Latest Posts:
TheTechAgents
Category

Information Technology

Category
Information Technology

Business Conditions Prime for Open-Source Contributors in 2023 By Techagents

Companies that have established open-source program offices over the years now need more C-suite oversight to drive education, awareness, and use of open-source software. This open-source program sets the stage for an expanded role for officers.

Incorporating open-source technology gives organizations an ecosystem that expands the user base, resulting in loyalty and stickiness. It also brings with it the need for greater executive oversight of open-source initiatives. Staying on top of open-source security best practices is critically important, and disclosing and patching vulnerabilities is essential.

Javier Perez, Perforce’s chief open-source evangelist, sees a trend to drive open source in 2023. More organizations will realize that open-source software is critical to their operations and will move from consumers to participants with increased use and adoption for business-critical infrastructure.

All software now contains open-source components, but some companies don’t even know how much open source they use, he said.

More businesses are no longer the only consumers of open source. They are becoming active contributors, promoting and educating their engineering teams. Therefore, whether using completely open-source or commercial products with embedded open-source code, organizations need to pay more attention to their software license management.

How to do this requires a focus on the duties of open-source program offices. According to Perez, half of the organizations at the Software Summit run by Perforce have such executives.

“It’s becoming more popular and strategic. Talking about the strategy open-source projects companies are going to invest in,” Perez told LinuxInsider.

Threat Zones and the Role of the CISO

Despite the growing use of open source across all industries, ongoing malicious software supply chain attacks will slow open source adoption this year, warned Paul Speciale, chief marketing officer at data management firm Scality.

Malware and ransomware attacks have increased so much that the world is now infiltrated every few minutes, causing businesses millions of dollars in losses per incident and consuming untold IT cycles. He explained that we have seen security compromises in commercial software solutions, as seen in recent high-profile attacks.

“Open-source software dependency will become a growing threat vector, requiring enterprises to more carefully evaluate and test these technologies before deploying them on a large scale,” Special told LinuxInsider.


Eric Cole, a consultant at data security firm Theon Technology and former CIA professional hacker, suggested the focus this year would be on regulating the software, not unlike actions already taken by European governments.

“We will see a major shift in the CISO (chief information security officer) role, including increased hiring and firing of CISO positions,” Cole told LinuxInsider.

He predicted that the position would pivot to hiring more business-oriented individuals who can communicate with the board, rather than existing technical people who currently fill the role.

Integrated Offering Major OSS Citadel

A continued move toward modular software solutions will drive new adoption toward open source solutions in 2023, according to Moses Gutman, CEO and co-founder of machine learning operations platform developer ClearML.

MLOps teams should consider open-source infrastructure instead of being locked into long-term contracts with cloud providers. While organizations doing machine learning at hyper-scale can undoubtedly benefit from integration with their cloud providers, it forces these companies to work the way the provider wants them to work, he offered. .

“Open source provides flexible customization, cost savings, and efficiency. You can even modify open-source code to make sure it works exactly the way you want it to.” With this, it’s becoming a more viable option,” Gutman told LinuxInsider.

One of the factors slowing MLOps adoption is the overabundance of point solutions. That doesn’t mean they don’t work, he offered. But they may not integrate well together and leave gaps in the workflow.

Gutman said, “Because of that, I firmly believe that 2023 is the year the industry moves toward a unified, end-to-end platform built from modules that can be used individually and integrated seamlessly.” could.”

Open-source adoption in 2023

This year, it will become clear that open source is not just the domain of large enterprises like IBM, Google, Red Hat and Microsoft. It is now a necessity for every industry and small companies as well.

“We see a lot of banks now contributing directly to open source as they specialize. So, we see adoption across all industries. Many companies are becoming more receptive to open source and open source becoming more actively involved in maintaining and advancing the

Read More
By
Information Technology

New Research Shows Too Many Employees Value Trust Over Money By Techagents

According to new research released Tuesday, many employees and managers in the United States and United Kingdom value trust in the workplace more than financial compensation.

A survey of 500 workers and managers in the US and UK by Osterman Research for cybersecurity firm Cerbi found that nearly half of participants (47%) said they would take a 20% pay cut in exchange for higher trust by their employer.

Other characteristics the researchers found highly prized by employees included flexibility (48%), autonomy (42%), and being able to choose the applications needed to work effectively (39%).

The State of Employee Trust Report by Osterman and Cerby examines the impact of zero-trust principles that many companies are increasingly adopting as a solution to their cyber security needs as a result of the use of “unmanageable applications” by workers and managers.

“Apps are closely linked to the level of employee engagement and empowerment. If employers try to block apps, which they often do, it negatively affects trust,” in San Francisco said Matt Chiodi, chief trust officer at Cerbi, a zero-trust architecture provider for unmanaged applications located at .

“Sixty percent of employees said that if an application they want is blocked, it negatively affects how they feel about the company,” Chiodi told TechNewsWorld.

“The answer is not for employers to block these apps, but to find solutions that allow these unmanageable apps to be managed,” he said.

fret over control

Security teams resent the use of unmanaged applications, also known as shadow IT, for a number of reasons. “Employees come and go. An organization can end up with thousands of unused credentials accessing its resources,” explained Szilwezter Szebeny, CISO and co-founder of Tresorit, an email encryption-based security solutions company in Zurich.

“With a mountain of passive access, hackers are bound to find something that will go unnoticed and pave the way for them to infiltrate the organization through lateral movement,” Szebeny told TechNewsWorld.

Unsupportable applications can put an organization at risk because it has no control over the security practices imposed on the programs’ development and management, said John Yoon, vice president of product strategy at ColorTokens, an autonomous zero-trust cybersecurity solutions provider in San Jose. Caliph.

“In addition, the organization has no oversight of the applications’ security update requirements,” Yoon told TechNewsWorld.

Without any control over the application, organizations can’t trust it with access to their environments, said Mike Parkin, a senior technical engineer at Vulkan Cyber, a provider of SaaS for enterprise cyber risk prevention in Tel Aviv, Israel.

“Letting employees choose the best tool for the job, especially when it’s running on their own device, is welcome,” Parkin told TechNewsWorld.

However, he stressed, “this requires some compromise with the organization choosing the application and the employees willing to give up if their preferred app is not on the approved list.”

Clearwater, Fla. Roger Grimes, data-driven defense evangelist at KnowBe4, a security awareness training provider in the U.S., took a hard look at the issue.

“It’s up to an organization’s cybersecurity risk managers to determine whether the risks incurred are worth the benefits,” Grimes told TechNewsWorld. “You don’t want the average end user to decide what is or isn’t risky for the organization any more than you want the average passenger flying an airplane.”

worth the risk?

The applications are considered unmanageable because they often don’t support common security measures, such as single sign-on and automatically adding or removing users, Chiody explained.

“It presents a risk to a business, but business users still need those applications,” he said. “Businesses need to find ways to get those applications to the point where they can be managed, so that those risks are reduced.”

Labeling applications unmanageable is misleading, says Marcus Smiley, CEO of Epoch Concepts, an IT solutions provider in Littleton, Colo.

