Daily Tech Digest - July 23, 2021

The CISO: the enabler of innovation

With digital transformation already in focus for many businesses, adding a now distributed workforce on top of this scenario ratchets up the security challenge. One in five CEOs and CISOs saw a major increase in all types of cyber attacks since COVID-19, with supply chain attacks topping the table side by side with ransomware. The key here is to enable and drive businesses, rather than impede them. By moving to support remote workers by adjusting policies and controls discreetly, businesses can enable teams to work better in their own role in their own job. This means allowing them to access data from anywhere while providing better visibility 24/7, enabling more proactive alerts and controls. In fact, 58% of CEOs and CISOs have recognised the need for a more integrated trust framework, with 48% also substantially increasing the use of cloud-based cyber security systems. In the future, the workforce will have even more autonomy within the decentralised cultures that develop as business leaders find new ways to drive collaboration and creativity. For the CISO, this means continuous adapting to an evolving workplace.

Why unstructured data is the future of data management

Today, data is a valuable corporate asset. You’ve got to be strategic with it because it’s not just for your BI teams, but for the R&D and customer success teams. They need historical data to build new products or to improve the ones they already have. This is super relevant in manufacturing, such as in the semiconductor chip industry, but also in other industries that are so important to our economy, such as pharmaceuticals. COVID researchers depended upon access to SARS data when developing vaccines and treatments. Data often becomes valuable again later, and what if you don’t know what you have or you can’t find it? We’ve had customers in the media and entertainment business, and in the past when they wanted to find an old show, they’d need access to a tape archive. Then, they needed an asset tag to locate the tape. That can be very difficult, and it’s why archiving is not popular. Live archive solutions that are available today make archived data instantly accessible and transparently tier data so users can easily locate files and access them anytime.

Here’s how to check your phone for Pegasus spyware using Amnesty’s tool

The first thing to note is the tool is command line or terminal based, so it will take either some amount of technical skill or a bit of patience to run. We try to cover a lot of what you need to know to get up and running here, but it’s something to know before jumping in. The second note is that the analysis Amnesty is running seems to work best for iOS devices. In its documentation, Amnesty says the analysis its tool can run on Android phone backups is limited, but the tool can still check for potentially malicious SMS messages and APKs. Again, we recommend following its instructions. ... If you’re using a Mac to run the check, you’ll first need to install both Xcode, which can be downloaded from the App Store, and Python3 before you can install and run mvt. The easiest way to obtain Python3 is using a program called Homebrew, which can be installed and run from the Terminal. After installing these, you’ll be ready to run through Amnesty’s iOS instructions. If you run into issues while trying to decrypt your backup, you’re not alone. The tool was giving me errors when I tried to point it to my backup, which was in the default folder. 

Critical Jira Flaw in Atlassian Could Lead to RCE

The vulnerability has to do with a missing authentication check in Jira’s implementation of Ehcache, which is an open-source, Java distributed cache for general-purpose caching, Java EE and lightweight containers that’s used for performance and which simplifies scalability. Atlassian said that the bug was introduced in version 6.3.0 of Jira Data Center, Jira Core Data Center, Jira Software Data Center and Jira Service Management Data Center (known as Jira Service Desk prior to 4.14). According to Atlassian’s security advisory, that list of products exposed a Ehcache remote method invocation (RMI) network service that attackers – who can connect to the service on port 40001 and potentially 40011 – could use to “execute arbitrary code of their choice in Jira” through deserialization, due to missing authentication. RMI is an API that acts as a mechanism to enable remote communication between programs written in Java. It allows an object residing in one Java virtual machine (JVM) to invoke an object running on another JVM; Often, it involves one program on a server and one on a client. ...”

Improving Your Productivity With Dynamic Problems

First, a Huffman code tree is built. Let the original alphabet consist of n characters, the i-th of which occurs pi times in the input text. Initially, all symbols are considered active nodes of the future tree, the i-th node is marked with pi. At each step, we take two active vertices with the smallest labels, create a new vertex, labeling it with the sum of the labels of these vertices, and make it their parent. The new vertex becomes active, and its two children are removed from the list of active vertices. The process is repeated many times until only one active vertex remains, which is assumed to be the root of the tree. Note that the symbols of the alphabet are represented by the leaves of this tree. For each leaf (symbol), the length of its Huffman code is equal to the length of the path from the root of the tree to it. The code itself is constructed as follows: for each internal vertex of the tree, consider two arcs going from it to the children. We assign the label 0 to one of the arcs, and to the other 1. The code of each symbol is a sequence of zeros and ones on the path from the root to the leaf.

