CIO CIO

In this issue: Cloud computing is highly established, and IT’s view has shifted from understanding the concept to making the best use of it to solve both technology and business challenges. The time is ripe to step back and revisit your thinking about the cloud. source

New FBI Data Reveals Organizations Need Deeper Technical Expertise to Detect, Contain, and Remediate Advanced Attacks INE Security, a global leader in cybersecurity training and certification, is emphasizing the urgent need for technical cybersecurity professionals who can detect, analyze, and neutralize threats once they’ve bypassed initial defenses. The FBI’s latest Internet Crime Complaint Center (IC3) Annual Report reveals a stark reality: cybercriminals extracted a record $16.6 billion from victims in 2024, representing a 33% increase over the previous year. While these losses include both individual and organizational victims, the enterprise-focused attacks highlighted in the report underscore a critical skills gap. The Technical Challenge Behind the Numbers While the FBI report captures the financial damage, the underlying technical reality is more complex: Ransomware Evolution: The 18% surge in critical infrastructure attacks, led by sophisticated variants like Akira, LockBit, and RansomHub, demonstrates that modern ransomware operators are using advanced techniques, including lateral movement, privilege escalation, and data exfiltration that require specialized detection and response skills. Post-Compromise Detection: The $2.77 billion in Business Email Compromise losses, which primarily target organizations, represent successful attacks that evaded initial security controls. Organizations need security professionals trained in forensic analysis, network traffic analysis, and incident response to identify and contain these threats after they’ve gained initial access. Cryptocurrency Attack Complexity: The 66% spike in cryptocurrency fraud ($9.3 billion total) includes attacks on both individual and organizational victims, but reflects increasingly sophisticated blockchain analysis requirements and the need for security teams trained in cryptocurrency forensics and threat hunting methodologies. INE Security’s Technical Training Response “While the FBI report captures losses across all victim types, the enterprise-focused attacks demonstrate that organizations face increasingly sophisticated threats that require advanced defensive capabilities,” said Dara Warn, CEO of INE Security. “Organizations need security professionals with hands-on technical skills to hunt threats, analyze malware, and respond to incidents with deep technical expertise.” INE Security’s enterprise training programs address the post-breach reality through: Advanced Threat Detection Labs: Hands-on training with current CVEs and attack techniques, enabling security teams to recognize and analyze the specific TTPs (Tactics, Techniques, and Procedures) used by ransomware groups and advanced persistent threats. Incident Response and Forensics Training: Practical skills in malware analysis, memory forensics, and network traffic analysis that enable rapid threat identification and containment once attackers have gained access. Threat Hunting Methodologies: Proactive detection techniques that help security teams identify compromise indicators before attacks reach their intended objectives. Industry-Specific Attack Simulation: Customized training environments that replicate the specific threats facing manufacturing, healthcare, government, and financial sectors—the industries most heavily targeted according to the FBI data. The Skills Gap Reality The FBI report’s emphasis on successful Operation Level Up, which saved victims $285.6 million through proactive identification, underscores the value of skilled security professionals who can proactively hunt threats and analyze complex attack patterns. “The difference between a $10,000 security incident and a $10 million breach often comes down to detection speed and response capability,” emphasized Warn. “Organizations with certified security professionals trained in advanced technical skills detect threats in hours rather than months.” Enterprise Training That Addresses Real Threats INE Security’s enterprise programs are designed around the technical realities revealed in the FBI report: Malware Analysis Training: Hands-on experience with current ransomware families and attack techniques Network Security Monitoring: Advanced skills in detecting lateral movement and data exfiltration Cryptocurrency Forensics: Specialized training in blockchain analysis and cryptocurrency threat hunting Custom Threat Simulation: Industry-specific attack scenarios based on actual threat intelligence For organizations looking to build the technical security capabilities needed to combat the sophisticated threats highlighted in the FBI IC3 report, INE Security offers customized enterprise training solutions. Organizations can request a demo to explore how advanced security training may enhance their detection and response capabilities. About INE Security INE Security is the premier provider of online networking and cybersecurity training and cybersecurity certifications. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is trusted by Fortune 500 companies worldwide for their cybersecurity training needs, and by IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity education and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career. Contact Kathryn Brown INE Security [email protected] source

