Daily Tech Digest - December 06, 2020

Ransomware Set for Evolution in Attack Capabilities in 2021

“The Maginot line of cybersecurity transformation failed as the first adopters were the e-crime groups and cybercrime cartels, and we just have to pay attention now as perimeter defenses have failed and continue to fail, and visibility and hardening has become an extreme challenge. Most attacks you see today are attacks from the inside out – digital insiders using trusted ecosystems to leverage ransomware attacks and espionage and crime campaigns.” Looking at ransomware in particular, the trio said they do not see this stopping or slowing down “and we continue to predict that this is going to extend significantly,” Foss said. He claimed ransomware groups have brought more people into their groups and are making sure they are getting trusted people, with nation state adversaries taking part as well. “We see this reaching out to additional operating systems; traditionally this has only impacted Windows primarily, but with MacOS having such a market reach in the professional ecosystem of most organizations, we predict it will be targeted as well,” Foss said. “Linux is one we have started to see more campaigns begin to target, and a lot are looking at defacing webpages in addition to taking over core components of ecosystems that these companies operate.”

Rethinking Robotic Process Automation (RPA)

You can't converse much with anyone these days about automation without talking RPA. It seems the little bots are getting everywhere. It's almost like an alien invasion! But always, the talk seems to be about creating and imposing bots on us. A bot for this and a bot for that, pretty soon you have dozens of little creatures (think about all the little gremlins in the film of the same name!) all nibbling away at pieces of your work. Helpful they maybe, but at what cost? In the UK and USA, as we came out of the 2008 financial crisis, economists were left scratching their heads. They were wrestling with what they call the productivity puzzle. Historically economic growth was always been closely tied to productivity, e.g., if output per worker does not grow, then the economy does not grow. In the UK, productivity was actually lower than before the crisis hit. So if productivity growth is required, it only stands to reason that tools to increase productivity are a useful thing to have. (I know I am oversimplifying, but I think it works for where we are going). What if RPA, instead of being about Robotic Process Automation instead became about Robotic Process Assistants. In this new world, we would each have just one robot on our desktop/laptop/machine, a little like Automator on a Mac.

Quantum Sensors Will Revolutionise The Tech Industry

Measurement devices that exploit quantum properties have been around for a while, such as atomic clocks, laser distance meters, and magnetic resonance imaging used for medical diagnosis. What can now be considered new is that individual quantum systems, like atoms and photons, are increasingly used as measurement probes. The entanglement and manipulation of quantum states are used to improve the sensitivity, even beyond the limit set by a conventional formulation of the quantum mechanical uncertainty principle. Yet, many scientists believe that quantum will enjoy its first real commercial success in sensing. That’s because sensing can avail the very characteristic that makes building a quantum computer so difficult-the extraordinary sensitivity of quantum states to the environment. Whether they respond to the gravitational pull of buried objects or picking up magnetic fields from the human brain, quantum sensors can recognize a wide range of tiny signals across the world. Some physicists believe that gravity-measuring quantum sensors, in particular, will become more widespread quickly with a potential market of USD 1 billion a year.

Banking to groceries — Data Protection Authority has multi-sector role, but must be efficient

First, the Data Protection Authority should follow a risk-based approach that is implicitly present in the Bill. For example, in many places, the Bill requires the DPA to consider the risk of harm to consumers while framing regulations. Additionally, the Bill categorises data into personal data, sensitive personal data, and critical personal data to differentiate the varying levels of risks that emanate from the misuse of data. Finally, the Bill creates a differential level of regulation between ordinary firms that use data, significant data fiduciaries, and small entities. These point to the fact that risk-based regulation must be inherent to the DPA’s strategic approach. Within this overall framework, the DPA can prioritise its resources by focusing on processing sensitive and critical personal data, and by overseeing significant data fiduciaries. This will allow the DPA to first build capacity in areas that pose the greatest threat to consumers, rather than expending its limited resources to regulate all sectors of economic activity. The DPA can further sharpen its focus by having a low threshold for exempting small entities. This will allow the DPA to focus its regulatory capacity towards firms that pose a larger risk to consumers by collecting and processing large volumes of data.

Australia’s Global RegTech Hub Poised for Growth

Like most businesses, local RegTechs have experienced disruption during the COVID-19 pandemic. The biggest challenge has been an immediate reduction in revenue. A contributing factor is the slowing of export opportunities, following travel restrictions and the postponement of trade events. Nonetheless, Australian RegTechs remain positive about future growth and continue to seek growth capital to fund product development, talent acquisition and market expansion. The pandemic has accelerated a shift towards remote working and digital interactions, increasing the risk of fraud and financial crime, and focusing organisations on the importance of robust cybersecurity. At the same time, Federal and State Governments are recognising the potential of RegTech to efficiently and effectively solve regulatory and compliance challenges, and to become a signature export for Australia. This, combined with regulatory pressure for all regulated entities across a range of industries to adopt RegTech, will create a strong platform for the sector to excel. ... Collectively, these actions will help Australian RegTechs to scale, creating local jobs, and supporting the export of Australian solutions.

