Daily Tech Digest - November 22, 2020

It's time for banks to rethink how they secure customer information

To sum it up, banks and credit card companies really don't care to put too much effort into securing the accounts of customers. That's crazy, right?  The thing is, banks and credit card companies know they have a safety net to prevent them from crashing to the ground. That safety net is fraud insurance. When a customer of a bank has their account hacked or card number stolen, the institution is fairly confident that it will get its--I mean, the customer's--money back. But wait, the revelations go even deeper. These same institutions also admit (not to the public) that hackers simply have more resources than they do. Banks and credit card companies understand it's only a matter of time before a customer account is breached--these institutions deal with this daily. These companies also understand the futility of pouring too much investment into stopping hackers from doing their thing. After all, the second a bank invests millions into securing those accounts from ne'er-do-wells, the ne'er-do-wells will figure out how to get around the new security methods and protocols. From the bank's point of view, that's money wasted. It's that near-nihilistic point of view that causes customers no end of frustration, but it doesn't have to be that way.


The New Elements of Digital Transformation

Even as some companies are still implementing traditional automation approaches such as enterprise resource planning, manufacturing execution, and product life cycle management systems, other companies are moving beyond them to digitally reinvent operations. Amazon’s distribution centers deliver inventory to workers rather than sending workers to collect inventory. Rio Tinto, an Australian mining company, uses autonomous trucks, trains, and drilling machinery so that it can shift workers to less dangerous tasks, leading to higher productivity and better safety. In rethinking core process automation, advanced technologies are useful but not prerequisites. Asian Paints transformed itself from a maker of coatings in 13 regions in India to a provider of coatings, painting services, design services, and home renovations in 17 countries by first establishing a common core of digitized processes under an ERP system. This provided a foundation to build upon and a clean source of data to generate insights. Later, the company incorporated machine learning, robotics, augmented reality, and other technologies to digitally enable its expansion.


AI startup Graphcore says most of the world won't train AI, just distill it

Graphcore is known for building both custom chips to power AI, known as accelerators, and also full computer systems to house those chips, with specialized software. In Knowles's conception of the pecking order of deep learning, the handful of entities that can afford "thousands of yotta-FLOPS" of computing power -- the number ten raised to the 24th power -- are the ones that will build and train trillion-parameter neural network models that represent "universal" models of human knowledge. He offered the example of huge models that can encompass all of human languages, rather like OpenAI's GPT-3 natural language processing neural network. "There won't be many of those" kinds of entities, Knowles predicted. Companies in the market for AI computing equipment are already talking about projects underway to use one trillion parameters in neural networks. By contrast, the second order of entities, the ones that distill the trillion-parameter models, will require far less computing power to re-train the universal models to something specific to a domain. And the third entities, of course, even less power. Knowles was speaking to the audience of SC20, a supercomputing conference which takes place in a different city each year, but this year is being held as a virtual event given the COVID-19 pandemic.


5 Reasons for the Speedy Adoption of Blockchain Technology

Blockchain technology can only handle three to seven transactions per second, while the legacy transaction processing system is able to process tens of thousands of them every second. This led many observers to be unsure of the potential of blockchain as a viable option for large-scale applications. However, recent developments have resulted in promising way to close this performance gap and a new consensus mechanism is being developed. This mechanism is enabling participants (some of who are unknown to each other) to trust the validity of the transactions. While the performance may be sluggish and a lot of computational resources may be spent in the mechanism involving blockchain, the better performance is the key that is popularizing the use of the blockchain technology. Latest designs are aiming to reduce the time and energy intensive mining required to validate every transaction. Various blockchain-based applications are able to choose between performance, functionality, and security to suit what is most appropriate for the application. This consensus model is being especially appreciated in industries like auto-leasing, insurance, healthcare, supply chain management, trading, and more.


How next gen Internal Audit can play strategic role in risk management post-pandemic

The purpose of a business continuity plan is to ensure that the business is ready to survive a critical incident. It permits an instantaneous response to the crisis so as to shorten recovery time and mitigate the impact. This pandemic has conferred an unprecedented “critical incident” for the globe. With unknown reach and period, worldwide implications, and no base for accurate projections, we are very much into unchartered territories. Many organizations used to develop a disaster recovery plan and business continuity procedure that was rarely put to the test in a real crisis situation. With the arrival of newer risks e.g. cyber-attacks, data transfer confidentiality issues struggle with maintaining supply levels, workforce management, physical losses, operational disruptions, change of marketing platforms, increased volatility and interdependency of the global economy, etc. the traditionally accepted Business Continuity & Crisis Management Models are getting continuously & constructively challenged rapidly. Therefore, organizations need adequate planning resulting in immediate response, better decision-making, maximum recovery, effective communications, and sound contingency plans for various scenarios that may suddenly arise.


