Daily Tech Digest - April 04, 2020

"Unlike regular times when you could dispatch a technician to hospitals, or you could actually show the doctors how to operate equipment, fix it, and so on, they need to do it remotely," Churchill said. "So we combined them with video and AR." Once TechSee receives an inquiry, it is given to a technician and the technician sends a web link via SMS to a hospital staff member. This allows the hospital support person to use their smartphone camera or tablet camera to show the technician the issue, Churchill noted. The user shows the technician the problem, and then the technician diagnoses the issue and uses AR to visually guide the hospital employee to a resolution, he added. Churchill said that TechSee works with more than 100 enterprises in a variety of sectors, with Medtechnica being one of its biggest clients in healthcare. While TechSee's solution can be applied to any system--including X-rays, routers, smart thermostats, and more--the demand for ventilators is amplifying that use case. This solution is completely web-based, so the user isn't forced to download an app. The AI-powered platform can recognize devices and technical issues, as well as automate the support process, Churchill said.

Very rarely, can risk be completely eliminated. However, inherent risk can be mitigated through a combination of risk mitigation strategies, risk shifting, and at the end of the day, acceptance of the residual risk. When addressing big data risks, in particular, two types of risks must be discussed: the risk of data breaches and the risk of data misuse. The former is addressed through data security, while the latter is most commonly addressed through data privacy and regulation. When it comes to data security, one of the most significant sources of risk is the overreliance on fairly immutable data elements for identification such as, for example, social security number, names, addresses, dates of birth, credit card numbers, and the like. When any long-lived data element is exposed and misused, the damage is usually broad and long-lasting because changing those data elements is difficult and costly. The mechanism that I’m referring to is known as public-key cryptography and digital signatures, which was invented in the ’80s. While this is widely spread as the method that web browsers use to identify websites (adding the “secure” or “SSL/TLS” labels to the URL bar), it has not had enough traction outside of that specific domain.

secured vpn tunnel
For one, the WireGuard protocol does away with cryptographic agility -- the concept of offering choices among different encryption, key exchange and hashing algorithms -- as this has resulted in insecure deployments with other technologies. Instead the protocol uses a selection of modern, thoroughly tested and peer-reviewed cryptographic primitives that result in strong default cryptographic choices that users cannot change or misconfigure. If any serious vulnerability is ever discovered in the used crypto primitives, a new version of the protocol is released and there’s a mechanism of negotiating protocol version between peers. WireGuard uses ChaCha20 for symmetric encryption with Poly1305 for message authentication, a combination that’s more performant than AES on embedded CPU architectures that don’t have cryptographic hardware acceleration; Curve25519 for elliptic-curve Diffie-Hellman (ECDH) key agreement; BLAKE2s for hashing, which is faster than SHA-3; and a 1.5 Round Trip Time (1.5-RTT) handshake that’s based on the Noise framework and provides forward secrecy. It also includes built-in protection against key impersonation, denial-of-service and replay attacks, as well as some post-quantum cryptographic resistance.

How to start your career in cyber security

Unlike many professions, you don’t need cyber security experience to get into the field, although many people entering the field will come from jobs that have similar skillsets, such as systems administration or information analysis. If you can demonstrate the relevance of your existing experience – what recruiters call ‘transferable skills’ – there’s no reason why you can’t get a foothold on the cyber security career ladder. There are also plenty of entry-level positions available. Account executives and junior penetration testers, for example, tend to have little work experience, and can learn while on the job. ... The best way to gain an advantage over other prospective cyber security professionals is to become qualified. The qualifications you need will depend on your career path. If you don’t have this mapped out yet, or you simply want a strong overall understanding of how to navigate security risks, you should seek out a course that covers general topics, such as our Certified Cyber Security Foundation Training Course. This one-day course explains the fundamentals of cyber security and shows you how to protect your organisation from a range of threats.

Is COVID-19 Driving a Surge in Unsafe Remote Connectivity?

Is COVID-19 Driving a Surge in Unsafe Remote Connectivity?
As more organizations shift to a remote workforce, new working patterns and technology adoption - including shadow IT - may lead to corporate data suddenly being poorly secured or stored in a manner that violates regulatory requirements. And more systems may be spun up that fail to secure commonly used protocols, such as RDP. "Changes to the network perimeter can also create unanticipated threats, as a higher burden is placed on remote-access systems, and if not correctly implemented, may expose systems to the internet," says Matt Linney, a senior security consultant at 7 Elements. "Looking at this now could save substantial loss in the future." The problem may be exacerbated by COVID-19 driving many organizations to rapidly embrace the equivalent of bootstrap approaches to digital transformation and moving to cloud-based platforms and core services without having first carefully planned, tested, validated and secured their approach (see: Zoom Fixes Flaw That Could Allow Strangers Into Meetings).

