The rise of remote work can be unexpectedly liberating
Employees could become increasingly mercenary, no longer swayed by the strong
social bonds and physical-world perks of the office of the past. For their
part, employers could increasingly view their staffs as little more than
interchangeable work units. As a manager, no matter how objective I think I
may be, I would probably find it easier to fire an employee with whom I had
little personal connection. That difficult conversation would be reduced to a
few minutes on a screen, with no chance of running into the person later in
the coffee room. All of this may sound dismal, but this change in employee
psychology and loyalty may come with an unexpected liberation, encouraging
workers to look beyond the workplace to build friendships and identity. In our
previous office lives, some of us had access to free food, coffee rooms or
other on-site perks. We might have enjoyed them, but they also helped keep us
in the office for long hours. Likewise, the presence of co-workers and bosses
made us more compliant, less likely to take a proper lunch hour or make the
effort to attend a child’s school event. With our offices gone, our days have
now opened up. Why not make that doctor’s appointment for 4 p.m.? Why not pick
the kids up at day care rather than find a babysitter?
Hardware security: Emerging attacks and protection mechanisms
Every hardware device has firmware – a tempting attack vector for many
hackers. And though the industry has been making advancements in firmware
security solutions, many organizations are still challenged by it and don’t
know how to adequately protect their systems and data, she says. She advises
IT security specialists to be aware of firmware’s importance as an asset to
their organization’s threat model, to make sure that the firmware on company
devices is consistently updated, and to set up automated security validation
tools that can scan for configuration anomalies within their platform and
evaluate security-sensitive bits within their firmware. “Additionally,
Confidential Computing has emerged as a key strategy for helping to secure
data in use,” she noted. “It uses hardware memory protections to better
isolate sensitive data payloads. This represents a fundamental shift in how
computation is done at the hardware level and will change how vendors can
structure their application programs.” Finally, the COVID-19 pandemic has
somewhat disrupted the hardware supply chain and has brought to the fore
another challenge.
Still not dead: The mainframe hangs on, sustained by Linux and hybrid cloud
Others say technologies such as machine learning and artificial intelligence
will also drive future mainframe development. “Data insights help drive
actionable and profitable results—-but the pool of data is growing at
astronomical rates. That’s where AI can make a difference, especially when
it’s on a mainframe. Consider the amount of data that resides on a mainframe
for an organization in the banking, manufacturing, healthcare, or insurance
sectors. You’d never be able to make sense of it all without AI,” said
Deloitte’s Cobb. As an example, Cobb said core banking operations can do more
than simply execute large volumes of transactions. “Banks need deep insights
about customer needs, preferences, and intentions to compete effectively,
along with speed and agility in sharing and acting on those insights. That’s
easier said than done when data is constantly changing. Now if you can analyze
data directly on the mainframe, you can get near real-time insights and
action. That makes the mainframe an important participant in the AI/ML
revolution,” Cobb said.The mainframe environment isn’t without challenges
going forward.
How AI can transform finance departments to help Covid-19 recovery
The modern world has made company spending less centralised than ever before,
with employees spending money across so many expense categories and using more
payment methods than ever before. This growth in the volume of financial data
leads to an increase in the risk of fraud and noncompliance. This is a risk
few businesses can take, especially when cash flow needs to be conserved. A
study by the Association of Certified Fraud Examiners (ACFE) found that the
average organisation loses 5% of its annual revenue to internal fraud. During
an economic downturn, this is simply unsustainable. Much of this is
accidental, with employees often mistakenly duplicating expense claims or
invoices. Businesses are only able to audit around 10% of expense reports
manually, so much potential fraud goes undetected. AI provides a solution to
this problem, enabling the auditing of every single spend report. It can
predict patterns and detect any anomalies that appear in financial data.
Covid-19 has made it more important than ever that businesses are identifying
any fraudulent activity and preventing it. Invoice fraud is one example that
has seen an increase during the pandemic.
Universal Health Services' IT Network Crippled
According to a post on Reddit by an individual who claims to work at a UHS
facility in the Southeastern U.S., on Sunday at approximately 2 a.m., systems
in the facility's emergency department "just began shutting down." The
individual says: "I was sitting at my computer charting when all of this
started. It was surreal and definitely seemed to propagate over the network.
All machines in my department are Dell Win10 boxes." Anti-virus programs were
disabled by the attack, and hard drives "just lit up with activity," the
individual writes. "After one minute or so of this, the computers logged out
and shutdown. When you try to power back on the computers they automatically
just shut down. We have no access to anything computer based including old
labs, EKGs, or radiology studies. We have no access to our PACS radiology
system." Media outlet Bleeping Computer reports that an UHS insider says that
during the incident, files were being renamed to include the .ryk extension.
This extension is used by the Ryuk ransomware. Likewise, citing "people
familiar with the incident," the Wall Street Journal reports that the attack
did indeed involve ransomware.
