Daily Tech Digest - August 12, 2022

7 best reasons to be a CISO

As they become key players in wider business matters, modern CISOs can develop their credentials and knowledge beyond hands-on security skills and abilities. “Our role is continuously expanding,” Smart says. “Today, I am also responsible for governance, risk and compliance, which opens up more avenues into setting a cohesive plan and strategy for security and risk management that impacts the whole business,” she adds. “The modern CISO can make use of a wide range of skills, beyond technical cybersecurity, and explore more areas of interest within the business,” Stapleton agrees. “As the cybersecurity landscape is constantly changing, there are always new and fascinating topics to dive into, so a CISO is never bored.” “The Disabled CISO,” the Twitter handle of an anonymous CISO of a global company, tells CSO that security now touches every part of the business, driving CISOs to positively engage with and learn from all corners of a company. “I love getting out and joining colleagues at the coalface. To protect the business, I need to understand how we operate and the challenges that presents to colleagues ..."


Should We Build Quantum Computers at All?

Using quantum computers, physicists want to simulate and unearth unusual states of matter; pharmaceutical companies want to discover new types of drugs; auto companies want to paint cars faster. While no one has conclusively demonstrated the utility of quantum computers, their potential seems endless. Emma McKay offers a provocative counterpoint. In the face of climate change, societal inequality, and other global problems, McKay, a PhD student in education at McGill University, thinks that perhaps we don’t need to develop quantum computing at all. “I haven’t seen any reasons compelling enough to me,” McKay, who uses they/them pronouns, told APS News. ... Maybe quantum annealers [a type of quantum computer] will be able to help us manage resources more efficiently. But it appears that people are most interested in using these types of technology to optimize things that suck, like optimizing traffic for single-person vehicles when widely available public transit, via buses and cycling infrastructure, is possible and the best way to reduce congestion and pollution from private vehicles in a city.


Are Application-Specific Chains the Future of Blockchain?

As decentralized application (dApps) developers gain more experience working with blockchains, some are running into limitations created by the parameters of blockchain architecture. Ethereum, for instance, allows for applications to be created via smart contracts, but does not allow for automatic execution of code. It also maintains fairly strict control over the way consensus and networking functions are exposed to those applications. To overcome these limitations, some developers are turning to application-specific blockchains — purpose-built and tuned for their specific application needs, and colloquially called “appchains.” One of the more popular options for building appchains is the Cosmos SDK, due to built-in composability, interconnected blockchains, and the ability for developers to maintain sovereignty over their blockchain. We’ve covered Cosmos in the past, including a developer academy for learning to build in the Cosmos Network and the addition of Interchain Security, which allows multiple Cosmos blockchains to align around common security protocols while maintaining sovereignty.


A Long-Awaited IoT Reverse Engineering Tool Is Finally Here

The tool was specifically designed to elucidate internet-of-things (IoT) device firmware and the compiled “binaries” running on anything from a home printer to an industrial door controller. Dubbed FRAK, the Firmware Reverse Analysis Console aimed to reduce overhead so security researchers could make progress assessing the vast and ever-growing population of buggy and vulnerable embedded devices rather than getting bogged down in tedious reverse engineering prep work. Cui promised that the tool would soon be open source and available for anyone to use. “This is really useful if you want to understand how a mysterious embedded device works, whether there are vulnerabilities inside, and how you can protect these embedded devices against exploitation,” Cui explained in 2012. “FRAK will be open source very soon, so we’re working hard to get that out there. I want to do one more pass, internal code review before you guys see my dirty laundry.” He was nothing if not thorough. A decade later, Cui and his company, Red Balloon Security, are launching Ofrak, or OpenFRAK, at DefCon in Las Vegas this week.


Is cloud computing immune from economic downturns?

First, and most important, many businesses now consider IT spending to be directly reflected in the value built within the enterprise. IT systems are no longer just for tactical uses such as processing transactions. Instead, cloud systems are becoming the business itself. The businesses disrupting their markets are doing so with their own unique innovations. They can only create these innovations by developing core IT systems using digital transformation processes and cloud computing. IT is no longer a cost center but an investment that needs to be nurtured. This new outlook is seen in manufacturing companies invested in supply chain automation using cloud-based artificial intelligence capabilities and cloud-based blockchain to lower costs and increase productivity. It’s seen in businesses that are entirely based on technology offerings, such as ride-sharing or residence-sharing applications. Many investors and company executives now believe software will define the future of business. IT is the engine that can build and use these systems; thus it’s a budgetary line item that boards and executives are reluctant to touch.


