UK’s IoT ‘security by design’ law will cover smartphones too
The government introduced a security code of practice for IoT device
manufacturers back in 2018 — but the forthcoming legislation is intended to
build on that with a set of legally binding requirements. A draft law was aired
by ministers in 2019 — with the government focused on IoT devices, such as
webcams and baby monitors, which have often been associated with the most
egregious device security practices. Its plan now is for virtually all smart
devices to be covered by legally binding security requirements, with the
government pointing to research from consumer group “Which?” that found that a
third of people kept their last phone for four years, while some brands only
offer security updates for just over two years. The forthcoming legislation will
require smartphone and device makers like Apple and Samsung to inform customers
of the duration of time for which a device will receive software updates at the
point of sale. It will also ban manufacturers from using universal default
passwords (such as “password” or “admin”), which are often preset in a device’s
factory settings and easily guessable — making them meaningless in security
terms.
MLOps Vs Data Engineering: A Guide For The Perplexed
Data engineering involves designing and building pipelines to transform data to
a format end-users can understand (mainly data scientists). The pipelines
collect data from different sources in a single warehouse. The data engineering
job has been around for over a decade, ever since databases, SQL servers, and
ETL burst into the scene. But data engineering, as we know it, gained currency
at the beginning of the last decade. Companies realised they were sitting on
goldmines of data, and software engineers, with the right tools, can leverage
this data to drive business processes. Data engineering moved away from
traditional ETL tools and developed new ones to handle swathes of data. Data
engineering focuses on aspects such as data infrastructure, data warehousing,
data mining, data crunching, metadata management, and data modelling. ... A
survey by the International Data Corporation showed that most AI/ML projects
don’t go into production, primarily because the expectations are not well
communicated to the businesses or lack of skill in maintaining the production
models.
A fresh recipe for digital-driven work innovation
Some years ago, we examined technology and industry trends and quickly realized
that the future would be automated, with RPA’s exciting promise of enabling more
work to be done much faster and better - with less. We quickly realized that the
key to working better involves strategically applying a combination of RPA and
AI ingredients as a recipe to liberate the best from humans, technologies and
data - and then unleash this combined potential across enterprise operations. We
also realized that to address their actual goals or problems, at pace and on a
greater scale, organizations needed to start with defining a human intelligence
strategy. We’re talking about blending the best of human, AI, RPA, systems
intelligence and data as a single capability to then be conceived,
conceptualized and delivered as ‘enhanced work’ solutions. We call it the
‘Connected Intelligence’ model and this uniquely innovative approach releases
major commercial value in months - rather than years. This model works in the
following interdependent ways. RPA runs smart software robots to provide a rapid
processing function, performing joined up, data-driven, work– and at an
unmatched speed, accuracy and integrity - 24x7.
Moving from Collocated Management to Remote Leadership
Remote-first is different from remote-friendly in every way. A remote-first
culture fosters individual freedom and empowers collaboration through actual
inclusion and equity in all parts of the work process, while a remote-friendly
approach finds ways (usually the bare minimum such as video conferencing or a
chat tool) to create the illusion of inclusion and collaboration, while remote
workers often feel excluded, not-trusted or left out. Remote workers feeling
left out in hybrid teams is a familiar concept for many, but this emotion can
also be felt when the team is fully remote and operates with a collocated
mindset, i.e. a remote-friendly approach. Some organizations have begun using
the term “hybrid” to describe an environment in which people have a mandate to
go to an office from time to time. However, the location from which people work
is an entirely different topic than the operational implications of building a
strong remote-first culture that is inclusive of all people regardless of their
location, whether it be in an office or not.
Explained: Why soft skills are important to excel in your career?
Coordination and leadership abilities play a vital role in a modern workplace.
It is crucial to address the lack of soft skills in individuals via training
programs adapted to suit different sectors and levels. It is imperative to
develop interpersonal skills, so that workplaces remain relevant in the
challenging market, especially in the insurance industry which relies on
personal equity/face-to-face communication. Effective communication enables
you to build relations with people and is the key to your success in this
highly competitive sector. It also helps in time management. Customer service,
persuasion, and negotiation skills are the strengths individuals require in
the insurance sector. Dedication and consistency in work help in boosting the
team's morale and efficiency. With technology leading the world today, it is
crucial that you adapt your skills as per the requirements and needs of the
hour. Communication is the key to success. Enthusiasm, honesty, and conviction
must complement technology. Machines can only do so much; the rest is up to
human skills.
