Learn from the mistakes of others.
The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it.
When Russian hackers first slipped their digital Trojan horses into federal government computer systems, probably sometime in the spring, they sat dormant for days, doing nothing but hiding. Then the malicious code sprang into action and began communicating with the outside world.
At that moment — when the Russian malware began sending transmissions from federal servers to command-and-control computers operated by the hackers — an opportunity for detection arose, much as human spies behind enemy lines are particularly vulnerable when they radio home to report what they’ve found.
Why then, when computer networks at the State Department and other federal agencies started signaling to Russian servers, did nobody in the U.S. government notice that something odd was afoot?
The answer is part Russian skill, part federal government blind spot.
… The hackers also shrewdly used novel bits of malicious code that apparently evaded the U.S. government’s multibillion-dollar detection system, Einstein, which focuses on finding new uses of known malware and also detecting connections to parts of the Internet used in previous hacks.
But Einstein, operated by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), was not equipped to find novel malware or Internet connections, despite a 2018 report from the Government Accountability Office suggesting that building such capability might be a wise investment. Some private cybersecurity firms do this type of “hunting” for suspicious communications — maybe an IP address to which a server has never before connected — but Einstein doesn’t.
“It’s fair to say that Einstein wasn’t designed properly,” said Thomas Bossert, a top cybersecurity official in both the George W. Bush and Trump administrations. “But that’s a management failure.”
For my Ethical Hackers. Even Presidents can choose bad passwords.
https://www.bbc.com/news/technology-55337192
Trump Twitter ‘hack’: Police accept attacker's claim
Dutch prosecutors have found a hacker did successfully log in to Donald Trump's Twitter account by guessing his password - "MAGA2020!"
But they will not be punishing Victor Gevers, who was acting "ethically".
Mr Gevers shared what he said were screenshots of the inside of Mr Trump's account on 22 October, during the final stages of the US presidential election.
But at the time, the White House denied it had been hacked and Twitter said it had no evidence of it.
… But Twitter has refused to answer direct questions from BBC News, including whether the account had extra security or logs that would have shown an unknown login.
One of many laws I try to explain to my Computer Security students.
GLBA explained: What the Graham-Leach-Bailey Act means for privacy and IT security
… for IT professionals, it's much better known for the data security and privacy mandates it imposes on a wide range of companies and organizations, even beyond the banking industry. While many of these rules represent best IT practices, the legal stakes of noncompliance are high, with big fines and even potential jail time looming for those who fall short.
Self-inflicted.
https://fpf.org/2020/12/16/the-complex-landscape-of-enforcing-the-lgpd-in-brazil-public-prosecutors-courts-and-the-national-system-of-consumer-defense/
The Complex Landscape of Enforcing the LGPD in Brazil: Public Prosecutors, Courts and the National System of Consumer Defense
… This blog (1) summarizes the contributions of our three guest speakers, focusing on (2) public prosecutors under the Public Ministry, (3) recent case-law from the two highest Federal Brazilian Courts, (4) the national system of consumer defence, and (5) outlines potential conflicts of competence, before reaching (6) conclusions.
Perspective.
https://www.adweek.com/digital/ibm-predictions-artificial-intelligence-ad-tech-2021/
5 Ways IBM Predicts AI and Ad Tech Will Evolve in 2021
The trends range from more machine learning to a shift in the privacy conversation
With tech giants set to crack down on cookies and third-party trackers in the coming months, the ad-tech industry is in for some major changes.
IBM Watson Advertising has bet that artificial intelligence and anonymized behavioral insights will play a central role in that post-cookie future. The company has rolled out a series of product releases this year that aimed to lessen marketers’ reliance on personal data.
In a new report this week, Sheri Bachstein, global head of IBM Watson Advertising and The Weather Company, laid out some predictions for how those changes may take shape in the year to come, from a ramping up of discussions around consumer privacy to what a post-Covid-19 new normal might look like.
Even the government is starting to use technology!
U.S. Copyright Office launched a new Copyright Public Records System (CPRS) pilot to the public
“The U.S. Copyright Office launched a new Copyright Public Records System (CPRS) pilot to the public. The new portal will provide access to the same copyright records for both registration and recordation data that exist in the Copyright Public Catalog but with enhanced search capabilities and improved interfaces for internal and external users. With these enhancements, users should have an easier time finding the exact records they need. The CPRS pilot is also the second Enterprise Copyright System module to launch. While the first module, the electronic recordation system pilot, was released to a limited external audience, the CPRS pilot is available to the entire public. The public can access the new CPRS pilot at publicrecords.copyright.gov and provide feedback on their experience using the feedback link at the bottom of the page. The pilot is designed to run concurrently with the Copyright Public Catalog—available at cocatalog.loc.gov. During the pilot, the Copyright Public Catalog will remain the official source of authoritative records. The CPRS pilot will continue to evolve after the public release. Developers and Copyright Office staff are working on including the ability to download and print search results and the ability for users to see their recent searches and records. While the current CPRS pilot contains records from 1978 through the present, the Office is considering migrating other public records to the CPRS…”
Fits my “change is the only constant” philosophy.
https://sloanreview.mit.edu/article/the-essence-of-strategy-is-now-how-to-change/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+mitsmr+%28MIT+Sloan+Management+Review%29
The Essence of Strategy Is Now How to Change
When environments are complex and dynamic, strategy is about adaptability.
A fundamental assumption underlying traditional approaches to strategy is that industry boundaries and economics remain broadly stable over time. This assumption is no longer realistic, given that digital technologies and other factors have caused the average age of the companies in the S&P 500 to decline from more than 60 years in 1958 to less than 20 years today.
Job hunting in a changing world.
https://www.fastcompany.com/90586957/how-ai-is-helping-top-tech-talent-connect-with-the-best-opportunities
How AI is helping top tech talent connect with the best opportunities
Despite what’s happened to the world economy over the past year—and the continued uncertainty of what lies ahead—when it comes to hiring top talent it remains a job candidate’s market. The current focus of the conversation is around the impact of artificial intelligence on hiring practices. However, there are some key considerations that demonstrate the immense amount of choices talent will always have.
Right now, two seemingly contradictory things are happening in business.
Artificial intelligence is growing tremendously. According to statista, AI is growing approximately 54 percent annually and will be “one of the next great technological shifts, like the advent of the computer age or the smartphone revolution.”
Humans are not becoming less important. Organizations are becoming more sophisticated about measuring the value, impact, and importance of people. In turn, talent—or human resources or the management of workforces—is receiving more attention.
No comments:
Post a Comment