Daily Tech Digest - December 21, 2022

The Cybersecurity Industry Doesn't Have a Stress Problem — It Has a Leadership Problem

Many of the cybersecurity issues raised in the CIISec survey point to a need for strong leadership that proactively identifies and resolves issues. But cybersecurity teams need servant leaders, not those who lead by establishing command and control structures. Servant leaders create authority by — you guessed it — serving their employees. Cybersecurity executives of this ilk are concerned about the well-being of the team, regularly checking in with team members on how they are doing, and removing roadblocks that harm operational performance. They'll go to bat with upper management to get an increased budget for new tools and additional staff to smooth out workloads for teams. Servant leaders take turns serving on call to understand work conditions from analysts' perspectives and hold regular team meetings to discuss key trends and issues. They're also likely to look ahead to anticipate market and business developments and reposition their organization to get ready to meet them. As a result, these leaders' teams feel supported. Analysts are not afraid to share problems or new ideas, as they know their leaders will listen, consider them carefully and, most importantly, respond.

Cybersecurity: What is Changing and What Isn’t

A lot of things have changed, but a lot remain the same. Adversaries have gotten smarter, so defense has had to do the same. Every piece of technology has a computer embedded in it nowadays – cars, fridges, thermostats, cameras, speakers, and of course, the ubiquitous mobile phones – resulting in a vastly increased attack surface, and the need for trained professionals to protect this Internet of Things (IoT). The general migration to the cloud has also encouraged the growth of professionals seeking to protect data outside the confines of on-prem systems. However, some core tenets still hold true – restricting user access, limiting system functionality, backing up critical data, planning for disruptions, and of course, security awareness training. Even the best of security controls can be overcome by a user clicking on the wrong link (phishing), visiting the wrong website (drive-by download), connecting to the wrong network (rogue access point), opening the wrong attachment (malicious macro), letting in the wrong person in a secured area (tailgating), or just simply, disclosing the right information to the wrong person (vishing).

Intro to the Observable design pattern

The Observable design pattern is used in many important Java APIs. One well-known example is a JButton that uses the ActionListener API to execute an action. In this example, we have an ActionListener listening or observing on the button. When the button is clicked, the ActionListener performs an action. The Observable pattern is also used with reactive programming. The use of observers in reactive applications makes sense because the essence of reactive is reaction: something happens when another process occurs. Observable is a behavioral design pattern. Its function is to perform an action when an event happens. Two common examples are button clicks and notifications, but there are many more uses for this pattern. ... By using the Observable pattern, the notification would happen only once to all of your subscribers. It's a huge performance gain as well as being an effective code optimization. This code can easily be extended or changed. The reactive programming paradigm uses the Observable pattern everywhere. If you ever worked with Angular, then you will know that using Observable components is very common. 

How to Embed Gen Z in Your Organization’s Security Culture

Providing the most cutting-edge instruction will engage Gen Zers and provide them with meaningful security best practices for work and home. The threat landscape is more dangerous than it was when Gen Zers were coming of age. Current threats extend beyond traditional scams. They may be lurking in the unsecured WiFi available at a coffee shop. All the threat actor needs is someone desperate for free internet and tired of clicking checkboxes. With that ever-changing threat landscape in mind, your organization’s security program needs the resilience to adapt. The IBM Security X-Force Cyber Range provides a variety of experiences to prepare organizations for a cyber incident. The team can also cater content to different audiences, such as the C-suite or the board of directors. Gen Z may not be a part of those groups yet, but the X-Force Cyber Range offers a range of experiences for professionals at all levels. The X-Force Cyber Range team tailors immersive experiences to your organization’s industry and context to provide the most realistic scenario. 

Intelligence and Efficiency Will Guide Unstructured Data Management in 2023

Smarter edge data management will avoid overspending on storing extraneous data in cloud data lakes and warehouses by filtering and deleting non-valuable data at the edge first. Edge analytics tools will quickly process the data without the need to send large files back and forth to cloud or on-premises data centers, saving time and money. The right edge analytics and data management program can deliver real-time insights to improve customer experiences or detect issues quickly, such as a manufacturing defect or a ransomware breach. ... Storage and IT managers will need to prepare by getting full visibility into data across silos, understanding data characteristics and metadata to enable rapid classification and search, and then moving it into the optimal storage tier to feed the data lake and analytics platforms preferred by their end users. IT will need to work closely with stakeholders from security, legal, data governance, research, and data science teams, as well as business unit leaders, to fulfill the requirements of new, unstructured data analytics programs.