Seeing the Bigger Picture With BizDevSecOps
IT staff is under mounting pressure to perform, and they may not have the
correct elements in place to support elegant and profitable applications, said
Ostrowski. When it comes to monitoring, in particular, alert fatigue could
especially hamper innovation attempts and make it difficult to know what to
prioritize. Instead, Ostrowski advocates for letting tangible business
outcomes, such as conversion rates and performance, drive development. To
correlate the impact on revenue more directly, he encourages “giving business
leaders a seat at table during the entire CI/CD pipeline.” One aspect to
roping in business, security, development and operations is unified
observability across the entire stack. But wouldn’t it be challenging to give
business leaders a seat within a technical software delivery process? Well,
this wouldn’t be the first time business has directed technological change.
Ostrowski recalls the mid–2000s and the dawn of the mobile market. During this
period, IT became consumerized for laypeople, with glossy apps and
impressively intuitive experiences. He recalls a general loss of faith in IT
staff, as workers often had “better tech at home than they did in the
office.”
Securing vehicles from potential cybersecurity threats
Computers in cars are not a new development, but they are controlling more and
more of what is happening with them and inside them. Vehicle control is now,
for example, completely computerized, and attackers could take over the level
2 ADAS systems and consequently gain full control over a vehicle’s
safety-related functionalities. “Today’s sophisticated connected vehicle
architecture is inherently more vulnerable to cyber attacks. Connected
vehicles can host up to 150 electronic control units and run on 100 million
lines of code; tomorrow’s vehicles may contain up to 300 million lines of
software code. Cyber attacks that exploit the increasing digitization of
vehicles present a significant risk to manufacturers, vehicle owners, other
drivers and pedestrians,” Meron noted. “Each OEM tries to come up with their
own defense strategy, using the variety of tools available in the market to
protect from different attack vectors. Eventually they all need to manage
cybersecurity of the vehicle throughout its lifecycle, from the very first day
the design process commences, through production and maintenance of the
vehicle, until decommissioning.”
Cyber resilience: your last line of defence
By definition, cyber resilience measures an organisation’s strength in
preparing for, operating through and recovering from an attack. Only a
holistic security programme will assure the resilience of an organisation and
that of its customers before, during and after adverse events. Quickly
identifying, responding to and recovering from security incidents is key. To
achieve this, cyber resilience must rest on people and processes, as well as a
combination of technologies. When assessing their security posture, businesses
should look for gaps in their security capabilities from a people, processes
and technology perspective, and take steps to address these. For example, if
staff lack security know-how, can this be fixed by hiring or developing
dedicated security experts? And how can we use training to build enhanced
security awareness throughout the organisation? Processes should be clearly
defined to deliver the desired security outcomes and must be repeatable and
measurable. For most organisations, pinpointing weaknesses and making
improvements to their processes will be an iterative journey, which should be
kept under constant review.
3 Factors That Should be Driving Your Digital Transformation
Digitalization projects are a prime opportunity to finally take up some long
overdue “deferred maintenance,” those pending initiatives you’ve had sitting
on the shelf for months or years -- not because they aren’t important, but
because they weren’t absolute priorities at the time and were consequently put
off. Folding in deferred maintenance projects as part of your bigger digital
transformation effort is a great way to further maximize the value of that
initiative. The more projects you can execute simultaneously, the bigger the
benefits. Anyone can do a technical migration or upgrade, and in vacuum, those
smaller-scale endeavors won’t necessarily deliver the ROI you’d expect. But if
you can combine multiple projects at once -- pairing a cloud migration with,
for example, an OS/DB modernization project and the retirement of a legacy
platform, all the same time -- the greater value you create, and the higher
the ROI. Coalescing multiple projects into one also has other compounding
benefits, from reduced testing and disruption to less downtime. All of that
feeds into the project’s bottom line, making it more attractive to the
business and valuable in the long run.
Nation-State Actor Linked to Pulse Secure Attacks
"Their primary goals are maintaining long-term access to networks, collecting
credentials and stealing proprietary data," Charles Carmakal, senior vice
president and CTO at FireEye Mandiant, says of the attackers. "We believe that
multiple cyberespionage groups are using these exploits and tools, and there
are some similarities between portions of this activity and a Chinese actor we
call APT5." The attackers have been exploiting these vulnerabilities to
compromise U.S. government agencies, critical infrastructure and private
sector organizations, CISA says. FireEye adds the attacks are global, hitting
a variety of government and private institutions. "The investigation shows
ongoing attempts to exploit four issues: The substantial bulk of these issues
involve three vulnerabilities that were patched in 2019 and 2020. Customers
are strongly recommended to review the advisories and follow the guidance,
including changing all passwords in the environment if impacted," Ivanti
says.
Quote for the day:
"And the attitude of faith is the very
opposite of clinging to belief, of holding on." -- Alan Watts
No comments:
Post a Comment