Ransomware Set for Evolution in Attack Capabilities in 2021
“The Maginot line of cybersecurity transformation failed as the first adopters
were the e-crime groups and cybercrime cartels, and we just have to pay
attention now as perimeter defenses have failed and continue to fail, and
visibility and hardening has become an extreme challenge. Most attacks you see
today are attacks from the inside out – digital insiders using trusted
ecosystems to leverage ransomware attacks and espionage and crime campaigns.”
Looking at ransomware in particular, the trio said they do not see this
stopping or slowing down “and we continue to predict that this is going to
extend significantly,” Foss said. He claimed ransomware groups have brought
more people into their groups and are making sure they are getting trusted
people, with nation state adversaries taking part as well. “We see this
reaching out to additional operating systems; traditionally this has only
impacted Windows primarily, but with MacOS having such a market reach in the
professional ecosystem of most organizations, we predict it will be targeted
as well,” Foss said. “Linux is one we have started to see more campaigns begin
to target, and a lot are looking at defacing webpages in addition to taking
over core components of ecosystems that these companies operate.”
Rethinking Robotic Process Automation (RPA)
You can't converse much with anyone these days about automation without talking
RPA. It seems the little bots are getting everywhere. It's almost like an alien
invasion! But always, the talk seems to be about creating and imposing bots on
us. A bot for this and a bot for that, pretty soon you have dozens of little
creatures (think about all the little gremlins in the film of the same name!)
all nibbling away at pieces of your work. Helpful they maybe, but at what cost?
In the UK and USA, as we came out of the 2008 financial crisis, economists were
left scratching their heads. They were wrestling with what they call the
productivity puzzle. Historically economic growth was always been closely tied
to productivity, e.g., if output per worker does not grow, then the economy does
not grow. In the UK, productivity was actually lower than before the crisis hit.
So if productivity growth is required, it only stands to reason that tools to
increase productivity are a useful thing to have. (I know I am oversimplifying,
but I think it works for where we are going). What if RPA, instead of being
about Robotic Process Automation instead became about Robotic Process
Assistants. In this new world, we would each have just one robot on our
desktop/laptop/machine, a little like Automator on a Mac.
Quantum Sensors Will Revolutionise The Tech Industry
Measurement devices that exploit quantum properties have been around for a
while, such as atomic clocks, laser distance meters, and magnetic resonance
imaging used for medical diagnosis. What can now be considered new is that
individual quantum systems, like atoms and photons, are increasingly used as
measurement probes. The entanglement and manipulation of quantum states are
used to improve the sensitivity, even beyond the limit set by a conventional
formulation of the quantum mechanical uncertainty principle. Yet, many
scientists believe that quantum will enjoy its first real commercial success
in sensing. That’s because sensing can avail the very characteristic that
makes building a quantum computer so difficult-the extraordinary sensitivity
of quantum states to the environment. Whether they respond to the
gravitational pull of buried objects or picking up magnetic fields from the
human brain, quantum sensors can recognize a wide range of tiny signals across
the world. Some physicists believe that gravity-measuring quantum sensors, in
particular, will become more widespread quickly with a potential market of USD
1 billion a year.
Banking to groceries — Data Protection Authority has multi-sector role, but must be efficient
First, the Data Protection Authority should follow a risk-based approach that
is implicitly present in the Bill. For example, in many places, the Bill
requires the DPA to consider the risk of harm to consumers while framing
regulations. Additionally, the Bill categorises data into personal data,
sensitive personal data, and critical personal data to differentiate the
varying levels of risks that emanate from the misuse of data. Finally, the
Bill creates a differential level of regulation between ordinary firms that
use data, significant data fiduciaries, and small entities. These point to the
fact that risk-based regulation must be inherent to the DPA’s strategic
approach. Within this overall framework, the DPA can prioritise its resources
by focusing on processing sensitive and critical personal data, and by
overseeing significant data fiduciaries. This will allow the DPA to first
build capacity in areas that pose the greatest threat to consumers, rather
than expending its limited resources to regulate all sectors of economic
activity. The DPA can further sharpen its focus by having a low threshold for
exempting small entities. This will allow the DPA to focus its regulatory
capacity towards firms that pose a larger risk to consumers by collecting and
processing large volumes of data.
Australia’s Global RegTech Hub Poised for Growth
Like most businesses, local RegTechs have experienced disruption during the
COVID-19 pandemic. The biggest challenge has been an immediate reduction in
revenue. A contributing factor is the slowing of export opportunities,
following travel restrictions and the postponement of trade events.
Nonetheless, Australian RegTechs remain positive about future growth and
continue to seek growth capital to fund product development, talent
acquisition and market expansion. The pandemic has accelerated a shift towards
remote working and digital interactions, increasing the risk of fraud and
financial crime, and focusing organisations on the importance of robust
cybersecurity. At the same time, Federal and State Governments are recognising
the potential of RegTech to efficiently and effectively solve regulatory and
compliance challenges, and to become a signature export for Australia. This,
combined with regulatory pressure for all regulated entities across a range of
industries to adopt RegTech, will create a strong platform for the sector to
excel. ... Collectively, these actions will help Australian RegTechs to scale,
creating local jobs, and supporting the export of Australian solutions.
