Daily Tech Digest - April 03, 2021

What Is a Cybersecurity Legal Practice?

A cybersecurity attorney is not an auditor; this attorney does not sit in an ivory tower doing oversight of the company’s information technology work. Instead, corporate officers must recognize that a cybersecurity attorney must be a part of the operational team. The attorney should be as involved in the company’s operations as the information technology expert deploying new defensive measures in the company’s networks. An effective cybersecurity attorney has to be in the trenches, helping to develop the statements of work for new contracts, negotiating information-sharing agreements, advising on legal risks associated with the many and varied daily decisions of securing networks, and managing the hour-by-hour response during an incident. ... Finally, a cybersecurity attorney must be multilingual in the jargon of both law and tech. One of the key jobs of such an attorney is to translate legal requirements (such as obligations imposed by regulations) into design requirements and to understand the technical details enough to ask probing questions, spot legal issues and translate risks to organizational leadership.


3 steps to meeting data privacy regulation compliance through identity programs

This focus on security, however, isn’t just a reaction to more cyberattacks. It also correlates with the enormous acceleration in digital transformation initiatives over the last year. Some industry experts dubbed it the shift from “cloud speed to COVID speed.” The pandemic forced a new way of working, and this ultimately means a new way of ensuring the security of how we work. It also means that companies store and manage more data in the cloud, which comes with its own regulatory compliance challenges. Every new process moved to the cloud, automated or made digital, has become a new vulnerability. Security teams need to manage these vulnerabilities to protect the data from a cyber-attack and ensure compliance with the latest data privacy regulations, such as the General Data Protection Regulation (GDPR) or the California Privacy Rights Act (CPRA). Other non-compliance issues will grow over the next year, especially as companies continue to remotely onboard and offboard customers and employees. These new processes will impact how to protect data and comply with the multiple different patchwork privacy regulations from various states and countries.


Speed and resilience: Five priorities for the next five months

Over the past year, organizations have become well versed in the basics of ensuring a safe working environment. More recently, however, companies have reported that some of their workers appear to be more willing to participate in higher-risk activities simply because they are tired of living with virus restrictions. This will require a different type of intervention and messaging, especially because newer COVID-19 variants pose a high risk and may be transmitted in ways that are not yet fully understood. Employers have a unique societal role to play in vaccination; they are important voices and can help reduce the friction associated with getting the vaccine. Self-reported data from a wide range of organizations point to individual and team productivity being higher than before the onset of the pandemic, but not uniformly so. According to a McKinsey survey, productivity is up for about half of all workers, with the other half reporting no change or lower productivity. The same survey suggested that, while the inability to disconnect is a real concern, increased productivity is correlated to a willingness to change how people work. 


Quantum computing may be able to solve the age-old problem of reasoning

The results show that the quantum machine could use inference models to draw conclusions. Probabilistic inference, which means the incorporation of uncertainty into computer programming, is particularly suited to quantum computers, Fiorentini said, because "quantum models have been proven to be more expressive, easier to train under certain circumstances." In practical terms, this means that quantum computing can be useful to solve both scientific and engineering problems. The results are "quite flexible, surprisingly robust, and can be applied in many fields," said Fiorentini. For instance, he added, Bayesian networks have traditionally been used in predictive maintenance of mission-critical equipment, such as jetliners and jet engines. "You model a system, and then you perform inference on the model by asking certain questions and by figuring out if the system is stable, reliable, and robust--or is about to break down--so you can intervene," Fiorentini said. "And which part is signaling the stress more strongly?" Medical diagnostics is another field that can benefit from these results. Although it can't be exactly applied from the results of this study, "continuing in this direction, some of these techniques are applied to drug discovery," Fiorentini noted.


FBI: APTs Actively Exploiting Fortinet VPN Security Holes

Once exploited, the attackers are moving laterally and carrying out reconnaissance on targets, according to officials. “The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical-infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks,” the warning explained. “APT actors may use other CVEs or common exploitation techniques—such as spear-phishing—to gain access to critical infrastructure networks to pre-position for follow-on attacks.” The joint cybersecurity advisory from the FBI and CISA follows last year’s flurry of advisories from U.S. agencies about APT groups using unpatched vulnerabilities to target federal agencies and commercial organizations. For instance, in October an alert went out that APTs were using flaws in outdated VPN technologies from Fortinet, Palo Alto Networks and Pulse Secure to carry out cyberattacks on targets in the United States and overseas. “It’s no surprise to see additional Fortinet FortiOS vulnerabilities like CVE-2019-5591 and CVE-2020-12812 added to the list of known, but unpatched flaws being leveraged by these threat actors,” said Narang.


