Daily Tech Digest - May 08, 2020

Autonomous cars: The cybersecurity issues facing the industry

Most companies know that they alone can’t create the ethical decisions behind the software, which has to balance the safety of the passengers against the safety of people outside of the vehicle. The big challenge, then, lies in creating regulations that formalise the limits of reasonable decision-making so that companies can program the vehicles to act within these parameters. Another area to consider is the security of the firmware and software; not only does it face the typical threat of cyber attacks, but for self-driving vehicles, security means safety. Automakers must be able to ensure that their software and firmware is secure which is made more complex with the connectivity of an IoT system where one vulnerability could open up the system to further threats. At the same time, the software must be reliable to ensure that the cars can run continuously and not break down because of a glitchy update. Companies such as Tesla have a very security-conscious approach to development, with security testing and research part of the normal product development research and process. This is not always the case for the traditional automakers who, in contrast, don’t have as mature an approach to security.

The new cyber risk reality of COVID-19 operating mode

cyber risk reality
One of the things we are seeing right now is the importance of viewing cybersecurity in a business context. Job one is to sustain the activities and enable the organization to achieve its mission. That is not new, but many companies are getting a new perspective on the importance of cybersecurity as an enabler for the business. Security and risk leaders need to have the power to frame both cyber risk and cybersecurity controls in a business context. This allows for sound justification for spending and other priorities. It also means focusing on new risk priorities stemming from our current operating mode, making sure we are optimizing our controls to address those risks, and achieving real-time risk visibility as the times require. Marking a departure for many organizations that traditionally have relied on periodic assessments that quickly go stale, security and risk leaders can now leverage software and methodology to dynamically evaluate the new cyber risk reality of this operating mode and build the needed capabilities to control it. Some may think that we will never be able to do enough.

When two chains combine

In an increasingly digitised world, emerging technologies, such as blockchain, afford organisations the opportunity to drive business value throughout their supply networks. According to Eric Piscini, Principal and Global Blockchain Leader at Deloitte Consulting LLP in the US, supply chains across industries and countries will be reimagined, improved and disrupted by blockchain technologies. We now have safer and more efficient ways to connect with business partners as well as to track and exchange any type of asset. The ability to deploy blockchain technologies to create the next generation of digital supply chain networks and platforms will be a key element in business success. Building supply chain capabilities with digital technologies can result in greater levels of performance. Blockchain is an enabling technology, which is most effective when coupled with other next generation technologies such as Internet of Things (IoT), robotic cognitive automation or smart devices. In this paper, Deloitte’s blockchain and supply chain professionals share insights on how blockchain-enabled technology can mitigate four crossindustry supply chain issues — traceability, compliance, flexibility and stakeholder management. The paper draws on use cases from the pharmaceutical industry (product tracking), automotive industry (purchasing platform) and food industry (know your supplier).

Chinese Military Cyber Spies Just Caught Crossing A ‘Very Dangerous’ New Line

Chinese hacker in front of digital datastream flag
The military espionage group’s tactics, described by Check Point as “very dangerous,” involved hijacking diplomatic communication channels to target specific computers in particular ministries. The malware-laced communications might be sent from an overseas embassy to ministries in its home country, or to government entities in its host country. “The group has introduced a new cyber weapon crafted to gather intelligence on a wide scale, but also to follow intelligence officers directives to look for a specific filename on a specific machine.” Meet Naikon, a cyber reconnaissance unit with links to the People’s Liberation Army, outed in a ThreatConnect and Defense Group Inc. report in 2015. Back then, the group’s operations were described as “regional computer network operations, signals intelligence, and political analysis of the Southeast Asian border nations, particularly those claiming disputed areas of the energy-rich South China Sea.” And while Naikon has been seemingly quiet since then, nothing has changed. Check Point told me that it has actually been “penetrating diplomats’ PCs and taking over ministerial servers—making the group very successful in gathering intelligence from high-profile personnel and able to control critical assets.”

Data scientists often start out as business analysts and boost their math and analytics skills with additional courses or on-the-job training. Some also start out right in data science, with academic backgrounds in statistics or artificial intelligence. In addition to math and business domain knowledge, data scientists typically need programming skills to be able to develop prototypes of their models. R and Python are the most common programming languages for the job, but Scala, Julia, JavaScript, Swift, Matlab and Go can also be useful. Data scientists should also be familiar with data visualization tools like Power BI, Tableau and Qlik. Andrew Stevenson, CTO at Lenses.io, a company that offers data platform monitoring technology, once worked on a project with data scientists from an energy trading desk. "They were able to build the models, test and run locally," Stevenson said. And then they hit the limit of their expertise, he said. "The models were not production-grade. They had no monitoring, they weren't version controlled, they were not easily developed in a repeatable way.

