Daily Tech Digest - May 04, 2020

7 Tips for Security Pros Patching in a Pandemic

(Image: MR -- stock.adobe.com)
Patch management has historically been a challenge for IT and security teams, which are under pressure to create strong programs and deploy fixes as they're released. Now their challenges are intensified as a global shift to remote work forces companies to rethink patching strategies. "It's a massive challenge all of a sudden," says Stephen Boyer, co-founder and CTO at BitSight. Businesses accustomed to protecting 2,000 employees across three to four offices now have to secure the same workers in 2,000 home offices. People are working on personal devices, with home routers they don't properly configure, on networks the corporation cannot manage. Data shows home networks pose a higher security risk than enterprise networks, he continues. BitSight research shows 45% of remote office networks have observed malware, compared with 13% of corporate networks. And more industries are enforcing work-from-home policies: 84% of traffic in the US education sector shifted off-network during the fourth week of March, data shows, along with 63% of government/policies sector traffic and 35% of finance sector traffic.

Why the Banking Industry Must Prove Its Worth During the COVID-19 Crisis

Moving forward, banks should continue their dedication towards their customers and British business in general through swift action and financial support that proves ongoing, selfless commitment to the economy and its people. This concerted effort requires adaptation from the financial services industry. The increased dependency on loans and support will inevitably have an overwhelming impact on the skeleton crew of bankers, who are themselves having to deal with the transition to remote working and unprecedented economic climate brought upon us by COVID-19. Fortunately, there is an abundance of automation and regulatory technology (regtech) at the banking sectors’ disposal. Recommendations from the Financial Action Task Force (FATF) and updated legislation from the Fifth Money Laundering Directive (5MLD), for example, has increasingly pushed banks towards using automation in recent years. 

Due to the exponential increase of data-driven technologies--think artificial intelligence, the Internet of Things, and 5G--apps and data, along with their supporting infrastructure, are increasingly spread across edge sites and multiple clouds. These distributed workloads introduce several serious operational and security challenges for organizations. Specifically, IT teams are struggling to securely, reliably, and cost-effectively manage these workloads. What's more, these challenges will only continue to grow. By 2025, up to 90% of enterprise-generated data will be produced and processed outside traditional data centers or a single centralized cloud. The distributed cloud is an emerging approach that will enable organizations to manage disparate components of its enterprise IT infrastructure as one unified, logical cloud. As organizations can deploy apps with a common set of policies and overarching visibility across all locations and heterogeneous infrastructure, using a cloud-native model, the distributed cloud mitigates the aforementioned operational challenges. This is why Gartner named distributed cloud one of its "Top 10 Strategic Technology Trends for 2020."

Australia's COVIDSafe contact tracing story is full of holes and we should worry

The Brookings researchers detail flaws such as false positives leading people to ignore repeated alerts, when people are close but safely separated by walls, or using personal protective equipment (PPE). "Because most exposures flagged by the apps will not lead to infection, many users will be instructed to self-quarantine even when they have not been infected," they write. "A person may put up with this once or twice, but after a few false alarms and the ensuing inconvenience of protracted self-isolation, we expect many will start to disregard the warnings." False negatives are equally problematic. People might leave their phones in their car, or the app might just fail. And it's not like the 1.5 metres for 15 minutes rule is magic. Even the most fleeting encounter can be unlucky. As has also been pointed out, people might trust the magic of technology more than their own judgement, a phenomenon called automation bias. "Contact tracing apps therefore cannot offer assurance that going out is safe, just because no disease has been reported in the vicinity," the Bookings team writes.

Cisco Debunks Cybersecurity Myths

Cisco Debunks Cybersecurity Myths
Cisco compared the types of attacks that SMBs and large enterprises reported experiencing in the past year, and how much downtime these attacks caused. Ransomware was most likely to cause more than 24 hours of downtime for SMBs, as well as for businesses with 1,000 or more employees. Malware, on the other hand, was at the bottom of the list for SMBs. “But yet, if you talk to a lot of the people in these companies, malware is the first thing they think about,” Goerlich said. “One thing is to look at the security efforts, both in terms of time and spend, and make sure they are aligned with the actual threats the business is facing to better allocate the budget and the efforts to provide better defense.” And while complex security environments and vendor fatigue is an area that plagues the entire industry, it appears that SMBs feel this pain more acutely than their larger counterparts. Cisco found the more vendors that SMB survey respondents used, the longer their reported downtime from their most sever breach. This ranged from an average of four hours of lost businesses time for SMBs using one vendor to an average of more than 17 hours downtime for those using more than 50 vendors.

