Daily Tech Digest - March 30, 2023

5 cyber threats retailers are facing — and how they’re fighting back

Retailers are vulnerable to a range of direct e-commerce cyber threats far beyond ransomware. They include hackers altering gift cards and/or the systems used to activate and manage them, swapping barcodes on products to deceive self-checkout systems, defrauding return services via online return forms to obtain refunds for ordered items, hijacking customer accounts to steal their personal information, and stealing credit card numbers through digital skimming. Bot attacks on e-commerce sites are another threat that can’t be ignored. These automated scripts can use a browser to emulate human behavior, including mouse movements and clicks, making them difficult to detect. Advanced bots can hide their real location by routing traffic through anonymous proxies, anonymization networks, or through public cloud services. Bots can facilitate account takeover, through which hackers make fraudulent purchases using data from customer accounts such as gift cards, discount vouchers, and loyalty points, and even saved credit card information.

Google ambushes on-prem PostgreSQL with AlloyDB Omni

Self-managed AlloyDB Omni provides a pathway to modernize legacy databases on-premises before moving to the cloud, analysts said. “Database migrations can be complex and costly, especially when combined with migration from on-premises infrastructure to cloud. AlloyDB Omni provides a pathway for organizations to modernize those workloads in-place by migrating to AlloyDB Omni on-premises,” said Matt Aslett, research director at Ventana Research. “This move can be seen as one step prior to a potential move to the AlloyDB managed service, or with a view to retaining the workloads in on-premises data centers or on edge infrastructure due to sovereignty or performance requirements,” he added. According to Omdia’s Chief Analyst Bradley Shimmin and dbInsight’s Principal Analyst Tony Baer, AlloyDB Omni combines the best of open-source PostgreSQL and Google Cloud’s architecture, making it more appealing than rival services such as AWS Aurora for PostgreSQL and Microsoft’s CitiusDB, among others.

How to Succeed As a New Chief Information Security Officer (CISO)

As a CISO, you probably have an endless to do list of vital chores that can keep you preoccupied. FFor this reason, you may be cut off from your coworkers and superiors, limiting your exposure to strategic and operational information shared through informal channels such as one on ones, small group brainstorming sessions, and, yes, even boring meetings. Stay in touch with your mentor(s) as you make this shift. Having a clear idea of your challenges and working with a coach can help your CISO first 90 days and adjust more smoothly. Participate in the discussion to better understand the company’s goals, potential, and threats. Building productive relationships with employees and other divisions is crucial to your success as a chief information security officer. Coordinate early on with the major players by setting up a meeting schedule. Determine which divisions you will work with, such as legal, audit, risk, marketing, and sales. As a result, we will be better able to establish connections to facilitate the rollout of cybersecurity awareness campaigns and related policies. The CISO needs to work in tandem with other executives.

Why it is time all businesses became data-driven

Encouragingly, the future of data skills is in safe hands. Data from the British Computer Society (BCS) recently revealed that interest in computing degrees is growing more than other courses. According to BCS data, 92,980 18-year-olds applied to start computing degrees this year in the UK, a 9.6% rise demonstrating the sector’s continued appeal. The Society believes that increasing interest in the degree course was likely a result of the higher profile of AI and a realisation about the career prospects for computing graduates in areas like cyber security and climate change data science. For those organisations looking to increase their data skills sooner, though, several programmes in the market can match you with a data scientist. As the now old adage goes – data is the new oil. With its value likely to continually increase, those organisations that do not recognise its value will undoubtedly be left behind, allowing competitors to overtake them. With no sign of market conditions easing, now is the time to evolve. Not doing so could be devastating.

Clouds vs Edges: Which Computing Wins the Race?

One of the key benefits of edge computing is its ability to reduce latency, or the delay between a user’s request and the response. With traditional cloud computing, data is sent to a central data center for processing, which can result in latency that is too long for certain applications. Edge computing can help address this issue by bringing computation closer to the source of the data, reducing the time it takes to process the data. Another advantage of edge computing is its ability to support real-time data processing and analysis. Edge computing allows applications to react quickly to changes in data by processing it closer to where it is being produced, which is crucial for applications that require real-time data processing, like self-driving cars and industrial automation. ... Both edge computing and cloud computing are critical components of modern computing infrastructure, and each has its advantages and disadvantages. Edge computing enables data processing and analysis to occur closer to the source of data, resulting in lower latency, improved reliability, and greater security. 

