It's time for banks to rethink how they secure customer information
To sum it up, banks and credit card companies really don't care to put too
much effort into securing the accounts of customers. That's crazy,
right? The thing is, banks and credit card companies know they have a
safety net to prevent them from crashing to the ground. That safety net is
fraud insurance. When a customer of a bank has their account hacked or card
number stolen, the institution is fairly confident that it will get its--I
mean, the customer's--money back. But wait, the revelations go even
deeper. These same institutions also admit (not to the public) that
hackers simply have more resources than they do. Banks and credit card
companies understand it's only a matter of time before a customer account is
breached--these institutions deal with this daily. These companies also
understand the futility of pouring too much investment into stopping hackers
from doing their thing. After all, the second a bank invests millions into
securing those accounts from ne'er-do-wells, the ne'er-do-wells will figure
out how to get around the new security methods and protocols. From the bank's
point of view, that's money wasted. It's that near-nihilistic point of view
that causes customers no end of frustration, but it doesn't have to be that
way.
The New Elements of Digital Transformation
Even as some companies are still implementing traditional automation
approaches such as enterprise resource planning, manufacturing execution, and
product life cycle management systems, other companies are moving beyond them
to digitally reinvent operations. Amazon’s distribution centers deliver
inventory to workers rather than sending workers to collect inventory. Rio
Tinto, an Australian mining company, uses autonomous trucks, trains, and
drilling machinery so that it can shift workers to less dangerous tasks,
leading to higher productivity and better safety. In rethinking core process
automation, advanced technologies are useful but not prerequisites. Asian
Paints transformed itself from a maker of coatings in 13 regions in India to a
provider of coatings, painting services, design services, and home renovations
in 17 countries by first establishing a common core of digitized processes
under an ERP system. This provided a foundation to build upon and a clean
source of data to generate insights. Later, the company incorporated machine
learning, robotics, augmented reality, and other technologies to digitally
enable its expansion.
AI startup Graphcore says most of the world won't train AI, just distill it
Graphcore is known for building both custom chips to power AI, known as
accelerators, and also full computer systems to house those chips, with
specialized software. In Knowles's conception of the pecking order of
deep learning, the handful of entities that can afford "thousands of
yotta-FLOPS" of computing power -- the number ten raised to the 24th power --
are the ones that will build and train trillion-parameter neural network
models that represent "universal" models of human knowledge. He offered the
example of huge models that can encompass all of human languages, rather like
OpenAI's GPT-3 natural language processing neural network. "There won't be
many of those" kinds of entities, Knowles predicted. Companies in the market
for AI computing equipment are already talking about projects underway to use
one trillion parameters in neural networks. By contrast, the second order of
entities, the ones that distill the trillion-parameter models, will require
far less computing power to re-train the universal models to something
specific to a domain. And the third entities, of course, even less power.
Knowles was speaking to the audience of SC20, a supercomputing conference
which takes place in a different city each year, but this year is being held
as a virtual event given the COVID-19 pandemic.
5 Reasons for the Speedy Adoption of Blockchain Technology
Blockchain technology can only handle three to seven transactions per second,
while the legacy transaction processing system is able to process tens of
thousands of them every second. This led many observers to be unsure of the
potential of blockchain as a viable option for large-scale applications.
However, recent developments have resulted in promising way to close this
performance gap and a new consensus mechanism is being developed. This
mechanism is enabling participants (some of who are unknown to each other) to
trust the validity of the transactions. While the performance may be sluggish
and a lot of computational resources may be spent in the mechanism involving
blockchain, the better performance is the key that is popularizing the use of
the blockchain technology. Latest designs are aiming to reduce the time and
energy intensive mining required to validate every transaction. Various
blockchain-based applications are able to choose between performance,
functionality, and security to suit what is most appropriate for the
application. This consensus model is being especially appreciated in
industries like auto-leasing, insurance, healthcare, supply chain management,
trading, and more.
How next gen Internal Audit can play strategic role in risk management post-pandemic
The purpose of a business continuity plan is to ensure that the business is
ready to survive a critical incident. It permits an instantaneous response to
the crisis so as to shorten recovery time and mitigate the impact. This
pandemic has conferred an unprecedented “critical incident” for the globe.
With unknown reach and period, worldwide implications, and no base for
accurate projections, we are very much into unchartered territories. Many
organizations used to develop a disaster recovery plan and business continuity
procedure that was rarely put to the test in a real crisis situation. With the
arrival of newer risks e.g. cyber-attacks, data transfer confidentiality
issues struggle with maintaining supply levels, workforce management, physical
losses, operational disruptions, change of marketing platforms, increased
volatility and interdependency of the global economy, etc. the traditionally
accepted Business Continuity & Crisis Management Models are getting
continuously & constructively challenged rapidly. Therefore, organizations
need adequate planning resulting in immediate response, better
decision-making, maximum recovery, effective communications, and sound
contingency plans for various scenarios that may suddenly arise.
