Daily Tech Digest - October 21, 2022

3 ways to deter phishing attacks in 2023

Along with being commonplace, phishing attacks have become so profitable (to the attackers) that the biggest cybercriminals have largely moved beyond individual customers. Rather, they target enterprise employees who can be duped into revealing information that’s much more sensitive, on a much larger scale. ... Since phishing attacks overwhelmingly target the human element, cybersecurity experts agree that the best defense against this is providing security awareness training to enterprise employees. This helps in early identification of attacks and increasing overall security hygiene. ... In-house cybersecurity training is no longer a time- and skill-intensive process, given the prevalence of AI-based phishing awareness platforms. Today, ML enables gamified, personalized security training programs for each individual based on their current level of awareness, position in the organization, and browsing behavior. Further, AI is a potent tool in the arms of cybersecurity experts. It enhances the efficiency and effectiveness of security policies by improving and automating routine threat detection procedures.

How to Improve Your OAuth Developer Experience

DX is about providing the best ecosystem for developers to improve business agility. For difficult areas such as deployment, security and incident resolution, ensure that the options you have chosen also work well on local workstations, in addition to meeting your business requirements. You will then build secure and reliable software with simpler code. It is also a gradual journey, and technical goals must be traded against business priorities. It should be possible to articulate all DX objectives in terms of their business value, whether this is faster web development, better data protection or fewer incidents. This will help you to win support for technical initiatives and implement them gradually as part of a technical roadmap. At Curity, we realize the importance of DX to your business. We therefore continually improve our developer resources, including guides for web, mobile and API development. The OAuth family of specifications enables you to implement many security solutions, and we also ensure that our advanced options can be run end-to-end on a development computer.

Financial losses to synthetic identity-based fraud to double by 2024

Despite advances like the US government’s Electronic Consent-Based Verification Service, or eCBSV—which allows some entities to verify whether a given combination of social secuirty number, name and date of birth match an existing Social Security Record—the issue remains a serious one in large part because it’s still easy to create this type of manipulated identity, thanks in part to the lack of incentives for financial institutions to combat them. “Today, the positive value of a good banking relationship is roughly the same as the negative cost of a fraudulent account (roughly $250-$400, depending on the bank or fintech),” the report said. “When considering the downside cost of a fraudulent banking relationship, generally the dollars are very low because financial losses like Peer to Peer, or P2P, scams are absorbed largely by the consumer, and nefarious activities like human and drug trafficking, terrorism, fraudulent PPP [Paycheck Protection Program] and unemployment deposits and low levels of money laundering do not carry a financial loss for the bank.”

Polyglot Microservices Communication Using Dapr on AKS

Distributed Application Runtime (Dapr) is a CNCF project like Kubernetes. It is not just a framework or set of reusable libraries. It is rather a runtime that provides capabilities to solve many common concerns like service discovery, service-to-service communication, state management, configuration, secrets management, and others. Dapr exposes APIs for each of these capabilities which can be invoked from applications using HTTP or gRPC. With this approach, Dapr’s footprint in application code is limited to an API call, allowing Dapr to easily integrate with any language or runtime. The figure below depicts capabilities provided by Dapr, supported infrastructure platforms, and integration options using APIs. ... Dapr can be self-hosted as a process running on an operating system or it can be configured to run as a sidecar on Kubernetes. This allows all kinds of applications, whether they are containerized or not, running on cloud or on-premise or on edge infrastructure, deployed on physical or virtual machines, to make use of its capabilities.

Why Your IT Organization Needs to Embrace Continuous Improvement

Maximum benefits can be realized when an organization not only employs continuous improvement, but measures and proves results to their staff and customers, says Chris Lepotakis, a senior associate at global cybersecurity assessor Schellman. “This provides a greater trust in service and products offered by an organization and fosters higher fidelity between the organization, employees, and customers,” he explains. “Being able to show your customers what you're doing to improve your business, and what it means to their benefit, shows care and transparency on how the organization has recognized and improved on weak points.” It also proves that the organization is always looking for ways to provide continued value and trust, Lepotakis adds. Organizations looking to develop a continuous improvement culture should begin by creating a framework to support delivery resources. Such a framework should include processes for identifying, assessing, and implementing changes, as well as metrics to measure service quality, McIntire advises. 

