Law Firm Cyber Risk: The 5 Ways Cybercriminals Most Likely Will Attack Your Computers — And 7 Things You Can Do
It’s always better to deal with security risks early on while they’re still
small rather than later when they turn huge and cause massive woe. Indeed, a
Voke Media survey found that 80% of companies hit by a data breach said they
could have prevented it had they only hardened their systems by installing
updates and security patches in a timely way. That’s something you too need to
be doing, but if you don’t have IT staff trained to monitor, maintain and patch
your computers, you will find it advantageous to entrust those tasks to a
reputable outside service. This will save you time and greatly reduce the
potential for installation errors (those that cause data losses, file corruption
or even system crashes). ... Backing up safeguards your critical data against
human error, illegitimate deletion, programmatic errors, malicious insiders,
malware and hackers. Cloud-to-cloud SaaS backup is ideal — especially if it’s
fully automated, HIPAA compliant, running nonstop in the background and
employing multiple layers of operational and physical security.
The rise of the data lakehouse: A new era of data value
Gartner’s Ronthal sees the evolution of the data lake to the data lakehouse as
an inexorable trend. “We are moving in the direction where the data lakehouse
becomes a best practice, but everyone is moving at a different speed,” Ronthal
says. “In most cases, the lake was not capable of delivering production needs.”
Despite the eagerness of data lakehouse vendors to subsume the data warehouse
into their offerings, Gartner predicts the warehouse will endure. “Analytics
query accelerators are unlikely to replace the data warehouse, but they can make
the data lake significantly more valuable by enabling performance that meets
requirements for both business and technical staff,” concludes its report on the
query accelerator market. ... “We do see the future of warehouses and lakes
coming into a lakehouse, where one system is good enough,” Yuhanna says. For
organizations with distributed warehouses and lakes, the mesh architecture such
as that of Starburst will fill a need, according to Yuhanna, because it enables
organizations to implement federated governance across various data
locations.
Devs don’t want to do ops
“The intention is not to put the burden on the developer, it is to empower
developers with the right information at the right time,” Harness’s Durkin said.
“They don’t want to configure everything, but they do want the information from
those systems at the right time to allow operations and security and
infrastructure teams to work appropriately. Devs shouldn’t care unless something
breaks.” Nigel Simpson, ex-director of enterprise technology strategy at the
Walt Disney Company, wants to see companies “recognize this problem and to work
to get developers out of the business of worrying about how the machinery
works—and back to building software, which is what they’re best at.” ...
“Developer control over infrastructure isn’t an all-or-nothing proposition,”
Gartner analyst Lydia Leong wrote. “Responsibility can be divided across the
application lifecycle, so that you can get benefits from ‘you build it, you run
it’ without necessarily parachuting your developers into an untamed and unknown
wilderness and wishing them luck in surviving because it’s ‘not an
infrastructure and operations team problem’ anymore.”
Defense-in-depth: a proven strategy to protect industrial assets
The first step to any effective OT-security program is building alignment
between executives, business leaders, IT and operations. Start by bringing key
stakeholders together to establish a clear understanding of business line
requirements and critical-system interdependencies. You’ll need frequent and
clear communication between OT, IT and engineering. ... Implement an IT/OT
segmentation strategy. An IT/OT segmentation strategy separates ICS networks
from enterprise networks to prevent bad actors from entering enterprise
networks to access ICS devices. This segmentation model can integrate with an
IT/OT integration demarcation zone (DMZ) for management tools, security tools
and jump hosts, and can establish security zones to ensure devices are
logically isolated to allow only required communications. ... Use multi-factor
authentication. While most ICS devices can’t support the implementation of
multi-factor authentication (MFA), this can still be a viable tool. A jump
host that requires MFA can help prevent unauthorized access and direct
connections from a lower-security network into a higher one.
How IoT and Metaverse Will Complement Each Other?
IoT devices often have a simple interface and interact with real-world
devices. But standard IoT devices with screens may employ Metaverse to offer a
3D digital user experience. As a result, using IoT devices will give users a
more immersive experience. The ability to stay present in real and virtual
worlds will be available. As a result, companies can hire an IoT app developer
to greatly customize the user interface and experience. As said above, the
Metaverse will feel more akin to the physical world when IoT is used. More
interaction between people and IoT devices and the intricate environment and
processes of the Metaverse will be possible. We will be able to make better
decisions with less learning and training, thanks to the immersive nature of
the Metaverse and the real-world use cases. Effective for Long-Term Planning
The amount of digital content derived from real-world objects, such as
structures, people, cars, clothing, etc., constantly expands in the Metaverse.
