Daily Tech Digest - August 17, 2019

Security warning for software developers: You are now prime targets for phishing attacks

According to the Glasswall report, software developer is the role most targeted by hackers going after the technology sector. A key reason for this is that devs do the groundwork on building software and will often have administrator privileges across various systems. That's something attackers can exploit to move laterally around networks and gain access to their end goal. "As an attacker, if you can land on an administrator machine, they have privileged access and that's what the attackers are after. Software developers do have that privileged access to IP and that makes them interesting," Lewis Henderson, VP at Glasswall, told ZDNet. With software developers being technically-savvy people, some might argue that they shouldn't easily fall victim to phishing campaigns. But attackers can use specially-crafted messages to target one individual in the organisation they want to gain access to. With software developers often staying in jobs for relatively short periods of time, it's common for those in the profession to build a profile on professional social networks such as LinkedIn. Attackers can exploit that to find out the specific skills and interests of their would-be victim and tailor a spear-phishing email towards them.

Deploying Natural Language Processing for Product Reviews

We have data all around us and there are of two forms of data namely; tabular and text. If you have good statistical tools tabular data has a lot to convey. But it is really hard to get something out of the text, especially the natural language spoken text. So what is natural language? We, humans, have very complex language and natural language is the true form of human language which is spoken/written with sincerity also surpassing grammatical rules. To consider the best example where you can find this language is in “Reviews”. You write review mainly for two reasons, either you are very happy with the product or very disappointed with it and, with your reviews and a Machine Learning Algorithm, entities like Amazon can figure out whether the product they are selling is good or bad. Depending upon the results on the analysis of the reviews they can make further decisions on that product for their betterment.

Scrum is not magic and will not solve this problem. If you do not have enough skills to do the work or do a great job in the work, then it will not magically create those skills. What it will do is make that problem very evident in the Increment (stuff that is delivered), the Sprint Review, the Retrospective, Sprint Planning and the Daily Scrum. Actually, it will be evident in all of the Scrum events. Scrum might not be magic, but it does make problems very evident, encouraging the team to solve them. Skills are one set of challenges that teams face and Scrum will make them, or the lack of them very apparent to everyone. This will, however mean choices need to be made by the team and the management of the environment the team works within. There is no blaming the system with Scrum. Many teams doing Scrum describe the sensation of being on a Scrum Team like being in a startup. It is rare that a startup has all the right skills to deliver the best product, but they have enough to do something and will beg, borrow and steal the knowledge and experience to fill in the gaps.

Fintech - Regtech - How About Sales?

The good news is that compelling events such as a growing demand for regulatory compliance and digitalization are triggering and driving many new procurement initiatives within the financial institutions. The bad news is that purchasers, influencers and decision makers get overloaded with requests for meetings and presentations by numerous candidate suppliers. The apparent conflict between the interests of young technology companies and the overloaded and stressed end-user prospects and clients, resulted in the emergence of a new type of business: the technology brokerage or in other words: companies providing shared expert sales and account management services, on an international scale. With this new model, working with the rare species of expert financial technology sales becomes affordable for the technology company. At the same time the end-users can interact with a trusted but independent account manager that interfaces with different technology providers.

The history of AR and VR: from gimmick to business problem solver

The history of AR and VR: from gimmick to business problem solver image
The history of AR and VR goes back longer than anyone would have expected. When Charles Wheatstone invented the stereoscope in 1838, he didn’t know it, but his 3D image creation would spark the augmented reality and virtual reality boom that is predicted to infiltrate business and society in the next 10-15 years. While the first VR head-mounted display (HMD) was created in 1968 by computer scientist Ivan Sutherland, “there was no name for AR when we started in 2011,” says Beck Besecker, CEO, Marxent. “We called it hologram technology at the time.” ... Both technologies were viewed as quite gimmicky add ons, until opportunities emerged to apply them to tangible use cases, such as in the home vertical. But what changed? Did the technologies advance enough to add value? Or, did awareness around the benefits of the technologies improve? There’s a bunch of reasons. And, one of the main ones, is getting over the hype — the stumbling block for many emerging technologies.
Get ready for the convergence of IT and OT networking and security
Traditionally, IT and OT have had very separate roles in an organization. IT is typically tasked with moving data between computers and humans, whereas OT is tasked with moving data between “things,” such as sensors, actuators, smart machines, and other devices to enhance manufacturing and industrial processes. Not only were the roles for IT and OT completely separate, but their technologies and networks were, too. That’s changing, however, as companies want to collect telemetry data from the OT side to drive analytics and business processes on the IT side. The lines between the two sides are blurring, and this has big implications for IT networking and security teams. “This convergence of IT and OT systems is absolutely on the increase, and it's especially affecting the industries that are in the business of producing things, whatever those things happen to be,” according to Jeff Hussey, CEO of Tempered Networks, which is working to help bridge the gap between the two. “There are devices on the OT side that are increasingly networked but without any security to those networks. Their operators historically relied on an air gap between the networks of devices, but those gaps no longer exist. ..."