Using blockchain to grow your start-up

Public blockchain is highly secure and practically impossible to counterfeit due to the underlying cryptography used. While companies may attempt to manipulate private blockchain records, an independent auditor can monitor mischief in the network. Blockchain provides the trust and security needed for multiple organisations to connect on the shared ledger. This is because all users have access to a copy of the whole blockchain, meaning they can see if any meddling is going on. If there’s a hash match throughout the chain, the records are trustworthy. Furthermore, smart contracts represent the future of transactions and are interwoven with blockchain. Smart contracts are a piece of code that can outline each step of a transaction, with the ability to connect multiple blockchains and assets. When terms of the contract are met, they are automatically initiated. For start-ups, these coded contracts can revolutionise the way they conduct business. For example, smart contracts are perfectly suited for supply chain management.

Digital transformation: How manufacturers align maintenance and production

IT leaders are in the best position to offer ways for solving an age-old dilemma. For starters, a digital system alone can significantly improve scheduling processes to maximize the time for value-adding work. Teams at the forefront of maintenance can relate to how unplanned priorities can easily throw them off and put valuable wrench time at risk. Moreover, the downtime between work order execution, such as obtaining and preparing parts, provides opportunities to make better use of waiting time. Quantifying the sources of non-productive tasks can present ways to minimize them or, at least, present options for more efficient multi-tasking. In addition to the digitization of work schedules, a more digitally mature operation enables a facility to challenge the need for maintenance in the first place. Preventive maintenance activities conventionally require arbitrary criteria for frequencies and routines. These habits arise from a lack of better choices rather than purposeful measures. 

Building stakeholder trust in measures of sustainable performance

Regulators increasingly feel that some ESG metrics are useful indicators of good governance—that companies should know what their carbon footprint is and should ensure that they have a diverse and equitable workforce. Beyond that, companies still have a lot of wiggle room to determine what’s material, depending on the issue, the context, the time frame, and the stakeholder. That opens the door to subjectivity in definitions that can render reporting ambiguous and difficult for investors and others to interpret. Even regulations, where they exist, are usually quite broad. Their emphasis on disclosing the risks that are most important—the most material—to their stakeholders still leaves it to companies to decide what is material and who are their stakeholders. Many companies still prefer a traditional, quantifiable definition of materiality that elevates shareholders and enterprise value over a more sustainable vision that includes all stakeholders and the company’s impact on society and the environment.

DevOps Burnout? Try Platform Engineering

If cognitive load is the root of the problem, what is the solution? For many organizations, the key is platform engineering, designing and building toolchains and workflows that enable self-service capabilities for software engineering organizations in the cloud native era. Platform engineers build what is often called an internal developer platform, which covers the operational necessities of the entire life cycle of an application. Platform engineering tries to enable true DevOps by following a Platform as a Product approach to strike the right balance between maintaining developer freedom and finding the right level of abstraction. Platform teams pave paths of least resistance, called golden paths, for developers using the platform, drive standardization by design and connect various parts of the toolchain together to build a coherent and improved developer experience. This enables self-service capabilities for the organization while abstracting away the unnecessary complexity that contributes to cognitive load. Successful platforms result in less repetitive and manual work. They enable developers to do their jobs without having to learn all technologies in depth.

Reimagining the new future of work: The CXO’s transformation conundrum

Reimagining work begins with understanding the work that needs to get done in context of where an organization aims to be in the future and how that vision aligns with the evolution of behaviors, expectations, and preferences of customers and employees. Just because some leaders are striving for normalcy, people can’t unsee the freedoms, conveniences, and empowerment that come with connectedness. In fact, Salesforce research found that not only is the world forever changed, 76% of workers do not feel prepared for working in a digital-first world. In a separate Salesforce study, 54% of workers believe technology will advance faster than the skills of the workforce. The only way to bridge the gap is to assess the existing divide within the organization between current skills, skills in development, and skills needed in the next five-to-ten years. The future of work is now about balance and inspired by empathy outside of the mindsets still holding onto pre-2020 ideologies.

Quote for the day:

"If your actions inspire others to dream more, learn more, do more and become more, you are a leader." -- John Quincy Adams

No comments:

Post a Comment