IT News and Events
May 24th, 2021 — May 30th, 2021 Generate the Custom HTML Email for this Issue
IT News and Events IT News and Events
Volume 278, Issue 4 << Previous Issue | Next Issue >>
IBM News
disable
Copersucar Selects IBM Cloud For Sustainable Digital Growth In Hybrid Cloud Environment
The Brazilian sugar and ethanol trader invested in technology to grow and relied on the IBM Cloud and Global Technology Services to help them reduce costs and gain agility, security and scalability
"Copersucar, a global leader in sugar and ethanol trading,[1] has chosen IBM Cloud to help them increase productivity and efficiency, modernize processes and accelerate its business expansion. Responsible for commercializing 3.7 million tons of sugar and 5 billion liters of ethanol in 2019-2020 Crop-Year, the company recently completed an important step on its digital transformation journey by migrating its main IT infrastructure to IBM Cloud with support from IBM Global Technology Services.

Brazil is now responsible for approximately 20% of the world's sugar production[2] and is a global leader in the production of sugarcane ethanol,[3] the biofuel with the lowest available carbon footprint. The country ranks second in biofuel production, behind only the United States. As a global leader in both sectors, Copersucar has a unique business model, connecting mills and the customers, at the same time it carries out the logistical operation, integrating all links in the value chain..."

IBM News, May 27th, 2021
(Get More Information . .) open to premium members only

IBM And The University Of Illinois Urbana-Champaign Plan To Launch New Discovery Accelerator Institute
Ten-year collaboration between IBM, UIUC and the State of Illinois will be backed by a $200 million investment
IBM and The Grainger College of Engineering at the University of Illinois Urbana-Champaign plan to launch a large-scale collaboration designed to increase access to technology education and skill development, and to combine the strengths of academia and the industrial sector to spur breakthroughs in emerging areas of technology. Specifically, the planned collaboration will focus on the rapidly growing areas of hybrid cloud and AI, quantum information science and technology, accelerated materials discovery, and sustainability to accelerate the discovery of solutions to complex global challenges.
IBM News, May 27th, 2021
(Get More Information . .) open to premium members only

Latest Release Of IBM Iconnect Access Provides Foundation For Planned Future 3D Printing Solution
IBM Watson Health today officially announced the latest release of its diagnostic viewer and image exchange platform, IBM iConnect Access
"A true zero-download web viewer, IBM iConnect Access is designed to allow healthcare providers to aggregate, exchange and access medical imaging data across the enterprise and extended care team, enabling real-time collaboration, from any web-connected device, anywhere. The platform will be showcased as part of IBM Watson Health interoperability solutions at this years' virtual meeting of the Society for Imaging Informatics in Medicine (SIIM) May 24 - 27, 2021.

The latest release of IBM iConnect Access reflects the availability of new U.S. Food and Drug Administration (FDA) 510(k) cleared features and enhancements, including an optional 3D interactive segmentation tool to support the creation of 3D digital anatomic models. This new tool, when used in combination with the enhanced user interface, is designed to help healthcare providers quickly build an anatomically accurate and detailed 3D digital model from a patient's medical imaging data. Editing tools such as freehand sculpt, polygon sculpt, 3D eraser, 'cut and discard', 'cut and keep', hole-filling and smoothing also can allow for easy editing..."

IBM News, May 24th, 2021
(Get More Information . .) open to premium members only

Red Hat News
disable
Actionable Threat Intelligence For Publicly Known Exploits For RHEL
As a Product Manager at Red Hat, I speak with customers to understand the challenges they seek to address and recommend Red Hat technologies that can help maximize efficiency and productivity in their environments
"Although no two organizations are the same, some of their most cited challenges include (1) managing the sprawl of their infrastructure footprint in an open-hybrid cloud environment (2) lacking resources to manage it with and (3) an increasing focus on security and compliance concerns.

Red Hat Insights for Red Hat Enterprise Linux is designed and built to help customers address concerns across management of compliance and security. For managing security vulnerabilities on their estate of servers, Insights has a Vulnerability service that helps customers identify, assess, and triage Common Vulnerability and Exposures (CVEs), remediate them with Red Hat Ansible Automation Platform, and report on the health of the servers across hybrid cloud footprint for any systems registered with Insights..."

