Daily Tech Digest - June 01, 2021

Microsoft launches first Asia Pacific Public Sector Cyber Security Executive Council

With most technology infrastructure owned and operated by private companies; it is also mission critical that governments form coalitions with leading tech companies to lead effective cyber-defense strategies and safeguard our region against attackers. Dato’ Ts. Dr. Haji Amirudin Abdul Wahab FASc, CEO of CyberSecurity Malaysia shared, “Cybersecurity is an important national agenda that cannot rely solely on the back of IT team. It should be a priority and responsibility of all individuals, as we continue to see cyber-criminal activities rise exponentially with the proliferation of data and digital connectivity. This coalition certainly establish stronger partnerships with industry leaders and practitioners that allow us to fortify our security postures and combat cybercrime.” On the future of the cybersecurity eco-system and role the coalition will play, Ph.D. candidate ChangHee Yun, Principle Researcher of AI/Future Strategy Center, National Information Society Agency Korea added, “the collective intelligence amongst the Asia Pacific nations is paramount to jointly share best practices and strategies that will enable us to resolve cybersecurity challenges at a faster pace, and a more proactive manner. ...”

A look at API prioritisation strategy of ICICI Lombard

Like any other software development, API development and rollout have their own set of challenges. One of the most important challenges is to ensure security and encryption. A robust security framework and periodic security audits of applications are a must in ensuring that not only endpoints of applications are tracked but also there is a sufficient level of encryption and account-level security that is maintained. Detection of vulnerabilities and plugging them is an ongoing affair and needs to be monitored regularly. Data protection is a critical aspect of security that we pay close attention to. According to Nayak, one of the key aspects, where organisations make mistakes, involves the estimation of volumes for integration. Since a lot of the APIs are built keeping the number of users in mind, it becomes extremely important to also estimate user-based rate limits to ensure scalability. “User-based rate limits also help in tracking the number of calls per user and outliers are identified as a part of the security evaluation.

HITRUST explained: One framework to rule them all

To understand how this works, we need to first understand what we mean when we talk about a security framework. This isn't some whiz-bang software tool or hardware appliance; instead, it's a set of policies and procedures meant to improve your organization's cyber security strategies. There are innumerable frameworks available out there, some put out by for-profit companies, some by industry cybersecurity orgs, and some by government agencies. This last category will become important for our discussion: many government regulations that touch on cybersecurity have at their heart prescribed frameworks that companies need to implement in order to be in compliance. HITRUST's framework, known as the HITRUST CSF, works along these same lines. What makes HITRUST special is that it isn't attempting to impose its own unique security philosophy onto its users; rather, it consolidates multiple existing public domain security frameworks into a single document. For instance, plenty of these frameworks require all passwords within an organization to be eight characters or more; therefore, the HITRUST CSF includes an eight-character password requirement for those organizations to which that control applies.

Microsoft's Low-Code Strategy Paints a Target on UIPath and the Other RPA Companies

Microsoft has assembled all of the pieces required by an enterprise to deliver low code solutions. If they execute well on this strategy they are poised to become unassailable in the low-code world. When Microsoft talks about low code, they have a pretty expansive view. The language they use when describing low code encompasses everything from an accountant writing a formula in Excel, to a software engineer using a pre-built connector to pull data from an API, to a consulting firm building a bespoke end-to-end claims management solution for a customer. Microsoft realises that the real challenge with scaling low code is not writing low code applications - it’s deploying and monitoring low code applications. And it is firmly on a trajectory to solving this challenge. ... Microsoft has put together a pretty impressive strategy. I don’t know how much is by design and how much by tactical zigging and zagging but, judging by the dates that the company released each of the pieces in this strategy, it looks like sometime in 2019 someone at Microsoft had a lightbulb moment about how all this should fit together, and they’ve been executing against that strategy ever since.

Are MRI Scans Done By AI Systems Reliable?

Convolutional neural networks are trained to map the measurement directly to an artifact-free image or map from a coarse least-squares reconstruction from the under-sampled measurement to an artifact-free image. The best-performing methods in the fastMRI competition are all trained networks and yield significant improvements over classical methods. Traditional CS methods are trendy in MRI reconstruction, and are used in clinical practice. Untrained networks are also powerful for compressive sensing, and simple convolutional architectures such as the Deep Decoder work well in practice. For the experiments, the researchers picked ten randomly-chosen proton-density-weighted knee MRI scans from the fastMRI validation set. For each of those images, a small perturbation was added to the measurement. The results showed that both trained and untrained methods are sensitive to small adversarial perturbations. For the next experiment to check for dataset shift, the researchers tested on the Stanford dataset retrieved by collecting all available 18 knee volumes. “Our main finding is that all reconstruction methods perform worse on the new MRI samples, but by a similar amount.

