Daily Tech Digest - November 08, 2023

Iconic Singapore hotel caught up in major data breach

The breach was first identified on 20 October, having begun a day previously when an undisclosed third-party gained unauthorised access to the firm’s systems. “Upon discovery of the incident, our teams immediately took action to resolve it. Investigations have since determined that an unknown third party accessed customer data of about 665,000 non-casino rewards programme members,” MBS said in a statement. “Based on our investigation, we do not have evidence to date that the unauthorised third party has misused the data to cause harm to customers. “We do not believe that membership data from our casino rewards programme, Sands Rewards Club, was affected. “After learning of the issue, we quickly launched an investigation, have been working with a leading external cyber security firm, and have taken action to further strengthen our systems and protect data,” said the organisation. The compromised data is understood to include names, email addresses, mobile phone and landline numbers, countries of residence, and membership numbers and tier status. MBS is reaching out to those affected.

8 ways to fix open source funding

Richard Stallman famously said, “Free as in speech, not as in beer.” Now, some developers are creating licenses that don’t offer either senses of freedom—but they’re still delivering just enough of the kind of openness that satisfies their users’ curiosity. One version is the “free tier” that offers enough access to test new ideas and maybe run a small, personal website while still charging for more substantial use. Developers encounter no impediment when they’re just experimenting, but if they want to start something serious, they need to pay. Another example is the license that lets users read but not distribute. One developer told me that he routinely lets paying customers get full access to the code for audits or experimentation, but he does not release it into the open. The customers get to see what they want, but they can’t undercut the company or give away the software for free. These licenses deliver some of what made open source popular without sacrificing the ability to compel payment.

Meet Your New Cybersecurity Auditor: Your Insurer

The current state of cyber insurance offers some actionable opportunities for security decision-makers. First, don't underestimate the power of an accurate cyber-insurance self-assessment, which is how cyber insurers judge organizations during the auditing and claims processes. Current self-assessment surveys ask surprisingly challenging questions and cover a wide set of fields from backups to AD security to MFA. It is important not to treat this as a formality and to ensure that information is entirely accurate; insurers are more than willing to decline coverage and even sue if an enterprise falsely claims, for example, that it has MFA protection across all its digital assets. ... Therefore, the second step is for CISOs to prove they have the capability they have on those forms. Luckily, this is a landscape familiar to seasoned CISOs. Creating and maintaining detailed records, building reporting systems, documenting all relevant business and security processes, and creating tamper-proof data for cyber forensics are all possible with sophisticated cybersecurity tools.

Green data centres: Efforts to push sustainable IT developments

Green data centres are spearheading a transformative wave in the IT industry, bringing substantial benefits to both businesses and the environment. From a financial perspective, these eco-conscious facilities deliver remarkable cost savings. By leveraging energy-efficient technologies and renewable energy sources, companies can significantly reduce operational expenses. Innovative solutions like data reduction technology and automated resource optimisation further bolster these financial advantages. However, the influence of green data centres extends far beyond financial gains. They play a pivotal role in mitigating greenhouse gas emissions, actively contributing to the fight against climate change. As data centres and communication sectors are anticipated to account for up to 3.9% of global emissions, the adoption of renewable energy sources and energy-efficient practices dramatically reduces their carbon footprint. In doing so, green data centres are setting a commendable example for other industries, driving the broader adoption of sustainable practices. 

The 3 key stages of ransomware attacks and useful indicators of compromise

Once hackers find key data, they will begin to download the actual ransomware payload. They may exfiltrate data, set up an encryption key, and then encrypt the vital data. IoCs at this stage include communication with a C2 server, data movement (if the attacker is exfiltrating important data before they encrypt it) and unusual activity around encrypted traffic. Detecting at this stage involves more advanced security products working in unison. Model chaining different types of analytics together is an efficient way to catch minor indicators of compromise when it comes to ransomware because they gather context on the network in real-time, allowing SOC teams to identify anomalous behavior when it occurs. If a security alert is triggered, these other analytics can provide more context to help piece together if and how a larger attack is occurring. But many successful ransomware attacks will not trip antivirus at all, so assembling an accurate picture of user behaviors and compiling the numerous indicators into a coherent timeline is vital.

What's possible in a zero-ETL future?

