Daily Tech Digest - August 19, 2022

As businesses embrace fully-remote work, does company culture suffer?

Companies that still want to move to a fully remote workplace should consider taking specific actions before doing so, according to Frana. Organizations should:Find out how your staff feels about remote work. Send out a survey to see which employees would want to work from home. Based on those results, you can determine the level of flexibility your company might want to offer. Make sure management is on board. One of the top factors in a remote work policy’s success is how managers feel about it. Explain the benefits of remote work, such as significant savings, the ability to attract and retain top talent from anywhere in the world, and increased productivity. Be intentional about company culture. One of the biggest challenges faced by remote teams is maintaining a strong company culture. In addition to thoughtfully evaluating your current workforce and deciphering what an effective remote-friendly business model looks like, it’s imperative company leaders and managers act with intention and prioritize culture.

Creating A Culture Of Cybersecurity

Businesses need to help their employees learn how to do things differently and train them to think of security as a business priority. Researchers have found that our working memory capacity is between three and five ‘chunks’ of information. This number starts to decline in our 30s, so a safe working figure is probably four chunks of information that the majority of your employees are able to keep in their short-term memory at any point. What does this mean for security? Basically, we need to keep things simple and easy to remember. Factsheets and training days may have their place, but on their own they’re not enough. Consider instead a strategy that uses a combination of continual awareness testing and roleplaying worse-case scenarios, to make security something that’s embedded as a mindset. ... CoEs act as sparring partners, allowing businesses to test solutions and assumptions around products, services and solutions. CoPs take this work to a larger audience, allowing employees to form communities to keep them up to date on the latest threats and remind them about their responsibility in keeping the network safe.

How Not to Waste Money on Cybersecurity

A common way enterprises waste money on IT security is by configuring their security plans and budgets based on the latest cybersecurity trends and following what other organizations are doing. “Each organization's security needs will differ based on their line of business, culture, people, policies, and goals,” says Ahmad Zoua, director of network IT and infrastructure at Guidepost Solutions, a security, investigations, and compliance firm. “What could be an essential security measure to one organization may have little value to another.” Poor planning and coordination can lead to needless duplication and redundancy. “In large organizations, we frequently see many products and platforms that have the same or similar capabilities,” says Doug Saylors, cybersecurity co-leader for technology research and advisory firm ISG. “This is typically the result of a lack of a cohesive cybersecurity strategy across IT functions and a disconnect with the business.” Organizations often layer security products on top of each other year after year.

An Experiment Showed that the Military Must Change Its Cybersecurity Approach

Weis says the Pentagon needs to measure its networks’ suitability for combat the same way it does for soldiers, sailors, tanks, and ships: through the concept of military readiness. Such an approach would mean prioritizing the biggest problems first, with second-tier or complicated ones set on slower paths to fixing. “There's 'ready to fight tonight.' But if you are a carrier strike group and you're deploying in three months, are you on a path to being ready? You manage your readiness on a day-to-day basis and it's a function of a whole bunch of things,” he said. “Do we have the right people? Are they trained? Are they qualified, or deficient? Do we have the equipment?” But Weis had to show that getting to a state of “readiness” in cyberspace is a matter of constant testing and drilling, not filling out compliance forms. He needed a safe space where he could understand readiness without exposing huge problems to adversaries or taking essential naval networks offline. He went to the Naval Postgraduate School, or NPS, in Monterey, California.

Bumpers in the bowling alley: the value of effective data management

According to John Peluso, chief product officer at AvePoint, a layered approach to security is an important way for businesses to achieve this goal. “The most direct thing that we have seen customers find value in – especially in the case of a malware event like ransomware – is the ability to access data,” he says. “The way to achieve this is by having a reliable business continuity strategy. “This becomes more difficult when you consider the data that is stored on someone else’s architecture – such as server content, cloud services, or anything with a synchronisation capability – is less covered by traditional enterprise data protection strategies. That’s new territory. While many businesses may think that because they have outsourced the architecture, they've also outsourced the responsibility, in some cases they haven’t. Businesses are becoming increasingly reliant on cloud services, so they need to be factored into the overall business continuity and resilience strategy.” This reliance on cloud services has, in some ways, been driven by the swift move to hybrid and remote working.

