Daily Tech Digest - November, 28, 2019

Cutting Cybersecurity Budgets In A Time of Growing Threats

uncaptioned
Greater spending on cybersecurity products hasn't entailed a better organizational security posture. Despite the millions of dollars spent by organizations year after year, the average cost of a cyberattack jumped by 50% between 2018 and 2019, hitting $4.6 million per incident. The percentage of cyberattacks that cost $10 million or more nearly doubled to 13% over the same period. Enterprises are using a diverse array of endpoint agents, including decryption, AV/AM and EDR. The use of multiple security products may, in fact, weaken an organization’s security position, whereby the more agents an endpoint has, the greater the probability it will get breached. This wide deployment makes it difficult to standardize a specific test to measure security and safety without sacrificing speed. Buying more cybersecurity tools tends to plunge enterprises into a costly cycle of spending more time and resources on security solutions without experiencing any parallel increase in security. However, in a mad chicken-and-egg pursuit, this trend of spending more on security products persists due to the rising costs of a security breach.



Digital transformation: Business modernization requires a new mindset

A lot of executives actually want to share their frustrations, and one of the frustrations, especially with more, let's just say, legacy-oriented organizations, I'll hear about millennials all the time. And then also the coming of centennials. In that they do want to work differently, they do think differently, and infrastructures, and also models, don't necessarily support that way of thinking and way of working. The consumerization of technology, it hasn't just affected millennials or the younger workforce, it's affected all of us. I think, anybody who has a smartphone or uses social media, or has ordered an Uber or Lyft, or DoorDash, or Postmates, you name it, we have, as human beings, radically transformed. Our brains have radically transformed as we use more of these technologies, we're multitasking, we're doing a million things. Employees get something like 200 notifications during their work day, just from their phone and social and email. So a lot of the way that we have to think about work has to change. We have to think bigger than the millennial workforce.


Hotel front desks are now a hotbed for hackers


First spotted in 2015 but appearing to be most active this year, RevengeHotels has struck at least 20 hotels in quick succession. The threat actors focus on hotels, hostels, and hospitality & tourism companies. While the majority of the RevengeHotels campaign takes place in Brazil, infections have also been detected in Argentina, Bolivia, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand, and Turkey. The threat group deploys a range of custom Trojans in order to steal guest credit card data from infected hotel systems as well as financial information sent from third-party booking websites such as Booking.com. The attack chain begins with a phishing email sent to a hospitality organization. Professionally-written and making use of domain typo-squatting to appear legitimate, the researchers say the messages are detailed and generally impersonate real companies.  These messages contain malicious Word, Excel or PDF documents, some of which will exploit CVE-2017-0199, a Microsoft Office RCE vulnerability patched in 2017.


Regaining ROI by reducing cloud complexity

Illustration of a woman in a suit hopping across clouds in a blue sky
“The first thing is admitting that there’s an issue, which is a tough thing to do,” Linthicum acknowledges. “It essentially requires creating an ad hoc organization to get things back on track and simplified, whether that’s hiring outside specialists, or doing it internally. “The good thing about that is typically you can get 10 times ROI over a two-year period if you spend the time on reducing complexity,” he says. Even with that incentive, reducing complexity involves a cultural change: shifting to a proactive, innovative, and more thoughtful culture, which many organizations are having trouble moving towards, he warned. The most effective way to do that is really retraining, replacing, or revamping. “That’s going to be a difficult thing for most organizations,” Linthicum says. “I’ve worked with existing companies that had issues like this, and I find it was the hardest problem to solve. But it’s something that has to be solved before we can get to the proactivity, before we can get to using technology as a force multiplier, before we can get to the points of innovation.”


Top 5 SD-WAN Takeaways for 2019
Auto failover, redundancy, simplified management, and cost savings topped the list of factors driving SD-WAN adoption, according to Avant Communications’ SD-WAN report. “It is Avant’s belief that SD-WAN will continue to make ongoing incursions into the higher-end enterprise, beginning at remote offices and other edges of the network, and then reaching steadily closer toward the core,” the report reads. One of the biggest promises made by many SD-WAN vendors is that the technology will reduce costs by shifting bandwidth off of — and in some cases eliminating the need for — expensive MPLS connections. And while this can be true, with more than half of companies surveyed in the aforementioned Avant report indicating that cost savings over MPLS was a key concern, the majority were still split on whether to keep or replace their MPLS connections in favor of SD-WAN and broadband internet. Roughly 40% of those surveyed said they planned to use a hybrid solution that combines the two.


