Daily Tech Digest - June 26, 2020

5 areas IT leaders should be followers

Top executives tend to carry and have access to higher-value data. They also tend to have the most relaxed attitudes toward mobile security, according to MobileIron. Such executives find mobile security protocols frustrating, limiting and confusing. Leadership and authority means that the c-suite has the power to ignore security protocols -- using unsupported devices and apps and skipping multi-factor authentication, to name just a few examples. But this is a mistake, and a common one. Leadership doesn't confer expertise. It simple means that your own personal mobile security tools and practices need to be at least as strong as other employees, or you become the perfect target -- easier to hack and more profitable to breach. ... Of course, every organization has a different calculation to make on budgeting for cybersecurity, taking into account existing infrastructure, number of employees, the nature of the specific industry, the risks business impacts of such spending and deployment. In a world where coronavirus crisis has forced an acceleration of digital transformation, as well as other trends that include remote work. The attack surface of the average organization has suddenly increased. Both digital transformation and remote work increase cyber risk.


Developing a Cloud Migration Framework

The processes that need addressing via cloud adoption may also sit in different departments. A lack of institutional knowledge or documentation also hinders proper assessment of a legacy application, applications suite, or enterprise. These are tidbits your organization may not know off-hand. They are the finding that can become known after a cloud migration team assesses your cloud readiness. Your cloud migration team’s assessment may also find other issues such as inadequate network bandwidth and the over-provisioning of resources. Both problems can contribute to higher costs once your organization is in the cloud. Having a joint solution provider and internal cloud migration team lets you answer the challenging questions about your organization’s actual state of cloud readiness. Team members from your development, operations, and security teams need seats at the table. The full team’s analyses and reports should help turn up where your enterprise excels or lags in cloud support. Those answers come from meetings and interviews with your organization’s business and application owners. 


Digital Transformation: What Can Banks Learn From Other Sectors?

We’ve established that banks can profit by following the example of the big tech companies when it comes to designing the technical architecture and processes around digital transformation. But technology isn’t everything. Successful digital transformation also has a strong human element. To see why this is important, let’s look at a counterexample. Another fintech company that has enjoyed rapid growth is Robinhood Markets, whose mobile app has made it easy for a new generation of investors to start trading stocks, ETFs, options and cryptocurrencies. However, in early March 2020, the Robinhood app suffered a series of systemwide outages that prevented users from opening or closing their positions. The cause of the problems was a technology failure. In a subsequent blog post, the company’s founders noted that their infrastructure couldn’t handle the combination of “highly volatile and historic market conditions; record volume; and record account sign-ups.” But the impact was human. When the app failed, there was no contact centre to act as a backup for booking trades. The result? Many of Robinhood’s small investors were helpless as the markets turned against their positions, or unable to make trades to take advantage of opportunities they spotted during a week when the coronavirus pandemic sparked a mass selloff.


How to future-proof CRM solutions for digital business

Louise Whitcombe, head of customer engagement at Ogilvy UK, explains that CRM isn’t a magic bullet it’s an enabler. “The success of your business depends on your business strategy and being consistently relevant to your customers. It is the business model that drives the specification for the solution not the other way around and this is where the challenge lies. As the speed at which market change increases, so too must our ability as organisations to adapt to it,” she says. Instead, Whitcombe believes that businesses need a “CRM ecosystem that has the ability to cope with the demands of business models that increasingly need to adapt to the changing consumer world around them.” Luckily, she points out that the current tech map shows the marketplace is absolutely teaming with shiny new solutions to businesses CRM challenges. However, she warns that this myriad of opportunity can sometimes feel like a minefield of choice making it tricky to offset and balance CapEx and OpEx costs with the ROI and capabilities of differing solutions. 


7 Tips for Effective Deception

Deception is an interesting and very old concept that has become quite popular over the past few years says Tony Cole, CTO of Attivo Networks. "Deception can work on almost any place in an enterprise where potential compromises can take place," he says, adding it is especially useful where endpoint protection and endpoint detection and response tools may have gaps in protection. "For instance, when an endpoint is comprised and the adversary uses it to query Active Directory, you can provide false information back to the adversary without ever impacting the production environment." Rick Moy, chief marketing officer at Acalvio, points to three main use cases for deception: to add an additional layer of protection in mission-critical environments, to shore up detection capabilities in areas with known security weaknesses, and to lure out adversaries hiding in a sea of security information and event management (SIEM) alerts. "Deploying attractive lures and decoys amid the various network segments works much like the proverbial cheese or peanut butter in a mousetrap that's strategically placed along the kitchen baseboards," Moy says. Here, according to Moy and others, are seven best practices for using deception to detect threats quickly.


