Daily Tech Digest - August 28, 2023

3 keys to making data democratization a reality

The complexity of the modern data stack presents too many opportunities for data sets to fail users, and compromise users’ trust in their data. Companies are using an ever-increasing number of disparate data tools, which in turn increases the number of transformations that data go through. A user accessing data that’s been through multiple transformations needs to know that they can trust that the data is both accurate and true to the data that was originally captured in source systems. Clearly, this is an issue that must be addressed—especially when we consider that this lack of trust eats away at that 32% metric we saw earlier. In reality, that figure is even lower if business users don’t feel that they can trust the data available to them. Ensuring users can trust their data requires a multi-pronged approach that should involve implementing automated data quality software, providing strong data lineage, and establishing data governance policies. As companies work toward data democratization, providing transparency, auditing abilities, and strong data governance can give users greater confidence in the data being analyzed and the insights being derived from it—leading to more widespread data use.

Cybersecurity insurance is missing the risk

The problem is with the nature of the threat. Cyber attackers escalate and adapt quickly, which undermines the historical-based models that insurance companies rely on. Attackers are continually shifting their maneuvers that identify victims, cause increasing loss, and rapidly shift to new areas of impact. Denial of service attacks were once popular but were superseded by data breaches, which cause much more damage. Recently, attackers expanded their repertoire to include ransomware-style attacks that increased the insurable losses ever higher. Trying to predict the cornerstone metrics for actuary modelers – the Annual Loss Expectancy and Annual Rate of Occurrence – with a high degree of accuracy is beyond the current capabilities of insurers. The industry currently conducts assessments for new clients to understand their cybersecurity posture to determine if they are insurable, what should be included/excluded from policies, and to calculate premiums. The current process is to weigh controls against best practices or peers to estimate the security posture of a policyholder.

The Real Business Value of Platform Engineering

One of the biggest obstacles to managing cloud costs is understanding the business context behind resource consumption. Since the platform is the source of all deployments, it can provide end-to-end visibility into environments launched across all phases of the software development life cycle (SDLC). On its own, cloud billing data lacks transparency. Some platforms, however, can expose how cloud costs are incurred. Integrating application infrastructure into a platform can automate tagging as part of the deployment process. This ties usage back to the specific applications, pipelines, stages and teams that they pertain to. Tracking real-time configurations with this kind of business context can help engineering and technology teams make informed decisions about cost optimization and resource consumption. For example, they may be able to pinpoint a person or team that often leaves environments running, and incurring costs, over the weekends or holidays when they are not being used. These insights can inform the implementation of cost-management guardrails and consumption policies.

Beyond talent war: Transform employer-employee relations with tech and innovation

Based on Microsoft's Work Trend Index Annual Report, 51% of Gen-Z employees show a greater inclination towards prioritising health and well-being over work. Their top three priorities include a positive workplace culture, mental health and well-being benefits, and a sense of purpose or meaning. Despite these preferences, many employers have yet to prioritise wellness and purpose effectively. This situation prompts the question: How can HR professionals take action to engage Gen-Z employees who perceive less support and encouragement in their growth? As this lack of support is causing this demographic to reassess the role they envision work playing in their lives. According to the Head HR of Cummins India one must actively address the challenge of Gen-Z feeling less supported. After all, the ultimate outcome we aim for is building a strong sense of connectedness with our employees. However, it's essential to emphasise that connectedness isn't determined by whether interactions are virtual or physical. This challenge stems from the fact that connectedness is highly personal. 

SmokeLoader Trojan Deploys Location-Tracking Malware

The malware scans for a WiFi every 60 seconds and captures geolocation data that could allow threat actors to track the compromised system, according to a report by the researchers at cybersecurity firm Secureworks, who uncovered the novel malware on Aug. 8. "It is unclear how the threat actors use this data. Demonstrating access to geolocation information could be used to intimidate victims or pressure them to comply with demands," researchers said. Google's geolocation API is a service that accepts an HTTPS request with the cell tower and WiFi access points that a mobile client can detect and returns latitude-longitude coordinates. The malware checks for the WLANSVC service on the compromised system that indicates the presence of a wireless capability on a Windows system. "The malware only checks for the service name and does not confirm the service is operational. If the service name does not exist, then the scanner exits. Whiffy Recon persists on the system by creating the wlan.lnk shortcut in the user's Startup folder.

