Daily Tech Digest - March 04, 2023

How security leaders can effectively manage Gen Z staff

Gen Z will look for jobs in organizations that share their values. Gen Z is likely to remind their superiors of such values if they find themselves being asked to do something that goes against such. Be ready for situations like this and make sure the company’s values isn’t just a marketing creation. Another way to look at this is to proactively go after individuals whose values resonate with the company’s. All working generations have experienced pros and cons of work from home, the office or a mix of both. This is unlikely to be a Gen Z-only preference, but younger generations may be more prone to think, “Why do I need to go to a specific location to do a job I can perform from anywhere?” ... The two aspects here are peer training and paid training. Gen Z is eager to learn but also to move forward, now even though this may not be effective to all roles it can be a positive in cybersecurity where attackers and attacks are always evolving fast.

LastPass Hack Highlights Importance of Applicable Acceptable Use Policies

While LastPass has made it clear that several course corrective activities have taken place post-incident to prevent similar hacks, the argument that this type of exploitation was preventable persists. Specifically, one control that should be scrutinized is the LastPass Acceptable Use Policy (AUP). These important documents provide employees with a set of rules applied by the company that explain the methods through which employees may access or use corporate networks, devices or data. Many of these policies require that corporate data may only be accessed and managed on corporate systems. This specific provision allows the organization to control both physical and logical access to important information, such as business operations and client data. As the business world has morphed with a more distributed and remote configuration, corporate AUPs require additional scrutiny as well. Specifically, companies should take a hard look as to the applicability of the Bring Your Own Device (BYOD) mentality and consider the security implications that could emerge through mismanagement.

3 Steps to Unlock the Power of Behavioral Data

In practice, a strong data culture is a “decision culture” according to McKinsey research, which is a culture where an organization can accelerate the application of advanced analytics, powering improved business performance and decision-making. Furthermore, Forrester found that organizations that use data to derive insights for decision-making are almost three times more likely to achieve double-digit growth. So why is it such a challenge to create this type of culture? ... Data creation is the process of creating high-quality, contextual behavioral data to power AI and other advanced data applications. Instead of working with the data exhaust which happens as a result of SaaS applications and black box analytics tools, data creation allows a choice of metrics that would best reflect the organization’s needs. The great thing about this is that it saves data teams quite a lot of time as it continuously delivers a highly trusted real-time stream of data that evolves with the business.

5 steps for building a digital transformation-ready enterprise architecture

In a hyper-competitive and increasingly cloud-based business environment, it's clear that digital-first is the only way forward. Of course, the transformation could have been smoother. For most businesses, it's happened in fits and starts—a program written here, a piece of software implemented there. The end result, in many cases, has been a patchwork: out-of-date applications, redundant or overly complicated programs, and generally clogged internal processes. Think of a big, tangled pile of extension cords—it's unclear what goes where, what can be safely removed, what needs replacing, and so forth. These clogged processes present a serious problem for businesses engaged in digital transformation. They can slow down a company's inner workings and, over time, lead to lost productivity and revenue. That's why it's imperative for companies to clear away the cobwebs and redesign their internal processes for maximal productivity—to, in other words, embark on an organization-wide program of enterprise architecture.

Crucial role of data protection in the battle against ransomware

Central to any cybersecurity strategy being developed is the role of the IT infrastructure teams and storage administrators in the secure storage and protection of data.However, formulating and implementing a strategy alone will not be enough, organisations must rigorously test their resiliency plans. It is essential to identify the cracks in the defences as a proactive strategy, even as learnings are applied reactively. A key reason behind the rise of ransomware attacks is that the attack surface, the systems that are accessible and could be compromised, is massive and constantly growing. The larger the enterprise, the larger the attack surface, as the vulnerable endpoints and pieces of software being used are many. Any breach that occurs, thus must be quickly contained, and its impact as minimised as possible. Merely adding more storage to a data centre is not the solution. Enterprises will need to incorporate immutable storage and encryption technology and optimize the recovery process. 

