Cloud security top risk to enterprises in 2023, says study
Indeed, about two-thirds of UK respondents told PwC they had not yet fully
mitigated the risks associated with digital transformation, in spite of the
potential cost, and reputational damage, of an incident – 27% of global chief
financial officers who took part said they had experienced an incident in the
past three years that had cost over $1m. On a brighter note, there does seem
to be plenty of money available to help, which runs contrary to forecasts from
analysts at Forrester, who predicted a 3.6% decline in general IT spending
this year as organisations face a budget shortfall. Cyber security seems
relatively unaffected by PwC’s metrics, with 59% of UK respondents saying they
expect their security budgets to increase. ... At just under half of UK
organisations, a “catastrophic” cyber incident was held to be the top risk
scenario they faced, ahead of both global recession or a resurgence of a new
Covid-19 variant. PwC said this echoed the findings of a previous study of
CEOs that found 64% of UK leaders were “extremely or very concerned” about
cyber attacks hitting their ability to conduct business.
Projecting Cybersecurity in 2023
While cloud-based data storage can be equipped with cybersecurity measures
to prevent data breaches, if an enterprise hosts a large amount of valuable
customer data, even a partial breach can have far-reaching negative effects.
This is because an organization’s cloud storage contains enormous hordes of
extraordinarily valuable data, if an attacker gains access to merely a
fraction of these data, it can cause significant damage. An example of this
was the Revolut data breach in September 2022. ... Though remote work is
nothing new, it will continue to be a security concern in the coming year.
Hackers will become more innovative in their approaches to targeting remote
workers. Enterprises are also struggling with ensuring privacy as their
teams become more scattered geographically. Remote employment frequently
results in an increase in ransomware, phishing and social engineering
attacks. To address attacks related to remote workplaces, organizations must
adopt zero trust policies, assuming that every device and user is a possible
attacker. Zero trust is a relatively new practice, but it is gaining
traction as one of the key points of
Enterprises turn to single-vendor SASE for ease of manageability
"There’s a significant market opportunity to bring traditionally
enterprise-grade security services to the midmarket and to small and
medium-sized business," he said. "For many smaller companies, SASE is an
opportunity for an all-in-one security and networking solution that allows
them to offer more advanced security without the complexity or price tag of
standalone solutions." Gartner has also been seeing growing interest from
clients for single-vendor SASE platforms, said analyst Andrew Lerner, who
covers enterprise networking for the research firm. Small companies without
separate security and networking teams are particularly interested in
single-vendor solutions, as are companies large enough to have architecture
teams. "Architecture teams sit above the day-to-day operations," Lerner
said. As a result, they can see the challenges associated with using
multiple vendors. "Those challenges include multiple points of integration,
multiple policies, multiple management planes, multiple points of presence,"
Lerner said. "That all has to be tied together, and that creates
administrative inefficiency and inefficient traffic flows."
Google is feeling the ChatGPT threat, and here's its response
The company has reportedly been scrambling to put together a redesigned
Search home page that includes multiple sections for back and forth
questions between the user and a Google-made chatbot like ChatGPT, but
combined with traditional search results. Google now appears ready to show
off what it's been working on, though it remains to be seen whether it's
"Apprentice Bard", the chatbot its been reportedly testing internally that
uses Google's own LaMDA conversational chatbot technology. According to The
Verge, Google has also sent media invites to an event on Wednesday, February
8 where it will explain how it's "using the power of AI to reimagine how
people search for, explore and interact with information, making it more
natural and intuitive than ever before to find what you need." The event
will be streamed on YouTube at 8:30am ET. The increased openness appears to
reflect an effort at Google to remind the world that it has been at the
forefront of AI research for the past decade and remains relevant as
questions mount about ChatGPT's impact on Google's Search business. That's
as Microsoft suddenly seems to have a wider opening with beyond the
enterprise via its large stake in OpenAI.
iSIMs imminent? What the evolution of SIM cards means for enterprise IoT
As more businesses and industries around the world begin to commit to
deploying massive IoT solutions, we will see a gradual growth in global iSIM
adoption to support it. Another piece of the IoT puzzle is private 5G
networks, which are also making big strides towards mass deployment. Private
5G is going to be crucial in supporting the connectivity demands of mMTC
applications, delivering the “smart factories” and “smart airports” that have
been talked about for some time. iSIMs will make it easier and more
cost-effective for businesses to make this happen, meaning industry 4.0 is
finally on the horizon. However, there is a drawback with iSIMs that
businesses and device manufacturers will have to navigate. Because the SIM is
directly built into the device, it means product development timelines are
likely to be longer. Rather than the fairly “plug and play” nature of a SIM or
eSIM, iSIMs will have to be progressively integrated into the IoT solutions.
With that in mind, when can we expect iSIMs to really claim the SIM throne?
While it’s likely that iSIMs will be deployed in the wild by 2024, we may have
to wait a little while longer before we reach mass adoption.