“Many countries are getting extremely strict with data privacy and data residency regulations. Heavy reliance on US based infrastructure providers such as Google, AWS, and Microsoft has been a big issue for companies from China and the Middle East. Having Alibaba Cloud as an option is great to address these regions’ sovereignty requirements,” Lopez said, noting that Chinese enterprises also have access to another local SAP-certified option for ERP applications, from Huawei Cloud. Bob Parker, senior vice president of research at IDC, views the partnership as providing leverage to enterprises in the China region in choosing their infrastructure provider, as they are getting additional choices. “Many of these enterprises may already have consumption commitments with Alibaba relative to other, non-ERP workloads so it will give them the opportunity to deprecate those commitments,” Parker added. source

The majority of the packs are now redundant, though, said SAP’s SVP of ERP Product Marketing Maura Hameroff. “With our [S/4HANA] release of 2023, we delivered all of the scenarios. … We removed all of the technical blockers that were slowing customers down,” she said. With those blocks removed, SAP made it clear in a 2022 blog post updated in February 2025 that both the right to use Compatibility Packs, and all support for them, will expire at the same time, regardless of the S/4HANA’s system’s maintenance status. “Compatibility Scope use rights expire automatically December 31, 2025, for all SAP S/4HANA versions independent from their release date,” it said. “So irrespective of the SAP S/4HANA version, customers no longer have a contractual rightto use Compatibility Scope functionality after that point in time even if the affected SAP S/4HANA system release is still in mainstream maintenance. Furthermore, support stops for Compatibility Scope items with the expiration of the usage rights.” source

CIOs say they recognize the continuing need to be flawless at the IT fundamentals in order to move their organizations into the future. 8. IT modernization All that work on the fundamentals doesn’t mean CIOs accept the status quo; in fact, IT leaders are eager to remake their tech stacks with modern capabilities and are making it a major part of their work schedule. For Joshua Bellendir, SVP of IT and CIO at WHSmith North America, that means “retiring old legacy systems that are slowing us down, introducing modern solutions, and building foundational data and system layers. Everything we do — modernizing, cloud-first — will support our data initiative and will give us the data we want for AI and allow us to scale and the business to grow.” Accenture’s Patel says demand for scalable, regionally adaptive IT cores, regulatory pressures, and data sovereignty drive much of today’s modernization efforts. CIOs are moving to modular, cloud-first architectures tailored to regional needs as well as an “asset-right” strategy balancing cloud and owned infrastructure, he adds. Modernization, however, is not an easy task, Patel says, as fragmented legacy estates, vendor lock-in, and limited cloud-readiness of core business applications create significant challenges. 9. Reimagining IT for the future Bellendir isn’t just modernizing WHSmith North America’s IT infrastructure; he’s future-proofing it by, for example, moving to microservices and other approaches and technologies that will better support business goals — such as enhanced CX — in the upcoming years. “We’re building a foundation for the future, so we can do whatever we want to do; that’s key to my strategy at present,” he says. “From an IT project and systems perspective, future-built is really specific to our specific business, where we are going and what we are planning to do.” He adds: “I think we’re well positioned with the investments we’ve made at this point.” Patel agrees with the need for future-proofing and “reinventing the tech-operating model.” “Traditional IT structures can’t support the pace of change,” he says. “We’re seeing a pivot toward AI-first operating models — leaner teams, flattened hierarchies, and a human-plus-machine approach to delivery. CIOs are becoming architects of organizational agility.” source

