Daily Tech Digest - September 20, 2023

Innovation needs to be a culture, not just a practice

It is important to build open organisational structures that let teams avoid obstacles and hierarchies that frequently stifle creativity. An inventive culture places a strong emphasis on being flat and agile. Employees are more able to freely communicate their thoughts when they have direct access to decision-makers. The well-known sportswear company Nike is one example of this. All levels of staff members are welcome to work together on cutting-edge concepts and technologies at the company's "Innovation Kitchen." This open mindset has produced ground-breaking goods like the Nike Flyknit, which transformed the athletic footwear market. ... Most businesses have started encouraging the participation of employees across sectors in brainstorming sessions to think outside the box because they respect unusual thinking and believe there are no negative ideas. But in some circumstances, one should be ready to also support the genuinely absurd. Innovation requires a space where creativity can thrive.

Quantum Plus AI Widens Cyberattack Threat Concerns

The mind-boggling speed of quantum computing is a double-edged sword, however. On one hand, it helps solve difficult mathematical problems much faster. On the other, it would increase the cyberattack capabilities beyond comprehension. “When you marry quantum computing and AI together, you can have an exponential increase in the advantages that both can offer,” said Dana Neustadter, director of product management for security IP at Synopsys. “Quantum computing will be able to enhance AI accuracy, speed, and efficiency. Enhancing AI can be a game changer for the better for many reasons. Paired with quantum computing, AI will have greater ability to solve very complex problems. As well, it will analyze huge amounts of data needed to take decisions or make predictions more quickly and accurately than conventional AI.” Very efficient and resilient solutions for threat detection and secure management can be created with enhanced AI, transforming cybersecurity as we know it today. “However, if used for the wrong reasons, these powerful technologies also can threaten cybersecurity,” Neustadter said.

IoT startups fill security gaps

Insider risks have long been one of the most difficult cybersecurity threats to mitigate. Not only can power users, such as C-level executives, overrule IT policies, but partners and contractors often get streamlined access to corporate resources, and may unintentionally introduce risks in the name of expediency. As IoT continues to encompass such devices as life-saving medical equipment and self-driving vehicles, even small risks can metastasize into major security incidents. For San Francisco-based self-driving car startup Cruise, a way to mitigate the many risks associated with connected cars is to conduct thorough risk assessments of partners and suppliers. The trouble is that third-party assessments were such a time-consuming and cumbersome chore that the existing process was not able to scale as the company grew. “The rise in cloud puts a huge stress on understanding the risk posture of our partners. That is a complex and non-trivial thing. Partnerships are always under pressure,” said Alexander Hughes, Director of Information Security, Trust, and Assurance at Cruise.

Expert: Keep Calm, Avoid Overhyping China's AI Capabilities

"Some of China's bottlenecks relate to a reliance on Western companies to open up new paradigms, China's censorship regime, and computing power bottlenecks," Ding said. "I submitted three specific policy recommendations to the committee, but I want to emphasize one, which is, 'Keep calm and avoid overhyping China's AI capabilities.'" Policymakers also erroneously think anything that helps China around artificial intelligence is going to hurt the U.S. even though giants in China's AI industry like ByteDance, Alibaba and Baidu end up generating a lot of profits that come back into the U.S. economy and hopefully get reinvested into American productivity, according to Ding. "It's a more difficult question than just, 'Any investment in China's AI sector means it's harmful to U.S. national security,'" Ding said. "Continuing to maintain the openness of these global innovation networks is always going to favor the U.S. in the long-run in terms of our ability to run faster."

Beyond Spreadsheets: How Data-Driven Organizations Outperform the Rest

Creating a data-driven culture must start at the executive level to drive the understanding that data is central to the operations and success of your organization, as well as to decision-making at every level. It begins with communicating the importance of data, making it a corporate initiative. From there must follow implementing the data infrastructure and analytics tools that enable every role to get the data needed to drive evidenced-based decision-making. There is no right or wrong organizational structure to create a data-driven culture. Still, creating and assigning roles and responsibilities that will work for your organization, and then staffing and training accordingly, are essential. You may choose to train most of your staff to understand and support analytics, or you may rely on a few for performing analytics while conveying across your organization the overall importance and requirements of using data and analytics to drive desired results. 