Cybersecurity and Technology Industry Leaders Launch Open-Source Project to Help Organizations Detect and Stop Cyberattacks Faster and More Effectively

"Every business deserves a simple, straightforward way to analyze and understand the security landscape – and that starts with their data," said John Graham-Cumming, CTO at Cloudflare. "By participating in the OCSF, we hope to help the entire security industry focus on doing the work that matters instead of wasting countless hours and resources on formatting data." "At CrowdStrike, our mission is to stop breaches and power productivity for organizations," said Michael Sentonas, Chief Technology Officer, CrowdStrike. "We believe strongly in the concept of a shared data schema, which enables organizations to understand and digest all data, streamline their security operations and lower risk. As a member of the OCSF, CrowdStrike is committed to doing the hard work to deliver solutions that organizations need to stay ahead of adversaries." "Modern cybersecurity operations is a team sport, and products must integrate with each other to provide value beyond what a single product can. Sure, it's possible to make that happen with open APIs and mapping data structures, but development and processing resources are not infinite," said Mohan Koo, Co-founder and CTO with DTEX Systems.


What Are Your Decision-Making Strengths and Blind Spots?

What do you do when you face an important but complicated decision? Do you turn to experts? Dig for data? Ask trusted friends and colleagues? Go with your gut? The truth is many of us approach decision making from the same perspective over and over. We use the same tools and habits every time, even if the decisions are vastly different. But following the same strategy for every problem limits your abilities. To make better decisions, you need to break out of these patterns and see things differently, even if it is uncomfortable. First, you need to understand your own decision-making strengths and your blind spots: What is the psychology of your decision making? What is your typical approach? What mental mistakes or cognitive biases tend to get in your way? Looking inward to what you value can illuminate why you make decisions the way you do — and how you might be shortchanging yourself with your approach. From there, you can disrupt your traditional processes.


The Rise of the ‘Fractional’ CMO and the Role CIOs Play

Relay Network 's CMO Tal Klein points out the CIO/CDO has a vested interest in the interplay of technology and business. “Depending on what marketing pillar the fractional CMO is being brought onboard to address, the CIO may care a lot if the fractional CMO is being brought in to address operational issues like lead generation or lead-to-opportunity conversion velocity,” he says. That's because that kind of work relies heavily on technology and may impact changes to the company's CRM, website, or even communication infrastructure. “Whereas if the fractional CMO is being brought it to address messaging or market positioning, the CIO may have less of a vested stake in the recruitment efforts,” Klein says. Klein adds other than the obvious infrastructure work associated with supporting marketing operations, the CIO or CDO may own a lot of the outputs from marketing engagements like the compliance issues. These could arise from capturing customer information, security ramifications associated with new tools or processes, and ensuring whatever prospect or customer data marketing needs in order to run effective campaigns is available to them.


Hybrid work: What's changed – and what hasn't

With an overwhelming number of employees saying they want hybrid work to become the new normal, flexible work arrangements are becoming integral to an organization’s hiring and retention strategies. Pre-pandemic, industries that offered work flexibility were often considered somewhat progressive and it was more the exception than the norm. Today, hybrid work is standard in a growing number of fields. Still, there are challenges. ... With employees potentially using personal devices and home wi-fi connections, IT security teams must constantly consider new vulnerabilities and strategies to remain safe. Clear policies and practices, along with training programs that reflect these new procedures are essential for any successful hybrid work model. On the positive side, hybrid work reduces the impact on our environment. Working remotely means less paper consumption and energy used to maintain office buildings and less waste from consumable products in the workplace. It also provides team members an opportunity to practice sustainability when working at home.


Why SAP systems need to be brought into the cybersecurity fold

The problem is exacerbated by the variety of attack vectors that cybercriminals are leveraging to target mission critical SAP systems, with applications often remaining vulnerable for extended periods due to security patches not being applied in a timely manner. In February we saw the Cybersecurity and Infrastructure Security Agency (CISA) urge admins to patch SAP NetWeaver against a critical vulnerability that could facilitate a range of attacks and even lead to operational shutdown. In the very same month, of the 22 security notes or updates issued by SAP, eight were deemed “Hot News”. Four were updates but of the remainder, three had a maximum CVSS score of 10 and the fourth 9.1. SAP is prolific in its patching. However, patches cannot be applied directly to productive systems, requiring downtime which is often not an option for mission-critical systems. Even when a business upgrades to SAP S/4HANA, the pressure to go-live can see security side-lined. ... Indeed, the earlier mentioned report reveals that exploits are attempted within 72 hours of SAP publicly announcing patches, while new SAP environments are being identified and attacked online within as little as three hours.



Quote for the day:

"I have a different vision of leadership. A leadership is someone who brings people together." -- George W. Bush

No comments:

Post a Comment