Daily Tech Digest - November 18, 2020

ThreatList: Pharma Mobile Phishing Attacks Turn to Malware

“The reason that mobile devices have become a primary target is because a well-crafted attack can be close to impossible to spot,” said Schless. “Mobile devices have smaller screens, simplified user interfaces, and people generally exercise less caution on them than they do on computers.” Meanwhile, while previously cybercriminals were relying on phishing attacks that attempted to carry out credential harvesting, in 2020, the aim shifted to malware delivery. For instance, in the fourth quarter of 2019, 83 percent of attacks aimed to launch credential harvesting while 50 percent aimed to deliver malware. However, in the first quarter of 2020, only 40 percent of attacks targeted credentials, while 78 percent aimed to deliver malware. And, in the third quarter of 2020, 27 percent targeted credentials, and 81 percent looked to load malware. Researchers believe that this shift signifies that attackers are investing in malware more for pharmaceutical companies. For one, successful delivery of spyware or surveillanceware to a device could result in longer-term success for the attacker. Furthermore, said researchers, attackers want to be able to observe everything the user is doing and look into the files their device accesses and stores. ...”


Don't put data science notebooks into production

Putting a notebook into a production pipeline effectively puts all the experimental code into the production code base. Much of that code isn't relevant to the production behavior, and thus will confuse people making modifications in the future. A notebook is also a fully powered shell, which is dangerous to include inside a production system. Safe operations require reproducibility and auditability and generally eschews manual tinkering in the production environment. Even well intentioned people can make a mistake and cause unintended harm. What we need to put into production is the concluding domain logic and (sometimes) visualizations. In most cases, this isn't difficult since most notebooks aren't that complex. They only encourage linear scripting, which is usually small and easy to extract and put into a full codebase. If it's more complex, how do we even know that it works? These scripts are fine for a few lines of code but not for dozens. You’ll generally want to break that up into smaller, modular and testable pieces so that you can be sure that it actually works and, perhaps later, reuse code for other purposes without duplication. So we’ve argued that having notebooks running directly in production usually isn’t that helpful or safe. It’s also not hard to incorporate into a structured code base.


Why the CMO and CIO are no longer strange bedfellows

The CIO’s mandate is all systems, both customer-facing and internal. We know that more and more this involves capturing and interpreting market and customer data through artificial intelligence derived from data sensors. In turn, IT leaders supply the capabilities needed to meet Line of Business demands for agility and speed. The CMO’s mandate is to apply the derived customer intelligence, needs, and habits, and profile customers down to the individual level, to create an experience that meets the customer wherever, whenever, and on any device. Understanding the customer is therefore central to both mandates. The CIO needs to connect technology capabilities all the way from the customer interaction back to the workload related to the customer, sitting on the chosen infrastructure platform. The CMO needs an entire profile of the customer, and the CIO builds the systems in order to create the profile. In the current climate, businesses who fail to understand the importance of the digital customer experience will undoubtedly fall behind. Embracing the customer as a digital experience is essential for business competitiveness and even survival.


Understanding Microsoft .NET 5

Technically this new release should be .NET Core 4, but Microsoft is skipping a version number to avoid confusion with the current release of the .NET Framework. At the same time, moving to a higher version number and dropping Core from the name indicates that this is the next step for all .NET development. Two projects still retain the Core name: ASP.NET Core 5.0 and Entity Framework Core 5, since legacy projects with the same version numbers still exist. It’s an important milestone, marking the point where you need to consider starting all new projects in .NET 5 and moving any existing code from the .NET Framework. Although Microsoft isn’t removing support from the .NET Framework, it’s in maintenance mode and won’t get any new features in future point releases. All new APIs and community development will be in .NET 5 (and 2021’s long-term support .NET 6). Some familiar technologies such as Web Forms and the Windows Communication Foundation are being deprecated in .NET 5. If you’re still using them, it’s best to remain on .NET Framework 4 for now and plan a migration to newer, supported technologies, such as ASP.NET’s Razor Pages or gRPC. There are plans for community support for alternative frameworks that will offer similar APIs


Top 8 trends shaping digital transformation in 2021

Consumers want consistent engagement with brands across their preferred channels. Seventy-three percent of shoppers use more than one channel during their shopping journey. Per Deloitte, seventy-five percent of consumers expect consistent interactions across all departments of a company. Eighty-six percent of consumers say they want the ability to move between channels when talking to a brand. Ninty-two percent of customers are satisfied using live chat services -- making it the support channel that leads to the highest customer satisfaction. And 78% of consumers use mobile devices to connect with brands for customer service -- the number jumps to 90% of Millennials. Organizations need to invest in new digital methods of customer service. ... Research shows that Lines of business (LoBs) are participating in digital transformation with 68% of LoB users believe IT and LoBs should jointly drive digital transformation. In addition, 51% of LoB users are frustrated at the speed their organizations' IT department can deliver digital projects. Outside of IT, the top three business roles with integration needs include business analysts, data scientists, and customer support.


