predictive analytics can observe the entire IT environment, Ieaders can make quick sense of IT complexity for faster, data-driven management. The key is to apply analytics holistically, breaking down data silos with a centralized platform serving as a single source of truth. This allows for overarching insights across the network, security, cloud, and endpoints.

Hyper-automation powers self-healing, autonomous IT systems

Advances in AI-powered automation are helping IT systems “heal themselves.” Using closed-loop automation, an AI engine can identify problems inside complex IT environments. Moreover, it can recommend repairs or solutions and then act on those recommendations itself —that is, once the administrator hits the approve button. Self-healing capabilities help leaders build reusable tools to automate manual, mundane, and highly repetitive IT tasks, and it has proven success, particularly in the areas of:

Security, reducing the amount of time and effort needed to identify and mitigate threats.Network performance optimization, predicting outages, and preventing connectivity issues. Gartner states, “automating 70% of network change activities will reduce the number of outages by at least 50% and deliver services to business constituents 50% faster.”IT asset management and service administration, diminishing the time it takes to responsibly manage sprawling tools and providers. One study shows companies see a 52% productivity boost from mobile device management automation and outsourced services.

When IT leaders invest in self-healing IT systems, they are making advances toward the fully autonomous IT environments of the future.

Balancing outsourcing with insourcing and knowing when to automate vs. outsource

Automation is an advanced field, and companies don’t always have the internal skillsets to go at it alone. Services and solutions like AI for IT Operations (AIOps) and IT Expense Management (ITEM) can help, but knowing where to draw the line between outsourcing and the work of your internal team is another critical decision point in maximizing productivity. Outsource too much, and you lose control. Insource too much and you will never get to the more meaningful work of driving innovation for the business.

Those who strike the right balance have an intimate understanding of:

The talents on their team, the cost or value of the work being performed, as well as when and where the day-to-day grind is pulling the internal team away from innovation.When to use automation versus outsourcing. Automation technologies are transformative and can have a meaningful impact on reducing costs and time. While outsourcing services can also free up time, it provides peace of mind during times of volatile change and uncertainty. Outsourcing is optimal for enabling talent scalability – automation is not.

In planning an automation partnership, there are ways to find a good middle ground. You can start a project entrenched with a partner, leaning on professional services to audit and more fully examine your IT environment, accelerating your end-to-end processes. This way, you start with a fully customized service before moving into maintenance mode.

Operationalizing innovation to deliver on the promise of digital transformation

Productivity is the secret to success in digital innovation, and while there is an abundance of advice on leadership strategies and techniques for using AI inside the IT infrastructure, there is far less guidance in helping IT teams solve the daily grind issue—handling the explosion of assets and services after expedited innovation. In order to improve performance, you have to also tackle productivity at the source–at the vendor management level.

To learn more about IT expense and asset management services, visit us here.  

Digital Transformation

While mobile devices are the symbol of business continuity, they are also the mark of easy prey for cybercriminals. In fact, 75% of companies experienced a “major” mobile-related security compromise in 2022. And that risk brings high costs with it. When remote workers are the root cause of a data breach, mitigation costs rise 20% hiking the price tag up from $4 million to $5 million.

And it’s not just cybercriminals profiting from loopholes in corporate mobile security.

Regulations like GDPR and SOC2, as well as government agencies themselves, have all taken aim at mobile vulnerabilities. In October, the federal Securities and Exchange Commission fined 16 financial firms $1.8 billion after they failed to prevent employees from communicating with clients via their personal devices.

With the proliferation of personal devices used for work, most executives are bracing for impact and recognizing that it’s time to strengthen endpoint security. Whether you are working to avoid federal agents or rising ransomware attacks, here are the best practices for improving the security posture of your corporate mobile fleet.

Remove blind spots to strengthen mobile security 

Widening protections for the entire fleet starts with understanding your devices and where their vulnerabilities hide, as uncovering security blind spots is half the success equation.

Companies are highly reliant on their mobile devices and yet many manage hundreds or thousands of them using poor recordkeeping practices. Comprehensive security starts with a registry that defines what the fleet has, what state it is currently in, and what applications, access methodologies, and services it uses. Devices can include laptops, phones, iPads, watches, scanners, sensors, and a variety of wireless tools.