“They’re built without support for modern, industry security standards, which makes them harder to monitor and secure,” Smiley told TechNewsWorld, “but means they can’t be managed like other applications.” , they can be managed in different ways. ,

“When unmanageable applications are being used, there is always some reason,” he said. “Many organizations need better communication between IT and employees to clarify company policies and the reasons behind them.”

“IT should also provide channels for requesting applications and be proactive in providing more secure options for problematic ones,” he added.

Smiley said that in some situations, allowing unmanaged applications with oversight is appropriate to ensure that best-identity-management practices and more secure configurations are implemented instead of less secure ones.

“Ultimately, there is no such thing as a risk-free cyber security strategy,” he added. “Every security program – even those that fall under zero trust – involves trade-offs between mission-critical business functionality, productivity and risk.”

balancing act needed

The safest approach is to have any application reviewed prior to adoption by an individual or team with cyber security expertise to identify any issues that may arise from the use of the software or service, ensure that Assuming the legal terms are acceptable, as well as a plan for ongoing maintenance, recommended Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz.

“Unfortunately, many organizations do not have the expertise or resources to properly assess these risks, resulting in the process not happening at all, or as bad, taking weeks or months,” Clements told TechNewsWorld. which hurts employee morale and productivity.” ,

“Balancing cyber security risk with employee needs is a practice that organizations need to take more seriously,” he said. “Allowing a Wild West approach will inevitably introduce cyber security risks. But on the other hand, being overly rigid can lead to choosing product or service solutions that heavily compromise usability and user convenience or completely Deny approval from.

“These can create frustration and lead personnel to leave the organization or actively subvert security controls,” he continued.

Misusing zero-trust principles can also add to that frustration. “Zero trust is for data, access, applications and services,” Chiodi argued. “But when it comes to building trust on the human side, companies should aim for higher trust. The two are not mutually exclusive. It’s possible, but there’s going to be a shift in how employers use security controls.”

“By giving employees technology choices, companies can show that they trust their employees to make technology decisions that help them do their jobs better,” says Allegro Solutions, a cybersecurity consulting company in West Hartford, Conn. Principal Karen Walsh said.

“By reinforcing it with education around the mindset of compromising,” they build a stronger relationship with the members of their workforce, Walsh told TechNewsWorld.

Read More
By
Information Technology

Schneider Electric ups the Ante on Smart Energy Management By Techagents

Significant scientific research recognizes that climate has affected humans and animals over the past decades. Reasonable people can, and should, argue about the severity effect level. But it is also logical to ask what the world can do to reduce the impact of climate change in a practical, cost-friendly and measurable way.

Schneider Electric is arguably the undisputed leader in the digital transformation of energy management. Equally important, few companies have a technology legacy, global credibility and authoritative reputation in energy and sustainability.

The 186-year-old company has stood firm in its view that access to energy and digital technology is a fundamental human right. To implement that vision, Schneider Electric offers a wide range of energy and automation digital products that help individuals, homeowners and businesses become more efficient and sustainable.

From a practical standpoint, Schneider Electric solutions – often integrated from a hardware, software and services standpoint – often appear in homes, buildings, data centers, infrastructure (such as airports) and industrial entities.

event on time

Last week, the company used its annual customer and partner event in Las Vegas, called the Innovation Summit, to announce several new offerings to its energy management business.

Interestingly, its timing could not be more surprising given the complexity of the current instability of the energy environment, which has sent raw material and energy prices to four-decade highs.

Schneider Electric's Energy-as-a-Service solution showcased at Innovation Summit 2022

Schneider Electric’s energy-as-a-service solution on display at Innovation Summit 2022 (Image credit: SmartTech Research)

Ultimately, the goal should be to remove significant sources of energy waste and emissions. The focus on smart grid deployment and simplifying building energy management, a historic Schneider Electric strength, are all decisive steps that could help take the environmental football to the field.

new eco-friendly solutions

With this as a backdrop, Schneider Electric used Innovation World to announce four new solutions that will help companies strategize, digitize and decarbonize their daily operations, accelerate sustainability goals, and address the current energy disaster. To provide necessary help and support. These capabilities seek to eliminate many of the world’s most potent greenhouse gases from energy-based infrastructure.

SM Airset

On the emissions front, the company announced the SM AirSat, a green, digital solution powered by air purifiers.

SM AirSat targets utilities and industries to reduce their environmental footprint and optimize their operation and maintenance.

EcoStruxure for Renewable Energy

Renewing its focus on the energy grid, the company is updating the legacy strategy of its Grid of the Future, Schneider Electric, to enhance the promise of clean, renewable energy.

The company’s new solution, Ecostructure for Renewables, is attractive as it pools new technologies and 21st century digital twin integrations to help renewable agriculture operators bring renewables to market faster.

It is innovative and reflects the much needed urgency in the market. This new capability utilizes digital continuity by combining hybrid power sources into the operations of farm operators.

Schneider Electric was one of the first companies committed to the belief that the world should reach a net-zero carbon emissions currency as soon as possible.

Ecostructure Energy Hub

The company’s new EcoStructure Energy Hub allows businesses to embrace their net-zero goals by facilitating energy awareness, compliance, optimization and performance.

Essentially, this solution is an easy-to-use and highly secure IoT SaaS (Software as a Service) offering that creates visibility into the energy and emissions profiles of installations and streamlines the management of building energy systems.

The solution was initially launched in the United States, but will be released in select countries during the remainder of 2022, with global availability in 2023.

ecocare

Finally, the Schneider Electric EcoCare program can be compared to a premium credit card-like concierge service for energy organizations. The offering aims to help customers leverage their energy and internal resources by accessing Schneider Electric’s expertise in electrical and industrial equipment, sustainability, mission-critical power, and digital and analytics competencies.

Furthermore, EcoCare is designed as an integrated, IoT-enabled bundle of professional 24/7 support, with a focus on deep insight into asset status and understanding efficiency and potential sustainability enhancements.

Analyst Tech

Before we finish, take a quick look at several demos at Schneider Electric’s Innovation Summit:

There is no doubt that the global economy is facing unprecedented changes in the energy sector. While climate change and decarbonization targets are the main drivers of this change, energy security and independence concerns also play a powerful role.

With these announcements, Schneider deserves credit for playing the key role behind the goal of making electric energy more electric and perhaps more importantly digital. Often described as the power 4.0 phase in the energy sector, the digitization component of Schneider Electric’s strategy is a challenge for the industry as a whole.

However, the Innovation Summit was not just about innovative and much-needed solutions. Perhaps what struck me most during the event were the eloquence, humility, and common-sense commentary from Jean-Pascal Tricoire, CEO and President of Schneider Electric, and Amir Paul (pictured above), the company’s North America was the chairman of.

The two officials spoke passionately about the urgency needed to confront the world’s current “triple” crises – energy, economic and climate – facing global governments.

Schneider Electric CEO Jean-Pascal speaking at the Trichore Innovation Summit 2022

Jean-Pascal Trichoir, CEO of Schneider Electric, speaking at the Innovation Summit 2022 (Image credit: SmartTech Research)

Refreshingly, the company also believes that the investment costs needed to pivot the world to more sustainable and energy-efficient sources must be affordable. This need is extremely important and cannot be dismissed. After all, the energy sector includes many legacy companies with aggressive bottom lines where transformation costs play a significant role in how quickly they move.

