Daily Tech Digest - February 05, 2023

Cloud security top risk to enterprises in 2023, says study

Indeed, about two-thirds of UK respondents told PwC they had not yet fully mitigated the risks associated with digital transformation, in spite of the potential cost, and reputational damage, of an incident – 27% of global chief financial officers who took part said they had experienced an incident in the past three years that had cost over $1m. On a brighter note, there does seem to be plenty of money available to help, which runs contrary to forecasts from analysts at Forrester, who predicted a 3.6% decline in general IT spending this year as organisations face a budget shortfall. Cyber security seems relatively unaffected by PwC’s metrics, with 59% of UK respondents saying they expect their security budgets to increase. ... At just under half of UK organisations, a “catastrophic” cyber incident was held to be the top risk scenario they faced, ahead of both global recession or a resurgence of a new Covid-19 variant. PwC said this echoed the findings of a previous study of CEOs that found 64% of UK leaders were “extremely or very concerned” about cyber attacks hitting their ability to conduct business.

Projecting Cybersecurity in 2023

While cloud-based data storage can be equipped with cybersecurity measures to prevent data breaches, if an enterprise hosts a large amount of valuable customer data, even a partial breach can have far-reaching negative effects. This is because an organization’s cloud storage contains enormous hordes of extraordinarily valuable data, if an attacker gains access to merely a fraction of these data, it can cause significant damage. An example of this was the Revolut data breach in September 2022. ... Though remote work is nothing new, it will continue to be a security concern in the coming year. Hackers will become more innovative in their approaches to targeting remote workers. Enterprises are also struggling with ensuring privacy as their teams become more scattered geographically. Remote employment frequently results in an increase in ransomware, phishing and social engineering attacks. To address attacks related to remote workplaces, organizations must adopt zero trust policies, assuming that every device and user is a possible attacker. Zero trust is a relatively new practice, but it is gaining traction as one of the key points of

Enterprises turn to single-vendor SASE for ease of manageability

"There’s a significant market opportunity to bring traditionally enterprise-grade security services to the midmarket and to small and medium-sized business," he said. "For many smaller companies, SASE is an opportunity for an all-in-one security and networking solution that allows them to offer more advanced security without the complexity or price tag of standalone solutions." Gartner has also been seeing growing interest from clients for single-vendor SASE platforms, said analyst Andrew Lerner, who covers enterprise networking for the research firm. Small companies without separate security and networking teams are particularly interested in single-vendor solutions, as are companies large enough to have architecture teams. "Architecture teams sit above the day-to-day operations," Lerner said. As a result, they can see the challenges associated with using multiple vendors. "Those challenges include multiple points of integration, multiple policies, multiple management planes, multiple points of presence," Lerner said. "That all has to be tied together, and that creates administrative inefficiency and inefficient traffic flows."

Google is feeling the ChatGPT threat, and here's its response

The company has reportedly been scrambling to put together a redesigned Search home page that includes multiple sections for back and forth questions between the user and a Google-made chatbot like ChatGPT, but combined with traditional search results. Google now appears ready to show off what it's been working on, though it remains to be seen whether it's "Apprentice Bard", the chatbot its been reportedly testing internally that uses Google's own LaMDA conversational chatbot technology. According to The Verge, Google has also sent media invites to an event on Wednesday, February 8 where it will explain how it's "using the power of AI to reimagine how people search for, explore and interact with information, making it more natural and intuitive than ever before to find what you need." The event will be streamed on YouTube at 8:30am ET. The increased openness appears to reflect an effort at Google to remind the world that it has been at the forefront of AI research for the past decade and remains relevant as questions mount about ChatGPT's impact on Google's Search business. That's as Microsoft suddenly seems to have a wider opening with beyond the enterprise via its large stake in OpenAI.

iSIMs imminent? What the evolution of SIM cards means for enterprise IoT

As more businesses and industries around the world begin to commit to deploying massive IoT solutions, we will see a gradual growth in global iSIM adoption to support it. Another piece of the IoT puzzle is private 5G networks, which are also making big strides towards mass deployment. Private 5G is going to be crucial in supporting the connectivity demands of mMTC applications, delivering the “smart factories” and “smart airports” that have been talked about for some time. iSIMs will make it easier and more cost-effective for businesses to make this happen, meaning industry 4.0 is finally on the horizon. However, there is a drawback with iSIMs that businesses and device manufacturers will have to navigate. Because the SIM is directly built into the device, it means product development timelines are likely to be longer. Rather than the fairly “plug and play” nature of a SIM or eSIM, iSIMs will have to be progressively integrated into the IoT solutions. With that in mind, when can we expect iSIMs to really claim the SIM throne? While it’s likely that iSIMs will be deployed in the wild by 2024, we may have to wait a little while longer before we reach mass adoption.

