How penetration testing can promote a false sense of security
Savvy cybercriminals, not wanting to waste time nor money, look for the simplest
way to achieve their goal. "Attackers have access to numerous tools, techniques,
and even services that can help find the unknown portion of an organization's
attack surface," suggested Gurzeev. "Similar to the 13th century French
attackers of Château Gaillard, but with the appeal of lower casualties and lower
cost with a greater likelihood of success, pragmatic attackers seek out an
organization's externally accessible attack surface." As mentioned earlier,
completely protecting an organization's cyberattack surface is nearly
impossible—partly due to attack surfaces being dynamic and partly due to how
fast software and hardware change. "Conventional tools are plagued by something
I mentioned at the start: assumptions, habits, and biases," explained Gurzeev.
"These tools all focus only where they are pointed, leaving organizations with
unaddressed blind spots that lead to breaches." By tools, Gurzeev is referring
to penetration testing: "Penetration testing is a series of activities
undertaken to identify and exploit security vulnerabilities. ..."
Microservices Architecture: Breaking the Monolith
The first thing to know: the less communication, the better relations. It’s very
easy and very tempting to create lots of services, that are very easy to test
from a singular standpoint, but as a whole, your system will get really
complicated and tangled. It makes things difficult to track should a problem
arise because you’ve got this enormous entanglement, and it may be hard to
identify where the root of the problem lies. Another important consideration is
to enter events into the queue. Many times we have been told that we cannot
break these into separate services because this thing has to be perfectly
synchronized for events that happen in the next steps. Usually, that’s not true.
Thanks to the queueing system and topic messaging systems that exist today,
there are lots of ways to break synchronization. It’s true that you are adding
an extra layer that could bring some latency problems but in the end, being able
to break all the synchronicity will probably end up improving your experience.
... It is very easy to keep creating microservices on the cloud, but if you
don’t have a clear plan that also makes it very easy to lose track of your
project’s budget.
Chip shortage will hit IT-hardware buyers for months to years
Cisco CEO Chuck Robbins told the BBC in April: “We think we’ve got another six
months to get through the short term. The providers are building out more
capacity. And that’ll get better and better over the next 12 to 18 months.” The
problem could last even longer, others say. “The supply chain has never been so
constrained in Arista history,” Arista CEO Jayshree Ullal told analysts at the
company’s recent financial briefing. “To put this in perspective, we now have to
plan for many components with 52-week lead time.” “We have products with
extremely large lead times that we plan ahead for. And I would be remiss, if I
didn’t say we while we have some great partners, that the semiconductor supply
chain is still constrained,” Ullal said. “Our team have taken some very
important steps, to build out our inventory for some of these long-lead-time
components, but we could use a lot more parts than we still have.” In its first
quarter earnings call Juniper Networks CFO, Ken Miller, told analysts that
ongoing supply constraints are likely to continue for a year or more.
Considering the ethics of tech for a more responsible future
“At All Tech Is Human, we recently released a report on improving social media,
and after interviewing a diverse sample of 42 individuals from across civil
government, government and industry, we realised that we don’t have an agreed
future as to where social media should be headed. “This showed that we need more
input from diverse groups to determine a better forward action.” The All Tech Is
Human founder went on to identify data extraction as the biggest issue regarding
the power of social media, due to most outlets being based on a model of
obtaining user data, which benefits advertising over apps. “The fact that social
media practices are more geared towards advertisers than communication creates
most of the problems we see,” Polgar continued. “This is where regulations are
important. These platforms are trying to maximise their profitability inside the
parameters of legality.” According to Polgar, while tech companies need to
consider the need to crack down on misinformation around topics such as
Covid-19, the other side of the coin manifests itself in the argument that
social media outlets don’t have the moral authority to remove these posts from
the platform.
Customer service is not customer experience (and vice versa)
Because customer experience is strategic, not tactical, you need to know where
the value is coming from, and where you’re throwing good money after bad. First,
identify your valuable customers, advises Strategex’s Nash, then go deeper to
analyze why they are valuable. Are they spending money broadly or deeply, or
both? “We have years and years of data to prove the 80/20 rule — that 80 percent
of your revenue comes from 20 percent of your customers.” More than that, she
adds, it’s not uncommon for the top 5 percent of customers to produce half the
revenue. “Words get people’s attention; data causes action,” she notes. This
analysis matters because the resources spent servicing unprofitable customers
can be a distraction from work that should be done to create a great experience
for those who matter most to your business. “Once you know who your top
customers are, you can create a customer experience for them, with the
appropriate expectations on their side and effort on the employee side,” Nash
says. And you can set different experience and service expectations for
less-valuable customers. This can be as simple as offering clearly branded tiers
of service or membership.