Ultimately, governments need to hit the accelerator by removing, or at least dramatically reducing, the bureaucracy involved from regulatory perspectives so that these new technologies and solutions can be implemented friction-free, a The general theme that pervades many keynote presentations.

This was a common theme that pervaded the main presentations during the event. My recent experience installing EV chargers in my multi-residential condo building, while a single case, tells me that local governments have a long way to go.

closing thoughts

Schneider Electric propelled itself with enthusiasm, vision and passion during its Innovation Summit. The company has set a high benchmark for what the world needs to do to transform itself into a more sustainable and energy-efficient entity. The remaining question is whether the world’s economies are up to the challenge.

Read More
By
Information Technology

ESG Contrast Between Michael Dell and Elon Musk By Techagents

Elon Musk has said on record that the Environmental, Social and Governance (ESG) effort is “a scam” that has been “weaponized by fake Social Justice Warriors.”

Had we been back in the early 2000s, he would have been right. At the time, Dell’s ESG plan was to plant one tree for each compliance sale. Institutions that carried out ecotourism-based social justice programs were infamous for supporting those who paid them and punished them, with little effect on real sustainability.

But that was then, and now companies like Dell, HP and Lenovo report billions of dollars in additional sales due to actual ESG efforts. These efforts are having a significant impact on the amount of waste that is thrown back into the environment.

What I find ironic is that two CEOs Musk, whose Tesla and Hyperloop efforts benefit from the world’s focus on sustainability, seem to be anti-sustainability, while Michael Dell, where ESG is a natural fit for his company. Sales is not the driver, protection of the planet is everything.

Let’s compare these two CEOs’ focus on sustainability this week, and we’ll close out with our new favorite part of Office 365, Microsoft Designer, the DAL-E2-focused, AI-powered solution that’s my product of the week.

Tech’s ESG focus lacks irony

Last week, Dell held an after-dell Technologies World event to address any questions the press and analyst communities might have.

Dell was recently ranked the most preferred workspace, followed by neither Apple, nor Amazon, nor Facebook — all of which didn’t even make the rankings, and one of which is experiencing a massive increase in union activity. Amazon and Facebook are newer than Dell, and more popular with Apple users, and yet those three are anything but employee-friendly, especially after the pandemic.

It’s also fascinating that none of Elon Musk’s various companies made that list, but again Musk has a reputation for treating employees poorly. During the pandemic, he resisted safety directives from California and has since moved his headquarters to Texas, which comes down to California in employee care and sustainability efforts. Musk clearly has his priorities, and he puts employee care and consistency down to where most big tech companies do.

Now it Not there Ironically, tech companies are all about metrics, and they measure almost everything. Dell has been particularly aggressive in implementing metrics over the years and reflecting what was important to stakeholders (employees, customers, partners, investors) and driving policies that would benefit them.

Why is Musk’s lack of ESG focus ironic?

Hyperloop, and Tesla in particular, has a close relationship with sustainability because governments’ focus on eliminating fossil fuel use and improving sustainability has created huge opportunities for electric car sales and for people at large like the Hyperloop. Justification has been created.

Conventional wisdom would suggest that, even if this isn’t real, Musk will be a huge supporter of ESG efforts as he supports the approval of projects like the Hyperloop and the sale of electric cars. Furthermore, with those particularly interested in electric cars, buyers are big believers in the “S” of sustainability and are more likely to invest in solar power, as with Tesla’s Solar City subsidiary.

When the first truly next-generation electric cars hit the market in 2024, Tesla will face unprecedented competition. Buyers will not only have a wider choice of electric vehicles, but will also choose the companies they support. Given their interest in sustainability, they are more likely to choose a green company.

Starting with BMW, a firm that has emerged as the most technology-forward in the car industry, many companies are already greener than Tesla. To be clear, Tesla should lead on ESG, and instead, it lags miserably in this practice, suggesting Tesla buyers should choose a greener brand regardless of sustainability.

This year, Musk’s Twitter move has hurt Tesla stock, and Musk’s ways of dealing with employees who view his actions as negative, setting the bar for employee care and food, not to mention good governance We do.

In contrast, companies like Dell not only promote negative feedback but collect and use it to make better future decisions. Removing people who point out your mistakes usually ends badly because it destroys employee trust and support, even if the criticism is false, which was not the case with SpaceX.

wrapping up

What I find surprising is that both Michael Dell and Elon Musk are on record for believing climate change to be real and to protect mankind as one of the most important things to fight for. It’s just that Dell has moved aggressively to address the challenge by reducing consumption, assuring green energy sources, and building deeper sustainability projects like the Concept Luna.

Conversely, Musk thinks it shouldn’t be a priority for companies, even though they would benefit more from Dell because of subsidies and incentives related to their firms and their products.

I guess it comes down to how both men approach their jobs. Michael Dell takes his position seriously, is very focused, and judges on the data surrounding everything Dell Technologies does. Musk, by contrast, seems to be making decisions based on the moment and his gut, which hasn’t been working out well for him or his companies lately and, as I see it, bases his position on ESG. is formed.

Nothing makes Dell Technologies compete with Musk’s companies, and either can be a customer of the other. But as a provider, Tesla couldn’t comply with Dell’s ESG-focused supply network, while the ability to massively cut Dell’s operating costs should be visible to Musk’s companies.

In short, Dell’s focus and support for ESG is making the company more successful, while Musk’s opposite position only reinforces the idea that he has become a liability to his firms. If you are watching “House of the Dragon”, you are witnessing the death of a dynasty because of a lie that no one believes. The same problem is with Tesla’s stability. Once the true competition is revealed, I suspect it will be better for that firm than the young princess with a wandering eye in “House of the Dragon.”

Technical Product of the Week

DALL-E 2 . with Microsoft Designer

One of the biggest problems for many of us is finding a suitable open-source picture or figuring out how to pay for an image that is not in the public domain.

Many of us create our own web pages or try to create illustrations to go with a paper or powerpoint presentation. Often, the result is useless. When I was working for large companies, executives with access to graphic designers were often considered more competent than others who didn’t, regardless of the quality of their work.

OpenAI’s DALL-E, now in its second generation, creates images from your related text. You describe what you want, and DALL-E makes it. Last week at Microsoft Ignite, Satya Nadella announced that DALL-E 2 would be embedded in a new addition to Office 365 called Microsoft Designer.

The tool uses a combination of text-to-image AI technology and nested menus to help you quickly create an image, presentation page, or professional-looking ad in a fraction of the time it takes a graphics designer to spin up So to receive.

This kind of solution has been my dream since childhood. I can imagine and describe a picture I want to make, but even though my mother and first stepmother were artists, I still can’t make a picture to save my life.

Sadly Microsoft Designer isn’t available yet, although I signed up to be an early user here. I hope the designer sets the tone for AI updates on other Microsoft products.

Imagine that your PC writes a paper based on your outline or Excel creates a spreadsheet template or form based on the details of what you want. I expect the new “killer feature” in Office to do most of the heavy lifting for the platform once you figure out what you want.