The true value of diversity in risk management

Looking beyond gender diversity, Molyneux, Omero, Reis, A. Merzouk, and Lani Bannach, Director of Essenta and Well U Trading, advocate for diverse teams but in a multidisciplinary way. Molyneux believes that “diversity, in all forms, is incredibly important for every business or sector. When I say “all forms”, I would even include things like cultural diversity, diversity in the level of experience, and even diversity in operating styles.” “There are several studies where a diverse workforce is proven to enrich the working environment by providing different solutions to the same problem and by opening up constructive debate, ultimately resulting in a better outcome. Companies that do not diversify lose out on competitiveness and talent”, Omero explained. “If the sector doesn’t value and embrace diversity appropriately it will lose a powerful taskforce and source of knowledge and creativity”, Reis added. “The sector is always open to new ideas and innovative solutions for old and new issues. The more diverse an environment is, the more creative and revolutionary will the business solutions be.”

Testing Microservices: Overview of 12 Useful Techniques - Part 1

Choose your testing techniques with a perspective on time to market, cost, and risk. When testing monoliths with techniques like service virtualization, you do not have to test everything together. You can instead divide and conquer, and test individual modules or coherent groups of components. You create safe and isolated environments for developers to test their work. ... When working with microservices, you have more options because microservices are deployed typically in environments that use containers like Docker. In microservice architectures, your teams are likely to use a wider variety of testing techniques. Also, since microservices communicate more over the wire, you need to test the impact of network connections more thoroughly. Using tools and techniques that better fit the new architecture can allow for faster time to market, less cost, and less risk.  Many IT departments work with or maintain systems developed and deployed in a monolithic architecture.

Flip the ratio: Taking IT from bottleneck to battle ready

One of the main reasons back-end systems demand so many resources is that they do not take advantage of agile ways of working that have become second nature to most software developers. Either back-end teams confuse “doing” agile rather than actually “being” agile, running waterfall projects using the scrum method but not working in small teams rapidly iterating on small chunks of code, or agile doesn’t even make it to the back-end teams. Even application maintenance and IT infrastructure can benefit from agile principles, which is significant, since these areas often make up 40 to 60 percent of the IT organization. By introducing true agile methods—small, cross-functional teams or squads working in rapid iterations—to relevant enterprise IT work, companies can radically reduce the resources needed to support those systems while substantially improving service quality and the potential for automation. ... By better understanding business needs, teams eliminated some demand by providing self-service options. Cross-functional teams had the people needed to not only identify the root cause of incidents but correct them immediately.

IoT Devices — Why Risk Assessment is Critical to Cybersecurity

IoT Devices cybersecurity risk assessment
Managing risk of any kind, and IoT risk, in particular, is never a one-and-done exercise. After first determining the risk category for new IoT devices or services, it is crucial to revisit this exercise on a regular basis. Changes to the IoT devices, the local area networks and the applications with which the devices interact create an ever-changing attack surface that requires constant monitoring to help maintain a strong forward-leaning security posture. Organizations should take a disciplined approach to risk categorization and mitigation across the entire IoT ecosystem. Tripwire can help you identify IoT risks by providing rigorous security assessments. Tripwire’s device testing approach includes identifying security risks and vulnerabilities that may exist in the physical construction of the device and its network interfaces. Our goal is to identify potential control exposures through security configuration analysis and vulnerability testing of the platform and the operating environment.

Quote for the day:

"There is no "one" way to be a perfect leader, but there are a million ways to be a good one." -- Mark W. Boyer

No comments:

Post a Comment