Daily Tech Digest - July 22, 2021

How SMEs in e-commerce can drive value from machine learning

It’s important to realise that implementing machine learning in processes like customer segmentation means digging deeper into data than ever before, and ensuring the algorithms your business uses are underpinned by a thorough understanding of this data. Simply taking superficially similar customers and grouping them together when recommending products won’t go far enough for it to work successfully. The next step is to ensure the business is compatible with machine learning in the long run. For example, business problems where machine learning could be useful should be identified early on, and companies should get into the habit of preparing their data so that machine learning can be integrated without too much difficulty and disruption. Crucially, organisations should also identify relevant machine learning experts who can drive such projects forward, either internally or through outsourcing via external consultants. Finally, one of the most pressing concerns in the minds of many business leaders reluctant to implement machine learning is the threat the technology could pose to human staff.

Are you ready for the newest era of DevSecOps?

Many organizations have shifted security left, or at least started on their journey, in an effort to improve development velocity while also managing security risks. When starting with their incumbent tools, many organizations find it difficult to cobble together a variety of different security scanners and trying to integrate them into a complex DevOps toolchain. We hear from customers that siloed tooling has hindered collaboration. Many of our customers turned to GitLab to simplify their DevSecOps process. GitLab is often at the forefront of the DevSecOps and "shift security left" conversations among developers and businesses because of the simplicity and effectiveness of embracing security capabilities via a single platform. Developers need to find and fix vulnerabilities within their natural workflow earlier, without friction or distractions, while businesses must protect their IP in an age when the stakes of security have never been higher. When security capabilities are embedded into the end-to-end software processes, then developers can spend time writing code instead of managing tools. 

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Researchers said the misconfigurations can also expose sensitive information such as code, credentials and private container-image names (which can be used to assist in other kinds of attacks). Intezer’s scan of the web found scads of unprotected instances, operated by companies in several industries, including technology, finance and logistics. “We have identified infected nodes and there is the potential for larger-scale attacks due to hundreds of misconfigured deployments,” according to Intezer. In one case, bad code was running on an exposed cluster in Docker Hub for nine months before being discovered and removed. Attacks aren’t difficult to carry out: Researchers observed different popular Monero-mining malware being housed in containers located in repositories like Docker Hub, including Kannix and XMRig. Cybercriminals need only to pull one of those containers into Kubernetes via Argo or another avenue. For instance, Microsoft recently flagged a wave of miners infesting Kubernetes via the Kubeflow framework for running machine-learning workflows.

AI execs unpack call center automation boom

Purkayastha says that technological improvements over the past five years have set the stage for the wider adoption of automation in the call center. Superior automatic speech recognition and transcription are accelerating the velocity of deploying solutions, while knowledge graphs — knowledge bases with graph-structured data models — are extracting information pertinent to support agents. Beyond this, automation technologies now better understand the semantics of conversations and continuously learn, optimizing toward business KPIs. Of course, these systems require data to train, and accumulating the data — along with processing, normalizing, and cleaning it — can take time. Schebella says that it’s not unusual for 30, 60, or 90 days to elapse before a natural language processing model begins to perform satisfactorily. In the future, he expects data collection to become less of a problem as call automation technologies provide more real-time feedback — for example, indicating to a customer service agent whether they’re speaking too quickly or slowly. 

A Guide to Stress-Free Cybersecurity for Lean IT Security Teams

Today's cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can't prevent these attacks from happening, what can lean security teams look forward to? Surprisingly, leaner teams have a much greater chance than they think. It might seem counterintuitive, but recent history has shown that large numbers and huge budgets aren't the difference-makers they once were. Indeed, having the right strategy in place is a clear indicator of an organization's success today. A new guide by XDR provider Cynet looks to dispel the myth that bigger is always better and shows a smarter way forward for lean IT security teams. The new guide focuses on helping lean IT security teams plan strategies that can protect their organizations while reducing the level of stress they face. Due to the rise of cyber tools that can help level the playing field and a new generation of security professionals, smaller organizations can now defend their organizations equally.

