As businesses embrace fully-remote work, does company culture suffer?
Companies that still want to move to a fully remote workplace should consider
taking specific actions before doing so, according to Frana. Organizations
should:Find out how your staff feels about remote work. Send out a survey to see
which employees would want to work from home. Based on those results, you can
determine the level of flexibility your company might want to offer. Make sure
management is on board. One of the top factors in a remote work policy’s success
is how managers feel about it. Explain the benefits of remote work, such as
significant savings, the ability to attract and retain top talent from anywhere
in the world, and increased productivity. Be intentional about company
culture. One of the biggest challenges faced by remote teams is maintaining a
strong company culture. In addition to thoughtfully evaluating your current
workforce and deciphering what an effective remote-friendly business model looks
like, it’s imperative company leaders and managers act with intention and
prioritize culture.
Creating A Culture Of Cybersecurity
Businesses need to help their employees learn how to do things differently and
train them to think of security as a business priority. Researchers have found
that our working memory capacity is between three and five ‘chunks’ of
information. This number starts to decline in our 30s, so a safe working figure
is probably four chunks of information that the majority of your employees are
able to keep in their short-term memory at any point. What does this mean for
security? Basically, we need to keep things simple and easy to remember.
Factsheets and training days may have their place, but on their own they’re not
enough. Consider instead a strategy that uses a combination of continual
awareness testing and roleplaying worse-case scenarios, to make security
something that’s embedded as a mindset. ... CoEs act as sparring partners,
allowing businesses to test solutions and assumptions around products, services
and solutions. CoPs take this work to a larger audience, allowing employees to
form communities to keep them up to date on the latest threats and remind them
about their responsibility in keeping the network safe.
How Not to Waste Money on Cybersecurity
A common way enterprises waste money on IT security is by configuring their
security plans and budgets based on the latest cybersecurity trends and
following what other organizations are doing. “Each organization's security
needs will differ based on their line of business, culture, people, policies,
and goals,” says Ahmad Zoua, director of network IT and infrastructure at
Guidepost Solutions, a security, investigations, and compliance firm. “What
could be an essential security measure to one organization may have little value
to another.” Poor planning and coordination can lead to needless duplication and
redundancy. “In large organizations, we frequently see many products and
platforms that have the same or similar capabilities,” says Doug Saylors,
cybersecurity co-leader for technology research and advisory firm ISG. “This is
typically the result of a lack of a cohesive cybersecurity strategy across IT
functions and a disconnect with the business.” Organizations often layer
security products on top of each other year after year.
An Experiment Showed that the Military Must Change Its Cybersecurity Approach
Weis says the Pentagon needs to measure its networks’ suitability for combat
the same way it does for soldiers, sailors, tanks, and ships: through the
concept of military readiness. Such an approach would mean prioritizing the
biggest problems first, with second-tier or complicated ones set on slower
paths to fixing. “There's 'ready to fight tonight.' But if you are a carrier
strike group and you're deploying in three months, are you on a path to being
ready? You manage your readiness on a day-to-day basis and it's a function of
a whole bunch of things,” he said. “Do we have the right people? Are they
trained? Are they qualified, or deficient? Do we have the equipment?” But Weis
had to show that getting to a state of “readiness” in cyberspace is a matter
of constant testing and drilling, not filling out compliance forms. He needed
a safe space where he could understand readiness without exposing huge
problems to adversaries or taking essential naval networks offline. He went to
the Naval Postgraduate School, or NPS, in Monterey, California.
Bumpers in the bowling alley: the value of effective data management
According to John Peluso, chief product officer at AvePoint, a layered
approach to security is an important way for businesses to achieve this goal.
“The most direct thing that we have seen customers find value in – especially
in the case of a malware event like ransomware – is the ability to access
data,” he says. “The way to achieve this is by having a reliable business
continuity strategy. “This becomes more difficult when you consider the data
that is stored on someone else’s architecture – such as server content, cloud
services, or anything with a synchronisation capability – is less covered by
traditional enterprise data protection strategies. That’s new territory. While
many businesses may think that because they have outsourced the architecture,
they've also outsourced the responsibility, in some cases they haven’t.
Businesses are becoming increasingly reliant on cloud services, so they need
to be factored into the overall business continuity and resilience strategy.”
This reliance on cloud services has, in some ways, been driven by the swift
move to hybrid and remote working.
