How Quantum Metric is using data analytics to optimize digital teams
Quantum Metric was Ciabarra’s attempt to solve problems he personally faced
while running his online app store, Intelliborn. As the company grew to over one
million active users per day, he uncovered how difficult it was to see and
understand all of his customers at scale, and in real time. “I had used Google
Analytics, which was great to see how traffic was growing, but it couldn’t tell
me where my customers were struggling, and why. I would fix something that
someone on Twitter was ‘yelling’ at me about, but it sometimes would impact my
business, and sometimes it wouldn’t,” Ciabarra told VentureBeat. “I thought —
why is this so hard? Maybe addressing the squeaky wheel didn’t make sense from a
business perspective.” That sparked the idea for Quantum Metric. So, with his
cofounding engineer, David Wang, alongside his cat, Indy, Ciabarra went on to
develop the first version of the Quantum Metric platform. It focused on
surfacing customer frustrations and helping organizations see their customer
experience through session replays.
Creating a competitive edge with a cloud maturity strategy
Companies cannot become cloud mature overnight. Cloud maturity involves a
strategic effort from all levels of the businesses to look carefully at cloud
spend, mitigate cloud-related risks, and upskill workers in cloud technologies.
Those that manage to achieve a high level of cloud maturity remain much more
competitive than firms that stop at merely adopting cloud technologies.
According to McKinsey, Fortune 500 companies could earn more than $1 trillion
dollars by 2030 as a result of cloud adoption and optimisation. Deutsche
Bank recognised that in order to keep up with the future of banking and remain
competitive, it needed to become more cloud mature. ... Cloud maturity is
essential to a company’s success – but first leaders need to make sure their
employees are equipped with the skills required to solve security issues. Only
then will businesses be ready to implement the right strategies to maximise
their return on investment and realise the full potential of cloud computing.
CNET Is Testing an AI Engine. Here's What We've Learned, Mistakes and All
Over the past 25 years, CNET built its expertise in testing and assessing new
technology to separate the hype from reality and help drive conversations
about how those advancements can solve real-world problems. That same approach
applies to how we do our work, which is guided by two key principles: We stand
by the integrity and quality of the information we provide our readers, and we
believe you can create a better future when you embrace new ideas. The case
for AI-drafted stories and next-generation storytelling tools is compelling,
especially as the tech evolves with new tools like ChatGPT. These tools can
help media companies like ours create useful stories that offer readers the
expert advice they need, deliver more personalized content and give writers
and editors more time to test, evaluate, research and report in their areas of
expertise. In November, one of our editorial teams, CNET Money, launched a
test using an internally designed AI engine – not ChatGPT – to help editors
create a set of basic explainers around financial services topics.
Common Misconceptions About Modern Ransomware
Not too long ago, if someone decided to pay a ransom, they might not receive
the decryption keys after doing so. However, today, ransom payers usually do
receive the keys. This was a quiet shift that took place over several years.
Before this shift took place, the unsophisticated encryption process could be
considered hit or miss. Today, ransomware and threat actors hit more than they
miss. Often, they can encrypt most of the data—and do so quickly. Just several
years ago, a threat group would take many months to move around in a network,
find data sources, monitor traffic and begin an encryption process. Fast
forward to today, and the average attack-to-encryption time is 4.5
days. During the early days of ransomware attacks, threat groups would
occasionally move to a domain controller and gain access to an active
directory. This granted them the keys to the kingdom and had a detrimental
effect on the victim organization. Today, because of poor active directory
security and configurations, threat groups can often elevate their credentials
and their own active directory rapidly.
Can AI replace cloud architects?
The most likely path is that tactical AI tools will continue to appear. These
tools will focus on specific architectural areas, such as network design,
database design, platform selection, cloud-native design, security,
governance, use of containers, etc. The output should be as good as, if not
better than what we see today because these tools will leverage almost perfect
data and won’t have those pesky human frailties that drive some architecture
designs—emotions and feelings. Of course, some of these AI tools exist today
(don’t tell me about your tool) and are progressing toward this ideal.
However, their usefulness varies depending on the task. Tactical AI tools must
still be operated by knowledgeable people who understand how to ask the right
questions and validate the designs and recommendations the tool produces.
Although it may take fewer people to pull off the tactical component design of
a large cloud architecture, the process will not likely eliminate all humans.
Remember, many of these mistakes occur because enterprises have difficulty
finding skilled cloud pros.
