The Cybersecurity Industry Doesn't Have a Stress Problem — It Has a Leadership Problem
Many of the cybersecurity issues raised in the CIISec survey point to a need for
strong leadership that proactively identifies and resolves issues. But
cybersecurity teams need servant leaders, not those who lead by establishing
command and control structures. Servant leaders create authority by — you
guessed it — serving their employees. Cybersecurity executives of this ilk are
concerned about the well-being of the team, regularly checking in with team
members on how they are doing, and removing roadblocks that harm operational
performance. They'll go to bat with upper management to get an increased budget
for new tools and additional staff to smooth out workloads for teams. Servant
leaders take turns serving on call to understand work conditions from analysts'
perspectives and hold regular team meetings to discuss key trends and issues.
They're also likely to look ahead to anticipate market and business developments
and reposition their organization to get ready to meet them. As a result, these
leaders' teams feel supported. Analysts are not afraid to share problems or new
ideas, as they know their leaders will listen, consider them carefully and, most
importantly, respond.
Cybersecurity: What is Changing and What Isn’t
A lot of things have changed, but a lot remain the same. Adversaries have gotten
smarter, so defense has had to do the same. Every piece of technology has a
computer embedded in it nowadays – cars, fridges, thermostats, cameras,
speakers, and of course, the ubiquitous mobile phones – resulting in a vastly
increased attack surface, and the need for trained professionals to protect this
Internet of Things (IoT). The general migration to the cloud has also encouraged
the growth of professionals seeking to protect data outside the confines of
on-prem systems. However, some core tenets still hold true – restricting user
access, limiting system functionality, backing up critical data, planning for
disruptions, and of course, security awareness training. Even the best of
security controls can be overcome by a user clicking on the wrong link
(phishing), visiting the wrong website (drive-by download), connecting to the
wrong network (rogue access point), opening the wrong attachment (malicious
macro), letting in the wrong person in a secured area (tailgating), or just
simply, disclosing the right information to the wrong person (vishing).
Intro to the Observable design pattern
The Observable design pattern is used in many important Java APIs. One
well-known example is a JButton that uses the ActionListener API to execute an
action. In this example, we have an ActionListener listening or observing on the
button. When the button is clicked, the ActionListener performs an
action. The Observable pattern is also used with reactive programming.
The use of observers in reactive applications makes sense because the essence of
reactive is reaction: something happens when another process
occurs. Observable is a behavioral design pattern. Its function is to
perform an action when an event happens. Two common examples are button clicks
and notifications, but there are many more uses for this pattern. ... By using
the Observable pattern, the notification would happen only once to all of your
subscribers. It's a huge performance gain as well as being an effective code
optimization. This code can easily be extended or changed. The reactive
programming paradigm uses the Observable pattern everywhere. If you ever worked
with Angular, then you will know that using Observable components is very
common.
How to Embed Gen Z in Your Organization’s Security Culture
Providing the most cutting-edge instruction will engage Gen Zers and provide
them with meaningful security best practices for work and home. The threat
landscape is more dangerous than it was when Gen Zers were coming of age.
Current threats extend beyond traditional scams. They may be lurking in the
unsecured WiFi available at a coffee shop. All the threat actor needs is someone
desperate for free internet and tired of clicking checkboxes. With that
ever-changing threat landscape in mind, your organization’s security program
needs the resilience to adapt. The IBM Security X-Force Cyber Range provides a
variety of experiences to prepare organizations for a cyber incident. The team
can also cater content to different audiences, such as the C-suite or the board
of directors. Gen Z may not be a part of those groups yet, but the X-Force Cyber
Range offers a range of experiences for professionals at all levels. The X-Force
Cyber Range team tailors immersive experiences to your organization’s industry
and context to provide the most realistic scenario.
Intelligence and Efficiency Will Guide Unstructured Data Management in 2023
Smarter edge data management will avoid overspending on storing extraneous
data in cloud data lakes and warehouses by filtering and deleting non-valuable
data at the edge first. Edge analytics tools will quickly process the data
without the need to send large files back and forth to cloud or on-premises
data centers, saving time and money. The right edge analytics and data
management program can deliver real-time insights to improve customer
experiences or detect issues quickly, such as a manufacturing defect or a
ransomware breach. ... Storage and IT managers will need to prepare by getting
full visibility into data across silos, understanding data characteristics and
metadata to enable rapid classification and search, and then moving it into
the optimal storage tier to feed the data lake and analytics platforms
preferred by their end users. IT will need to work closely with stakeholders
from security, legal, data governance, research, and data science teams, as
well as business unit leaders, to fulfill the requirements of new,
unstructured data analytics programs.