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
The Shared Responsibility Model is pretty well understood now to mean: "If you
configure, architect, or code it, you own the responsibility for doing that
properly." While the relationship between the customer and the cloud is well
understood, our experience working with software teams indicates the
organization and architectural security responsibilities within organizations
are not. And that is where the Shared Irresponsibility Model comes into play.
When something goes wrong in the cloud — some form of security issue or incident
—corporate management inevitably will come looking for the most senior person in
the IT organization to blame. The IT organization and development teams might
not have gone line by line through the various cloud providers' Shared
Responsibility Models to entirely understand what is and isn't something they
have to deal with. Developers are focused on developing and getting code
running, typically with high rates of change. With the cloud, pushing code into
production doesn't have many hurdles. The cloud provider is not responsible for
an organization's own compliance, and, by default, it typically will not alert
on misconfigurations that could introduce risk, either.
Identity theft explained: Why businesses make tempting targets
Identity theft is most often associated with the act of stealing an
individual's identity. But as Mitt Romney once famously said, "corporations
are people, my friend," and businesses have all the sorts of "personal" data —
tax ID numbers and bank accounts, for instance — that individuals have, which
can be stolen and abused. We're not talking about security breaches or
employees misusing corporate assets here; we're talking about an identity
thief pretending to be someone within a company who has the authority to make
financial transactions, just like they might pretend to be another individual.
In fact, a business may be an even more tempting target for an identity thief
than an individual because businesses have high credit limits, substantial
bank accounts, and make big payments to vendors on a regular basis. The
consequences can be dire, particularly for small businesses where the
founder's or owner's finances are deeply entangled with the company's. Before
we move on, we should take note of a couple of ways that even the theft of
individuals' identities can affect businesses. For instance, one of the most
pernicious effects of identity theft is just how much time victims have to
spend calling credit agencies and financial institutions to resolve the issue;
a recent study found that victims can take up to 175 hours to set everything
straight
Using Nginx to Customize Control of Your Hosted App
Nginx is an open-source web server that is a world leader in load balancing and
traffic proxying. It comes with a plethora of plugins and capabilities that can
customize an application’s behavior using a lightweight and easy-to-understand
package. According to Netcraft and W3Techs, Nginx serves approximately 31-36% of
active websites, putting it neck and neck with Apache as the world’s preferred
web server. This means that not only is it well-respected, trusted, performant
enough for a large portion of production systems, and compatible with just about
any architecture, it also has a loyal following of engineers and developers
supporting the project. These are key factors in considering the longevity of
your application, how portable it can be, and where it can be hosted. Let's look
at a situation when you might need Nginx. In our example, you've created an app
and deployed it on a Platform as a Service (PaaS)—in our case, Heroku. With
PaaS, your life is easier, as decisions about the infrastructure, monitoring,
and supportability have already been made for you, guaranteeing a clean
environment for you to run your applications with ease.
The future of retail isn’t what it used to be
Appointment-based shopping is one key area of immediate opportunity. Initially
seen in luxury and higher-end stores, appointment-based shopping balances
safety, capacity, and personalized service. It can also serve two needs at
once. For example, Best Buy uses appointments for more guided shopping with an
advisor. For clothing retailers, appointment-based shopping can help customers
schedule dressing room visits with the specific items they want to try. With
the right digital capabilities, consumers can shop online, select items in
various sizes, and schedule a time and room to visit a retailer to experience
a personalized trial and fitting. Making the in-store shopping experience
better should include planograms and the ability to look up assortments and
stock in a store. Assortment differences from store-to-store mean that
shoppers may go into a store looking for a product that a particular location
does not stock. Home Depot and Target both do well in indicating if a product
is in stock and where it’s located within the store. Contactless shopping is
another area worth further focus. Self-checkout in retail has been available
and increasing its footprint for some time.
Microsoft: Some ransomware attacks take less than 45 minutes
Per Microsoft, the most targeted accounts in BEC scams were the ones for
C-suites and accounting and payroll employees. But Microsoft also says that
phishing isn't the only way into these accounts. Hackers are also starting to
adopt password reuse and password spray attacks against legacy email protocols
such as IMAP and SMTP. These attacks have been particularly popular in recent
months as it allows attackers to also bypass multi-factor authentication (MFA)
solutions, as logging in via IMAP and SMTP doesn't support this feature.
Furthermore, Microsoft says it's also seeing cybercrime groups that are
increasingly abusing public cloud-based services to store artifacts used in
their attacks, rather than using their own servers. Further, groups are also
changing domains and servers much faster nowadays, primarily to avoid
detection and remain under the radar. But, by far, the most disruptive
cybercrime threat of the past year have been ransomware gangs. Microsoft said
that ransomware infections had been the most common reason behind the
company's incident response (IR) engagements from October 2019 through July
2020.
Quote for the day:
"Leadership is unlocking people's potential to become better." -- Bill Bradley
No comments:
Post a Comment