Latest news with #NYSTEC
Business Journals
01-07-2025
- Business Journals
NYSTEC's cybersecurity professionals guide risk mitigation in a digital world
Many organizations today have at least a basic understanding of what constitutes a functional security program. Patching, multifactor authentication (MFA), encryption, vulnerability management and incident response – among other things – can all help reduce cyber-related organizational risk. NYSTEC recommends adopting a controls-based approach, such as National Institute for Standards and Technology (NIST) Special Publication (NIST SP800-53), which provides a measurable control reference to evaluate organizational security and privacy maturity and risks. Application programing interfaces (APIs) Application programming interfaces, or APIs, are software interfaces that allow computers and computer programs to talk to each other across networks, such as the internet. They are extremely flexible and open a world of possibilities for extracting and sharing data within and across organizations. However, with that flexibility comes risk to data security and privacy. The use of APIs is exploding and is growing at a rate of 30% year over year, according to Gartner, because organizations now increasingly rely on cloud-based services to use data. Cloud-based applications require a way for other applications – and users – to access data, and APIs are the answer. Unfortunately, APIs also provide a larger attack surface than ever before. In many cases, APIs on the internet are just waiting for something to connect to them. When the incoming connection is from a known source, all is well; but unknown connections can be dangerous. Bad actors continuously scour the internet looking for open APIs, attempting to glean any information they can about the target. They then use this information to attack the API. Defending against API attacks requires multiple lines of defense. Complex passwords, MFA and the principle of least privilege (which dictates that any user, program or system should only have the minimum level of access necessary) can all help. Individually, they provide a basic level of protection but when used together, they can significantly lower the risk related to using APIs. Since the proliferation of APIs is relatively recent, the mature standards that are used in other security areas don't exist. But the NYSTEC team has developed mature security standards and guidance documentation to help organizations assess the potential risk associated with using APIs in their environments, so they can take full advantage of these flexible tools. expand Security testing Sophisticated threat actors are constantly evolving their attacks, and without a structured approach for identifying system vulnerabilities, organizations remain dangerously exposed. Security testing serves as an early warning system, revealing exploitable flaws before malicious actors do. This proactive approach enables leaders to allocate resources more effectively, address weaknesses before they escalate into incidents and ultimately preserve business continuity. Security testing employs a variety of methods, each designed to evaluate different aspects of an organization's infrastructure and risk exposure. Vulnerability assessments provide a broad inventory of known weaknesses across systems and networks, while penetration testing simulates real-world attacks to evaluate how well defenses hold up under pressure. Other methods, like red team exercises (which simulate real-world cyberattacks to expose vulnerabilities in an organization's security defenses), and static and dynamic application security testing (SAST and DAST), play complementary roles in building a resilient cybersecurity program, enabling organizations to gain a holistic view of their defensive posture. Regulatory bodies and industry standards increasingly mandate rigorous testing as part of a sound cybersecurity program. Frameworks like NIST SP800-53, Payment Card Industry Data Security Standard (PCI-DSS) and the New York State Department of Financial Services (DFS) Cybersecurity Regulation require organizations to conduct ongoing risk assessments and technical evaluations. Beyond legal compliance, these measures reassure investors, clients and partners that an organization takes its security responsibilities seriously. In a business environment where trust is currency, demonstrating control efficacy through testing not only mitigates legal risk. It enhances reputation and competitive standing. Security testing also serves a critical function in verifying that technical safeguards are working as intended. Firewalls, access controls, encryption protocols and endpoint protections must be stress-tested under realistic conditions to confirm they are actively defending the environment. When testing reveals a control is misconfigured or ineffective, it provides actionable intelligence to IT and executive teams alike. There are many elements that make up a fully mature security and privacy program, and NYSTEC's team of experts has decades of experience in helping our clients mitigate the risks faced by organizations in our increasingly interconnected digital world. Ensure the security of your environment by contacting nystec@
