Daily Tech Digest - January 15, 2024

Authentication is more complicated than ever

Even if posture is improved and stronger forms of MFA are invoked at login, attackers will constantly be looking for new holes to exploit. Therefore, it's important to put in place detection logic and checks for compromise. Ideally, detections should target known attack techniques, but also leverage ML/AI algorithms to detect anomalous or novel suspicious behavior. For example, knowing historical access patterns can highlight when credentials suddenly attempt access from a new device or location. Put differently, authentication can no longer be only about authentication. The decision to validate a credential must be more than a question of the right password and MFA. It must include the context and conditions of the request, checked and confirmed by policy each time. When identity-based attacks are detected, automated responses should be invoked. This can mean stepping up authentication requirements, revoking access, quarantining an identity until the situation is resolved, or executing more complex responses.


The Importance of Human-centered AI

Creating a functional and reliable AI requires a combination of domain and data science expertise with design acumen.Domain experts are particularly important when developing AI for the legal sector, as legal operations professionals, attorneys, and others bring highly valuable knowledge when training AI to deliver results for corporate legal departments (CLDs). Data scientists cleanse, analyze, and glean insights from large amounts of data. AI design strategists create systems, design prototypes, and assist in model building, all while focusing on delivering intelligence in a user-centric way. It’s impossible for an AI model to work optimally without all these individuals working together. For instance, a model built just by data scientists might technically work, but it probably won’t be focused on the user or their business needs. Meanwhile, a model created by an AI designer may not have the breadth of insights it could have if a data scientist and domain expert were also involved. It’s this diversity of human talent and perspectives that lays the initial groundwork for everything that organizations want in AI.


Green data centers: efforts to push sustainable IT developments

Modular designs reduce the need for significant infrastructure modifications by enabling the gradual development of data centre capacity. In addition to saving energy, using more energy-efficient servers, storage units, and networking hardware can provide greater scalability by lowering the requirement for extra power and cooling infrastructure. The data centre’s demand for cooling increases with its size and new technologies are adding to better efficiency and energy savings. Along with this, scaling up without consuming more energy is possible with the use of effective cooling techniques like liquid cooling. Optimising resource utilization and maximising scalability may be achieved by putting into practice effective data centre management techniques like load balancing and resource sharing. Server virtualization maximizes efficiency internally, lowering the requirement for physical equipment and energy usage. Real-time monitoring and modification of energy use is made possible by artificial intelligence and machine learning, which makes infrastructure more adaptable and efficient. 


Unravelling the Persistence of Legacy Malware: By Shailendra Shyam Sahasrabudhe

While the term “legacy” may evoke images of outdated systems and forgotten technologies, in the realm of cyber threats, it takes on a more sinister connotation. Legacy malware, often several years old, continues to haunt organizations, primarily due to the shrewd tactics employed by threat actors. Global organizations face a substantial threat due to the lax enforcement of security standards for IoT device manufacturers, exacerbated by the widespread presence of shadow IoT devices within enterprise networks. This significant risk is posed by the targeting of “unmanaged and unpatched” devices by threat actors, who often leverage these vulnerabilities to establish an initial foothold in the targeted environment. These threat actors, operating as de facto businesses, harbour a vested financial interest in extending the shelf life of their malware. This involves the recycling and repackaging of malicious code, coupled with innovative market strategies. Technical manoeuvres such as code recompilation, binary morphing, and the creation of fresh signatures to sidestep traditional antivirus defences are par for the course.


The 3 Paradoxes of Cloud Native Platform Engineering

Given the plethora of DevOps tools on the market, assembling the optimal toolchain can slow everyone down and lead to inconsistent results. The solution: ensure platform engineering teams build an IDP that includes the best set of tools for the tasks at hand. The goal of such a platform is to provide a “golden path” for developers to follow, essentially a recommended set of tools and processes for getting their work done. However, this golden path can become a straitjacket. When this golden path is overly normative, developers will move away from it to get their jobs done, defeating its purpose. As with measuring their productivity, developers want to be able to make their own choices regarding how they go about crafting software. As a result, platform engineers must be especially careful when building IDPs for cloud native development. Jumping to the conclusion that tools and practices that were suitable for other architectural approaches are also appropriate for cloud native can be a big mistake. 


