Daily Tech Digest - July 23, 2019

How to establish a security culture within IT

network security lock padlock breach
In the current age of widespread security awareness, almost every enterprise has established a security program. A security program consists of policies established by the CISO or ranking security leader, operational controls that enforce the policies, work rules and procedures that implement the controls, tools that support the rules and procedures, and a security operations team that employs the tools to monitor the rules and procedures and audit the consistency and effectiveness of the controls. This sounds complicated but the key components of a successful security program are well understood by most IT shops and have been implemented to one degree or another in most enterprises. A security program and a security culture are two different things. In a security culture employees have an informed understanding of the cybersecurity threats that confront their companies. They understand the motivations and intents of the malicious actors that operate within their industries or markets. Cybersecurity issues and concerns are routinely discussed in normal business meetings such as quarterly business reviews, business strategy sessions, budget planning meetings, M&A evaluations, etc.

Google debuts better transcription, endless streaming, and more in Contact Center AI

Increased contextual awareness and enhanced speech-to-text aren’t the only new natural language understanding improvements coming down the Contact Center AI pipeline. Google debuted in beta today “richer” manual speed adaptation and entity classes, in addition to expanded phrase limits, endless streaming, and more. There’s a trio of new features within SpeechContext parameters, the collection of Cloud Speech-to-Text settings and toggles that tailor transcriptions to businesses’ and verticals’ vernaculars. SpeechContext classes — prebuilt entities reflecting concepts like digit sequences, addresses, numbers, and money denominations — optimize ASR for a list of words at once. As for SpeechContext boost, it helps adjust speech adaptation strength while cutting down on the number of false positives — i.e., when a phrase wasn’t mentioned but appears in a transcript. Lastly, SpeechContext now supports up to 5,000 phrase hints per API request, increasing the probability uncommon words or phrases will be captured by ASR.

Data breach costs on the rise and the financial impact will be felt for years ⁠— IBM

Data breach costs on the rise and the financial impact will be felt for years ⁠— IBM image
Those organisations that experience data breaches, whether large or small, and aside from the reputational damage will experience the financial impact of a data breach for years. The report found that while an average of 67% of data breach costs were realised within the first year after a breach, 22% accrued in the second year and another 11% accumulated more than two years after a breach. The ‘longtail’ costs were higher in the second and third years for organisations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals. “Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services. “With organisations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line and focus on how they can reduce these costs.”

Major Improvements Are Coming To Blockchain In 2020

Credit: Getty
Everyone in the enterprise world already has a blockchain strategy. If they don’t have one now, they risk the chance of staying behind or simply missing an opportunity. For the last few years, the benefits and correlated risks of fully adopting blockchain technology have been estimated, analyzed, and discussed at large. One thing is clear – despite the potential for a big upside, embracing a newly developed technology presents numerous risks that shouldn’t be underestimated. Blindly introducing new technology stack into an already working production environment means exposing that environment to potentially dangerous security breaches, hacks and data loss. So, where we are now? Most blockchain protocols claim some level or maturity … but are they, in fact, sufficiently mature? Are they ready for full on-premise deployment in large-scale enterprises? Will CIOs and other business executives enjoy the same comfort as that of the tooling they already have? Let’s review what it takes to move a blockchain protocol from open source to enterprise.

New Cyber Security Directive Forces Federal Agencies to Patch Vulnerabilities Twice as Fast

Console on data center rack showing new cyber security directive which requires U.S. federal agencies to patch vulnerabilities twice as fast
Agencies that fail to patch vulnerabilities during the required time window are given three days to get a complete remediation plan in place. They are asked to provide a reason as to why they cannot update in time, to document any intermediary mitigation methods they put in place and provide an estimate of when their systems will be patched. Though these requirements do apply to all federal agencies (with the exception of the Pentagon and intelligence agencies), the DHS has stated that some systems that are no longer receiving security updates will be exempt from these rules. Under the terms of the new cyber security directive, administrative penalties are possible for agencies that fail to respond in a timely manner. CISA is a recent reorganization of the National Protection and Programs Directorate (NPPD), tasked with protection of both the nation’s physical and cyber infrastructure. Under the Cybersecurity and Infrastructure Security Agency Act of 2018, the department has been restructured with a renewed emphasis on cyber security.