Business Journals
01-07-2025
- Business
- Business Journals
Driving success through change: How effective change management fuels growth, resilience and competitive advantage
Organizational changes can be stressful when they affect employees, clients, customers and finances. Since COVID-19, for example, many companies have been impacted by multiple changes. Businesses had to be nimble, operations had to be innovative, restructuring occurred, and the economy was ever-changing. So it's crazy to think the World Uncertainty Index indicates a higher level of uncertainty in the global economy now than in 2020. Getting ahead of a large organizational change by implementing organizational change management (OCM) best practices can save time, money and frustration. NYSTEC offers expertise in change management and can help with this process. expand What's OCM? Change managers work in partnership with project teams, focusing on how an initiative will impact stakeholders (employees/customers), how stakeholders may influence your project and how engaging with them early and often could result in success. OCM principles can be applied to any type of change, including system modernizations, policy/program roll outs and culture shifts, though hopefully not all at once. Why invest in OCM? Does the world feel like it's spinning faster? It isn't just you. Research done by Kotter International Inc. indicates that the pace and rate of change and communication both continue to increase rapidly. You probably recognize this in your organization, with multiple changes happening simultaneously, and it can be a lot for people to absorb. That's why investing in OCM when you initiate a change is valuable. The change manager is a stakeholder advocate on your team; they will help to support your project goals by identifying and remediating stakeholder impacts while there is still time to do so. Involving stakeholders early and investing in OCM saves money and time thanks to faster adoption, better product or system design, and less stakeholder pushback. Integrating change managers into your project team provides them with access to develop an OCM approach to reach stakeholders with the right information at the right time. Too soon and there's a false sense of urgency; too late and there's no time to prepare. Establishing buy-in in your community takes time and is best done in phases. Harness the enthusiasm of your innovators to inspire your early adopters who will, in turn, give confidence to the early majority. You may recognize Roger's Law of Diffusion, which is a reminder that even with OCM, you will not persuade everybody. Who's involved in OCM? NYSTEC offers OCM services that include best practices for leaders, managers and stakeholders on how to handle change initiatives. We also help to answer the question, 'What's my OCM role?' Leadership Prioritize initiatives. Your stakeholders can only manage so much change at once. Be vocal and visible. Clearly articulate how the initiative aligns with your organization's mission and future and don't forget to tell your stakeholders how they fit into that future. Be transparent and authentic. Maybe you can't share all the details, but authenticity and transparency are more effective in building trust than a meticulously scripted announcement. If you don't tell the story, someone will create their own. Trust is a two-way street and so is communication. Let your stakeholders in and use your OCM team to create feedback loops. Your stakeholders have ideas – sometimes the best ideas. Be active during change but accept help and invest in an OCM team. They will help you minimize future challenges. Change managers Find ways to reduce the negative effects of the change on stakeholders. Establish their involvement to promote a positive experience and successful outcome. Increase awareness, foster widespread buy-in and build necessary capabilities. Enable leadership and project team agility by monitoring stakeholder engagement and sentiment. Enthusiasm can burn bright, but it can also burn out. Pivoting is expected. Identify a change network of people who can positively affect adoption of the initiative. People who resist often care deeply about outcomes and can provide invaluable feedback and once included, they can become the strongest advocates. Be creative to balance the needs of the project team, leadership and stakeholders. Stakeholders Participate in feedback sessions, surveys, testing and the change network. Stay aware; read emails, newsletters and social media posts. Talk to your colleagues, and make sure other people know what's happening. Build your capabilities, attend training and ask questions. Advocate for yourself, provide feedback and think critically about the change, but keep an open mind. Imagine your role in the future-state. Even with OCM, change will generate anxiety, but if it's done well, you'll increase your likelihood of success and hopefully generate some excitement. Learn more about NYSTEC and how we can help your organization effectively manage change to fuel growth, resilience and a competitive advantage.
