Daily Tech Digest - April 21, 2021

UK’s IoT ‘security by design’ law will cover smartphones too

The government introduced a security code of practice for IoT device manufacturers back in 2018 — but the forthcoming legislation is intended to build on that with a set of legally binding requirements. A draft law was aired by ministers in 2019 — with the government focused on IoT devices, such as webcams and baby monitors, which have often been associated with the most egregious device security practices. Its plan now is for virtually all smart devices to be covered by legally binding security requirements, with the government pointing to research from consumer group “Which?” that found that a third of people kept their last phone for four years, while some brands only offer security updates for just over two years. The forthcoming legislation will require smartphone and device makers like Apple and Samsung to inform customers of the duration of time for which a device will receive software updates at the point of sale. It will also ban manufacturers from using universal default passwords (such as “password” or “admin”), which are often preset in a device’s factory settings and easily guessable — making them meaningless in security terms.


MLOps Vs Data Engineering: A Guide For The Perplexed

Data engineering involves designing and building pipelines to transform data to a format end-users can understand (mainly data scientists). The pipelines collect data from different sources in a single warehouse. The data engineering job has been around for over a decade, ever since databases, SQL servers, and ETL burst into the scene. But data engineering, as we know it, gained currency at the beginning of the last decade. Companies realised they were sitting on goldmines of data, and software engineers, with the right tools, can leverage this data to drive business processes. Data engineering moved away from traditional ETL tools and developed new ones to handle swathes of data. Data engineering focuses on aspects such as data infrastructure, data warehousing, data mining, data crunching, metadata management, and data modelling. ... A survey by the International Data Corporation showed that most AI/ML projects don’t go into production, primarily because the expectations are not well communicated to the businesses or lack of skill in maintaining the production models.


A fresh recipe for digital-driven work innovation

Some years ago, we examined technology and industry trends and quickly realized that the future would be automated, with RPA’s exciting promise of enabling more work to be done much faster and better - with less. We quickly realized that the key to working better involves strategically applying a combination of RPA and AI ingredients as a recipe to liberate the best from humans, technologies and data - and then unleash this combined potential across enterprise operations. We also realized that to address their actual goals or problems, at pace and on a greater scale, organizations needed to start with defining a human intelligence strategy. We’re talking about blending the best of human, AI, RPA, systems intelligence and data as a single capability to then be conceived, conceptualized and delivered as ‘enhanced work’ solutions. We call it the ‘Connected Intelligence’ model and this uniquely innovative approach releases major commercial value in months - rather than years. This model works in the following interdependent ways. RPA runs smart software robots to provide a rapid processing function, performing joined up, data-driven, work– and at an unmatched speed, accuracy and integrity - 24x7.


Moving from Collocated Management to Remote Leadership

Remote-first is different from remote-friendly in every way. A remote-first culture fosters individual freedom and empowers collaboration through actual inclusion and equity in all parts of the work process, while a remote-friendly approach finds ways (usually the bare minimum such as video conferencing or a chat tool) to create the illusion of inclusion and collaboration, while remote workers often feel excluded, not-trusted or left out. Remote workers feeling left out in hybrid teams is a familiar concept for many, but this emotion can also be felt when the team is fully remote and operates with a collocated mindset, i.e. a remote-friendly approach. Some organizations have begun using the term “hybrid” to describe an environment in which people have a mandate to go to an office from time to time. However, the location from which people work is an entirely different topic than the operational implications of building a strong remote-first culture that is inclusive of all people regardless of their location, whether it be in an office or not.


Explained: Why soft skills are important to excel in your career?

Coordination and leadership abilities play a vital role in a modern workplace. It is crucial to address the lack of soft skills in individuals via training programs adapted to suit different sectors and levels. It is imperative to develop interpersonal skills, so that workplaces remain relevant in the challenging market, especially in the insurance industry which relies on personal equity/face-to-face communication. Effective communication enables you to build relations with people and is the key to your success in this highly competitive sector. It also helps in time management. Customer service, persuasion, and negotiation skills are the strengths individuals require in the insurance sector. Dedication and consistency in work help in boosting the team's morale and efficiency. With technology leading the world today, it is crucial that you adapt your skills as per the requirements and needs of the hour. Communication is the key to success. Enthusiasm, honesty, and conviction must complement technology. Machines can only do so much; the rest is up to human skills.


