Iconic Singapore hotel caught up in major data breach
The breach was first identified on 20 October, having begun a day previously
when an undisclosed third-party gained unauthorised access to the firm’s
systems. “Upon discovery of the incident, our teams immediately took action
to resolve it. Investigations have since determined that an unknown third party
accessed customer data of about 665,000 non-casino rewards programme members,”
MBS said in a statement. “Based on our investigation, we do not have
evidence to date that the unauthorised third party has misused the data to cause
harm to customers. “We do not believe that membership data from our casino
rewards programme, Sands Rewards Club, was affected. “After learning of the
issue, we quickly launched an investigation, have been working with a leading
external cyber security firm, and have taken action to further strengthen our
systems and protect data,” said the organisation. The compromised data is
understood to include names, email addresses, mobile phone and landline numbers,
countries of residence, and membership numbers and tier status. MBS is reaching
out to those affected.
8 ways to fix open source funding
Richard Stallman famously said, “Free as in speech, not as in beer.” Now, some
developers are creating licenses that don’t offer either senses of freedom—but
they’re still delivering just enough of the kind of openness that satisfies
their users’ curiosity. One version is the “free tier” that offers enough access
to test new ideas and maybe run a small, personal website while still charging
for more substantial use. Developers encounter no impediment when they’re just
experimenting, but if they want to start something serious, they need to pay.
Another example is the license that lets users read but not distribute. One
developer told me that he routinely lets paying customers get full access to the
code for audits or experimentation, but he does not release it into the open.
The customers get to see what they want, but they can’t undercut the company or
give away the software for free. These licenses deliver some of what made open
source popular without sacrificing the ability to compel payment.
Meet Your New Cybersecurity Auditor: Your Insurer
The current state of cyber insurance offers some actionable opportunities for
security decision-makers. First, don't underestimate the power of an accurate
cyber-insurance self-assessment, which is how cyber insurers judge organizations
during the auditing and claims processes. Current self-assessment surveys ask
surprisingly challenging questions and cover a wide set of fields from backups
to AD security to MFA. It is important not to treat this as a formality and to
ensure that information is entirely accurate; insurers are more than willing to
decline coverage and even sue if an enterprise falsely claims, for example, that
it has MFA protection across all its digital assets. ... Therefore, the second
step is for CISOs to prove they have the capability they have on those forms.
Luckily, this is a landscape familiar to seasoned CISOs. Creating and
maintaining detailed records, building reporting systems, documenting all
relevant business and security processes, and creating tamper-proof data for
cyber forensics are all possible with sophisticated cybersecurity tools.
Green data centres: Efforts to push sustainable IT developments
Green data centres are spearheading a transformative wave in the IT industry,
bringing substantial benefits to both businesses and the environment. From a
financial perspective, these eco-conscious facilities deliver remarkable cost
savings. By leveraging energy-efficient technologies and renewable energy
sources, companies can significantly reduce operational expenses. Innovative
solutions like data reduction technology and automated resource optimisation
further bolster these financial advantages. However, the influence of green data
centres extends far beyond financial gains. They play a pivotal role in
mitigating greenhouse gas emissions, actively contributing to the fight against
climate change. As data centres and communication sectors are anticipated to
account for up to 3.9% of global emissions, the adoption of renewable energy
sources and energy-efficient practices dramatically reduces their carbon
footprint. In doing so, green data centres are setting a commendable example for
other industries, driving the broader adoption of sustainable
practices.
The 3 key stages of ransomware attacks and useful indicators of compromise
Once hackers find key data, they will begin to download the actual ransomware
payload. They may exfiltrate data, set up an encryption key, and then encrypt
the vital data. IoCs at this stage include communication with a C2 server, data
movement (if the attacker is exfiltrating important data before they encrypt it)
and unusual activity around encrypted traffic. Detecting at this stage involves
more advanced security products working in unison. Model chaining different
types of analytics together is an efficient way to catch minor indicators of
compromise when it comes to ransomware because they gather context on the
network in real-time, allowing SOC teams to identify anomalous behavior when it
occurs. If a security alert is triggered, these other analytics can provide more
context to help piece together if and how a larger attack is occurring. But many
successful ransomware attacks will not trip antivirus at all, so assembling an
accurate picture of user behaviors and compiling the numerous indicators into a
coherent timeline is vital.
What's possible in a zero-ETL future?
