Daily Tech Digest - March 15, 2020

The rising threat of drones to cybersecurity: What you need to know

picture of a drone
While it may seem impossible for a drone to affect cybersecurity, there are several factors that make it entirely possible for drones to carry out many malicious cybercrimes. For instance, drones equipped with cameras have been associated with spying. In fact, there have been many arrests for drone spying — and that’s not all a drone can do. In addition to taking bird’s-eye pictures and video, drones can also be used to spy on networks, capture data and block communications, making them a huge threat to cybersecurity as a whole. The fact that drones carry this type of threat to cybersecurity is due to their vast capabilities. In addition to cameras, many drones come equipped with GPS, USB ports, and other means that can easily allow them to be hijacked. Hackers can use tools to easily tap into drones if the owner doesn’t install certain security measures. This leaves many commercial drones at risk of exploitation due to the fact that they communicate with their operators via WiFi and GPS, which often tend to be unencrypted. With all that a drone can do, it comes as no surprise that they pose such a risk to cybersecurity. In addition to the privacy issue and the fact that drones are vulnerable to hackers, previous incidents prove how risky the small aircrafts can be.

The report also highlighted that just 9% of security professionals are neurodivergent, although meaningful and reliable comparison of this measure against the wider industry is not yet possible – DCMS nevertheless said it found a concerning lack of awareness of neurodiversity in the sector. The research process highlighted a number of barriers and challenges to increasing the diversity of Britain’s cyber security workforce. DCMS said that while diversity was seen as more important, there remain pockets of scepticism, with some interviewees claiming the topic was overemphasised, or no worse than in other digital sectors, and therefore not a problem. Many respondents also said they did not view a diverse workforce as a means to help tackle the skills shortage in security, focusing instead on non-specific benefits. This is in spite of a growing and substantial body of evidence that proves diverse teams are a hugely important factor in building a responsible organisation.

Learning Data Science Skills Is Easier Than You Think

Futuristic Circuit Board Render
Data skills are valuable across all industries and job functions as decision making is becoming more and more data-driven, and gaining these skills isn’t as challenging as originally thought. The Burning Glass report states that “the demand for metrics — and the growing ease of measuring and visualizing them — is reshaping business practices across industries,” citing marketing and business analysis as examples. It also highlights the demand for data science and analytics skills in decision-making roles, including managers across a range of industries. So, where to start? IBM Data Scientist Joseph Santarcangelo, Ph.D., shared his expertise on getting started in data science, which starts with learning Python: “Today with data science, for a lot of it you don’t have to have a Ph.D. anymore. You don’t have to spend years and years studying something. The runway is a lot shorter this year for data science...now all you really have to know is Python and have a basic understanding of what’s going on and it’s pretty remarkable where you can go.”

Data Experts Say New Sources Must Not Replace Traditional Data

Participants added that new institutional frameworks, including legal guidelines, are needed to manage the influx of new technologies. Lisa Bersales, the first National Statistician of the Philippines, called for quality-assurance frameworks for big data and citizen-generated data. Gero Carletto, World Bank, noted that risks arise from the lack of standards for integrating different data sources. The speakers also advised caution about the “recent boom” in public-private data partnerships, suggesting that they must be managed carefully. Fredy Rodriguez, Cepei, explained the need for partnerships to establish an effective institutional framework in order to share data and determine how shared data will be used. Finally, the discussion drew attention to the evolving role of the National Statistics Offices (NSOs). Experts said NSOs’ mandate has evolved significantly in the past few years; no longer just producers of data, they are now responsible for coordinating a broad data ecosystem of entities across government, civil society, and the private sector, and for brokering new partnerships to produce, clean, compile, and analyze data to produce official statistics. In effect, NSOs have become “data stewards.”

Digital transformation: 3 ways to ease the fear factor

cio role digital transformation
Convey what the state of the business could be like without digital transformation. Understanding that the company’s future could be at risk and that their skills will become obsolete with antiquated legacy systems will likely have a significant impact on everyone. Remind employees that digital change is about designing and delivering better products and services and that this is why many people get involved with IT if the first place – to make a positive change. Positioning change in this way can help everyone see it through a different lens. Be direct and honest in all your communications, especially with employees who actively oppose change. State what the goals are, what the rollout will look like, and what the benefits will be for customers and partners as well as employees. Create a conversation and openly acknowledge concerns. Don’t shy away from difficult conversations – these are the ones employees will focus on, and failing to engage in them will drive the message that change is unpalatable.

