Daily Tech Digest - June 24, 2020

Bridging the GRC and Security Divide

Much like the parable of the blind men and the elephant, many GRC and security teams are only able to test a small sample of security controls, or have siloed visibility into different asset types like devices, accounts, and databases. This disconnect leads to gaps in coverage and misplaced confidence in reporting. Also, while GRC teams have GRC tools that manage policies, these tools are ill-equipped to take advantage of existing data from security controls to demonstrate that these policies are being followed. Bringing control data into GRC tools also requires cybersecurity experts to capture and input data manually. If you had to categorize the relationship between GRC and cyber, you’d at best have to say: ‘it’s complicated.’ The ideal solution is one where GRC teams are capable of confidently meeting regulators’ demands in a timely fashion, with data that is automated rather than manual, and where they can access security data to ensure complete assessments of every instance of every security control is available automatically. With a consistent up-to-date view of control deployments, accuracy and confidence is improved since assessments will be based on facts instead of subjective opinions.

Cybercrime Infrastructure Never Really Dies

The analysis yields interesting insight into the scale of operations of a well-known cybercriminal operation. A significant number of cybercriminal operations that used the CyberBunker services appear to have left behind their automated infrastructure, and that — despite being closed down the prior year — many continue to reach out to the shuttered service. "One thing we tried to keep in mind is that the networks haven't been 'active' in several months, so while attempts to uncover drug market activity, stolen goods, and illicit content yielded few results, they were very likely there at some point," Lalji says. "The data also had to be sampled due to the sheer size." The CyberBunker operated in Germany is the second such facility raided by police. In 2013, the first CyberBunker — based in Amsterdam and operated by some of the same people — was shut down by police, following extended distributed denial-of-service attacks against anti-spam coalition SpamHaus.  The facility shut down in 2019, dubbed "CyberBunker 2.0" by the group operating the service, was based on three-acre property in the German town of Traben-Trarbach.

Exploring the growing use of IT in B2B customer experience projects

IT is needed to deliver the expected customer experience and “collaboration is increasingly becoming the norm as more and more departments with fervent leaders want to help shape and create the experience the customer has with their brands,” continues Whitcombe. Referring to the importance of digital tools, she adds: “Expedited somewhat by the current Covid-19 pandemic but heading this direction organically anyway, digital workshopping tools with breakout rooms, online real-time white boards, customer journey mapping software, and cloud hosted real time project management programmes are fast evolving into the tools used by businesses to deliver this. “The next best thing to a crystal ball forecasting every need of our customers, is an optimised and measured customer experience that has all parts of the business represented and culpable for the overall experience of their customers. Based on this, we as CTO’s are in a wonderful place to facilitate and ultimately hero the rise of the customer throughout our organisations.”

What Developers Really Think About Pentesting

A developer’s highest priority will always be the building of features, and in this crazy world of rapid digitization, it will have to be done at speed. While some coders have a personal interest in security and secure coding, the general sentiment is that security is “someone else’s problem,” which inevitably includes pentesters. Most common vulnerabilities are indeed minor issues to remediate — once known, the fixes are simple to execute for things like cross-site scripting (XSS) and SQL injection. The problem is, many developers don’t realize they’re introducing them in the first place, and these seemingly minor issues are the small window of opportunity an attacker needs to cause devastating problems for a company. According to Akamai, between November 2017 and March 2019, SQL injection vulnerabilities accounted for 65% of all web-based attack vectors. For a vulnerability that has had a known fix for more than 20 years, that is a sobering statistic. Some pentest teams do assist in the remediation of security bugs, but others will provide a report of the bad news and expect developers to work through hotfixes, even if they have moved onto a different project by the time this happens.

Brits will sell their personal data for pennies

“It’s clear there is a cost when it comes to privacy – the question is, how much,” said Jesper Frederiksen, Okta’s EMEA vice-president and general manager. “Okta’s research shows that consumers would generally be willing to accept between £10 and £50 for their location data (31%) or browsing history (30%). Surprisingly, 10% would be willing to give away their password data for less than £30. “If companies can strike a balance between privacy and innovation, consumers can have control over their data, including where it goes and whether they are compensated, while companies can still build products that benefit the world.” While these findings might make worrying reading, the research showed encouraging signs that people are at least becoming more aware of how their data is collected, used and potentially sold, not least because of the high-profile failure of the UK government’s Covid-19 contact-tracing app. When asked about the app specifically, 84% said they were concerned that if they used it, their data would be used by organisations for purposes unrelated to contact tracing, such as advertising.

