Daily Tech Digest - May 10, 2023

The one true way to prove IT’s value to your CEO

For most IT departments, this is a very difficult question to answer because the systems that we develop are not used by IT but are used by other departments to increase their sales, reduce their expenses, or be more competitive in the marketplace. As such, an IT leader’s usual response to this question is a general statement about how IT has implemented projects across the corporation that have achieved corporate strategic objectives. ... The second and better way to approach the problem of IT value is to measure the effectiveness of the IT operation. Why should IT be the only department that is immune from corporate oversight? The advertising department is routinely measured on whether it is increasing corporate sales. HR is constantly being questioned on how its salary system compares to the industry. Manufacturing is always being challenged on its costs and if there are alternative methods and locations. Marketing must assure top management that its brand positioning is the best for the company. The only way to measure IT is to enforce a requirement that all large scale new or modified system projects are analyzed, after completion, to verify that the objectives were met and the ROI was proven.

Evil digital twins and other risks: the use of twins opens up a host of new security concerns

Pittman says he sees other new attack scenarios arising from the use of digital twins; for example, if hackers are able to break into a digital twin environment, they could either steal the data or, depending on their motives, could manipulate the data used by the digital twin to deliberately skew the simulation outcomes. Given the potential for such scenarios, Pittman adds: “I think this is another instance in which we’re propagating technology without necessarily thinking about the repercussions. I’m not saying that’s good or bad; we’re humans, and it’s what we do really well. And while I don’t think we’re going to see something catastrophic, I think we’ll see something significant.” Pittman isn’t the only one voicing concerns about the potential for new security threats arising from digital twins. ... “We didn’t look at it specifically for the report, but that’s one of the issues that came up,” he says, adding that it’s a frequently-mentioned concern around training data used in machine learning algorithms — an attack type known as “data poisoning.”

A brief history of tech skepticism

Why have so many been so skeptical of developments whose success, in hindsight, seems obvious? One reason is that some technologies take time to reach maturity and mass adoption—and rely on the development of infrastructure that doesn’t yet exist. The ancient Greeks invented the aeolipile steam engine some 1,700 years before Thomas Newcomen created one deemed useful for industrial work. It took another 65 years before James Watt’s adaptations ushered in the true age of steam, a further quarter-century before the first steam locomotives began to appear, and another 20-odd years before the first passenger services became available. On this time line, the metaverse is in its infancy. Some shrewd observers—like author Matthew Ball, one of the world’s leading metaverse analysts—expect it will be years if not decades before the idea reaches its full potential. As humans, we are afflicted with tendencies that can skew our ability to objectively assess the potential of unfamiliar things. Our cognitive biases condition us to be suspicious of that which is novel or different. 

Prevent attackers from using legitimate tools against you

Lately, actors have been using remote monitoring and management (RMM) software to gain access to or maintain persistence in the systems. According to our team’s telemetry, this includes commonly used RMM software such as ConnectWise Control (formerly ScreenConnect), AnyDesk, Atera and Syncro. However, attackers are fully aware that defenders monitor for these known RMMs and are continually looking for alternate options. There was recently a case where Action1 and SimpleHelp RMM was abused to deploy ransomware. It’s not just third-party tools that are being abused either. Attackers also try to kill or stop processes using built-in Windows processes such as taskkill or the net stop command to stop processes related to backup, which may potentially halt ransomware operations. Attackers can use legitimate binaries or tools that are part of operating systems to carry out malicious activities. These binaries are often referred to as LOLBins (“Living off the Land Binaries”). Some commonly used LOLBins are WMIC, PowerShell, Microsoft HTA engine (mshta.exe), and certutil. 

Network Administrator Skills: The Essential Job Toolkit

Problem-solving skills - Unlike troubleshooting, which requires rapid action to resolve immediate network issues, problem-solving is a technique used to address persistent concerns, such as slow performance, sluggish Internet connections, and Wi-Fi dead spots. Network administrators can keep their networks running smoothly by addressing performance, reliability, and security issues as they appear. "They must be able to identify and diagnose problems, develop and implement effective solutions, and communicate clearly with team members and stakeholders," says Peter Zendzian, president of managed service provider ZZ Servers. ... Critical thinking skills - Perhaps the most important skill a network administrator can possess is the ability to think critically. Critical thinking is the analysis of available facts, evidence, observations, and arguments to form a judgment. "This skill is valuable because it allows the network administrator to identify and resolve issues quickly and efficiently," says Timothy Mcknight, CEO of technology and cybersecurity firm Multitechverse. 

