Daily Tech Digest - September 15, 2022

AI is playing a bigger role in cybersecurity, but the bad guys may benefit the most

“Security experts have noted that AI-generated phishing emails actually have higher rates of being opened — [for example] tricking possible victims to click on them and thus generate attacks — than manually crafted phishing emails,” Finch said. “AI can also be used to design malware that is constantly changing, to avoid detection by automated defensive tools.” Constantly changing malware signatures can help attackers evade static defenses such as firewalls and perimeter detection systems. Similarly, AI-powered malware can sit inside a system, collecting data and observing user behavior up until it’s ready to launch another phase of an attack or send out information it has collected with relatively low risk of detection. ... But Finch said, “Given the economics of cyberattacks — it’s generally easier and cheaper to launch attacks than to build effective defenses — I’d say AI will be on balance more hurtful than helpful. Caveat that, however, with the fact that really good AI is difficult to build and requires a lot of specially trained people to make it work well. Run of the mill criminals are not going to have access to the greatest AI minds in the world.”

Cybersecurity’s Too Important To Have A Dysfunctional Team

With such difficulty recruiting and maintaining staff, one option businesses should consider is training and reskilling programmes for existing staff to help bridge the gap. Current cybersecurity professionals can solidify what they already know and stay up to date on the latest learnings. Along with cybersecurity professionals, other technology professionals can be trained and recruited into these roles. Technology professionals are likely to have an affinity for the types of skills needed to succeed in cybersecurity. Non-technical people by background, may still be able to learn what is needed to perform in these roles, especially if businesses are willing to invest and cover the cost of the training. When there is a skills shortage, as is currently the case, and when vacancies outstrip the available talent, organisations need to be prepared to be imaginative in finding solutions. Alongside this, arming all teams, regardless of their skills and experience, with the right tools and support is essential. Working with knowledgeable and trusted partners can help outsource some of the work and offset any skills gaps as the external partner becomes an extension of the in-house team.

How Sweden goes about innovating

The innovation agency functions much like its counterparts in other countries, similarly to the Finnish Funding Agency for Technology and Innovation (Tekes) in neighbouring Finland, and to the part of the US National Science Foundation (NSF) that does seed funding on the other side of the Atlantic. The Swedish government gives Vinnova more than €300m each year to invest through grants to different kinds of actors, which might be small companies, research institutes, large competence centres, or consortia of companies working together on projects. Vinnova invests this money along 10 different themes, including sustainable industry and digital transformation. To report on the social and economic effects of its funding, the agency produces two impact studies annually. It has also published a document that describes its approach to tracking the impact of investments. “It’s never the case that we’re alone in the responsibility for success or failure,” says Göran Marklund, head of strategic intelligence and deputy director-general at Vinnova. 

Bringing AI to inventory optimization

Chasing today’s consumer patterns is a losing game, he believes. “It’s important to take a long-term view so that the next time the pattern shifts, you’ll be ready,” he said. The antuit.ai solution works by combining the historical data that supply chains have always used as well as new data becoming available, doing it at a scale perhaps not previously used, and then utilizing emerging technologies like AI and machine learning to process that data, make decisions and then learn from the execution of those decisions. “If I’m a retailer buying from CPG companies to service hundreds of stores, I have to make inventory decisions such as what port to land, what distribution centers to send it to, how to allocate it to the stores down to the shelf level and at what price to sell it,” Lakshmanan explained. “Part of my data equation is knowing what has historically sold, at what price, what promotions I ran, how much inventory did I have and whether there were any external factors, like was it raining. Now, if I know it’s going to rain next week, I have backward and forward-looking data that I can put through an algorithm to determine things like what is the likely demand at a store in Plano, Texas.”

Ambient computing has arrived: Here's what it looks like, in my house

Ambient computing is ignorable computing. It's there, but it's in the background, doing the job we've built it to do. One definition is a computer you use without knowing that you're using it. That's close to Eno's definition of his music -- ignorable and interesting. A lot of what we do with smart speakers is an introduction to ambient computing. It's not the complete ambient experience, as it relies on only your voice. But you're using a computer without sitting down at a keyboard, talking into thin air. Things get more interesting when that smart speaker becomes the interface to a smart home, where it can respond to queries and drive actions, turning on lights or changing the temperature in a room. But what if that speaker wasn't there at all, with control coming from a smart home that takes advantage of sensors to operate without any conscious interaction on your part? You walk into a room and the lights come on, because sensors detect your presence and because another set of sensors indicate that the current light level in the room is lower than your preferences.