Robotics in business: Everything humans need to know

IDC found that spending on robotics hit $135.4 billion in 2019, up from $71 billion two years earlier. According to the report, services such as training, deployment, integration, and consulting will account for $32 billion of that, which accounts for a lot of new jobs. Even the oft-cited PWC report isn't all doom and gloom. Robots increase productivity, and productivity gains tend to generate wealth. Historically, that's led to an increase in service sector jobs, which aren't easy to automate. There are plenty of holes to poke in the methodology of all these reports. And that's the point: An accurate method for predicting how technologies will change the future is elusive -- and that's especially true when the technologies under consideration will fundamentally alter the economic paradigm. In the broad wake of that uncertainty, you have Ray Kurzweil predicting utopia and author Martin Ford predicting something much bleaker. Ultimately, the PWC report comes to what may be the most sensible, albeit frustratingly vague, conclusion. It's not really clear what's going to happen. Average pre-tax incomes should rise with increases in productivity. But the benefits won't be spread evenly across income or education groups.



The Cyberthreat You Didn't Even Know Was Out There

Cybercrime has become today's fastest-growing form of criminal activity. Cybersecurity Ventures predicted that cybercrime will become "more profitable than the global trade of all major illegal drugs combined" and "cost the world $6 trillion annually by 2021." While the majority of attacks continue to be aimed at small to mid-sized businesses with less sophisticated IT infrastructure, organizations that collect massive amounts of sensitive data will always be natural targets and "white whale" prizes for cybercriminals. Chasing such an enticing payday means hackers are willing to launch thousands, maybe even hundreds of thousands, of digital attacks. Only one of them needs to connect in order to unlock scores of lucrative personal information. That means companies that handle our most sensitive data must level up their security beyond that of other high-profile or large organizations in order to ensure this precious data is safeguarded against a constant barrage of threats. The good news is that modern IT infrastructure and security and identity tools are more powerful and sophisticated than ever to stymie malicious access attempts — but only if we are proactive about staying one step ahead of security threats.


European Bank Targeted in Massive Packet-Based DDoS Attack

In the bank incident, the attackers used a packet per second, or PPS, method instead of the more commonly used bits per second, or BPS, method. In the BPS approach, the attacker's goal is to overwhelm the inbound internet pipeline, sending more traffic to a circuit than it's designed to handle, according to the report. Akamai believes the attackers went with a PPS attack to overwhelm the target's DDoS mitigation systems via a high PPS load. A PPS attack is designed to overwhelm a network's gear and applications in the customer's data center or cloud environment, the report notes. A PPS attack exhausts the resources of the gear, rather than the capability of the circuits - as in a BPS attack. "One way to think about the difference in DDoS attack types is to imagine a grocery store checkout," Emmons explains. "A high-bandwidth attack, measured in bps, is like a thousand people showing up in line, each one with a full cart ready to check out. However, a PPS-based attack is more like a million people showing up, each to buy a pack of gum. In both cases, the final result is a service or network that cannot handle the traffic thrown at it."


How enterprises need to rethink business continuity planning

Corporate culture is another important but often overlooked element of business resiliency. Before COVID-19, remote work was already rising in popularity as more digitally savvy millennials and Gen-Zers entered the workforce. But there was still a deeply ingrained preference among corporate leaders to have most workers physically present in corporate facilities. Some believe employees lose creativity and productivity when working from home, analysts say. Others think it's just human nature to slack a bit when not under the watchful eye of management. Neither sentiment is necessarily validated by statistics (the opposite may actually be true). And if enterprises are to going to evolve and enable more remote workers, their cultures will also need to adjust to make way for that, analysts say. "We've always had a lot of societal and cultural resistance to remote work where management just felt that if it didn't see you, it couldn't be confident you were doing your job," says Grossner. "But when COVID-19 hit, guess what? All of a sudden, everyone is working from home, and we find out the model actually can work. A big cultural barrier now seems to be permanently lifting. I don't know if we'll ever go back to that old way of thinking, and future continuity planning should not allow it.


How IT Pros Can Lead the Fight for Data Ethics

A key challenge lies in the many ways IT teams must determine and respond to data ethics within the technical specification of a given system. Examining how data is processed helps to surface the norms at risk. The decision from Amazon, IBM, and Microsoft to halt the availability of their facial recognition AI software to police departments is an example. The decision is partly a response to police brutality protests in the wake of the police killings of George Floyd, Tony McDade, Breonna Taylor, and other Black people across the country. It is also a response to raised questions regarding regulating surveillance tech and negative bias of face recognition involving people of color. So how can IT best lead the ethics fight? Establishing an observability process within given DataOp and AIOps initiatives can help. Observability is a collection of processes to monitor and analyze data within a system. The purpose of observability is to assist developers and operators in understanding issues that appear within distributed systems. Observability reveals critical paths, reducing development time to remove errors and programmatic bugs. The issues associated with those errors and bugs can lead to ethical breaches



Quote for the day:

“Let no feeling of discouragement prey upon you, and in the end, you are sure to succeed.” -- Abraham Lincoln

No comments:

Post a Comment