Granted, many people struggle with how to communicate what they want. Therefore, learning Boolean logic for searching the web, building up your ability to make precise descriptions of what you want, will be an important future skill for success.

Finally, Microsoft Designer with DALL-E 2 was my favorite announcement during Microsoft Ignite last week, and it’s my product of the week.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

Read More
By
Information Technology

Zero Trust SIM enhances BYOD protection By Techagents

For years companies have been allowing their employees to mix business and pleasure on their mobile devices, a move that has raised concerns among cybersecurity professionals. Now a network security organization says it has a way to secure personal mobile devices that could allow cyber warriors to sleep less comfortably.

Cloudflare on Monday announced its Zero Trust SIM, which is designed to secure every packet of data except mobile devices. Once installed on a device, the ZT SIM drives network traffic from the device to Cloudflare’s cloud, where its zero trust security policies can be applied to the data.

According to a company blog written by Cloudflare Director of Product Matt Silverlock and Innovation Head James Allworth, by combining software layer and network layer security through ZT SIM, organizations can benefit from:

  • Preventing employees from visiting phishing and malware sites. DNS requests leaving the device can automatically and implicitly use the Cloudflare Gateway for DNS filtering.
  • Reducing common SIM attacks. An eSIM-first approach could prevent SIM-swapping or cloning attacks, and could bring similar security to physical SIMs, by locking SIMs to individual employee devices.
  • rapid deployment. eSIM can be installed by scanning the QR code with the mobile phone’s camera.

distrust of personal devices

“A lot of organizations don’t trust the tools they’re managing to access sensitive corporate data because of it,” said analyst Charlie Winkless, senior director at Gartner.

“Most of us are a little less careful with our personal devices than with our business tools,” he told TechNewsWorld. “There are also fewer controls on a personal device than a business device.”

“The Zero Trust SIM is a way to try to allow some of those individual devices to take control of the corporate network as they connect.”

With a distributed workforce, the classic hub-and-spoke model for security has become obsolete, explained Malik Ahmed Khan, an equity analyst at Morningstar in Chicago.

“So, you have employees across the country accessing company resources with a mobile device sitting in their home,” he told TechNewsWorld. “How do you secure their access? That’s a big question for firms to answer.”

The answer to that question for many organizations is installing software agents on their employees’ phones as part of a mobile device management (MDM) system, which can rank employees.

“It’s inherently difficult to protect anyone’s personal equipment because owners don’t want their equipment to be managed by someone else,” said Roger Grimes, a data-driven defense campaigner at KnowBe4, a security awareness training provider in Clearwater, Fla.

Khan said adoption will be a significant challenge for Cloudflare. “There are two degrees of believing that needs to happen,” he said. “First, Cloudflare needs to convince firms to take it and second, firms need to convince their employees to use eSIM.”

hardware limitations

Grimes said there are other roadblocks facing organizations dealing with BYOD. “Phone operating systems simply don’t come with the complexity that is needed to enable and implement the methods that are typically applied to regular computers,” he told TechNewsWorld.

“For example,” he continued, “it is very difficult to implement patching so that phones and all their apps are up to date. Many times a phone’s OS will only be patched if the phone’s network provider, such as Verizon or AT&T, Decides to push the patch.

“The user can’t just click on an update feature and get a new patch, unless the phone vendor has approved it and decided to allow it to be installed,” he said.

When considering an eSIM solution, it’s important to know what it does and doesn’t do, observed Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz.

“Cloudflare’s use of eSIM links the mobile device’s cellular data connection to Cloudflare’s network, where malicious domains or sites not approved by the organization’s policies cannot be blocked,” he told TechNewsworld.

“There are also capabilities for logging connections going over cellular data networks that companies typically are not able to monitor,” he said.

MDM complications

He continued, however, that there is no end-to-end encryption and that blocking and logging is limited to cellular data connections only. For example, Wi-Fi data connections are unaffected by eSIM offerings.

CloudFlare’s eSIM solution may be cheaper and simpler than deploying a full mobile device management solution and a whole network VPN that covers both Wi-Fi and cellular data connections, but it offers the same level of control and security of those solutions. does not do.” Told.

“The ability to reduce user account hijacking by preventing SIM swapping to intercept multifactor authentication codes is useful, but in reality, implementing MFA via SMS codes is no longer a best practice,” he said.

Khan pointed out, however, that there are problems with the agent-based solutions that ZeroTrust SIM has to offer. “The problem with these deployments is that they require the user to deep dive into their device’s settings and enable them to accept a bunch of certificates and permissions for the agent,” he explained.

“While it is very easy to do this on a company-issued laptop or mobile device – since the agent will be pre-configured – it is quite difficult to do it on BYOD, as the employee cannot set things up properly leaving the endpoint still partially exposed,” he said.

“Imagine having an IT security team for a firm with thousands of employees and each of them trying to follow a series of steps on their individual devices,” he continued. “It can be a nightmare, logically speaking.”

“Furthermore,” he said, “there may be a problem with updating agents uniformly and constantly asking employees to stay on the latest operating system.”

mobile headache

In addition to the ZT SIM introduction, Cloudflare also announced its Zero Trust program for mobile operators, which is designed to give mobile carriers the opportunity to give their customers access to Cloudflare’s Zero Trust platform.

“When I talk to CISOs I hear over and over again that effectively securing mobile devices at scale is one of their biggest headaches,” Cloudflare co-founder and CEO Matthew Prince said in a statement. , it’s a flaw in everyone’s deployment of Zero Trust.

“With Cloudflare ZeroTrust SIM,” he said, “we will offer the one-stop solution to secure all device traffic, helping our customers plug this hole in their ZeroTrust security posture.”

However, how the market will react to this solution remains to be seen. “I haven’t heard Gartner customers asking for this,” Winkless said. “Maybe they’ve seen something I haven’t seen. So, we’re going to see if this is an answer to a question that no one needs to answer or a transformative way of providing security.”

Read More
By
Information Technology

Coding Vulnerabilities, Linux Growth, FOSS Friction Cap Summer Highlights By Techagents

As IT workers continue their arduous job of protecting network users from the bad guys, some new tools could help stem the tide of vulnerabilities that continue to add up to open source and proprietary software.

Canonical and Microsoft reached a new agreement to keep their two cloud platforms running well together. Meanwhile, Microsoft apologized to open-source software developers. But BitLocker made no apology for shutting down Linux users.

Let’s take a look at the latest open-source software industry news.

New open-source tool helps devs spot exploits

Vulnerability software platform firm Resilien announced on August 12 the availability of its new open-source tool MI-X from its GitHub repository. The CLI tool helps researchers and developers quickly know whether their containers and hosts are affected by a specific vulnerability to shorten the attack window and create an effective treatment plan.

Yotam Perkal, director of vulnerability research at Resilion, said, “Cyber ​​security vendors, software providers, and CISA are issuing daily vulnerability disclosures alerting the industry to the fact that all software is built with mistakes, which are often immediately detected. should be addressed.”

“With this flow of information, the launch of Mi-X provides users with a repository of information to validate the exploitability of specific vulnerabilities, creating greater focus and efficiency around patching efforts,” he added.

“As an active participant in the vulnerability research community, this is an impressive milestone for developers and researchers to collaborate and build together,” Perkle said.

