Daily Tech Digest - August 05, 2022

Auto Industry at Higher Risk of Cyberattacks in 2023

Connected cars are one of the most significant factors driving these risks. These vehicles feature connectivity and include autonomous features, so attackers have more potential entry points and can do additional damage once inside. Self-driving vehicle sales could reach 1 million units by 2025 and skyrocket after, so these risks will grow quickly. Automakers also face risks from connected manufacturing processes. This trend has emerged in other sectors that have embraced IT/OT convergence. One-quarter of energy companies reported weekly DDoS attacks after implementing Industry 4.0 technologies. Their attack surfaces will increase as car manufacturers likewise implement these systems. ... One of the most important changes to make is segmenting networks. All IoT devices should run on separate systems from more sensitive endpoints and data to prevent lateral movement. Encrypting IoT communications and changing default passwords is also crucial. Manufacturers should update these systems regularly, including using updated anti-malware software. 

Why Developers Need a Management Plane

A management plane empowers line developers to accomplish all of this without having a deep understanding or mastery of how to work native data plane configuration files and policies for firewalls, networking, API management and application performance management. With the management plane, platform ops teams can reduce the need for developers to build domain-specific knowledge outside the normal realm of developer expertise. For example, a management plane can have a menu of options or decision trees to determine what degree of availability and resilience an application requires, what volume of API calls can be issued against an app or service or where an app should be located in the cloud for data privacy or regulatory reasons. Equally important, the management plane can improve security by providing developers smart recommendations on good security practices or putting in place specific limits on key resources or infrastructure to ensure that developers shifting left don’t inadvertently expose their organization to serious risk.

Tech hiring enters the Big Freeze

Google and Microsoft are not the only tech companies that have started to take a more cautious approach to hiring. Earlier this year, Twitter initially issued a hiring freeze, then laid off 30% of its talent acquisition team earlier this month. At the end of June, Meta CEO Mark Zuckerberg was hostile on a call with employees, saying that “realistically, there are probably a bunch of people at the company who shouldn’t be here.” A month later, the company’s Q2 2022 financial results showed its first ever decline in revenue, with Zuckerberg telling investors that the economic climate looked even graver than it did the previous quarter. Around the same time, Apple also announced that, while the company will continue to invest in product development, it will no longer increase headcount in some departments next year. ... Research shows that employees want to be regularly offered training and the chance to develop new skills and are more likely to stay at a company if given those opportunities. The Great Resignation was a major topic of conversation in the first half of this year and, for companies that are no longer hiring, losing more employees is not an option.

Cybersecurity could offer a way for underrepresented groups to break into tech

It seems that given the sheer number of people needed in cybersecurity in the coming years could represent a way for historically underrepresented groups to find their way into tech. CJ Moses, CISO at AWS, spoke at the company keynote about the importance of diverse ways of thinking when it comes to keeping companies secure. “Another key part of our culture is having multiple people in the room with different outlooks. This could be introversion or extroversion, coming from different backgrounds or cultures, whatever enables your culture to be looking at things differently and challenging one another,” he said. He added that new ways of thinking can be transformative to cybersecurity teams. “I also think new hires can offer a team high levels of clarity because they don’t have years of bias or a group think baked into their mechanisms. So when you’re hiring, our best practices encourage being sensitive to the makeup of the interview panels, having multiple viewpoints and backgrounds, because diversity brings diversity.”

3 Things The C-Suite Should Know About Data Management And Protection

Ultimately, the massive increases in the three Vs have, by and large, resulted in inconsistent data management and protection policies in companies across the globe. So, traditional approaches to data management and protection are no longer sufficient. You need to be prepared to support empowering your IT department with the ability to meet today’s challenges. Consider solutions like autonomous data management, which uses AI-driven technology to fully automate self-provision, self-optimization and self-healing data management services for the vast amounts of data in the multi-cloud environments enterprises are migrating toward. ... The cloud makes a lot of sense for a lot of reasons. It’s flexible, with scalability and mobility; efficient, including its accessibility and speed to market; and cost-effective, as it includes pay-as-you-go models and helps eliminate hardware expenses. But it can be a fickle beast, especially in this ever-increasingly multi-cloud world. This refers to how enterprise data is being dispersed across on-premises data centers and the many private and public cloud service providers.

