Daily Tech Digest - November 14, 2019

Digital Transformation is the Industrial Revolution of our age

digital transformation
Digital transformation isn’t just about technology. It’s about leadership and partnership and stewardship. It should come as no surprise that one of the most important influences McKinsey identified when it comes to determining the ultimate outcome of any transformation is a team of leaders who not only understand digital tech but also feel a sense of urgency about leveraging it; who can’t wait to start the process and bring the rest of the organization along. That’s a tall order, becoming that kind of leader. Being someone who’s willing to challenge the status quo, experiment with the unfamiliar and get comfortable with the prospect of failure. But the only time I’ve ever seen any organization enjoy dramatic growth is when they tried something (and hired someone) dramatically different. Which brings us to an equally important ingredient of transformational leadership: Integrators. According to McKinsey, the leaders most likely to succeed in exacting change are those willing to step back and recruit uniquely qualified partners who’ll help them integrate -- and translate -- new digital tactics into existing and evolving business strategies.

Atlassian expands Jira Service Desk to non-IT biz teams

Although billed as a collaborative IT service management (ITSM) tool, many Jira Service Desk customers have, in practice, adapted the application to deliver a variety of services to end users in the enterprise, Atlassian said. With that in mind, the company today introduced new templates and workflows in Jira Service Desk to encourage its use outside of IT. Templates make it easier to configure the application to better meet the demands from HR, facilities and legal teams. The “out-of-the-box” functionality allows HR or operations managers to create and maintain their own service desks with minimal involvement from IT, Atlassian said. “HR and facilities teams can now leverage Jira Service Desk to more easily manage tasks like employee on-boarding and fielding maintenance requests, and legal teams can shift from manually chasing down signatures to working collaboratively with an automated digital workflow,” the company said in a blog post. The announcement comes as a range of vendors in the market, including ServiceNow and others, have also moved to expand their products with modules that support non-IT use, driving a trend around enterprise service management (ESM).

Cybercrime, meet AI

The good news is that any such automated APTs will arrive slowly, because AI is complicated. An AI algorithm isn’t usually designed to be user friendly. Instead of pointing and clicking, you have to customise the hacking tool to a degree that needs AI expertise. Those skills are in short supply in the industry, let alone the hackersphere, so we’re likely to see this achieved first by nation-states, not by hobbyists – which means that the first likely targets are those with national interest. Let’s look at some public examples. A while ago there were hacks on Anthem, Primera and Care First, major healthcare providers in the US, all of which worked with a lot of federal employees. At the same time, Lockheed and the Office of Personnel Management, which handles Class 5 security clearance, were hacked, losing fingerprint and personal data for thousands of people. One theory about these hacks was that a nation state stole the data. As it didn’t turn up on the dark web for sale, where did it end up? If this nation does now possess it, they have terabytes of healthcare, HR, federal background check and contractor data at their command.

3 emerging memory technologies that will change how you handle data

Intel’s Optane DC persistent memory drops into a standard DIMM slot connected to a CPU’s memory controller. Available in capacities of up to 512GB, it can hold several times more data than the largest DDR4 module. The information on an Optane DC persistent memory DIMM operating in App Direct Mode is retained when the power goes out. In contrast, volatile memory technologies like DRAM lose data quickly if they aren’t constantly refreshed. Software does need to be optimized for Intel’s technology. However, the right tweaks allow performance-bound applications to access Optane DC persistent memory with low-latency memory operations,. Alternatively, the DIMMs can be used in Memory Mode, where they coexist with volatile memory to expand capacity. Software doesn’t need to be rewritten to deploy Optane DC persistent memory in Memory Mode. The technology can also be used in what Intel calls Storage Over App Direct Mode, where persistent memory address space becomes accessible through standard file APIs.

Consumer Data Privacy Rights: Emerging Tech Blurs Lines

emerging technologies alexa data collection
Security experts say that consumers should have fundamental data-privacy rights. If a company or government collects a consumer’s private data, it must have a legal basis, and must also have correct security measures in place to properly protect it. Individuals should also have the right to decide what and how their personal data is stored, experts like De Guzman have agreed. However, over the years court systems, companies and lawmakers have mulled over the data privacy implications of new tech, as exemplified through various legal cases throughout the years. For instance, Riley v. California shed light on warrantless searches of cell phones. In 2014, the Supreme Court ruled that the “search incident to arrest” exception does not extend to a cell phone, and police need to obtain search warrants to search cellphone data. Another case, U.S. v Microsoft, in 2013 brought data ownership and privacy into the spotlight, after U.S. authorities tried to access customer emails through Microsoft from a data center housed in Dublin, Ireland as part of a U.S. trafficking investigation.

Employees – the weakest link in email security?