Business Impact: The Power of Data Experiences

Creating a great data experience means having the ability to access pertinent data at any time and from any location. This entails having an ample amount of data to provide meaningful insights, while also ensuring that data access is restricted to what is necessary. These experiences have the potential to greatly minimise manual labour and significantly reduce the amount of additional work required. The relevance of data varies for each individual within an organisation. As an example, field offices dedicate several hours each week to compile data, which is then sent to headquarters where additional time is spent on overall data compilation. By automating data processes, it will liberate numerous hours throughout the entire organisation. Most importantly, there is greater real-time visibility into the operational aspects of the business. Similarly, the speed and method of accessing data will differ among employees. For example, a hybrid worker or frequent traveler may prefer accessing relevant data on a mobile device, while an office-based employee might opt for a laptop.

Why generative AI is a double-edged sword for the cybersecurity sector

With this technology, bad actors will generate unique payloads or attacks designed to evade security defenses that are built around known attack signatures. One way attackers are already doing this is by using AI to develop webshell variants, malicious code used to maintain persistence on compromised servers. Attackers can input the existing webshell into a generative AI tool and ask it to create iterations of the malicious code. These variants can then be used, often in conjunction with a remote code execution vulnerability (RCE), on a compromised server to evade detection. ... In most cases, attackers have tools or plugins written to automate this process. They’re also more likely to use open-source LLMs, as these don’t have the same protection mechanisms in place to prevent this type of malicious behavior and are typically free to use. The result will be an explosion in the number of zero-day hacks and other dangerous exploits, similar to the MOVEit and Log4Shell vulnerabilities that enabled attackers to exfiltrate data from vulnerable organizations.

Product Thinking For Data

Using data products is not just a question of buying a new platform. It has big implications for your organisation’s culture, governance, value delivery, and team structure. The starting point for the culture change is for everyone to think of data in terms of products. This is a big step. A hundred years ago, no one thought of anything in terms of products. Neil H McElroy is credited with inventing the concept of product management at Procter & Gamble in 1931. Since then, the advantages of this way of thinking, as a better way of giving people the material goods that they need, have become clear. Now we are applying this concept to data, but people often don’t naturally think this way about something that is not material. Thinking of data as products encourages a wider perspective on the data asset throughout its full lifecycle, starting from the point of conception all the way towards retirement and decommissioning. It also unlocks access to an expansive repertoire of tools, methodologies and techniques that have been tested and proven to optimise value delivery.

What African CIO clubs do to foster digital talent

More initiatives are springing up to raise awareness of digital technology, which he believes is now part of daily lives. The CIO clubs are certainly a way to help solve the problem. “It’s not uncommon to see these initiatives go even to remote areas in several African countries,” Simba says, adding that CESIA regularly organizes awareness-raising workshops. “The African cybersecurity barometer we publish every year enables us to take stock of the situation, but also to raise awareness across the continent on related issues and thus fight against this digital divide.” For Ebondzo, president of the Congolese CIO Club, this problem is real, but it doesn’t just affect the African continent in particular. “Many countries, including in Europe, are no exception, even if it must be acknowledged that the scale of the phenomenon is not the same everywhere,” she said, reporting that her club trains and supports young people in digital professions, with or without a diploma. “We act by participating as a player in government initiatives to reduce the digital divide such as the Project of Digital Transformation Acceleration Program (PATN), the Universal Electronic Communications Access and Service Fund (FASUCE) and private initiatives.”

The AI Problem We’re Not Taking Seriously Enough

Like a lot of people who have degrees in manpower management, I think unions only result when management loses the trust of their employees. I have belonged to and had to fight unions over the years, so I’m not a fan, but I recognize that when management misbehaves against employees, unions are one of the only powerful defenses that can work at scale. Using the actors and writers strikes as an example, the reasons unions are a problem is that they create a second chain of command not aligned with the business and can drive initiatives that destroy the companies and industries they operate in because their primary tool to elicit a favorable management response is to temporarily shut the business down. This is bad in a competitive environment because customers can’t do business with companies that cannot keep their doors open. Much of manufacturing’s move offshore was the direct result of union actions making labor too expensive domestically. The quickest way to get a union to form is to convince that they are being treated unfairly. Having them train AI tools to replace them would be perceived as incredibly unfair.

Quote for the day:

“None of us can afford to play small anymore. The time to step up and lead is now.” -- Claudio Toyama

No comments:

Post a Comment