Daily Tech Digest - May 18, 2021

How penetration testing can promote a false sense of security

Savvy cybercriminals, not wanting to waste time nor money, look for the simplest way to achieve their goal. "Attackers have access to numerous tools, techniques, and even services that can help find the unknown portion of an organization's attack surface," suggested Gurzeev. "Similar to the 13th century French attackers of Ch√Ęteau Gaillard, but with the appeal of lower casualties and lower cost with a greater likelihood of success, pragmatic attackers seek out an organization's externally accessible attack surface." As mentioned earlier, completely protecting an organization's cyberattack surface is nearly impossible—partly due to attack surfaces being dynamic and partly due to how fast software and hardware change. "Conventional tools are plagued by something I mentioned at the start: assumptions, habits, and biases," explained Gurzeev. "These tools all focus only where they are pointed, leaving organizations with unaddressed blind spots that lead to breaches." By tools, Gurzeev is referring to penetration testing: "Penetration testing is a series of activities undertaken to identify and exploit security vulnerabilities. ..."


Microservices Architecture: Breaking the Monolith

The first thing to know: the less communication, the better relations. It’s very easy and very tempting to create lots of services, that are very easy to test from a singular standpoint, but as a whole, your system will get really complicated and tangled. It makes things difficult to track should a problem arise because you’ve got this enormous entanglement, and it may be hard to identify where the root of the problem lies. Another important consideration is to enter events into the queue. Many times we have been told that we cannot break these into separate services because this thing has to be perfectly synchronized for events that happen in the next steps. Usually, that’s not true. Thanks to the queueing system and topic messaging systems that exist today, there are lots of ways to break synchronization. It’s true that you are adding an extra layer that could bring some latency problems but in the end, being able to break all the synchronicity will probably end up improving your experience. ... It is very easy to keep creating microservices on the cloud, but if you don’t have a clear plan that also makes it very easy to lose track of your project’s budget. 


Chip shortage will hit IT-hardware buyers for months to years

Cisco CEO Chuck Robbins told the BBC in April: “We think we’ve got another six months to get through the short term. The providers are building out more capacity. And that’ll get better and better over the next 12 to 18 months.” The problem could last even longer, others say. “The supply chain has never been so constrained in Arista history,” Arista CEO Jayshree Ullal told analysts at the company’s recent financial briefing. “To put this in perspective, we now have to plan for many components with 52-week lead time.” “We have products with extremely large lead times that we plan ahead for. And I would be remiss, if I didn’t say we while we have some great partners, that the semiconductor supply chain is still constrained,” Ullal said. “Our team have taken some very important steps, to build out our inventory for some of these long-lead-time components, but we could use a lot more parts than we still have.” In its first quarter earnings call Juniper Networks CFO, Ken Miller, told analysts that ongoing supply constraints are likely to continue for a year or more.


Considering the ethics of tech for a more responsible future

“At All Tech Is Human, we recently released a report on improving social media, and after interviewing a diverse sample of 42 individuals from across civil government, government and industry, we realised that we don’t have an agreed future as to where social media should be headed. “This showed that we need more input from diverse groups to determine a better forward action.” The All Tech Is Human founder went on to identify data extraction as the biggest issue regarding the power of social media, due to most outlets being based on a model of obtaining user data, which benefits advertising over apps. “The fact that social media practices are more geared towards advertisers than communication creates most of the problems we see,” Polgar continued. “This is where regulations are important. These platforms are trying to maximise their profitability inside the parameters of legality.” According to Polgar, while tech companies need to consider the need to crack down on misinformation around topics such as Covid-19, the other side of the coin manifests itself in the argument that social media outlets don’t have the moral authority to remove these posts from the platform.


Customer service is not customer experience (and vice versa)

Because customer experience is strategic, not tactical, you need to know where the value is coming from, and where you’re throwing good money after bad. First, identify your valuable customers, advises Strategex’s Nash, then go deeper to analyze why they are valuable. Are they spending money broadly or deeply, or both? “We have years and years of data to prove the 80/20 rule — that 80 percent of your revenue comes from 20 percent of your customers.” More than that, she adds, it’s not uncommon for the top 5 percent of customers to produce half the revenue. “Words get people’s attention; data causes action,” she notes. This analysis matters because the resources spent servicing unprofitable customers can be a distraction from work that should be done to create a great experience for those who matter most to your business. “Once you know who your top customers are, you can create a customer experience for them, with the appropriate expectations on their side and effort on the employee side,” Nash says. And you can set different experience and service expectations for less-valuable customers. This can be as simple as offering clearly branded tiers of service or membership.