Feds Urge Healthcare Entities to Address Cloud Security

Most major healthcare organizations have become increasing dependent on cloud-based services, says John Houston, vice president of privacy and information security and associate counsel of integrated healthcare delivery organizations at the University of Pittsburgh Medical Center, which includes 40 hospitals and 800 outpatient sites. This reliance is in large part due to many IT vendors moving their services "exclusively to the cloud," he tells Information Security Media Group. "As such, ensuring the security and availability of cloud-based services - and associated information - is and will remain one of UPMC's top priorities. "Unfortunately, such assurance can be problematic for a variety of reasons, most notably being able to accurately assess the cloud vendor’s security posture. Further, getting meaningful contractual commitments is difficult - including financial coverage in the event of a breach," Houston says. Benjamin Denkers, chief innovation officer at privacy and security consulting firm CynergisTek, says he also thinks the biggest threat involving cloud is when organizations are reliant on the third parties and assume the environment is properly secured.

WebOps: A DevOps for Websites, but the Tools Let It Down

From an IT perspective, how is WebOps usually managed? According to Koenig, it depends on what the relationship is between the IT and marketing departments. In some cases, he said, the marketing department “earmarks budget to pay for developers who are technically in IT, but are dedicated to Marketing’s technology needs.” But in other cases, he’s seen “really strong central IT organizations” in which IT takes the lead — and in those cases, they tend to make use of their existing DevOps team and practices. In DevOps, CI/CD is a common part of the workflow. I asked if that’s the case with WebOps too, and if so how does CI/CD work in the web context? For static sites, Koenig replied, testing is done during the build (typically after content is updated). “The more challenging case is where people have content management,” he said, “so you have a living piece of software that’s running your live website, and that is connected to a database, it’s got some binary assets, images, PDFs, what have you. So you have people using that in production to post new content [but] you also want to be able to make design changes and add functionality.”

Why Are Robots So Important To Farmers?

Robots have revolutionized agriculture in recent years by increasing crop yields, decreasing labor costs, and simplifying the process of harvesting crops. The widespread use of robots in farming can be attributed to their ability to perform tasks that are either difficult or impossible for humans to do, such as moving around in tight spaces or reaching high up into plants. As a result of their increased efficiency and versatility, robots have become an essential part of modern agriculture. They are used to plant, harvest, package, and transport crops. They can also detect and avoid obstacles while performing tasks, significantly reducing the chances of human injury or equipment failure. In addition, robots are often equipped with sensors that allow them to gather information about crops and environmental conditions to optimize operations. Many plants are also resistant to insect damage or diseases, so robots may be used to control the insects or pathogens that often affect crops. Robots are also used in areas where humans cannot or would not wish to work, such as space exploration and deep-sea operations.

Five ways augmented analytics is protecting business revenue

Making sure the right person has the right information, at the right time, can be critical to a business. Suppose, for example, there’s an error in your app that prevents users in a particular country from logging in. Initially it may be just a drop in the ocean in terms of the company’s customer base, but over time it could result in user churn and a loss in revenue. Augmented analytics is able to identify such a problem early on from a minimal number of failed attempts and immediately flag it for the person who can fix it. This avoids lag time and sending messages to the wrong department, which are often overlooked by someone who misses its significance. Augmented analytics means potential revenue leaks can be plugged fast, and that means losses can be minimised. ... Keeping a customer satisfied is never easy. Human behaviour is hard enough to predict at the best of times. But augmented analytics can transform the way companies find and fix issues that are turning customers off. The technology identifies “hidden” trends, patterns and anomalies and alerts organisations faster than those anomalies would otherwise appear on traditional dashboards.

How Google Cloud blocked the largest Layer 7 DDoS attack at 46 million rps

The attack was stopped at the edge of Google’s network, with the malicious requests blocked upstream from the customer’s application. Before the attack started, the customer had already configured Adaptive Protection in their relevant Cloud Armor security policy to learn and establish a baseline model of the normal traffic patterns for their service. As a result, Adaptive Protection was able to detect the DDoS attack early in its life cycle, analyze its incoming traffic, and generate an alert with a recommended protective rule–all before the attack ramped up. The customer acted on the alert by deploying the recommended rule leveraging Cloud Armor’s recently launched rate limiting capability to throttle the attack traffic. They chose the ‘throttle’ action over a ‘deny’ action in order to reduce chance of impact on legitimate traffic while severely limiting the attack capability by dropping most of the attack volume at Google’s network edge. Before deploying the rule in enforcement mode, it was first deployed in preview mode, which enabled the customer to validate that only the unwelcome traffic would be denied while legitimate users could continue accessing the service. 

Quote for the day:

"The final test of a leader is that he leaves behind him in other men, the conviction and the will to carry on." -- Walter Lippmann

No comments:

Post a Comment