Daily Tech Digest - July 11, 2020

Software as a Service (SaaS): A cheat sheet

Beyond reliability, and depending on the nature of your business applications, it is also vitally important to evaluate the capacity provided by your chosen ISP. Querying large databases or moving large media files will require more bandwidth than is typical for less-intense applications like email; however, even extremely large bandwidth may not be enough, if there are also latency issues. There are similar reliability concerns when choosing the service provider for the SaaS applications themselves. Business organizations have to think about the longevity of their provider, their commitment to security, their willingness to customize applications, and their plans for feature upgrades. SaaS requires a business to relinquish some control in order to reap the benefits of the distribution system. Relinquishing control may also cause problems when the SaaS provider updates certain application features that the business does not want changed. Some feature upgrades will break existing use cases, especially if the business is using a customized version of the software. Some SaaS vendors have been known to eliminate aggregately under used features from their software, which causes problems for businesses that choose to adopt those features.

APT Group Targets Fintech Companies

Once the targeted victim clicks on the LNK file to view one of the documents, the malware begins to load in the background and infect their device, according to the report. Once the attackers successfully infect devices and a network, the malware steals sensitive corporate data, such as customer lists, credit card information and other personally identifiable data, along with the firm's investments and trading operations data, the ESET researchers report. In the next phase of the attack, the JavaScript components deploy other malware the Evilnum operators purchased from other hackers, including code written in C# from the malware-as-a-service provider Golden Chickens, the report notes. The attackers also use Python-based tools in their toolkits, the researchers add. While the JavaScript component acts as a backdoor and handles communications with the command-and-control server, the C# code takes on other tasks, including grabbing a screenshot whenever the mouse is moved over a certain length of time, sending system information back to the operators as well as stealing cookies and credentials. Eventually, this process will kill the malware when the campaign is complete, according to the report.

Why Segmentation is More Effective Than Firewalls For Securing Industrial IoT

As we’re so accustomed to using firewalls in our everyday lives (particularly on our own private computers, tablets, and smartphones) it might seem intuitive to use a firewall as a safeguard for IIoT-connected devices as well. However, the choice isn’t quite so straightforward as it might at first seem. Internal firewalls are expensive and complex to implement. It could be that for genuinely reliable protection, you need to install a firewall at every IIoT connection point. This could mean that hundreds (perhaps even thousands) of firewalls are required. We’ve already discussed how businesses’ technology security budgets are often overstretched. Taking this into account, security spend needs to be very carefully calculated and targeted. Segmentation, on the other hand, makes it possible to keep particular types of devices siloed off in a certain segment, thereby enhancing security. It also helps to enhance visibility and simplify classification of different device types. Organisations can then create risk profiles and relevant security policies for device groups.

How data and AI will shape the post-pandemic future

The general public are particularly becoming used to AI playing a huge role. The mystery around it is beginning to fade, and it is becoming far more accepted that AI is something that can be trusted. It does have its limitations. It's not going to turn into the Terminator and take over the world. The fact that we are seeing AI more in our day-to-day lives means people are beginning to depend on the results of AI, at least from the understanding of the pandemic, but that drives that exception. When you start looking at how it will enable people to get back to somewhat of a normal existence―to go to the store more often, to be able to start traveling again, and to be able to return to the office―there is that dependency that Arti mentioned around video analytics to ensure social distancing or temperatures of people using thermal detection. All of that will allow people to move on with their lives and so AI will become more accepted. I think AI softens the blow of what some people might see as a civil liberty being eroded. It softens the blow of that in ways and says, "This is the benefit already and this is as far as it goes." So it at least forms discussions whenever it was formed before.

IoT: device management and security are crucial

Operational challenges abound from the beginning of the IoT journey to its end. For example, how do you efficiently roll out hundreds of thousands or even a million devices in a timely manner? Once up and running, device firmware and IoT application software will need to be updated – possibly multiple times – during the course of the device’s life. Additionally, the device should be monitored against established baselines. This creates the environment for an early warning system that can highlight possible software bugs or security exploits. Devices also may experience an “upgrade” during their life cycles, as new capabilities may be activated and enabled over-the-air, based on needs and business cases. Ownership changes require re-assignment of control, and at the end, devices need to be decommissioned and brought to end-of-life in an efficient manner. These development and deployment challenges are prompting companies to re-examine how they allocate resources more efficiently. For example, only 15% of overall IoT systems development time is IoT application development. But a full 30% is device-management issues (provisioning, onboarding, and updating devices and systems), while 40% is taken up by developing the device stacks.