Interview With Srikanth Phalgun Pyaraka, Chartered Data Scientist

While working with business stakeholders to integrate data and analytics into business models, we have faced multiple challenges. One of the significant challenges that we face in most organisations is Business Intelligence reporting to the next level of enabling predictive or prescriptive analytics decision making. This is what we call an analytic chasm. Organisations should tend to move from the analytics chasm with the help of change in the mindset of decision-makers. The main focus should be on leveraging technology to competitive power differentiation and not competitive parity. Greater emphasis should be to build infrastructure and data analytics environments to support data-driven business initiatives. ... Chartered Data scientist designation is the highest distinction in the data science profession. The exam looks for skills including computer programming, including R and Python; Mathematics, especially statistics and probability; Analytical Methods such as EDA, ML algorithms; Advance Analytics including deep learning, computer vision, NLP; and Business Analytics at international standards.


10 Emerging Cybersecurity Trends To Watch In 2021

Extended detection and response (XDR) centralizes security data by combining security information and event management (SIEM); security orchestration, automation, and response (SOAR), network traffic analysis (NTA), and endpoint detection and response (EDR). Obtaining visibility across networks, cloud and endpoint and correlating threat intelligence across security products boosts detection and response. An XDR system must have centralized incident response capability that can change the state of individual security products as part of the remediation process, according to research firm Gartner. The primary goal of an XDR platform is to increase detection accuracy by corelating threat intelligence and signals across multiple security offerings, and improving security operations efficiency and productivity, Gartner said. XDR offerings will appeal to pragmatic midsize enterprise buyers that do not have the resources and skills to integrate a portfolio of best-of-breed security products, according to Gartner. Advanced XDR vendors are focusing up the stack by integrating with identity, data protection, cloud access security brokers, and the secure access service edge to get closer to the business value of the incident.


How the API economy is powering digital transformation

“APIs allow businesses to more efficiently unify and structure data from across multiple communication platforms and leverage that data to build more productive workflows, bring products and features to market faster, and create modern user experiences that drive adoption and retention,” Polyakov told VentureBeat. “APIs allow businesses to achieve all of this without having to commit large amounts of time and resources, allowing product and engineering teams to focus on other critical issues and business goals.” However, Polyakov notes that many of the best APIs are those that handle and transfer lots of rich data, meaning “proper security protocols and compliance certifications” are vital. “Without proper assessments or an understanding of good design for security, businesses can accidentally expose sensitive information or unintentionally open themselves up to malicious inputs, compliance violations, and more,” Polyakov said. ... “The API economy has empowered companies to be more successful — whether it’s through leveraging third-party APIs to improve business processes, attracting and retaining customers, or producing an API as a product,” Bansal told VentureBeat.


How 2020 Shaped Transformation for Public Sector CIOs

Digital citizen services saw increased demand with people needing 24/7 access to critical services and information. What was once considered more of a “nice-to-have” became an absolute necessity. With some normalcy returning, local governments must maintain this momentum toward modernization with digital citizen services at the forefront of their digital transformation plans. Remote work in the public sector increased efficiency, cost-savings and led to more empowered and engaged government employees. A survey found remote government employees 16% more engaged, 19% more satisfied and 11% less likely to leave their agencies than non-remote workers. Much like the private sector, when deciding on what a post-pandemic workplace looks like, local governments need to consider a hybrid environment and continue providing infrastructure and support for remote work. Advanced cybersecurity is far from a new priority for local governments. But the rapid digitization of the public sector over the past year -- increased digital services and data, mobilization of the workforce, cloud migration, and more -- made cybersecurity an even bigger focus. 


Hiring remote software developers: How to spot the cheaters

There is a subtle balancing act in providing an assessment platform that is efficient at sensing fraud, but at the same time provides a good experience for honest test takers. The most successful assessment platforms usually apply a two-pronged approach by mixing and matching fraud mitigation with fraud detection. Signing the code of honor is an example of graceful and efficient mitigation tactics, rooted in academic research (Ariely, 2007) and confirmed by years of practice. It has been scientifically established that being reminded of moral issues makes an individual less prone to cheat. It is always wise to protect the platform’s evaluation content. Quality vendors limit the time and number of exposures of the same assessment content, actively monitor scores and pass rates to preempt task depletion and constantly crawl the internet to identify leaked tasks and solutions. Test randomization, a platform feature that enables automated on-the-spot test creation from a set of preconfigured equivalent tasks, is helpful in mitigating cheating, since it’s harder to game a system that is less predictable.



Quote for the day:

"If stupidity got us into this mess, then why can't it get us out?" -- Will Rogers

No comments:

Post a Comment