Modeling Asset Protection for Zero Trust – Part 1

For operating your IT environment, the Security, Information, and Event Management (SIEM) system must be a good fit for the infrastructure. Once you have a complete inventory of your infrastructure, we recommend you complete an architectural-level evaluation of your SIEM to ensure good alignment. ... The evaluation should include the cost of setup and three years of operations, evaluation of organizational competence and available training for each, and the features of each against your IT landscape. As you evaluate your SIEM environment, consider evaluating your Extended Detection and Response (XDR) capability and performing a similar architectural evaluation. You might consider this part of your SIEM solution or treat it separately and it might be operated by a separate group. XDR also might not fit well into any pillar evaluation so could be overlooked if not captured here. Zero Trust requires identification and valuation of all information technology (IT) assets, automated enforcement of governance, and automated detection, response, and remediation to threats and attacks.

Data Engineer vs. Data Analyst

Data engineers play a pivotal role in establishing and maintaining robust Data Governance practices. They are responsible for designing and implementing data pipelines, ensuring that data is collected, stored, and processed accurately. By implementing rigorous quality checks during the extract, Transform, load (ETL) process, they guarantee that the data is clean and reliable for analysis. On the other hand, data analysts rely on high-quality and trustworthy data to derive meaningful insights. They work closely with the data engineer to define standards for data collection, storage, and usage. ... So, a crucial similarity between data engineers and data analysts is their shared emphasis on teamwork and collaboration. Both roles recognize that combining their expertise can lead to more accurate insights and better decision-making. Moreover, teamwork enables knowledge sharing between data engineers and analysts. They can exchange ideas, techniques, and best practices, enhancing their individual skill sets while collectively driving innovation in Data Management and analysis.

What AppSec and developers working in cloud-native environments need to know

With the emergence of IaaS, PaaS, and IaaS models, the definition of an application extends to include the associated runtime environment and the underlying infrastructure. Applications are now not just bundles of code, but holistic systems that include the virtualized hardware resources, operating systems, databases, and network configurations they rely on. The advent of microservices and containerization, where an application can consist of many independently deployable components each running in its own environment, further complexifies this definition. In a cloud-native application, each microservice with its code, dependencies, and environment could be considered an “application” in its own right. The introduction of Infrastructure as Code (IaC) has further complicated the definition of applications. IaC is the practice of managing and provisioning infrastructure through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.

Could the DOJ’s Antitrust Trial vs Google Drive More Innovation?

The thought process among regulators, he says, might be that the antitrust case against Microsoft brought about change and created opportunities for more competition -- a similar attempt with Google may be worth the effort. “This particular antitrust case really focuses narrowly on the company’s popular search engine, and it alleges that Google uses their 90% market share to illegally throttle competition in search and search advertising,” Kemp says. CTO Jimmie Lee with XFactor.io, a developer of a business decision platform, says he can understand some of big tech’s perspective having come from Meta, Facebook’s parent, and Microsoft. “When you’re in the company, it feels very different from being on the outside,” he says. “From the inside, you see the strength of the technology and how you can better add security and privacy and features and functionalities throughout the entire stack and workflow.”

4 steps for purple team success

Purple teaming is a function of collaborative security. Historically, it has literally brought together offensive security engineers or pen testers from the red side of the team and investigators, detection engineers, and CTI analysts from the blue side of the team. More recently, however, purple teams have looked very different, including a variety of members including developers, architects, information system security officers, software engineers, DFIR teams, and BCP personnel as well as other departments. To view the purple team simply as a tactical unit would be an oversimplification. Beyond the immediate operational benefits, the true value of a purple team lies in fostering cyber resilience. It is about building an organizational capability that can not only withstand cyber threats but also adapt and recover swiftly from them. By collaboratively assessing, learning, and adapting, the purple team approach instills a resilience mindset, ensuring that the organization is prepared for evolving cyber threats and is capable of bouncing back even when breaches occur.

Quote for the day:

"If you don’t build your dream, someone else will hire you to help them build theirs." -- Dhirubhai Ambani

No comments:

Post a Comment