The one true way to prove IT’s value to your CEO
For most IT departments, this is a very difficult question to answer because the
systems that we develop are not used by IT but are used by other departments to
increase their sales, reduce their expenses, or be more competitive in the
marketplace. As such, an IT leader’s usual response to this question is a
general statement about how IT has implemented projects across the corporation
that have achieved corporate strategic objectives. ... The second and better way
to approach the problem of IT value is to measure the effectiveness of the IT
operation. Why should IT be the only department that is immune from corporate
oversight? The advertising department is routinely measured on whether it is
increasing corporate sales. HR is constantly being questioned on how its salary
system compares to the industry. Manufacturing is always being challenged on its
costs and if there are alternative methods and locations. Marketing must assure
top management that its brand positioning is the best for the company. The only
way to measure IT is to enforce a requirement that all large scale new or
modified system projects are analyzed, after completion, to verify that the
objectives were met and the ROI was proven.
Evil digital twins and other risks: the use of twins opens up a host of new security concerns
Pittman says he sees other new attack scenarios arising from the use of digital
twins; for example, if hackers are able to break into a digital twin
environment, they could either steal the data or, depending on their motives,
could manipulate the data used by the digital twin to deliberately skew the
simulation outcomes. Given the potential for such scenarios, Pittman adds: “I
think this is another instance in which we’re propagating technology without
necessarily thinking about the repercussions. I’m not saying that’s good or bad;
we’re humans, and it’s what we do really well. And while I don’t think we’re
going to see something catastrophic, I think we’ll see something significant.”
Pittman isn’t the only one voicing concerns about the potential for new security
threats arising from digital twins. ... “We didn’t look at it specifically for
the report, but that’s one of the issues that came up,” he says, adding that
it’s a frequently-mentioned concern around training data used in machine
learning algorithms — an attack type known as “data poisoning.”
A brief history of tech skepticism
Why have so many been so skeptical of developments whose success, in hindsight,
seems obvious? One reason is that some technologies take time to reach maturity
and mass adoption—and rely on the development of infrastructure that doesn’t yet
exist. The ancient Greeks invented the aeolipile steam engine some 1,700 years
before Thomas Newcomen created one deemed useful for industrial work. It took
another 65 years before James Watt’s adaptations ushered in the true age of
steam, a further quarter-century before the first steam locomotives began to
appear, and another 20-odd years before the first passenger services became
available. On this time line, the metaverse is in its infancy. Some shrewd
observers—like author Matthew Ball, one of the world’s leading metaverse
analysts—expect it will be years if not decades before the idea reaches its full
potential. As humans, we are afflicted with tendencies that can skew our ability
to objectively assess the potential of unfamiliar things. Our cognitive biases
condition us to be suspicious of that which is novel or different.
Prevent attackers from using legitimate tools against you
Lately, actors have been using remote monitoring and management (RMM) software
to gain access to or maintain persistence in the systems. According to our
team’s telemetry, this includes commonly used RMM software such as ConnectWise
Control (formerly ScreenConnect), AnyDesk, Atera and Syncro. However, attackers
are fully aware that defenders monitor for these known RMMs and are continually
looking for alternate options. There was recently a case where Action1 and
SimpleHelp RMM was abused to deploy ransomware. It’s not just third-party tools
that are being abused either. Attackers also try to kill or stop processes using
built-in Windows processes such as taskkill or the net stop command to stop
processes related to backup, which may potentially halt ransomware operations.
Attackers can use legitimate binaries or tools that are part of operating
systems to carry out malicious activities. These binaries are often referred to
as LOLBins (“Living off the Land Binaries”). Some commonly used LOLBins are
WMIC, PowerShell, Microsoft HTA engine (mshta.exe), and certutil.
Network Administrator Skills: The Essential Job Toolkit
Problem-solving skills - Unlike troubleshooting, which requires rapid action to
resolve immediate network issues, problem-solving is a technique used to address
persistent concerns, such as slow performance, sluggish Internet connections,
and Wi-Fi dead spots. Network administrators can keep their networks running
smoothly by addressing performance, reliability, and security issues as they
appear. "They must be able to identify and diagnose problems, develop and
implement effective solutions, and communicate clearly with team members and
stakeholders," says Peter Zendzian, president of managed service provider ZZ
Servers. ... Critical thinking skills - Perhaps the most important skill a
network administrator can possess is the ability to think critically. Critical
thinking is the analysis of available facts, evidence, observations, and
arguments to form a judgment. "This skill is valuable because it allows the
network administrator to identify and resolve issues quickly and efficiently,"
says Timothy Mcknight, CEO of technology and cybersecurity firm
Multitechverse.