A human-centric approach to protect against cybersecurity threats

Teaching and reinforcing positive cyber hygiene among employees is one way in which they can help in defending against cyberattacks. This is the consistent and safe training of employees when they perform a manoeuvre that could compromise important data or open themselves up to a threat. This could be attaching a document with sensitive information to an outside source using a document sharing service or clicking on e-mail without reviewing the source. With practice and consistent guidance, it is possible to train employees with new programmes that help to curb unwanted behaviours, with notifications being made to the employees when one of these incidents is about to occur. The employee can learn in real-time why they cannot or should not perform this action. It can also be a comfort to the employees who know they are protected within this system of alerts, with additional options to anonymise which employee is connected to each incident – in other words, ensuring full visibility while maintaining privacy. With time, these actions will become habits. Human error is always likely to occur, but with incident-based training, employees and companies can better protect themselves from outside risks.

Investing in the Cybersecurity Workforce of Tomorrow

One solution that will help close the skills gap is to seek out and hire underrepresented candidates. However, providing them with the needed educational resources and skill-building opportunities is yet another challenge. Cybersecurity education is not always accessible to these groups, which typically leads them to pursue other career paths. Investing in the preparation of essential talent pools, such as students, is one key component to closing the cybersecurity skills gap. With the crucial need for people with cyber skills, IT recruiters need to consider candidates who don’t fit the traditional mold of a cybersecurity professional. ... Organizations must provide appropriate resources, and candidates must be willing to take advantage of this opportunity. Along with universities that offer cybersecurity curricula, several community organizations recognize the value of diversity in the industry, providing access to content and programs designed to address the talent shortage. ICMCP and WiCyS are two examples of groups that partner with private organizations to create access to different types of training and mentorship programs for women and minorities looking to transition or grow within the field of cybersecurity.

CISO Confidence Is Rising, but Issues Remain

Many CISOs feel they lack boardroom support. Fewer than two-thirds of global CISOs surveyed for the report indicated that they agree with their board's approach to cybersecurity. Fifty-seven percent of them indicated that the expectations placed on their role are excessive. Fifty-nine percent of global CISOs say their reporting line hinders their job effectiveness. This view is most prevalent in the technology sector, where three-quarters of CISOs expressed this sentiment. In the public sector, the issue is less pressing; here, just 38% felt reporting was a burden. The apparent distance between them and their C-suite colleagues makes many CISOs feel they can't do their jobs to the best of their ability. Nearly half of them don't global believe their organization is setting them up to succeed. What's worse, 24% of CISOs strongly agree this is the case. The CISO's ability to trade off agility and security will be even more critical in the future. Now that more organizations know what remote working brings along in terms of cost-savings and flexibility, it's likely that many will adopt hybrid working models going forward. But CISOs will need to convince their boards that the passable approach they used over the past year won't be enough in the long term.

How data centres can help businesses be more sustainable

The first step for many providers is in a move away from fossil fuels. Data centres are particularly well placed to benefit from renewable energy sources due to their stable power consumption. Indeed, some providers are already achieving 100% zero-carbon energy in their buildings, resulting in lower emissions of carbon and other types of pollution, as well as cost efficiencies. Google is another trailblazer in this area – its large-scale procurement of wind and solar power has made Google the world’s largest corporate buyer of renewable energy. Renewable energy is, and will continue to be, an important part of the strategy to reduce carbon emissions, but different global locations will benefit from different approaches, and it’s important to move beyond a straight ‘we must embrace renewables’ message, to one that recognises the nuances of location. For example, in the Middle East and parts of the US, solar energy is much more prevalent than in the Nordics. Other locations have different options: a good example is at a campus on the southwestern tip of Iceland, which runs almost entirely on geothermal and hydroelectric power.

Security leaders more concerned about legal settlements than regulatory fines

Egress CEO Tony Pepper comments: “The financial cost of data breach has always driven discussion around GDPR – and initially, it was thought hefty regulatory fines would do the most damage. But the widely unforeseen consequences of class action lawsuits and independent litigation are now dominating conversation. Organizations can challenge the ICO’s intention to fine to reduce the price tag, and over the last year, the ICO has shown leniency towards pandemic-hit businesses, such as British Airways, letting them off with greatly reduced fines that have been seen by many as merely a slap on the wrist. “With data subjects highly aware of their rights and lawsuits potentially becoming ‘opt-out’ for those affected in future, security leaders are right to be nervous about the financial impacts of litigation.” Lisa Forte, Partner at Red Goat Cyber Security, comments: “The greatest financial risk post breach no longer sits with the regulatory fines that could be issued. Lawsuits are now common place and could equal the writing of a blank cheque if your data is compromised.

Quote for the day:

"It is easy to lead from the front when there are no obstacles before you, the true colors of a leader are exposed when placed under fire." -- Mark W. Boye

No comments:

Post a Comment