The Old Ways Aren’t Working: Let’s Rethink OT Security
Traditionally, OT systems were not connected to the Internet, but that has been
changing in recent years as organizations have focused on making OT more
efficient, safer, and cost-effective. “One of the ways to do that is to start
using IT and connect OT to the Internet,” Masson says. The world of IT has the
Internet of Things (IoT). The equivalent in the world of critical infrastructure
– the sensors used in manufacturing facilities and out in the field – is the
industrial Internet of Things (IIoT). While IT/OT convergence has significant
benefits, such as the ability to monitor and manage OT remotely and collect
information from sensors located in remote locations, it also introduced threats
from the IT world that had never existed before in OT networks, Masson says. ...
That is no longer the case. Cybercriminal gangs have figured out that they can
make money out of targeting critical infrastructure. While some criminal gangs
may be possibly acting on the behalf of nation-states, many are also flowing
some of the ransom money “back into their own R&D,” Masson says. The
convergence of IT and OT has made it possible for these criminal gangs to adapt
their IT-based attacks to target critical infrastructure providers.
How to improve your SaaS security posture and reduce risk
Adaptive Shield’s SaaS Security Posture Management (SSPM) provides proactive,
continuous and automated monitoring of any SaaS application, alongside a
built-in knowledge base of compliance standards and benchmarks to ensure the
highest level of SaaS security available today. As a SaaS offering that
integrates with SaaS, the solution can be live in minutes. Once in place, it
provides customers with clear visibility into their whole SaaS ecosystem where
it can detect any misconfiguration, incorrect permissions, and all possible
exposure, wherever they may be. Through its automated remediation capabilities,
the solution sends detailed alerts at the first sign of a security
misconfiguration. This allows the security team to quickly open a ticket to fix
the issue with no go-between and no lengthy additional steps. ... It’s a common
occurrence – that “wow” moment when the client sees their SaaS security posture
for the first time on Adaptive Shield. They are able right away to glean the
potential places for breach or leak and are excited for the map of how to fix
it.
Fixing the blind spots in your digital transformation efforts
There’s often a disconnect between what your customers say they want to do and
what they actually do. That’s why it is critical to have visibility into your
customers’ product journeys. For example, what actions in the product lead to a
repeat user? Where are your biggest drop-off rates? Where are users stalling in
the purchase process? You can use these insights to optimise your digital
product. Facebook famously discovered that the key to great user engagement was
adding seven friends in the first 10 days of signing up. The company re-designed
its product experience around this insight, and we all know that turned out to
be a success. But the tricky part is getting your hands on this product data –
the sheer number of data points needed to join, analyse, and correlate customer
actions to outcomes makes this incredibly complicated. Companies have tried (and
failed) to use web and marketing analytics tools to pull this off, but these
products weren’t built for the scale and complexity of today’s digital products.
Instead, teams need to utilise product-specific tools that leverage machine
learning and offer real-time insights.
Leading With Empathy
Frоm a global реrѕресtіvе, empathy іѕ infinitely important раrtісulаrlу іf іt
ends іn соmраѕѕіоn. Emраthу motivates people tо step іn and hеlр those who have
bееn struck by major disasters even іf they аrе tоtаl strangers. Empathy brings
out the best in us and improves the global quality of life. There is a dire need
for collaboration, compassion, kindness, and empathy in these challenging times.
Empathy is the ability to emotionally understand what other people feel, see
things from their perspective, and imagine yourself in their place. It is a
skill and not a trait. One’s upbringing, environment, life experiences, and
interactions with other empathic people strongly influence empathy. Empathy is a
scarce resource in our organizations and communities today. Contrary to what
people believe, you do not need permission to lead with empathy. Anyone can be
an empathic leader. Your actions to improve someone’s quality of life in
adversity are what make you an empathic leader. Empathic leaders are in short
supply in the workforce as well. The stereotype of a workforce leader has been
military in nature with no leeway for human emotions.
CRISP: Critical Path Analysis for Microservice Architectures
At Uber, most services are Jaeger enabled and hence we are able to collect a
reliable dependency graph of RPC calls for a given request. However, the
amount of data would be prohibitive if all requests were traced. Hence, we
employ a sampling strategy to collect a fraction of requests. If a request is
tagged for Jaeger monitoring at the system’s entry point, all its subsequent
downstream calls made on behalf of the request are collected into a single
trace. We store Jaeger traces in different data stores with different shelf
lives. We refer the reader to the Jaeger Uber engineering blog and the
open-source code base for further details about Jaeger. Unfortunately, in a
complex microservice environment, the Jaeger traces are hard to digest via
visual inspection. Even a single trace can be very complicated as shown in the
call graph and timeline views in Figure 2 below, which are taken from a
real-world microservice interaction at Uber. This motivates the need for
tooling to analyze and summarize the traces into actionable tasks for
developers.