ETL frequently requires data engineers to write custom code. Then, DevOps
engineers or IT administrators have to deploy and manage the infrastructure to
make sure the data pipelines scale. And when the data sources change, the data
engineers have to manually change their code and deploy it again. Furthermore,
when data engineers run into issues, such as data replication lag, breaking
schema updates, and data inconsistency between the sources and destinations,
they have to spend time and resources debugging and repairing the data
pipelines. ... Zero-ETL enables querying data in place through federated queries
and automates moving data from source to target with zero effort. This means you
can do things like run analytics on transactional data in near real-time,
connect to data in software applications, and generate ML predictions from
within data stores to gain business insights faster, rather than having to move
the data to a ML tool. You can also query multiple data sources across
databases, data warehouses, and data lakes without having to move the data. To
accomplish these tasks, we've built a variety of zero-ETL integrations between
our services to address many different use cases.
An Ethical Approach to Employee Poaching
The practice of employee poaching isn’t without risk, because it hurts companies
to lose good employees and relationships can get fractured. This is one reason
why many public sector organizations insist on notifying the organization that
could potentially lose an employee in advance of even scheduling an interview
with a job candidate from that organization. On the private sector side, there
are no such rules, but there is an etiquette for employee poaching that seems to
work. ... When it comes to poaching, your employees need to know about
tampering, too. It’s often employees who start the poaching process. They
develop relationships with employees in a partner organization, and it is
natural to want to work together. Nevertheless, there is a fine line between
just wanting to work together and a situation that escalates into aggressive
recruitment (and unacceptable tampering). The best practice is to remind
employees about tampering, and to explain what it is, so that employees don’t
actively recruit individuals from partner organizations without going through
proper channels.
Data Management for M&A: 14 Best Practices Before and After the Deal
After the deal is complete, you can begin executing your integration strategy.
You have already performed due diligence on the data landscape of both parties
of the merger, created the integration plan, and estimated the workload. The
steps and practices below do not have to be executed in the exact order or
completeness. They represent the best practices for ensuring data quality,
accessibility, privacy, usability, and transparency. You should start with the
activity that best corresponds to your data pains and business objectives. ...
After you have set the foundations for the effective use of data, you need to
focus on getting data into shape (and keeping it that way) for critical business
processes, reports, models, and data products. After all, to get real benefits
from the acquired data, it is necessary to integrate it. However, as we know,
88% of data integration projects fail or overrun their budgets because of poor
data quality
Keep it secret, keep it safe: the essential role of cybersecurity in document management
Solberg says security considerations should be an integral component of any
strategic assessment for document management. “For example, when identifying
the key objectives organizations may typically identify increased efficiency,
reduced costs, increased collaboration,” he says. “Given the significant cyber
risks organizations face in our rapidly digitized world, it's essential that
the organization also clearly articulate an objective to protect the data,
documents, and systems from the outset.” Security must also be incorporated in
the phases of the document management assessment, including the analysis of
the current state and the articulation of the roadmap, according to Solberg.
“The integration of cybersecurity in these phases not only helps to identify
the baseline compliance requirements that will inform the strategy but the
capabilities that the organization will need to meet those requirements,” he
adds. Security is a key enabler of success within any organization and has
become a top strategic priority for all successful Internet-connected
companies, says Jeffrey Bernstein
Many CIOs are better equipped to combat rising IT costs. Are you?
IT organizations can save substantial amounts on SaaS contracts by lowering
service levels, CIOs say. “Too often we pay for the tier above what we need,”
says McKee. But while Wiedenbeck did change service levels in one situation,
he urges caution. “It’s dangerous to get so focused on cost that you start
looking for ways to reduce it without better understanding the risks,” he
says. “On the flip side, we shouldn’t be so fearful of any risk that we
overpay for services and service levels. Inflation shouldn’t make us abandon
balance management of cost, risk, and value, [but] I do see it as a great
opportunity to revisit those areas and see if we’re willing to adjust that
balance.” Partnering with software vendors is another key to keep costs under
control. It should be a mutually beneficial relationship, CIOs say, so be
prepared for some give and take. “There’s typically more flexibility on
pricing if there’s added value that can found, for example, by introducing
other clients or integrating products together, creating a win-win situation,”
says McKee.
Quote for the day:
“Good manners sometimes means simply
putting up with other people's bad manners. ” --
H. Jackson Brown, Jr