As a result, businesses aim to replicate our physical world exactly in
cyberspace.
Risk Transfer Is The Key To Successful AI
The most significant challenge, as it pertains to AI, that businesses face is
inventing new workflows to leverage AI in existing or new business models,
allowing them to significantly grow their market share within existing or new
areas. New AI tools and technologies become disastrous distractions from
business value. Instead, the business should focus on meaningful transfers of
risk. The business will be able to add more customers and demand more for
their services when they help customers reduce their own risk. The business’s
AI solution then needs a clear transfer of risk itself. Without the AI
solution, an expert within the business would be manually providing the
service, but with the AI, the expert is more able to deliver the service at
greater quality and/or greater scale. Another former colleague of mine at
General Electric Global Research, Jim Bray, told me a long time ago that a
large part of his value to the company was helping reduce risk around complex
engineering and science. A significant contribution that AI scientists make
for industrial businesses is in assessing risk and the likelihood of project
success.
AI Song Contest: The Eurovision spin-off where music is written by machines
A good AI-generated song is the result of the hard work of entire teams of
scientists and musicians who often struggle for months before reaching the
desired tunes, making up algorithms and feeding ideas to the machine. The
Galician team PAMP! - who came second at this year’s contest to Thailand’s
song Enter Demons & Gods - took four months to create its track AI-Lalelo,
a song which pays tribute to Galician women keeping the language, traditions
and culture of the Spanish region alive. They started by getting the AI
programme - an autoregressive language model called GPT-3 which uses deep
learning to produce human-like text - to learn to speak Galician, a minority
language estimated to be spoken by some 2.4 million people in northwestern
Spain. “AI tools work in state languages, not in minority languages,” Joel
Cava, Coordinator of the PAMP! Team and Creative Manager of CECUBO Group, told
Euronews Next. “For the lyrics, we had to develop a corpus in Galician so that
the machine (GPT-3) would learn to speak in our mother tongue”.
How Good Is Your Code Review Process?
An effective code review process starts with alignment on its objective. As a
team, it’s important to determine which outcomes your review process is
optimizing for. Is it catching bugs and defects, improving the maintainability
of the codebase or increasing stylistic consistency? Maybe it’s less about the
code and more about increasing knowledge sharing throughout the team?
Determining priorities helps your team focus on what kind of feedback to leave
or look for. Reviews that are intended to familiarize the reviewer with a
particular portion of the codebase will look different from reviews that are
guiding a new team member toward better overall coding practices. Once you
know what an effective code review means for your team, you can start
adjusting your code review activities to achieve those goals. The metrics
indicating a healthy code review process differ right from the goals, but with
that caveat, there are a few trends every team lead should monitor. Regularly
reporting Time to First Review, Review Coverage, Review Influence and Review
Cycles metrics will allow you to quickly diagnose and address problems with
your code review process.
Security is hard and won’t get much easier
One major reason security is hard is it’s hard to secure a system without
understanding the system in its entirety. As open source luminary Simon
Willison posits, “Writing secure software requires deep knowledge of how
everything works.” Without that fundamental understanding, he continues,
developers may follow so-called “best practices” without understanding why
they are such, which “is a recipe for accidentally making mistakes that
introduce new security holes.” One common rejoinder is that we can automate
human error out of development. Simply enforce secure defaults and security
issues go away, right? Nope. “I don’t think the tools can save us,” Willison
argues. Why? Because “no matter how good the default tooling is, if engineers
don’t understand how it keeps them secure they’ll subvert it—without even
meaning to or understanding why what they are doing is bad.” Additionally, no
matter how good the tool, if it doesn’t fit seamlessly into security-minded
processes, it will never be enough.
CIO Kristie Grinnell on creating a culture of transformation
One thing that we do is have people think about it as if this were your own
business. Is this the decision that you would make? If you have one dollar,
would you spend it on this technology? We need to recognize that we have that
role, that power in IT. We should all be thinking that this is our ability to
grow the business. Where am I going to put that dollar to get the most bang
for my buck? I’m not just over here in IT and have to deliver to my budget. If
I can give some of that back to go invest in something else, and it’s going
make us grow, look what value IT just added. Or I might need to invest it in
IT because that’s going to give us a new capability that helps us grow in a
different way. So really thinking about, how do I run IT as a business and how
do I think about that return on investment of every single dollar we spend is
important.
Quote for the day:
"In simplest terms, a leader is one
who knows where he wants to go, and gets up, and goes." --
John Erksine
No comments:
Post a Comment