Future of testing: Why CART is making penetration testing & attack simulation tools outdated
The inherent challenges with traditional security solutions make a strong case
for Continuous Automated Red Teaming (CART) - an emerging new technology which
discovers the attack surface and launches safe attacks continuously. It also
helps to prioritise the vulnerabilities that are most likely to be attacked,
which are typically the path of least resistance. To put it simply, CART
automates red teaming and is designed to scale the process and make it more
efficient allowing for continuous discovery of one's attack surface and
continuous testing. This makes CART a game changing strategy in cybersecurity.
In addition, CART, unlike penetration testing, finds the attack surface
automatically without any inputs. It then launches multiple-stage attacks that
range from networks to applications to humans. And, unlike BAS, CART, uses an
outside-in approach to attack and does not require any hardware or software.
Although hackers are sophisticated and have advanced detection and prevention
capabilities, CART can help organisations stay ahead of the game by helping them
think like a hacker.
Can Government Effectively Help Businesses Fight Cybercrime?
While companies need to better defend themselves, the government can help them
by recommending cybersecurity measures and passing along threat information and
by taking actions to dissuade attackers, whether it is sanctions against
collaborating countries, indictments against individuals, or offensive attacks
against the infrastructure used by criminals and their financial windfalls, says
Mark Montgomery, senior director of the Center on Cyber and Technology
Innovation at the Foundation for Defense of Democracies (FDD) and the executive
director of the Cyberspace Solarium Commission. "No one of them can solve it
alone—you have to do all three," he says. "We need to be working consistently
across all three of those lines of effort." The Ransomware Task Force
recommended five policies: Coordinated diplomacy and law enforcement efforts, an
aggressive whole-of-government campaign by the United States to dissuade
ransomware groups, the establishment of cyber response funds to help business,
an international framework for responding to ransomware, and more regulation of
cryptocurrency.
Using technology to keep control of your digital footprint in a post-COVID world
The concerns associated with handing over our data to travel companies do not
stem from nowhere. Airlines have a notorious reputation for facing data
breaches. For instance, British Airways was fined £20 million by the
Information Commissioner’s Office (ICO) after the personal information of more
than 400,000 staff and customers was leaked, including sensitive data related
to banking and payments. More recently, Air India suffered a data breach that
leaked the private data of no 4.5 million customers – including their contact
information, credit card details, passport and ticket information, and more.
Airlines are not the only alarming companies involved, as they’ve been
handling high-risk information for years. When restaurants and local bars gain
access to healthcare information, they are likely to not have adequate
security measures in place and are therefore at great risk for vulnerabilities
that put the customers’ privacy in danger. Does that mean we shouldn’t travel
due to data privacy concerns? Absolutely not. The solution is to embrace data
ownership as part of a value-based internet experience.
Unilever CIO: Digital literacy is the most important new capability to develop
Digital literacy, as Ventura defines it, is the ability of one employee—or an
entire culture—to embrace technology-driven innovation in changing the way
they work. To develop this capability, Ventura and his team created a Digital
Literacy Curriculum, which they are facilitating at the top of the
organization with CEO Fabian Garcia, and will expand to include leaders in
sales and marketing next. The Curriculum involves Ventura, key members of his
IT leadership team, and select business partners who meet three times a month
for 45 minutes for a total of 14 sessions. Those sessions focus on cloud,
platforms, data, and product, and are organized by experiences: customer,
consumer, and employee. “We’ve always talked about ‘applications’ and
‘systems,’ but today we are using so many new terms, that we want to ground
these terms in the experiences that matter to our CEO,” says Ventura. “We
include our business partners, because Fabian does not want to know about the
technical details of a capability; he wants to know how a practitioner will
turn insights into action.”
8 Fintech Trends Changing Banking Forever
Not only has the speed of payments been impacted, but the speed of payments
innovation is increasing. Solutions like Buy Now, Pay Later (BNPL) have
gained popularity almost overnight, creating a unique form of real-time
point-of-sale financing. This new innovation has forced traditional banks
and even competing payment providers to play catch-up. While most solutions
are for short-term deferred payments, new alternatives have been created for
larger purchases with longer-term installments. As a result, BNPL has
impacted not just debit issuers, but also credit card and personal loan
providers. As has been seen in other financial product areas, new payment
innovations often have emerged faster than the regulations to protect
consumers. As regulators sort through the risks to consumers associated with
new solutions, financial institutions have an opportunity to create
competing solutions with improved transparency and better risk/reward
models. Open Banking has become one of the most important global trends in
the banking ecosystem. Originated in the U.K., the concept lowers barriers
to entry for alternative financial services providers and enhances the
potential for innovation by mandating traditional financial institutions to
share financial data through APIs.