Red Hat News, May 25th, 2021
(Get More Information . .) open to premium members only

Red Hat Learning Subscription Premium Helps You Craft Your Skill-Building Strategy
The Red Hat Learning Subscription has facilitated the delivery of on-demand Red Hat Training courses to professionals across industries and the globe since 2016, and continues to evolve to meet the needs of the market
"An all-new Premium tier of Red Hat Learning Subscription was announced recently which expands training modality options to accommodate a variety of learning styles by providing live virtual instruction, recorded video classrooms, or text-based courses. In this post, we'll highlight some of the enhancements and flexible features you'll find with the Premium tier.

Red Hat training equips you with skills to stay competitive

Adding the flexibility of being able to take courses live and virtually means professionals can continue the learning they need from the comfort of anywhere. All courses are developed by technical and experienced professionals who work on Red Hat software..."

Red Hat News, May 27th, 2021
(Get More Information . .) open to premium members only

Friday Five - May 28, 2021
The Friday Five is a weekly Red Hat blog post with 5 of the week's top news items and ideas from or about Red Hat and the technology industry. Consider it your weekly digest of things that caught our eye
  • Red Hat Brings Red Hat Universal Base Image to Docker Hub
  • Technically Speaking (S1E05): Weird Data Science
  • Red Hat Brings JBoss Enterprise Application Platform to Microsoft Azure, Easing Shift to the Cloud for Traditional Java Applications
  • GovConWire - Red Hat's Dave Egts on Potential of Edge Computing, Open Hybrid Cloud for Government Data Management
  • Stability plus innovation: Red Hat Enterprise Linux 8.4 is now GA

Read on for details

Red Hat News, May 28th, 2021
(Get More Information . .) open to premium members only

Red Hat Summit Virtual Experience Part 2: When Global Meets Personal
How do you follow a two-day, global event packed with more than 30 Ask the Expert sessions, new product announcements, award-winning customer success stories, and celebrity meet-and-greets? Invite everyone back for more, and make it an even more personalized experience.
"We're gearing up to welcome you to Red Hat Summit Virtual Experience Part 2 on June 15 and June 16. Here's just a glimpse of what's in store.

7 content channels for your specific interests

Developers, cloud architects, and CIOs can dive into more content that's most relevant to their roles with our seven specialized channels. Each channel will have live and aired interactive sessions to match your learning style, including topic-specific Ask the Expert sessions and Breakout sessions..."

Red Hat News, May 26th, 2021
(Get More Information . .) open to premium members only

Security Automation For Digital Transformation
As organizations are adopting agile and DevOps to improve their processes and products at breakneck speed, security considerations may be left in the dust and digital risks left unmanaged
"Therefore, organizations must have security automation as part of their digital transformation. This article intends to provide you with security basics and an automation approach to assess platforms, products, and services to comply with security policies, regulatory, and compliance requirements.

A prime requirement of security is to mitigate the risks exposed by vulnerabilities that can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a system. Many known vulnerabilities are discovered by researchers, groups, and individuals who invest their time and report it..."

Red Hat News, May 26th, 2021
(Get More Information . .) open to premium members only

IT News - CxO
disable
3 Takeaways From 2020 For CISOs To Guide This Year's Strategy
In a threat environment that mixes old and new tricks, CISOs must create a strategy that can address them all.
"Last year cast a shockingly bright spotlight on cybersecurity with the risks that surfaced due to the rise of remote work. The year was capped off by one of the most significant supply chain hacks. This incident, coupled with the onslaught of ransomware and other cyberattacks in 2020, provides an opportunity for some deep insight into where the focus of cybersecurity efforts needs to be in order to prepare for the future..." - CISO MAG
CISO MAG, May 20th, 2021
(Get More Information . .) open to premium members only

5 Ways To Help Teams Step Outside Their Comfort Zone: Colorado CIO Of The Year Winners
How can you encourage teams to take risks and embrace change? Listen to what these top CIOs have to say
"Once you're wrapped in a warm blanket of security and familiarity, it can be challenging to pull back the covers and step into the crisp air of change," writes Ginny Hamilton in The Enterprisers Project.

