Daily Tech Digest - October 02, 2023

Want people to embrace transformation? Allow them to own the change

The principles for a co-optable resource are straightforward: for starters, it must be accessible. Accessible means it must be opt-in, no mandates, no obvious carrots or sticks, and it is owned by those opting in. The barriers to entry must be low, and the benefits of using the resource have to be easy to communicate to others. Finally, it must be both impactful—that is, delivering practical value to its users—and scalable. In each of the following examples, a co-optable resource led to widespread uptake of a new idea or technology. The first one shows how a small organization was able to replicate itself globally by sharing the heavy lifting of making an idea scalable—an important lesson for managers who are daunted by introducing new ways of working because they feel the burden is all on them. The other two examples show how it’s possible to get enthusiasts within organizations to scale the use of technology, transform a business model, and change ways of working.

Weed Out Bad Data to Make Better Business Decisions

Using bad data for analytics, AI, and other apps can have catastrophic consequences for any organization. The worst-case scenario is making poor business decisions with that data – whether it’s investments, product changes, or hiring moves. Ignoring and not removing bad data results in misleading insights and misguided choices. It’s like blindly following a GPS without verifying its accuracy or knowing its end goal. You could potentially drive yourself into the ocean. It also has a broader chilling effect on a company. When bad data leads to skewed or inaccurate insights, employees lose trust in the data and systems more broadly. As a result, they stop relying on the data to make decisions altogether and instead devolve to making decisions based on gut feeling. At a bare minimum, bad data should be weeded out as often as you use it to make decisions. Ideally, though, it should happen upon the ingestion of the data. Constantly removing bad data as soon as it enters the system is the only way to reliably avoid polluting the clean data source.

California’s Delete Act: What, CIOs, CDOs, Businesses Need to Know

The bill says consumers can delete data by using a website that will be hosted by the California Privacy Protection Agency, which has a 2026 deadline to create the website. In 2026, data brokers registered with the state must process delete requests once a month and undergo third-party audits every three years starting in 2028. Brokers who don’t comply will face daily fines. California’s law is not the first state law to target data brokers. Vermont, Texas, and Oregon all have laws creating broker registries. Vermont’s law has been in effect since 2019. California’s Data Broker law defines a data broker as “a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.” While there is a federal data privacy bill, the American Data Privacy Protection Act (ADPPA), the proposal is currently in US Congress limbo and chances for passage are unclear. ADPPA would instruct the Federal Trade Commission (FTC) to create a national registry of data brokers and create a “do not collect” mechanism for individuals to opt out of personal data collection.

Global events fuel DDoS attack campaigns

NETSCOUT’s insights into the threat landscape come from its ATLAS sensor network built over decades of working with hundreds of Internet Service Providers globally, gleaning trends from an average of 424 Tbps of internet peering traffic, an increase of 5.7% over 2022. The company has observed nearly 500% growth in HTTP/S application layer attacks since 2019 and 17% growth in DNS reflection/amplification volumes during the first half of 2023. “While world events and 5G network expansion have driven an increase in DDoS attacks, adversaries continue to evolve their approach to be more dynamic by taking advantage of bespoke infrastructure such as bulletproof hosts or proxy networks to launch attacks,” stated Richard Hummel, senior threat intelligence lead, NETSCOUT. “The lifecycle of DDoS attack vectors reveals the persistence of adversaries to find and weaponize new methods of attack, while DNS water torture and carpet-bombing attacks have become more prevalent.”

Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance

The good news is that retention increased, with a 6% drop in the number of respondents reporting retention issues compared to the previous year. But this improvement is more likely tied to economic uncertainty rather than work conditions having improved. The main reasons for employees departing included recruitment by other companies (58%). The second highest response, poor financial incentives (e.g., salaries or bonuses), is likely the main driver, ISACA found. Those seeking better financial compensation increased by 6% from last year to 54%. While work stress levels dropped by two percentage points from 2022, it remains a contributing factor at 43%, ranking fourth on the list. Other notable reasons included limited remote work possibilities (increased by four percentage points from 2022) and poor work culture/environment, both potentially driven by return-to-work mandates. "Uncertainty of any kind appears to be driving fewer job changes, and while vacancies persist, the survey results indicate that enterprises appear to be tightening budgets and compensation aids ahead of a potential recession," read the report.

