Daily Tech Digest - November 14, 2023

Balancing act: CISOs knife-edge role in modern cybersecurity

Enhanced personal liability and duty of care are becoming increasingly unavoidable for many industries under the NIS2 (Network and Information Systems Directive) - a directive to set higher standards for cybersecurity across the European Union - and DORA (Digital Operational Resilience Act). This change is unnerving for CISOs as their role is officially recognized by regulators, shareholders, and customers. 62% cited concerns about personal liability in a recent global survey by Proofpoint, demonstrating the increased pressures of the role. ... Cybercriminals are already experienced users of AI, with ransomware producers incorporating AI and machine learning techniques into their malware while using it to target specific victims and evade antivirus software detection. Such use of advanced technology is expected to continue as ransomware developers become more proficient in their tactics and multiply the challenges CISOs will face. While AI can automate threat detection and response, it requires an understanding of past threat activity. 

Exploring the Role of Consensus Algorithms in Distributed System Design

Consensus, in the context of distributed systems, is the act of getting a group of nodes to agree on a single value or outcome, even if failures and network delays occur. This agreement is vital for the proper functioning of distributed systems, for it ensures that all nodes operate cohesively and consistently, even when they are geographically dispersed. ... At the heart of many consensus algorithms is the concept of Leader election, as it establishes a single node responsible for coordinating and making decisions on behalf of the group. In other words, this leader ensures that all nodes in the system agree on a common value or decision, promoting order and preventing conflicts in distributed environments. Fault tolerance is a critical aspect of consensus algorithms as well, as it allows systems to continue functioning even in the presence of node failures, network partitions, or other unforeseen issues. Consistency, reliability, and fault tolerance are among the primary guarantees offered. 

Rogue state-aligned actors are most critical cyber threat to UK

These groups have become emboldened to act with impunity regardless of whether or not they have Russia’s official backing, and the NCSC said it had “concerns” that these groups have a higher risk appetite than those advanced persistent threat (APT) actors – such as Sandworm – that operate as units of the Russian intelligence and military services. This makes them a far more dangerous threat because they may seek to attack CNI operators without constraint and without being able to fully understand, or control, the impact of their actions. The consequences of this could be exceptionally severe. At the same time, Russian APTs continue to advance their goal of weakening and dividing Moscow’s adversaries by interfering in the democratic process using mis- and disinformation and cyber attacks. ... Of particular concern next go round will be large language models (LLM), which will almost certainly be used to generate fabricated content and deepfakes before the election, and a developing trend of targeting the email accounts of prominent individuals, as previously reported.

Fostering an automation-driven operations mindset in enterprises

By embracing automation, companies are changing the way they operate. This can mean rethinking their entire business model to become more profitable and competitive. However, this change is not always easy. Businesses face various challenges, such as dealing with disruptions in the market, figuring out the right number of employees needed for their operations, and keeping up with the ever-changing market conditions. Businesses are recognising that in order to stay relevant and successful, they need to undergo a digital transformation. This means adopting new technologies and ways of doing things to achieve significant positive changes in their operations. Automation has the power to create these changes across all types of industries, including retail, logistics, manufacturing, and the BFSI sector. ... This shift is so significant that the market for industrial automation in India is expected to double from USD 13.23 billion in 2023 to USD 25.76 billion by 2028. This is a clear indication that companies are investing heavily in automation to ensure they remain competitive and up to date with the latest advancements.

MongoDB vs. ScyllaDB: A Comparison of Database Architectures

The MongoDB architecture enables high availability through the concept of replica sets. MongoDB replica sets follow the concept of primary-secondary nodes, where only the primary handles the write operations. The secondaries hold a copy of the data and can be enabled to handle read operations only. A common replica set deployment consists of two secondaries, but additional secondaries can be added to increase availability or to scale read-heavy workloads. MongoDB supports up to 50 secondaries within one replica set. Secondaries will be elected as primary in case of a failure at the former primary. ... Unlike MongoDB, ScyllaDB does not follow the classical relational database management system (RDBMS) architectures with one primary node and multiple secondary nodes, but uses a decentralized structure, where all data is systematically distributed and replicated across multiple nodes forming a cluster. This architecture is commonly referred to as multiprimary architecture. A cluster is a collection of interconnected nodes organized into a virtual ring architecture, across which data is distributed. 

