Low-tech solutions to high-tech cybercrimes
The growing quality of deepfakes, including real-time deepfakes during live
video calls, invites scammers, criminals, and even state-sponsored attackers to
convincingly bypass security measures and steal identities for all kinds of
nefarious purposes. AI-enabled voice cloning has already proved to be a massive
boon for phone-related identity theft. AI enables malicious actors to bypass
face recognition. protection And AI-powered bots are being deployed to intercept
and use one-time passwords in real time. More broadly, AI can accelerate and
automate just about any cyberattack. ... Once established (not in writing… ),
the secret word can serve as a fast, powerful way to instantly identify someone.
And because it’s not digital or stored anywhere on the Internet, it can’t be
stolen. So if your “boss” or your spouse calls you to ask you for data or to
transfer funds, you can ask for the secret word to verify it’s really them. ...
Farrow emphasizes a simple way to foil spyware: reboot your phone every day. He
points out that most spyware is purged with a reboot. So rebooting every day
makes sure that no spyware remains on your phone. He also stresses the
importance of keeping your OS and apps updated to the latest version.
7 Essential Trends IT Departments Must Tackle In 2025
Taking responsibility for cybersecurity will remain a key function of IT
departments in 2025 as organizations face off against increasingly
sophisticated and frequent attacks. Even as businesses come to understand that
everyone from the boardroom to the shop floor has a part to play in preventing
attacks, IT teams will inevitably be on the front line, with the job of
securing networks, managing update and installation schedules, administering
access protocols and implementing zero-trust measures. ... In 2025, AIOps are
critical to enabling businesses to benefit from real-time resource
optimization, automated decision-making and predictive incident resolution.
This should empower the entire workforce, from marketing to manufacturing, to
focus on innovation and high-value tasks rather than repetitive technical work
best left to machines. ... with technology functions playing an increasingly
integral role in business growth, other C-level roles have emerged to take on
some of the responsibilities. As well as Chief Data Officers (CDOs) and Chief
Information Security Officers (CISOs), it’s increasingly common for
organizations to appoint Chief AI Officers (CIAOs), and as the role of
technology in organizations continues to evolve, more C-level positions are
likely to become critical.
Passkey adoption by Australian govt, banks drives wider passwordless authentication
“A key change has been to the operation of the security protocols that
underpin passkeys and passwordless authentication. As this has improved over
time, it has engendered more trust in the technology among technology teams
and organisations, leading to increased adoption and use.” “At the same time,
users have become more comfortable with biometrics to authenticate to digital
services.” Implementation and enablement have also improved, leveraging
templates and no-code, drag-and-drop orchestration to “allow administrators to
swiftly design, test and deploy various out-of-the-box passwordless
registration and authentication experiences for diverse customer identity
types, all at scale, with minimal manual setup.” ... Banks are among the major
drivers of passkey adoption in Australia. According to an article in the
Sydney Morning Herald, National Australia Bank (NAB) chief security officer
Sandro Bucchianeri says passwords are “terrible” – and on the way out. ...
Specific questions pertaining to passkeys include, “Do you agree or disagree
with including use of a passkey as an alternative first-factor identity
authentication process?” and “Does it pose any security or fraud risks? If so,
please describe these in detail.”
Why crisis simulations fail and how to fix them
Communication gaps are particularly common between technical leadership and
business executives. These teams work in silos, which often causes
misalignment and miscommunication. Technical staff use jargon that executives
don’t fully understand, while business priorities may be unclear to the
technical team. As a result, it becomes difficult to discern what requires
immediate attention and communication versus what constitutes noise. This
slows down critical decisions. Now throw in third-party vendors or MSPs, and
this just amplifies the confusion and adds to the chaos. Role confusion is an
interesting challenge. Crisis management playbooks typically have roles
assigned to tasks, but no detail on what these roles mean. I have seen teams
come into an exercise confident about the name of their role, but no idea what
the role means in terms of actual execution. Many times, teams don’t even know
that a role exists within the team or who owns it. A fitting example is a
“crisis simulation secretary” — someone tasked with recording the notes for
the meetings, scheduling the calls, making sure everyone has the correct
numbers to dial in, etc. This may seem trivial, but it is a critical role, as
you do not want to waste precious minutes trying to dial into a call.
What CIOs are in for with the EU’s Data Act
There are many things the CIO will have to perform in light of Data Act
provisions. In the meantime, as explained by Perugini, CIOs must do due
diligence on the data their companies collect from connected devices and
understand where they are in the value chain — whether they are the owners,
users, or recipients. “If the company produces a connected industrial machine
and gives it to a customer and then maintains the machine, it finds itself
collecting the data as the owner,” she says. “If the company is a customer of
the machine, it’s a user and co-generates the data. But if it’s a company that
acquires the data of the machine, it’s a recipient because the user or the
manufacturer has allowed it to make them available or participates in a data
marketplace. CIOs can also see if there’s data generated by others on the
market that can be used for internal analysis, and procure it. Any use or
exchange of data must be regulated by an agreement between the interested
parties with contracts.” The CIO will also have to evaluate contracts with
suppliers, ensuring terms are compliant, and negotiate with suppliers to
access data in a direct and interoperable way. Plus, the CIO has to evaluate
whether the company’s IT infrastructure is suitable to guarantee
interoperability and security of data as per GDPR.