CEOs feel responsible for security, but ill at ease on stepping up

This gap in perception, according to the research, lies partly in the meaning of accountability: instead of seeing themselves as accountable – being the face of the mistake – CEOs should assume co-responsibility for cyber resilience together with their CISO. Second, CEOs should stay away from blindly trusting their technology teams. Instead, they should move to a state of informed trust about their enterprise’s cyber resilience maturity. Third, CEOs should embrace what the authors call the “preparedness paradox” — an inverse relationship between the perception of preparedness and resilience. The better-prepared CEOs think their organisation is for a serious cyberattack, the less resilient their organisation likely is, in reality. And fourth, CEOs should adapt their communication styles to regulate pressure from external stakeholders who have different and sometimes conflicting demands. Depending on the stakeholder and the situation, CEOs should either be a transmitter, filter, absorber or amplifier of pressure.

Why exams intended for humans might not be good benchmarks for LLMs like GPT-4

Exams designed for humans assume that the test-taker already possesses these preparatory skills and knowledge, and therefore do not test them thoroughly. On the other hand, language models have proven that they can shortcut their way to answers without the need to acquire prerequisite skills. “Humans are presumably solving these problems in a different, more generalizable way. Thus we can’t make the assumptions for LLMs that we make for humans when we give them tests,” Mitchell said. For instance, part of the background knowledge for zoology is that each individual is born, lives for a while and dies, and that the length of life is partly a function of species and partly a matter of the chances and vicissitudes of life, says computer scientist and New York University professor Ernest Davis. “A biology test is not going to ask that, because it can be assumed that all the students know it, and it may not ask any questions that actually require that knowledge. But you had better understand that if [you’re going to be] running a biology lab or a barnyard,” Davis told VentureBeat.

12 Places to Intervene - Rethink FinOps Using a Systems Thinking Lens

When we analyze a problem, we often try to look for certain points or places where we can focus our efforts to gain maximum leverage on the system to achieve our desired outcome. For example, if you are in a situation to lift a motorbike that’s fallen down, you don’t pull up from every part that you can hold on to. Instead, you find the best part and a way to hold (based on the bike design and your strengths) to pull up with the least effort and damage. Similarly, for complex socio-technical systems, Donnella Meadows, in her book Thinking in Systems, proposes 12 places where you can "intervene" to achieve maximum impact. These are known as leverage points or points of intervention. A system intervention is a deliberate effort to change or improve a system’s behavior, processes, or outcomes. It involves identifying problems and implementing changes to improve the overall functioning of the system. Donella Meadows introduces the 12 leverage points in the increasing order of leverage. 

Employee engagement: Why it matters

A dominant theme that emerged in Professor Heskett’s research is that organizations “lack leadership talent with the attitude, training, and willingness to devote time to the difficult task of engagement.” Too often, he points out, “an annual employee survey is taken, trends analyzed and reported back, opportunities for improvement discussed … and management returns to handling other primary responsibilities.” Dr. Heskett’s research also suggests that managers often put too much emphasis on “making the numbers” to the exclusion of other goals. On the other hand, if employee engagement is the goal, “making the numbers” would come much more easily. According to Heskett, engaged workers are more likely to remain on the job, are more productive and higher-performing, and foster higher levels of customer engagement – all of which boost profits and growth. Assessing and evaluating workplace engagement levels can be challenging, and there’s no single standard approach.

Examining key disciplines to build equity in the IT workplace

It can be difficult for women to have a sense of belonging facing these challenges. Speaking of the senior tech leader at the leadership table, there’s underrepresentation of women and even more underrepresentation of Black women. So resilience, fuelled by self reliance and confidence, helps to navigate a career path. “Being in a minority can bring self-doubt, especially if you’re in an environment that isn’t supportive or causes doubts,” she says. “So know the value you bring to the table and the difference you’re making. Some environments are going to appreciate this more than others, but it’s important you don’t let others minimize your contributions. For example, if you work hard and lead your team to launch a tech solution that positively impacts the organization’s bottom line, that is value you can quantify. Having said that, we still have a ways to go about women in tech still being overlooked and passed over for promotions. The numbers are getting better, but we’re still there.”

Quote for the day:

"Teamwork is the secret that make common people achieve uncommon result." -- Ifeanyi Enoch Onuoha

No comments:

Post a Comment