Daily Tech Digest - May 19, 2020

CEOs, CISOs fear becoming the next big breach target

The global survey of 200 CEO and CISO respondents was conducted in industries including healthcare, finance, and retail, and uncovered prominent cybersecurity stressors and areas of disconnect for business and security leaders, Forcepoint said. They include a lack of an ongoing cybersecurity strategy for less than half of all CEO respondents. The research also identified disparities between geographic regions on data protection as well as a digital transformation dichotomy battle between increased risk and increased technology capability. The disparity is compounded by a belief that senior leadership is cyber-aware and data-literate (89%) and focused on cybersecurity as a top organizational priority (93%), according to the report. Meanwhile, cybersecurity strategies are seen by 85% of executives as a major driver for digital transformation, yet 66% recognize the increased organizational exposure to cyber threats because of digitization, the Forcepoint report said. Only 46% of leaders regularly review their cybersecurity strategies, according to the report.

Interview With Node.js Technical Steering Committee Chair

The major challenge was that Node.js already had a well established module system and that ESM was different in many important ways. Things like asynchronous loading versus synchronous loading leads to the potential for a lot of subtle interoperability problems. Unfortunately when the ESM spec was being put together the Node.js project was not very active in that process (or other standards either!). The result was some areas of conflict between the existing module system and long standing community expectations/usage and the spec as a reflection of what was a good fit for browsers. The modules team has done a good job of working through a large number of edge cases and finding approaches (and getting agreement for them which can be hard) that allow for reasonable interoperability while working to maintain compatibility with the spec. ... In terms of larger features, the Node.js project does not have a formal roadmap so “What’s” next is often “What’s ready” when the next release is being cut. We do however, have longer term plans and initiatives.

IT Spending Forecast: Unfortunately, It's Going to Hurt

Image: Maridav - stock.adobe.com
Businesses' response to the pandemic will continue to spur spending in technology areas that support working from home, such as public cloud services, now expected to grow by 19% in 2020. Cloud-based telephony and messaging and cloud-based conferencing is expected to grow by 8.9% and 24.3%, respectively. But longer-term transformational projects are likely to be put on hold as CEOs look to preserve cash, John-David Lovelock, Gartner chief forecaster and distinguished research VP told InformationWeek. If a project costs a lot to finish and won't return cash quickly without a fast time to value, it will probably be put on hold or cancelled. The Gartner forecast shows many segments experiencing a decline in 2020, with devices and data center systems hit hardest, down 9.7% and 15.5%, respectively. Enterprise software will decline by 6.9% and IT services will fall by 7.7%. That's pretty bleak. But the current economic situation is not like typical recessions where things slowed down and everyone felt those effects slowly until there was a recession.

Microsoft and Sony to create smart camera solutions for AI-enabled image sensor

Sony and Microsoft have joined together to create artificial intelligence-powered (AI) smart camera solutions to make it easier for enterprise customers to perform video analytics, the companies announced. The companies will embed Microsoft Azure AI capabilities onto Sony's AI-enabled image sensor IMX500. Announced last week, the IMX500 is the world's first image sensor to contain a pixel chip and logic chip. The logic chip, called Sony's digital signal processor, is dedicated to AI signal processing, along with memory for the AI model. "Video analytics and smart cameras can drive better business insights and outcomes across a wide range of scenarios for businesses," said Takeshi Numoto, corporate vice president and commercial chief marketing officer at Microsoft.  "Through this partnership, we're combining Microsoft's expertise in providing trusted, enterprise-grade AI and analytics solutions with Sony's established leadership in the imaging sensors market to help uncover new opportunities for our mutual customers and partners." According to Sony, the app will allow independent software vendors (ISVs) and smart camera original equipment manufacturers (OEMs) to develop AI models, thereby enabling them to create their own customer and industry-specific video analytics and computer vision solutions that use the IMX500 image sensor.

Verizon DBIR: Breaches doubled, but plenty of silver linings

Despite some alarming figures, the 2019 Verizon DBIR offered some good news as well. For example, detection time saw improvements over last year, as well as malware blocking. "Trojans have dropped in our data. In 2015 it was a top action, and now it's gone all the way to the bottom largely because the tools that are blocking it from getting into organizations have been successful," Widup said. Perhaps most importantly, 81% of breaches were "discovered in days or less," according to the report, compared to 2018 where 56% of breaches took months or longer to discover. "You see all these people who are saying 'prevention, prevention, prevention,' but if you can't detect it, it's really hard to prevent," Widup said. "We do see some improvements but it's not happening as fast as we'd like it to as researchers. It's also challenging because the threat is shifting, so being able to detect it is also always shifting and it makes it hard for people who make these tools to make it automated and reliable."