Novel Online Shopping Malware Hides in Social-Media Buttons
The imposter buttons look just like the legitimate social-sharing buttons
found on untold numbers of websites, and are unlikely to trigger any concern
from website visitors, according to Sansec. Perhaps more interestingly, the
malware’s operators also took great pains to make the code itself for the
buttons to look as normal and harmless as possible, to avoid being flagged by
security solutions. “While skimmers have added their malicious payload to
benign files like images in the past, this is the first time that malicious
code has been constructed as a perfectly valid image,” according to Sansec’s
recent posting. “The malicious payload assumes the form of an html <svg>
element, using the <path> element as a container for the payload. The
payload itself is concealed utilizing syntax that strongly resembles correct
use of the <svg> element.” To complete the illusion of the image being
benign, the malicious payloads are named after legitimate companies. The
researchers found at least six major names being used for the payloads to lend
legitimacy: facebook_full; google_full; instagram_full; pinterest_full;
twitter_full; and youtube_full. The result of all of this is that security
scanners can no longer find malware just by testing for valid syntax.
Embedding Trust at the Core of Critical Infrastructure
Technology is no longer an extension of critical infrastructure, but rather at
the core of it. The network sits between critical data, assets, and systems,
and the users and services that leverage or operate them. It is uniquely
positioned not only to add essential visibility and controls for resiliency,
but also a well-placed and high-value target for attackers. Resiliency of the
network infrastructure itself is crucial. Resilience is only achieved by
building in steps to verify integrity with technical features embedded in
hardware and software. Secure boot ensures a network device boots using only
software that is trusted by the Original Equipment Manufacturer. Image signing
allows a user to add a digital fingerprint to an image to verify that the
software running on the network has not been modified. Runtime defenses
protect against the injection of malicious code into running network software,
making it very difficult for attackers to exploit known vulnerabilities in
software and hardware configurations. Equally important, vendors must use a
Secure Development Lifecycle to enhance security, reduce vulnerabilities, and
promote consistent security policy across solutions. All of this might sound
like geek mumbo-jumbo, but these are non-negotiables in today’s world.
Out on the edge: The new cloud battleground isn’t in the cloud at all
The big cloud providers are all pursuing similar paths to the edge, anchored
by the on-premises versions of their cloud infrastructure that have started
rolling out this year. AWS’ Outposts, which was built for use within customer
data centers, is also the foundation for AWS Local Zones and AWS Wavelength,
which are miniature versions of the cloud giant’s technology stack that live
in small, local data centers and telecommunications carriers’
point-of-presence facilities. The company says the experience it gained
building out its retail e-commerce business lends itself perfectly to edge
computing. “We already have more IoT devices connected to the cloud than any
other cloud provider by a large margin. We have to do that for ourselves,”
‘said AWS’ Vass. Customers can employ such Amazon inventions as AWS Greengrass
for IoT devices, AWS Snowball for storage and AWS Robomaker for development of
robotic devices using Lambda serverless functions “on a POP, in a Local Zone
and in the cloud, manage it all centrally and do decentralized execution,” he
said. Microsoft’s Azure cloud edge strategy uses a similar approach. Edge
Zones, which the company rolled out early this year, are essentially
scaled-down Azure data centers located within miles of a customer.
Is RPA the same as AI? What’s the Difference, and What Are the Use Cases?
.jpg?width=1824&name=thisisengineering-raeng-sbVu5zitZt0-unsplash%20(1).jpg)
RPA uses software robots to automate human actions in business processes that
involve interaction with digital systems. These actions are usually simple and
repetitive, which makes them prone to human error and can provoke a loss of
employees’ motivation and efficiency. Software robots and RPA on the other hand
bring notable benefits: accuracy (by minimizing human error), reliability (by
being always available and by reducing delay), traceability (by providing audit
trails and logs), and productivity (by increasing processing speed). A few
examples of use cases are automating orders, processing payroll, customer
onboarding, data validation, etc. ... Artificial intelligence “combines the
human capacities for learning, perception, and interaction [...] at a level of
complexity [and automation] that ultimately supersedes our own abilities.” It is
a spectrum of technologies (e.g., natural language processing, computer vision,
predictive modeling, data clustering, and many more) that opens new use cases
for businesses, as well as reduces entry cost for many existing business
problems that still require too much human intervention. ... In order to tackle
these use cases and leverage the benefits of AI in business, using a data
science and machine learning platform is a best practice. — it is the key to
successfully scaling AI projects and to bringing a robust data methodology to
all levels of the business.
When Is It Time to Retire Your Legacy System and Go Cloud?
When your tried-and-tested technology becomes unwieldy and impacts your bottom
line, upgrading is critical to fit the business. Let's say you're a construction
company that uses an obsolete legacy proof-of-delivery (PoD) system. The system
requires three full-time customer service specialists to manage the application
(e.g., find the right documents, send them over to customers, work with
invoices, and so on). Due to the use of old-school tech, making a single change
or adding a new feature is costly and time-consuming. On the other hand, the
risk of human error is high and can result in unhappy customers, overheads, and
delayed payments. Furthermore, customers call you to request their PoD, and the
number of monthly calls now exceeds 1,000 and requires a lot of manual labor.
This is a telltale sign that your traditional processes aren't effective which
badly affects your entire business. Creating a Cloud-based and easy-to-use PoD
portal would ensure maximum automation of all relevant processes, elimination of
customer calls or their reduction to the minimum, and significant time- and
cost-saving and increased efficiency.
Quote for the day:
"Anger and intolerance are the enemies of correct understanding." -- Mahatma Gandhi
