Daily Tech Digest - December 31, 2022

Credentials Are the Best Chance To Catch the Adversary

It used to be that attackers would batter the networks of their targets. Now, they may use LinkedIn and social media to identify your employees’ personal email accounts, hack them, and look for other credentials. External actors may also identify unhappy employees posting negative reviews on Glassdoor and offer to buy their credentials. Or these actors may just boldly call your employees out of the blue and offer to pay them for their login information and ongoing approval of multi-factor authentication (MFA) prompts. As a result, MFA is no longer a reliable tool in preventing attacks, as it can be easily gamed by malicious insiders. ... Not every attack uses stolen credentials to gain initial access to networks, but every attack eventually involves credentials. After gaining access to networks, bad actors see who has privileged access. ... Between nation-state actors, criminal gangs, computer-savvy teenagers and disgruntled insiders, the likelihood is that your network has already been penetrated. What you need now is to detect these attacks at speed to minimize their damage.


Artificial Intelligence Without The Right Data Is Just... Artificial

Successful AI “requires data diversity,’ says IDC analyst Ritu Jyoti in a report from earlier in 2022. “Similarly, the full transformative impact of AI can be realized by using a wide range of data types. Adding layers of data can improve accuracy of models and the eventual impact of applications. For example, a consumer's basic demographic data provides a rough sketch of that person. If you add more context such as marital status, education, employment, income, and preferences like music and food choices, a more complete picture starts to form. With additional insights from recent purchases, current location, and other life events, the portrait really comes to life.” To enable AI to scale and proliferate across the enterprise, “stakeholders must ensure a solid data foundation that enables the full cycle of data management, embrace advanced analytical methods to realize the untapped value of data,” says Shub Bhowmick, co-founder and CEO of Tredence. “In terms of data availability and access, businesses need a way to parse through huge tracts of data and surface what’s relevant for a particular application,” says Sachdev.


Web3, the Metaverse and Crypto: Trends to Expect in 2023 and Beyond

If something good can come from FTX, it is that more regulations are coming, especially for centralized crypto exchanges, along with stricter rules on investor protection in the crypto trading space. Even Congress is paying attention, having summoned SBF for a congressional hearing (he was arrested the day before the scheduled hearing). These regulations are overdue – I have advocated for regulating centralized crypto exchanges since 2017. However, it’s better late than never. Legislators and regulators world-wide have zeroed in on the crypto market with an attempt to lay out rules, which hopefully prevents future catastrophes such as FTX. But legislators and regulators must be cautious in their approach, making sure not to stifle Web3 innovation. If they understand the difference between cryptocurrency as an asset class that trades on a centralized trading platform, and innovation that utilizes Web3 technology, and stick to investor protection while creating a welcoming environment for the development of Web3 applications, then we might be expecting a favorable legislative environment both for investors and developers.


Microservices Integration Done Right Using Contract-Driven Development

When all the code is part of a monolith, the API specification for a service boundary may just be a method signature. Also, these method signatures can be enforced through mechanisms such as compile time checks, thereby giving early feedback to developers. However, when a service boundary is lifted to an interface such as http REST API by splitting the components into microservices, this early feedback is lost. The API specification, which was earlier documented as an unambiguous method signature, now needs to be documented explicitly to convey the right way of invoking it. This can lead to a lot of confusion and communication gaps between teams if the API documentation is not machine parsable. ... Adopting an API specification standard such as OpenAPI or AsyncAPI is critical to bring back the ability to communicate API signatures in an unambiguous and machine-readable manner. While this adds to developers’ workload to create and maintain these specs, the benefits outweigh the effort.


The Threat of Predictive Policing to Data Privacy and Personal Liberty

It's not just related to law enforcement targeting; it's also related to any legal decisions. Custody decisions, civil suit outcomes, insurance decisions, and even hiring decisions can all be influenced by the RELX-owned LexisNexis system, which gathers and aggregates data. Unfortunately, there's little recourse for someone who was unfairly treated due to a data-based risk assessment because people are rarely privy to the way these decisions are made. So, a corporate HR manager or Family Court judge could be operating off bad or incomplete data when making decisions that could effectively change lives. RELX and Thomson Reuters have disclaimers freeing them from liability for inaccurate data, which means your information could be mixed in with someone else's, causing serious repercussions in the wrong circumstances. In 2016, a man named David Alan Smith successfully sued LexisNexis Screening Solutions when the company provided his prospective employer with an inaccurate background check. 


