September 19, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
The practice involves reassigning workers to roles that don’t align with their career goals to achieve workforce reduction by voluntary attrition — allowing companies to avoid paying costly severance packages or unemployment benefits. “Companies are increasingly using role reassignments as a strategy to sidestep expensive layoffs,” said Annie Rosencrans, people and culture director at HiBob, a human resource platform provider. “By redistributing roles within the workforce, organizations can manage costs while retaining valuable talent, aligning with the current trend of seeking alternatives to traditional layoffs.” ... The optics around quiet cutting and its effects on employee morale is a big problem, however, and experts argue it’s not worth the perceived cost savings. Companies reassigning workers to jobs that may not fit their hopes for a career path or align with their skills can be demoralizing to remaining workers and lead to “disengagement,” according to Chertok. He argued that the quiet cutting trend isn’t necessarily intentional; it's more indicative of corporate America’s need to reprioritize how talent is moved around within an organization.?
One of DeFi′s greatest challenges are liquidity issues. In a decentralized exchange, liquidity is added and owned by users, who often abandon one protocol for another offering better rewards thus resulting in unstable liquidity on DeFi protocols. A liquidity pool is a group of digital assets gathered to facilitate automated and permissionless trading on a decentralized exchange platform. The users of such exchange platforms don’t rely on a third party to hold funds but transact with each other directly. ... There are many systemic risks currently present in DeFi. For example, potential vulnerabilities in smart contracts can expose users to security breaches. DeFi platforms are often interconnected, meaning a problem on one platform can quickly spread and impact others, potentially causing systemic failures. Another potential systemic risk is the manipulation or failure of oracles, which bring real-world data onto the blockchain. This can result in bad decisions and lead to losses. Ultimately, regulated DeFi can help enforce security standards, fostering trust among users.
There are so many pitfalls in setting up SAS tokens that Wiz's Luttwak recommends against ever using the mechanism to share files from a private cloud storage account. Instead, companies should have a public account from which resources are shared, he says. "This mechanism is so risky that our recommendation is, first of all, never to share public data, within your storage account — create a completely separate storage account only for public sharing," Luttwak says. "That will greatly reduce the risk of misconfiguration. You want to share public data, create a public data externally storage account and use only that." For those companies that continue to want to share specific files from private storage using SAS URLs, Microsoft has added the capability as part of GitHub's monitoring of the exposure of credentials and secrets. The company has rescanned all repositories, the company stated in its advisory. Microsoft recommends that Azure users limit themselves to short-lived SAS tokens, apply the principle of least privilege, and have a revocation plan.
领英推荐
The objective of chaos engineering is to unearth system restraints, susceptibilities, and possible failures in a controlled and planned manner before they exhibit perilous challenges resulting in severe impact on the organizations. Few of the most innovative organizations based on learning from past failures understood the importance of chaos engineering and realized it as a key strategy to unravel profound hidden issues to avoid any future failures and impacts on business. Chaos engineering lets the application developers forecast and detect probable collapses by disrupting the system on purpose. The disruption points are identified and altered based on potential system vulnerabilities and weak points. This way the system deficiencies are identified and fixed before they degrade into an outage. Chaos engineering is a growing trend for DevOps and IT teams. A few of the world’s most technologically innovative organizations like Netflix and Amazon are pioneers in adopting chaos testing and engineering.?
At first glance, the pig butchering ring tracked by Sophos operates in much the same way as a legitimate one, establishing pools of cryptocurrency assets and adding new traders – or, in this case, victims – until such time as the cyber criminals drain the entire pool for themselves. This is what is known as a rug-pull. ... “When we first discovered these fake liquidity pools, it was rather primitive and still developing. Now, we’re seeing shā zhū pán scammers taking this particular brand of cryptocurrency fraud and seamlessly integrating it into their existing set of tactics, such as luring targets over dating apps,” explained Gallagher. “Very few understand how legitimate cryptocurrency trading works, so it’s easy for these scammers to con their targets. There are even toolkits now for this sort of scam, making it simple for different pig butchering operations to add this type of crypto fraud to their arsenal. While last year, Sophos tracked dozens of these fraudulent ‘liquidity pool’ sites, now we’re seeing more than 500.”
Organizations can send a strong message to IT suppliers by re-engineering procurement processes and legal contracts to align with secure by design and security by default approaches. Updates to procurement policies and processes can set explicit expectations and requirements of their suppliers and flag any lapses. This isn’t about catching vendors out – many will benefit from the nudge. Changes in procurement assessment criteria can be flagged to IT suppliers in advance to give them a chance to course-correct. Suppliers can then be assessed against these yardsticks. If they fail to measure up, organizations have a clear justification to stop doing business with them. The next step is to create liability or penalty clauses in contracts that force IT vendors to share security costs for fixes or bolt-ons. This will drive them to devote more resources to security and prevent rather than scramble to cure security risks. Governments can support this by introducing laws that make it easier to claim under contracts for poor security.?