Daily Tech Digest - December 30, 2020

Are EU Privacy Regulators Starting to Find GDPR Consensus?

Even though GDPR enforcement is more than two years old, attorney Rocco Panetta, the founder and managing partner of Panetta & Associates in Rome, predicts that it will take at least two more years - if not more - for enforcement and sanctions efforts to gain greater consistency, not just between EU member states but also inside any given country. Such consistency would also provide more predictability for organizations facing sanctions. "The EU regulation gives a range of values without imposing any standardization," says Panetta, who's also on the board of directors of the International Association of Privacy Professionals. "If anything, the issue is mostly about the difficulty facing companies that try to predict the potential consequences of a GDPR breach," he tells Information Security Media Group. "As a data protection officer and legal consultant for local and multinational enterprises and groups of companies, I'm getting to witness such difficulty more and more frequently." One major change brought about by GDPR is that it made data protection a law. Previously, EU member states were subject only to a data protection directive - specifically, Directive 1995/46/CE - that each nation transposed as it saw fit into its own, national law.

Key Sprint Metrics to Increase Team Dependability

With Sprint Flow, you can track how your work is flowing throughout the Sprint and easily spot any delays or bottlenecks emerging that may potentially put your commitments at risk. One of the most common pitfalls we see with scrum teams is work being signed off at the end of the sprint. This delay backloads risk and makes it difficult for teams to address any feedback by the end of the sprint, which in turn cannibalises capacity in the next sprint and can create a nasty snowball effect. A feature of successful sprints is the tight feedback loop between the user (often represented by the PO) and the team, and work is being signed off as early as possible. Some of the most common challenges to this feedback loop are: work is slow to start at the beginning of the sprint, a backlog is forming with the QA team, and the PO has limited availability to review and sign-off work. It’s essential that all member of the team, but particularly a Scrum Master, have visibility of these potential delays, which is why Sprint Flow is an incredibly powerful metric to review in daily stand-ups and retros. ... The challenge we see with this approach is that burn-downs and burn-ups are binary in their analysis; they only differentiate between incomplete and complete

Key Application Metrics and Monitoring for Developers

As a developer, it's all too easy to fall into the habit of what I call reactive firefighting, or responding only or primarily to reported issues or bugs. These issues are easy to prioritize, as it is clear that a user is already experiencing an issue or downtime. However, while you are busy fighting the fire, the fire is continuing to damage application downtime or cause some other issue. Proactive monitoring is the best way to reduce the number of fires that start in the first place. In essence, you need to monitor your metrics on a regular basis. This is proactive because it requires you or your team to look at your application response time, error rate, and slow transactions before users report any issues. By reviewing your metrics on a regular basis, you can identify issues before users report them, and you can proactively address errors or bottlenecks that could become larger problems. Additionally, monitoring your metrics regularly will give you a sense of what is “normal” and what is abnormal for your application. As mentioned earlier, metrics are the most helpful in illuminating relative rather than absolute performance. 

2021 will overburden already stressed infosec teams

Dis- and misinformation impacts businesses and the public at large in a myriad of ways. False or misleading claims can have a major impact on a businesses’ bottom line, not to mention turning the tide of public opinion. In 2021, every organization and individual will face three challenges: The need to discern what is real from what is fake; The need to determine what sources are credible; and The need to verify information. Disinformation becomes a cybersecurity issue because cybercriminals thrive on uncertainty. According to OpenText research, one in five people (at least) have received a COVID-19 related phishing email as of this fall. That number will surely grow. We’ve also seen spikes in phishing campaigns around fake COVID-19 stimulus offers, fake streaming media links, etc. We can expect trends specific to COVID-19 to continue. More generally, as trust in media and institutions is threatened, cybercriminals will have more opportunities to exploit the resulting uncertainty. The good news, cybersecurity teams are used to dealing with a level of disinformation. If you think about it, what is a phishing campaign if not an active disinformation attack?

Use predictive analytics in manufacturing to gain insight

Predictive analytics in manufacturing relies on collecting sensor data across the manufacturing process, Leone said. If this happens, manufacturers can uncover trends, forecast outcomes, improve and ensure product quality and optimize asset allocation and capacity utilization. In addition, a predictive manufacturing system doesn't just come in handy during one step of the manufacturing process. A predictive manufacturing system has many roles in a factory, said Forrester analyst Paul Miller. For example, it can help when a manufacturer is striving for reliability or searching for the most cost-effective energy mix or the ideal materials. "Potentially, for a complex industrial asset, there could be thousands and thousands of combinations to consider," Miller said. However, adopting a predictive manufacturing system doesn't come without its growing pains. A key barrier to adopting predictive manufacturing is internal resistance, Miller said.  "People will say, I have been running this operation for 30 years and I know how to do it," Miller said. However, some companies have been pleasantly surprised by the results, he said.  "Siemens found that with their gas turbines, they were able to get significantly better performance than their best engineers because the computer can try so many options all at once," Miller said.