ETL frequently requires data engineers to write custom code. Then, DevOps engineers or IT administrators have to deploy and manage the infrastructure to make sure the data pipelines scale. And when the data sources change, the data engineers have to manually change their code and deploy it again. Furthermore, when data engineers run into issues, such as data replication lag, breaking schema updates, and data inconsistency between the sources and destinations, they have to spend time and resources debugging and repairing the data pipelines. ... Zero-ETL enables querying data in place through federated queries and automates moving data from source to target with zero effort. This means you can do things like run analytics on transactional data in near real-time, connect to data in software applications, and generate ML predictions from within data stores to gain business insights faster, rather than having to move the data to a ML tool. You can also query multiple data sources across databases, data warehouses, and data lakes without having to move the data. To accomplish these tasks, we've built a variety of zero-ETL integrations between our services to address many different use cases.

An Ethical Approach to Employee Poaching

The practice of employee poaching isn’t without risk, because it hurts companies to lose good employees and relationships can get fractured. This is one reason why many public sector organizations insist on notifying the organization that could potentially lose an employee in advance of even scheduling an interview with a job candidate from that organization. On the private sector side, there are no such rules, but there is an etiquette for employee poaching that seems to work. ... When it comes to poaching, your employees need to know about tampering, too. It’s often employees who start the poaching process. They develop relationships with employees in a partner organization, and it is natural to want to work together. Nevertheless, there is a fine line between just wanting to work together and a situation that escalates into aggressive recruitment (and unacceptable tampering). The best practice is to remind employees about tampering, and to explain what it is, so that employees don’t actively recruit individuals from partner organizations without going through proper channels.

Data Management for M&A: 14 Best Practices Before and After the Deal

After the deal is complete, you can begin executing your integration strategy. You have already performed due diligence on the data landscape of both parties of the merger, created the integration plan, and estimated the workload. The steps and practices below do not have to be executed in the exact order or completeness. They represent the best practices for ensuring data quality, accessibility, privacy, usability, and transparency. You should start with the activity that best corresponds to your data pains and business objectives. ... After you have set the foundations for the effective use of data, you need to focus on getting data into shape (and keeping it that way) for critical business processes, reports, models, and data products. After all, to get real benefits from the acquired data, it is necessary to integrate it. However, as we know, 88% of data integration projects fail or overrun their budgets because of poor data quality

Keep it secret, keep it safe: the essential role of cybersecurity in document management

Solberg says security considerations should be an integral component of any strategic assessment for document management. “For example, when identifying the key objectives organizations may typically identify increased efficiency, reduced costs, increased collaboration,” he says. “Given the significant cyber risks organizations face in our rapidly digitized world, it's essential that the organization also clearly articulate an objective to protect the data, documents, and systems from the outset.” Security must also be incorporated in the phases of the document management assessment, including the analysis of the current state and the articulation of the roadmap, according to Solberg. “The integration of cybersecurity in these phases not only helps to identify the baseline compliance requirements that will inform the strategy but the capabilities that the organization will need to meet those requirements,” he adds. Security is a key enabler of success within any organization and has become a top strategic priority for all successful Internet-connected companies, says Jeffrey Bernstein

Many CIOs are better equipped to combat rising IT costs. Are you?

IT organizations can save substantial amounts on SaaS contracts by lowering service levels, CIOs say. “Too often we pay for the tier above what we need,” says McKee. But while Wiedenbeck did change service levels in one situation, he urges caution. “It’s dangerous to get so focused on cost that you start looking for ways to reduce it without better understanding the risks,” he says. “On the flip side, we shouldn’t be so fearful of any risk that we overpay for services and service levels. Inflation shouldn’t make us abandon balance management of cost, risk, and value, [but] I do see it as a great opportunity to revisit those areas and see if we’re willing to adjust that balance.” Partnering with software vendors is another key to keep costs under control. It should be a mutually beneficial relationship, CIOs say, so be prepared for some give and take. “There’s typically more flexibility on pricing if there’s added value that can found, for example, by introducing other clients or integrating products together, creating a win-win situation,” says McKee.

Quote for the day:

“Good manners sometimes means simply putting up with other people's bad manners. ” -- H. Jackson Brown, Jr

No comments:

Post a Comment