SWOT analysis: Why you should perform one, especially during times of uncertainty
If your company is going to develop a sustainable advantage, it will need to
first know where its strengths, weaknesses, opportunities, and threats exist.
Without conducting a SWOT analysis, your company is flying blind and could be
wasting precious resources and time on activities that propel it in the wrong
direction. Conducting a SWOT analysis is particularly important during times
of crisis and uncertainty. Since the COVID-19 pandemic began, many companies
and industries have had to revisit their SWOT analysis as a result of internal
and external factors outside of their control. As a result of the pandemic
impact, industries like travel and tourism, restaurants, entertainment, and
many others have been forced to devise ways to address new risks and
reevaluate new opportunities. Conducting a SWOT analysis helps your leadership
team gain a clear view of what your company is doing well compared with its
competitors and where it needs to pull up its socks. It also helps shine a
light on areas where potential opportunities exist and where risks may
reside. Having a solid understanding of all of these areas identifies
your current state and increases your company's visibility into how to best
allocate its budget, resources, time, and effort.
When WAFs Go Wrong
"Organizations want more from their WAF providers — and the degree of negative
feedback from vendor-supplied references warns that, unless vendors adapt
quickly, the WAF market is ripe for disruption," according to Sandy Carielli,
principal analyst at Forrester Research, who led the firm's most recent market
research on the WAF market this spring. The Forrester report shows that
organizations are particularly struggling as their current WAF deployments are
unable to handle a broader range of application attacks, particularly
client-side attacks, API-based attacks, and bot-driven attacks. On the API
(application programming interface) front, for example, an increasing number
of server-side request forgery (SSRF) are made possible due to how cloud
architectures use metadata APIs and webhooks. "The WAF may not necessarily be
deployed in-line to monitor the outbound HTTP requests made by the web
application. Many SaaS companies offer some form of web hook product which
makes an http request on behalf of the user and cannot be easily
differentiated from an SSRF attack," explained Jayant Shukla, CTO and
co-founder of K2 Cyber Security
Overcoming Data Security Challenges in a Hybrid, Multicloud World
With each step, from IaaS to PaaS to SaaS to DBaaS, organizations give up some
level of control over the systems that store, manage, distribute and protect
their sensitive data. This increase in trust placed in third parties also
presents an increase in risk to data security. Cloud deployments work on a
shared responsibility model between the cloud provider and the consumer. In
the case of an IaaS model, the cloud consumer has room to implement data
security measures much like what they would normally deploy on premises and
exercise tighter controls. For SaaS services, cloud consumers have to rely on
the visibility provided by the cloud provider which, in essence, limits their
ability to exercise more granular controls. It’s important to note that
regardless of the chosen architecture, it’s ultimately your organization’s
responsibility to ensure appropriate data security measures are in place
across environments. To learn more about how to adapt your data security, data
privacy and compliance practices to the hybrid multicloud, read the
“Overcoming Data Security Challenges In a Hybrid Multicloud.”
Are Today’s Banks Prepared To Deploy Tomorrow’s Technologies?
While it is impossible to determine what the “new normal” in banking will look
like, it will undoubtedly be far different than the past. It is still unknown
how the negative financial impact of the pandemic on consumers will impact
future banking behavior. While we have seen a spike in digital transactions and
in the amount of savings set aside by consumers, it is too early to develop
reliable trend lines going forward. There is little doubt that the banking
industry will face a stretch of economic pressure created by delayed loan
payments, lower fees, narrow margins and increased risk from credit losses.
While government stimulus packages may help, there will still be capital and
liquidity challenges. These financial challenges create a very clear call to
action for financial institutions used to doing business the way it has been
done for decades. Banks and credit unions must reimagine legacy business models
and the technology used to serve the marketplace. Speed of change will determine
winners as much as the changes themselves. Being a “fast follower” will no
longer be acceptable.
Career advice for a changing world
For those growing up as digital natives, the principle of owning your network
and profile may seem obvious. Everything we do will be captured digitally
somehow — in both the professional and the social milieus. What you choose to
post and how you present yourself matters: It is the foundation on which to
build your network. The changing nature of work, including the fact that
people may switch jobs frequently or be employed under a variety of types of
agreements, will require the ability to present a compelling profile of who
you are, and communicate this to your peers and potential collaborators.
Here’s where your platform will find its outward presentation — where you can
bundle your various talents, skills, aptitudes, and interests to present to
prospective employers, mentors, and others you’ll work with or for. People at
all stages of their career will need to do this, and as they add new abilities
through upskilling, they add to the richness of their profile. You also need
to build your network both digitally and physically (when that again becomes
possible). If you are looking to change jobs, you should start by looking for
ways to situate yourself among people who are already doing what you aspire to
do, and build your new contacts.