Current tools fail to factor in exploitability as organizations grapple with critical and zero-day vulnerabilities, and scramble to understand whether they are affected by that vulnerability. It’s an on-going race to figure out the answer before the threatening actor.

To determine this, organizations need to identify a vulnerability in their environment and find out whether this vulnerability is indeed exploitable, for which there is a mitigation and treatment plan.

Current vulnerability scanners take too long to scan, don’t factor in exploit potential, and often miss it entirely. This is what happened with the Log4j vulnerability. According to Resilien, a lack of equipment gives threat actors plenty of time to exploit a flaw and do major damage.

The launch of Mi-X is the first in a series of initiatives to foster a community to detect, prioritize and address software vulnerabilities.

Linux thrives along with growing security crisis

Recent data monitoring of more than 63 million computing devices across 65,000 organizations shows that the Linux OS is alive and well within businesses.

New research from IT asset management software firm Lensweeper shows that even though Linux lacks the more widespread popularity of Windows and macOS, a lot of corporate devices still run the Linux operating system.

Scanning data from more than 300,000 Linux devices in approximately 26,000 organizations, Lensweeper also revealed the popularity of each Linux operating system based on the total amount of IT assets managed by each organization.

The company released its discovery on August 4, noting that around 32.8 million people worldwide use Linux, about 90% of all cloud infrastructure and nearly all of the world’s supercomputers are dedicated users.

Research by Lensweeper showed that CentOS is the most widely used (25.6%) followed by Ubuntu (20.8%) and Red Hat (15%). The company didn’t break down the percentages of users of many of the other Linux OS distributions in use today.

Chart showing Linux devices by company size

Lensweeper suggested that businesses exhibit a disconnect between using Linux for their enhanced security and proactively putting security processes in place.

Two recent Linux vulnerabilities this year — Dirty Pipe in March and Nimbuspun in April — plus new data from Lensweeper show that businesses are going blind when it comes to the security under their roof.

“It is our belief that the majority of devices running Linux are business-critical servers, which are desired targets for cybercriminals, and the logic suggests that the larger the company, the more Linux devices that need to be protected. ,” said Roel Decnett, chief strategy officer at Lensweeper.

“With so many versions and ways of installing Linux, IT teams are faced with the complexity of tracking and managing devices as well as trying to keep them safe from cyberattacks,” he explained.

Since its launch in 2004, Lensweeper has been developing a software platform that scans and inventory all types of IT equipment, installed software and active users on a network. It allows organizations to centrally manage their IT.

BitLocker, Linux Dual Booting Together Isn’t Perfect

Microsoft Windows users who want to install Linux distributions to dual boot on the same computer are now between a technical rock and a Microsoft hard place. They can thank the increased use of Windows BitLocker software for the worsening of the Linux dual-booting dilemma.

Developers of Linux distros are facing more challenges in supporting Microsoft’s full-disk encryption on Windows 10 and Windows 11 installations. The Fedora/Red Hat engineers noted that the problem is made worse by Microsoft sealing the full-disk encryption key, which is then sealed using Trusted Platform Module (TPM) hardware.

Fedora’s Anaconda installer cannot resize BitLocker volumes with other Linux distribution installers. The workaround is first resizing the BitLocker volume within Windows to create enough free space for the Linux volume on the hard drive. This useful detail is not covered in the often vulnerable installation instructions for dual-booting Linux.

A related problem complicates the process. The BitLocker encryption key imposes another deadly restriction.

To seal, the key must match the boot chain measurement in the TPM’s Platform Configuration Register (PCR). Using the default settings for GRUB in the boot chain for a dual boot setup produces incorrect measurement values.

According to the discussion of the problem in the Fedora mailing list, users trying to dual boot when attempting to boot Windows 10/11 are then left at the BitLocker recovery screen.

Microsoft, Canonical: A Case of Opposites Attract

Canonical and Microsoft have tightened the business knot connecting them with the common goal of better securing the software supply chain.

Both software companies announced on August 16 that native .NET is now available for Ubuntu 22.04 hosts and containers. This collaboration between .NET and Ubuntu provides enterprise-grade support.

Support lets .NET developers install the ASP.NET and .NET SDK runtimes from Ubuntu 22.04 LTS with a single “apt install” command.

Check out the full details here and watch this short video for updates:

Microsoft reverses open-source app sales ban

In what could be the latest case of Microsoft opening its marketing mouth to stumbling blocks, the company recently rattled software developers by banning the sale of open-source software in its App Store. Microsoft has since reversed that decision.

Microsoft had announced new terms for its App Store, effective July 16. The new terms state that not all pricing may attempt to profit from open source or other software that is otherwise generally available at no cost. Many software developers and re-distributors of free- and open-source software (FOSS) sell installable versions of their products at the Microsoft Store.

Redmond said the new restrictions would address the problem of “misleading listings”. Microsoft claimed that FOSS licenses allow anyone to post a version of a FOSS program written by others.

However, the developers pushed back, noting that the problem is easily solved in the same way regular stores solve it – through trademarked names. Consumers may disclose the actual sources of the Software Products from third-party re-packers with pre-existing trademark rules.

Microsoft has since accepted and removed references to open-source pricing restrictions in its store policies. The company clarified that the previous policy was intended to “help protect customers from misleading product listings”.

More information is available in the Microsoft Store Policies document.

Read More
By
Information Technology

Insecure machine identity latest enterprise IT security concern By Techagents

A new report from a privileged management firm (PAM) warns that IT security is getting worse as corporations become stuck deciding what to do and what it will cost.

Delinea, formerly Thycotic and Centrify, on Tuesday released research based on 2,100 security decision makers internationally, revealing that 84% of organizations have experienced an identity-related security breach in the past 18 months.

This revelation comes as enterprises are grappling with expanding entry points and more frequent and advanced attack methods from cybercriminals. It also highlights the gap between the perceived and actual effectiveness of security strategies. Despite the high percentage of accepted breaches, 40% of respondents believe they have the right strategy.

Several studies found that credentials are the most common attack vector. Delinia wanted to know what IT security leaders were doing to reduce the risk of attack. This study focused on learning about the adoption of privileged access management by organizations as a security strategy.

Key findings of the report include:

  • 60% of IT security decision-makers have been put off working on an IT security strategy due to multiple concerns;
  • Identity security is a priority for security teams, but 63% believe it is not understood by executive leaders;
  • 75% of organizations will fail to protect privileged identities because they refuse to receive the support they need.

ID security is a priority, but board purchases are critical

Leaving behind corporate commitment to actually take action is a growing policy many executives are following in relation to IT efforts to provide better breach prevention.

Many organizations are hungry to make change, but three quarters (75%) of IT and security professionals believe that promises of change will fail to protect privileged identities due to a lack of corporate support, according to researchers. .

The report noted that 90% of the respondents said that their organizations fully recognize the importance of identity security in enabling them to achieve their business goals. Nearly the same percentage (87%) said it was one of the most important security priorities for the next 12 months.

However, a lack of budget commitment and executive alignment resulted in a constant stall on improving IT security. Some 63% of respondents said that their company’s board still does not fully understand identity security and its role in enabling better business operations.