Top 5 NCSC Cloud Security Principles for Compliance

Modern business IT infrastructures are complex, and data regularly moves between different across the network. It’s critical to protect sensitive data belonging to your customers and employees as it traverses between business applications/devices and the cloud. It’s also imperative that your cloud vendor protects data in transit inside the cloud such as when data is replicated to a different region to ensure high availability. ... Different regulations have different requirements about where protected data can be stored. For example, some regulations stipulate that data can only be transferred to companies with sufficient levels of protection in processing personal data. If your business opts for a cloud provider that doesn’t provide transparency over the location of data, you could end up unknowingly in breach of regulations. ... The last thing your business wants is to use a public cloud service only to find that a malicious hacker accessed your sensitive data by compromising another customer first. This type of concerning non-compliance scenario can happen when there is an insufficient separation between different customers of a cloud service.

Data and Analytics Salaries Heat Up in Recovery Economy

There are a few reasons why the market is really strong for data scientist and analytics pros right now. First, we are coming off a period of stagnation where no one wanted to change jobs and salaries stayed the same. That means those individuals who were considering a job change most likely put those plans on hold during the pandemic. Now all those people are getting back into the market. Second, there are so many new remote job opportunities, which opens up a whole new realm of job possibilities for data science and analytics pros. Third, as people move on to new jobs, they create vacancies where they were, opening up additional job vacancies. Fourth, there are some industries that had to change their business models to continue to operate during the pandemic economy. Burtch Works specifically points to retail, which had to enable digital channels to replace sales lost in brick-and-mortar stores. The Burtch Works report notes that many retailers have been expanding their data science and analytics teams and offering higher compensation than Burtch Works has typically seen in retail.

Home-office networks demand better monitoring tools

Networking professionals said they are enhancing their network operations toolsets in three primary ways. First, 54.2% are looking for tools that deliver security-related insights into home-office environments. This will help them collaborate with security teams to ensure that their increasing distributed networks are compliant with policies. It will also help them discern whether a user-experience issue is related to a security problem. Second, 52.6% need new dashboard and reporting features that allow them to focus on home offices and remote workers, which will help admins and engineers spot problems and troubleshoot them more efficiently. If their existing tools lack adequate dashboard and reporting customization, they’ll have to look elsewhere for this view into their networks. Third, 49.4% need to upgrade the scalability of their tools. ... Network teams will need to integrate their tools with other systems to improve their ability to support home workers. For instance, 43% said home-office monitoring requirements are producing a need for their monitoring tools to integrate with their SD-WAN or secure access service edge (SASE) solution. 

Hybrid work: 7 ways to enable asynchronous collaboration

One of the main differences between asynchronous and synchronous work is that the former tends to center on time- or task-defied work processes. “Asynchronous work requires a grasp of what the outcome – the final product of work – needs to be, as opposed to the amount of time spent in close coordination producing the final product,” says Dee Anthony, director at global technology research and advisory firm ISG. IT leaders need to get better at defining, managing, and measuring outcomes. Anthony suggests taking a page out of the agile playbook: Identify outcomes, estimate the effort required to accomplish them, track work velocity, and perform regular reviews. You must also foster a culture of trust. “Having people work across time, even in the same country, means that the old nine-to-five is out the window,” says Iain Fisher, director at ISG. "Managers cannot be there all the time, so a culture change of trust and respect must evolve." ... “Working asynchronously requires very strong written communication skills to avoid ambiguity and misunderstanding,” says Lars Hyland

Outcome Mapping - How to Collaborate With Clarity

The Outcome Map is an excellent way to create energetic communication, clarity, and alignment from the start (or re-start) of any initiative. It also reminds you to stay on track as you progress, and how to know when we’re drifting from the path. By adding measurements and methods, you can describe where you want to go and how you plan to get there. In both a project and product approach, clarity of outcomes is critical, but what’s often forgotten are the factors affecting the odds of achieving the outcome. Outcome mapping allows us to explore, anticipate, and design mitigation approaches to factors impacting our desired outcome. For this reason, it’s also commonly referred to as impact mapping. In practice, you can map many factors involved in a given outcome, but a few critical ingredients should always be present. Defining measures (or indicators) of progress (summarized as ‘Measures’ in the map itself) allows you to measure and celebrate progress without waiting until the distant deadline of your primary outcome to find out if you’ve succeeded or failed.

Quote for the day:

"It is the responsibility of leadership to provide opportunity, and the responsibility of individuals to contribute." -- William Pollard

No comments:

Post a Comment