Software-Defined Vehicles: Onward and Upward
"SDV is about building efficient methodologies to develop, test and deploy
software in a scalable way," he said. AWS, through initiatives such as The
Connected Vehicle Systems Alliance and standardized protocols such as Vehicle
Signal Specification, is helping OEMs standardize vehicle communication. This
approach reduces the complexity of vehicle software and enables faster
development cycles. BMW's virtualized infotainment system, built using AWS cloud
services, is a use case of how standardization and cloud technology enable more
efficient development. ... Gen AI, according to Marzani, is the next and most
fascinating frontier for automotive innovation. AWS has already begun
integrating AI into vehicle design and user experiences. It is helping OEMs
develop in-car assistants that can provide real-time, context-aware information,
such as interpreting warning signals or offering maintenance advice. But Marzani
cautioned against deploying such systems without rigorous testing. "If an
assistant misinterprets a warning and gives incorrect advice, the consequences
could be severe. That's why we test these models in virtualized environments
before deploying them in real-world scenarios."
The End of Dashboard Frustration: AI Powers New Era of Analytics
Enterprises can tackle the workflow friction challenge by embedding analytics
directly into users' existing applications. Most applications these days are
delivered on a SaaS basis, which means a web browser is the primary interface
for employees' daily workflow. With the assistance of a browser plug-in,
keywords can be highlighted to show critical information about any business
entity, from customer profiles to product details, making data instantly
accessible within the user's natural workflow. There's no need to open another
application and lose time on task switching — the data is automatically
presented within the natural course of an employee's operations. To address
varying levels of data expertise, enterprises can take a hybrid approach that
combines the natural language capabilities of large language models (LLMs) with
the precision of traditional BI tools. In this way, an AI-powered BI assistant
can translate natural language queries into precise data analytics operations.
Employees will no longer need to know how to form specific, technical queries to
get the data they need. Instead, they can simply ask a bot using ordinary text,
just as if they were interacting with a human being.
The Intersection of AI and OSINT: Advanced Threats On The Horizon
Scammers and cybercriminals constantly monitor public information to collect
insight on people, businesses and systems. They research social media profiles,
public records, company websites, press releases, etc., to identify
vulnerabilities and potential targets. What might seem like harmless information
such as a job change, a location-tagged photograph, stories in media, online
interests and affiliations can be pieced together to build a comprehensive
profile of a target, enabling threat actors to launch targeted social
engineering attacks. And it’s not just social media that threat actors are
tracking and monitoring. They are known to research things like leaked
credentials, IP addresses, bitcoin wallet addresses, exploitable assets such as
open ports, vulnerabilities in websites, internet-exposed devices such as
Internet of Things (IoT), servers and more. A range of OSINT tools are easily
available to discover information about a company’s employees, assets and other
confidential information. While OSINT offers significant benefits to
cybercriminals, there is also a real challenge of collecting and analyzing
publicly available data. Sometimes information is easy to find, sometimes
extensive exercise is needed to uncover loopholes and buried information.
The Expanding Dark Web Toolkit Using AI to Fuel Modern Phishing Attacks
Phishing is no longer limited to simple social engineering approaches; it has
grown into a complex, multi-layered attack vector that employs dark web tools,
AI, and undetectable malware. The availability of phishing kits and advanced
cyber tools are making it easier than ever for novices to develop their
malicious capabilities. Stopping these attacks can be tricky, given how
convincing the websites and emails can appear to users. However, organizations
and individuals must be vigilant in their efforts and continue to use regular
security awareness training to educate users, employees, partners, and clients
on the evolving dangers. All users should be reminded to never give out
sensitive credentials to emails and never respond to unfamiliar links, phone
calls, or messages received. Using a zero-trust architecture for continuous
verification is essential while also maintaining vigilance when visiting
websites or social media apps. Additionally, modern threat detection tools
employing AI and advanced machine learning can help to understand incoming
threats and immediately flag them ahead of user involvement. The use of MFA and
biometric verification has a critical role to play, as do regular software
updates and immediate patching of servers or loopholes/vulnerabilities.
Infrastructure as Code in 2024: Why It’s Still So Terrible
The problem, Siva wrote, is”when a developer decides to replace a manually
managed storage bucket with a third-party service alternative, the corresponding
IaC scripts must also be manually updated, which becomes cumbersome and
error-prone as projects scale. The desync that occurs between the application
and its runtime can lead to serious security implications, where resources are
granted far more permissions than they require or are left rogue and forgotten.”
He added, “Infrastructure from Code automates the bits that were previously
manual in nature. Whenever an application changes, IfC can help provision
resources and configurations that accurately reflect its runtime requirements,
eliminating much of the manual work typically involved.” ... The open source
work around OpenTofu may point the way forward out of this mess. Or at least
that is the view of industry observer Kelsey Hightower, who likened the open
sourcing of Terraform to the opening of technologies that made the Internet
possible, making OpenTofu to be the "HTTP of the cloud," wrote Ohad Maislish,
CEO and co-founder of env0. "For Terraform technology to achieve universal
HTTP-like adoption, it had to outgrow its commercial origins," Maislish wrote.
"In other words: Before it could belong to everyone, it needed to be owned by no
one."