Interview With Srikanth Phalgun Pyaraka, Chartered Data Scientist
While working with business stakeholders to integrate data and analytics into
business models, we have faced multiple challenges. One of the significant
challenges that we face in most organisations is Business Intelligence
reporting to the next level of enabling predictive or prescriptive analytics
decision making. This is what we call an analytic chasm. Organisations should
tend to move from the analytics chasm with the help of change in the mindset
of decision-makers. The main focus should be on leveraging technology to
competitive power differentiation and not competitive parity. Greater emphasis
should be to build infrastructure and data analytics environments to support
data-driven business initiatives. ... Chartered Data scientist
designation is the highest distinction in the data science profession. The
exam looks for skills including computer programming, including R and Python;
Mathematics, especially statistics and probability; Analytical Methods such as
EDA, ML algorithms; Advance Analytics including deep learning, computer
vision, NLP; and Business Analytics at international standards.
10 Emerging Cybersecurity Trends To Watch In 2021
Extended detection and response (XDR) centralizes security data by combining
security information and event management (SIEM); security orchestration,
automation, and response (SOAR), network traffic analysis (NTA), and endpoint
detection and response (EDR). Obtaining visibility across networks, cloud and
endpoint and correlating threat intelligence across security products boosts
detection and response. An XDR system must have centralized incident response
capability that can change the state of individual security products as part
of the remediation process, according to research firm Gartner. The primary
goal of an XDR platform is to increase detection accuracy by corelating threat
intelligence and signals across multiple security offerings, and improving
security operations efficiency and productivity, Gartner said. XDR offerings
will appeal to pragmatic midsize enterprise buyers that do not have the
resources and skills to integrate a portfolio of best-of-breed security
products, according to Gartner. Advanced XDR vendors are focusing up the stack
by integrating with identity, data protection, cloud access security brokers,
and the secure access service edge to get closer to the business value of the
incident.
How the API economy is powering digital transformation
“APIs allow businesses to more efficiently unify and structure data from
across multiple communication platforms and leverage that data to build more
productive workflows, bring products and features to market faster, and create
modern user experiences that drive adoption and retention,” Polyakov told
VentureBeat. “APIs allow businesses to achieve all of this without having to
commit large amounts of time and resources, allowing product and engineering
teams to focus on other critical issues and business goals.” However, Polyakov
notes that many of the best APIs are those that handle and transfer lots of
rich data, meaning “proper security protocols and compliance certifications”
are vital. “Without proper assessments or an understanding of good design for
security, businesses can accidentally expose sensitive information or
unintentionally open themselves up to malicious inputs, compliance violations,
and more,” Polyakov said. ... “The API economy has empowered companies to be
more successful — whether it’s through leveraging third-party APIs to improve
business processes, attracting and retaining customers, or producing an API as
a product,” Bansal told VentureBeat.
How 2020 Shaped Transformation for Public Sector CIOs
Digital citizen services saw increased demand with people needing 24/7 access
to critical services and information. What was once considered more of a
“nice-to-have” became an absolute necessity. With some normalcy returning,
local governments must maintain this momentum toward modernization with
digital citizen services at the forefront of their digital transformation
plans. Remote work in the public sector increased efficiency, cost-savings and
led to more empowered and engaged government employees. A survey found remote
government employees 16% more engaged, 19% more satisfied and 11% less likely
to leave their agencies than non-remote workers. Much like the private sector,
when deciding on what a post-pandemic workplace looks like, local governments
need to consider a hybrid environment and continue providing infrastructure
and support for remote work. Advanced cybersecurity is far from a new
priority for local governments. But the rapid digitization of the public
sector over the past year -- increased digital services and data, mobilization
of the workforce, cloud migration, and more -- made cybersecurity an even
bigger focus.
Hiring remote software developers: How to spot the cheaters
There is a subtle balancing act in providing an assessment platform that is efficient at sensing fraud, but at the same time provides a good experience for honest test takers. The most successful assessment platforms usually apply a two-pronged approach by mixing and matching fraud mitigation with fraud detection. Signing the code of honor is an example of graceful and efficient mitigation tactics, rooted in academic research (Ariely, 2007) and confirmed by years of practice. It has been scientifically established that being reminded of moral issues makes an individual less prone to cheat. It is always wise to protect the platform’s evaluation content. Quality vendors limit the time and number of exposures of the same assessment content, actively monitor scores and pass rates to preempt task depletion and constantly crawl the internet to identify leaked tasks and solutions. Test randomization, a platform feature that enables automated on-the-spot test creation from a set of preconfigured equivalent tasks, is helpful in mitigating cheating, since it’s harder to game a system that is less predictable.
Quote for the day:
"If stupidity got us into this mess,
then why can't it get us out?" -- Will Rogers
No comments:
Post a Comment