Chief Security Scientist and Advisor CISO Joseph Carson said, “While the importance of identity security is acknowledged by business leaders, most security teams will not receive the support and budget they need to provide critical security controls and resources to mitigate key risks.” A solution is needed.” in Delinia.

“This means that most organizations will be deprived of protecting privileges, leaving them vulnerable to cybercriminals searching for and abusing privileged accounts,” he said.

Lack of policies puts machine ID at great risk

Despite the good intentions of corporate leaders, companies have a long road ahead when it comes to protecting privileged identities and access. According to the report, less than half (44%) of organizations surveyed have implemented ongoing security policies and procedures for privileged access management.

These missing security protections include password rotation or approval, time-based or context-based security, and privileged behavior monitoring such as recording and auditing. Even more worrying, more than half (52%) of all respondents allow privileged users to access sensitive systems and data without the need for multifactor authentication (MFA).

Another alarming lapse has come to the fore in the research. Privileged identities include humans, such as domain and local administrators. It also includes non-humans, such as service accounts, application accounts, codes, and other types of machine identities that automatically connect to and share privileged information.

However, only 44% of organizations manage and secure machine identities. The majority leave them open and come under attack.

Graph: Delinea benchmarking security gaps and privileged access

Source: Delinia Global Survey of Cyber ​​Security Leaders

Cybercriminals look for the weakest link, Carson noted. Ignoring ‘non-human’ identities – especially when these are growing at a faster rate than human users – greatly increases the risk of privilege-based identity attacks.

“When attackers target machine and application identities, they can easily eavesdrop,” he told TechNewsWorld.

They move around the network to determine the best place to strike and inflict the most damage. He advised that organizations need to ensure that machine identity is incorporated into their security strategies and follow best practices when it comes to protecting all of their IT ‘superuser’ accounts, which could be compromised if , then the entire business could be put on hold, he advised.

The security gap is widening

Perhaps the most important finding from this latest research is that the security gap continues to widen. Many organizations are on the right track to secure and reduce cyber risk for business. They face the challenge that there still exist large security gaps for attackers to gain. This includes securing a privileged identity.

An attacker only needs to find a privileged account. When businesses still have many privileged identities left vulnerable, such as application and machine identities, attackers will continue to exploit and influence businesses’ operations in exchange for ransom payments.

The good news is that organizations realize the high priority of protecting privileged identities. The sad news is that many privileged identities are still exposed because it is simply not enough to secure a human privileged identity, Carson explained.

Not only is the security gap widening between business and attackers but also the security gap between IT leaders and business executives. While this is improving in some industries, the problem still exists.

“Until we address the challenge of communicating the importance of cyber security to the executive board and business, IT leaders will continue to struggle to obtain the resources and budget needed to close the security gap,” he said. warned.

cloud whack-a-mole

One of the main challenges to achieving identity is that mobility and the identity of the cloud environment are everywhere. According to Carson, this increases the complexity of securing identity.

Businesses are still trying to secure them with the current security technologies they already have in place today. But this results in many security gaps and limitations. He said some businesses fall short even by trying to check security identity with simple password managers.

“However, this still means relying on business users to make good security decisions. To secure identities, you must first have a good strategy and plan in place. This means knowing the types of privileged identities that exist in business. Understanding and using security technology that is designed to find and protect them,” he concluded.

Read More
By
Information Technology

Security pros lured by bug bounties by big pay days By Techagents

As criminal activity on the Internet continues to intensify, hunting bugs for cash is attracting more and more security researchers.

In its latest annual report, bug bounty platform Integrity revealed that there was a 43% increase in the number of analysts signing up for its services from April 2021 to April 2022. For Integrity alone, this means adding 50,000 researchers.

For the most part, it has been noted, bug bounty hunting is part-time work for the majority of researchers, with 54% holding full-time jobs and another 34% being full-time students.

“Bug bounty programs are tremendously successful for both organizations and security researchers,” said Ray Kelly, a fellow at WhiteHat Security, an application security provider in San Jose, Calif., which was recently acquired by Synopsis.

“Effective bug bounty programs limit the impact of serious security vulnerabilities that could easily have put an organization’s customer base at risk,” he told TechNewsWorld.

“Payments for bug reports can sometimes exceed six-figure amounts, which may seem like a lot,” he said. “However, the cost of fixing and recovering a zero-day vulnerability for an organization can total millions of dollars in lost revenue.”

‘Good faith’ rewarded

As if that weren’t incentive enough to become a bug bounty hunter, the US Department of Justice recently sweetened the career path by adopting a policy that said it would not enforce the federal Computer Fraud and Abuse Act against hackers, Who starred in “Good”. trust” when attempting to discover flaws in software and systems.

“The recent policy change to prevent prosecuting researchers is welcome and long-awaited,” said Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk prevention in Tel Aviv, Israel.

“The fact that researchers have, over the years, tried to help and find the right security flaws under a regime that amounted to ‘doing no good’ suggests that it takes them to do the right thing.” There was dedication, even if doing the right thing meant risky fines and jail time,” he told TechNewsWorld.

“This policy change removes a fairly significant obstacle to vulnerability research, and we can expect it to pay dividends quickly and without the risk of jail time for doing it for bug discoverers in good faith.” Will pay dividends with more people.”

Today, ferreting out bugs in other people’s software is considered a respectable business, but it isn’t always the case. “Basically there were a lot of issues with when bug bounty hunters would find vulnerabilities,” said James McQuigan, a security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla.

“Organizations will take a lot of offense to this, and they will try to accuse the researcher of finding it when, in fact, the researcher wanted to help,” he told TechNewsWorld. “The industry has recognized this and now email addresses have been established to receive such information.”

benefits of multiple eyes

Over the years, companies have come to realize what bug bounty programs can bring to the table. “The task of discovering and prioritizing weak, unintended consequences is not, and should not be, the focus of the organization’s resources or efforts,” explained Casey Ellis, CTO and founder of BugCrowd, which operates a crowdsourced bug bounty platform. Is.

“As a result, a more scalable and effective answer to the question ‘where am I most likely to settle’ is no longer considered a good one, but should be one,” he told TechNewsWorld. “This is where bug bounty programs come into play.”

“Bug bounty programs are a proactive way to spot vulnerabilities and reward one’s good work and discretion,” said Davis McCarthy, a lead security researcher at Valtix, a provider of cloud-native network security services in Santa Clara, Calif.

“The old adage, ‘Many eyes make all the bugs shallow,’ is true, because there is a dearth of talent in the field,” he told TechNewsWorld.

Parkin agreed. “With the sheer complexity of modern code and the myriad interactions between applications, it’s important to have a more responsible eye on looking for flaws,” he said.

“Threat actors are always working to find new vulnerabilities they can exploit, and the threats scene in cyber security has only gotten more hostile,” he continued. “The rise of bug bounties is a way for organizations to bring some of the independent researchers into the game on their side. It’s a natural response to an increase in sophisticated attacks.”

Bad Actor Reward Program

Although bug bounty programs have gained greater acceptance among businesses, they can still cause friction within organizations.

