Authentication is more complicated than ever
Even if posture is improved and stronger forms of MFA are invoked at login, attackers will constantly be looking for new holes to exploit. Therefore, it's important to put in place detection logic and checks for compromise. Ideally, detections should target known attack techniques, but also leverage ML/AI algorithms to detect anomalous or novel suspicious behavior. For example, knowing historical access patterns can highlight when credentials suddenly attempt access from a new device or location. Put differently, authentication can no longer be only about authentication. The decision to validate a credential must be more than a question of the right password and MFA. It must include the context and conditions of the request, checked and confirmed by policy each time. When identity-based attacks are detected, automated responses should be invoked. This can mean stepping up authentication requirements, revoking access, quarantining an identity until the situation is resolved, or executing more complex responses.
The Importance of Human-centered AI
Creating a functional and reliable AI requires a combination of domain and data science expertise with design acumen.Domain experts are particularly important when developing AI for the legal sector, as legal operations professionals, attorneys, and others bring highly valuable knowledge when training AI to deliver results for corporate legal departments (CLDs). Data scientists cleanse, analyze, and glean insights from large amounts of data. AI design strategists create systems, design prototypes, and assist in model building, all while focusing on delivering intelligence in a user-centric way. It’s impossible for an AI model to work optimally without all these individuals working together. For instance, a model built just by data scientists might technically work, but it probably won’t be focused on the user or their business needs. Meanwhile, a model created by an AI designer may not have the breadth of insights it could have if a data scientist and domain expert were also involved. It’s this diversity of human talent and perspectives that lays the initial groundwork for everything that organizations want in AI.
Green data centers: efforts to push sustainable IT developments
Modular designs reduce the need for significant infrastructure modifications by
enabling the gradual development of data centre capacity. In addition to saving
energy, using more energy-efficient servers, storage units, and networking
hardware can provide greater scalability by lowering the requirement for extra
power and cooling infrastructure. The data centre’s demand for cooling increases
with its size and new technologies are adding to better efficiency and energy
savings. Along with this, scaling up without consuming more energy is possible
with the use of effective cooling techniques like liquid cooling. Optimising
resource utilization and maximising scalability may be achieved by putting into
practice effective data centre management techniques like load balancing and
resource sharing. Server virtualization maximizes efficiency internally,
lowering the requirement for physical equipment and energy usage. Real-time
monitoring and modification of energy use is made possible by artificial
intelligence and machine learning, which makes infrastructure more adaptable and
efficient.
Unravelling the Persistence of Legacy Malware: By Shailendra Shyam Sahasrabudhe
While the term “legacy” may evoke images of outdated systems and forgotten
technologies, in the realm of cyber threats, it takes on a more sinister
connotation. Legacy malware, often several years old, continues to haunt
organizations, primarily due to the shrewd tactics employed by threat actors.
Global organizations face a substantial threat due to the lax enforcement of
security standards for IoT device manufacturers, exacerbated by the widespread
presence of shadow IoT devices within enterprise networks. This significant risk
is posed by the targeting of “unmanaged and unpatched” devices by threat actors,
who often leverage these vulnerabilities to establish an initial foothold in the
targeted environment. These threat actors, operating as de facto businesses,
harbour a vested financial interest in extending the shelf life of their
malware. This involves the recycling and repackaging of malicious code, coupled
with innovative market strategies. Technical manoeuvres such as code
recompilation, binary morphing, and the creation of fresh signatures to sidestep
traditional antivirus defences are par for the course.
The 3 Paradoxes of Cloud Native Platform Engineering
Given the plethora of DevOps tools on the market, assembling the optimal
toolchain can slow everyone down and lead to inconsistent results. The solution:
ensure platform engineering teams build an IDP that includes the best set of
tools for the tasks at hand. The goal of such a platform is to provide a “golden
path” for developers to follow, essentially a recommended set of tools and
processes for getting their work done. However, this golden path can become a
straitjacket. When this golden path is overly normative, developers will move
away from it to get their jobs done, defeating its purpose. As with measuring
their productivity, developers want to be able to make their own choices
regarding how they go about crafting software. As a result, platform engineers
must be especially careful when building IDPs for cloud native development.
Jumping to the conclusion that tools and practices that were suitable for other
architectural approaches are also appropriate for cloud native can be a big
mistake.