"But there can be big benefits for expanding your comfort zone, especially when you work in IT where change is constant.

We caught up with CIOs who recently won the 2021 Colorado CIO of the Year ORBIE Awards to learn how they're encouraging their teams to get comfortable with being uncomfortable. The awards were presented by the Colorado CIO Leadership Association, a professional community that annually recognizes CIOs for their excellence in technology leadership..."

The Enterprisers Project, May 17th, 2021
(Get More Information . .) open to premium members only

What Lessons Can CIOs Learn From The Colonial Pipeline Hack?
The news angles and repercussions of the Colonial Pipeline hack just keep multiplying. It's a story that serves to emphasize that a data breach bringing down a database or website is one thing - but crashing key infrastructure is quite another
"No ransomware attack has captured the imagination of the public like the Colonial Pipeline debacle," opines Drew Robb in CIOinsight.

"Millions paid in ransom, long lines at gas stations, soaring prices, federal government dallying, even a public explanation from CEO Joseph Blount as to why the company paid the ransom - this one has so many avenues to explore.

Investigators are delving into the exact causes. Whatever the specifics in the Colonial Pipeline hack, the contributing factors are unlikely to fall outside of these familiar vulnerabilities, each of which CIOs need to pay close attention to..."

CIOinsight, May 20th, 2021
(Get More Information . .) open to premium members only

Making The Leap From IT Expert To IT Leader
Transitioning to an IT leadership role takes new skills, self-awareness, and an eye for the business value of tech as you become a key point-person for business-IT collaboration.
Sarah K. White writes in CIO, "The leap to leadership is a big one - especially in IT. That's because the transition from IT expert to IT leader requires a significant shift in skills and a new mindset about the role technology plays in the business.

In becoming an IT leader, your technical knowledge still matters, but you'll also need to develop a deeper understanding of the business side of the organization - and acquire the skills necessary to collaborate directly with other, non-technical leaders in the organization..."

CIO, May 20th, 2021
(Get More Information . .) open to premium members only

5 Questions Every CISO Should Ask Before Moving Company
Companies are in a war for the best CISO talent. It's no surprise that finding individuals with all the skill sets (technical, managerial, and leadership) in equal measure is a major challenge
"The role of a Chief Information Security Officer is a much-coveted position that blends extensive technical know-how, managerial excellence, and strong leadership skills. It's no surprise that finding individuals with all of these skill sets in equal measure is a major challenge. Companies are in a war for the best CISO talent, meaning candidates are likely faced with multiple offers at any one time.

With this in mind, here are the five questions every CISO should ask before moving company..." - CISO MAG

CISO MAG, May 19th, 2021
(Get More Information . .) open to premium members only

Can You Depend On Your Cyber Insurance?
You've got cyber insurance in case the worst happens. But what does your policy cover and what will it not pay out for? Your worst-case scenario might be worse than you think.
Dave McKay writes in CloudSavvy IT, "Cyber liability insurance is a specific form of insurance that covers financial losses that arise from cyberincidents. Typically these are cyberattacks and data breaches. As with all insurance policies, you'll harbor two hopes. One is you never have to use it. The second is that if you do need to make a claim the insurance company accepts your claim and pay out.

There's a lot you can do to make your organization as safe as possible. However, there's always a risk that a new vulnerability is discovered and exploited by threat actors before it is identified by the manufacturer and a patch issued to address that vulnerability. This is one form of zero-day vulnerability..."