Prompt Engineering in Software Automation

While these problems can’t be ignored, there is still a lot of justifiable excitement about how these programs can help democratize software development by supporting technical and non-technical teams alike. Perhaps the most impressive thing to consider is that tools like ChatGPT can produce functional code very quickly. With the right prompt, engineers can reduce the time it takes to program certain types of code, ensuring a swifter software development life cycle. At the end of 2022, the popular programming hub Stack Overflow banned AI-generated answers on its forum. They cited the high error rate and inaccuracies associated with the application. However, the technology is in a nascent stage; furthermore, the dissatisfaction with AI-generated output owes as much to poor prompt engineering as it does to the technology itself. Despite the misgivings over the tech, a recent piece by McKinsey highlights the impact that prompt engineering is already having in the world of programming. The consulting firm’s 

Hackers Impersonate Meta Recruiter to Target Aerospace Firm

The attack is part of an ongoing campaign tracked as "Operation DreamJob," in which fake recruiters reach out through LinkedIn. Attackers convince victims to self-compromise their systems by employing different strategies such as luring the target to execute a malicious PDF viewer to see the full contents of a job offer. Or, they encourage the victim to connect with a Trojanized SSL/VPN client. "The most worrying aspect of the attack is the new type of payload, LightlessCan, a complex and possibly evolving tool that exhibits a high level of sophistication in its design and operation, representing a significant advancement in malicious capabilities compared to its predecessor, BlindingCan," researchers said. Eset says is observed victims receiving two malicious executables, Quiz1.exe and Quiz2.exe, which were delivered via .iso images hosted on a third-party cloud storage platform. "The first challenge is a very basic project that displays the text 'Hello, World!'" researchers said. "The second prints a Fibonacci sequence up to the largest element smaller than the number entered as input."

Technology is Crack and We are the Dealers

What is actually going on though is not really sinister, it is just stupid. For years most technology did not really impact lives outside of military, reactors, planes, infrastructure and the like… then medicine, electrical grids, and finances joined the group. And so forth. But most technology was just corporate enablement. No one was going to die if the order management system went down for an hour. Maybe get fired but not die. Thus we chose to use standards and review (governance) as our primary mechanism for quality decisions. And even these were flaky at best and pretty easy to get around (please like I can’t game a governance review board? hahahaha). The people reviewing had their checklists and the delivery folks knew how to make them happy enough. Or just go to the executive sponsor who goes to the executives and gets a ‘pass’. Oh well, it’s just a bit of technical debt! The future is coming to humanity. That much is certain. But at what rate? What is acceptable loss? How will society get a handle on run-away technology? And which organizations will survive? 

The dark arts of digital transformation — and how to master them

“If you’re in a leadership role in Engineering, you aren’t going to succeed unless you have a strong ally in Product,” says Etkin. “Developers sometimes have this idea that management isn’t necessary, or they have disdain for the nontechnical side of things. That’s a terrible idea that will get you absolutely nowhere.” Etkin, an early employee at Atlassian who was the original architect of Jira, admits that he wasn’t always good at building alliances with his peers. He had to figure out how to get on the same page with people who often had very different ideas about how to proceed. That meant asking a lot of questions and listening to the answers. ... A key thing to remember is that the dark forces you’re attempting to subdue may not be the individuals opposing you, but the systems in which they themselves are trapped. Organizations that have found success operating in a certain way may see little reason to shake things up. Even when the changes are necessary, such as in the case of increased competition from disruptive new entrants or the emergence of transformative technologies, the effort required to overcome internal inertia could exhaust all your magic powers.

Regulations Push Firms to Boost AI, ML Spend

Unlike some industries, though, financial services are highly regulated, given the industry’s stature as the modern economy’s backbone. “The industry as a whole must be cautious about adopting new technologies given the myriad of rules and regulations at play,” cautions Joe Robinson, CEO, Hummingbird. “Financial institutions can plan to leverage the opportunities that AI presents but must do so carefully.” He says by using explainable algorithms, auditable decision-making processes, and/or human-in-the-loop reviews, they can take advantage of the potential of AI while ensuring that regulatory obligations are met. “As with many new technologies, it's best to start small, observe outcomes, and scale up thoughtfully and pragmatically,” he says. Cullen adds it’s critical to ensure the needed talent infrastructure is in place. “Determine where you should hire and where you may need to augment, especially in relation to the evolving regulatory landscape,” she says.

Quote for the day:

”Taking a step back can often be the quickest way forward.” — Tim Fargo

No comments:

Post a Comment