Microsoft’s new Teams Premium tier integrates with OpenAI's GPT-3.5

GPT-3.5 will be used to divide Teams meeting recordings into chaptered sections, generate titles and section descriptions, add personalized timeline markers that show when a user joined or left a meeting, as well as highlighting when a name was mentioned and when a screen was shared. Microsoft has long been a supporter of OpenAI, investing $1 billion in the company in 2019 to support its quest to create “artificial general intelligence,” and in 2020, it became the first company to license GPT for inclusion in its own products and services. GPT, which stands for Generative Pretrained Transformer, is a language model developed by OpenAI that uses deep learning techniques for natural language processing (NPL) to generate text that is remarkably similar to human writing. GPT-3.5 is the latest version of the model. In January, Microsoft announced the third phase of its long-term partnership with OpenAI, with a multiyear, multibillion dollar investment from the tech giant meant to help accelerate breakthroughs in AI, and the ability for Microsoft to access new AI-based capabilities it can resell or build into its products.

Tech workers seek alternative employment to avoid redundancy

With a large number of young people leaving the technology sector for various reasons, and the phrases “the great resignation” and “quiet quitting” gaining traction over the past year, organisations need to focus on ways to draw in new talent and keep the talent they already have. Until recently, a lack of skilled workers, increased use of technology and desperate employers put the power in the hands of jobseekers. But this is changing, with some suggesting the favour will shift towards employers this year. The recession has already seen high-profile tech companies such as Meta, Twitter, Microsoft and Amazon cut jobs in the thousands. When looking at redundancy concerns, CWJobs also looked at data from the Office for National Statistics, which suggests only 1.2% of firms in the “information and communications” sector are planning to let people go over the next three months – less than the average across the UK. Whether a looming threat or just rumours, the likelihood of employees having a “plan B” varies depending on location and age. Some 63% of respondents in London said they were applying for new jobs to protect their future, which is higher than the average.

Companies face data privacy maze, skills gap

“While businesses have invested significant resources into updating privacy protocols and notices to meet the Jan. 1, 2023 effective date for California and Virginia, there is still more work to be done to ensure covered businesses are ready for 2023 privacy compliance obligations,” the alert said. Forty-two percent of the ISACA respondents said their enterprise privacy budget is “somewhat or significantly” underfunded, down from 45% in 2022 and 49% in 2021. The association, which is made up of more than 165,000 professionals who work in IT-related fields, sent survey invitations during the fourth quarter of last year to about 46,000 of its constituents — mainly data privacy and security practitioners. A total of 1,890 respondents completed the survey. While many corporate executives are thinking about the potential fallout from data breaches — which are often in the headlines — there are still significant gaps to fill when it comes to broader data privacy obligations that are rapidly coming into force, according to Kazi. “It is possible to have good security in place but not be doing privacy very well,” she said.

Networking tips for IT leaders: A guide to building connections

Most experts agree you’ll get much more out of an in-person outing. But if budget or time are tight, online conferences can work, Mattson says. If you do opt for a webinar, make sure your camera is on, and comment when you can. “When you participate, people look at you as a go-to person, and that’s how you want to be seen,” Mattson says. “If you’re on mute and don’t look at the camera, that defeats the purpose.” And make sure to take advantage of any online networking opportunities the conference organizers provide. The pandemic has been a boon for online conferences. Megan Duty, vice president of technology and project delivery at Puritan Life, says her time available for networking increased because she was working at home more. “I wasn’t commuting as much and felt these conferences were important,” she says. ... Generally, Duty attends meetings that are relevant to insurance, leadership, women in technology, or those hosted by consulting groups she wants to get to know better. A lot of these forums are back in person, she says, and she traveled a lot during 2022. 

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

Many of the observed TTPs and collected tools have previously been attributed by other researchers to Kimsuky or Lazarus groups," the WithSecure researchers said in their new report. "The fact that references to both groups are observed could highlight the sharing of tooling and capabilities between North Korean threat actors." The researchers found malware similar to one called GREASE that was previously attributed to Kimsuky, as well as a custom version of In this incident WithSecure observed usage of a malware similar to GREASE, also previously attributed to Kimsuky. Another recovered malware was a custom version of Dtrack, a remote access Trojan (RAT), with a configuration very similar to one used by Lazarus in an attack against the Indian Kudankulam Nuclear Power Plant in 2019. The researchers also found usage of Putty Plink and 3Proxy, two tools previously observed in other Lazarus campaigns. The overlap with BianLian ransomware was the use of a command-and-control server hosted at an IP address previously used by BianLian attackers. 

Quote for the day:

"Any one can hold the helm when the sea is calm." -- Publilius Syrus

No comments:

Post a Comment