The do-it-yourself approach to MDM
If you’re comfortable taking on extra responsibilities and costs, the next big
question is whether you can get the right tool — or more often, many tools — you
need. This is where you need a detailed understanding of the mobile platforms
you have to manage and every platform that needs to integrate with them for
everything to work. MDM isn’t an island. It integrates with a sometimes
staggering number of enterprise components. Some, like identity management, are
obvious; others like log management or incident response are less obvious when
you think about successful mobility management. Then there are the external
platforms that need connections. Think identity management — Entra, Workspace,
Okta — and things like Apple Business Manager that you need to work well in both
every day and unusual situations. Then tack on the network, security, auditing,
load balancing, inventory, the help desk and various other services. You’re
going to need something to connect with everything you already have, or you
could find yourself saddled with multiple migrations.
NCSC warns CNI operators over ‘living-off-the-land’ attacks
The NCSC said that even organisations with the most mature cyber security
techniques could easily fail to spot a living-off-the-land attack, and assessed
it is “likely” that such activity poses a clear threat to CNI in the UK. ... In
particular, it warned, both Chinese and Russian hackers have been observed
living-off-the-land on compromised CNI networks – one prominent exponent of the
technique is the GRU-sponsored advanced persistent threat (APT) actor known as
Sandworm, which uses LOLbins extensively to attack targets in Ukraine. “It is
vital that operators of UK critical infrastructure heed this warning about cyber
attackers using sophisticated techniques to hide on victims’ systems,” said NCSC
operations director Paul Chichester. “Threat actors left to carry out their
operations undetected present a persistent and potentially very serious threat
to the provision of essential services. Organisations should apply the
protections set out in the latest guidance to help hunt down and mitigate any
malicious activity found on their networks.” "In this new dangerous and volatile
world where the frontline is increasingly online, we must protect and future
proof our systems,” added deputy prime minister Oliver Dowden.
What Are the Core Principles of Good API Design?
Your API should also be idiomatic to the programming language it is written
against and respect the way that language works. For example, if the API is to
be used with Java, use exceptions for errors, rather than returning an error
code as you might in C. APIs should follow the principle of least surprise. Part
of the way this can be achieved is through symmetry; if you have to add and
remove methods, these should be applied everywhere they are appropriate. A good
API comprises a small number of concepts; if I’m learning it, I shouldn’t have
to learn too many things. This doesn’t necessarily apply to the number of
methods, classes or parameters, but rather the conceptual surface area that the
API covers. Ideally, an API should only set out to achieve one thing. It is also
best to avoid adding anything for the sake of it. “When in doubt, leave it out,”
as Bloch puts it. You can usually add something to an API if it turns out to be
needed, but you can never remove things once an API is public. As noted earlier,
your API will need to evolve over time, so a key part of the design is to be
able to make changes further down the line without destroying everything.
Russian Ransomware Gang ALPHV/BlackCat Resurfaces with 300GB of Stolen US Military Documents
The ALPHV/BlackCat ransomware group has threatened to publish and sell 300 GB of
stolen military documents unless Technica Corporation gets in touch. “If
Technica does not contact us soon, the data will either be sold or made public,”
the ransomware gang threatened. However, there is no guarantee that the
ransomware gang would not pass the military documents to adversaries even after
the military contractor pays the ransom. The BlackCat ransomware gang also
posted screenshots of the leaked military documents as proof, displaying the
victims’ names, social security numbers, job roles and locations, and clearance
levels. Other military documents include corporate information such as billing
invoices and contracts for private companies and federal agencies such as the
FBI and the US Air Force. So far, the motive of the cyber attack remains
unknown, but it’s common for threat actors to feign financial motives to conceal
their true geopolitical objectives. While the leaked military documents may not
classified, they still contain crucial personal information that state-linked
threat actors could use for targeting.
6 best practices for better vendor management
To build a stronger relationship with vendors, “CIOs should bring them into the
fold regarding their priorities and potential concerns about what may —or may
not — lie ahead, from a regulatory perspective or the general economic climate,
for example,” says Kevin Beasley, CIO at VAI, a midmarket ERP software
developer. “A few years ago, supply-chain snags had CIOs looking for new
technology,” Beasley says. “Lately, a talent shortage means CIOs are pushing for
more automation. CIOs that don’t delay posing questions about how vendor
products can solve such challenges, but also take the time to hear the
information, will build a valuable rapport that can benefit both parties.” Part
of building a collaborative partnership is staying in close contact. It’s
important to establish clear communication channels and schedule regular
check-ins with active vendors, “to understand performance, expectations, and
progress while recognizing that no process or service goes perfectly all the
time,” says Patrick Gilgour, managing director of the Technology Strategy and
Advisory practice at consulting firm Protiviti.