Q&A on the Book Virtual Teams Across Cultures

Firstly, it is important to understand the meaning of culture. In the book, I go into more detail, but for now we can say that culture is the meaning that a group of people give to understand life and interpret their experience. Culture is a social construct, meaning that it develops through the interaction of people. As humans, we are influenced by many cultures, such as company culture. The book focuses on country or location culture. When we work with people from the same culture, things tend to go smoothly. In general, we understand each other’s communication style, work approach, reactions and ideas. It all makes sense because the assumptions that drive us are similar. However, when we meet someone from a different culture, we may not understand or we may be surprised by their communication style, work approach, reactions and ideas. The assumptions that drive their behavior are fundamentally different. This is what we call culture shock – that feeling of confusion because the other person does not make sense to us. People who work internationally have most likely experienced culture shock. The critical aspect is how we respond to it. 


Can Low Code Measure Up to Tomorrow’s Programming Demands?

There is some disagreement on whether AI and machine learning will be able to write code, says Forrester’s Jeffrey Hammond, vice president and principal analyst serving CIO professionals. “One camp is saying, ‘In the future, AI is going to write a lot of the code that developers might write today,’” he says. That could lead to less demand for developers, with fewer positions to be filled. The counter view, Hammond says, is that software development is a creative process and profession. For all its capabilities, AI has limits that might not match the novel thinking of developers, he says. “Some of the most valuable code that’s written is also the most creative code.” Today AI is used successfully in testing, Hammond says, which many developers might be loath to writing test cases for. He sees market adjacencies to that with development tools such as Microsoft Visual Studio that has a feature that can predict what a developer may type next, then make that available for the developer to click. “You’ve got examples of where these tools are augmenting developers’ working habits and making them more productive,” Hammond says. In the creative space, Adobe Sensei technology can help designers automate tedious tasks, he says, such as stitch together photos or remove undesired artifacts from content.


Vulnerability Prioritization Tops Security Pros' Challenges

This should come as no surprise to anyone working in software development. Software development organizations are using more application security tools than ever before and from the earliest stages of development. Most are on top of detection, but that's only the first step. Next comes prioritization: Once you've detected the security issues, how can you make sure you are addressing the most critical issues first? While prioritization is essential for organizations that want to get ahead of their backlog, they are still struggling to formulate a standardized prioritization process. Even though vulnerability prioritization rated very high on application security professionals' list of top challenges, the WhiteSource survey found that most security and development teams don't follow a shared process for prioritization. The survey asked to what extent the security and development teams in their organization agree on which vulnerabilities need to be fixed, and the results were concerning: 58% of respondents said they sometimes agree, but each team follows ad hoc practices and separate guidelines. Only 31% of respondents said they have an agreed-upon process to determine priorities.


Fast-Tracking AI Ethics Is Dicey And Shortsighted, Especially For Self-Driving Cars

Somehow, there needs to be a balance found that can appropriately make use of the AI Ethics precepts and yet allow for flexibility when there is a real and fully tangible basis to partially cut corners, as it were. Of course, some would likely abuse the possibility of a slimmer version and always go that route, regardless of any truly needed urgency of timing. Thus, there is a chance of opening a Pandora’s box whereby a less-than fully AI Ethics protocol becomes the default norm, rather than serving as a break-glass exception when rarely so needed. It can be hard to put the Genie back into the bottle. In any case, there are already some attempts at trying to craft a fast-track variant of AI Ethics principles. We can perhaps temper those that leverage the urgent version with both a stick and a carrot.The carrot is obvious that they are seemingly able to get their AI completed sooner, while the stick is that they will be held wholly accountable for not having taken the full nine yards on the use of the AI Ethics. This is a crucial point that might be used against those taking such a route and be a means to extract penalties via a court of law, along with penalties in the court of public opinion.


How to boost your enterprise's immunity with cyber resilience

Cyber security and cyber resilience are often used interchangeably. While they are related concepts, they're far from being synonyms, and it's crucial for everyone to understand the difference. Security is like wearing a mask or using other forms of personal protective equipment to reduce your risk of being infected with a virus. Resiliency is, after having been infected, fighting through the illness and giving your body a chance to return to good health. This means that cyber security is the protection and restoration of IT assets—hardware and software, in the cloud and on premises—and the data they contain, to ensure their availability and integrity. Resiliency, on the other hand, focuses on the ability of the business to withstand and recover from these breaches. The scope extends beyond IT and information to business operations and processes. The U.S. National Institute of Standards and Technology (NIST) defines cyber resilience as "the ability of an information system to continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and to recover to an effective operational posture in a time frame consistent with mission needs."



Quote for the day:

"Limitations live only in our minds. But if we use our imaginations, our possibilities become limitless." -- Jamie Paolinetti

No comments:

Post a Comment