10 digital twin trends for 2023

Over the last year, the world has been wowed by how easy it is to use ChatGPT to write text and Stable Diffusion to create images. ... Over the next year, we can expect more progress in connecting generative AI techniques with digital twin models for describing not only the shape of things but how they work. Yashar Behzadi, CEO and founder of Synthesis AI, a synthetic data tools provider, said, “This emerging capability will change the way games are built, visual effects are produced and immersive 3D environments are developed. For commercial usage, democratizing this technology will create opportunities for digital twins and simulations to train complex computer vision systems, such as those found in autonomous vehicles.” ... Hybrid digital twins make it easier for CIOs to understand the future of a given asset or system. They will enable companies to merge asset data collected by IoT sensors with physics data to optimize system design, predictive maintenance and industrial asset management. Banerjee foresees more and more industries adopting this approach with disruptive business results in the coming years.


Change Management is Essential for Successful Digital Transformation

Vasantraj notes, “Organizational culture is vital in fostering leadership and enabling enterprises to adapt. Successful teams are built on trust and the ability to put aside self-interest and work together. Teams must think of organizations as a single entity and keep a growth mindset.” This type of collaborative culture doesn’t emerge without a lot of effort. Amy Ericson, a Senior Vice President at PPG, suggests one way a great change management leader can make their efforts employee-centric is to lead with empathy. She makes three helpful recommendations, “First, ask how your people are. Really ask them. Then, listen. You may find that they’re struggling, and your interest in how they are doing and genuine concern will help them move forward productively. Second, acknowledge their situation and ask how you can help. Do they need access to new tools or resources? Do they need a different schedule? Third, thank them, and follow through. Praise their courage to be honest, and deliver on your promises to help them succeed.”[5] Beyond being an empathetic leader, the BCG team highly recommends getting employees involved from the beginning of the change process.
.

‘There’s a career in cybersecurity for everyone,’ Microsoft Security CVP says

When there’s an abundance of opportunities, there are many ways of getting into that opportunity. We do have an incredible talent shortage. Going back to a myth buster, 37% of the people that we surveyed said that they thought a college degree was necessary to be in security. It’s not true. You don’t need a college degree. Many security jobs don’t require a four-year college degree. You can qualify by getting a certificate, an associate degree from a community college. Hence, why we are working with community colleges. There’s also a lot of resources for free because it can be daunting. The cost itself can be daunting, but there’s a lot of resources. Microsoft has a massive content repository that we have made available. We have made certifications. These are available to anyone who wants to take them, and there are ways you can train yourself and get into cybersecurity. We have this abundance of opportunity, which creates new ways of getting in, and we need to educate people about all these facets about how they can get in.


How the Rise of Machine Identities Impacts Enterprise Security Strategies

First, security leaders must rethink their traditional identity and access management (IAM) strategies. Historically, IAM has focused on human identities authenticating access systems, software and apps on a business network. However, with the rise of containers, APIs and other technology, a secure IAM approach must utilize cryptographic certificates, keys and other digital secrets that protect connected systems and support an organization’s underlying IT infrastructure. With the shift to the cloud, a Zero Trust framework has become the new security standard, where all users, machines, APIs and services must be authenticated and authorized before being able to access apps and data. In the cloud, there is no longer a traditional security perimeter around the data center, so the service identity is the new perimeter. When handling machine identities, fine-grained consent controls are essential in protecting privacy as data is moved between machines. The authorization system discerns the “who, what, where, when, and why” and confirms that the owner has consented to the sharing of that data and the person requesting access isn’t a fraudster. 


3 Predictions For Fintech Companies’ Evolution In 2023

If you spend even five minutes on LinkedIn, you know the debate between in-person, hybrid and distributed work is still a hot one. But what does the data tell us? Owl Lab’s State of Remote Work Report found the number of workers choosing to work remotely in 2022 increased 24%, those choosing hybrid went up 16% and interest for in-office work dropped by 24%. The data keeps rolling in with this McKinsey study that found, when offered, almost everyone takes the opportunity to work flexibly. Companies looking to embrace this flexible work mindset should focus on improving and optimizing synchronous activities like all-hands meetings, lunch and learns, and coffee chats. Supporting asynchronous work is also important. Personally, I’m a champion of written and narrative documentation of projects, which allows people to review and process on their own time and at their own pace. In my experience, this makes meetings even more productive and impactful so people can focus on the outcomes of time spent together. No one has a crystal ball for what the next year holds.  



Quote for the day:

"Leadership matters more in times of uncertainty." -- Wayde Goodall

No comments:

Post a Comment