NCSC tackles unconscious bias in security terminology

It is not uncommon within the security sector to use the terms black and white to describe undesirable and desirable things, such as allowed applications, passwords, IP addresses and so on. However, as the organisation’s head of advice and guidance pointed out, the terminology only makes sense if one equates white with good and black with bad. “There are some obvious problems with this. So, in the name of helping to stamp out racism in cyber security, we will avoid this casually pejorative wording on our website in the future,” they said. The NCSC said it took the decision after being contacted by a customer to ask if would consider making the change – which, while small, is highly significant, even though it may not appear to be. “You may not see why this matters. If you’re not adversely affected by racial stereotyping yourself, then please count yourself lucky. For some of your colleagues (and potential future colleagues), this really is a change worth making,” the organisation said.

Business During A Pandemic: Mitigating The Other (Cyber) Risks

Employees downloading tools to help them get around bottlenecks, work more efficiently or deal with applications they’re familiar with has long been a security problem in organizations. Shadow IT — software, apps and systems being used without the knowledge of an organization’s leaders or the information technology department — can take up a big chunk of a company’s IT spending and become the target of a lot of cyber exploits. And with COVID-19 forcing more remote work for enterprises and third-party vendors alike, companies must consider the impact shadow IT can have inside or on the periphery of their organization. To address the vulnerabilities created by shadow IT, visibility is the first step in combatting the problem. After identifying all of the systems and software in use, you can then determine which pose you risk and should be assessed. Third-party vendors well prepared to guard against this risk will have a clear governance plan and policy, along with a system for educating users about the risks of shadow IT. Companies can also collaborate with key third-party IT teams and establish an approved IT vendor list.

A Singleton Application with Interprocess Communication in C#

Sometimes you might have an application where it doesn't make sense to launch the main application twice, but you may want to run the app again passing additional command line parameters. This way you can run the app, it will open your program, and then you can run the app again, and pass additional command line information to the already running app. This is useful for example, when you want to get the existing app to open a new file from the command line. ... First, the app needs to detect if it's already running, and it will do different things depending on whether it is already running. Second, we need a way for two processes to communicate. In this case, the primary app will wait on command line data coming from subsequence launches. The first aspect is pretty easy. We use a named mutex in order to prevent the main app code from launching twice. Named mutexes can be seen by all running processes for this user. The second aspect is a little more difficult, but not by much, thankfully.

What Does AI and Test Automation Have in Common?
With the obvious rise in popularity and availability, grew the popular misconception that test automation can replace the human manual tester. That is, of course, total nonsense, there is still a high demand for test engineers and there will always be. However, the end of the software tester job is a frequently discussed topic that tends to draw a lot of readers. Another popular misconception is that test automation saves you time. Well, it was the initial goal, but what many companies fail to realize is that in most cases, before you can benefit from test automation you have to put in a huge amount of effort in implementation and eventually maintenance. ... Whether we like it or not AI is already here and it’s embedded in our lives more than you can even imagine. If you ever interacted with “Alexa” or “Siri”, received a recommendation for the next “Netflix” movie to watch, chances are you encountered AI in this form or another. Did you recently search anything via the world's most popular search engine? Then you must know that you will receive different results for the word “Java'' depending on whether you are a programmer or coffee-maker.

A Look at the Downsides of Artificial Intelligence

AI can be fantastic at triaging or automating processes up to 80-85% of “grunt-work” that would normally take 10x longer for humans to do, but that still leaves 15-20% of the work that requires subjective human oversight. This approach will avoid biased outcomes. “The disadvantages can be overcome if businesses approach AI as a technology that can be leveraged to help employees and not replace their functions, and [AI] needs to adapt to changes in the business workflows in an ongoing manner,” she said. ... All the problems with AI are not technology-based. There are also management issues too, according to Brett Gould CMO of Saint Louis, Miss.-based Intelligence Factory. Companies, he said, are putting themselves through digital transformations as a matter of survival and AI is proving to be pivotal in the success of many of these companies. Those who ignore it set themselves up to be disrupted by smaller, leaner, and more nimble players who have built their business model around AI/ML.

Quote for the day:

"Leaders live by choice, not by accident." -- Mark Gorman

No comments:

Post a Comment