Most enterprises looking to consolidate security vendors

Cost optimization should not be a driver, Gartner VP analyst John Watts said. Those looking at cutting costs must reduce products, licenses and features, or ultimately renegotiate contracts. A drawback of those pursuing consolidation has been a reduction of risk posture in 24% of cases, rather than an improvement. But if cost savings becomes a result of consolidation, CISOs can invest that on preventing attack surface expansion. “This trend captures a dramatic increase in attack surface emerging from changes in the use of digital systems, including new hybrid work, accelerating use of public cloud, more tightly interconnected supply chains, expansion of public-facing digital assets and greater use of operational technology (cyber physical systems—CPS). Security teams may need to expand licensing, add new features, or point solutions to address this trend,” Watts says to CSO. The time invested should also not be taken for granted. Gartner found that vendor consolidation can take a long time with nearly two-thirds of organizations saying they have been consolidating for three years.

Software-defined perimeter: What it is and how it works

An SDP is specifically designed to prevent infrastructure elements from being viewed externally. Hardware, such as routers, servers, printers, and virtually anything else connected to the enterprise network that are also linked to the internet are hidden from all unauthenticated and unauthorized users, regardless of whether the infrastructure is in the cloud or on-premises. "This keeps illegitimate users from accessing the network itself by authenticating first and allowing access second," says John Henley, principal consultant, cybersecurity, with technology research advisory firm ISG. "SDP not only authenticates the user, but also the device being used. When compared with traditional fixed-perimeter approaches such as firewalls, SDP provides greatly enhanced security. Because SDPs automatically limit authenticated users’ access to narrowly defined network segments, the rest of the network is protected should an authorized identity be compromised by an attacker. "This also offers protection against lateral attacks, since even if an attacker gained access, they would not be able to scan to locate other services," Skipper says.

Assessing the Security Risks of Emerging Tech in Healthcare

How some of these newer technologies are implemented into existing healthcare environments is also a critical security consideration, other experts say. "Smart hospitals have a blend of old technologies and newer innovations, improving the experience for both the patients and the clinicians," says Sri Bharadwaj, chief operating and information officer of Longevity Health Plan and chair-elect of the Association for Executives in Healthcare Information Security, a healthcare CISO professional organization. The key is to realize that legacy technology that is embedded in "newer shiny objects" still has the same security risks that have to be mitigated through strong administrative and technical controls to provide a robust complement to the newer technology, he says. ... "One thing to always keep in mind is that as security leaders our job is to perform due diligence and assess the risk of all services and technologies. We are also to find ways to help mitigate the risk, where possible, and raise the risk awareness to the organization," she says.

7 tell-tale signs of fake agile

When the focus shifts to granular facets of agiles, like Scrum ceremonies, instead of actual content and context, agile’s true principles are lost, says Prashant Kelker, lead partner for digital sourcing and solutions, Americas, at global technology research and advisory firm ISG. Agility is about shipping as well as development. “Developing software using agile methodologies is not really working if one ships only twice a year,” Kelker warns, by way of example. “Agility works through frequent feedback from the market, be it internal or external.” Too often organizations focus on going through the motions without an eye toward achieving business results. Agility is not only about adhering to a methodology or implementing particular technologies; it’s about business goals and value realization. “Insist on key results every six months that are aligned to business goals,” Kelker says. When a team lacks a dedicated product owner and/or Scrum master, it will struggle to implement the consistent agile practices needed to continuously improve and meet predictable delivery goals. CIOs need to ensure they have dedicated team members, and that the product owner and Scrum master thoroughly understand their roles.

Top 10 Microservices Design Principles

Microservices-based applications should have high cohesion and low coupling. The idea behind this concept is that each service should do one thing and do it well, which means that the services should be highly cohesive. These services should also not depend on each other, which means they should have low coupling. The cohesion of a module refers to how closely related its functions are. Having a high level of cohesion implies that functions within a module are inextricably related and can be understood as a whole. Low cohesion suggests that the functions within a module are not closely related and cannot be understood as a set. The higher the cohesion, the better – we may say that the modules are working together. Coupling measures how much knowledge one module has of another. A high level of coupling indicates that many modules know about each other; there is not much encapsulation between modules. The low level of coupling indicates that many modules are encapsulated from one another. When components in an application are loosely coupled, you can test the application easily as well.

Quote for the day:

"To be a good leader, you don't have to know what you're doing; you just have to act like you know what you're doing." -- Jordan Carl Curtis

No comments:

Post a Comment