From fashion to Fintech — how Manchester’s leading the way in digital tech

From fashion to Fintech — how Manchester’s leading the way in digital tech image
It’s not just startups and scaleups that are attracted to the bright lights of Manchester. Major digital players are being drawn to the North West and away from London thanks to lower rents and a large pool of graduate talent. GCHQ has chosen to locate its new cutting-edge intelligence facility in Manchester. Moonpig has announced it will open a new tech hub in Manchester city centre, designed to “turbo-charge” innovation and personalisation for its business. The Hut Group is building a one million sq ft business campus at Airport City south of Manchester, the largest development of its kind in the UK, and fellow online retail giant Amazon is rumoured to be taking another 91,000 sq ft of space in Manchester. Greater Manchester has become a main stage for leaders in the industry. It is one of the UK’s most successful city-regions; home to more than 2.8 million people and with an economy bigger than that of Wales or Northern Ireland. 

7 mobile security threats you should take seriously in 2019

Mobile security
A staggering 91% of cybercrime starts with email, according to a 2018 report by security firm FireEye. The firm refers to such incidents as "malware-less attacks," since they rely on tactics like impersonation to trick people into clicking dangerous links or providing sensitive info. Phishing, specifically, grew by 65% over the course of 2017, the company says, and mobile users are at the greatest risk of falling for it because of the way many mobile email clients display only a sender's name — making it especially easy to spoof messages and trick a person into thinking an email is from someone they know or trust. Users are actually three times more likely to respond to a phishing attack on a mobile device than a desktop, according to an IBM study — in part because a phone is where people are most likely to first see a message. Verizon's latest research supports that conclusion and adds that the smaller screen sizes and corresponding limited display of detailed information on smartphones (particularly in notifications, which frequently now include one-tap options for opening links or responding to messages) can also increase the likelihood of phishing success.

How botnets pose a threat to the IoT ecosystem

Although there is no silver bullet solution for mitigating the risk of botnets, there are a number of helpful best practices. “When deploying an IoT device of any type, the three most important questions need to be: Have we configured strong credential access? What is our update strategy for firmware changes? What URLs and IP address does the device need for its operation?” says Tim Mackey, senior technical evangelist at Synopsys. “When IoT devices are deployed within a business environment, best practice dictates that a separate network segment known as a VLAN should be used. This then allows for IT teams to monitor for both known and unknown traffic impacting the devices. It also allows teams to ensure that network traffic originates from known locations. “For example, if a conference room projector is accessible via Wi-Fi, the network the device uses should be restricted to only internal and authenticated users. Public access to the device should always be restricted. ...”

Digital Transformation Challenges IT Leaders

Image: Timestopper - stock.adobe.com
For many organizations, legacy technology could ultimately become a hindrance to everyday business operations, Lequin warned. "The larger the enterprise, the likelier the challenge of implementing change quickly, potentially cutting into the bottom line," he observed. Lequin believes that large enterprises can help build agility by pushing decision making out to the edge, using technologies such as artificial intelligence (AI) to transform loads of data into working intelligence that will give them the ability to move faster and more readily adapt rapidly changing demands. Enterprise technology is expanding ever more quickly. "It’s an exciting time to be involved in the industry," Lequin said, pointing to key long-term trends, such as robotic process automation (RPA), which automate workloads and frees-up teams to focus on value-add projects. Half of the enterprises responding to the Intelligent Technology Index cited advanced analytics, AI, and machine learning (ML) as critical to their transformation projects. "Technologies that optimize the use of data will be key difference makers moving forward," Lequin stated.

Security pros are paranoid. Maybe we should all follow suit

It’s a war out there – a fight between companies that want to leverage technology to improve the condition of humankind, and the bad actors, cyber criminals, nation states, hackers, and black hats who want to make a little cash, gain a little notoriety, or potentially destabilize a western economy. I’m in the business and I’m actually more worried than ever about the threats we face. The attackers are able to evade detection, disappear without a trace, automate their attacks, never leave the same set of fingerprints and fool even the savviest among us with spear phishing and social engineering schemes. This anxiety, even among us who know what state-of-the-art security software is capable of, was reinforced by a survey that Lastline completed at the 2019 RSA conference in San Francisco. We surveyed 136 random security professionals and the term that best comes to mind when reviewing the results is “paranoid.” These are smart people who understand what they’re fighting against, and as a result they’re distrustful, worried, and yes, paranoid.

Quote for the day:

"The great leaders have always stage-managed their effects." -- Charles de Gaulle

No comments:

Post a Comment