Wearable sensor integrates machine learning innovation

In collaboration with researchers at the University of Calgary Human Performance Lab (UCHPL), Protxx recently demonstrated the ability to integrate both diagnostic and therapeutic functions into Protxx wearable devices in order to enhance the management of neurodegenerative medical conditions. The newly announced collaborations and investments will drive product prototyping of the integrated device with Triple Ring Technologies (TRT), Newark CA, and pilot testing at UCHPL. TRT’s Venture Studio and Edmonton-based Brass Dome Ventures are both supporting the collaboration as new Protxx investors. Investment terms were not disclosed. In addition to the new investments, Protxx and the UCHPL-based Integrative Sensorimotor Neuroscience Laboratory directed by Dr. Ryan Peters have been awarded a Mitacs Accelerate grant to support graduate student researchers participating in the project in 2020-2021. 

From thinking about the next normal to making it work: What to stop, start, and accelerate

From thinking about the next normal to making it work: What to stop, start, and accelerate
Office life is well defined. The conference room is in use, or it isn’t. The boss sits here; the tech people have a burrow down the hall. And there are also useful informal actions. Networks can form spontaneously (albeit these can also comprise closed circuits, keeping people out), and there is on-the-spot accountability when supervisors can keep an eye from across the room. It’s worth trying to build similar informal interactions. TED Conferences, the conference organizer and webcaster, has established virtual spaces so that while people are separate, they aren’t alone. A software company, Zapier, sets up random video pairings so that people who can’t bump into each other in the hallway might nonetheless get to know each other. There is some evidence that data-based, at-a-distance personnel assessments bear a closer relation to employees’ contributions than do traditional ones, which tend to favor visibility. Transitioning toward such systems could contribute to building a more diverse, more capable, and happier workforce. Remote working, for example, means no commuting, which can make work more accessible for people with disabilities; the flexibility associated with the practice can be particularly helpful for single parents and caregivers.

Digital transformation: Why this is a smart time to speed up

Every organizational strategy must be re-thought in the current environment. Consider how an accelerated timetable will enable a strategy that must be extremely flexible and adaptive to an unclear future. Strategies must build on an infinitely adaptable platform: Think playdough, not concrete. Meetings become much more efficient when their time is cut in half. The same applies to plans. You likely have a transformation path already mapped out to introduce much-needed change. What happens if you shorten the timeline by half and push to achieve the same goals? Force yourself to eliminate the “nice-to-haves” to get it done. Sure, there are risks in moving faster. Make those apparent to stakeholders so they can be active risk mitigators. You might be surprised at what risks they will accept. ... Make it clear that deployments never assume perfection. Do your best to reduce risk, then set up a clear path to report issues rapidly – with your team ready to respond quickly. Agile balances the need for speed with the expectation of adjustment. Every organization grows stronger by learning from both hits and misses.

Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack

"At the time of writing, we were able to test [Bluetooth] chips from Cypress, Qualcomm, Apple, Intel, Samsung and CSR. All devices that we tested were vulnerable to the BIAS attack," researchers said. "Because this attack affects basically all devices that 'speak Bluetooth,' we performed a responsible disclosure with the Bluetooth Special Interest Group (Bluetooth SIG) - the standards organisation that oversees the development of Bluetooth standards - in December 2019 to ensure that workarounds could be put in place," the team added. In a press release published today, the Bluetooth SIG said they have updated the Bluetooth Core Specification to prevent BIAS attackers from downgrading the Bluetooth Classic protocol from a "secure" authentication method to a "legacy" authentication mode, where the BIAS attack is successful. Vendors of Bluetooth devices are expected to roll out firmware updates in the coming months to fix the issue. The status and availability of these updates is currently unclear, even for the research team. The academic team behind the BIAS attack includes Daniele Antonioli from the Swiss Federal Institute of Technology in Lausanne (EPFL), Kasper Rasmussen from the CISPA Helmholtz Center for Information Security in Germany, and Nils Ole Tippenhauer from the University of Oxford, thh UK.

Fabulous Enables Building Declarative Cross-Platforms UIs

Fabulous makes a new approach to app programming possible by adopting a React-like MVU architecture, says Syme. This approach aims to simplify code and make it more testable and less repetitive. Fabulous adopts the Model-View-Update (MVU) paradigm to replace the ubiquitous Model-View-ViewModel (MVVM) and provides a functional way to describe UIs and the interaction between their components. Fabulous is not the first framework to adopt MVU, which was made popular by React and Redux, Flutter, Elm, and other projects. The basic idea behind MVU is managing a core, immutable model which represents the UI status. Each time a UI event takes place, a new model is calculated from the current one and then used to create the view anew. In Syme's view, the main tenets of MVU are it supports functional programming and the creation of dynamic UIs through simple declarative models which are expressed in the same high-level language as the rest of your application.

Quote for the day:

"Every great leader can take you back to a defining moment when they decided to lead" -- John Paul Warren

No comments:

Post a Comment