New tech and Wi-Fi 6 tools aim to make high-speed internet more accessible

Wi-Fi 6 is the new generation of wireless technology, which aims to bring speeds up to 30% faster than its predecessor, Wi-Fi 5. Speed is not its only asset –– the wireless local area network (WLAN) also boasts lower latency, increased power efficiency, and a more streamlined delivery of data. As such, it's essential for enterprises to get on board to stay ahead of the curve. ... In a survey of more than 800 respondents, across 82 countries, there seemed to be a high level of enthusiasm for "delivering broadband wireless internet service for urban, suburban, enterprise and industrial environments," the release states, which can be accomplished through Cambium's new 60 GHz products. "In today's world, high-speed Internet access is as fundamental as having access to water and electricity," said Scott Imhoff, SVP of product management, Cambium Networks. "Our 60 GHz product strategy is designed to deliver fiber-like throughput at a fraction of the cost." A majority of respondents (57%) say that "building-to-building wireless multigigabit point-to-point links for business" was the top priority. Following that, at 46%, was residential connectivity, and Wi-Fi backhaul represented 30%.

Microsoft Authenticator for Android update adds options

The features in this update were made available in the iOS version of the app last spring. Holger Mueller, vice president and principal analyst at Constellation Research, said Microsoft's continued support of the feature could prove helpful to IT admins looking to make logging in to enterprise accounts easier. "Microsoft makes strides to support the future of work by bringing key admin and security features to mobile devices" with this move, he said. "Combining smartphone and other platforms for admin and security purposes is a successful strategy that finds the right compromise between security and convenience." Forrester Research analyst Andrew Hewitt noted that having passwords that are frequently updated and sufficiently complex was important for businesses to remain secure. That can be difficult for the user, who must routinely pick passwords that are easy to remember, but difficult to break. "That's one of the big issues: getting people to have those updated passwords, and make sure you're doing that on a regular cadence," he said.

Why collaboration is the key to true business intelligence

Sadly, until now, many organisations have suffered from a lack of connection between those departments that directly or indirectly touch with the customer. Seamless data collaboration between departments that covers the entire customer journey, such as sales, marketing, renewals, and customer success, plays a crucial role as it offers the organisation a reliable picture of how its customer base behaves. In this way, businesses can find out what outcomes customers and prospects are looking for, what adoption rates look like for each of its products, and how unsatisfied customers might be helped. Then, the organisation can continuously improve customer experience and ensure customers are happy with their product and getting their ROI. What is needed is a firm alliance between all teams that interact with the customer. Sales and marketing are the two most important, yet they have historically had challenges in staying aligned around the needs of their customers. Research found that 68% of marketers believe their sales colleagues do not use their content correctly. Meanwhile, 74% of sales reps think marketers don’t even know what content is useful to them. 

How Technology Will Change The Role of CIOs in 2020

Having an appropriate cloud strategy is essential for any business. A cloud strategy helps businesses to determine how to adopt and make the most effective use of cloud technology. This strategy should be integrated with your wider business goals. It should serve as an effective complement to meeting them. In developing a cloud strategy, CIOs must pay close attention to both the anticipated benefits of cloud technology and any changes that might need to be made elsewhere in order to accommodate it. So, for example, if you’re planning to introduce a cloud phone system to your business, you need to be clear when weighing up the potential pros and cons. What sort of savings can you expect to make? How does it compare, in terms of cost, convenience, and overall reliability, to ordinary landline calls? Would a cloud contact centre be adequate for meeting the needs of your customers? These are just some of the questions CIOs will need to consider. Over the last few years, new technologies have been introduced at a breakneck speed.

DeepMind sets AI loose on Diplomacy board game, and collaboration is key

AI systems have proved to be far superior to even the best human beings at zero-sum games like chess and Go. In this type of gameplay, there can only be one winner and one loser. Dissimilarly, Diplomacy requires agents to build alliances and foster collaboration. "On the one hand, it is difficult to make progress in the game without the support of other players, but on the other hand, only one player can eventually win. This means it is more difficult to achieve cooperation in this environment. The tension between cooperation and competition in Diplomacy makes building trustworthy agents in this game an interesting research challenge," said Tom Anthony, a research scientist at DeepMind. The ability to expeditiously vanquish a human player in a zero-sum game is certainly impressive, however, a richer layering of skills opens up another world of AI potential. Our day-to-day lives involve an intricate patchwork of balanced synergies; our individual needs often packaged within a larger group effort. That said, this research could enhance agents' ability to collaborate with us and one another, leading to a vast spectrum of real-world applications.

Quote for the day:

"Leadership is about being a servant first." -- Allen West

No comments:

Post a Comment