Seeing the Bigger Picture With BizDevSecOps

IT staff is under mounting pressure to perform, and they may not have the correct elements in place to support elegant and profitable applications, said Ostrowski. When it comes to monitoring, in particular, alert fatigue could especially hamper innovation attempts and make it difficult to know what to prioritize. Instead, Ostrowski advocates for letting tangible business outcomes, such as conversion rates and performance, drive development. To correlate the impact on revenue more directly, he encourages “giving business leaders a seat at table during the entire CI/CD pipeline.” One aspect to roping in business, security, development and operations is unified observability across the entire stack. But wouldn’t it be challenging to give business leaders a seat within a technical software delivery process? Well, this wouldn’t be the first time business has directed technological change. Ostrowski recalls the mid–2000s and the dawn of the mobile market. During this period, IT became consumerized for laypeople, with glossy apps and impressively intuitive experiences. He recalls a general loss of faith in IT staff, as workers often had “better tech at home than they did in the office.” 


Securing vehicles from potential cybersecurity threats

Computers in cars are not a new development, but they are controlling more and more of what is happening with them and inside them. Vehicle control is now, for example, completely computerized, and attackers could take over the level 2 ADAS systems and consequently gain full control over a vehicle’s safety-related functionalities. “Today’s sophisticated connected vehicle architecture is inherently more vulnerable to cyber attacks. Connected vehicles can host up to 150 electronic control units and run on 100 million lines of code; tomorrow’s vehicles may contain up to 300 million lines of software code. Cyber attacks that exploit the increasing digitization of vehicles present a significant risk to manufacturers, vehicle owners, other drivers and pedestrians,” Meron noted. “Each OEM tries to come up with their own defense strategy, using the variety of tools available in the market to protect from different attack vectors. Eventually they all need to manage cybersecurity of the vehicle throughout its lifecycle, from the very first day the design process commences, through production and maintenance of the vehicle, until decommissioning.”


Cyber resilience: your last line of defence

By definition, cyber resilience measures an organisation’s strength in preparing for, operating through and recovering from an attack. Only a holistic security programme will assure the resilience of an organisation and that of its customers before, during and after adverse events. Quickly identifying, responding to and recovering from security incidents is key. To achieve this, cyber resilience must rest on people and processes, as well as a combination of technologies. When assessing their security posture, businesses should look for gaps in their security capabilities from a people, processes and technology perspective, and take steps to address these. For example, if staff lack security know-how, can this be fixed by hiring or developing dedicated security experts? And how can we use training to build enhanced security awareness throughout the organisation? Processes should be clearly defined to deliver the desired security outcomes and must be repeatable and measurable. For most organisations, pinpointing weaknesses and making improvements to their processes will be an iterative journey, which should be kept under constant review.


3 Factors That Should be Driving Your Digital Transformation

Digitalization projects are a prime opportunity to finally take up some long overdue “deferred maintenance,” those pending initiatives you’ve had sitting on the shelf for months or years -- not because they aren’t important, but because they weren’t absolute priorities at the time and were consequently put off. Folding in deferred maintenance projects as part of your bigger digital transformation effort is a great way to further maximize the value of that initiative. The more projects you can execute simultaneously, the bigger the benefits. Anyone can do a technical migration or upgrade, and in vacuum, those smaller-scale endeavors won’t necessarily deliver the ROI you’d expect. But if you can combine multiple projects at once -- pairing a cloud migration with, for example, an OS/DB modernization project and the retirement of a legacy platform, all the same time -- the greater value you create, and the higher the ROI. Coalescing multiple projects into one also has other compounding benefits, from reduced testing and disruption to less downtime. All of that feeds into the project’s bottom line, making it more attractive to the business and valuable in the long run.


Nation-State Actor Linked to Pulse Secure Attacks

"Their primary goals are maintaining long-term access to networks, collecting credentials and stealing proprietary data," Charles Carmakal, senior vice president and CTO at FireEye Mandiant, says of the attackers. "We believe that multiple cyberespionage groups are using these exploits and tools, and there are some similarities between portions of this activity and a Chinese actor we call APT5." The attackers have been exploiting these vulnerabilities to compromise U.S. government agencies, critical infrastructure and private sector organizations, CISA says. FireEye adds the attacks are global, hitting a variety of government and private institutions. "The investigation shows ongoing attempts to exploit four issues: The substantial bulk of these issues involve three vulnerabilities that were patched in 2019 and 2020. Customers are strongly recommended to review the advisories and follow the guidance, including changing all passwords in the environment if impacted," Ivanti says.



Quote for the day:

"And the attitude of faith is the very opposite of clinging to belief, of holding on." -- Alan Watts

No comments:

Post a Comment