August 17, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
We’re being overwhelmed by a tsunami of new foundational technology. Artificial intelligence (AI) is allowing computer systems to learn and solve problems that humans can’t. CRISPR is letting scientists edit genes and program DNA. Blockchain has brought new ways to think about money, contracts, and identity. The list of paradigm-shifting innovations goes on, and includes 3D printing, virtual reality, the metaverse, and civilian space flight. ...?“When a technological revolution irrupts in the scene, it does not just add some dynamic new industries to the previous production structure. It provides the means for modernizing all the existing industries and activities.” Let that sink in for a minute. We are in the midst of “modernizing all the existing industries and activities.” That means enormous, wrenching, society-overhauling change. We see it all around us. Part of society is racing ahead with cryptocurrencies, social media, AI, and on and on—while others fight to hold on to a way of life they’ve always known. So, divides widen in society and politics, and between rich and poor, and rising and falling nations.
In this new era of work, it's imperative for team members – from the CEO down – to have the ability to "read the virtual room" and have an understanding of what developers are thinking and feeling based on the tone and content of online interactions and conversations. Whether it’s Slack, Zoom, Teams or any other collaboration tool, it’s not the same as communicating face-to-face with someone who’s literally sitting at the same table. It’s possible to teach leaders the skills necessary to manage effectively in this environment, but we’re also seeing a rise of new and emerging leaders that are thriving because they place a priority on empathy and personal connections, even when most of the communication that takes place with their team members is digital. Paying attention to online social cues can help leaders determine if and when team members are stretching themselves too thin. Make no mistake, modern communication tools have helped make work more productive and efficient. But the best leaders are those who are able to analyze behavior on these tools so they can offer team members support when it’s needed most.
“Edge computing can create more complexity, and this can make securing the entire system more difficult,” says Jeremy Linden, the senior director of product management at Asimily. “Still, there is nothing inherently less secure about edge computing.” The big edge security risks should sound familiar – compromised credentials, malware and other malicious code, DDoS attacks, and so forth. What’s different is that these risks are now occurring farther and farther away from your primary or central environment(s) – the traditional network perimeter of yore is no longer your only concern. “Edge computing poses unique security challenges since you’re moving away from walled garden central cloud environments and everything is now accessible over the Internet,” says Priya Rajagopal, director, product management, Couchbase. The good news: Many of the same or similar tactics and tools organizations use to secure their cloud (especially hybrid cloud and/or multi-cloud) and on-premises environments still apply – they just need to be applied out at the edge.
领英推荐
“Data democracy” has been heralded as the answer to this rapid cycle of innovation—but it is not enough. These initiatives have noble intentions: Sharing data and information about how users interact with products widely should, in theory, help groups across the business—from marketing to IT—operate from the same source of truth to stimulate better insights and better results faster. In reality, however, data democracy fails to yield those conclusive answers and shared goals. Too much raw data is difficult and time-consuming for teams to interpret, especially as the flow of digital signals has surged, and lacks the context needed to draw conclusions about the best path forward. Instead, the data is so oppressively overwhelming to manage that departments either give up or derive inaccurate conclusions—neither of which helps drive sound decisions and productive partnerships. Rather, these conditions create a new source of frustration and inefficiency for many engineering teams: the entire organization has access to information ripe for misinterpretation, even as expectations for results grow more urgent.
Microsoft said its researchers have observed Seaborgium using stolen credentials to directly log in to victims' email accounts and steal their emails and attachments. In a few instances, the threat actor has also been observed configuring victim email accounts to forward emails to attacker-controlled addresses. "There have been several cases where Seaborgium has been observed using their impersonation accounts to facilitate dialogue with specific people of interest and, as a result, were included in conversations, sometimes unwittingly, involving multiple parties," ... As far as the disruption goes, the computing giant has now disabled accounts that Seaborgium actors have been using for victim reconnaissance, phishing, and other malicious activities. This includes multiple LinkedIn accounts. It has also developed detections for phishing domains associated with Seaborgium. F-Secure, which refers to the threat actor as the Callisto Group, has been tracking its activities since 2015. In a 2017 report, the security vendor had described Callisto Group as a sophisticated actor targeting governments, journalists, and think tanks in the EU and parts of eastern Europe.
Although adoption is low for now, the study also confirms potential growth in the industry with 62% of respondents saying their organization is actively evaluating use cases or has plans to implement DevSecOps. “As organizations adopt modern software development processes leveraging cloud platforms, they are looking to incorporate security processes and controls into developer workflows,” said Melinda Marks, senior analyst at ESG. “This research shows DevSecOps can be a game changer for companies, and there is no doubt we will see growing market traction over the next few years.” ... Companies believe that establishing a culture of collaboration and encouraging developers to leverage security best practices are nearly equal in importance to adopting DevSecOps tools. While it is common to anticipate cultural transformation to be a roadblock prior to adoption, those practicing DevSecOps report that technical limitations, such as data capture and analysis, are actually greater barriers to success.