US Cybersecurity Strategy Shifts Liability Issues to Vendors

The administration envisions that it will roll out more stringent software development practices, work with vendors to implement them in the software development process and then work with industry and Congress to establish a liability shield for companies that adopt those practices. That process will take well over a year, the senior administration official predicts. Veracode founder and Chief Technology Officer Chris Wysopal says drawing from the NIST Secure Software Development Framework for the safe harbor law is more aspirational than realistic since the liability shield must consider a company's maturity and security posture. Kalember says no current institutions are well positioned to assess compliance with NIST or assign blame after a security incident. "We need a few different levels of what building safe software means," Wysopal tells ISMG. "The SSDF is a good starting point, but I think it does need to be more practical and more basic."

The government cannot win at cyber warfare without the private sector

The Council on Foreign Relations (CFR) recommends “a program of deepening public-private collaboration between the Defense Department (DOD) and the defense industry” to stop these hacks. It suggests this because it recognizes that the private sector is who owns and operates the networks and systems that the problem countries target, while the public sector “lacks the same picture of the threat environment.” The CFR is right. Private-sector actors regularly face hackings and understand that their survival in the marketplace hinges upon addressing them swiftly and efficiently. The government, by contrast, doesn’t recognize many of these threats until they occur. The government has the ability to contract with anyone, so why wouldn’t it choose to work more closely with private companies. Consider the case of the Office of Personnel Management, which faced that headline-making 2015 hacking from China. 

Five Factors For Planning A Data Governance Strategy

Effective data governance begins with having a comprehensive record of the data within the organization; however, according to one survey, for two-thirds of organizations, at least half of their data is dark. This dark data represents untapped insights that are not being levered by the organization. Also concerning is the fact that this same absence of quality data and availability can result in an estimated 29% of an employee’s time being spent on non-value-added tasks. ... Data democratization can be shaped by AI-enabled governance policies that control access to the cataloged data. This self-service access to data affords a degree of autonomy for users to work with the data—and the insights it can provide—independently, regardless of their position within the organization. The impact of data democratization can be felt across an entire organization. Users are able to access data securely and work with data on their own without being occupied by tasks that produce no benefit to the organization. As a result, the IT department can be available to handle other important tasks. 

The Move to Unsupervised Learning: Where We Are Today

In addition to the need for explainability, another significant challenge to the widespread adoption of deep learning is the increasing reliance on the need for labeled data, that is, adding labels to raw data such as text files and images to identify them and provide context that machine learning models can recognize and learn from. Supervised learning has made significant and impressive advances in recent years, demonstrating the ability to learn from massive amounts of labeled data. There is, however, a limit to how much AI can advance using supervised learning alone. In many real-world scenarios, the availability of large amounts of labeled data is a challenge — either due to a lack of resources or the inherent nature of the problem itself. Ensuring class balance in the labeled data presents another challenge in that it’s often the case that some classes make up for a large proportion of the data, while other classes might not be adequately represented. Furthermore, ensuring the trustworthiness of labeled data can present another challenge. 

The Biggest Enterprise Architecture Trends in 2023

Most Enterprise Architects endlessly tweak their systems to improve change delivery. As with all things in life, the changes aren't perfect the first time around, and adapting is essential. Each round of change, however small, ultimately improves the system. Many trends overlap and adapting way-of-working ties in with using the social aspects of the architecture described above. Organizations can track the history of change initiatives to see the applications, processes, and information impacted over time. Understanding how the change works gives leaders vital information to make decisions. By tracking people, teams, and departments, organizational and communication pathways become clear. Over time, the tracking shows patterns of where change occurs. When it’s clear where change is happening and failing, the patterns can guide the reorganization of teams. It can also help teams work as independently as possible, improve cross-team coordination, and aid prioritization.

Quote for the day:

"Leaders think and talk about the solutions. Followers think and talk about the problems." -- Brian Tracy

No comments:

Post a Comment