Daily Tech Digest - July 14, 2021

Future of testing: Why CART is making penetration testing & attack simulation tools outdated

The inherent challenges with traditional security solutions make a strong case for Continuous Automated Red Teaming (CART) - an emerging new technology which discovers the attack surface and launches safe attacks continuously. It also helps to prioritise the vulnerabilities that are most likely to be attacked, which are typically the path of least resistance. To put it simply, CART automates red teaming and is designed to scale the process and make it more efficient allowing for continuous discovery of one's attack surface and continuous testing. This makes CART a game changing strategy in cybersecurity. In addition, CART, unlike penetration testing, finds the attack surface automatically without any inputs. It then launches multiple-stage attacks that range from networks to applications to humans. And, unlike BAS, CART, uses an outside-in approach to attack and does not require any hardware or software. Although hackers are sophisticated and have advanced detection and prevention capabilities, CART can help organisations stay ahead of the game by helping them think like a hacker.


Can Government Effectively Help Businesses Fight Cybercrime?

While companies need to better defend themselves, the government can help them by recommending cybersecurity measures and passing along threat information and by taking actions to dissuade attackers, whether it is sanctions against collaborating countries, indictments against individuals, or offensive attacks against the infrastructure used by criminals and their financial windfalls, says Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies (FDD) and the executive director of the Cyberspace Solarium Commission. "No one of them can solve it alone—you have to do all three," he says. "We need to be working consistently across all three of those lines of effort." The Ransomware Task Force recommended five policies: Coordinated diplomacy and law enforcement efforts, an aggressive whole-of-government campaign by the United States to dissuade ransomware groups, the establishment of cyber response funds to help business, an international framework for responding to ransomware, and more regulation of cryptocurrency.


Using technology to keep control of your digital footprint in a post-COVID world

The concerns associated with handing over our data to travel companies do not stem from nowhere. Airlines have a notorious reputation for facing data breaches. For instance, British Airways was fined £20 million by the Information Commissioner’s Office (ICO) after the personal information of more than 400,000 staff and customers was leaked, including sensitive data related to banking and payments. More recently, Air India suffered a data breach that leaked the private data of no 4.5 million customers – including their contact information, credit card details, passport and ticket information, and more. Airlines are not the only alarming companies involved, as they’ve been handling high-risk information for years. When restaurants and local bars gain access to healthcare information, they are likely to not have adequate security measures in place and are therefore at great risk for vulnerabilities that put the customers’ privacy in danger. Does that mean we shouldn’t travel due to data privacy concerns? Absolutely not. The solution is to embrace data ownership as part of a value-based internet experience.


Unilever CIO: Digital literacy is the most important new capability to develop

Digital literacy, as Ventura defines it, is the ability of one employee—or an entire culture—to embrace technology-driven innovation in changing the way they work. To develop this capability, Ventura and his team created a Digital Literacy Curriculum, which they are facilitating at the top of the organization with CEO Fabian Garcia, and will expand to include leaders in sales and marketing next. The Curriculum involves Ventura, key members of his IT leadership team, and select business partners who meet three times a month for 45 minutes for a total of 14 sessions. Those sessions focus on cloud, platforms, data, and product, and are organized by experiences: customer, consumer, and employee. “We’ve always talked about ‘applications’ and ‘systems,’ but today we are using so many new terms, that we want to ground these terms in the experiences that matter to our CEO,” says Ventura. “We include our business partners, because Fabian does not want to know about the technical details of a capability; he wants to know how a practitioner will turn insights into action.”


8 Fintech Trends Changing Banking Forever

Not only has the speed of payments been impacted, but the speed of payments innovation is increasing. Solutions like Buy Now, Pay Later (BNPL) have gained popularity almost overnight, creating a unique form of real-time point-of-sale financing. This new innovation has forced traditional banks and even competing payment providers to play catch-up. While most solutions are for short-term deferred payments, new alternatives have been created for larger purchases with longer-term installments. As a result, BNPL has impacted not just debit issuers, but also credit card and personal loan providers. As has been seen in other financial product areas, new payment innovations often have emerged faster than the regulations to protect consumers. As regulators sort through the risks to consumers associated with new solutions, financial institutions have an opportunity to create competing solutions with improved transparency and better risk/reward models. Open Banking has become one of the most important global trends in the banking ecosystem. Originated in the U.K., the concept lowers barriers to entry for alternative financial services providers and enhances the potential for innovation by mandating traditional financial institutions to share financial data through APIs.


