Daily Tech Digest - September 17, 2020

Outbound Email Errors Cause 93% Increase in Breaches

Egress CEO Tony Pepper said the problem is only going to get worse with increased remote working and higher email volumes, which create prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle. “Instead, organizations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spots errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake,” he said. The most common breach types were replying to spear-phishing emails (80%), emails sent to the wrong recipients (80%) and sending the incorrect file attachment (80%). Speaking to Infosecurity, Egress VP of corporate marketing Dan Hoy, said businesses reported an increase in outbound emails since lockdown, “and more emails mean more risk.” He called this a numbers game which has increased risk as remote workers are more susceptible and likely to make mistakes the more they are removed from security and IT teams. According to the research, 76% of breaches were caused by “intentional exfiltration.” Hoy confirmed this is a combination of employees innocently trying to do their job and not cause harm by sending files to webmail accounts, but this does increase risk “and you cannot ignore the malicious intent.”

‘The demand for cloud computing & cybersecurity professionals is on the rise’

The COVID-19 pandemic undoubtedly has disrupted the normalcy of every company across every sector. At Clumio, our primary focus continues to be the health and well-being of our people. While tackling the situation, we also need to keep pace with our professional duties. We made the transition to remote work immediately and are in constant touch with our employees to ensure they don’t feel isolated and remain focused on their work. We are encouraging employees to follow the best practices of remote work and motivating them to spend time on their emotional, mental and physical wellbeing during this time. We conduct Zoom happy hours frequently to stay connected and have fun. As part of the session, we also celebrated a virtual babyshower of one of our colleagues recently. We had our annual summer picnic and created wonderful memories while maintaining social distance, but staying together. During this time, we have also launched the India Research and Development center in Bangalore. Our India Center will drive front-end innovation and research to build cloud solutions. India has a huge talent pool in technology, and it is only growing. We have also started virtual hiring and onboarding during the pandemic. 

AI investment to increase but challenges remain around delivering ROI

ROI on AI is still a work in progress that requires a focus on strategic change. As companies progress in AI use, they often shift their focus from automating internal employee and customer processes to delivering on strategic goals. For example, 31% of AI leaders report increased revenue, 22% greater market share, 22% new products and services, 21% faster time-to-market, 21% global expansion, 19% creation of new business models, and 14% higher shareholder value. In fact, the AI-enabled functions showing the highest returns are all fundamental to rethinking business strategies for a digital-first world: strategic planning, supply chain management, product development, and distribution and logistics. The study found that automakers are at the forefront of AI excellence, as they accelerate AI adoption to deliver on every part of their business strategy, from upgrading production processes and improving safety features to developing self-driving cars. Of the 12 industries benchmarked in the study, automotive employs the largest AI teams. With the government actively supporting AI under its Society 5.0 program, Japanese companies lead the pack in AI adoption. 

The future of .NET Standard

.NET 5 and all future versions will always support .NET Standard 2.1 and earlier. The only reason to retarget from .NET Standard to .NET 5 is to gain access to more runtime features, language features, or APIs. So, you can think of .NET 5 as .NET Standard vNext. What about new code? Should you still start with .NET Standard 2.0 or should you go straight to .NET 5? It depends. App components: If you’re using libraries to break down your application into several components, my recommendation is to use netX.Y where X.Y is the lowest number of .NET that your application (or applications) are targeting. For simplicity, you probably want all projects that make up your application to be on the same version of .NET because it means you can assume the same BCL features everywhere. Reusable libraries: If you’re building reusable libraries that you plan on shipping on NuGet, you’ll want to consider the trade-off between reach and available feature set. .NET Standard 2.0 is the highest version of .NET Standard that is supported by .NET Framework, so it will give you the most reach, while also giving you a fairly large feature set to work with. We’d generally recommend against targeting .NET Standard 1.x as it’s not worth the hassle anymore. 

Fintech sector faces "existential crisis" says McKinsey

After growing more than 25% a year since 2014, investment into the sector dropped by 11% globally and 30% in Europe in the first half of 2020, says McKinsey, citing figures from Dealroom. In July 2020, after months of Covid-19-related lockdowns in most European countries, the drop was even steeper, 18% globally and 44% in Europe, versus the previous year. "This constitutes a significant challenge for fintechs, many of which are still not profitable and have a continuous need for capital as they complete their innovation cycle: attracting new customers, refining propositions and ultimately monetizing their scale to turn a profit," states the McKinsey paper. "The Covid-19 crisis has in effect shortened the runway for many fintechs, posing an existential threat to the sector." Analyzing fundraising data for the last three years from Dealroom, the conulstancy found that as much as €5.7 billion will be needed to sustain the EU fintech sector through the second half of 2021 — a point at which some sort of economic normalcy might begin to emerge. It is not clear where these funds will come from, however. Fintechs are largely unable to access loan bailout schemes due to their pre-profit status.

