Daily Tech Digest - June 06, 2022

How to Build a Data Science Enablement Team

Data scientists may use processes and tools you’re unfamiliar with, and those processes may not initially jibe with your own. For instance, data scientists may not think twice about emailing you code via Jupyter Notebooks. Or, they might use different versions of Python to create base images, with none in synchronization with each other. Consider offering alternatives to help them improve their workflows (and make your life a bit easier). For example, help them organize what they’re working on by setting up a Jupyter Hub instance or git repository. Making their jobs easier will help build the relationship. ... Most data scientists don’t want to become software developers any more than you probably want to become a data scientist. But bringing them into the DSET isn’t about getting them to learn more about software development — it’s about helping both you and them become more cognizant of the processes you both adhere to. So, while you’re empathizing with their work patterns, get them to understand how adopting some of your processes can help them in their daily workflows.

Feds Issue Alerts for Several Medical Device Security Flaws

The FDA in its alert for healthcare providers says the RUO devices are typically used in a development stage and are not for use in diagnostic procedures. But, it adds, many laboratories may be using the devices with tests for clinical diagnostic use. The vulnerabilities are exploitable remotely and have a low attack complexity, CISA says. The Illumina vulnerabilities involve path traversal, unrestricted upload of file with dangerous type, improper access control, and cleartext transmission of sensitive information. The vulnerabilities were scored as having CVSS v3 base scores of between 7.4 and 10.0. "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level," CISA warns. "An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network." "Illumina has confirmed a security vulnerability affecting software in certain Illumina desktop sequencing instruments," the company says in a statement provided to Information Security Media Group. 

Crypto FUD: Quantum Computing Will Dwarf Blockchains’ Security

According to the research carried out by the team at Sussex, they concluded that only a supercomputer with a processing power of over 317 Quantum Bits could break down the SHA-256 algorithm in an hour or two. At the moment, the IBM supercomputer boasts around 127 qubits showing that it is still far behind the ‘possible’ processing power required to start causing damage to the Bitcoin algorithms. For Bitcoin’s blockchain to be broken, the supercomputer would need to perform a 50+1 attack involving taking over the blocks’ mining process. Bitcoin mining is done using special hardware called the Application Specific Integrated Circuits (ASICs), specifically made for the mining rigs. The circuits use a programming method/ hash function known as “puzzle friendliness,” where every input is expected to provide a good output, and if it doesn’t, then it is detected by the whole system, and the miner gets notified. That means the operation of the ASICs cannot begin to be tampered with by any computer without all miners working on the same block being notified concurrently. 

8 ways level of detail could improve digital twins

The architectural, engineering, and construction industry uses a related concept called Level of Development in Building Information Modeling (BIM) to characterize changes in technical design depth across a project’s development process. It describes the level to which planning teams have fleshed out the specifications, geometry and attached information. In the early stages, planning groups may just want to quickly estimate the overall cost and complexity of a project before proceeding. Later, domain experts such as electricians, plumbers and structural engineers can plan out exact gauges of wire and pipe in richer depth. These later levels of development can help plan orders and schedule the construction sequence so that teams do not interfere with each other. ... In good experience design, it is often helpful to guide a user’s attention to a particular detail. For example, it might be more beneficial to highlight the exact screws a repair technician needs to remove rather than render a scene in complete detail using an augmented reality overlay. Researchers believe that using LOD for glanceable interfaces could clarify complicated repairs and procedures. In musical concerts, visual augmentation with LOD could enhance the audience experience.

Considering digital trust: why zero trust needs a rethink

Knowing that digital trust is now critical for all businesses and organisations today; why has zero trust gained so much attention? Well, simply put, we can’t assume that we should trust everything, take a zero trust approach, then establish and maintain trust. From a security leader and CISO perspective, that means that we need to establish and maintain trust with all entities that make up and interact with the business. As such, digital trust here is the trust in machines, software, devices, and humans interacting with digital services that now power our world. It should not be confused with zero trust, which is often misinterpreted. The ‘zero’ implies no trust at all exists. Trust is dynamic, and it needs to be constantly upheld. The way enterprises approach establishing digital trust is important to ensure the functioning of the business, but specifically the security of both human and machine identities. While many organisations focused on zero trust initiatives over the past few years, many recognised that trust in humans and machines is the foundational layer. In the modern enterprise, security leaders must design solid identity-first security frameworks deeply rooted in cryptography for digital trust to be established.