5 best practices for secure collaboration

What we have seen is that has rapidly changed now over the last couple of years as calling is still obviously very important, but other collaboration technologies have entered the landscape and have become equally, if not arguably, more important. And the first one of those is video. The challenges, when you think about securing video, obviously a lot of folks have heard about unauthorized people [discovering] a meeting and [joining] it with an eye toward potentially disrupting the meeting or toward snooping on the meeting and listening in. And that has, fortunately, been addressed by most of the vendors. But the other real concern that we have seen arise from a security and especially a compliance perspective is meetings are generating a lot of content. ... If you are a CSO, obviously you have ultimate responsibility for collaboration security. But you also want to work with the collaboration teams to either delegate ownership of managing day-to-day security operations to those folks or working with them to get input into what the risks are and what are the possible mitigation techniques. 

Build .NET apps for the metaverse with StereoKit

Developing with StereoKit shouldn’t be too hard for anyone who’s built .NET UI code. It’s probably best to work with Visual Studio, though there’s no reason you can’t use any other .NET development environment that supports NuGet. Visual Studio users will need to ensure that they’ve enabled desktop .NET development for Windows OpenXR apps, UWP for apps targeting HoloLens, and mobile .NET development for Oculus and other Android-based hardware. You’ll need an OpenXR runtime to test code against, with the option of using a desktop simulator if you don’t have a headset. One advantage of working with Visual Studio is that the StereoKit development team has provided a set of Visual Studio templates that can speed up getting started by loading prerequisites and filling out some boilerplate code. Most developers are likely to want the .NET Core template, as this works with modern .NET implementations on Windows and Linux and gets you ready for the cross-platform template under development. 

The Data science journey of Amit Kumar, senior enterprise architect-deep learning at NVIDIA

The most important thing for aspirants is to get the fundamentals right before diving into data science and AI. Having a basic but intuitive understanding of linear algebra, calculus, and information theory helps to get a faster grip. Aspiring data scientists should not ignore fundamental principles of software engineering, in general, because nowadays the market is looking for full-stack data scientists with the capability to build an end-to-end pipeline, rather than just being a data science algorithm expert. ... My biggest challenge, which ultimately turned into my biggest achievement, was to start from scratch and build a world-class center of excellence in data science at HP India along with Niranjan Damera Venkata, Madhusoodhana Rao and Shameed Sait. This challenge was turned into an achievement by going into the start-up mode within HP. Though we were part of a large organisation, we made sure that the center of excellence operates the way a successful startup works by inculcating the culture of mutual respect and healthy competition, attracting and hiring best talents, and providing freedom and flexibility.

Confidential Computing with WebAssembly

Confidential computing is of particular use to organizations that deal in sensitive, high value data — such as financial institutions, but also a wide variety of organizations. “We felt that confidential computing was going to be a very big thing be that it should be easy to use,” said Bursell, was then chief security architect in the office of Red Hat’s chief technology officer. “And rather than having to rewrite all the applications and learn how to use confidential computing, it should be simple.” But it wasn’t simple. Among the biggest puzzles: attestation, the mechanism by which a host measures a workload cryptographically and communicates that measurement to a third party. “One of the significant challenges that we have is that all the attestation processes are different,” said McCallum, who led Red Hat’s confidential computing strategy as a virtualization security architect. “And all of the technologies within confidential computing are different. And so they’re all going to produce different cryptographic caches, even if it’s the same underlying code that’s running on all.”

The Computer Scientist Challenging AI to Learn Better

The most successful method, called replay, stores past experiences and then replays them during training with new examples, so they are not lost. It’s inspired by memory consolidation in our brain, where during sleep the high-level encodings of the day’s activities are “replayed” as the neurons reactivate. In other words, for the algorithms, new learning can’t completely eradicate past learning since we are mixing in stored past experiences. There are three styles for doing this. The most common style is “veridical replay,” where researchers store a subset of the raw inputs — for example, the original images for an object recognition task — and then mix those stored images from the past in with new images to be learned. The second approach replays compressed representations of the images. A third far less common method is “generative replay.” Here, an artificial neural network actually generates a synthetic version of a past experience and then mixes that synthetic example with new examples. My lab has focused on the latter two methods. 

Quote for the day:

"The leadership team is the most important asset of the company and can be its worst liability" -- Med Jones

No comments:

Post a Comment