Gaining visibility is the first step in identifying and managing every device into a known state. Network analytics, usage audits, Shadow IT discovery tools, and IT expense management platforms can be helpful in establishing a working inventory that can be expanded with detailed information about ownership, operating systems, users, their associated applications as well as the security risk of each application in use. A centralized system also helps with overarching insights to prioritize security efforts. For example, you may want to start with high-volume devices or those that use applications bringing the highest security risk.

Consider your mobile strategy and its impact on security

With an accurate assessment of company-owned and employee-owned devices, now is a good time to evaluate how your mobile strategy and device ownership policy uphold security. More devices expand the attack surface for bad actors, and the lack of standardization can make security complex with a broader range of operating systems, device types, applications, and other hardware-based risks for IT teams to manage.

One Vanson Bourne study showed 81% of companies are shifting their corporate policies due to challenges in security and management. At companies with a Bring-Your-Own-Device (BYOD) policy, 65% of devices accessing corporate information are personally owned. This reveals the intertwined relationship between employee devices and the information companies must protect. While today’s dominant approach is to use a BYOD approach with mobile phones and corporate ownership for laptops, tides are shifting as companies better balance security requirements with the convenience of employee devices.

Best practices: configure and secure devices into a known state

Building a foundation for mobile security should start with leading security frameworks, such as the Cybersecurity and Infrastructures Security Agency’s (CISA) Zero Trust Model for Enterprise Mobility, which includes mobile security techniques as well as tips for using the built-in security features of mobile operating systems. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is also helpful in process design.

The act of securing devices requires applying technologies to exert visibility and control over the entire fleet. This way companies can examine the operating system versions, configurations, and firmware, identifying any loopholes or security threats. Moreover, these tools can ensure applications comply with enterprise security standards, detect when system changes have been made, and empower IT teams to take swift action regarding threat investigation and mitigation. Unified endpoint management solutions (also known as mobile device management solutions) package these security tools and services together for ease of implementation and ongoing management.

Particular attention should be paid to:

Cloud-based security compatible across a range of devices, allowing for the widest applicability and the broadest standardization of security across the entire fleet.System updates and patches with real-time, granular insight into device compliance across the operating system, web browsers, and applications in use.Multi-factor and password-less authentication, as compromised passwords are a key cause in mobile device data breaches.Multi-layer security addressing the core, hardware, firmware, and applications.Zero trust network access capabilities on a continuous basis, reducing the attack surface through an identity-based approach to security and access management .Physical separation —whether its network segmentation applied to mobile and IoT devices, secure containerization separating personal information, or data isolation blocking unauthorized communications, separation makes sensitive information more difficult to access.Location tracking and remote controls allow IT teams to digitally control functions from afar, including finding, locking, and unlocking devices, pushing content and applications, and wiping functionality either individually or entirely.Automation and analytics make it faster and easier to manage mobile security.Machine learning and behavioral analytics are best for monitoring threats and accelerating the time to identify malware, ransomware, and zero-day attacks.Process automation eliminates repetitive, manual tasks necessary in maintaining inventories, preparing devices for employee use, and reducing IT intervention when remediation or quarantine actions are needed to bring the fleet into compliance.Dashboards should summarize the active risk exposure including vulnerabilities associated with each endpoint, and automation should prioritize response and remediation based on the likelihood of a breach  .

Often companies have too many devices to secure and too few resources to do the job effectively. That leaves security unchecked at critical moments in the lifecycle of a device, such as during preparation stages, threat mitigation procedures, and employee on- and off-boarding. At these junctures, each device must be protected comprehensively, outfitted with the company’s unique security applications, updated with the latest patches, and enabled with encryption, firewalls, anti-virus, and built-in security features—all before devices are put back into the hands of users.

This explains why many IT teams need to add the support of asset management services to their mobile security software purchase. When IT resources are already overstretched, service providers can handle inventories, orders, service providers, invoices, mobile help desk support, configurations, repairs, and decommissioning and reassignments.

Holistic endpoint security practices

Advanced security capabilities alongside dedication and discipline are necessary in order to configure devices into a compliant state and maintaining that known state is essential as both the business and the threat landscape perpetually evolve.

Mobile security pressures will continue to rise in parallel with more cybersecurity attacks, changing compliance requirements, and more devices to manage. Companies that can make and keep a concentrated effort on mobile security will rise above these challenges by exposing any blind spots inside their fleet, operationalizing a data-driven mobile strategy, and making proactive and ongoing security protections an integrated element of their mobile-first business.

To learn more about mobility management services, visit us here.

Cloud Security