Three commitments of the data center industry for 2024
To become more authentic and credible in these reputation-building dialogues and
go beyond the data center, we must be more representative of the people our
infrastructure ultimately serves. Although progress has been made, we must keep
evolving. We need diversity of background, experience, ethnicity, age, and
outlook in order to fully embrace the challenges of digital infrastructure. The
range of roles, skillsets, and opportunities in the sector is far wider than
many outside the industry recognize. Creating organizations where every person
can be themselves, and deliver in line with their ethics, values, and beliefs is
a prerequisite for building a positive reputation. And of course, the more
attractive an industry we become, the more great candidates, partners, and
supporters we’ll attract. ... Speaking of inspiring the next generation, 2024
can be the year in which we embrace youth. How do we attract more young people
into the industry? By inspiring them. The data center sector is a dynamic,
exciting, and rapidly growing sector. We want to ensure this is being
effectively articulated in print, across social media, and online.
Is your cloud security strategy ready for LLMs?
When employees and contractors use those public models, especially for analysis,
they will be feeding those models internal data. The public models then learn
from that data and may leak those sensitive corporate secrets to a rival who
asks a similar question. “Mitigating the risk of unauthorized use of LLMs,
especially inadvertent or intentional input of proprietary, confidential, or
material non-public data into LLMs” is tricky, says George Chedzhemov, BigID’s
cybersecurity strategist. Cloud security platforms can help, he adds, especially
for access controls and user authentication, encryption of sensitive data, data
loss prevention, and network security. Other tools are available for data
discovery and surfacing sensitive information in structured, unstructured, and
semi-structured repositories. “ It is impossible to protect data that the
organization has lost track of, data that has been over-permissioned, or data
that the organization is not even aware exists, so data discovery should be the
first step in any data risk remediation strategy, including one that attempts to
address AI/LLM risks,” says Chedzhemov.
Shadow AI poses new generation of threats to enterprise IT
Functional risks stem from an AI tool's ability to function properly. For
example, model drift is a functional risk. It occurs when the AI model falls out
of alignment with the problem space it was trained to address, rendering it
useless and potentially misleading. Model drift might happen because of changes
in the technical environment or outdated training data. ... Operational risks
endanger the company's ability to do business. Operational risks come in many
forms. For example, a shadow AI tool could give bad advice to the business
because it is suffering from model drift, was inadequately trained or is
hallucinating -- i.e., generating false information. Following bad advice from
GenAI can result in wasted investments -- for example, if the business expands
unwisely -- and higher opportunity costs -- for example, if it fails to invest
where it should. ... Legal risks follow functional and operational risks if
shadow AI exposes the company to lawsuits or fines. Say the model advises
leadership on business strategy. But the information is incorrect, and the
company wastes a huge amount of money doing the wrong thing. Shareholders might
sue.
Creating a Data Quality Framework
A start-up business may not initially have a need for organizing massive amounts
of data (it doesn’t yet have massive amounts of data to organize), but a master
data management (MDM) program at the start can be remarkably useful. Master data
is the critical information needed for doing business accurately and
efficiently. For example, the business’s master data contains, among other
things, the correct addresses of the start-up’s new customers. Master data must
be accurate to be useful – the use of inaccurate master data would be
self-destructive. If the organization is doing business internationally, it may
need to invest in a Data Governance (DG) program to deal with international laws
and regulations. Additionally, a Data Governance program will manage the
availability, integrity, and security of the business’s data. An effective DG
program ensures that data is consistent and trustworthy and doesn’t get misused.
A well-designed DG program includes not only useful software, but policies and
procedures for humans handling the organization’s data. A Data Quality framework
is normally developed and used when an organization has begun using data in
complicated ways for research purposes.
Meta Is Being Urged to Crack Down on UK Payment Scams
Since social media market platforms such as Facebook Marketplace do not have
dedicated payment portals that accept payment cards, Davis said, standard
security practices adopted by card issuers cannot be used to protect customers.
As a result, preventing fraud on social media platforms is a challenge, he said.
"To tackle this, we need greater action from Meta to stop fraudulent ads from
being put in front of the U.K. consumers," Davis said. Meta Public Policy Mead
Philip Milton, who testified before the committee, said his company takes fraud
prevention "extremely seriously." Milton said Meta has adopted such measures as
verifying ads on its platforms and permitting only financial ads that have
cleared the U.K. Financial Services Verification process rolled out by the
British Financial Conduct Authority. "A good indicator of fraud is fake
accounts, as scammers generally tend to use fake accounts to carry out scams. As
fraud prevention, Meta removed 827 million fake accounts in the third quarter of
2023," Milton said. Microsoft Government Affairs Director Simon Staffell said
the computing giant pursues criminal infrastructure disruption as one of its
fraud prevention strategies.
Quote for the day:
"If you are willing to do more than you
are paid to do, eventually you will be paid to do more than you do." --
Anonymous
No comments:
Post a Comment