12 Ways to Approach the Cybersecurity Skills Gap Challenge in 2023

Finding ways to attract more diverse candidates for cybersecurity jobs could help fill more roles. “Prioritizing diverse hiring can help your company get an edge over other competitors in the market when it comes to recruitment of potential talent,” says Travis Lindemoen, managing director of IT staffing agency Nexus IT Group. How can companies approach diverse hiring? “If you want to be able to hire diverse candidates and underrepresented minorities, some of the things that [you] need to do, and things that we've done ourselves, is ensure that you’re putting inclusive language and narratives into your communications, into your job descriptions,” says Cross. Companies can also look to foster partnerships with organizations that help to promote diversity in the workforce. For example, Dell Technologies works with historically black colleges and universities (HBCUs). The HBCU Partnership Challenge, launched in 2017, aims to increase career prospects for HBCU students. In 2023, Cybersecurity and Infrastructure Security Agency (CISA) announced a partnership with nonprofit Women in CyberSecurity (WiCyS) to work on addressing the gender gap in cybersecurity and technology.

FBI Disarms Russian FSB 'Snake' Malware Network

For nearly 20 years, threat group Turla, operating inside the FSB's notorious Center 16, used Snake malware to steal secrets from North Atlantic Treaty Organization (NATO)-member governments, according to an announcement from the US Attorney's Office in the Eastern District of New York. Following compromise of target government systems, Turla would exfiltrate sensitive data through a network of compromised machines spread throughout the US and beyond to make detection harder, the DoJ said. The FBI developed a tool named Perseus, which was able to successfully command components of the Snake malware to overwrite itself on compromised systems, the DoJ added. "For 20 years, the FSB has relied on the Snake malware to conduct cyberespionage against the United States and our allies — that ends today," Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division said in the statement. "The Justice Department will use every weapon in our arsenal to combat Russia’s malicious cyber activity, including neutralizing malware through high-tech operations, making innovate use of legal authorities, and working with international allies and private sector partners to amplify our collective impact.”

AI push or pause: CIOs speak out on the best path forward

“There is a catchup game here. To this end and in the meantime managing AI in the enterprise lies with CxOs that oversee corporate and organizational risk. CTO/CIO/CTO/CDO/CISOs are no longer the owners of information risk” given the rise of AI, the CIDO maintains. “IT relies on the CEO and all CxOs, which means corporate culture and awareness to the huge benefits of AI as well as the risks must be owned.” Stockholm-based telecom Ericsson sees huge upside in generative AI and is investing in creating multiple generative AI models, including large language models, says Rickard Wieselfors, vice president and head of enterprise automation and AI at Ericsson. “There is a sound self-criticism within the AI industry and we are taking responsible AI very seriously,” he says. “There are multiple questions without answer in terms of intellectual property rights to text or source code used in the training. Furthermore, data leakage in querying the models, bias, factual mistakes, lack of completeness, granularity or lack of model accuracy certainly limits what you can use the models for.

Cybersecurity stress returns after a brief calm: ProofPoint report

“Having conquered the unprecedented challenges of protecting hybrid work environments during the pandemic, security leaders felt a sense of calm. Although attack volumes did not abate, CISOs had a brief period of reprieve as they felt their organizations were less at risk,” Stacy said. The report also noted a strong willingness to pay ransoms, with 62% of CISOs saying they are ready to pay to restore systems and prevent data release if attacked by ransomware in the next 12 months. This perhaps has to do with 61% of them having a cybersecurity insurance in place for various types of attacks. “Profitability at insurance companies offering cyber insurance has already taken a hit due to the raft of ransomware-related payouts in recent years,” said Michael Sampson, senior analyst at Osterman Research. “We have already seen cases where premiums have doubled for half the coverage. It has been becoming more and more expensive to secure cyber insurance. Some are even likely to withdraw completely from offering coverage, given the negative trends.”

Mitigate Risk Beyond the Supply Chain with Runtime Monitoring

DevSecOps pipelines and golden paths are put in place to ensure that changes made to a system follow a defined process and are authorized before deployment. This helps maintain system stability, ensure compliance and mitigate risks. But pipeline controls have one obvious limitation when it comes to ensuring the security and compliance of an entire software system. They can only ensure security and compliance for changes that have gone through the pipeline. They do not account for bad actors who access production by going around the golden path. There are several key security questions that cannot be answered in the pipeline:How do we discover workloads that haven’t gone through our pipeline? What happens if an internal developer has the keys to production? What happens if we are breached? What happens if our deployment process has silent failures? Think of a golden pipeline as a river running into a lake. Monitoring what’s flowing in the river does not guarantee the quality of the water in the lake. You need to monitor the quality of the water in the lake too!

Quote for the day:

"Leaders must encourage their organizations to dance to forms of music yet to be heard." -- Warren G. Bennis

No comments:

Post a Comment