Daily Tech Digest - January 27, 2023

The Evolution Of Internet Of Things

The IoT ecosystem is more than mere connected devices, nor is IIoT merely a matter of connecting plants and machinery to the edge or cloud storage. There are a whole lot of technologies involved in the process ranging from chips and sensors that capture data from physical assets to communication networks; advanced analytics, including machine learning and artificial intelligence; Simulation and collaborative tools, including digital twins; machine vision and human-machine interfaces; and security systems and protocols. Among the major players in the IoT/IIoT space are ABB, Amazon Web Services, Cisco Systems, General Electric, IBM Corporation, Intel Corporation, Microsoft, Oracle Corporation, Robert Bosch GmbH, Rockwell Automation and Siemens, besides several others. Industrial automation, as exemplified best by the progress made by the automobile industry over the last 100 years, increased productivity dramatically and reduced the cost of production. 

Why Founders Are Hiring These Two Coaches to Supercharge Their Business

What I want to encourage founders to do is invest in help, join a community or hire a coach, or get an advisor who can really be there in a more effective capacity, someone that you can bounce ideas off of, someone that you can be extremely honest with when things are going wrong. You need that support. You can't build the business alone. And it really takes a combination of mindset and strategic work. So when we work with founders, we build a strategic roadmap while we also work on this mindset and in their professional growth. We believe that you cannot have a successful company without both pieces of the puzzle. ... Here's what I say about juggling it all, is that, think about it as if you're juggling balls, and some of the balls are glass and some are rubber, and your clean house is a rubber ball and your health is a glass ball. So make sure that the balls that you're dropping are rubber and not glass. You'll always be dropping balls. And the other thing is everyone needs help. 

Difference Between Conversational AI and Generative AI

Conversational AI is the Artificial intelligence (AI) that can engage in conversation and refers to tools that allow users to communicate with virtual assistants or chatbots. They mimic human interactions by identifying speech and text inputs and translating their contents into other languentreeeeeeages using massive amounts of data, machine learning, and natural language processing. While Generative AI often uses deep learning techniques, like generative adversarial networks (GANs), to identify patterns and features in a given dataset before creating new data from the input data. Now that we have a fair idea of Conversational AI and Generative AI, let’s dive deeper into how they work and differ. In conversational AI the two major components are, Natural language processing (NLP) and machine learning are two major components to keep the AI algorithms up-to-date, these NLP operations interact with machine learning processes in a continual feedback loop. The fundamental elements of conversational AI enable it to process, comprehend, and produce responses naturally.

3 business application security risks businesses need to prepare for in 2023

As organizations ramp up their digital transformation efforts and transition between on-premises and cloud instances, they’re also increasingly bringing in web-facing applications. Applications that used to be kept behind enterprise “walls” in the days of on-premises-only environments are now fully exposed online, and cybercriminals have taken advantage. Given the myriad sensitive information kept within these applications, enterprises must ensure internet-facing vulnerabilities have the highest priority. ... While zero-day vulnerabilities are common entry points for threat actors, they also tend to pay close attention to patch release dates, as they know many enterprises fall behind in patching their vulnerabilities. Many patch management processes fail because security teams use manual methods to install security fixes, which takes up a significant portion of their already-limited time. As the number of patches piles up, it can be difficult to determine which patches must be applied first and which can be left for later.

Uncertainty persists, but enterprises rush to adopt network as a service

“Although enterprises can see the operational value NaaS could bring, they worry about the potentially higher total cost of ownership (TCO), day-to-day management challenges and risk of significant fluctuations in monthly bills,” Hayden added. “This leaves a massive challenge for communications service providers (CSPs).” The report acknowledged that CSPs have made large strides over the past few years as they look to leverage their underlying infrastructure to climb the digital value chain by delivering cloud-enabled integrated network services. It emphasises that accelerating NaaS adoption should be a top priority for CSPs as it offers a clear avenue towards network monetisation through over-the-top (OTT) service delivery. “CSPs must first invest heavily in their NaaS solution looking to integrate automation and drive platform openness,” Hayden recommended. “On top of this, they must look to develop a partnership ecosystem comprised of systems integrators and network service partners.”

