Daily Tech Digest - July 28, 2020

The 6 Biggest Technology Trends In Accounting And Finance

When the internet of things, the system of interconnected devices and machines, combines with artificial intelligence, the result is the intelligence of things. These items can communicate and operate without human intervention and offer many advantages for accounting systems and finance professionals. The intelligence of things helps finance professionals track ledgers, transactions, and other records in real-time. With the support of artificial intelligence, patterns can be identified, or issues can be resolved quickly.  ... Robots don't have to be physical entities. In accounting and finance, robotic process automation (RPA) can handle repetitive and time-consuming tasks such as document analysis and processing, which is abundant in any accounting department. Freed up from these mundane tasks, accountants are able to spend time on strategy and advisory work. Intelligent automation (IA) is capable of mimicking human interaction and can even understand inferred meaning in client communication and adapt to an activity based on historical data. In addition, drones and unmanned aerial vehicles can even be deployed on appraisals and the like.

Transportation takes a leading edge with smart technology

As airports and aircraft become digitally connected through Edge IoT technology, many potential opportunities to improve air travel become an everyday reality. By harnessing Edge technology, 5G, and computer vision, many airlines are now able to drive significant operational efficiency. There are many use cases here, including: visual inspection-based pre-emptive maintenance that reduces downtime and delays, smarter scheduling and runway utilization, and cost-savings through smarter fuel usage. Safety and security can be significantly enhanced through Edge computing. Combining computer vision, computer audition, and analytics at the Edge can facilitate less disruptive and more rigorous safety and security. For example, facial recognition can be employed at smart gates to help tackle crime, and smart technology can be used to improve health screenings at airports. And there is huge potential for improving customer experience. By using Edge computing and smart technologies, the whole passenger journey can be connected and made smoother; from parking and arrival at the airport, through check-in, boarding, and inflight entertainment to arrival and baggage claim.

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

The flaw specifically exists in the web services interface of Firepower Threat Defense (FTD) software, which is part of Cisco’s suite of network security and traffic management products; and its Adaptive Security Appliance (ASA) software, the operating system for its family of ASA corporate network security devices. The potential threat surface is vast: Researchers with Rapid7 recently found 85,000 internet-accessible ASA/FTD devices. Worse, 398 of those are spread across 17 percent of the Fortune 500, researchers said. The flaw stems from a lack of proper input validation of URLs in HTTP requests processed by affected devices. Specifically, the flaw allows attackers to conduct directory traversal attacks, which is an HTTP attack enabling bad actors to access restricted directories and execute commands outside of the web server’s root directory. Soon after patches were released, proof-of-concept (POC) exploit code was released Wednesday for the flaw by security researcher Ahmed Aboul-Ela. A potential attacker can view more sensitive files within the web services file system: The web services files may have information such as WebVPN configuration, bookmarks, web cookies, partial web content and HTTP URLs.

Scrum’s Nature: It Is a Tool; It Is Not About Love or Hate 

The question then is: Why would I “hate” a tool unsuited for the intended purpose or applied incompetently? Would I hate a hammer for not being capable of accurately driving a screw into a wooden beam? Probably not, as the hammer wasn’t designed for that purpose, and neither sheer will-power nor stamping with your feet will change the fact. ... The job of the Scrum Master is hence to support the Scrum team by removing impediments—problems the team members cannot solve by themselves-thus supporting this decentralized leadership approach. Moreover, those impediments are mostly situated at an organizational level. Here, change is not happening by simply “getting things done,” but by working with other stakeholders and their plans, agendas, objectives, etc. ... Agile software development is not about solving (code) puzzles all day long. As a part of creating new products in complex environments, it is first-of-all about identifying which problems are worth solving from a customer perspective. Once that is established, and Scrum’s empirical approach has proven to be supportive in that respect, we strive to solve these puzzles with as little code as possible.

Dave: Mobile Banking App Breach Exposes 3 Million Accounts

Dave says the breach traces to the Waydev analytics platform for engineering teams that it formerly used. "As the result of a breach at Waydev, one of Dave's former third-party service providers, a malicious party recently gained unauthorized access to certain user data at Dave, including user passwords that were stored in hashed form using bcrypt, an industry-recognized hashing algorithm," Dave says in its Saturday data breach notification. Waydev, which is based in San Francisco, first warned on July 2 that its service may have been breached. "We learned from one of our trial environment users about an unauthorized use of their GitHub OAuth token," Waydev says in a data breach notification posted on its site that details security measures it recommends all users take. "The security of your data is our highest priority. Therefore, as a precautionary measure to protect your account, we revoked all GitHub OAuth tokens." Beyond that notice, "we notified the potentially affected users" directly, Waydev's Mike Dums tells Information Security Media Group. The company says that it immediately hired a third-party cybersecurity firm, Bit Sentinel to help investigate the intrusion and lock down its environment, including having now fixed the vulnerability exploited by attackers.

