August 26, 2021
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
On the spectrum between passwords and biometrics lies the possession factor – most commonly the mobile phone. That's how SMS OTP and authenticator apps came about, but these come with fraud risk, usability issues, and are no longer the best solution. The simpler, stronger solution to verification has been with us all along – using the strong security of the SIM card that is in every mobile phone. Mobile networks authenticate customers all the time to allow calls and data. The SIM card uses advanced cryptographic security, and is an established form of real-time verification that doesn't need any separate apps or hardware tokens. However, the real magic of SIM-based authentication is that it requires no user action. It's there already. Now, APIs by tru.ID open up SIM-based network authentication for developers to build frictionless, yet secure verification experiences. Any concerns over privacy are alleviated by the fact that tru.ID does not process personally identifiable information between the network and the APIs. It's purely a URL-based lookup.
The progressive trends of Mobile edge computing and Cloudlets are diffusing edge-based intelligence in connected and more controlled enterprise systems. However, within the diversity of pervasive cyber-physical ecosystems, the autonomy of the discrete edge nodes would require gain in operational intelligence with minimum supervision. The emerging innovation in cognitive computational intelligence is revealing a great potential to introduce a contemporary soft computing-based algorithm, architectural rethinking, and progressive system design of the next generation of IoT systems. The cognitive IoT Systems crush the strong partition between the silos and interdependencies of software and hardware subsystems. The flexibility of the edge-native AI component is flexible enough to recognize the changes in the physical environment and dynamically adjust the analytical outcomes in real-time. As a result, the interaction between human-machine or machine to machine becomes more dynamic, interoperable, and contextual to the time and scope of any operation.
At some point it becomes untenable and inefficient to manage all these separate solutions. That point gets closer every day as teams have to deal with the complexities and identity management challenges of remote work. Siloed solutions also mean IT staff must monitor several different consoles and may not connect the dots when incidents are flagged on separate platforms. They also require complex and costly integration projects to get the functionality needed. And even then, they’ll likely still require manual oversight. Moving toward all-in-one security solutions can help replicate the sense of cohesion that once existed in on-premises network security along with new efficiencies. All-in-one solutions can share data across the different components, leading to better and more efficient function. And by adding new modules instead of products when new tools are needs, you eliminate the expense and complications of integration. Companies and individuals have already gotten used to paying for things like data, cloud storage and web hosting based on how much they use them.
领英推荐
The OnePercent group's ransom note directs victims to a website hosted on the Tor anonymity network where they can see the ransom amount and contact the attackers via a live chat feature. The note also includes a Bitcoin address where the ransom must be paid. If victims do not pay or contact the attackers within one week, the group attempts to contact them via phone calls and emails sent from ProtonMail addresses. "The actors will persistently demand to speak with a victim company’s designated negotiator or otherwise threaten to publish the stolen data," the FBI said. "When a victim company does not respond, the actors send subsequent threats to publish the victim company’s stolen data via the same ProtonMail email address." The extortion has different levels. If the victim does not agree to pay the ransom quickly, the group threatens to release a portion of the data publicly and if the ransom is not paid even after this, the attackers threaten to sell the data to the REvil/Sodinokibi group to be auctioned off. Aside from the REvil connection, OnePercent might have been tied to other ransomware-as-a-service (RaaS) operations in the past too.
One key reason an Agile transformation will fail is when all the focus is concentrated in just one of the three circles above. It is imperative that we consider these three circles like a Venn diagram and regularly monitor our operating presence. Ideally, we want to operate in all three circles, but it is hard to find balance. Suppose we are working in the mindset and framework circles and trying to build a perfect product with perfect architecture. Spending too much time making things perfect, we are likely to miss the market window, or run into financial difficulties. Similarly, if we operate in the mindset and business agility circles, for example, it could be great for the short term to get a prototype to market quickly, but we will be drowning in technical debt in the long run. Or, imagine that we operate in the framework and business agility circle to build a perfect hotel for our customers — we could miss the fact that they really need a bed-and-breakfast, not a hotel, by not considering the mindset circle. All three perspectives are essential, so to maximize the efficiencies, we need to keep finding the balance.
After all, as far as technology is concerned, none of us are beyond the need for further training and development. The McKinsey Global Institute has recently suggested that as many as 357 million people will need to acquire new skills in the next decade due to the predicted rise of artificial intelligence and automation – skills that few, even in tech-adjacent industries, currently possess. Keeping this kind of projection firmly in mind helps us to remember that the acquisition of new and essential skills is an ongoing process for everyone. As such, employers should not discount those potential candidates who don’t necessarily come from a tech-heavy background. With robust on-the-job training processes and a supportive, inclusive approach towards IT talent, young workers who perhaps missed out on IT fundamentals at school or who chose to focus, for example, on humanities-based university courses can absolutely receive the same attention and prospects as those from a tech-heavy background. A recent government report on aspects of the skills gap has already uncovered an uplifting trend in this direction, with 57% of employers confident that they can find resources to train their employees.