“Researchers often complain that even when firms have a coordinated disclosure or bug bounty program, a lot of pushback or friction exists. Archie Agarwal, founder and CEO of ThreatModeler, an automated threat modeling provider in Jersey City, NJ “They often feel slighted or pushy,” he said.

“Organizations, for their part, often get stuck when presented with a disclosure because the researcher found a fatal design flaw that would require months of concerted effort to rectify,” he told TechNewsWorld. “Maybe some prefer that these kinds of flaws will be out of sight.”

“The effort and expense of fixing design flaws after a system has been deployed is a significant challenge,” he continued. “The surest way to avoid this is by creating threat model systems, and as their design evolves. It provides organizations with the ability to plan for and deal with these flaws in their potential form, proactively.” does.”

Perhaps the biggest proof of the effectiveness of bug bounty programs is that malicious actors have begun to adopt the practice. The Lockbit ransomware gang is offering payments to those who discover vulnerabilities in their leaked website and their code.

“This development is novel, however, I suspect they will get many takers,” predicts John Bumbaneck, principle threat hunter at Netenrich, a San Jose, Calif.-based IT and digital security operations company.

“I know that if I find a vulnerability, I’m going to use it to jail them,” he told TechNewsWorld. “If a criminal finds someone, it must be stealing from them because there is no respect among ransomware operators.”

“Ethical hacking programs have been hugely successful. It is no surprise to see ransomware groups refining their methods and services in the face of that competition,” said Casey Bisson, head of product and developer relations at BlueBracket, Menlo Park, Calif. A cyber security services company in India.

He warned that attackers are increasingly aware that they can buy access to the companies and systems they want to attack.

“It involves looking at the security of their internal supply chains every enterprise has, including who has access to their code, and any secrets therein,” he told TechNewsWorld. “Unethical bounty programs like these turn passwords and keys into code for whoever has access to your code.”

Read More
By
Information Technology

Cognitive skills for engineering success By Techagents

Lately I’ve been thinking a lot about what to do. There are a couple of reasons for this.

First, doing it well is a prerequisite for developing any credible expertise in any kind of computer science or engineering discipline. With the right mental toolset, you can bootstrap knowledge of any subject matter you might need.

Second, in my experience, it is the aspect of computer science and engineering that gets the least attention. There is a real influx of online training resources. But most of them cut the nuts and bolts right in order to acquire a basic qualification with software tooling to qualify someone for the job. This is understandable up to a point. If you’ve never programmed before, the skill you immediately feel lacking is programming language use. In such a situation, it is natural to attack him directly.

But while it’s not as exciting as rolling up your sleeves and saying “hello” to that world, taking the time to learn, and how to solve problems that can’t be solved by hard coding, will in the long run. Running will pay.

Will outline what I have found to be the most essential cognitive skills contributing to engineering success.

Your harshest critic should be your thinking

The primacy of critical thinking is such a clichéd aphorism that most of the people I inspire to investigate become addicted to it. This should not lead anyone to mistakenly believe that it is not inevitable, however.

Part of the problem is that it is easy for those who advocate critical thinking to assume that their audience knows what it is and how to do it. Ironically, this notion itself can benefit by going through some critical thought.

So, let’s go back to basics.

Wikipedia defines critical thinking as “the analysis of available facts, evidence, observations, and arguments for decision-making”. What do the words carrying the most weight mean here? “Fact,” “evidence,” and “observation” are related, because they all try to establish in their own way what we believe to be true.

“Facts” are usually first (usually) proven by other people whose understanding we trust. “Evidence” is made up of specific measured results listed by you or other trusted persons. “Observations” refer to those made by the critical thinker himself. If these, too, were events that others (and not theorists) had witnessed, how would this be meaningfully different from “evidence”?

The “logic” is weird here, but for good reason. That’s where “thinking” (logic in particular) really starts to do its heavy lifting. “Logic” describes how the thinker makes rational determinations that point to additional knowledge based on the interplay of facts, evidence, and observations.

The most important word of the definition is “decision”. Critical thinking is not necessarily related to trying to prove new truths. Critical thinking only requires that consideration of all of the foregoing yields some overall idea of ​​what is under consideration.

These decisions are not absolute, but may be probabilistic. As long as the result is that the entity being considered has been “judged” and the decision holds for all available information (not just the one that leads to the desired conclusion), then the critical thinking exercise is complete. It is done.

medical procedure

I doubt if that’s what most people mean when they say “critical thinking”. What really matters, however, is whether you practice critical thinking yourself. Funny enough, the way to evaluate whether you think critically… is to think about it critically. Meta, I know, but you have to go there.

In fact, what we’ve just done in posing these questions is a kind of critical thinking. I have my own penchant for critical thinking, which is to ask, “Why is X like this?” As I understand it, what elements acted upon, or must have acted on, X, and are those elements manifesting or producing the effect in other ways I suspect? This is helpful because it acknowledges that nothing exists in a vacuum, which helps ensure that you account for all available facts, not just obvious facts.

With a working understanding of the practice of critical thinking, get into the habit of using it to sieve reasonably valid reality from perceived reality. Try not to believe anything to be true until you have verified it through this process. Does the given statement match with the other facts you have on the matter? Is it appropriate? Does it make sense given the context?

I don’t need to tell you how valuable working with a computer is. I shouldn’t because now you (if not before) are able to figure it out for yourself.

try before you cry

This is something that has appeared in my other pieces, but which deserves to be reiterated here in the interest of completeness.

We all need help sometimes, but your coworkers will expect you to try to solve the problem yourself first. Time is a scarce resource, so they want to know that they are spending their time wisely. Got you a google search away giving the same answer, probably not so. Also, if you’ve tried to solve it yourself, the person helping you can pick up where you left off. This lets them rule out a number of possible causes that take time to test.

You also never know whether your fellow engineers will be available or knowledgeable enough to help when you need it. What if you’re the only one who knows anything about the project you’re working on? Or what if you’re on such a tight deadline that you can’t wait for a response? Develop dependable problem-solving habits, because that’s what you ultimately have.

What exactly does it mean to be a troubleshooting process. Write down step-by-step basic diagnoses for the major types of problems you’re facing. Then run whatever diagnostics apply.

Prepare a list of reliable reference materials and consult them before asking questions. For each event it sends you to the user manual, keep track of where you saw it, and what was and wasn’t. Then, when it’s time to ask for help, compile the results of your diagnosis and excerpts from reference material, and present everything to whomever you ask. They will appreciate that you did.

Learn Skills, Not Factoids

Like every field, there are certainly facts you should remember. For example, your life as a developer will become easier if you memorize the syntax of conditional statement blocks in your go-to language.

Yet it is not as important as acquiring the skill set. For example, if you remember the syntax of your regular programming languages, you can go decently far. But what if you need to learn a module or an entirely new language that formats things differently? If instead you know what you need from reliable sources, it may take longer, but you will get the right answer no matter what software or language you are using.

The iterative and incremental design paradigm for software development is an example of a skill.

Here, “incremental” is related to modularity. This prompts the developer to break the overall project down into the smallest possible pieces, with each piece doing only one thing and operating as independently as possible (ideally not at all). Then the developer’s task is simply to build each piece one by one.