4 Patterns for Microservices Architecture in Couchbase

One of the key characteristics of microservices is their loose coupling, so that they can be developed, deployed, access-controlled and scaled on an individual basis. Loose coupling requires that the underlying database infrastructure supports isolating the data for the individual microservices. That could be either by running individual database instances per microservice or by controlling access to the relevant parts of the data. While traditional relational databases support isolation using database schemas, they are often difficult to scale, they lack the flexibility of a JSON data model, and most importantly, they become the single point of failure in case of an outage of your database infrastructure. This is an important aspect to consider when designing your microservice architecture, as an outage has severe consequences for all microservices sharing the same database. Couchbase is designed for microservices. It’s a highly scalable, resilient and distributed database. It offers great flexibility and provides multiple levels of isolation to support up to one thousand microservices in the same Couchbase cluster.

Moving OT to the cloud means accounting for a whole new host of security risks

In addition to using attacks that all cloud platforms are vulnerable to, Team82 said one of its approaches involves gaining unauthorized access to an operator account "using different methods." Again, these different methods are likely similar to other attacks used to steal credentials, like phishing, which has been on the rise as more organizations move to cloud-based models to enable remote work. Team82 detailed two different approaches to gaining access to OT networks and hardware: A top-down approach that involves gaining access to a privileged account and thus a cloud dashboard, and a bottom-up approach that starts by attacking an endpoint device like a PLC from which they can execute malicious remote code. Regardless of the method, the end result for the attacker is the same: Access to, and control of, an OT cloud management platform and the ability to disrupt devices and businesses. An attacker could stop a PLC program responsible for temperature regulation of the production line, or change centrifuge speeds as was the case with Stuxnet.

Why Going Digital Isn’t Enough to Meet the New Customer Experience (CX) Imperative

Traditional silos are directed by functional leaders—service, marketing, commerce—but customers expect a unified approach to CX. Building a customer-centered organization requires operational innovation, and existing models don’t scale. CDOs, CMOs, CIOs, and CxOs—supported by CEOs, CFOs, COOs, and board members—must build an alliance: a working group or steering committee that is responsible and accountable for centralized, unified, and collaborative customer understanding and engagement. Ultimately, a customer-centered organization needs a leader who is probably not the chief executive officer but a chief experience officer: an orchestrator with day-to-day leadership, accountability, and tireless focus on the personal touch in a reimagined analog, digital, and hybrid customer journey. It takes day-to-day leadership, accountability, and tireless focus. Companies leading in CX are more than twice as likely to have a chief experience officer than those that have made less progress.

The role of tech in the future of keeping the workforce well post-pandemic

The bigger picture is that a ‘return to work’ doesn’t mean back to the office. It might not even mean remote working. The talk of the rise of the ‘third workplace’, where employees can work from wherever they choose, means that a modern day workforce needs a completely mobile infrastructure. So what does this look like? Firstly, using an integrated company news feed as part of your communications platform allows remote workers to cut past the often-laborious task of checking their emails and get to the priorities of the day. While emails can be easily overlooked, a news feed that highlights urgent issues and offers real-time updates which remote workers can receive across different channels helps boost a culture of openness and inclusion. Having the tools to communicate health and safety updates results in transparency around important matters like the risk of transmission and the safety measures implemented. A key question for organisations post-pandemic has to be how they leverage tech beyond workforce optimisation. 

Questions that help CISOs and boards have each other’s back

An accountability approach should dictate who takes ownership of what. The vice president of human resources is responsible for organizing vetting; the chief information officer must be held responsible for IT security; and the chief financial officer must have plans for combating many forms of fraud, which include strategies for combating phishing and business email compromise, scenarios for handling ransomware attacks and efforts to harden the tools and processes utilized by accounts payable. The deeper you follow the accountability way of thinking, the more inclusive your leadership must be when it comes cybersecurity. This can’t be a lone-wolf operation. The purpose of a security team is to become an ally for your executive team, not to passivate them. A proper security leader must determine—and share with the CEO and the board of directors, if necessary—whether the responsible persons are up to their tasks and committed to reaching security objectives.

Quote for the day:

"Leaders know the importance of having someone in their lives who will unfailingly and fearlessly tell them the truth." -- Warren G. Bennis

No comments:

Post a Comment