Daily Tech Digest - February 27, 2024

Market incentives in the pursuit of resilient software and hardware

For cyber security to continue to evolve as a discipline, we need both quantitative and qualitative insights to understand those aspects that, when combined, work most effectively to address threat and risk, along with human factors and operational dimensions. These solutions then need to be coupled with a compelling narrative to explain our conclusions and objectives to a range of audiences. For the quantitative aspects, access to underlying data types and sources is critical. When we think about software and hardware specifically, there are many possible points of measurement which can contribute to our understanding of its intrinsic security and support assurance. ... Improving the resilience of our software and hardware technology stacks in ways that can scale globally is a multi-faceted, sociotechnical challenge. Creating the right market incentives is our priority. Without these in place, we cannot begin to make progress at the pace or scale we need. Our collective interventions to improve engineering best practices and more transparent behaviours must be driven by data, and targeted by research and innovation. All of this requires better access to skills and cyber education, improved tools, and accessible infrastructure. 

Is creating an in-house LLM right for your organization?

Before delving into the world of foundational models and LLMs, take a step back and note the problem you are looking to solve. Once you identify this, it’s important to determine which natural language tasks you need. Examples of these tasks include summarization, named entity recognition, semantic textual similarity, and question answering, among others. ... Before using an AI tool as a service, government agencies need to make sure the service they are using is safe and trustworthy, which isn’t usually obvious and not captured by just looking at an example set of output. And while the executive order doesn’t apply to private sector businesses, these organizations should take this into consideration if they should adopt similar policies. ... Your organization’s data is the most important asset to evaluate before training your own LLM. Those companies that have accumulated high-quality data over time are the luckiest in today’s LLM age, as data is needed at almost every step of the process including training, testing, re-training, and beta tests. High-quality data is the key to success when training an LLM, so it is important to consider what that truly means. 

Privacy Watchdog Cracks Down on Biometric Employee Tracking

In Serco's case, the ICO said Friday that the company had failed to demonstrate why using facial recognition technology and fingerprint scanning was "necessary or proportionate" and that by doing so it had violated the U.K. General Data Protection Regulation. "Biometric data is wholly unique to a person so the risks of harm in the event of inaccuracies or a security breach are much greater - you can't reset someone's face or fingerprint like you can reset a password," said U.K. Information Commissioner John Edwards. "Serco Leisure did not fully consider the risks before introducing biometric technology to monitor staff attendance, prioritizing business interests over its employees' privacy." "There have been a number of warnings that facial recognition and fingerprints are problematic," said attorney Jonathan Armstrong, a partner at Cordery Compliance. "Most data protection regulators don't like technology like this when it is mandatory for employees. If you're looking at this you'll need a solid data protection impact assessment setting out why the tech is needed, why there are no better solutions, and what you're doing to minimize the impact on those affected.

Cloud providers should play by same rules as telcos, EU commissioner tells MWC

“Currently, our regulatory framework is too fragmented. We are not making the most of our single market of 450 million potential customers. We need a true digital single market to facilitate the emergence of pan-European operators with the same scale and business opportunities as their counterparts in other regions of the world. And we need a true level playing field, because in a technological space where telecommunications and cloud infrastructures converge, there is no justification for them not to play by the same rules,” said the European Commissioner. This means, for Breton, “similar rights and obligations for all actors and end-users of digital networks. This means, first and foremost, establishing the ‘country of origin’ principle for telecoms infrastructure services, as is already the case for the cloud, to reduce compliance costs and investment requirements for pan-European operators.” ... Finally, Breton advocated “Europeanizing the allocation of licenses for the use of spectrum. In the technology race to 6G, we cannot afford any more delays in the concession process, with huge disparities in the timing of auctions and infrastructure deployment between Member States...”

Unlocking the Power of Automatic Dependency Management

Dependency automation relies on having a robust and reliable CI/CD system. Integrating automatic dependency updates into the development workflow is going to exercise this system much more frequently than updates done by hand, so this process demands robust testing and continuous integration practices. Any update, while beneficial, can introduce unexpected behaviors or compatibility issues. This is where a strong CI pipeline comes into play. By automatically testing each update in a controlled environment, teams can quickly identify and address any issues. Practices like automated unit tests, integration tests and even canary deployments are invaluable. They act as a safety net, ensuring that updates improve the software without introducing new problems. Investing in these practices streamlines the update process, but also reinforces overall software quality and reliability. ... Coupled with a robust infrastructure that supports these tools, including adequate server capacity and a reliable network, organizations can create an environment where automatic dependency updates thrive, contributing to a more resilient and agile development process.

What Is a Good Management Model in Agile Software Development?

