Credentials Are the Best Chance To Catch the Adversary
It used to be that attackers would batter the networks of their targets. Now, they may use LinkedIn and social media to identify your employees’ personal email accounts, hack them, and look for other credentials. External actors may also identify unhappy employees posting negative reviews on Glassdoor and offer to buy their credentials. Or these actors may just boldly call your employees out of the blue and offer to pay them for their login information and ongoing approval of multi-factor authentication (MFA) prompts. As a result, MFA is no longer a reliable tool in preventing attacks, as it can be easily gamed by malicious insiders. ... Not every attack uses stolen credentials to gain initial access to networks, but every attack eventually involves credentials. After gaining access to networks, bad actors see who has privileged access. ... Between nation-state actors, criminal gangs, computer-savvy teenagers and disgruntled insiders, the likelihood is that your network has already been penetrated. What you need now is to detect these attacks at speed to minimize their damage.
Artificial Intelligence Without The Right Data Is Just... Artificial
Successful AI “requires data diversity,’ says IDC analyst Ritu Jyoti in a report from earlier in 2022. “Similarly, the full transformative impact of AI can be realized by using a wide range of data types. Adding layers of data can improve accuracy of models and the eventual impact of applications. For example, a consumer's basic demographic data provides a rough sketch of that person. If you add more context such as marital status, education, employment, income, and preferences like music and food choices, a more complete picture starts to form. With additional insights from recent purchases, current location, and other life events, the portrait really comes to life.” To enable AI to scale and proliferate across the enterprise, “stakeholders must ensure a solid data foundation that enables the full cycle of data management, embrace advanced analytical methods to realize the untapped value of data,” says Shub Bhowmick, co-founder and CEO of Tredence. “In terms of data availability and access, businesses need a way to parse through huge tracts of data and surface what’s relevant for a particular application,” says Sachdev.
Web3, the Metaverse and Crypto: Trends to Expect in 2023 and Beyond
If something good can come from FTX, it is that more regulations are coming,
especially for centralized crypto exchanges, along with stricter rules on
investor protection in the crypto trading space. Even Congress is paying
attention, having summoned SBF for a congressional hearing (he was arrested the
day before the scheduled hearing). These regulations are overdue – I have
advocated for regulating centralized crypto exchanges since 2017. However, it’s
better late than never. Legislators and regulators world-wide have zeroed in on
the crypto market with an attempt to lay out rules, which hopefully prevents
future catastrophes such as FTX. But legislators and regulators must be cautious
in their approach, making sure not to stifle Web3 innovation. If they understand
the difference between cryptocurrency as an asset class that trades on a
centralized trading platform, and innovation that utilizes Web3 technology, and
stick to investor protection while creating a welcoming environment for the
development of Web3 applications, then we might be expecting a favorable
legislative environment both for investors and developers.
Microservices Integration Done Right Using Contract-Driven Development
When all the code is part of a monolith, the API specification for a service
boundary may just be a method signature. Also, these method signatures can be
enforced through mechanisms such as compile time checks, thereby giving early
feedback to developers. However, when a service boundary is lifted to an
interface such as http REST API by splitting the components into microservices,
this early feedback is lost. The API specification, which was earlier documented
as an unambiguous method signature, now needs to be documented explicitly to
convey the right way of invoking it. This can lead to a lot of confusion and
communication gaps between teams if the API documentation is not machine
parsable. ... Adopting an API specification standard such as OpenAPI or AsyncAPI
is critical to bring back the ability to communicate API signatures in an
unambiguous and machine-readable manner. While this adds to developers’ workload
to create and maintain these specs, the benefits outweigh the effort.
The Threat of Predictive Policing to Data Privacy and Personal Liberty
It's not just related to law enforcement targeting; it's also related to any
legal decisions. Custody decisions, civil suit outcomes, insurance decisions,
and even hiring decisions can all be influenced by the RELX-owned LexisNexis
system, which gathers and aggregates data. Unfortunately, there's little
recourse for someone who was unfairly treated due to a data-based risk
assessment because people are rarely privy to the way these decisions are
made. So, a corporate HR manager or Family Court judge could be operating off
bad or incomplete data when making decisions that could effectively change
lives. RELX and Thomson Reuters have disclaimers freeing them from liability
for inaccurate data, which means your information could be mixed in with
someone else's, causing serious repercussions in the wrong circumstances. In
2016, a man named David Alan Smith successfully sued LexisNexis Screening
Solutions when the company provided his prospective employer with an
inaccurate background check.