12 Ways to Approach the Cybersecurity Skills Gap Challenge in 2023
Finding ways to attract more diverse candidates for cybersecurity jobs could
help fill more roles. “Prioritizing diverse hiring can help your company get an
edge over other competitors in the market when it comes to recruitment of
potential talent,” says Travis Lindemoen, managing director of IT staffing
agency Nexus IT Group. How can companies approach diverse hiring? “If you want
to be able to hire diverse candidates and underrepresented minorities, some of
the things that [you] need to do, and things that we've done ourselves, is
ensure that you’re putting inclusive language and narratives into your
communications, into your job descriptions,” says Cross. Companies can also look
to foster partnerships with organizations that help to promote diversity in the
workforce. For example, Dell Technologies works with historically black colleges
and universities (HBCUs). The HBCU Partnership Challenge, launched in 2017, aims
to increase career prospects for HBCU students. In 2023, Cybersecurity and
Infrastructure Security Agency (CISA) announced a partnership with nonprofit
Women in CyberSecurity (WiCyS) to work on addressing the gender gap in
cybersecurity and technology.
FBI Disarms Russian FSB 'Snake' Malware Network
For nearly 20 years, threat group Turla, operating inside the FSB's notorious
Center 16, used Snake malware to steal secrets from North Atlantic Treaty
Organization (NATO)-member governments, according to an announcement from the US
Attorney's Office in the Eastern District of New York. Following compromise of
target government systems, Turla would exfiltrate sensitive data through a
network of compromised machines spread throughout the US and beyond to make
detection harder, the DoJ said. The FBI developed a tool named Perseus, which
was able to successfully command components of the Snake malware to overwrite
itself on compromised systems, the DoJ added. "For 20 years, the FSB has relied
on the Snake malware to conduct cyberespionage against the United States and our
allies — that ends today," Assistant Attorney General Matthew G. Olsen of the
Justice Department's National Security Division said in the statement. "The
Justice Department will use every weapon in our arsenal to combat Russia’s
malicious cyber activity, including neutralizing malware through high-tech
operations, making innovate use of legal authorities, and working with
international allies and private sector partners to amplify our collective
impact.”
AI push or pause: CIOs speak out on the best path forward
“There is a catchup game here. To this end and in the meantime managing AI in
the enterprise lies with CxOs that oversee corporate and organizational risk.
CTO/CIO/CTO/CDO/CISOs are no longer the owners of information risk” given the
rise of AI, the CIDO maintains. “IT relies on the CEO and all CxOs, which means
corporate culture and awareness to the huge benefits of AI as well as the risks
must be owned.” Stockholm-based telecom Ericsson sees huge upside in generative
AI and is investing in creating multiple generative AI models, including large
language models, says Rickard Wieselfors, vice president and head of enterprise
automation and AI at Ericsson. “There is a sound self-criticism within the AI
industry and we are taking responsible AI very seriously,” he says. “There are
multiple questions without answer in terms of intellectual property rights to
text or source code used in the training. Furthermore, data leakage in querying
the models, bias, factual mistakes, lack of completeness, granularity or lack of
model accuracy certainly limits what you can use the models for.
Cybersecurity stress returns after a brief calm: ProofPoint report
“Having conquered the unprecedented challenges of protecting hybrid work
environments during the pandemic, security leaders felt a sense of calm.
Although attack volumes did not abate, CISOs had a brief period of reprieve as
they felt their organizations were less at risk,” Stacy said. The report also
noted a strong willingness to pay ransoms, with 62% of CISOs saying they are
ready to pay to restore systems and prevent data release if attacked by
ransomware in the next 12 months. This perhaps has to do with 61% of them having
a cybersecurity insurance in place for various types of attacks. “Profitability
at insurance companies offering cyber insurance has already taken a hit due to
the raft of ransomware-related payouts in recent years,” said Michael Sampson,
senior analyst at Osterman Research. “We have already seen cases where premiums
have doubled for half the coverage. It has been becoming more and more expensive
to secure cyber insurance. Some are even likely to withdraw completely from
offering coverage, given the negative trends.”
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
DevSecOps pipelines and golden paths are put in place to ensure that changes
made to a system follow a defined process and are authorized before deployment.
This helps maintain system stability, ensure compliance and mitigate risks. But
pipeline controls have one obvious limitation when it comes to ensuring the
security and compliance of an entire software system. They can only ensure
security and compliance for changes that have gone through the pipeline. They do
not account for bad actors who access production by going around the golden
path. There are several key security questions that cannot be answered in the
pipeline:How do we discover workloads that haven’t gone through our pipeline?
What happens if an internal developer has the keys to production? What happens
if we are breached? What happens if our deployment process has silent failures?
Think of a golden pipeline as a river running into a lake. Monitoring what’s
flowing in the river does not guarantee the quality of the water in the lake.
You need to monitor the quality of the water in the lake too!
Quote for the day:
"Leaders must encourage their
organizations to dance to forms of music yet to be heard." --
Warren G. Bennis
No comments:
Post a Comment