Autonomous systems, aerial robotics and Game of Drones

Now, automation has basically enabled a level of productivity that you see today. But automation is very fragile, inflexible, expensive… it’s very cumbersome. Once you set them up and when everything is working well, it’s fantastic, and that is what we live with today. You know, autonomous systems, we think, can actually make that a lot easier. Now the broad industry is really still oriented toward automation. So we have to bring that industry over slowly into this autonomous world. And what’s interesting is, while these folks are experts in mechanical engineering and operations research and, you know, all those kind of important capabilities and logistics, they don’t know AI very much.  ... They don’t know how to create horizontal tool chains which enable efficient development and operations of these type of systems. So that’s the expertise we bring. I’d add one more point to it, is that the places we are seeing autonomous systems being built, like autonomous driving, they’re actually building it in a very, very vertical way.


How Machine Learning Enhances Performance Engineering and Testing


During testing, there are numerous signs that an application is producing a performance anomaly, such as delayed response time, increased latency, hanging, freezing, or crashing systems, and decreased throughput. The root cause of these issues can be traced to any number of sources, including operator errors, hardware/software failures, over- or under-provisioning of resources, or unexpected interactions between system components in different locations. There are three types of performance anomalies that performance testing experts look out for. ... Machine learning can be used to help determine statistical models of "normal" behavior in a piece of software. They are also invaluable for predicting future values and comparing them against the values being collected in real-time, which means they are constantly redefining what "normal" behavior entails. A great advantage of machine learning algorithms is that they learn over time. When new data is received, the model can adapt automatically and help define what "normal" is month-to-month or week-to-week.


How Microsoft is using hardware to secure firmware

microsoft-secured-core-pcs.jpg
"Given the increase in firmware attacks we've seen in the last three years alone, the goal was to remove firmware as a trusted component of the boot process, so we're preventing these kinds of advanced firmware attacks," Dave Weston, director of OS security at Microsoft, told TechRepublic. The first line of the Windows boot loader on Secured-core PCs puts the CPU into a new security state where, instead of accepting the measurements made during Secure Boot, even though they're in the TPM, it goes back and revalidates the measurement. If they don't match, the PC doesn't boot and goes into BitLocker recovery mode instead. If you're managing the PC via Intune, it also sends a signal to the service that the device can't be trusted and shouldn't be allowed to connect to your network. "These PCs use the latest silicon from AMD, Intel, and Qualcomm that have the Trusted Platform Module 2.0 and Dynamic Root of Trust (DRTM) built in. The root of trust is a set of functions in the trusted computing module that is always trusted by a computer's OS and embedded in the device," Weston explains.



Not a single investment deal worth $100 million or more has been signed with an all-women team over the past four years, and only 7% of such deals went to mixed teams in 2019.  That's still a slight improvement on the previous year, when every single mega-round went to teams led exclusively by men. Sarah Nöckel, investment associate at VC firm Dawn Capital, told ZDNet: "Europe is lagging behind on diversity. In general, there is still an ongoing unconscious bias towards women. There needs to be a lot more education to change mentalities." The issue is not that women are absent from the tech space. Out of 1,200 European tech founders that were surveyed in the report, nearly a quarter identified as women.  As it dug further, the report also found that women and men are almost equally qualified for science and engineering careers. In fact in some countries, like Lithuania, the number of women who are scientists and engineers surpasses that of men. Women can and do found tech companies, therefore; the problem is rather that they then struggle to secure enough capital to develop their projects.


"Security campaigns do not work," says infosec professor Adam Joinson


The researchers' conclusions are based on a case study they performed with a large engineering services firm, based in the UK and employing more than 30,000 people. They found that - "whether we were talking to security practitioners or whether we were talking to employees" - security was not seen as something that supported the business; instead, it was perceived as a block. "In fact, they would see it as almost an adversary of employees," trying to catch and sanction workers for security breaches. One of the reasons for this was a misalignment between security policies and processes, and the lack of tools provided for employees to do their jobs. As part of an engineering firm, employees often had to deal with "massive" files from architects and similar, but the company limited emails to a 15MB attachment limit and did not allow workers use USB sticks. Cloud storage, in one particular case, was banned by a client's security policies. "Effectively, security stopped them from doing the core function of their role."



Quote for the day:


"Don't necessarily avoid sharp edges. Occasionally they are necessary to leadership." -- Donald Rumsfeld


No comments:

Post a Comment