Cloud Computing's Role in Transforming AML and KYC Operations

The biggest advantage is data centralization. Data is not scattered in different systems which allows compliance investigators to get a holistic view of information about a customer in one place and thereby speed the investigation process and decision-making. Cloud platforms allow for seamless storage at very low cost and also enable organizations with a lot more querying and analytical toolsets. This further aids in the compliance investigation process as the AML investigator gets a view of all the transactions and the trends analysis much faster. AML platform providers were also coaxed to shift from typical on-premise solutions to creating cloud-based platforms which could then be mere plug-and-play SaaS solutions for the FIs. These enabled real-time monitoring of transactions thus alerting of any suspicious activity almost immediately. Unified AML platforms on the cloud also allow collaboration across the AML process chain and the overall FI ecosystem. 


15 ways to grow as an IT leader in 2024

Di Maria says having a group of trusted advisors can help CIOs — or any professional — identify and correct deficits as well as hone and build up strengths. She advises CIOs to tap several executives from outside their current organization, including those from other functional areas and industries, so that CIOs can gain from their diverse experiences and perspectives. ... Di Maria also recommends CIOs create an executive brand this year, if they haven’t done so already. “This helps you be a better leader and help you advance, because it has you focus on what you stand for,” she explains. “It helps you focus on how you show up and what you do so you’re more effective in your job. It helps you figure out what you should be doing, what your priorities are, and how what you’re doing provides value in your workplace.” ... As tech leaders, CIOs are instrumental in leading people through that change — and they must be better at it than they’ve been in the past, says Jason Pyle, president and managing director of Harvey Nash US and Canada, an IT recruitment and consultancy firm. “It will come down to navigating all the human elements,” he says.


Flipping the BEC funnel: Phishing in the age of GenAI

Unfortunately, a significant majority of organizations appear ill-prepared to counter these emerging phishing threats. Chief among the concerns facing most organizations today is the record-high cybersecurity workforce gap, with an estimated need for an additional 4 million professionals worldwide to protect digital assets, as reported by ISC2. The same report reveals that nearly half (48%) of organizations today lack the tools and talent to respond to cyber incidents effectively. Furthermore, the ISC2 study shows that today’s cybersecurity professionals are feeling less than confident about the current threat landscape. A staggering 75% of them assert that the present threat landscape is the most formidable they’ve encountered in the past five years, and 45% anticipate that artificial intelligence (AI) will pose their greatest challenge in the next two years. This outlook underscores the urgency for organizations to fortify their cybersecurity defenses and adapt to the rapidly evolving nature of cyber threats. Our analysis found over 8 million phishing attempts successfully evaded native defenses in 2022 alone.


Eye on the Event Horizon

While multifactor authentication is crucial for securing online accounts, SMS OTP is not the most secure form of MFA. Other, more secure methods are more difficult to hack or replicate, making them a safer option for high-risk transactions. Using WhatsApp OTP as a solution to address SMS OTP security issues could be a simple but effective solution as it offers end-to-end encryption and is cheaper than SMS. Single Sign-On via Social Login is a good option for nonfinancial applications. ... It is important to choose the most secure and reliable authentication method to protect against fraud and financial losses. While hardware-based tokens are the most secure option, they can be inconvenient to carry. There are better alternatives available, such as biometric authentication, mobile authentication apps and FIDO standards. An authenticator app - a mobile application - provides an extra layer of security to your online accounts by generating time-based, one-time passwords or TOTPs. These passwords are used for two-factor authentication and help protect your accounts from unauthorized access.


5 ways QA will evaluate the impact of new generative AI testing tools

Several experts weighed in, and the consensus is that generative AI can augment QA best practices, but not replace them. “When it comes to QA, the art is in the precision and predictability of tests, which AI, with its varying responses to identical prompts, has yet to master,” says Alex Martins, VP of strategy at Katalon. “AI offers an alluring promise of increased testing productivity, but the reality is that testers face a trade-off between spending valuable time refining LLM outputs rather than executing tests. This dichotomy between the potential and practical use of AI tools underscores the need for a balanced approach that harnesses AI assistance without forgoing human expertise.” Copado’s Hannula adds, “Human creativity may still be better than AI figuring out what might break the system. Therefore, fully autonomous testing—although possible—may not yet be the most desired way.” Marko Anastasov, co-founder of Semaphore CI/CD, says, “While AI can boost developer productivity, it’s not a substitute for evaluating quality. Combining automation with strong testing practices gives us confidence that AI outputs high-quality, production-ready code.”



Quote for the day:

"Success does not consist in never making mistakes but in never making the same one a second time." --George Bernard Shaw

No comments:

Post a Comment