Microsoft’s new Teams Premium tier integrates with OpenAI's GPT-3.5
GPT-3.5 will be used to divide Teams meeting recordings into chaptered
sections, generate titles and section descriptions, add personalized timeline
markers that show when a user joined or left a meeting, as well as
highlighting when a name was mentioned and when a screen was shared. Microsoft
has long been a supporter of OpenAI, investing $1 billion in the company in
2019 to support its quest to create “artificial general intelligence,” and in
2020, it became the first company to license GPT for inclusion in its own
products and services. GPT, which stands for Generative Pretrained
Transformer, is a language model developed by OpenAI that uses deep learning
techniques for natural language processing (NPL) to generate text that is
remarkably similar to human writing. GPT-3.5 is the latest version of the
model. In January, Microsoft announced the third phase of its long-term
partnership with OpenAI, with a multiyear, multibillion dollar investment from
the tech giant meant to help accelerate breakthroughs in AI, and the ability
for Microsoft to access new AI-based capabilities it can resell or build into
its products.
Tech workers seek alternative employment to avoid redundancy
With a large number of young people leaving the technology sector for various
reasons, and the phrases “the great resignation” and “quiet quitting” gaining
traction over the past year, organisations need to focus on ways to draw in
new talent and keep the talent they already have. Until recently, a lack of
skilled workers, increased use of technology and desperate employers put the
power in the hands of jobseekers. But this is changing, with some suggesting
the favour will shift towards employers this year. The recession has already
seen high-profile tech companies such as Meta, Twitter, Microsoft and Amazon
cut jobs in the thousands. When looking at redundancy concerns, CWJobs also
looked at data from the Office for National Statistics, which suggests only
1.2% of firms in the “information and communications” sector are planning to
let people go over the next three months – less than the average across the
UK. Whether a looming threat or just rumours, the likelihood of employees
having a “plan B” varies depending on location and age. Some 63% of
respondents in London said they were applying for new jobs to protect their
future, which is higher than the average.
Companies face data privacy maze, skills gap
“While businesses have invested significant resources into updating privacy
protocols and notices to meet the Jan. 1, 2023 effective date for California
and Virginia, there is still more work to be done to ensure covered businesses
are ready for 2023 privacy compliance obligations,” the alert said. Forty-two
percent of the ISACA respondents said their enterprise privacy budget is
“somewhat or significantly” underfunded, down from 45% in 2022 and 49% in
2021. The association, which is made up of more than 165,000 professionals who
work in IT-related fields, sent survey invitations during the fourth quarter
of last year to about 46,000 of its constituents — mainly data privacy and
security practitioners. A total of 1,890 respondents completed the survey.
While many corporate executives are thinking about the potential fallout from
data breaches — which are often in the headlines — there are still significant
gaps to fill when it comes to broader data privacy obligations that are
rapidly coming into force, according to Kazi. “It is possible to have good
security in place but not be doing privacy very well,” she said.
Networking tips for IT leaders: A guide to building connections
Most experts agree you’ll get much more out of an in-person outing. But if
budget or time are tight, online conferences can work, Mattson says. If you
do opt for a webinar, make sure your camera is on, and comment when you can.
“When you participate, people look at you as a go-to person, and that’s how
you want to be seen,” Mattson says. “If you’re on mute and don’t look at the
camera, that defeats the purpose.” And make sure to take advantage of any
online networking opportunities the conference organizers provide. The
pandemic has been a boon for online conferences. Megan Duty, vice president
of technology and project delivery at Puritan Life, says her time available
for networking increased because she was working at home more. “I wasn’t
commuting as much and felt these conferences were important,” she says. ...
Generally, Duty attends meetings that are relevant to insurance, leadership,
women in technology, or those hosted by consulting groups she wants to get
to know better. A lot of these forums are back in person, she says, and she
traveled a lot during 2022.
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
Many of the observed TTPs and collected tools have previously been
attributed by other researchers to Kimsuky or Lazarus groups," the
WithSecure researchers said in their new report. "The fact that references
to both groups are observed could highlight the sharing of tooling and
capabilities between North Korean threat actors." The researchers found
malware similar to one called GREASE that was previously attributed to
Kimsuky, as well as a custom version of In this incident WithSecure observed
usage of a malware similar to GREASE, also previously attributed to Kimsuky.
Another recovered malware was a custom version of Dtrack, a remote access
Trojan (RAT), with a configuration very similar to one used by Lazarus in an
attack against the Indian Kudankulam Nuclear Power Plant in 2019. The
researchers also found usage of Putty Plink and 3Proxy, two tools previously
observed in other Lazarus campaigns. The overlap with BianLian ransomware
was the use of a command-and-control server hosted at an IP address
previously used by BianLian attackers.
Quote for the day:
"Any one can hold the helm when the sea is calm." --
Publilius Syrus
No comments:
Post a Comment