Intelligent ways to tackle cyber attack

Absalom recommends that security practitioners balance the need for human oversight with the confidence to allow AI-supported controls to act autonomously and effectively. He says: “Such confidence will take time to develop, just as it will take time for practitioners to learn how best to work with intelligent systems.”  Given time to develop and learn together, Absalom believes the combination of human and artificial intelligence should become a valuable component of an organisation’s cyber defences. As Morris points out, fraud management, SIEM, network traffic detection and endpoint detection all make use of learning algorithms to identify suspicious activity – based on previous usage data and shared pattern recognition – to establish “normal” patterns of use and flag outliers as potentially posing a risk to the organisation. For companies with a relatively small and/or simple IT infrastructure, Wenham argues that the cost of an AI-enabled SIEM would probably be prohibitive while offering little or no advantage when coupled with good security hygiene. On the other hand, for an enterprise with a large and complex IT infrastructure, Wenham says the cost of an AI-enabled SIEM might well be justified. 

Are newer medical IoT devices less secure than old ones?

Mularski does concede that some particularly vulnerable old devices are often more isolated on the network by design, in part because they’re more recognizable as vulnerable assets. Windows 95-vintage x-ray machines, for example, are easy to spot as a potential target for a bad actor. “For the most part, I think most of the hospital environments, they do a good job at recognizing that they have these old deices, and the ones that are more vulnerable,” he said. This underlines a topic most experts on – simple awareness of the potential security flaws on a given network are central to securing healthcare networks. Greg Murphy is the CEO of Ordr, a network visibility and security startup based in Santa Clara. He said that both Mularski and Staynings have points in their favor. “Anyone who minimizes the issue of legacy devices needs to walk a mile in the shoes of the biomedical engineering department at a hospital,” he said. “[But] on the flipside, new devices that are being connected to the network have huge vulnerabilities themselves. Many manufacturers themselves don’t know what vulnerabilities their devices have.”

The Opportunity in App Modernization

Domain Driven Design and modeling techniques like SWIFT, Wardley Maps, Bounded Context Canvas have provided the technical and business heuristics in carving out microservices. There is however an emerging backlash from the complexity of microservices and an impetus to move towards simpler deployment architectures like modular monoliths. See To Microservices and Back Again. There are significant gaps that libraries and frameworks can fill by driving a backlog of stories and implementation from event storming or monolith decomposition. Generating a backlog of user stories and epics from event storming is a work of art and requires heavy facilitation because DDD Is Broken. Dividing business capabilities in sub-business capabilities is tough and candidate microservices need expert judgment before implementation. Observability tools and frameworks that aid in understanding the existing application runtime metadata paired with a profiler theoretically have the information needed to make recommendations on starting points to decomposing monoliths. A tool that has started to look at this problem is vFunction.

Ten ‘antipatterns’ that are derailing technology transformations

One of the biggest sources of impact in technology transformations comes from simplifying the path to production, the steps involved from defining requirements to releasing software and using it with disciplined repetition across teams. This requires a lot of organizational and executive patience, as the impacted teams—app development, operations, security, support—can take weeks and months to perfect this coordinated dance. Tools and architecture changes can help, but to be effective, they need to be paired with changes to engineering practices, processes, and behaviors. Launching programs for large architecture and tooling changes often requires minimal effort, catches the executive and board’s fancy, and represents that things are moving. However, in our experience, without changes to engineering practices, processes, and behaviors, such programs have minimal or no impact. ... After months of futile top-down incentives and nudges for tools adoption, the bank refocused on how the tools enabled a new set of engineering practices and collaboration between teams. It showed how the new tools could simplify the path to production. 

Is Robotic Process Automation As Promising As It Looks?

RPA works best when application interfaces are static, procedures don’t change, and data patterns stay stable – a mix that is progressively uncommon in today’s dynamic, digital scenario. The issue with RPA, in any case, isn’t that the tools aren’t clever enough. Rather, its main challenge is progressively about strength –handling the unexpected sudden changes in the IT world. Adding cognitive abilities to RPA doesn’t resolve these strength issues – you essentially end up with more intelligent technology that is still similarly as weak it was in the past. RPA is still in the phase of advancement, thus it can introduce difficulties that may bring about undesirable results. Consequently, it is difficult for associations to decide whether they ought to put their resources into robotic automation or wait until its extension. A far-reaching business model must be created while thinking about the implementation of this technology; else, it will be futile if returns are just marginal, which may not be worth taking the risk. RPA is equipped for dealing with specific tasks and assignments, however isn’t planned to deal with processes. Therefore, it appears to be legitimate to believe that combined with other more specific instruments, it can drive better execution.

Quote for the day:

"Leaders must encourage their organizations to dance to forms of music yet to be heard." -- Warren G. Bennis

No comments:

Post a Comment