DDoS Attacks Spiked, Became More Complex in 2020

Threat actors launched more DDoS attacks this year than ever before. Much of the increase was tied to the large-scale shift to remote work as a result of the global pandemic. Adversaries perceived more opportunities to attack organizations that suddenly were forced to support large distributed workforces and employees logging in from weakly protected home networks. "As a result of the pandemic, we saw an unprecedented number of systems going online, with corporate resources now in less-secure home environments, and a massive increase in the use of VPN technology," says Richard Hummel, threat intelligence lead at Netscout. Netscout's current projections forecast more than 10 million DDoS attacks in 2020, the most ever in a single year. In May 2020 alone, Netscout observed some 929,000 DDoS attacks, the largest ever in a 31-day period. During the height of the pandemic-related lockdown between March and June, the frequency of DDoS attacks increased 25% compared with the previous three-month period. The attacks consumed huge amounts of network throughput and bandwidth and increased costs for both Internet service providers and enterprises.

Enterprise architecture tools could be acquisition targets

The adoption of enterprise architecture tools is increasing as organizations advance their business models to meet changing customer needs, pursue digital transformation and build a "composable enterprise" using interchangeable building blocks. He said some EA teams mistakenly limit their scope to cataloging their existing IT systems, applications and technologies when they should take the opportunity to capture their organization's business architecture and strategy. Gartner's latest Magic Quadrant on EA tools reflects a shift to features that enable users to drag and drop objects and classes, get context-sensitive help, and use collaboration tools such as Microsoft Teams and Slack. Other key capabilities in many of the EA tools featured in the report include guided navigation, autogenerated views, smart search and virtual assistant support, Jhawar said. Avolution, Bizzdesign, Mega International and Software AG "sustained excellence in both execution and vision" to hold their positions as leaders in the 2020 Magic Quadrant for EA tools, just as they were in 2019, according to the Gartner report. But Gartner now lists a longer group of challengers behind them, with BOC Group, LeanIX, Orbus Software and QualiWare.

5 Emerging DevOps Trends to Watch in 2021

As Infosec continues to evolve, security is coming to the forefront of all teams. No company wants to deal with business and financial effects of a breach, and many companies are now working hard to secure their digital systems. As companies educate their teams on how to keep information and systems secure, DevOps is no exception. As the core team responsible for deploying and maintaining infrastructure as well as configuring and storing the secrets for applications that are deployed, DevOps teams must continue to keep security top of mind. We see DevOps not as an obstacle to secure workloads but as an enabler. Both Security and DevOps teams want clear processes in place and tight configurations implemented on servers and cloud access. These teams will continue to work together to make sure infrastructure and applications are deployed in an increasingly automated, auditable, and secure manner. With the focus on security, this may change the way DevOps teams operate to be more of a balance between process and speed. Many companies may evaluate if they really need to be deploying software many times per day and if this keeps their security and compliance goals in mind.

Businesses to boost collaboration spending in ‘21 as remote work continues

With real uncertainty over when the pandemic might end and a sustained global economic recovery could begin, many IT departments are likely to take a wait-and-see approach when setting budgets for collaboration investments in 2021. “What I hear a lot of is, ‘I’ve got three budgets for next year,’” said Lazar. Those budgets include spending based on a worst-case scenario, where financial markets tank and spending is “cut to the bone”; a “keep everything steady” budget; and, finally, an optimistic budget where economies are booming, and companies undertake a “massive expansion” in spending, he said. ... “The need to empower collaboration in the enterprise has clearly been a lesson learned in 2020,” said Wayne Kurtzman, research director for collaboration at IDC. “2021 is the time to improve it, often through software integrations and making [collaboration software] part of the core IT stack and enabling all workers.” A 451 Research survey report (Voice of the Enterprise: Workforce Productivity & Collaboration Technology Ecosystems 2020), which tracks planned corporate technology purchasing in the first half of 2021, paints a similar picture, with collaboration spending largely protected as businesses tighten other areas of their IT budgets.

How Will Biden Administration Tackle Cybersecurity?

While Biden and his transition team have not yet released specific cybersecurity policies, he recently noted that it "may take billions of dollars to secure our cyberspace," over the next several years and that those who were responsible for the SolarWinds hack "can be assured that we will respond and probably respond in kind." Besides SolarWinds, the new Biden administration will face a host of other issues, including CISA, which has seen its leadership hollowed out following the post-election firing of former Director Christopher Krebs. Cybersecurity experts and analysts agree that how Biden and his administration address these issues in the first critical weeks is likely to set the tone for the next four years, as the nation faces several security obstacles both foreign and domestic. Their suggestions range from filling key leadership spots, such as the CISA director, to confronting overseas adversaries to building deeper relationships with the private sector. As the events surrounding the SolarWinds breach continue to unfold, how the Biden administration responds during its first few weeks will likely shape a large portion of the White House's cybersecurity policy going forward, says Phil Reitinger

Quote for the day:

"Every day is a NEW beginning, take a deep breath and START AGAIN." -- Unknown

No comments:

Post a Comment