Connected Healthcare Takes Huge Leap Forward

Business and IT leaders who ignore connected healthcare do so at their own peril. A study from Doctor.com found that 83% of patients using telemedicine plan to continue with it after the pandemic. In addition, 68% prefer to use their mobile phone to make appointments and handle other tasks, and 91% say that connected tech is valuable for managing prescriptions and compliance. At some point -- and there’s some indication that it’s already happening -- consumer companies like Apple, Withings, Ōura and Fitbit will steal away opportunities for new products and services. Already, drug store chains and smaller and more disruptive companies are establishing footholds, and new and innovative healthcare products are appearing. “There are growing opportunities for data and app-related services, apps, subscriptions and more but traditional healthcare providers often don’t see this,” Schooley points out. Establishing an IT foundation to support connected health is vital. Hall says this includes a cloud-first architecture, integrating IoT and edge technologies, focusing on data standards, building more sophisticated and interactive apps, exploring partnerships, and cultivating skillsets needed to support both innovation and operations.

The costs and damages of DNS attacks

A DNS attack does not just result in an inconvenient business disruption but can be a costly expense for organizations. In the past 12 months, APAC has become the region with the highest average cost of a successful attack at $1,036,040, an increase of 14% when compared to 2021, while EMEA and North America’s average cost of successful attack has decreased by 4% and 7% respectively. Malaysia (21%), Germany (18%) and both India and the UK (14% each) experienced the highest increase in the cost of an attack, while Spain saw its cost of damages plummet by almost half (48%) when compared to 2021. France and the US were the only other countries that saw a decline in the average cost with 21% and 5% respectively. Cybercriminals are continuing to use all available tools to gain access to networks, disrupt the business and steal data by specifically targeting the hybrid workforce, with DNS-based attacks becoming increasingly pervasive across all industries. In the last year, 70% of organizations suffered with in-house and cloud application downtime, with the average time to mitigate these threats increasing to 6 hours and 7 minutes, meaning that employees, partners, and customers were unable to access any services.

Government Agencies Seize Domains Used to Sell Credentials

"The actions executed by our international partners included the arrest of a main subject, searches of several locations, and seizures of the web server's infrastructure," according to the DOJ. In December 2020, Britain's National Crime Agency reported arrests of 21 individuals on suspicion of purchasing personally identifiable information from the WeLeakInfo website for a variety of purposes, including the buying and selling of malicious cyber tools such as remote access Trojans, aka RATs, as well as to buy "cryptors," which can be used to obfuscate code in malware, according to the NCA. It has said that all are men, ranging in age from 18 to 38 and the arrests took place over a five-week period starting in November 2020. Beyond the 21 people arrested by police, another 69 individuals in England, Wales and Northern Ireland have received warnings from the NCA or other domestic law enforcement agencies, saying they may have engaged in criminal activity tied to the investigation. Sixty of those individuals also received cease-and-desist orders from police.

The Value of Data Mobility for Modern Enterprises

Despite all the excitement about data analytics, it’s not a silver bullet. Turning data into real business value isn’t simply a matter of deploying all the right tools. To be sure, it requires some smart investment in good technology, but ultimately, it’s got to be about identifying high-value business cases and making sure that your business users have what they need to deliver positive outcomes. Business success is virtually always about compromise. For years, CTOs have grappled with the pros and cons of unified systems versus best-of-breed environments. They have weighed the advantages of diverse, purpose-built systems against the inherent value of a large-scale monolithic platform that offers a holistic approach to the business. In the end, best-of-breed won that battle. As a result, the problem of data silos became more pronounced. The hunger for real-time analytics has rendered the pain caused by data silos far more palpable. But there is good news; if we make the data from all those different systems available in a single place, we can have the best of both worlds.

Digital transformation: How to gain organizational buy-in

Data analytics does not always require data scientists. CIOs and IT leaders often reach a turning point when they discover that most employees can be trained to become resident data analytics subject experts. When employees combine new knowledge of data analysis with their existing knowledge of the processes or machines, they can quickly be at the forefront of a digital journey. This is welcome news to most IT leaders, simply because the demand for skillsets in data science and cybersecurity has skyrocketed. Upskilling existing team members can be critical in attaining sustained adoption and continuous improvements of digital solutions. This includes long-term improvements in employee engagement and retention, increased cross-functional collaboration, and adoption of modern technology trends. Along with their technical skills, employees need to be skilled at diagnostics and problem-solving using the data now readily available to them. Employees who may have previously been data-gatherers can shift to become problem-solvers based on new data-driven insights. Make sure your employees are ready to learn and grow to take advantage of these opportunities.

Quote for the day:

"The essence of leadership is the willingness to make the tough decisions. Prepared to be lonely." -- Colin Powell

No comments:

Post a Comment