Cloud Computing's Role in Transforming AML and KYC Operations
The biggest advantage is data centralization. Data is not scattered in different
systems which allows compliance investigators to get a holistic view of
information about a customer in one place and thereby speed the investigation
process and decision-making. Cloud platforms allow for seamless storage at very
low cost and also enable organizations with a lot more querying and analytical
toolsets. This further aids in the compliance investigation process as the AML
investigator gets a view of all the transactions and the trends analysis much
faster. AML platform providers were also coaxed to shift from typical on-premise
solutions to creating cloud-based platforms which could then be mere
plug-and-play SaaS solutions for the FIs. These enabled real-time monitoring of
transactions thus alerting of any suspicious activity almost immediately.
Unified AML platforms on the cloud also allow collaboration across the AML
process chain and the overall FI ecosystem.
15 ways to grow as an IT leader in 2024
Di Maria says having a group of trusted advisors can help CIOs — or any
professional — identify and correct deficits as well as hone and build up
strengths. She advises CIOs to tap several executives from outside their current
organization, including those from other functional areas and industries, so
that CIOs can gain from their diverse experiences and perspectives. ... Di Maria
also recommends CIOs create an executive brand this year, if they haven’t done
so already. “This helps you be a better leader and help you advance, because it
has you focus on what you stand for,” she explains. “It helps you focus on how
you show up and what you do so you’re more effective in your job. It helps you
figure out what you should be doing, what your priorities are, and how what
you’re doing provides value in your workplace.” ... As tech leaders, CIOs are
instrumental in leading people through that change — and they must be better at
it than they’ve been in the past, says Jason Pyle, president and managing
director of Harvey Nash US and Canada, an IT recruitment and consultancy firm.
“It will come down to navigating all the human elements,” he says.
Flipping the BEC funnel: Phishing in the age of GenAI
Unfortunately, a significant majority of organizations appear ill-prepared to
counter these emerging phishing threats. Chief among the concerns facing most
organizations today is the record-high cybersecurity workforce gap, with an
estimated need for an additional 4 million professionals worldwide to protect
digital assets, as reported by ISC2. The same report reveals that nearly half
(48%) of organizations today lack the tools and talent to respond to cyber
incidents effectively. Furthermore, the ISC2 study shows that today’s
cybersecurity professionals are feeling less than confident about the current
threat landscape. A staggering 75% of them assert that the present threat
landscape is the most formidable they’ve encountered in the past five years, and
45% anticipate that artificial intelligence (AI) will pose their greatest
challenge in the next two years. This outlook underscores the urgency for
organizations to fortify their cybersecurity defenses and adapt to the rapidly
evolving nature of cyber threats. Our analysis found over 8 million phishing
attempts successfully evaded native defenses in 2022 alone.
Eye on the Event Horizon
While multifactor authentication is crucial for securing online accounts, SMS
OTP is not the most secure form of MFA. Other, more secure methods are more
difficult to hack or replicate, making them a safer option for high-risk
transactions. Using WhatsApp OTP as a solution to address SMS OTP security
issues could be a simple but effective solution as it offers end-to-end
encryption and is cheaper than SMS. Single Sign-On via Social Login is a good
option for nonfinancial applications. ... It is important to choose the most
secure and reliable authentication method to protect against fraud and financial
losses. While hardware-based tokens are the most secure option, they can be
inconvenient to carry. There are better alternatives available, such as
biometric authentication, mobile authentication apps and FIDO standards. An
authenticator app - a mobile application - provides an extra layer of security
to your online accounts by generating time-based, one-time passwords or TOTPs.
These passwords are used for two-factor authentication and help protect your
accounts from unauthorized access.
5 ways QA will evaluate the impact of new generative AI testing tools
Several experts weighed in, and the consensus is that generative AI can augment
QA best practices, but not replace them. “When it comes to QA, the art is in the
precision and predictability of tests, which AI, with its varying responses to
identical prompts, has yet to master,” says Alex Martins, VP of strategy at
Katalon. “AI offers an alluring promise of increased testing productivity, but
the reality is that testers face a trade-off between spending valuable time
refining LLM outputs rather than executing tests. This dichotomy between the
potential and practical use of AI tools underscores the need for a balanced
approach that harnesses AI assistance without forgoing human expertise.”
Copado’s Hannula adds, “Human creativity may still be better than AI figuring
out what might break the system. Therefore, fully autonomous testing—although
possible—may not yet be the most desired way.” Marko Anastasov, co-founder of
Semaphore CI/CD, says, “While AI can boost developer productivity, it’s not a
substitute for evaluating quality. Combining automation with strong testing
practices gives us confidence that AI outputs high-quality, production-ready
code.”
Quote for the day:
"Success does not consist in never
making mistakes but in never making the same one a second time." --George Bernard Shaw
No comments:
Post a Comment