The FBI is worried about a wave of cyber crime against America’s small businesses
Small and medium-sized businesses face a big threat from cyberattacks and
hackers, according to a special agent in the FBI’s cyber division. “The large
businesses continue to invest in their cybersecurity and enhance their
cybersecurity posture,” FBI Supervisory Special Agent Michael Sohn said at
CNBC’s Small Business Playbook virtual event on Wednesday. “So what the
cybercriminals are doing is they’re pivoting, they’re evolving and targeting
the soft targets, which are the small and medium businesses.” In 2021, the
FBI’s Internet Crime Complaint Center (IC3) received 847,376 complaints from
the American public regarding cyberattacks and malicious cyber activity, a 7%
year-over-year increase. In total, potential losses from those attacks exceed
$6.9 billion, a 64% increase compared to the previous year. “Unfortunately,
the majority of those victims were small businesses,” Sohn told CNBC’s Frank
Holland. But even as small businesses are increasingly being targeted by
hackers and cyber criminals, CNBC and SurveyMonkey data has shown that most
small business owners are not concerned.
Healthcare: Essential Defenses for Combating Ransomware
From a defensive standpoint, Siegel says organizations can employ a long list
of tactics. Leading up to ransomware, the biggest weakness he sees is a
cultural issue, centered on failing to take the risk seriously and make
appropriate investments to prevent such incidents. "These are the times we
live in, and it's just the cost of doing business," he says. "You have to make
these investments." Ransomware attackers gain remote access to a victim's
network and typically linger, studying the network and gaining greater access,
before deploying crypto-locking malware. Thus, it's imperative to spot those
activities before files start getting encrypted. "Most groups now will also
want to steal large amounts of data before they launch the ransomware, and
then they'll actually plan out how they're going to deploy the ransomware to
all of your servers, all of your machines or whichever ones they choose," says
Peter Mackenzie, director of incident response at Sophos. "That's not
something that happens instantly. That can take days or weeks of
preparation."
Engineering AI-Enabled Computer Vision Systems: Lessons From Manufacturing
While traditional non-AI software acts as a tool to execute preset rules, an
AI-enabled system makes decisions based on (past) data and probabilistic
outcomes, which constitutes a paradigm shift—especially within traditional
manufacturing organizations. Therefore, proven software development approaches
need to be extended to build and further evolve systems that contain ML
components.13 One example is DevOps, which needs to be extended into DataOps
or MLOps when developing AI solutions to meet specific requirements of
handling the everchanging data. Engineering AI-enabled computer vision systems
goes beyond merely building AI algorithms. To build industrial solutions,
these AI algorithms need to be embedded into grown-up software products which
also poses novel challenges for software engineers. To provide an overview of
challenges and success factors in engineering AI-enabled computer vision
systems, we analyzed corresponding manufacturing use cases, shadowed project
meetings, and incorporated our own expertise.
IT Industry Outlook 2023: Trends Likely to Impact the Industry and Tech Pros
Employers are no longer restricted to hiring candidates that are within a
commutable distance of local offices, giving job hunters an opportunity to
apply for roles that may not have been open to them previously. “I believe
with the continued prevalence of remote working, hiring decisions will become
less based on culture fit and similar criteria, and more focused on skills and
performance,” Finnigan says. “This will open the door to a much more globally
diverse workforce, provided skills gaps continue to close.” ... Replacing
early interview screenings with skills-based assessments that mimic a
company's tech stack allows hiring managers to assess candidates’
compatibility quickly and accurately, moving only the best through the
pipeline. “With this approach, hiring managers can spend more time with
candidates who are truly qualified, which can lead to a more accurate decision
and a faster time-to-hire,” Finnigan says. Westfall says that smaller
organizations may be able to offer IT pros looking for a change of pace an
assortment of unique perks, as well as a close-knit company culture and a
greater impact on local communities.
APIs are placing your enterprise at risk
Stolen API keys are the culprit behind some of the largest cyberattacks to
date. We see the headlines and we read the news stories, but we often fail to
realize the broad consequences – particularly the notable impacts on
enterprise mobile security. Consider the news earlier this year of 3,000+
mobile applications leaking Twitter’s API keys, meaning bad actors could
compromise thousands of individual accounts and conduct a slew of nefarious
activities. Imagine if this was your company and the role was reversed and
hundreds or even thousands of mobile applications were leaking the API keys to
your corporate Gmail, Slack or OneDrive accounts. If this or similar scenarios
were to happen, employee devices and sensitive company data would be at
extreme risk. The recent push to focus on API security comes at a critical
time where more enterprises are relying on enterprise mobility, meaning
increasing a reliance on mobile app connectivity. A recent survey of US and
UK-based security directors and mobile applications developers found that 74%
of respondents felt mobile apps were critical to business success.
Quote for the day:
"Make heroes out of the employees who
personify what you want to see in the organization." --
Anita Roddick
No comments:
Post a Comment