- CIOsurge
- Posts
- đź’ˇ CIOs driving cloud and data transformation for business growth
đź’ˇ CIOs driving cloud and data transformation for business growth
NTLM Exploits Addressed, CIO-Led Cloud Transformations, New Appointments in IT Leadership
Zack Tembi
November 19, 2024
Powered by Single Fin
Welcome to this week’s edition of CIOsurge!
Get ready for a fresh dive into the latest trends, insights, and strategies shaping the future of IT leadership.
Let’s make this week a game-changer.
Stay sharp. Stay ahead.
đź’ˇ CIOs driving cloud and data transformation for business growth
CIOs are increasingly key to digital transformation, focusing on cloud migration and data analytics to drive ROI. Companies like Vibram and Emmelibri are leveraging cloud-based tools, AI, and data services to improve B2C and B2B operations. Metrics are also shifting; CIOs now use KPIs that tie IT initiatives to business outcomes, fostering deeper alignment between IT and core business goals.
As IT leaders, our role has expanded beyond just managing infrastructure—we're now strategic drivers of business growth. The stories in this edition showcase how cloud migration, data analytics, and AI integration are not just IT initiatives but essential components of business success. By aligning IT outcomes directly with business KPIs, we can demonstrate clear value to the board and drive more impactful transformation across our organizations.
For us as CIOs, this shift represents both an opportunity and a challenge. We're not just building systems; we're building value. It's about using the right technologies to not only support but propel core business activities, making our contribution measurable in terms of revenue, customer engagement, and efficiency. - Zack Tembi
🛠️ Microsoft patches NTLM and Task Scheduler vulnerabilities
Microsoft's November Patch Tuesday update addressed 90 vulnerabilities, including two actively exploited flaws in NTLM (CVE-2024-43451) and Task Scheduler (CVE-2024-49039). Other notable fixes include a critical .NET RCE bug (CVE-2024-43498) and a Kerberos cryptographic flaw (CVE-2024-43639). CISA added the actively exploited vulnerabilities to its KEV catalog, highlighting the urgency for updates.
With the rise of active exploitation targeting vulnerabilities like those in NTLM and Task Scheduler, it’s crucial for us as IT leaders to stay vigilant. These flaws, especially ones involving privilege escalation, pose significant risks that could allow attackers to move laterally within our environments. The November updates highlight the critical need to patch these vulnerabilities immediately to maintain our security posture.
Our role as IT professionals is to ensure our systems are resilient against emerging threats. This month's Patch Tuesday serves as a reminder: keeping our infrastructure updated is not optional, it's a necessity. With attackers increasingly targeting zero-days and public PoC exploits, staying ahead means prioritizing these patches to safeguard our systems and data. - Zack Tembi
đź’¬ Zack's Take
The Real Cloud Security Threat: Your Own Team
When it comes to cloud security, the biggest risk isn’t hackers—it’s your own employees. Whether intentional or not, internal access to sensitive data can lead to serious security breaches.
The value of a company lies in its IP, applications, and critical data, and the people who can access these are the ones who can do the most harm if things go wrong. That's why training, proper cybersecurity awareness, and well-set access controls are crucial.
Transparency is key: work with business stakeholders to set up data access the right way, and make sure employees know the rules. And don’t forget to get outside experts to poke holes in your defenses. Internal checks are great, but having an unbiased perspective can really help.
🗞️ At A Glance
đź’ˇ CIO Spotlights
Flagstar Bank names Christopher Higgins as CIO
Christopher Higgins has been appointed Chief Information Officer at Flagstar Bank, effective immediately.
Higgins brings nearly 40 years of banking and tech leadership, with experience in system transformations and data solutions.
He will lead Flagstar's technology innovation, reporting directly to CEO Joseph Otting, and focus on enhancing client and employee experiences.
Nick Harness appointed CIO of Fringe Benefit Group
Nick Harness joins Fringe Benefit Group (FBG) as CIO, bringing extensive experience from roles at JPMorgan Chase, Morgan Stanley, and Kestra Holdings.
At FBG, Harness will focus on enhancing platform features, optimizing user experience, and delivering data-driven insights.
Harness aims to accelerate technology development to help customers easily access and understand their benefits.