How to Build a Production Grade Workflow with SQL Modelling
A constructor creates a test query where a common table expression (CTE)
represents each input mock data model, and any references to production models
(identified using dbt’s ‘ref’ macro) are replaced by references to the
corresponding CTE. Once you execute a query, you can compare the output to an
expected result. In addition to an equality assertion, we extended our
framework to support all expectations from the open-source Great Expectations
library to provide more granular assertions and error messaging. The main
downside to this framework is that it requires a roundtrip to the query engine
to construct the test data model given a set of inputs. Even though the query
itself is lightweight and processes only a handful of rows, these roundtrips
to the engine add up. It becomes costly to run an entire test suite on each
local or CI run. To solve this, we introduced tooling both in development and
CI to run the minimal set of tests that could potentially break given the
change. This was straightforward to implement with accuracy because of dbt’s
lineage tracking support; we simply had to find all downstream models (direct
and indirect) for each changed model and run their tests.
Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns
For its part, Google stresses the company is taking every measure to keep
malicious actors off their platforms. “We are deeply committed to protecting
our users from phishing abuse across our services, and are continuously
working on additional measures to block these types of attacks as methods
evolve,” a Google spokesperson told Threatpost by email. The statement added
that Google’s abuse policy prohibits phishing and emphasized that the company
is aggressive in combating abuse. “We use proactive measures to prevent this
abuse and users can report abuse on our platforms,” the statement said.
“Google has strong measures in place to detect and block phishing abuse on our
services.” Sambamoorthy told Threatpost that the security responsibility does
not rest on Google alone and that organizations should not rely solely on
Google’s security protections for their sensitive data. “Google faces a
fundamental dilemma because what makes their services free and easy to use
also lowers the bar for cybercriminals to build and launch effective phishing
attacks,” he said. “It’s important to remember that Google is not an email
security company — their primary responsibility is to deliver a functioning,
performant email service.”
Democratize Data to Empower your Organization and Unleash More Value
Organizations, unsure whether they can trust their data, limit access,
instead of empowering the whole enterprise to achieve new insights for
practical uses. To drive new value—such as expanded customer marketing and
increasing operational efficiencies—democratizing data demands building out
a trusted, governed data marketplace, enabling mastered and curated data to
drive your innovations that leapfrog the competition. To do this, trust
assurance has become the critical enabler. But how to accomplish trust
assurance? Trust Assurance Helps You Accelerate Reliable Results So, what is
trust assurance, and how can data governance help accelerate it? If an
organization is to convert data insights into value that drives new revenue,
improves customer experience, and enables more efficient operations, the
data needs controls to help ensure it’s both qualitative for reliable
results as well as protected for appropriate, and compliant,
use. According to IDC, we’re seeing a 61 percent compound annual growth
rate (CAGR) in worldwide data at this moment—a rate of increase that will
result in 175 zettabytes of data worldwide by 2025.
DDoS mitigation strategies needed to maintain availability during pandemic
According to Graham-Cumming, enterprises should start the process of
implementing mitigating measures by conducting thorough due diligence of their
entire digital estate and its associated infrastructure, because that is what
attackers are doing. “The reality is, particularly for the ransomware folks,
these people are figuring out what in your organisation is worth attacking,”
he says.“It might not be the front door, it might not be the website of the
company as that might not be worth it – it might be a critical link to a
datacentre where you’ve got a critical application running, so we see people
doing reconnaissance to figure out what the best thing to attack is. “Do a
survey of what you’ve got exposed to the internet, and that will give you a
sense of where attackers might go. Then look at what really needs to be
exposed to the internet and, if it does, there are services out there that can
help.” This is backed up by Goulding at Nominet, who says that while most
reasonably mature companies will have already considered DDoS mitigation,
those that have not can start by identifying which assets they need to
maintain availability for and where they are located.
Empathy: The glue we need to fix a fractured world
Our most difficult moments force us to contend with our vulnerability and
our mortality, and we realize how much we need each other. We’ve seen this
during the pandemic and the continued struggle for racial justice. There has
been an enormous amount of suffering but also an intense desire to come
together, and a lot of mutual aid and support. This painful moment has
produced a lot of progress and clarity around our values. Yet modern life,
especially in these pandemic times, makes it harder than ever to connect
with each other, and this disconnectedness can erode our empathy. But we can
fight back. We can work to empathize more effectively. The pandemic, the
economic collapse associated with it, and the fight for racial justice have
increased all sorts of feelings, including empathy, anger, intolerance,
fear, and stress. A big question for the next two to five years is which
tide will prevail. ... Another problem is that there’s tribalism within
organizations, especially larger organizations and those that are trying to
put different groups of people with different goals under a single tent. For
instance, I’ve worked with companies that include both scientists and people
who are trying to market the scientists’ work.
Quote for the day:
"Superlative leaders are fully equipped to deliver in destiny; they locate eternally assigned destines." -- Anyaele Sam Chiyson
No comments:
Post a Comment