Rebuilding your security culture as employees return to the office

People need to move data to get their work done, and it can be a natural instinct for security teams to respond negatively to data exfiltration alerts. However, Code42 research shows that most data leaks happen unintentionally. One example of this could be when someone accidentally exfiltrates data when they connect a personal drive to their work device, unintentionally synching work files onto their personal cloud. Instead of leaping to the conclusion that employees are stealing data, investigate to find out more. Often, they are simply trying to get work done or collaborate with a colleague or partner. Use these moments as an opportunity to educate them on more secure ways to share data, always beginning the conversation with positive intent. For example, start with “We noticed this… did you see it, too” rather than starting the conversation with an accusatory tone. Doing so will position them as security allies instead of security enemies, and that’s a better way to encourage them to work together with your security team. Emphasize the importance of security and why it matters to all employees as they return to the office.


Three things essential to the future of edge computing

At its core, edge computing relies on geographically disparate pieces of equipment being able to seamlessly talk with one another. This could be compute or storage nodes talking with one another, or those nodes talking with sensors or machinery that collect or action an edge network’s data. Edge infrastructure depends on those technologies being able to reliably interact. Geographic separation has also led to a tendency towards a diversity in equipment. Whether due to supplier availability or adaptations to the local area, the most efficient edge infrastructure is one that can accommodate a variety of technologies. In practice, the marketplace pressures to accommodate this is often inevitable for many larger operators of edge networks, especially for those that wish to avoid lock-in with a particular vendor. To make a diverse and disparate edge network viable, organisations need to adopt open technologies. Creating standards around open source software and hardware to ensure that they can interact via open source solutions is ultimately the only way to guarantee that every component in a diverse and distributed edge network can interact with its counterparts.


Computer vision adoption expected to grow significantly in the near future

Manufacturers typically implement CV for quality control and process optimization, using systems to perform inspections with greater accuracy and at higher speeds than human workers, he said. "Beyond the production line, these systems have significant potential to augment or automate tedious, dangerous or expensive work, such as routine cycle counts and equipment inspections," Aigonkar said. CV is also useful for security in warehouse environments. In retail, CV is often applied for inventory optimization and to improve customer experience, ensuring that products are properly stocked and to monitor checkout lines, curbside pickups, and to keep an eye out for product spills, he said. "We see major successes with CV implementation across sectors–in utilities, transportation, manufacturing and production, retail and healthcare," Ajgaonkar said. In all of these verticals, the use of CV improves efficiency to free up employees to focus on more mission-critical tasks, he said. The increased adoption of AI and the internet of things proliferating across industries, is making CV something organizations should pay attention to now, he said.


6 IT talent retention strategies: Chicago CIO of the Year winners share

Without a doubt, the post-pandemic world has accelerated digitalization and the emerging hybrid work environment. To effectively compete and win in the marketplace, companies across all industries must execute strategies faster and pivot rapidly to seize new opportunities. Talent is central to success. My organization has implemented workforce initiatives to motivate and increase engagement among employees. We are ensuring that employee contributions are aligned to business priorities to provide a sense of purpose and meaning. We are providing schedule and location flexibility and investing in career growth. We have stepped up communication and involve a broad cross-section of employees in discussions to shape the future of the workplace. ... The new remote reality has indeed placed a brighter-than-ever spotlight on the importance of retaining top talent. I believe in investing in our people so they can learn new skills, which not only enrich and challenge them personally, but also enable them to contribute to our business success. Our mission is to deliver secure, reliable payments to the whole country. Knowing that the day-to-day work our team members do impacts every household and every business in the country is incredibly motivating and rewarding.


Global frameworks the way forward for AI and data privacy — Google CEO

Artificial intelligence (AI) has been quickly evolving, playing a gradually larger role in people’s lives. Looking forward to the next quarter of a century, given the evolution that the Internet has made in this time frame, Pichai expressed belief that while AI is still in its early stages, people will need to ensure that the technology develops in a way that benefits society. “I expect [AI] to play a foundational role across every aspect of our lives, be it healthcare, education, how we manufacture things, and how we consume information,” he said. “Today, it’s already changing our lives in simpler ways. In healthcare, when a radiologist is doing scans, [AI] may be acting as an assistant, flagging where [the radiologist] may want to give an extra look, or prioritise, because it looks worrisome. “Over time, we’ll be with more intelligent systems, and it can make humans more productive than we’ve ever imagined.” When asked whether society is unprepared for the rise in AI, Pichai said that while this may partly be true, human potential is always



Quote for the day:

"Without growth, organizations struggle to add talented people. Without talented people, organizations struggle to grow." -- Ray Attiyah

No comments:

Post a Comment