Chinese threat actor DragonSpark targets East Asian businesses
SparkRAT uses WebSocket protocol to communicate with the C2 server and
features an upgrade system. This allows the RAT to automatically upgrade
itself to the latest version available on the C2 server upon start-up by
issuing an upgrade request. “This is an HTTP POST request, with the commit
query parameter storing the current version of the tool,” researchers noted.
In the attacks analyzed by the researchers, the SparkRAT version used was
built on November 1, 2022, and deployed 26 commands. “Since SparkRAT is a
multi-platform and feature-rich tool, and is regularly updated with new
features, we estimate that the RAT will remain attractive to cybercriminals
and other threat actors in the future,” researchers said. DragonSpark also
uses Golang-based m6699.exe, to interpret runtime encoded source code and
launch a shellcode loader. This initial shellcode loader contacts the C2
server and executes the next-stage shellcode loader.
Microsoft to Block Excel Add-ins to Stop Office Exploits
Excel add-in files are designated with the XLL file extension. They provide a
way to use third-party tools and functions in Microsoft Excel that aren't
natively part of the software; they're similar to dynamic link libraries
(DLLs) but with specific features for Excel spreadsheets. For cyberattackers,
they offer a way to read and write data within spreadsheets, add custom
functions, and interact with Excel objects across platforms, Vanja Svajcer, a
researcher with Cisco's Talos group, said in a December analysis. And indeed,
attackers started experimenting with XLLs in 2017, with more widespread usage
coming after the technique became part of common malware frameworks, such as
Dridex. ... One of the reasons for that is because Microsoft Office does not
block the feature but raises a dialogue box instead, a common approach that
Microsoft has taken in the past, Svajcer wrote: "Before an XLL file is loaded,
Excel displays a warning about the possibility of malicious code being
included. Unfortunately, this protection technique is often ineffective as a
protection against the malicious code, as many users tend to disregard the
warning."
The Intersection of Trust and Employee Productivity
Unfortunately, many companies adopt a "block first, ask questions later"
approach to security, which can erode employee trust and undermine the
benefits of empowering employees to choose their own applications. In our
previous research at Cerby, we found that 19% of employees ignore application
blocks and continue to use the apps they prefer, despite such restrictions.
This suggests that organizations should seek to balance high levels of trust
in employees with zero trust principles for data, applications, assets and
services (DAAS). A more effective approach may be to adopt an enrollment-based
approach to security that balances trust-positive initiatives like employee
choice of applications with cybersecurity and compliance requirements. By
adopting this approach, organizations can build digital trust with employees
by giving them more control over the tools and technologies they use while
still ensuring the security and reliability of their systems and processes for
consumers. But the benefits of building high levels of employee trust go
beyond improved job performance and satisfaction.
Examining the CIO time management dilemma
The skill profile and expectations of the CIO have, therefore, shifted to
balance both business management with technology, so, where necessary, CIOs
need to bolster those skills accordingly to deliver the right solutions for
the business. “What makes a strong CIO is being able to recognize where the
blind spots in their skill sets are and bring supplemental skills in with
other leaders in the organization,” she adds. So the CIO role has evolved into
this business manager position to understand how technology delivers value to
the business. “And because technology is becoming the way we do business, it
becomes imperative for the CIO to have that business acumen in addition to the
technology,” she says, adding having that acumen is necessary to articulate
justifying investment in it to enable organizational growth. In addition, as
CEOs have increased their investment into digital advances in security, AI,
and data analytics, their demand for results has grown, according to Gartner
VP analyst Daniel Sanchez-Reina.
Cloud egress costs: What they are and how to dodge them
Egress charges work the other way, by discouraging firms from transferring
data out, either to other cloud providers, or to on-premise systems. “They’ve
made the commercial decision that ingress should be effectively absorbed
within the consolidated cost of service represented in the unit prices of
cloud components, but egress charges are separated out,” says Adrian Bradley,
head of cloud transformation at consulting firm KPMG. “At the heart of that,
it is a real cost. The more a client consumes of it, the more it costs the
cloud providers.” Firms have seen egress charges rise as they look to do more
with their data, such as mining archives for business intelligence purposes,
or to train artificial intelligence (AI) engines. Data transfers can also
increase where organisations have a formalised hybrid or multi-cloud strategy.
“Either there’s a need to do a lot more data egress, or perhaps there’s just
simply the positive use of cloud to develop new products and services that
intrinsically use more data,” says Bradley. The result is that firms are
moving more data from cloud storage, and are being hit by increasing costs.
Quote for the day:
"Leadership does not depend on being
right." -- Ivan Illich
No comments:
Post a Comment