Relationship management: The unsung art of optimizing IT teams

Getting the most out of IT staff and unleashing synergies among IT teams is among the more underappreciated skills an IT leader must have to optimize their organization’s efforts. And for that you must develop an uncanny knack for relationship management and an understanding of how differing personalities can enforce and work with one another to great effect. After all, IT brings together a diverse range of personalities, from statisticians, mathematicians, and developers who are rooted in the rigors of computer science, to liberal arts majors who might just as soon be writing a novel if it could pay the bills. So, how do you as an IT leader unify these wide-ranging personalities into a cohesive project team? The short answer is that you don’t try to change anyone. Instead, you seize on common goals most team members have: To see success, feel good about the work they do, and contribute in ways that play to their strengths — while avoiding what they find off-putting or unproductive.

As perimeter defenses fall, the identify-first approach steps into the breach

An identity-first strategy is all about knowing the identity of all humans and non-humans accessing points within the enterprise. In other words, the strategy calls for the organization to know each employee, contractor, and business partner as well as endpoint, server, or application that seeks to connect. It is often also called identity-centric or identity-first security. It's foundational to implementing zero trust because zero trust says trust no entity until that entity — whether human or machine — can authenticate that it is who it says it is and can verify it has been authorized to access the network, application, API, server, etc. that it's seeking to access. ... As Avijit explains, no single solution delivers an identity-first strategy. Rather, it requires a synthesis of policies, practices and technology — like nearly everything else in cybersecurity. Those elements must come together to achieve three key objectives, says Henrique Teixeria, senior director analyst at Gartner, a research and advisory firm. 

Collaborative strategies are key to enhanced ICS security

Cooperation between IT (information technology) and OT (operational technology) departments is extremely important to address unique security challenges in industrial sectors. The IT department is usually responsible for managing computer systems, networks, and data, while the OT department manages operating systems, industrial control systems, and sensors. Synergy between these departments allows for a better understanding and confrontation of threats involving industrial control systems. IT teams have expertise in information security, and OT teams have years of experience working with industrial systems. By combining the knowledge of both departments, one can proactively identify and address security vulnerabilities and threats. The advantages of training these departments with each other are many. First, understanding both aspects – INFORMATION and industrial technology – allows for more effective identification and analysis of security challenges that are specific to the industrial sectors. 

3 cybersecurity compliance challenges and how to address them

Changes in regulations can be as rapid as the introduction of new products or the emergence of new threats and attacks. Thus, organisations need to be agile enough to keep up with regulatory changes. Unfortunately, not many of us have the ability to do this on our own. Cybersecurity skills shortage continues to be a problem when it comes to compliance. Many organisations lack the right people to properly address cyber threats, let alone continuously monitor regulatory changes. The challenge of keeping up with changing regulations can be addressed with the help of resources that track updates for you. Often, these are related to specific business niches. For companies involved in credit and financial service operations, for example, the cybersecurity alerts of the National Association of State Credit Union Supervisors (NASCUS) provide up-to-date information on the latest regulations that affect those in the business of extending credit and other financial services. There are also regulation monitoring subscription services that provide updates on regulations in general. 

Ethical Considerations in AI and Cloud Computing: Ensuring Responsible Develop and Use

Transparency and ethics go hand in hand. With AI, transparency is an essential ethical practice that plays a role in meaningful consent, accountability, and algorithmic auditing. Transparency is essential for driving public acceptance and trust in AI. AI has been accused of having a “black box” problem, referring to the lack of transparency in how it operates and the logic behind its decisions. The use of complex algorithms and proprietary systems contributes to the problem. Ethical practices must address the black box issue by ensuring a high level of transparency in AI development and deployment. ... Assigning responsibility for the outcomes provided by AI-driven systems is perhaps the most important ethical consideration to be considered. If an AI-powered system guiding medical diagnosis makes a decision that leads to failed medical treatment, who should take responsibility? Is the AI developer, the technology firm that deployed the AI, or the doctor ultimately accountable for the bad information?

Quote for the day:

"A leader is one who sees more than others see, who sees farther than others see and who sees before others see.” -- Leroy Eimes

No comments:

Post a Comment