Rebuilding your security culture as employees return to the office
People need to move data to get their work done, and it can be a natural
instinct for security teams to respond negatively to data exfiltration
alerts. However, Code42 research shows that most data leaks happen
unintentionally. One example of this could be when someone accidentally
exfiltrates data when they connect a personal drive to their work device,
unintentionally synching work files onto their personal cloud. Instead of
leaping to the conclusion that employees are stealing data, investigate to
find out more. Often, they are simply trying to get work done or collaborate
with a colleague or partner. Use these moments as an opportunity to educate
them on more secure ways to share data, always beginning the conversation
with positive intent. For example, start with “We noticed this… did you see
it, too” rather than starting the conversation with an accusatory tone.
Doing so will position them as security allies instead of security enemies,
and that’s a better way to encourage them to work together with your
security team. Emphasize the importance of security and why it matters to
all employees as they return to the office.
Three things essential to the future of edge computing
At its core, edge computing relies on geographically disparate pieces of
equipment being able to seamlessly talk with one another. This could be
compute or storage nodes talking with one another, or those nodes talking
with sensors or machinery that collect or action an edge network’s data.
Edge infrastructure depends on those technologies being able to reliably
interact. Geographic separation has also led to a tendency towards a
diversity in equipment. Whether due to supplier availability or adaptations
to the local area, the most efficient edge infrastructure is one that can
accommodate a variety of technologies. In practice, the marketplace
pressures to accommodate this is often inevitable for many larger operators
of edge networks, especially for those that wish to avoid lock-in with a
particular vendor. To make a diverse and disparate edge network viable,
organisations need to adopt open technologies. Creating standards around
open source software and hardware to ensure that they can interact via open
source solutions is ultimately the only way to guarantee that every
component in a diverse and distributed edge network can interact with its
counterparts.
Computer vision adoption expected to grow significantly in the near future
Manufacturers typically implement CV for quality control and process
optimization, using systems to perform inspections with greater accuracy and
at higher speeds than human workers, he said. "Beyond the production line,
these systems have significant potential to augment or automate tedious,
dangerous or expensive work, such as routine cycle counts and equipment
inspections," Aigonkar said. CV is also useful for security in warehouse
environments. In retail, CV is often applied for inventory optimization and
to improve customer experience, ensuring that products are properly stocked
and to monitor checkout lines, curbside pickups, and to keep an eye out for
product spills, he said. "We see major successes with CV implementation
across sectors–in utilities, transportation, manufacturing and production,
retail and healthcare," Ajgaonkar said. In all of these verticals, the use
of CV improves efficiency to free up employees to focus on more
mission-critical tasks, he said. The increased adoption of AI and the
internet of things proliferating across industries, is making CV something
organizations should pay attention to now, he said.
6 IT talent retention strategies: Chicago CIO of the Year winners share
Without a doubt, the post-pandemic world has accelerated digitalization and
the emerging hybrid work environment. To effectively compete and win in the
marketplace, companies across all industries must execute strategies faster
and pivot rapidly to seize new opportunities. Talent is central to success.
My organization has implemented workforce initiatives to motivate and
increase engagement among employees. We are ensuring that employee
contributions are aligned to business priorities to provide a sense of
purpose and meaning. We are providing schedule and location flexibility and
investing in career growth. We have stepped up communication and involve a
broad cross-section of employees in discussions to shape the future of the
workplace. ... The new remote reality has indeed placed a brighter-than-ever
spotlight on the importance of retaining top talent. I believe in investing
in our people so they can learn new skills, which not only enrich and
challenge them personally, but also enable them to contribute to our
business success. Our mission is to deliver secure, reliable payments to the
whole country. Knowing that the day-to-day work our team members do impacts
every household and every business in the country is incredibly motivating
and rewarding.
Global frameworks the way forward for AI and data privacy — Google CEO
Artificial intelligence (AI) has been quickly evolving, playing a gradually
larger role in people’s lives. Looking forward to the next quarter of a
century, given the evolution that the Internet has made in this time frame,
Pichai expressed belief that while AI is still in its early stages, people
will need to ensure that the technology develops in a way that benefits
society. “I expect [AI] to play a foundational role across every aspect of
our lives, be it healthcare, education, how we manufacture things, and how
we consume information,” he said. “Today, it’s already changing our lives in
simpler ways. In healthcare, when a radiologist is doing scans, [AI] may be
acting as an assistant, flagging where [the radiologist] may want to give an
extra look, or prioritise, because it looks worrisome. “Over time, we’ll be
with more intelligent systems, and it can make humans more productive than
we’ve ever imagined.” When asked whether society is unprepared for the rise
in AI, Pichai said that while this may partly be true, human potential is
always
Quote for the day:
"Without growth, organizations
struggle to add talented people. Without talented people, organizations
struggle to grow." -- Ray Attiyah
No comments:
Post a Comment