Successful Digital Transformation Requires Data Transformation

istock 1181557977 1
In this context, data transformation doesn’t just encompass the traditional “extract, transform, load” processes of collecting, cleaning, reformatting, and storing data. It also includes the subsequent analysis and leverage of collected (or real-time) data to inform a company’s decision making, its operations, and its high-level digital transformation strategies. Everyone agrees that the massive amounts of digital data generated by business and consumer activity represents an incredibly valuable resource – at least theoretically. In practice, however, the ever-expanding data resource is underutilized today. In a survey of 190 U.S. executives, Accenture found that only 32% can realize tangible and measurable value from data. Even fewer – 27% – said data and analytics projects produce insights and recommendations that are highly actionable. Without data-driven insights, digital transformation initiatives are flying blind. By contrast, organizations that make good use of data can achieve a range of benefits.

The United States quietly concedes defeat on Huawei's 5G

The timing of this move given the circumstances is extremely odd. However, the conceding that Huawei will have a role in the setting of global 5G standards is an indication that the White House is now aware of the realities that are at play. The United States has effectively lost the 5G war against Huawei. Failing to get it blacklisted throughout the world, Washington is now resigned to the fact that the company will now dominate the standards of the next generate internet and therefore, it is now forced to ultimately work with it in doing so, than against it. The outcome marks a major strategic defeat for the United States on this issue. First of all, despite everything we are hearing from the U.S. right now, policy and rhetoric are different. As I have set out previously, many American politics are showcasing anti-China stances in the pursuit of electoral races and this does not always translate into practical policy outcomes. Trump sees opportunity in bashing China right now over the COVID-19 pandemic, however what he says and suggests does not tell us everything he will do in practice and thus it is important to read deep between the lines during this given period.

Protecting corporate data in popular cloud-based collaborative apps

protecting data cloud
Unfortunately, companies are not able to monitor all of the documents or data being shared across these apps. For example, Slack has private channels and direct messaging capabilities where admins cannot view what information is being shared unless they are a part of the conversation. As we have witnessed with previous data breaches, there is a risk that sensitive data will not always be shielded from anyone outside your organization. Slack previously experienced a data breach back in 2015 as a result of unauthorized users gaining access to the infrastructure where usernames and passwords were stored. Salesforce has also had security issues in the past exposing users stored data to third parties due to an API error. These are just a few instances that should serve as a stark warning to enterprises that they can’t rely solely on app providers to ensure the security of their data – they must implement their own proper security solutions and processes in tandem. While these cloud-based services have native security capabilities in place to protect the infrastructure against intrusions, the onus is on the enterprises using these tools to ensure files that are being stored and accessed in the cloud are secure.

Governance, Risk, Compliance and Security: Together or Apart?

Image: Olivier LeMoal - stock.adobe.com
"Even within IT, you have project risks, you have development risks, you have risks that are associated with audit and compliance, but they're not dealt with in a very comprehensive way," said Christine Coz, principal research advisor at Info-Tech Research Group. "The key thing is sponsorship at the right levels of people in those conversations and that there is a goal to sort of act as a subset of the board of directors to ensure from an oversight perspective that there's a management of controls in place, that risk acceptance is in line with corporate tolerances and that you have a consistent level of risk tolerance and acceptance across the enterprise." The digitization of everything necessitates the need for ERM, not only because digital businesses operate much faster than their analog counterparts, but because risk management is a brand issue. "When you have a lot of competition in an industry, which is where I think we are now, every product and service [is] replaceable, our car insurance, your mortgage, our telecom carrier, your food app, you name it," said Forrester's Valente.

Dell EMC, Pure Storage upgrade storage offerings

big data / data center / server racks / storage / binary code / analytics
In consolidating the best of breed, Dell claims PowerStore is up to seven times faster and three times more responsive than previous Dell EMC midrange storage arrays and is designed for six-nines (99.9999%) of availability. It can house up to 96 SSDs in a 2U chassis and uses both NVMe flash storage and Intel Optane SSDs. Dell promises a 4:1 compression and deduplication ratio. “Customers tell us a main obstacle keeping them from achieving their digital transformation initiatives is the constant tug-of-war between supporting the ever-increasing number of workloads – from traditional IT applications to data analytics – and the reality of cost constraints, limitations and complexity of their existing IT infrastructure,” says Dan Inbar, president and general manager, storage, Dell Technologies in a statement. “Dell EMC PowerStore blends automation, next generation technology, and a novel software architecture to deliver infrastructure that helps organizations address these needs.” PowerStore uses machine learning and intelligent automation for faster delivery of applications and services, claiming up to 99% less staff time by automating many features, like load and volume balancing or migrations.

Quote for the day:

“Great leaders don't need to act tough. Their confidence and humility serve to underscore their toughness” -- Simon Sinek

No comments:

Post a Comment