Artificial Intuition: A New Generation of AI

Artificial intuition is a simple term to misjudge in light of the fact that it seems like artificial emotion and artificial empathy. Nonetheless, it varies fundamentally. Experts are taking a shot at artificial emotions so machines can mirror human behavior all the more precisely. Artificial empathy aims to distinguish a human’s perspective in real-time. Along these lines, for instance, chatbots, virtual assistants and care robots can react to people all the more properly in context. Artificial intuition is more similar to human impulse since it can quickly survey the entirety of a circumstance, including extremely inconspicuous markers of explicit movement. The fourth era of AI is artificial intuition, which empowers computers to discover threats and opportunities without being determined what to search for, similarly as human instinct permits us to settle on choices without explicitly being told on how to do so. It’s like a seasoned detective who can enter a wrongdoing scene and know immediately that something doesn’t appear to be correct or an experienced investor who can spot a coming pattern before any other person.

Attacked by ransomware? Five steps to recovery

Arguably the most challenging step for recovering from a ransomware attack is the initial awareness that something is wrong. It’s also one of the most crucial. The sooner you can detect the ransomware attack, the less data may be affected. This directly impacts how much time it will take to recover your environment. Ransomware is designed to be very hard to detect. When you see the ransom note, it may have already inflicted damage across the entire environment. Having a cybersecurity solution that can identify unusual behavior, such as abnormal file sharing, can help quickly isolate a ransomware infection and stop it before it spreads further. Abnormal file behavior detection is one of the most effective means of detecting a ransomware attack and presents with the fewest false positives when compared to signature based or network traffic-based detection. One additional method to detect a ransomware attack is to use a “signature-based” approach. The issue with this method, is it requires the ransomware to be known. If the code is available, software can be trained to look for that code. This is not recommended, however, because sophisticated attacks are using new, previously unknown forms of ransomware. 

Struggling to Secure Remote IT? 3 Lessons from the Office

To prepare for the arrival of CCPA, business leaders told us they spent an average of $81.9 million on compliance during the last 12 months. Yet despite making investments in hiring (93%), workforce training (89%), and purchasing new software or services to ensure compliance (95%), 40% still felt unprepared for the evolving regulatory landscape. Why? Because the root causes were not addressed. Perhaps their IT operations and security teams worked in silos, creating complexity and narrowing their visibility into their IT estates. Maybe their teams were completely unaware that other departments introduced their own software into the environment. Or more commonly, the organization used legacy tooling that wasn't plugged into the endpoint management or security systems of the IT teams. These are just some of the root causes that keep organizations in the dark and prone to exploits. While the transition to remote work was swift, it has presented businesses with an opportunity to face these issues head-on. As workforces continue to work remotely, CISOs and CIOs now have the chance to evaluate how they effectively manage risk in the long term, which includes running continuous risk assessments and investing in solutions that deliver rapid incident response and improved decision-making.

CTO challenges around the return to the workplace

Every CTO tells us that the digital transformation and change management programmes designed to address the relentless regulatory, competitor, innovation and customer challenges must go ahead as planned, regardless of the pandemic. You may be tackling automating end-to-end electronic trading workflows or creating mobile framework applications. Whatever the focus, hampering the journey towards electronification, firms stumble over the limitations of legacy systems; trading desks still depend on quotes, orders and trades are processed from a multitude of external trading platforms, and inconsistency, lag and gaps all result in costly errors, which are missed opportunities at best, and regulatory reporting breaches and huge fines at worst. In the quest for efficiencies, mitigation of risk, and achieving seamless and future-proofed IT architecture, firms must automate to meet their regulatory obligations and deliver client, management and regulatory transparency. And this hasn’t even touched on achieving an ambition to create end-to-end, freely flowing models of perfectly clean, ordered and well-governed data. Every CTO needs to apply extraction and visualisation layers, and mine the data for valuable insights that can be fed further upstream.

The Case for Explainable AI (XAI)

Despite the numerous benefits to developing XAI, many formidable challenges persist. A significant hurdle, particularly for those attempting to establish standards and regulations, is the fact that different users will require different levels of explainability in different contexts. Models that are deployed to effectuate decisions that directly impact human life, such as those in hospitals or military environments, will produce different needs and constraints than ones utilized in low-risk situations There are also nuances within the performance-explainability trade-off. Infrastructure and systems designers are constantly balancing the demands of competing interests. ... There are also a number of risks associated with explainable AI. Systems that produce seemingly-credible but actually-incorrect results would be difficult to detect for most consumers. Trust in AI systems can enable deception by way of those very AI systems, especially when stakeholders provide features that purport to offer explainability where they actually do not. Engineers also worry that explainability could give rise to vaster opportunities for exploitation by malicious actors. Simply put, if it is easier to understand how a model converts input into output, it is likely also easier to craft adversarial inputs that are designed to achieve specific outputs.

Quote for the day:

"Great leaders go forward without stopping, remain firm without tiring and remain enthusiastic while growing" -- Reed Markham

No comments:

Post a Comment