Page 64 - CMA Journal (May-June 2025)
P. 64
Focus Section
Safeguarding Your Digital Assets verification. Trigger step-up authentication if there
are anomalies like unusual typing rhythm, scroll
While the technological aspect enhances the speed, access to critical systems at odd hours, etc.
sophistication and innovation of these increasingly
complex attacks—which have a significant impact—the • Deceptive Technology – Deploy honeypots (fake
fundamental safeguards against them remain assets) to deceive attackers and trigger alerts when
unchanged. Users must adhere to these practices to they interact with them.
avoid unpleasant experiences that could compromise
• Privileged Access Management (PAM) –
their identity, personal data, or lead to financial losses.
Implement PAM to control, monitor, and secure
• Data Backups – Regularly back up your data both access to highly critical systems and accounts.
online and offline. Utilize available auto-backup options
or trustworthy third-party utilities to ensure backups • Encrypted Traffic Analysis & Homomorphic
aren’t missed. Frequently practice restoring these Encryption – Detect malicious activity in encrypted
backups so you're familiar with the necessary steps. traffic and process data without decrypting it to
preserve privacy.
• Strong Passwords and MFA – Use a lengthy,
complex, and difficult-to-guess combination of • Q-Day – With emerging technology, we are not far
mixed-case letters, numbers, and special characters from the anticipated quantum apocalypse. A day
as your password. Change it at least every two predicted in 2030 by the National Institute of
months, avoid reusing passwords across platforms, Standards and Technology (NIST), when a quantum
and use a password manager to generate and store
computer could break current encryption
them. Wherever possible, enable and use
Multi-Factor Authentication (MFA). algorithms, thereby compromising critical data,
systems, and infrastructures. Organizations
• Antivirus and Firewall – Use these to protect worldwide are researching and preparing for a
yourself from malware, prevent unauthorized system transition to quantum-safe environments.
access, and control network traffic. Most importantly,
never skip updates for your operating system, Future of Cybersecurity
applications, and security software.
Even with all of this, the coming times will reveal a
• Network Security – Secure your Wi-Fi with a strong shocking progression as AI-powered defense systems
password and avoid using public Wi-Fi networks. confront AI-powered threats. There will be a paradigm
shift in the cybersecurity landscape, with AI-backed
• Phishing Awareness – Be cautious with suspicious
emails, attachments, and links. Only proceed after deepfake social engineering, bypassing biometric
authentication, impersonations, social media analysis to
verifying that the source is legitimate. No authentic
time attacks, poisoning machine learning models,
communication will ever ask for your password, OTP,
PIN, or MFA code. polymorphic malware, algorithmic swarming, LLMs
generating custom exploits, fake videos, invoices,
When it comes to organizations, they must go beyond receipts, reports—every possibility imaginable.
basic measures to ensure protection of critical assets and
readiness to counter incidents. A few actions that can be To survive, this era will demand more than tools—it will
taken—alongside regular security audits, dark web require a reshaping of security strategies and adaptation
monitoring for leaked credentials, awareness sessions, to new technologies. Organizations that embrace this
cyberattack drills, and incident preparedness—include: shift, find the right balance between human and artificial
intelligence, and transition accordingly will thrive. Those
• Zero Trust Policy – Always verify, assuming that
breaches can come from both external and internal that fail will stand defenseless against threats powerful
sources. enough to bring them down in a matter of minutes.
Patch installed – the vulnerability landscape proliferates
• Micro-Segmentation – Divide the network and
environments into granular security zones to restrict
About the Author: The author is a certified PMP®, CSM®, AWS®, and
attacker movement and reduce the blast radius in MPM professional with over 13 years of experience in technology
case of a breach. leadership and project management. He currently serves as
Assistant Vice President and Head of Business Applications at Al
• Least Privilege Access – Provide only Just-In-Time
Meezan Investments, where he leads strategic digital
(JIT) and Just-Enough-Access (JEA) to users. transformation initiatives, modernizes core systems, and aligns
technology with business objectives across fintech, AI, cybersecurity,
• Behavioral Biometrics – Monitor how users interact and related sectors.
with systems for continuous background identity
62 ICMA’s Chartered Management Accountant, May-June 2025