How to use digital twins to reduce risk

Big data analytics, financial charts, business team working on computer.
In the last few years, the term "digital twin" has entered the lexicon, likely as a result of overzealous consultants applying a complicated name to a simple concept. A digital twin is nothing more than a computer simulation of something in the physical world. The Cessna I careened through the skies of Chicago on my monochrome monitor as a youth was a digital twin, just as a spreadsheet predicting next year's sales can also be a digital twin, as they both aim to simulate a future outcome using data and logic. Digital twins are incredibly valuable for the rather obvious reason that they can help you gather key insights and model potential future outcomes at a fairly low cost, thus de-risking larger investments. Consider my early experiments in flying an aircraft. For $40 or so I was able to crash my "digital twin" of a $200,000 aircraft multiple times before gathering the critical insight that I needed to pull back on the stick instead of pushing forward. In a more relevant recent example, I worked with a client who was trying to determine if the logistical costs of a complex distribution network could be sustained at a price customers were willing to pay. 

a worker fixing a power line
For many industrial networks, the highest standard of security is an "air gap," a physical disconnect between the inner sanctum of software connected to physical equipment and the less sensitive, internet-connected IT systems. But very few private-sector firms, with the exception of highly regulated nuclear power utilities, have implemented actual air gaps. Many companies have instead attempted to restrict the connections between their IT networks and their so-called OT or operational technology networks—the industrial control systems where the compromise of digital computers could have dangerous effects, such as giving hackers access to an electric utility's circuit breakers or a manufacturing floor's robots. Those restricted connections create choke points for hackers, but also for remote workers. Rendition InfoSec founder and security consultant Jake Williams describes one manufacturing client that carefully separated its IT and OT systems. Only "jump boxes," servers that bridge the divide between sensitive manufacturing control systems and nonsensitive IT systems, connected them. Those jump boxes run very limited software to prevent them from serving as in-roads for hackers.

Zero trust: Taking back control of IT security

They say: “Zero trust changes the traditional model of ‘trust, but verify’ – where you assume that any device or asset attached to your internal network is likely to be permitted and safe to access internal-only resources, but still verify that this is the case. Instead, that becomes ‘never trust, always verify’ – where every device must pass authentication and security policy checks to access any corporate resources, and to control access only to the extent required.” Trust involves an interplay between people and technology. According to Walsh and Grannells, the starting point for these trust factors is a well-thought-out and up-to-date set of policies, standards, procedures and work practices, supplemented by detailed, up-to-date network documentation and asset inventories covering information, software licences and hardware. The pair believe zero trust enables IT security to regain control. “The shift to zero trust is where information security is taking back control of the many new perimeters of the corporate ecosystem,” they say.

How do we stay smarter than our smart home devices?

It’s difficult to argue with the statement that connected devices do already enrich our lives and will continue to do so more impressively in the near and distant future. The not-so-great news? IoT manufacturers really need to step up their cybersecurity game. Many are already working tirelessly to do so, but as many are pretty much starting from scratch, they have their work cut out for them.  With more than half of companies failing to require third-party security and privacy compliance, it’s no surprise that in the past couple of years we’ve seen connected device data breaches almost double, going from 15% to 26%. Furthermore, some of these incidents encroached on peoples’ privacy in a very alarming way. Remember when Amazon’s Alexa recorded a private conversation and sent the content to a user’s random contact? Or when we’ve learned that our BFF, Roomba’s iRobot, can actually map our homes and share this information?  But with incredible devices like smart thermostats that can save us money – and even save our lives by turning off the stove if it’s on for too long – giving up on IoT because of its cybersecurity flaws is not an option.

FortiGuard Labs’ Derek Manky Talks Swarm Attacks, War of Deception

FortiGuard Labs’ Derek Manky Talks Swarm Attacks, War of Deception
Using swarm technology, intelligent swarms of bots can share information and learn from each other in real time. They could target a network, attacking multiple systems at the same time, and overwhelming the network because of the sheer number of attacks and speed at which they occur. “This is a way they could weaponize it, particularly with 5G being rolled out, which means a lot of devices can communicate really quickly together and that’s when you have a swarm,” Manky said. “You have connected devices that communicate, and if you hook up an AI system to that, those devices can launch an attack on their own. It looks quite scary.” On the bright side, organizations can still get ahead of these types of attacks, Manky said. This starts with basic cybersecurity hygiene, which, unfortunately is something many companies still struggle with. “You need a proper security architecture, segmentation,” which reduces a company’s attack surface by essentially sealing off workloads from the rest of the network, thus preventing hackers from gaining access to the wider system.

Quote for the day:

"Trust is the highest form of human motivation." -- Stephen R. Covey

No comments:

Post a Comment