If data is the new oil, too many CIOs are still stuck building barrels instead of businesses. Despite steady investment in data platforms and governance, many organizations still struggle to extract lasting value from their data. According to Barb Wixom, principal research scientist at MIT Sloan’s Center for Information Systems Research (CISR) and co-author of Data Is Everybody’s Business, the answer isn’t more tools or talent. It’s a mindset shift: treating data as a product, the way information businesses do.  Wixom traces the roots of her recent research brief back more than 25 years, to her time teaching in the University of Virginia’s MS program in the Management of IT. “Several students, leaders from data-savvy companies, kept pressing for real-world practices they could model,” she recalls. “They wanted examples they could put into action, but often came up short looking at traditional industries.” Her advice was simple and catalytic: “Study organizations whose entire business runs on data. Watch what they do, and you’ll see the future.” That challenge sparked decades of investigation into how information businesses master data, and what every other enterprise can learn from them.  The case for managing data like a product  In information businesses like comScore or LexisNexis, data isn’t just an input, it is the product. These companies succeed by creating reusable, scalable data assets, building solutions around them and monetizing the duo. “[In information businesses] you’ve always had owners for both the data asset and the solution,” Wixom explains. “They’re core strategic resources; these companies treat them as such.”  source

ITIL Strategist – Direct, Plan, and Improve ITIL Leader – Digital and IT Strategy For an in-depth look at ITIL certification, see ITIL certification guide: Costs, requirements, levels, and paths. How does ITIL help business? A well-run IT organization that manages risk and keeps the infrastructure humming not only saves money but also enables everyone in the organization to do their jobs more effectively. For example, brokerage firm Pershing reduced its incident response time by 50% in the first year after restructuring its service desk according to ITIL guidelines, enabling users with problems to get back to work much quicker. ITIL provides a systematic and professional approach to the management of IT service provision, and offers benefits including reduced costs and improvements to productivity, use of skills and experience, IT services using proven best practices, delivery of third-party services, and customer satisfaction through a more professional approach to service delivery. According to PeopleCert, ITIL can also help businesses improve services by helping businesses manage risk, disruption, and failure; strengthening customer relations by delivering efficient services that meet their needs; establishing cost-effective practices; and building a stable environment that still allows for growth, scale, and change. source

Always renegotiate Renegotiating project timelines and deliverables goes hand in hand with having that early meeting with stakeholders about project enhancements, because taking on significant new enhancements will lengthen project timelines and will contribute to budget overruns. Business managers know this, but they also want to get as much functionality from a project as they can. What they do then is have their staff “trial run” a project and provide feedback like, “This is nice, but I’d really like to see this, too,” or, “No, we can’t use this. We need to also build an interface to system XYZ.” These requests often come when IT is expecting feedback primarily on minor system bugs that need to be resolved, but business users don’t always see it that way. Instead, they view QA as a “systems acceptance” test — i.e., will they accept the project as is, or is it insufficient for their needs? source

