Daily Tech Digest - June 21, 2020

Core systems strategy for banks

There are two main options (with a few variations) for banks that conclude that they need to replace their core banking system: a traditional enterprise core banking system (self-hosted or as a utility) and a next-generation cloud-based core banking system. Most current implementations are still of the traditional variety. But we are seeing an increase in banks of all sizes putting off traditional core implementations with the aim of experimenting with next-gen systems. There is some evidence to suggest that banks will try and shift en masse to a cloud-based microservice architecture in the next few years. The core method of communication between machines will be APIs. Armed with a micro-service based architecture, the new core banking applications will become core enablers of the shift to this architecture. Traditional core banking providers have become aware of the need and potential inherent in a cloud-based microservice architecture; banking leaders should keep a close watch on developments here. We also expect to see some M&A activity between traditional and next-gen core banking system providers.

Cybersecurity In The M&A Process: A CISO's Strategy

IT departments and information security professionals are traditionally not included in the discussions leading into a merger or acquisition and are usually not given the liberty to conduct their own assessments prior to M&A execution. This can lead to a dramatic increase in cyber risks or, even worse, inheriting compromised networks. With the rapid scaling of organizations in the world of M&A, it can become exponentially more difficult to control cybersecurity risks when information security departments are already struggling to keep attackers at bay with the limited personnel and resources they have. However, there are strategies that can help get information security professionals into business conversations regarding M&As. If the cards are played correctly, this can lead to positive financial and cybersecurity outcomes. Develop a proactive plan within your organization to leverage cybersecurity as a tool at the negotiation table for the M&A process. The equation is simple: If your organization inherits a compromised network or an organization that has a poor security posture, this will cost you extra dollars that are unseen through the lens of traditional M&A cost calculations.

North Korean state hackers reportedly planning COVID-19 phishing campaign targeting 5M across six nations

SingCERT confirmed it received "information regarding a potential phishing campaign" and, in response, posted an advisory on its website Friday. It said there were "always" ongoing phishing attempts by various cybercriminals that used different themes and baits and spoofed different entities. This tactic remained a common and effective technique used to gain access to individuals' accounts, deliver malware, or trick victims into revealing confidential data, said SingCERT, which sits under Cyber Security Agency (CSA). ZDNet asked the government agency several questions including whether there had been a database breach and what tools the Manpower Ministry had adopted to prevent their email accounts from spoofing attacks. It did not respond specifically to any of the questions and, instead, issued a response that confirmed CSA had reached out to relevant parties to notify them about the potential phishing campaign. "Opportunistic cybercriminals have been using the COVID-19 situation to conduct malicious cyber activities and with the increasing reliance on the internet during this period, it is important to be vigilant," the agency said

CIA Finds It Failed to Secure Its Own Systems

The report calls out the CIA's Center for Cyber Intelligence for not prioritizing internal cybersecurity and focusing, instead, on developing offensive cyber weapons. This lax attitude toward preventive cybersecurity measures within the CIA continued even after previous high-profile data breaches of the agency and other intelligence departments, the report states. On Tuesday, Wyden wrote to John Ratcliffe, the director of national intelligence, demanding to know if the U.S. intelligence community planned to implement better cybersecurity practices and questioning why the CIA did not do more to protect its internal security operations from both outside attacks and internal threats. "The lax cybersecurity practices documented in the CIA's WikiLeaks Task Force report do not appear to be limited to just one part of the intelligence community," Wyden writes. "The Office of the Inspector General of the Intelligence Community revealed in a public summary of a report it published last year that it found a number of deficiencies in the intelligence community's cybersecurity practices."

Cyber Security Careers Germany – Finding New Roles in a Burgeoning Sector

From machine learning to autonomous response, cyber security is a burgeoning space and this is creating opportunities across Germany, from Berlin and Frankfurt to Cologne, Munich and Hamburg. Whether local markets are largely comprised of businesses still in lockdown or those that have returned to socially distanced office environments, Glocomms Germany expert consultants are able to ensure that organisations are able to meet their recruitment needs and individuals can begin planning career-defining moves. As the business world continues to adapt to the impact of COVID-19 on networks and systems, cyber security remains at the top of the agenda across sectors. Luis Rolim, Chief Marketing Officer at Glocomms commented "As the world emerges from the COVID-19 pandemic, Glocomms remains at the forefront of delivering quality talent to the technology sector. We're in this together and we look forward to helping businesses across Germany with their recruitment and talent acquisition." Glocomms Germany is part of the Phaidon International group and is a trusted recruitment partner in Europe and beyond.

What is emotion AI and why should you care?

