Daily Tech Digest - March 27, 2021

A Day in the Life of a DevSecOps Manager

The goal of a DevSecOps team, in my view, is embedding application security into development through enablement, iteration, and continuous feedback – also sometimes called "shifting security left." This requires talking to other folks and making sure you can offer them something that solves your problem while enabling them to solve theirs. No one wants to "stop" producing value to take care of security concerns, which can often be how it feels to interact with security teams. Everyone already has a full roadmap. Why does this security concern need to be addressed now? Through a DevSecOps philosophy, which mostly means taking agile principles from engineering and applying them to security work, I use those aforementioned days of meetings to determine how a particular security concern can be mitigated or eradicated without adding friction to the development pipeline. ... Our DevSecOps team, for example, can write a cryptography library for engineering that uses standard libraries in an appropriate manner, avoiding common implementation mistakes that could lead to data exposure. Sometimes we may mandate a particular approach, but typically we offer a library like this to engineering and sell it as saving them development time.

Artificial Intelligence is the Key to Economic Recovery

Artificial Intelligence technologies have already tremendous economic potential in the private and business sector. The value of the global AI market in 2019 is estimated by Gartner and McKinsey at USD 1.9 trillion and forecasts for 2022 is USD 3.9 trillion. ... There are reasons to believe it will be even more so in the post-Corona era. About two years ago, before the outbreak of the plague, Prime Minister Netanyahu asked me and my colleague Professor Eviatar Matanya to lead a national initiative in the field of intelligent systems that would make Israel one of the top five countries in the world in this technology within five years. ... AI has a much wider spectrum than Cyber technology. Its applications have far-reaching implications in most areas of our lives, including security, medicine, transportation, automation, retail, sales, customer service and virtually every field relevant to modern life. The various learning algorithms, along with the tremendous increase in computing power, are already beginning to penetrate all areas of our lives, and their understanding requires mastery not only of the “natural” technological disciplines – such as computer science, mathematics and engineering – but also of social, legal, business and even philosophical aspects.

The war against the virus also fueling a war against digital fraud

The study also found that as of March 16, 2021 the 36% of consumers who said they are being targeted by digital fraud related to COVID-19 in the last three months is higher than approximately one year ago. In April 2020, 29% said they had been targeted by digital fraud related to COVID-19. In the U.S., this percentage increased from 26% to 38% in the same timeframe. Gen Z, those born 1995 to 2002, is currently the most targeted out of any generation at 42%. They are followed by Millennials (37%). Similarities were observed in the U.S. where Gen Z was most targeted at 53% followed by Millennials at 40%. “TransUnion documented a 21% increase in reported phishing attacks among consumers who were globally targeted with COVID-19-related digital fraud just from November 2020 to recently,” said Melissa Gaddis, senior director of customer success, Global Fraud Solutions at TransUnion. “This revelation shows just how essential acquiring personal credentials are for carrying out any type of digital fraud. Consumers must be vigilant and businesses should assume all consumer information is available on the dark web and have alternatives to traditional password verification in place.”

‘Hacktivism’ adds twist to cybersecurity woes

Earlier waves of hacktivism, notably by the amorphous collective known as Anonymous in the early 2010s, largely faded away under law enforcement pressure. But now a new generation of youthful hackers, many angry about how the cybersecurity world operates and upset about the role of tech companies in spreading propaganda, is joining the fray. And some former Anonymous members are returning to the field, including Aubrey Cottle, who helped revive the group’s Twitter presence last year in support of the Black Lives Matter protests. Anonymous followers drew attention for disrupting an app that the Dallas police department was using to field complaints about protesters by flooding it with nonsense traffic. They also wrested control of Twitter hashtags promoted by police supporters. “What’s interesting about the current wave of the Parler archive and Gab hack and leak is that the hacktivism is supporting antiracist politics or antifascism politics,” said Gabriella Coleman, an anthropologist at McGill University, Montreal, who wrote a book on Anonymous.

Sweden’s Fastest Supercomputer for AI Now Online

“Research in machine learning requires enormous quantities of data that must be stored, transported and processed during the training phase. Berzelius is a resource of a completely new order of magnitude in Sweden for this purpose, and it will make it possible for Swedish researchers to compete among the global vanguard in AI,” said Ynnerman. Berzelius will initially be equipped with 60 of the latest and fastest AI systems from Nvidia, with eight graphics processing units and Nvidia Networking in each. Jensen Huang is Nvidia’s CEO and founder. “In every phase of science, there has been an instrument that was essential to its advancement, and today, the most important instrument of science is the supercomputer. With Berzelius, Marcus and the Wallenberg Foundation have created the conditions so that Sweden can be at the forefront of discovery and science. The researchers that will be attracted to this system will enable the nation to transform itself from an industrial technology leader to a global technology leader,” said Huang. The facility has networks from Nvidia, application tools from Atos, and storage capacity from DDN. The machine has been delivered and installed by Atos. Pierre Barnabé is Senior Executive Vice-President and Head of the Big Data and Cybersecurity Division at Atos.