The IT help desk is evolving. Once defined by queues of tickets and reactive troubleshooting, support today is being reshaped by automation and artificial intelligence (AI). Intelligent systems now assist with everything from basic troubleshooting to after-hours triage. But for IT teams, the rise of AI in support roles doesn’t just bring more new tools—it also introduces a new operating model. According to the Q1 2025 IT Trends Report from JumpCloud, 37% of IT administrators say they worry AI could take their job. That anxiety reflects a broader uncertainty across the profession: What role will human IT professionals play as intelligent automation becomes a core part of support infrastructure? AI’s place in the modern help desk AI excels at repetitive, rules-based tasks — making it a natural fit for some of the most common IT support functions. Password resets, ticket categorization, basic troubleshooting, and knowledge base lookups are all areas where automation can dramatically reduce time to resolution. This shift enables 24/7 availability and shorter initial response times, helping meet the growing expectations of employees who want support on demand. But although speed and efficiency are key, so is knowing where to draw the line. Users still expect seamless handoffs to a human when issues become complex, sensitive, or unpredictable. Making the hybrid model work The future of IT support lies in blending the strengths of automation and human expertise. AI tools can manage early-stage support and route tickets based on urgency and complexity. Human agents then take over for escalated issues that require empathy, judgment, or deeper technical knowledge. This hybrid approach supports both operational efficiency and user satisfaction — provided it’s implemented with thoughtful design. Organizations must ensure escalation pathways are clear, response data is shared, and AI is continuously evaluated for accuracy and effectiveness. Measuring what matters AI support shouldn’t be measured by automation alone. IT leaders need metrics that reflect overall service quality, including: Time to resolution for common support requests Escalation rates from AI to human Accuracy of AI-generated responses End user satisfaction and feedback Cost efficiencies achieved through automation These indicators help IT teams understand where AI adds the most value — and where human support is still essential. Supporting the team behind the tech As automation becomes more common, IT leaders must also address the human side of transformation. Clear communication and reskilling are essential to help support staff see AI not as a threat but as an opportunity to focus on more strategic and rewarding work. Opportunities for growth include roles in AI operations, user experience optimization, and advanced support problem-solving. With the right investment in people, AI can elevate — not eliminate—the IT support role. AI is changing the way support happens, but it doesn’t replace the need for thoughtful, human-centered service. Organizations that balance automation with empathy, speed with trust, and innovation with transparency will be best positioned to deliver resilient, responsive IT support in the AI era. JumpCloud’s Q1 2025 IT Trends Report reveals how IT teams are adapting to AI across support, infrastructure, and security. Download the full report to see how your peers are navigating this transformation — and what it means for the future of IT.  source

The traditional method of managers saying they’d like to see their staff get some type of technical training and then hoping employees follow through no longer cuts it. “Now, you have to have a plan and provide direction and coaching and support to make sure they get the training the organization needs,” he says. This is being driven by the fact that “AI is going to continue to dominate for the years to come,” Roman says, adding that he is fortunate that he doesn’t have to micromanage his IT staff and can trust them to get the appropriate training to upskill themselves. “I’ve always been a huge proponent of training for tech people, and most people resist going to training because they’re so dedicated to their jobs,” Roman says. “So, the job always comes before training.” But IT people need to invest in themselves. “The work will be there when you get back,” he says, while admitting it helps when the company sees the value of upskilling. “It provides you with career security and it provides your company with value.” Rohan Sharma, chief product and technology officer at Zenolabs.ai, a global clinical trial startup, agrees: “Upskilling without career paths leads to turnover. I have seen good retention … because I gave guidelines to my leadership team to always give individual contributors stretch projects to implement new skills.” Setting measurable, smart goals CIO Michael Corrigan says World Insurance Associates’ skills gaps are primarily around emergency technologies, data, and AI. Before he came on board two and a half years ago, the company was outsourcing to MSPs to fill gaps. Michael Corrigan, CIO, World Insurance World Insurance To address this issue, Corrigan has hired new talent and has upskilled employees through continuous training. He also has developers and engineers participate in workshops and vendor bootcamps. Training internal staff has been the most effective approach, Corrigan says. But some engineers have showed no desire to upskill, whether because of the stage they were at in their career or just being resistant to change. Corrigan says that won’t fly: “We want to embrace new technologies.” Even if people weren’t open to it, learning certain skills became part of their jobs. “We set annual goals, and 50% of their bonus is [tied to] meeting their performance goals,” he says. “We set measurable, smart goals and track them throughout year and … provide as much support and opportunity as we can for their personal growth and success.” Corrigan says he will help any employee who is “excited and energetic about challenges and change,” and is driving an IT culture that “embraces change and the AI wave.” The upskilling program has been a big morale boost, and the company will reimburse employees who go for additional certifications if they are successful. “Those are generally our top performers,” he says. “They’re interested and excited.” See also: source