One of the areas of emotion AI is sentiment analysis, a field that has existed since at least the early 2000s. Sentiment analysis is usually conducted on textual data, be it emails, chats, social media posts, or survey responses. It uses NLP, computational linguistics, and text analytics to infer positive or negative attitudes (aka “orientation”) of the text writer: Do they say good or bad things about your brand and your products or services? The obvious applications of sentiment analysis have been brand/reputation management (especially on social media), recommender systems, content-based filtering, semantic search, and understating user/consumer opinions, and the need to inform product design, triaging customer complaints, etc. Several of the conference presentations were devoted to this topic, which, despite all the recent progress in NLP and related fields, is still hard. Not least because there is little agreement among researchers on even what constitutes basic human emotions and how many of them are there, said Bing Liu, Professor of Computer Science at the University of Illinois at Chicago. Emotions are also notoriously hard to identify and code (label), since they are ambiguous, shifting, overlapping, and adjacent. For example, one can feel anger, sadness, and disgust at the same time. Moreover, emotions are not always easy to pin down.

Security surprise: Four zero-days spotted in attacks on researchers' fake networks

To examine the security threats to industrial systems, the researchers used a network of 120 high-interaction honeypots – fake industrial infrastructure – in 22 countries to mimic programmable logic controllers and remote terminal units. Over a period of 13 months, there were 80,000 interactions with the honeypots – mostly scans – and nine interactions that made malicious use of an industrial protocol. While that might sound like a small number, four of the nine interactions also featured previously unknown attacks, or zero-days, one being the first use of a previously identified proof-of-concept attack in the wild. The attack types include denial-of-service and command-replay attacks. These vulnerabilities and associated exploits were disclosed to the device manufacturers. "While the yield was small, the impact was high, as these were skilled, targeted exploits previously unknown to the ICS community," the researchers said. The research was presented at a NATO-backed cybersecurity conference.

Revised DOJ compliance guidance offers risk-management lessons for cybersecurity leaders

“One of the reasons the DOJ puts this out is to help compliance officers and security teams and people who are worried about bribery and corruption to ensure that the board and leadership give enough attention to these issues and properly fund them to mitigate risk,” Penman says. Regardless of whether civil or criminal litigation is involved, the kind of guidance DOJ puts out is devoured by compliance officers across all organizations, Penman says, and when it comes to compliance, cybersecurity is top of mind for those executives. “We’re just about to publish results of the survey of around 1,400 compliance officers. The highest priority or concern for risk compliance programs in that survey was enhancing data privacy and cybersecurity and data protection.” Compliance programs are more critical than ever given the COVID-19 crisis, Alison Furneaux, vice president of marketing for cybersecurity compliance management company CyberSaint, tells CSO. “The attack surface has expanded dramatically. Organizations are being forced to innovate. They’re being forced to put into place processes that they didn’t have before. They’re being forced to document and prepare for audits in a much more proficient way.”

The Difference Between Enterprise Architecture and Solutions Architecture

Perhaps it’s misleading to use “versus” to describe the difference between enterprise architecture and solutions architecture. They are very much collaborators in the organization and should not be looked at as competitive in terms of which provides more value. A better way of highlighting the difference between the two is through their focus on strategy vs. technology. A focus on strategy implies a broad understanding of the mechanics of any given technology. This is because there is a lot more to strategy than just the technology needed to implement it. A skewed focus on technology would mean that the processes, people and other variables required to inform strategy are ignored. Conversely, a focus on technology is necessary to ensure implementations and operations can run smoothly. By its nature, it is more “in the weeds” and so the necessary holistic perspective of the organization can be harder to understand and/or account for. With their holistic view of the organization, enterprise architects take on the strategy. They then use their strategic planning perspective to inform and delegate to solutions architects.

Police ties to Ring home surveillance come under scrutiny

The idea of cameras in police investigations isn’t new. Grainy black-and-white footage has been used for surveillance for years. But newer products that cost as little as $100 and connect with a cellphone make the market much more accessible. And the more people have the cameras, the more appealing their potential becomes for police and government officials. More localities are joining the registry trend. At least 75 police departments and municipalities in 21 states announced programs since 2018, according to a Stateline review. “I do think for law enforcement it’s easy to understand the appeal,” said Lior Strahilevitz, a professor at the University of Chicago’s Law School. “There are a lot of instances where if only there had been a bystander on that corner at that time, the crime could have been solved.” The registries come in a variety of forms — some a simple spreadsheet, others a more sophisticated account with vendors such as a Motorola-run program called CityProtect. (A Motorola spokeswoman declined to give a specific number but said “hundreds” of police agencies use its CityProtect service for registering cameras and/or reporting crime.) The registries can include any kind of camera from Ring to Nest to lesser known brands.

Quote for the day:

"The highest reward for a man's toil is not what he gets for it but what he becomes by it." -- John Rushkin

No comments:

Post a Comment