How to Build a Production Grade Workflow with SQL Modelling

A constructor creates a test query where a common table expression (CTE) represents each input mock data model, and any references to production models (identified using dbt’s ‘ref’ macro) are replaced by references to the corresponding CTE. Once you execute a query, you can compare the output to an expected result. In addition to an equality assertion, we extended our framework to support all expectations from the open-source Great Expectations library to provide more granular assertions and error messaging. The main downside to this framework is that it requires a roundtrip to the query engine to construct the test data model given a set of inputs. Even though the query itself is lightweight and processes only a handful of rows, these roundtrips to the engine add up. It becomes costly to run an entire test suite on each local or CI run. To solve this, we introduced tooling both in development and CI to run the minimal set of tests that could potentially break given the change. This was straightforward to implement with accuracy because of dbt’s lineage tracking support; we simply had to find all downstream models (direct and indirect) for each changed model and run their tests.


Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

For its part, Google stresses the company is taking every measure to keep malicious actors off their platforms. “We are deeply committed to protecting our users from phishing abuse across our services, and are continuously working on additional measures to block these types of attacks as methods evolve,” a Google spokesperson told Threatpost by email. The statement added that Google’s abuse policy prohibits phishing and emphasized that the company is aggressive in combating abuse. “We use proactive measures to prevent this abuse and users can report abuse on our platforms,” the statement said. “Google has strong measures in place to detect and block phishing abuse on our services.” Sambamoorthy told Threatpost that the security responsibility does not rest on Google alone and that organizations should not rely solely on Google’s security protections for their sensitive data. “Google faces a fundamental dilemma because what makes their services free and easy to use also lowers the bar for cybercriminals to build and launch effective phishing attacks,” he said. “It’s important to remember that Google is not an email security company — their primary responsibility is to deliver a functioning, performant email service.”


Democratize Data to Empower your Organization and Unleash More Value

Organizations, unsure whether they can trust their data, limit access, instead of empowering the whole enterprise to achieve new insights for practical uses. To drive new value—such as expanded customer marketing and increasing operational efficiencies—democratizing data demands building out a trusted, governed data marketplace, enabling mastered and curated data to drive your innovations that leapfrog the competition. To do this, trust assurance has become the critical enabler. But how to accomplish trust assurance? Trust Assurance Helps You Accelerate Reliable Results So, what is trust assurance, and how can data governance help accelerate it? If an organization is to convert data insights into value that drives new revenue, improves customer experience, and enables more efficient operations, the data needs controls to help ensure it’s both qualitative for reliable results as well as protected for appropriate, and compliant, use. According to IDC, we’re seeing a 61 percent compound annual growth rate (CAGR) in worldwide data at this moment—a rate of increase that will result in 175 zettabytes of data worldwide by 2025. 


DDoS mitigation strategies needed to maintain availability during pandemic

According to Graham-Cumming, enterprises should start the process of implementing mitigating measures by conducting thorough due diligence of their entire digital estate and its associated infrastructure, because that is what attackers are doing. “The reality is, particularly for the ransomware folks, these people are figuring out what in your organisation is worth attacking,” he says.“It might not be the front door, it might not be the website of the company as that might not be worth it – it might be a critical link to a datacentre where you’ve got a critical application running, so we see people doing reconnaissance to figure out what the best thing to attack is. “Do a survey of what you’ve got exposed to the internet, and that will give you a sense of where attackers might go. Then look at what really needs to be exposed to the internet and, if it does, there are services out there that can help.” This is backed up by Goulding at Nominet, who says that while most reasonably mature companies will have already considered DDoS mitigation, those that have not can start by identifying which assets they need to maintain availability for and where they are located.


Empathy: The glue we need to fix a fractured world

Our most difficult moments force us to contend with our vulnerability and our mortality, and we realize how much we need each other. We’ve seen this during the pandemic and the continued struggle for racial justice. There has been an enormous amount of suffering but also an intense desire to come together, and a lot of mutual aid and support. This painful moment has produced a lot of progress and clarity around our values. Yet modern life, especially in these pandemic times, makes it harder than ever to connect with each other, and this disconnectedness can erode our empathy. But we can fight back. We can work to empathize more effectively. The pandemic, the economic collapse associated with it, and the fight for racial justice have increased all sorts of feelings, including empathy, anger, intolerance, fear, and stress. A big question for the next two to five years is which tide will prevail. ... Another problem is that there’s tribalism within organizations, especially larger organizations and those that are trying to put different groups of people with different goals under a single tent. For instance, I’ve worked with companies that include both scientists and people who are trying to market the scientists’ work. 



Quote for the day:

"Superlative leaders are fully equipped to deliver in destiny; they locate eternally assigned destines." -- Anyaele Sam Chiyson

No comments:

Post a Comment