Novel Online Shopping Malware Hides in Social-Media Buttons

The imposter buttons look just like the legitimate social-sharing buttons found on untold numbers of websites, and are unlikely to trigger any concern from website visitors, according to Sansec. Perhaps more interestingly, the malware’s operators also took great pains to make the code itself for the buttons to look as normal and harmless as possible, to avoid being flagged by security solutions. “While skimmers have added their malicious payload to benign files like images in the past, this is the first time that malicious code has been constructed as a perfectly valid image,” according to Sansec’s recent posting. “The malicious payload assumes the form of an html <svg> element, using the <path> element as a container for the payload. The payload itself is concealed utilizing syntax that strongly resembles correct use of the <svg> element.” To complete the illusion of the image being benign, the malicious payloads are named after legitimate companies. The researchers found at least six major names being used for the payloads to lend legitimacy: facebook_full; google_full; instagram_full; pinterest_full; twitter_full; and youtube_full. The result of all of this is that security scanners can no longer find malware just by testing for valid syntax.

Embedding Trust at the Core of Critical Infrastructure

Technology is no longer an extension of critical infrastructure, but rather at the core of it. The network sits between critical data, assets, and systems, and the users and services that leverage or operate them. It is uniquely positioned not only to add essential visibility and controls for resiliency, but also a well-placed and high-value target for attackers. Resiliency of the network infrastructure itself is crucial. Resilience is only achieved by building in steps to verify integrity with technical features embedded in hardware and software. Secure boot ensures a network device boots using only software that is trusted by the Original Equipment Manufacturer. Image signing allows a user to add a digital fingerprint to an image to verify that the software running on the network has not been modified. Runtime defenses protect against the injection of malicious code into running network software, making it very difficult for attackers to exploit known vulnerabilities in software and hardware configurations. Equally important, vendors must use a Secure Development Lifecycle to enhance security, reduce vulnerabilities, and promote consistent security policy across solutions. All of this might sound like geek mumbo-jumbo, but these are non-negotiables in today’s world. 

Out on the edge: The new cloud battleground isn’t in the cloud at all

The big cloud providers are all pursuing similar paths to the edge, anchored by the on-premises versions of their cloud infrastructure that have started rolling out this year. AWS’ Outposts, which was built for use within customer data centers, is also the foundation for AWS Local Zones and AWS Wavelength, which are miniature versions of the cloud giant’s technology stack that live in small, local data centers and telecommunications carriers’ point-of-presence facilities. The company says the experience it gained building out its retail e-commerce business lends itself perfectly to edge computing. “We already have more IoT devices connected to the cloud than any other cloud provider by a large margin. We have to do that for ourselves,” ‘said AWS’ Vass. Customers can employ such Amazon inventions as AWS Greengrass for IoT devices, AWS Snowball for storage and AWS Robomaker for development of robotic devices using Lambda serverless functions “on a POP, in a Local Zone and in the cloud, manage it all centrally and do decentralized execution,” he said. Microsoft’s Azure cloud edge strategy uses a similar approach. Edge Zones, which the company rolled out early this year, are essentially scaled-down Azure data centers located within miles of a customer. 

Is RPA the same as AI? What’s the Difference, and What Are the Use Cases?

RPA uses software robots to automate human actions in business processes that involve interaction with digital systems. These actions are usually simple and repetitive, which makes them prone to human error and can provoke a loss of employees’ motivation and efficiency. Software robots and RPA on the other hand bring notable benefits: accuracy (by minimizing human error), reliability (by being always available and by reducing delay), traceability (by providing audit trails and logs), and productivity (by increasing processing speed). A few examples of use cases are automating orders, processing payroll, customer onboarding, data validation, etc. ... Artificial intelligence “combines the human capacities for learning, perception, and interaction [...] at a level of complexity [and automation] that ultimately supersedes our own abilities.” It is a spectrum of technologies (e.g., natural language processing, computer vision, predictive modeling, data clustering, and many more) that opens new use cases for businesses, as well as reduces entry cost for many existing business problems that still require too much human intervention. ... In order to tackle these use cases and leverage the benefits of AI in business, using a data science and machine learning platform is a best practice. — it is the key to successfully scaling AI projects and to bringing a robust data methodology to all levels of the business.

When Is It Time to Retire Your Legacy System and Go Cloud?

When your tried-and-tested technology becomes unwieldy and impacts your bottom line, upgrading is critical to fit the business. Let's say you're a construction company that uses an obsolete legacy proof-of-delivery (PoD) system. The system requires three full-time customer service specialists to manage the application (e.g., find the right documents, send them over to customers, work with invoices, and so on). Due to the use of old-school tech, making a single change or adding a new feature is costly and time-consuming. On the other hand, the risk of human error is high and can result in unhappy customers, overheads, and delayed payments. Furthermore, customers call you to request their PoD, and the number of monthly calls now exceeds 1,000 and requires a lot of manual labor. This is a telltale sign that your traditional processes aren't effective which badly affects your entire business. Creating a Cloud-based and easy-to-use PoD portal would ensure maximum automation of all relevant processes, elimination of customer calls or their reduction to the minimum, and significant time- and cost-saving and increased efficiency.

Quote for the day:

"Anger and intolerance are the enemies of correct understanding." -- Mahatma Gandhi

No comments:

Post a Comment