CISA mandates secure cloud baselines for US agencies
The directive prescribes actionable measures such as the adoption of secure
baselines, automated compliance tooling, and integration with security
monitoring systems. These steps are in line with modern security models aimed at
strengthening the security of the new attack surface presented by SaaS
applications. Cory Michal highlighted both the practicality and challenges of
the directive: "The requirements are reasonable, as the directive focuses on
practical, actionable measures like adopting secure baselines, automated
compliance tooling, and integration with security monitoring systems. These are
foundational steps that align with modern SaaS and cloud security models
following the Identify, Protect, Detect and Respond methodology, allowing
organizations to embrace and secure this new attack surface." However, Michal
also pointed out significant hurdles, including deadlines, funding, and skillset
shortages, that agencies may face in complying with the directive. Many agencies
may lack the skilled personnel and financial resources necessary to implement
and manage these security measures. "Deadlines, lack of funding and lack of
adequate skillsets will be the main challenges in meeting these requirements.
Data protection challenges abound as volumes surge and threats evolve
Data security experts say CISOs can cope with these changes by understanding
the nature of the shifting landscape, implementing foundational risk
management strategies, and reaching for new tools that better protect data and
quickly identify when adverse data events are underway. Although the advent of
artificial intelligence increases data protection challenges, experts say AI
can also help fill in some of the cracks in existing data protection programs.
... Experts say that what most CISOs should consider in running their data
protection platforms is a wide range of complex security strategies that
involve identifying and classifying information based on its sensitivity,
establishing access controls and encryption mechanisms, implementing proper
authentication and authorization processes, adopting secure storage and
transmission methods and continuously monitoring and detecting potential
security incidents. ... However, before considering these highly involved
efforts, CISOs must first identify where data exists within their
organizations, which is no easy feat. “Discover all your data or discover the
data in the important locations,” Benjamin says. “You’ll never be able to
discover everything but discover the data in the important locations, whether
in your office, in G Suite, in your cloud, in your HR systems, and so on.
Discover the important data.”
How to Create an Enterprise-Wide Cybersecurity Culture
Cybersecurity culture planning requires a cross-organizational effort. While
the CISO or CSO typically leads, the tone must be set from the top with active
board involvement, Sullivan says. "The C-suite should integrate cybersecurity
into business strategy, and key stakeholders from IT, legal, HR, finance, and
operations must collaborate to address an ever-evolving threat landscape." She
adds that engaging employees at all levels through continuous education will
ensure that cybersecurity becomes everyone's responsibility. ... A big mistake
many organizations make is treating cybersecurity as a separate initiative
that's disconnected from the organization’s core mission, Sullivan says.
"Cybersecurity should be recognized as a critical business imperative that
requires board and C-suite-level attention and strategic oversight." Creating
a healthy network security culture is an ongoing process that involves
continuous learning, adaptation, and collaboration among teams, Tadmor says.
This requires more thought than just setting policies -- it's also about
integrating security practices into daily routines and workflows. "Regular
training, open communication, and real-time monitoring are essential
components to keep the culture alive and responsive to emerging network
threats," he says.
What is serverless? Serverless computing explained
Serverless computing is an execution model for the cloud in which a cloud
provider dynamically allocates only the compute resources and storage needed
to execute a particular piece of code. Naturally, there are still servers
involved, but the provider manages the provisioning and maintenance. ...
Developers can focus on the business goals of the code they write, rather than
on infrastructure questions. This simplifies and speeds up the development
process and improves developer productivity. Organizations only pay for the
compute resources they use in a very granular fashion, rather than buying
physical hardware or renting cloud instances that mostly sit idle. That latter
point is of particular benefit to event-driven applications that are idle much
of the time but under certain conditions must handle many event requests at
once. ... Serverless functions also must be tailored to the specific platform
they run on. This can result in vendor lock-in and less flexibility. Although
there are open source options available, the serverless market is dominated by
the big three commercial cloud providers. Development teams often end up using
tooling from their serverless vendor, which makes it hard to switch.
How In-Person Banking Can Survive the Digital Age
Today’s consumer quite rightly expects banks to not merely support
environmental and sustainable causes but to actively be using those principles
within their work. Pioneers like The Co-operative Bank in the UK have been
asking us to help them in this area for more than two decades, and the
approach is spreading worldwide: We recently helped Saudi National Bank adopt
best sustainability practice. There is much more that banks can do to
integrate their digital and physical experiences in branch in the way that
retailers and casual dining spaces are now doing. Indeed, banks could look
more closely to hospitality for inspiration in many areas. ... There’s a
slightly ironic conundrum that banks and credit unions would do well to
consider: Banks don’t want branches, but they need them; customers don’t need
branches, but they want them. Unlocking the potential and value here is about
maintaining physical points of presence but re-inventing their role. They need
to become venues not for ‘lower order’ basic transactional activities, as
dominated their activity in the past; but for ‘higher order’ financial life
support for communities and individuals. It’s the latter that explains why
customers want branches even when there’s no apparent functional need.
Quote for the day:
"The only way to discover the limits
of the possible is to go beyond them into the impossible." -- Arthur C. Clarke
/dq/media/media_files/2024/12/25/the-cloud-back-flip.jpg)