10 digital twin trends for 2023
Over the last year, the world has been wowed by how easy it is to use ChatGPT
to write text and Stable Diffusion to create images. ... Over the next year,
we can expect more progress in connecting generative AI techniques with
digital twin models for describing not only the shape of things but how they
work. Yashar Behzadi, CEO and founder of Synthesis AI, a synthetic data tools
provider, said, “This emerging capability will change the way games are built,
visual effects are produced and immersive 3D environments are developed. For
commercial usage, democratizing this technology will create opportunities for
digital twins and simulations to train complex computer vision systems, such
as those found in autonomous vehicles.” ... Hybrid digital twins make it
easier for CIOs to understand the future of a given asset or system. They will
enable companies to merge asset data collected by IoT sensors with physics
data to optimize system design, predictive maintenance and industrial asset
management. Banerjee foresees more and more industries adopting this approach
with disruptive business results in the coming years.
Change Management is Essential for Successful Digital Transformation
Vasantraj notes, “Organizational culture is vital in fostering leadership
and enabling enterprises to adapt. Successful teams are built on trust and
the ability to put aside self-interest and work together. Teams must think
of organizations as a single entity and keep a growth mindset.” This type of
collaborative culture doesn’t emerge without a lot of effort. Amy Ericson, a
Senior Vice President at PPG, suggests one way a great change management
leader can make their efforts employee-centric is to lead with empathy. She
makes three helpful recommendations, “First, ask how your people are. Really
ask them. Then, listen. You may find that they’re struggling, and your
interest in how they are doing and genuine concern will help them move
forward productively. Second, acknowledge their situation and ask how you
can help. Do they need access to new tools or resources? Do they need a
different schedule? Third, thank them, and follow through. Praise their
courage to be honest, and deliver on your promises to help them succeed.”[5]
Beyond being an empathetic leader, the BCG team highly recommends getting
employees involved from the beginning of the change process.
.
‘There’s a career in cybersecurity for everyone,’ Microsoft Security CVP says
When there’s an abundance of opportunities, there are many ways of getting
into that opportunity. We do have an incredible talent shortage. Going back
to a myth buster, 37% of the people that we surveyed said that they thought
a college degree was necessary to be in security. It’s not true. You don’t
need a college degree. Many security jobs don’t require a four-year college
degree. You can qualify by getting a certificate, an associate degree from a
community college. Hence, why we are working with community colleges.
There’s also a lot of resources for free because it can be daunting. The
cost itself can be daunting, but there’s a lot of resources. Microsoft has a
massive content repository that we have made available. We have made
certifications. These are available to anyone who wants to take them, and
there are ways you can train yourself and get into cybersecurity. We have
this abundance of opportunity, which creates new ways of getting in, and we
need to educate people about all these facets about how they can get in.
How the Rise of Machine Identities Impacts Enterprise Security Strategies
First, security leaders must rethink their traditional identity and access
management (IAM) strategies. Historically, IAM has focused on human
identities authenticating access systems, software and apps on a business
network. However, with the rise of containers, APIs and other technology, a
secure IAM approach must utilize cryptographic certificates, keys and other
digital secrets that protect connected systems and support an organization’s
underlying IT infrastructure. With the shift to the cloud, a Zero Trust
framework has become the new security standard, where all users, machines,
APIs and services must be authenticated and authorized before being able to
access apps and data. In the cloud, there is no longer a traditional
security perimeter around the data center, so the service identity is the
new perimeter. When handling machine identities, fine-grained consent
controls are essential in protecting privacy as data is moved between
machines. The authorization system discerns the “who, what, where, when, and
why” and confirms that the owner has consented to the sharing of that data
and the person requesting access isn’t a fraudster.
3 Predictions For Fintech Companies’ Evolution In 2023
If you spend even five minutes on LinkedIn, you know the debate between
in-person, hybrid and distributed work is still a hot one. But what does the
data tell us? Owl Lab’s State of Remote Work Report found the number of
workers choosing to work remotely in 2022 increased 24%, those choosing
hybrid went up 16% and interest for in-office work dropped by 24%. The data
keeps rolling in with this McKinsey study that found, when offered, almost
everyone takes the opportunity to work flexibly. Companies looking to
embrace this flexible work mindset should focus on improving and optimizing
synchronous activities like all-hands meetings, lunch and learns, and coffee
chats. Supporting asynchronous work is also important. Personally, I’m a
champion of written and narrative documentation of projects, which allows
people to review and process on their own time and at their own pace. In my
experience, this makes meetings even more productive and impactful so people
can focus on the outcomes of time spent together. No one has a crystal ball
for what the next year holds.
Quote for the day:
"Leadership matters more in times of
uncertainty." -- Wayde Goodall