BEC scams
Email is not only one of the most important channels of communication in day-to-day business, but unfortunately also one of the biggest gateways for cyber attacks. According to the safety and network specialists Barracuda Networks, 91% of all attacks start with an email. Gateway solutions such as Barracuda Essentials therefore represent an important first line of defence against the dangers posed by malicious emails. Not only do such solutions reliably recognise spam and phishing emails, they also provide protection against sophisticated attacks like zero-day attacks in which cyber criminals exploit unpatched security flaws in firmware and software in order to release malware or steal data. Thanks to the use of cutting-edge techniques such as sandboxing and artificial intelligence, it is becoming increasingly difficult for cybercriminals to overcome these defence systems. They are, therefore, increasingly mounting targeted attacks on workers by sending personal messages tailored to the recipient. Such emails are often not recognised as spam or phishing attempts by the defence systems, and these messages are therefore able to thwart the shield settings in place.

When it comes to cybersecurity, is your company taking action the way it should be?
IT teams are under enormous pressure to keep up with changing tech trends. The list of current tech capabilities is long and growing by the day — right-speed IT, blockchain, augmented and virtual reality, machine learning, and advanced analytics are just a few examples of technologies that IT teams are expected to be experts in. While businesses are happy to invest in the technology itself, they often neglect to likewise invest in the team making it all work. A Business Reality Check survey found that upwards of 40% of senior executives are increasing spending on tech, but fewer are investing in tech talent. As a result, many IT teams are stranded in firefighting mode, cleaning up after attacks, mitigating vulnerabilities, and improving security defenses rather than leveraging new technology to its full strategic potential. To solve this problem, organizations are turning to cybersecurity automation. A 2019 Domain Tools/Ponemon survey found that 53% of respondents don’t have enough staff to monitor their organization’s cyberthreats 24/7, and 60% believed automation will be used in the next few years for threat hunting.

Attention cybersecurity entrepreneurs: CISOs want simplicity!

easy simple pixel hand computer pointer
Like many CISOs today, Guttman has a mission to simplify her organizational security. To that end, she warns that “CISOs must be ruthless about selecting and leveraging products and security environments,” explaining that tight budgets require IT organizations to adopt a strict and systematic evaluation process. “I'm looking at strategic gaps in cybersecurity, and whether legacy products provide the needed coverage. To some degree, it’s a zero-sum game – I often need to shed incumbent components and solutions to free up budget for new tech.” Adam Ely concurs, citing the popular “shift-left” approach to managing solutions at Walmart. “I'm looking at how can we build security into the fabric of our operations, as a process, as a technology, so that we can stop bolting on tech ad hoc, force-fitting tools and solutions that were not designed for a given workflow.” He warns cybersecurity vendors against narrow point solutions, as large companies are increasingly drawn towards migration to a single platform that can be leveraged across use cases and applications.

Plugging the Data Leak in Manufacturing

IIoT helps bring visibility to managers, allowing them to see whether machines are on, if they’re running efficiently and if there are any issues to address. In the event an issue arises, because of the data that IIoT provides, the technology can also allow manufacturers to trace back parts to where they were made and assess whether there’s been a problem with the machine, the part or something else entirely. As IIoT systems depend on these sensors to collect and parse through vast amounts of data, it’s vital to ensure that there are controls in place to safeguard that data and ensure its integrity. However, it can be easy to overlook the fact that this data needs to be protected in the first place. After all, it’s unlikely these systems are handling sensitive data that’s subject to regulatory compliance like protected health information (PHI) or personally identifiable information (PII). However, IIoT-generated data – calibrations, measurements and other parameters – still need to be stored, managed and shared securely to provide a company with maximum impact.

How retail companies can better protect themselves against cyberattacks

The "carders" who obtain stolen cards are able to upload them to a website, which then sells them anonymously and at huge discounts to their customers. This type of scam costs retailers millions of dollars in lost sales from both the gift cards and the products they're used to purchase, according to IntSights. Another popular method is card-not-present (CNP) fraud, a type of scam in which the customer doesn't have to physically present the card to a merchant during a transaction. Typically occurring online, this kind of fraud has risen due to the increased popularity of e-commerce sites. To fight this type of crime, many online retailers now require the CVV code from the card during a transaction. However, even CVV codes are now available on the Dark Web. In fact, full profiles of victims with their ZIP codes, PINs, and CVVs are worth more on the Dark Web because they help criminals more easily sneak past any security measures on a retail site. The Dark Web is home to many marketplaces that sell such credit card information, including one known as the Jokers Stash, according to the report. The underground credit card theft industry even works like a regular business with customer support and user reviews.

Quote for the day:

"Don't necessarily avoid sharp edges. Occasionally they are necessary to leadership." -- Donald Rumsfeld

No comments:

Post a Comment