The “iteration” element means that the developer continues to build, edit, and test any component that works cyclically until it can work on its own. Till then no one is moving forward. It not only uses any language or builds an application, but also works completely beyond the scope of a computer.

This design philosophy is just one example of how a skill serves engineers better than a rote process, but many others exist. Figure out what your discipline needs are and feel comfortable using them.

Stop by the Bakery, You’ll Need Breadcrumbs

Write down everything Since writing notes is cheaper than ever, no one can stop you. If you prefer digital, basically you are free to write as much as you want. Open a word processor and see for yourself. If notebooks are your thing, a few bucks at an office supply store and you’re set.

Reading notes is also cheaper in terms of time spent than trying to find something on the web over and over again. There’s no reason for you to look at something twice as long as it hasn’t changed since the last time. It’s tempting to assume that you’ll remember something or don’t need it anymore. Don’t. If you do this, you will eventually be wrong, and it will take unnecessarily time to find it again.

Your notes are also the only place where you can customize what you learn to suit your needs. The web has no shortage of answers, but they may not be exactly what you need. If you take notes, you can improve your use case before recording the information.

The real trick with Notes is to have an organizational system. The only way to write things down is if you can’t find them again. Even if you’re an avid note taker, try a few note-taking techniques until you find one you like.

step up to the starting block

When running, you set yourself up for victory or defeat in your training. If you haven’t trained diligently, working extra hard won’t make any difference when the competition starts. That said, you still have to put it into practice on the track.

The cognitive skills I discussed are not even training, but your coach’s fitness regimen. I certainly don’t have an Olympic coach, but that doesn’t beat anyone. Training is now in your hands.

Read More
By
Information Technology

Ransomware biggest risk to supply chain in IT professionals’ minds By Techagents

Ransomware is the top supply chain risk facing organization today, according to a survey released Monday by ISACA, a consortium of IT professionals with 140,000 members in 180 countries.

The survey, based on responses from more than 1,300 IT professionals with Supply Chain Insights, found that nearly three-quarters of respondents (73%) said ransomware was a major concern when considering supply chain risks to their organizations .

Other major concerns include poor information security with physical or virtual access to information systems, software by suppliers (66%), software security vulnerabilities (65%), third-party data collection (61%) and third-party service providers or vendors. exercises were included. Code or IP (55%).

The increased concern about ransomware can be because it can take a double whammy for an organization.

“First, there is the risk of an attacker finding an attack path into an organization from a compromised vendor or software dependency, as we saw with the SolarWinds and Kasia attacks, which saw a large number of downstream victims travel through that supply chain. impressed,” Chris explained. Clements, vice president of solution architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz.

“Then there are secondary effects,” he continued, “where a ransomware gang can steal data stored on a third-party provider and attempt to take out both organizations by threatening to release it publicly if the ransom is not paid. Can do.”

“The other side of the coin is that a ransomware attack on an organization’s supply chain can cause significant operational disruption if the third party it depends on is unable to provide services because of a cyberattack,” he told TechNewsWorld. .

leader ignorance

Those attacks on the software supply chain can have a ripple effect on the physical supply chain. Eric Krone, security awareness advocate for KnowBe4, a security awareness training provider in Clearwater, Fla., said, “Ransomware contributes to significant disruptions in the already taxing supply chain when the systems that manage the creation and delivery of goods and services are compromised. is taken offline.”

“This could affect the ordering and tracking of inventory of materials needed to make the item, could affect the tracking of the status of items needed to fill orders and could cause problems with customers receiving materials, their could create shortages for customers,” he told TechNewsWorld.

“In a world of on-time order fulfillment, any delay can affect the supply chain, affecting more and more people along the way,” he said.

Nearly a third of the IT professionals surveyed (30%) disclosed that the leaders of their organizations did not have an adequate understanding of supply chain risk. “The fact that it was only 30% was somewhat encouraging,” ISACA Board of Directors Rob Clyde told TechNewsWorld. “A few years ago this number would have been much higher.”

“I think a lot of ignorance comes from underestimating the number of dependencies and their criticism of how an organization operates,” Clements said.

“These third-party tools, by their nature, often require administrative rights for many, if not all, of the customer’s devices they interact with, meaning that only one of these vendor’s agreements is for their customer. Might be enough to completely compromise the atmosphere.”

“Likewise, there is often an ignorance of how much organizations rely on third-party vendors,” he adds, “most organizations do not have a ready-to-go fallback plan if a major provider such as their email The communications platform had to have an extended outage.”

pessimistic vein

Even in situations where leaders understand the risks to their supply chains, they will not make mistakes in terms of security. “In situations where companies have to choose between security and development, every time you see them choosing growth,” says Casey Bisson, head of product and developer relations for BlueBracket, a cybersecurity services company in Menlo Park, Calif. he said.

“It comes at the risk of their customers. It comes at the risk of the company itself,” he told TechNewsWorld. “But increasingly, we’re starting to see executives being held accountable for those choices.”

The ISACA survey also found a strong vein of pessimism among IT professionals about the security prospects of their supply chains. Only 44% indicated they had high confidence in the security of their organization’s supply chain, while 53% expected supply chain issues to remain the same or get worse over the next six months.

ISACA Survey Results Top Supply Chain Risks

Source: Isaka | Understanding Supply Chain Security Gaps | 2022 Global Research Report

One of the more surprising findings of the survey was that 25% of organizations said they had experienced a supply chain attack in the past 12 months. “I didn’t think it would be anywhere near that high,” Clyde said.

“While many organizations have experienced cyberattacks in the past 12 months, I didn’t think there would be many to blame for a supply chain problem. If we had asked this question many years ago, it would have been a much smaller number. , “They said.

Meanwhile, more than eight in 10 of tech experts (84%) said their supply chains needed better governance than they do now.

“It just doesn’t work the way we try to authenticate supply chain partners today,” said Andrew Hay, COO of Lares, an information security consulting firm in Denver.

“We either generate an arbitrary score based on external scan data and IP-based confidence or we try and force them to fill out 100 or more questions on a spreadsheet,” he told TechNewsWorld. “Neither accurately reflects how secure an organization is.”

need for auditing

Many factors come into play when trying to secure a supply chain, said Mike Parkin, a senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk prevention in Tel Aviv, Israel.

“Organizations only have full visibility into their own environments, which means they have to trust that their vendors are following best practices,” he told TechNewsWorld. “This means they are required to cover contingencies when a third party vendor breach occurs or has a build process that severely restricts the damages that can occur if it occurs.”

“It is even more complicated when an organization needs to deal with multiple vendors to compensate for shortages or disruptions,” he continued. “Even with the right risk management tools, it can be difficult to account for everything in play.”

Krone said there should be some trust in suppliers; However, if administration is extended to verify what organizations tell us, as opposed to relying on responses to a questionnaire, a system of auditing should be established.

“This will inevitably increase costs, something that many organizations work hard to keep as low as possible in order to remain competitive,” he said.

“While this may be easy to justify for critical government or military systems, it can be a hard sell for traditional suppliers,” he said. “To add to the challenges, it may be difficult or impossible to impose a regime on foreign suppliers of goods and materials. This is not an easy challenge to tackle and will remain a topic of discussion for a long time.

Read More
By