Microsoft Teams' new 'Together mode' aims to make video calls more engaging
On most video calls, eye contact – or the lack of – is an ongoing problem,
with people often appearing to look in the wrong direction. Together mode
mimics the geometry of reflection, meaning that every participant is looking
at the whole group through a big virtual mirror. “Once direct eye contact
errors become hard to detect, people intuitively position themselves to look
as if they are reacting to one another appropriately,” Lanier explains.
Microsoft said its research has shown that as a result people tend to feel
happier and more engaged in meetings. Additionally, everyone in Together mode
is in a fixed position. If one person happens to appear in the fourth seat of
the bottom row on their own screen, that person would appear in the fourth
seat of the bottom row on everyone else’s screen. Angela Ashenden, principle
analyst for workplace transformation at CCS Insight ,said the combination of
both features helps to make the video meetings feel more natural. She notes
that if a meeting leader tells everyone to click a button on the right of the
screen, you see everyone’s gaze looking in the same direction.
Open source license issues stymie enterprise contributions
"The No. 1 issue [in enterprise open source] is still licensing," said Kevin
Fleming, who oversees research and development teams in the office of the CTO
at Bloomberg, a global finance, media and tech company based in New York. "But
it isn't the licensing discussion that everybody was having five to 10 years
ago -- now, the licensing discussion is about really important projects that
enterprises depend upon deciding to switch to non-open source licenses." The
legal outlook for enterprises has also been further complicated by varied
approaches among vendors and open source foundations to copyright agreements,
and a general lack of legal precedents to guide corporate counsel on open
source IP issues. While Bloomberg's Fleming, and many other enterprise open
source contributors, believes new license types such as the server side public
license (SSPL) and the Hippocratic License clearly fall outside the bounds of
open source, in the wider community, those aren't entirely settled questions.
"Open source is bigger than licenses," said Coraline Ada Ehmke, software
architect at Stitch Fix, creator of the Hippocratic License and founder of the
Ethical Source Working Group.
Agile Initiative Planning with Roadmaps
Plans are critical because they set expectations on the goals, the strategy and
the resources you need. They justify the organisation's expenditure on the
initiative. They allow you to consider the problems you are likely to incur
along the way and develop ways to avoid them. Plans build a bridge between
management and the development team. With a plan, you can prepare for different
eventualities to improve your chance of success. With a plan, you can get the
commitment and resources you need to achieve your objective. Without a plan,
it's unlikely that people will give you the funds or resources you need to
succeed. Over the last few years, I have developed and refined an Initiative
Roadmap process that allows you to define, design and plan an initiative in
weeks instead of months or years. In an Initiative Roadmap, you set your goal,
strategy and direction in a high-level plan so that you can get the necessary
funding and support you need to build a delivery team. When the development team
starts, they evolve the plan with business stakeholders to deliver the maximum
business value possible within the time and budget available.
Google open-sources Tsunami vulnerability scanner
Google said it designed Tsunami to adapt to these extremely diverse and
extremely large networks on the get-go, without the need to run different
scanners for each device type. Google said it did this by first splitting
Tsunami into two main parts, and then adding an extendable plugin mechanism on
top. The first Tsunami component is the scanner itself -- or the
reconnaissance module. This component scans a company's network for open
ports. It then tests each port and attempts to identify the exact protocols
and services running on each, in an attempt to prevent mislabelling ports and
test devices for the wrong vulnerabilities. Google said the port
fingerprinting module is based on the industry-tested nmap network mapping
engine but also uses some custom code. The second component is the one that's
more complex. This one runs based on the results of the first. It takes each
device and its exposed ports, selects a list of vulnerabilities to test, and
runs benign exploits to check if the device is vulnerable to attacks. The
vulnerability verification module is also how Tsunami can be extended through
plugins -- the means through which security teams can add new attack vectors
and vulnerabilities to check inside their networks.
Up Close with Evilnum, the APT Group Behind the Malware
Evilnum's primary goal is to spy on its targets and steal financial data from
businesses and their customers. Its attackers have previously stolen
spreadsheets and documents with customer lists, investments, and trading
operations; internal presentations; software licenses and credentials for
trading software and platforms; browser cookies and session data; email
credentials; credit card information; and proof of address and identity
documents. The group has also obtained access to VPN configurations and other
IT-related information. Like many threat groups, Evilnum starts with a
phishing email. Messages contain a link to a ZIP file hosted in Google Drive.
This archive has multiple LNK files designed to extract and execute a
malicious JavaScript component while displaying a fake document. These
"shortcut" files have "double extensions" to trick victims into believing they
are harmless and opening them. These LNK files all do the same thing: When
opened, a file searches its contents for lines with a specific marker and
writes them to a JavaScript file. This malicious file is executed and then
writes and opens a decoy file with the same name as the LNK file.
Quote for the day:
No comments:
Post a Comment