Daily Tech Digest - December 12, 2022

14 lessons CISOs learned in 2022

Ransomware attacks have increased in 2022, with companies and government entities among the most prominent targets. Nvidia, Toyota, SpiceJet, Optus, Medibank, the city of Palermo, Italy, and government agencies in Costa Rica, Argentina, and the Dominican Republic were among the victims in 2022, a year in which the lines between financially and politically motivated ransomware groups continued to be blurred. A critical piece of any organization's defense strategy should be employee awareness and training because "employees continue to be targeted in threat actor strategies through phishing and other social engineering means," says Gary Brickhouse, CISO at GuidePoint Security. ... Organizations should also do more to keep up with vulnerabilities in both open- and closed-source software. However, this is no easy task since thousands of bugs surface yearly. Vulnerability management tools can help identify and prioritize vulnerabilities found in operating systems applications.

Grow your own CIO: Building leadership and succession plans

To ensure the long-term health of the company, tech chiefs must focus on building up that middle tier of IT leaders, a reality many CIOs are only now recognizing the need to address. “There are not enough people out there — you have to develop your own people,’’ says Roberts, who estimates that only 10% to 20% of companies are “being intentional about doing formal development programs.’’ Mike Eichenwald, a senior client partner at Korn Ferry Consulting, agrees that it’s important to elevate individuals from vertical leadership roles within the pillars of infrastructure, engineering, product, and security to enterprise leadership roles. With technology converging in all aspects of the business, doing so will help organizations leverage the diversity of experience those midlevel managers have under their belts, and their learning curve and degree of risk will be minimized, Eichenwald says. “Unfortunately, organizations miss an opportunity to cultivate that talent internally and often find themselves needing to reach out to the [external] market to bring it in,’’ he adds.

Open source security fought back in 2022

Anyone paying attention to open source for the past 20 years—or even the past two—will not be surprised to see commercial interests start to flourish around these popular open source technologies. As has become standard, that commercial success is usually spelled c-l-o-u-d. Here's one prominent example: On December 8, 2022, Chainguard, the company whose founders cocreated Sigstore while at Google, released Chainguard Enforce Signing, which enables customers to use Sigstore-as-a-service to generate digital signatures for software artifacts inside their own organization using their individual identities and one-time-use keys. This new capability helps organizations ensure the integrity of container images, code commits, and other artifacts with private signatures that can be validated at any point an artifact needs to be verified. It also allows a dividing line where open source software artifacts are signed in the open in a public transparency log; however, enterprises can sign their own software with the same flow, but with private versions that aren’t in the public log. 

Turning the vision of a utopic smart city into reality

It’s critical to consider what success looks like, and this can be measured by how user-friendly and efficient a service is, as well as cost efficiencies. For instance, reducing the time to find a parking space in a new city from an hour to just a few minutes when using parking apps which can indicate spaces and process payment. It’s almost impossible to consider smart cities without thinking about the efficient energy management benefits of smart buildings. Sustainable initiatives such as integrated workplace management systems already have the capability to monitor over 50,000 data points per second, analyse data, and send it to mobile apps. This could see millions of users saving energy. With a long-term vision for smart city platforms to become unified or standardised, one solution can potentially work seamlessly anywhere in the world. Platforms could integrate city infrastructure and navigation, and access to emergency and city services. Transformation will be driven by users empowered with the right data, perhaps even according to their user type of student, tourist, or city resident.

Can real-time data visualisation deliver trust and opportunity?

What is interesting is that so much of this is driven through an ecosystem of partners. No one organisation can deliver the breadth and depth of data and tools needed to make such projects work and there is much to learn from that. Collaborations and partnerships can elevate and enhance real-time data visualisation and value. For many organisations however, real-time data is still virgin territory and real-time visualisation is one of those technologies where reality cannot hope to match expectation, at least according to Jaco Vermeulen, CTO of tech consultancy BML Digital. “Almost every customer says they want real-time visualisation, but then nine out of 10 can’t qualify why they need it, especially when it comes to what decisions or actions it will enable,” says Vermeulen. “This is usually because they start from the belief that the data is always available and therefore should be immediately understandable and yield profound insight. The truth is a bit more challenging.” ... “It is the real-time decisions that create impact,” he says. “Optimising supply chains, reducing waste and pollution, optimising operations, and informing and satisfying consumers. 