The Mindset of an Impactful Component Team in Agile
Developing a solution that doesn't exist or which needs to be modified to fit
into the layers of architecture is a huge responsibility. In the beginning,
the right solution might look like a far-away dream for a number of reasons
such as time taken in selection and availability of tools, initial prototype
failures, lack of ideas, solution stuck on a unique point which requires
significant exploration or help from open sources adding to the delay,
infrastructure issues, etc. Successful component teams I have seen, don’t get
carried away from the situational setbacks; they understand the inherent
challenges in the technology they work with and remain determined to get the
job done. They take the challenges on daily basis, exhibit perseverance,
possess a never say die attitude, are open for discussions, and reach out to
people they need help from. Leadership support, sessions by agile coaches, and
grooming by experienced SMEs play a good role in helping the teams develop
this mindset which assures desired outcome in the long run.
How to Build a Security Awareness Training Program that Yields Measurable Results
Employees represent security risks mainly because they are unaware of how
their actions and decisions cause security incidents. To address this cause,
enterprises undertake extensive security awareness training efforts to help
employees know what they should and shouldn't do when working digitally. The
mere act of exposing employees to security training is not enough; a program
is not effective unless it produces results in building real skills that
change employee behavior and empower them to make the right choice in the
face of a cyberattack. To achieve this, companies must select a security
awareness training that is data-driven, adaptive per employee location,
takes into account role and behavior towards cyber training, is continuous
and high-frequency, and engages each employee at least once a month. Some of
the key features organizations should be looking for in a security awareness
program can be divided into the following. The more employees are exposed to
real-life phishing emails and other security risks, the more likely they are
to succeed in protecting the organization and assets against phishing,
malware, and many other threats.
How Automation is Changing Entry-Level Career Paths in IT
“It is important to realize that AI and automation won’t be replacing IT
workers,” says venture advisor and investor Frank Fanzilli. “These
technologies simply enable an IT worker to effectively manage ever more
complex and rapidly changing systems.” Fanzilli says with automation on the
way to becoming an entirely new discipline within IT -- one that will
radically change how IT work is delivered -- it makes it a great opportunity
for entry-level IT workers to exploit the skill gap and become the next
generation of IT leaders. He says entry-level engineers should make sure
they understand transformative automation technologies such as robotic
process automation and digital platform conductors and then build a career
path that leverages these technologies to drive ever greater business value.
“You’re already seeing this happen with the rapid adoption of platforms such
as UIPath and ReadyWorks and the effect these human/automation interfaces
are having in driving down costs and improving overall quality,” Fanzilli
notes.
Tackling the root of the public sector’s cyber security problem
Many governmental organisations rely on outdated systems, choosing to retain
platforms that are increasingly frustrating to use. Budgetary constraints
and responsibility of public money can lead the public sector to veto new
technology investments in favour of a ‘if it ain’t broke’ mentality. Of
course, stringing along outdated systems is a false economy. Built in a
different era for different demands, legacy IT impedes the work of
individuals, teams or entire organisations and often requires a complex
estate of specialised and tailored legacy applications. Over time, these
outdated ecosystems become more expensive to support, patch and update,
consuming up to 50% of annual IT budgets, in the case of the UK government
itself. On the flipside, newer systems, applications and platforms open a
wealth of benefits, from bottom-line financial improvements, efficiency
gains, or even the positivity of a much better user experience. The problem
is, the longer outdated technology is in place, the more difficult it is to
replace. Rewriting those applications from scratch to ensure compatibility
with modern platforms can be expensive and time consuming.
Faster Financial Software Development Using Low Code: Focusing on the 4 Key Metrics
To that end, low-code/no-code platforms are rapidly accelerating the
capabilities of the enterprise to develop robust, bespoke applications with
speed and security as part of their remit to clients. Examples of these
range from the extremely targeted Genesis, a low-code/no-code platform built
specifically for financial markets to the “one-size-fits-all” Appian, a
general purpose low-code/no-code platform used to build many enterprise
applications. With low code and no code, “citizen” developers are empowered
to build applications and help unclog always-under-pressure IT departments.
Achieving speed, stability, and availability in software development is
possible; in fact, these are all complementary outcomes. In this article,
I’ll share actionable tips to achieve an effective pace of software
development, as defined by the 4 key performance metrics described in
Accelerate, a book by Dr. Nicole Forsgren et al., and with current industry
data from the 2021 State of CD report from the Continuous Delivery
Foundation.
Quote for the day:
"The person who sees the
difficulties so clearly that he does not discern the possibilities cannot
inspire a vision in others." - J. Oswald Sanders
No comments:
Post a Comment