How AI-powered BI tools will redefine enterprise decision-making

In this fourth wave, the traditional order of BI will be inverted. The traditional method of BI generally begins with a technical analyst investigating a specific question. For example, an electronics retailer may wonder if a higher diversity of refrigerator models in specific geographies will likely increase sales. The analyst blends relevant data sources (perhaps an inventory management system and a billing system) and investigates whether there is a correlation. Once the analyst has completed the work, they present a conclusion about past behavior. They then create a visualization for business decision makers in a system like a Tableau or Looker, which can be revisited as the data changes. This investigation method works quite well, assuming the analyst asks the right questions, the number of variables is relatively well-understood and finite, and the future continues to look somewhat similar to the past. However, this paradigm presents several potential challenges in the future as companies continue to accumulate new types of data, business models and distribution channels evolve, and real-time consumer and competitive adjustments cause constant disruptions.


How Going Back to Coding After 10 Years Almost Crushed Me

Containers, namely Docker, have really streamlined packaging and reduced env-related issues as you move code thru QA and into production. In the old days, you would develop in a system entirely different than where it was deployed (i.e. code on Windows and deploy to Unix), which invariably led to bugs and more work on each test and release cycle. Also, in the past, a release, QA, or DevOps engineer would take code from an SCM tag and figure out how to compile, test, and migrate it — and usually uncover a whole bunch of hardcoded paths and variables or missing libraries and files that needed to be reworked or hacked up to work. ... I remember fairly long release cycles (as long as three months at a startup). After attending specification meetings to understand the requirements line by line, a developer could go to their desk and play games for a few weeks without having to issue a dreaded update on where they were. Now, you have a daily standup and two-week sprint, so there is no more slacking! The role of the BA has also diminished with Agile, as developers now face users or product managers directly.


3 Reasons In-Memory Computing Is Essential for Microservices

The more advanced in-memory platforms support high-performance multiregion global architectures. This enables zero-downtime business operations via a high-performance shared memory layer that supports them. This also simplifies scaling up these services to more fully leverage the promise of cloud native and serverless. They also provide features such as automated disaster recovery, zero down-time code deployments (blue-green deployments), rolling product upgrades, as well as tools to integrate these seamlessly into modern cloud DevOps automation tools and new AIOps tools that help monitor these architectures and deliver auto-scaling and autonomous troubleshooting. For a concrete example of how these could be employed, imagine having many microservices in an online shopping application These include separate capabilities that power browsing for products, adding and removing items from a shopping cart and so on. More so, each one of these microservices can be somewhat independent from one another. But, some actions like checking out, fulfillment and shipping may require multistep orchestration and some roll-back behavior.


Keeping your data safe from hackers while working from home

One of the big changes the move towards remote working has brought about is removing employees from the protection of the corporate firewall. Working from inside the office provides people with anti-virus and other protections that can help to filter out some attacks. Now, instead of this, many people are working from their own computer from their homes, where they may not have anti-virus at all – and their home router won't provide a robust defence against attackers like a corporate firewall would. Criminals know this and are looking to take advantage with cyberattacks, especially when people – rushed off their feet while balancing working from home with the rest of their life – might unintentionally click on a phishing link or respond to a request that appears to come from a colleague but is actually a cyber criminal. "Humans are are ultimately fallible. Unfortunately it's the organic matter behind the keyboard, which is often the vulnerable part of the loop," says Troy Hunt, creator of HaveIBeenPwned and digital advisor to Nord Security. 


Booking.Com's GDPR Fine Should Serve as 'Wake-Up Call'

While the incident itself was troubling, the Dutch Data Protection Authority called out Booking.com for its response to the breach. The company, according to the report, first found out about the security lapse on Jan. 13, 2019, but waited until Feb. 7 of that year to alert authorities. Under GDPR rules, organizations must report a breach within 72 hours of its occurrence. By the time Booking.com notified the Dutch Data Protection Authority, more than 20 days had elapsed. Monique Verdier, the vice president of the Dutch privacy watchdog, noted in the report that the delay in reporting the incident could have put additional customers at risk and showed a disregard for their data. "That speed is very important for the victims of a leak," Verdier said. "After such a report, the AP can, among other things, order a company to immediately warn affected customers. In this way, for example, to prevent criminals from having weeks to continue trying to defraud customers." A spokesman for the company could not be immediately reached for comment on Friday, but the report notes that Booking.com would not appeal the fine.



Quote for the day:

"Enjoy the little things, for one day you may look back and realize they were the big things." -- Robert Brault

No comments:

Post a Comment