Feds Urge Healthcare Entities to Address Cloud Security
Most major healthcare organizations have become increasing dependent on
cloud-based services, says John Houston, vice president of privacy and
information security and associate counsel of integrated healthcare delivery
organizations at the University of Pittsburgh Medical Center, which includes
40 hospitals and 800 outpatient sites. This reliance is in large part due to
many IT vendors moving their services "exclusively to the cloud," he tells
Information Security Media Group. "As such, ensuring the security and
availability of cloud-based services - and associated information - is and
will remain one of UPMC's top priorities. "Unfortunately, such assurance can
be problematic for a variety of reasons, most notably being able to accurately
assess the cloud vendor’s security posture. Further, getting meaningful
contractual commitments is difficult - including financial coverage in the
event of a breach," Houston says. Benjamin Denkers, chief innovation officer
at privacy and security consulting firm CynergisTek, says he also thinks the
biggest threat involving cloud is when organizations are reliant on the third
parties and assume the environment is properly secured.
WebOps: A DevOps for Websites, but the Tools Let It Down
From an IT perspective, how is WebOps usually managed? According to Koenig, it
depends on what the relationship is between the IT and marketing departments.
In some cases, he said, the marketing department “earmarks budget to pay for
developers who are technically in IT, but are dedicated to Marketing’s
technology needs.” But in other cases, he’s seen “really strong central IT
organizations” in which IT takes the lead — and in those cases, they tend to
make use of their existing DevOps team and practices. In DevOps, CI/CD is a
common part of the workflow. I asked if that’s the case with WebOps too, and
if so how does CI/CD work in the web context? For static sites, Koenig
replied, testing is done during the build (typically after content is
updated). “The more challenging case is where people have content management,”
he said, “so you have a living piece of software that’s running your live
website, and that is connected to a database, it’s got some binary assets,
images, PDFs, what have you. So you have people using that in production to
post new content [but] you also want to be able to make design changes and add
functionality.”
Why Are Robots So Important To Farmers?
Robots have revolutionized agriculture in recent years by increasing crop
yields, decreasing labor costs, and simplifying the process of harvesting
crops. The widespread use of robots in farming can be attributed to their
ability to perform tasks that are either difficult or impossible for humans to
do, such as moving around in tight spaces or reaching high up into plants. As
a result of their increased efficiency and versatility, robots have become an
essential part of modern agriculture. They are used to plant, harvest,
package, and transport crops. They can also detect and avoid obstacles while
performing tasks, significantly reducing the chances of human injury or
equipment failure. In addition, robots are often equipped with sensors that
allow them to gather information about crops and environmental conditions to
optimize operations. Many plants are also resistant to insect damage or
diseases, so robots may be used to control the insects or pathogens that often
affect crops. Robots are also used in areas where humans cannot or would not
wish to work, such as space exploration and deep-sea operations.
Five ways augmented analytics is protecting business revenue
Making sure the right person has the right information, at the right time, can
be critical to a business. Suppose, for example, there’s an error in your app
that prevents users in a particular country from logging in. Initially it may
be just a drop in the ocean in terms of the company’s customer base, but over
time it could result in user churn and a loss in revenue. Augmented analytics
is able to identify such a problem early on from a minimal number of failed
attempts and immediately flag it for the person who can fix it. This avoids
lag time and sending messages to the wrong department, which are often
overlooked by someone who misses its significance. Augmented analytics means
potential revenue leaks can be plugged fast, and that means losses can be
minimised. ... Keeping a customer satisfied is never easy. Human behaviour is
hard enough to predict at the best of times. But augmented analytics can
transform the way companies find and fix issues that are turning customers
off. The technology identifies “hidden” trends, patterns and anomalies and
alerts organisations faster than those anomalies would otherwise appear on
traditional dashboards.
How Google Cloud blocked the largest Layer 7 DDoS attack at 46 million rps
The attack was stopped at the edge of Google’s network, with the malicious
requests blocked upstream from the customer’s application. Before the attack
started, the customer had already configured Adaptive Protection in their
relevant Cloud Armor security policy to learn and establish a baseline model
of the normal traffic patterns for their service. As a result, Adaptive
Protection was able to detect the DDoS attack early in its life cycle, analyze
its incoming traffic, and generate an alert with a recommended protective
rule–all before the attack ramped up. The customer acted on the alert by
deploying the recommended rule leveraging Cloud Armor’s recently launched rate
limiting capability to throttle the attack traffic. They chose the ‘throttle’
action over a ‘deny’ action in order to reduce chance of impact on legitimate
traffic while severely limiting the attack capability by dropping most of the
attack volume at Google’s network edge. Before deploying the rule in
enforcement mode, it was first deployed in preview mode, which enabled the
customer to validate that only the unwelcome traffic would be denied while
legitimate users could continue accessing the service.
Quote for the day:
"The final test of a leader is that he
leaves behind him in other men, the conviction and the will to carry on." --
Walter Lippmann