Why data classification should be every organisation’s first step on the path to effective protection

The value of classification was once limited to protection from insider threats. However, with the growth in outsider threats, classification takes on a new importance. It provides the guidance for information security pros to allocate resources towards defending the crown jewels against all threats. Internal actors cause both malicious and unintentional data loss. With a classification program in place, the mistyped email address in a message with sensitive data is flagged. Files that are intentionally being leaked are classified as sensitive and get the attention of security solutions, such as Data Loss Prevention (DLP). On the other hand, external threat actors seek data that can be monetised. Understanding which data within your organisation has the greatest value, and the greatest risk for theft, is where classification delivers value. By understanding the greater potential impact of an attack on sensitive data, advanced threat detection tools escalate alarms accordingly to allow more immediate response. Organisations generate data every day. This comes as no surprise. However, what might be surprising is the accelerating volume at which the data is being created.

6 Principles for Hybrid Work Wellbeing

Wellbeing is both an individual and a team sport. Everyone’s individual circumstances are unique—from caring for a sick parent to juggling the demands of remote learning to struggling with racial injustice. Each of us needs to define our boundaries based on what we can and can’t do—and own them. In practice, this means deciding what time you start work, deciding what time you finish work, and sticking to those commitments while communicating them to your team, whether you’re working remotely or in person. Technology can be your friend here. For example, set your status message in Teams to indicate when you're prioritizing family time. When we all own and respect boundaries, we create a culture of mutual support that promotes everyone’s wellbeing. ... Meeting bloat is one of remote work’s most counterproductive trends, though the reasons for it aren’t hard to understand. Without well-defined ways to indicate progress and participation, showing up to a meeting has become the signal of doing work. It’s the 21st-century version of punching the clock. This helps neither employees nor employers. Organizations can undercut this expectation—and the drain on wellbeing that comes from too many meetings—by fostering a meeting culture centered on preparation and purpose.

Remote working burn-out a factor in security risk

“Lockdown has been a stressful time for everyone, and while employers have admirably supported remote working with technology and connectivity, the human factor must not be overlooked,” said Margaret Cunningham, Forcepoint’s principal research scientist. “Interruptions, distractions and split attention can be physically and emotionally draining and, as such, it’s unsurprising that decision fatigue and motivated reasoning continues to grow. “Companies and business leaders need to take into account the unique psychological and physical situation of their home workers when it comes to effective IT protection. “They need to make their employees feel comfortable in their home offices, raise their awareness of IT security and also model positive behaviours. Knowing the rules, both written and implied, and then designing behaviour-centric metrics surrounding the rules can help us mitigate the negative impact of these risky behaviours.” Cunningham said that although both older and younger employees tended to report they were receiving similar levels of organisational support while working remotely, the emotional experience, and how different generations use technology, was markedly different.

Impact of Big Data on Innovation, Competitive Advantage, Productivity, and Decision Making

Advances in the field of technology enabled individuals and businesses to collect large amounts of data (structured and unstructured) from various sources like never before. Data from social media, user-generated, internet, health care, manufacturing, supply chain, financial institution, and sensors have grown exponentially. This paper’s objective is to review how big data drive and impact innovation, competitive advantage, productivity, and decision support. Methodology: A comprehensive literature review on big data and identifying the impact of big data analytics on innovation, competitive advantage, productivity, and decision support are studied. The reviewed literature created the foundation for studying, a model that was developed based on an extensive review of literature as well as case studies and future forecast by market leaders. Big data is the latest buzzword among businesses. A new model is suggested identifying big data and the correlation between innovation, competitive advantage, productivity, and decision support. Findings: A review of scholarly literature and existing case studies finds that there is a gap between existing frameworks and the integration of big data into various business and management functions and objectives.

Rethinking data strategies: Shifting the focus from technology to insights

We need to redefine data strategy. Businesses need to move away from collecting data for data’s sake. Instead, we need to focus on data-driven technological innovation that delivers meaningful customer experiences, using targeted data to provide the right insights about customers. Today, businesses are collecting data en masse. But what are the benefits of collecting this data? What insight does it provide about customers or competitors? Most businesses believe they know their customer profile, and acquire more technology and data to meet this perceived customer profile. By rethinking data strategies, however, and exploring the value of the data being collected and how it is being collected, businesses will understand their customers’ wants and needs more effectively. Indeed, knowing your customer is not only about tracking and tracing their behaviour digitally, you first need to define what kind of data insight you want to learn from your customer. Then you can work out how to leverage new data insights amassed through a targeted data collection to deliver tailored features back to the customer quickly and easily – engaging customers in a product or service when they need it most.

Quote for the day:

"The leader has to be practical and a realist, yet must talk the language of the visionary and the idealist." -- Eric Hoffer

No comments:

Post a Comment