How slowing down can accelerate your startup’s growth
WIn startup culture, there’s a pervasive pressure to say “yes” to every
opportunity, to grow at all costs. But I’ve learned that restraint is an
underrated virtue in business. At Aloha, we had to make tough choices to stay
on the path of sustainable growth. We focused on our core mission and turned
down attractive but potentially distracting opportunities that would have
taken resources away from what mattered most. ... One of the most persistent
traps for startups is the “growth at all costs” mindset. Top-line growth can
be impressive, but if it’s achieved without a path to profitability, it’s a
house of cards. When I joined Aloha, we refocused our efforts on creating a
financially sustainable business. This meant dialing back on some of our
expansion plans to ensure we were growing within our means. ... In a world
that worships speed, it takes courage to slow down. It’s not easy to resist
the siren call of hypergrowth. But when you do, you create the conditions for
a business that can weather storms, adapt to change, and keep thriving.
Building a company on these principles doesn’t mean abandoning growth—it means
ensuring that growth is meaningful and sustainable. Slow and steady may not be
glamorous, but it works.
Why business teams must stay out of application development
Citizen development is when non-tech users build business applications using
no-code/low-code platforms, which automate code generation. Imagine that you
need a simple leave application tool within the organization. Enterprises can’t
afford to deploy their busy and expensive professional resources to build an
internal tool. So, they go the citizen development way. ... Proponents of
citizen development argue that the apps built with low-code platforms are highly
customizable. What they mean is that they have the ability to mix and match
elements and change colors. For enterprise apps, this is all in a day’s work.
True customizability comes from real editable code that empowers developers to
hand-code parts to handle complex and edge cases. Business users cannot build
these types of features because low-code platforms themselves are not designed
to handle this. ... Finally, the most important loophole that citizen
development creates is security. A vast majority of security attacks happen due
to human error, such as phishing scams, downloading ransomware, or improper
credential management. In fact, IBM found that there has been a 71% increase
this year in cyberattacks that used stolen or compromised credentials.
The rise of observability: A new era in IT Operations
Observability empowers organisations to not just detect that a problem exists,
but to understand why it’s happening and how to resolve it. It’s the difference
between knowing that a car has broken down and having a detailed diagnostic
report that pinpoints the exact issue and suggests an effective repair. The
transition from monitoring to observability is not without its challenges. Some
organisations find themselves struggling with legacy systems and entrenched
processes that resist change. Observability represents a shift from traditional
IT operations, requiring a new mindset and skill set. However, the benefits of
implementing observability practices far outweigh the initial challenges. While
there may be concerns about skill gaps, modern observability platforms are
designed to be user-friendly and accessible to team members at all levels. ...
Implementing observability results in clear, measurable benefits, especially
around improved service reliability. Because teams can identify and resolve
issues quickly and proactively, downtime is minimised or eradicated. Enhanced
reliability leads to better customer experiences, which is a crucial
differentiator in a competitive market where user satisfaction is key.
5 Trends Reshaping the Data Landscape
With increased interest in generative AI and predictive AI, as well as
supporting traditional analytical workloads, “we’re seeing a pretty massive
increase of data sprawl across industries,” he observed. “They track with the
realization among many of our customers that they’ve created a lot of different
versions of the truth and silos of data which have different systems, both
on-prem and in the cloud.” ... If a data team “can’t get the data where it needs
to go, they’re not going to be able to analyze it in an efficient, secure way,”
he said. “Leaders have to think about scale in new ways. There are so many
systems downstream that consume data. Scaling these environments as the data is
growing in many cases by almost double-digit percentages year over year is
becoming unwieldy.” A proactive approach is to address these costs and silos
through streamlining and simplification on a single common platform, Kethireddy
urged, noting Ocient’s approach to “take the path to reducing the amount of
hardware and cloud instances it takes to analyze compute-intensive workloads. We
focus on minimizing costs associated with the system footprint and energy
consumption.”
Serverless Computing: The Future of Programming and Application Deployment Innovations
Serverless computing enhances automated scaling for handling workload by
shifting developers' focus on code development by adding and removing instances
from serverless functions. This approach leads cloud providers to automate the
distribution of incoming traffic from interconnected multiple instances in
serverless functions. The scalability nature of serverless computing emphasizes
that developers should build applications for handling large volumes of traffic
with an effective cloud infrastructure environment. On the other hand,
serverless functions assist in limited time within the range of milliseconds to
several minutes by optimization of the application code in performance
management. ... Cloud providers integrated security features of encryption and
access control in infrastructure in cloud services. This measure applied
automated security updates and patches in infrastructure with rapid prototype
creation. However, serverless computing issues in cloud infrastructure reflect
cloud services negatively. The time is taken to respond for the first time when
a serverless function has been initiated. The constraints of a serverless
architecture reflect a limited function lifecycle, which drastically affects its
performance.
Quote for the day:
"If you want to be successful
prepare to be doubted and tested." -- @PilotSpeaker
No comments:
Post a Comment