Why Continuous Monitoring of Critical Data Is So Essential

To ensure business continuity, manufacturers in India that now have a 100 percent remote workforce because of the COVID-19 pandemic must be vigilant about ensuring critical data is protected through continuous monitoring, says Ravikiran S. Avvaru, head of IT and security at the Gurgaon-based manufacturing group Apollo Tyres Ltd. "As part of our business continuity plan, we identified critical applications for the business which are integrated with the dealers, customers and suppliers and discussed with our third-party vendors, such as Amazon and Microsoft, how to extend support in ensuring the applications are up and running and in secure fashion," Avvaru says in an interview with Information Security Media Group. In addition to enhancing security for business-critical applications accessible in the cloud, for accessing legacy applications housed at a data center, the company has deployed personal firewalls, a VPN along with remote desktop protocols and data leak prevention tools, he explains.

According to Microsoft, Fabrikam called in Microsoft's Cybersecurity Solutions Group's Detection and Response Team (DART) eight days after the employee had opened the phishing email, by which time its computers and critical systems were failing and its network bandwidth had been completely overrun by Emotet. The malware used the victim's compromised computers to launch a distributed denial of service (DDoS) and overwhelm its network. "The virus threatened all of Fabrikam's systems, even its 185-surveillance camera network. Its finance department couldn't complete any external banking transactions, and partner organizations couldn't access any databases controlled by Fabrikam. It was chaos," Microsoft's DART team writes. "They couldn't tell whether an external cyberattack from a hacker caused the shutdown or if they were dealing with an internal virus," it explains further. "It would have helped if they could have even accessed their network accounts. Emotet consumed the network's bandwidth until using it for anything became practically impossible. Even emails couldn't wriggle through."

CSO Pandemic Impact Survey

As of March 23rd, that number had climbed to 77.7%, an increase of 4.7-fold. Notable was high tech firms grew which grew from 31.9%, to 90.2%. While 81% expressed confidence that their existing security infrastructure could handle their employees working from home, 61% were more concerned about security risks targeting WFH employees today than they were three months ago. ... Despite the high levels of confidence that their security infrastructures are up to the task at hand, 22% of organizations have found themselves out shopping for new security solutions/services to address the new work dynamic. Businesses least likely to be investing in new technology or services came from the same industries that identified as most prepared: financial services (12%) and healthcare (14%). Only 7% of SMB organizations (fewer than 1,000 employees) indicated that they had to make security purchases in response to the current conditions, which may indicate either a lack of visibility into their risk environments, a lack of available budget to support new investments, or a combination of both.

young man on video conference coronavirus remote communication telecommuting by gcshutter getty ima
If your company strongly encourages workers to stay home in response to the virus a significant portion of your company might be working from home for extended periods of time. From a data-protection standpoint; this significantly increases the chances that important intellectual property will be created outside of your data center. If your company currently relies on storing such data on file servers or similar systems, remote employees will probably not be able to use such systems easily. As a result, they will create and store important data directly on their laptops, leaving centralized company storage out of the picture. This means that you should probably examine your company's policy regarding data protection of laptops and mobile devices. Many companies don’t provide backup and recovery for mobile devices, despite the fact that most experts feel they should. Now might be a good time to do so. The main reason early attempts at laptop backup failed was users would kill the backup process because it slowed them down, and it cost too much. The good news is several providers can back up your laptops and mobile devices in such a way that users never realize backups are running.

AI needs to show return
One key driver of lack of return from AI is the simple failure to invest enough. Survey data suggest most companies don’t invest much yet, and I mentioned one above suggesting that investment levels have peaked in many large firms. And the issue is not just the level of investment, but also how the investments are being managed. Few companies are demanding ROI analysis both before and after implementation; they apparently view AI as experimental, even though the most common version of it (supervised machine learning) has been available for over fifty years. The same companies may not plan for increased investment at the deployment stage—typically one or two orders of magnitude more than a pilot—only focusing on pre-deployment AI applications. Of course, with any technology it can be difficult to attribute revenue or profit gains to the application. Smart companies seek intermediate measures of effectiveness, including user behavior changes, task performance, process changes, and so forth—that would precede improvements in financial outcomes. But it’s rare for these to be measured by companies either. Along with several other veterans of big data and AI, I am forming the Return on AI Institute, which will carry out programs of research and structured action, including surveys, case studies, workshops, methodologies, and guidelines for projects and programs.

Quote for the day:

"Leadership development is a lifetime journey, not a quick trip." -- John Maxwell

No comments:

Post a Comment