IBM’s Krishnan Talks Finding the Right Balance for AI Governance

The challenge comes essentially from not knowing how the sausage was made. One client, for instance, had built 700 models but had no idea how they were constructed or what stages the models were in, Krishnan said. “They had no automated way to even see what was going on.” The models had been built with each engineer’s tool of choice with no way to know further details. As result, the client could not make decisions fast enough, Krishnan said, or move the models into production. She said it is important to think about explainability and transparency for the entire life cycle rather than fall into the tendency to focus on models already in production. Krishnan suggested that organizations should ask whether the right data is being used even before something gets built. They should also ask if they have the right kind of model and if there is bias in the models. Further, she said automation needs to scale as more data and models come in. The second trend Krishan cited was the increased responsible use of AI to manage risk and reputation to instill and maintain confidence in the organization. 

13 tech predictions for 2023

“Different edges are implemented for different purposes. Edge servers and gateways may aggregate multiple servers and devices in a distributed location, such as a manufacturing plant. An end-user premises edge might look more like a traditional remote/branch office (ROBO) configuration, often consisting of a rack of blade servers. Telecommunications providers have their own architectures that break down into a provider far edge, a provider access edge, and a provider aggregation edge. ... As we enter 2023, CIOs have earned a seat among the decision-makers and are now at the helm of company-wide technology decision-making. Amid a volatile economic climate, IT leaders must prioritize reducing costs, but they are finding themselves pulled between contrasting concerns of managing spend, dealing with security risks, and fostering innovation. As they navigate an uncertain market, CIOs will need to analyze company usage, along with their previous experience, to rethink business approaches and make decisions. The goal is to identify ways to reduce spend across the company, but not at the expense of key areas like cybersecurity and innovation. 

Preventing a ransomware attack with intelligence: Strategies for CISOs

One of the most effective ways to stop a ransomware attack is to deny them access in the first place; without access, there is no attack. The adversary only needs one route of access, and yet the defender has to be aware and prevent all entry points into a network. Various types of intelligence can illuminate risk across the pre-attack chain—and help organizations monitor and defend their attack surfaces before they’re targeted by attackers. The best vulnerability intelligence should be robust and actionable. For instance, with vulnerability intelligence that includes exploit availability, attack type, impact, disclosure patterns, and other characteristics, vulnerability management teams predict the likelihood that a vulnerability could be used in a ransomware attack. With this information in hand, vulnerability management teams, who are often under-resourced, can prioritize patching and preemptively defend against vulnerabilities that could lead to a ransomware attack. Having a deep and active understanding of the illicit online communities where ransomware groups operate can also help inform methodology, and prevent compromise.

What to do when your devops team is downsized

If you lead teams or manage people, your first thought must be how they feel or how they are personally impacted by the layoffs. Some will be angry if they’ve seen friends and confidants let go; others may be fearful they’re next. Even when leadership does a reasonable job at communication (which is all too often not the case), chances are your teams and colleagues will have unanswered questions. Your first task after layoffs are announced is to open a dialogue, ask people how they feel, and dial up your active listening skills. Other steps to help teammates feel safe include building empathy for personal situations, energizing everyone around a mission, and thanking team members for the smallest wins. Use your listening skills to identify the people who have greater concerns and fears or who may be flight risks. You’ll want to talk to them individually and find ways to help them through their anxieties or recognize when they need professional help. You should also give people and teams time to reflect and adjust. Asking everyone to get back to their sprint commitments and IT tickets is insensitive and unrealistic, especially if the company laid off many people.

Our ChatGPT Interview Shows AI Future in Banking Is Scary-Good

ChatGPT is a large, advanced language processing model that is trained using a technique called generative pre-trained transformer, or GPT. This allows ChatGPT to generate human-like responses to questions and statements in a conversation, making it a powerful tool for a wide range of applications. Compared to traditional chatbots, which are often limited in their ability to understand and generate natural language, ChatGPT has the advantage of being able to provide more accurate and detailed responses. Additionally, because it is trained using a large amount of data, ChatGPT is able to learn and adapt to different conversational styles and contexts, making it more versatile and capable of handling a wider range of scenarios. ... The banking industry can use ChatGPT technology in a number of ways to improve their operations and provide better service to their customers. For example, ChatGPT can be used to automate customer service tasks, such as answering frequently asked questions or providing detailed information about products and services. This can free up customer service representatives to focus on more complex or high-value tasks, improving overall efficiency and customer satisfaction.

Quote for the day:

"Strong leaders encourage you to do things for your own benefit, not just theirs." -- Tim Tebow

No comments:

Post a Comment