What the FBI’s Hive takedown means for the ransomware economy

“Today’s disruption of the Russian Hive ransomware infrastructure underscores the historic international cooperation between law enforcement agencies. The International Ransomware Taskforce is having an impact,” said Tom Kellermann, CISM, senior VP of cyberstrategy at Contrast Security. However, Kellermann warns that there’s still more to be done to address the impunity of Russian state-backed cybergangs, who are free to engage in criminal activity internationally with little threat of prosecution. ... “Disrupting Hive is no doubt a victory, but the war is far from over,” said Kev Breen, director of cyber threat research at Immersive Labs. “While this action will have a short-term effect on the proliferation of ransomware, Hive operates under a ransomware-as-a-service (RaaS) model, meaning they use affiliates that are responsible for gaining the initial foothold and then dropping the ransomware payload. “With the proverbial head of this snake cut off, those affiliates will turn to other ransomware operators and pick up where they left off,” Breen said.

Data Lake Security: Dive into the Best Practices

The three key security risks facing data lakes are:Access control: With no database tables and more fluid permissions, access control is more challenging in a data lake. Moreover, permissions are difficult to set up and must be based on specific objects or metadata definitions. Commonly, employees across the company also have access to the lake, which contains personal data or data that falls under compliance regulations. With 58% of security incidents caused by insider threats, according to a commissioned Forrester Consulting study, employee access to sensitive data is a security nightmare if left unchecked. Data protection: Data lakes often serve as a singular repository for an organization’s information, making them a valuable target to attack. Without proper access controls in place, bad actors can gain access and obtain sensitive data from across the company. Governance, privacy, and compliance: Because employees from across the company can feed data into the data lake without inspection, some data may contain privacy and regulatory requirements that other data doesn’t. 

Why Securing Software Should Go Far Beyond Trusting Your Vendors

Securing a software supply chain against attacks takes knowing what elements in your system have the potential to be attacked. More than three-quarters (77%) of those BlackBerry surveyed said that, in the last 12 months, they discovered previously unknown participants within their software supply chain — entities they had not been monitoring for adherence to critical security standards. That’s even when these companies were already rigorously using data-encryption, Identity Access Management (IAM), and Secure Privileged Access Management (PAM) frameworks. As a result, malicious lines of code can sit in blind spots for years, ready to be exploited when the attacker chooses. The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) recently issued a recommended practices guide for customers on securing the software supply chain. 

7 Insights From a Ransomware Negotiator

"We really like to focus on emphasizing communication when it comes to threat intelligence — whether it's threat intelligence talking with the SOC or the incident response team, or even vulnerability management," he says. "Getting an idea of what these trends look like, what the threat actors are focusing on, how much they pop up and go away, all of that is very valuable for the defenders to know." Even though the underlying TTPs of fulltime groups makes a lot of ransomware detection and response a little easier, there are still some big variables out there. For example, as many groups have employed the ransomware-as-a-service (RaaS) model, they employ a lot more affiliates, which means negotiators are always dealing with different people. "In the early days of ransomware, when you started negotiations, there was a good chance you were dealing with the same person if you were dealing with the same ransomware," Schmitt says. "But in today's ecosystem, there are just so many different groups, and so many different affiliates that are participating as part of these groups, that a lot of times you're almost starting from scratch."

The downsides of cloud-native solutions

One of the main issues with cloud-native development and deployment is that it can lead to vendor lock-in. When an application is built and deployed to a specific cloud provider, you typically use the native capabilities of that cloud provider. It can be difficult and costly to move to a different provider or an on-premises platform. This can limit the flexibility of the organization in terms of where they choose to run their applications. It flies in the face of what many believe to be a core capability of cloud-native development: portability. ... Another downside is that cloud-native development can be complex and require a different set of skills and tools compared to traditional on-premises and public cloud development. This can be a challenge for organizations that are not familiar with cloud-native practices and may require additional training and resources. I often see poorly designed cloud-native deployments because of this issue. If you’re not skilled in building and deploying these types of systems, the likely outcomes will be poorly designed, overly complex applications. 

Quote for the day:

"Who we are cannot be separated from where we're from." -- Malcolm Gladwell

No comments:

Post a Comment