More pre-installed malware has been found in budget US smartphones

While the app does function as an over-the-air updater for security fixes and as an updater to the operating system itself, the software also installs four variants of HiddenAds, a Trojan family found on Android handsets. HiddenAds is a strain of adware that bombards users with adverts. In order to verify where the malware originated from, Malwarebytes disabled WirelessUpdate and then re-enabled the app. Within 24 hours, four adware strains were covertly installed. As the malware on the UMX and ANS differ, the team wanted to see if there were any ties linking the brands. A common thread was the use of a digital certificate used to sign the ANS Settings app under the name teleepoch. Upon further investigation, the certificate was traced back to TeleEpoch Ltd, which is registered as UMX in the United States. "We have a Settings app found on an ANS UL40 with a digital certificate signed by a company that is a registered brand of UMX," Collier says. "That's two different Settings apps with two different malware variants on two different phone manufactures & models that appear to all tie back to TeleEpoch Ltd. ..."

Increasing demand for RegTech to Meet Regulatory Burden

The demand has grown exponentially high since the Global Financial Crisis of 2008, businesses need to comply with regulatory reforms related to Anti-Money Laundering (AML) and due diligence (KYC) requirements. The cost to comply with regulations was staggering, but the non-compliance costs more due to hefty amounts of fines. Digitization of regulatory compliance assists businesses in meeting the needs of regulation, that too, by cutting the cost. According to the study, the cost of compliance across all banks from 2014 to 2016 averaged approximately 7.0% of their noninterest expenses. RegTech startups are experiencing growth and investment as firms are realizing the need to capitalize on compliance efficiency. Businesses can use it for a competitive edge in the industry. There is great potential for powering the future of financial regulation by integrating RegTech. It has major implications as it provides reduced regulatory costs and improved operational efficiency. The main target of RegTech was the finance industry.

Why businesses are adopting AI to improve operations

AI has improved productivity in an array of sectors. AI-powered contact center software has allowed companies to become incredibly efficient. In a shop, a digital SKU system is far more efficient at keeping tabs on stock levels than a manual one. It can record and analyze the demand for certain articles. More will automatically get ordered. A fashion store can see when a garment is selling like hot cakes and get more before the trend runs its course. This maximizes profit on the item. For teleconferencing solutions or other software providers, one of the biggest problems faced is customer churn. Retention schemes try to contact as many customers as possible whose contract is due to run out. Discounts and other enticements are offered to remain. But some of those customers would have stayed anyway. Others, who were more likely to leave, may not have been contacted. Customer services can't get in touch with every single person whose contract is due to be up. What the firm needs to understand are the factors influencing people to stay or go. An AI program is able to analyze the data from thousands of customers. It works out the risk factors and pulls out a list of people most likely to leave.

10 Ways AI Is Improving New Product Development

From startups to enterprises racing to get new products launched, AI and machine learning (ML) are making solid contributions to accelerating new product development. There are 15,400 job positions for DevOps and product development engineers with AI and machine learning today on Indeed, LinkedIn and Monster combined. Capgemini predicts the size of the connected products market will range between $519B to $685B this year with AI and ML-enabled services revenue models becoming commonplace. Rapid advances in AI-based apps, products and services will also force the consolidation of the IoT platform market. The IoT platform providers concentrating on business challenges in vertical markets stand the best chance of surviving the coming IoT platform shakeout. As AI and ML get more ingrained in new product development, the IoT platforms and ecosystems supporting smarter, more connected products need to make plans now how they're going to keep up. Relying on technology alone, like many IoT platforms are today, isn't going to be enough to keep up with the pace of change coming.

CDO Leadership Skills That Matter

Persistence is a key trait of successful leaders—they don’t get demotivated too easily. Whereas some people retreat back to their caves after failed attempts to collaborate with the organization, choosing to focus only on internal marketing or just a few pilots, I find that leaders who are persistent have a seat at the strategic table with their peers, have a strategy, and have a roadmap. They’re constantly thinking through how their capabilities could be used across the organization. They’re not easily defeated when something doesn’t go right. Persistence is important because the failure rate of data strategies and data governance teams is high; you’re building in a function that you’re not consolidating under one person, one business function. You’re often using a distributed leadership and organization model, which takes hard work to set the right expectations and have ongoing communications. On a regular basis, you have to give different people the WIIFM, the goals and objectives, that apply to their particular situation, and try to drive adoption and change in a way that fits with how each team works.

Quote for the day:

"Humility is a great quality of leadership which derives respect and not just fear or hatred." -- Yousef Munayyer

No comments:

Post a Comment