Despite that recognition, an approach referred to by Jurgen Appello as “Management 2.0,” or “doing the right thing wrong” is still being used. This management style involves a manager who sticks strictly to the organizational hierarchy and forgets that human beings usually don’t like top-down control and mandatory improvements. Within this approach, 1:1 meetings are conducted with employees for individual goal setting. Although this could be considered a good idea — to manage people and their interests — the key is the way managers do it. They should be managing the system around their people instead of managing the people directly. ... Management 3.0, or “Doing the right thing,” can be the appropriate solution, in which organizations are considered to be complex and adaptive systems. Jurgen Appelo describes this style of management as “taking care of the system instead of manipulating the people.” Or, in other words, improving the environment so that “it keeps workers engaged and happy is one of the main responsibilities of management; otherwise, the organization fails to generate value.”

Hacker group hides malware in images to target Ukrainian organizations

The attacks detected by Morphisec delivered a malware loader known as IDAT or HijackLoader that has been used in the past to deliver a variety of trojans and malware programs including Danabot, SystemBC, and RedLine Stealer. In this case, UAC-0184 used it to deploy a commercial remote access trojan (RAT) program called Remcos. “Distinguished by its modular architecture, IDAT employs unique features like code injection and execution modules, setting it apart from conventional loaders,” the Morphisec researchers said. “It employs sophisticated techniques such as dynamic loading of Windows API functions, HTTP connectivity tests, process blocklists, and syscalls to evade detection. The infection process of IDAT unfolds in multiple stages, each serving distinct functionalities.” ... To execute the hidden payload, the IDAT loader employs another technique known as module stomping, where the payload is injected into a legitimate DLL file — in this case one called PLA.dll (Performance Logs and Alerts) — to lower the chances that an endpoint security product will detect it.

“Ruthlessly prioritize what’s critical”: Check Point expert on CISOs and the evolving attack surface

Ford argues that CISOs need to face the fact that they cannot secure everything and question how they can best spend their finite resources on attack surface management. This attitude has been reflected in the rise of strategies such as zero trust and Ford says in 2024 CISOs will continue to struggle to secure an increasing number of devices and data and contend with a landscape that is evolving in real time. “I think you have to do two things really well: the first thing I think you have to do is truly identify what’s critical and ruthlessly prioritize what’s critical. The second thing is you have to deploy lasting and intelligent solutions”, Ford argued. “[Businesses] have to deploy solutions that grow and contract with the business and can grow and contract as the threat landscape grows and contracts.” Mitchelson offers some examples of what this sort of deployment might look like in the future, arguing the most potential lies in using technology to realize this elastic functionality. “Internally within the structures of the organization, it could be a matrix type structure whereby you’re actually able to expand and contract internal resourcing within teams as to what you do”, Mitchelson suggests.

Gartner Identifies the Top Cybersecurity Trends for 2024

Security leaders need to prepare for the swift evolution of GenAI, as large language model (LLM) applications like ChatGPT and Gemini are only the start of its disruption. Simultaneously, these leaders are inundated with promises of productivity increases, skills gap reductions and other new benefits for cybersecurity. Gartner recommends using GenAI through proactive collaboration with business stakeholders to support the foundations for the ethical, safe and secure use of this disruptive technology. “It’s important to recognize that this is only the beginning of GenAI’s evolution, with many of the demos we’ve seen in security operations and application security showing real promise,” said ... Outcome-driven metrics (ODMs) are increasingly being adopted to enable stakeholders to draw a straight line between cybersecurity investment and the delivered protection levels it generates. According to Gartner, ODMs are central to creating a defensible cybersecurity investment strategy, reflecting agreed protection levels with powerful properties, and in simple language that is explainable to non-IT executives. 

Using AI to reduce false positives in secrets scanners

Secrets scanners were created to find leaks of such secrets before they reach malicious hands. They work by comparing the source code against predefined rules (regexes) that cover a wide range of secret types. Because they are rule-based, secrets scanners often trade between high false-positive rates on the one hand and low true-positive rates on the other. The inclination towards relaxed rules to capture more potential secrets results in frequent false positives, leading to alert fatigue among those tasked with addressing these alarms. Some scanners implement additional rule-based filters to decrease false alerts, like checking if the secret resides in a test file or whether it looks like a code variable, function call, CSS selection, etc., through semantic analysis. ... AI can play a role in overcoming this challenge. Large Language Model (LLM) can be directed at vast amounts of code and fine-tuned (trained) to understand the nuance of secrets and when they should be considered false-positive. Given a secret and the context in which it was introduced, this model would then know whether it should be flagged. Using this approach will reduce the number of false positives while keeping true positive rates stable.

Quote for the day:

''Leadership occurs any time you attempt to influence the thinking, development of beliefs of somebody else.'' -- Dr. Ken Blanchard

No comments:

Post a Comment