The FBI is worried about a wave of cyber crime against America’s small businesses

Small and medium-sized businesses face a big threat from cyberattacks and hackers, according to a special agent in the FBI’s cyber division. “The large businesses continue to invest in their cybersecurity and enhance their cybersecurity posture,” FBI Supervisory Special Agent Michael Sohn said at CNBC’s Small Business Playbook virtual event on Wednesday. “So what the cybercriminals are doing is they’re pivoting, they’re evolving and targeting the soft targets, which are the small and medium businesses.” In 2021, the FBI’s Internet Crime Complaint Center (IC3) received 847,376 complaints from the American public regarding cyberattacks and malicious cyber activity, a 7% year-over-year increase. In total, potential losses from those attacks exceed $6.9 billion, a 64% increase compared to the previous year. “Unfortunately, the majority of those victims were small businesses,” Sohn told CNBC’s Frank Holland. But even as small businesses are increasingly being targeted by hackers and cyber criminals, CNBC and SurveyMonkey data has shown that most small business owners are not concerned.

Healthcare: Essential Defenses for Combating Ransomware

From a defensive standpoint, Siegel says organizations can employ a long list of tactics. Leading up to ransomware, the biggest weakness he sees is a cultural issue, centered on failing to take the risk seriously and make appropriate investments to prevent such incidents. "These are the times we live in, and it's just the cost of doing business," he says. "You have to make these investments." Ransomware attackers gain remote access to a victim's network and typically linger, studying the network and gaining greater access, before deploying crypto-locking malware. Thus, it's imperative to spot those activities before files start getting encrypted. "Most groups now will also want to steal large amounts of data before they launch the ransomware, and then they'll actually plan out how they're going to deploy the ransomware to all of your servers, all of your machines or whichever ones they choose," says Peter Mackenzie, director of incident response at Sophos. "That's not something that happens instantly. That can take days or weeks of preparation."

Engineering AI-Enabled Computer Vision Systems: Lessons From Manufacturing

While traditional non-AI software acts as a tool to execute preset rules, an AI-enabled system makes decisions based on (past) data and probabilistic outcomes, which constitutes a paradigm shift—especially within traditional manufacturing organizations. Therefore, proven software development approaches need to be extended to build and further evolve systems that contain ML components.13 One example is DevOps, which needs to be extended into DataOps or MLOps when developing AI solutions to meet specific requirements of handling the everchanging data. Engineering AI-enabled computer vision systems goes beyond merely building AI algorithms. To build industrial solutions, these AI algorithms need to be embedded into grown-up software products which also poses novel challenges for software engineers. To provide an overview of challenges and success factors in engineering AI-enabled computer vision systems, we analyzed corresponding manufacturing use cases, shadowed project meetings, and incorporated our own expertise.

IT Industry Outlook 2023: Trends Likely to Impact the Industry and Tech Pros

Employers are no longer restricted to hiring candidates that are within a commutable distance of local offices, giving job hunters an opportunity to apply for roles that may not have been open to them previously. “I believe with the continued prevalence of remote working, hiring decisions will become less based on culture fit and similar criteria, and more focused on skills and performance,” Finnigan says. “This will open the door to a much more globally diverse workforce, provided skills gaps continue to close.” ... Replacing early interview screenings with skills-based assessments that mimic a company's tech stack allows hiring managers to assess candidates’ compatibility quickly and accurately, moving only the best through the pipeline. “With this approach, hiring managers can spend more time with candidates who are truly qualified, which can lead to a more accurate decision and a faster time-to-hire,” Finnigan says. Westfall says that smaller organizations may be able to offer IT pros looking for a change of pace an assortment of unique perks, as well as a close-knit company culture and a greater impact on local communities.

APIs are placing your enterprise at risk

Stolen API keys are the culprit behind some of the largest cyberattacks to date. We see the headlines and we read the news stories, but we often fail to realize the broad consequences – particularly the notable impacts on enterprise mobile security. Consider the news earlier this year of 3,000+ mobile applications leaking Twitter’s API keys, meaning bad actors could compromise thousands of individual accounts and conduct a slew of nefarious activities. Imagine if this was your company and the role was reversed and hundreds or even thousands of mobile applications were leaking the API keys to your corporate Gmail, Slack or OneDrive accounts. If this or similar scenarios were to happen, employee devices and sensitive company data would be at extreme risk. The recent push to focus on API security comes at a critical time where more enterprises are relying on enterprise mobility, meaning increasing a reliance on mobile app connectivity. A recent survey of US and UK-based security directors and mobile applications developers found that 74% of respondents felt mobile apps were critical to business success.

Quote for the day:

"Make heroes out of the employees who personify what you want to see in the organization." -- Anita Roddick

No comments:

Post a Comment