CloudSavvy IT, May 20th, 2021
(Get More Information . .) open to premium members only

CISOs: Missing An Opportunity To Partner With Your CDO?
CISOs can tap into the CDOs data knowledge and governance skills, while CDOs can tap into the CISO's knowledge of internal and external threats.
"Recently," writes Myles Suer in eWeek "I was talking with a major analyst firm about data and security. The name of the firm will not be mentioned to protect the not-so-innocent. During this call, I was amazed to learn that most CISOs remain focused - even with their increasing board level visibility - on protecting their enterprises from outside intrusion or compromise, but not on protecting their enterprise's most valuable asset - data - from threats internal and external..."
eWeek, May 18th, 2021
(Get More Information . .) open to premium members only

IT News - Storage
disable
Seagate May Have Just Unveiled The World's Fastest HDD
Seagate's Exos 2X14 HDD can deliver a sustained transfer rate of 524MB/s
"Seagate has finally disclosed the official specs of its first dual-actuator hard disk drive (HDD) the Mach.2 Exos 2X14 and listed it on its website," reports Anthony Spadafora in techradar.pro.

"Although SSDs have now become the standard for business laptops and workstations, HDDs still have a place in data centers due to their ability to store large amounts of data relatively cheaply. However, Seagate's Mach.2 multi-actuator technology aims to speed up the rate at which HDDs can transfer data without sacrificing their storage capacity..."

techradar.pro, May 22nd, 2021
(Get More Information . .) open to premium members only

12 Ways To Manage Your Data Storage Strategy
Data storage systems were never easy to manage, and with spiraling capacities it's gotten even harder. Try these 12 techs and practices to help ease the storage management burden
"Businesses run on data," opines Rich Castagna in SearchStorage. "With more data collection sources and opportunities than ever, coupled with advanced analytics that turn raw data into useful, actionable information in real time, protecting data storage resources is more critical than ever.

Data must be easy to access but stored in a secure enough manner to protect it from malicious attacks, machine failures or human errors that could jeopardize its integrity. Under any circumstances, those requisites might be tough to satisfy, but given the deluge of data that most companies must contend with, the job might seem insurmountable..."

SearchStorage, May 17th, 2021
(Get More Information . .) open to premium members only

IT News - AI
disable
Artificial Intelligence (AI): How To Plan A Pilot Project
Artificial intelligence can be transformational, but many organizations struggle with where to begin. Consider four tips to choose an AI pilot project
David Talby writes in The Enterprisers Project, "Artificial Intelligence (AI) presents an opportunity for businesses in nearly every industry to evolve and improve business operations. The numbers speak for themselves: Data from Fortune Business Insights shows that the AI market size was valued at $27 billion in 2019 - a figure projected to reach $267 billion by 2027. It's no wonder enterprises are grappling to get involved in what is likely the most prolific technology of our time.

But implementing an AI strategy is challenging, especially for legacy organizations and those who simply don't know where to begin..."

The Enterprisers Project, May 20th, 2021
(Get More Information . .) open to premium members only

Easing Machine Learning For Developers, Google's Vertex AI Managed ML Platform Now Available
Google Cloud has been busy over the last few years building a wide range of AI and machine learning tools for developers to help them find real-world uses for AI and ML within their enterprises
Todd R. Weiss opines in EnterpriseAI, "But as the tools proliferated, the AI and ML workflows, modeling, experimentation and more began getting complicated. Something was needed to make sense of the mess.

With just such a fix in mind, Google Cloud has unveiled its new Vertex AI managed ML platform, which is designed to streamline and accelerate ML modeling and maintenance to help overwhelmed enterprises get a better handle of their ML and AI initiatives. The platform is now generally available..."

EnterpriseAI, May 19th, 2021
(Get More Information . .) open to premium members only

AI Of Autonomous Cars Finding Its Way Into Conventional Cars, A Big Crossover
There's an old proverb that dates back to at least the year 1670 and declares that sauce for the goose is also sauce for the gander
Lance Eliot writes in AI Trends, "A more modern and altogether familiar version is the assertion that what is good for the goose is good for the gander. That's a saying that we all know well. In today's world, this ostensibly suggests that something applicable in one instance is likely applicable in another (consult your favored online dictionary for further elaboration).

I often highlight cutting-edge technology bringing about AI-based true self-driving cars. I like to highlight foundational R&D work taking place in research labs that are focused on creating autonomous vehicles..."

AI Trends, May 20th, 2021
(Get More Information . .) open to premium members only

Taking Inventory - Where Do We Stand With AI And ML In Cyber Security?
Before diving into cyber security and how the industry is using AI at this point, let's define the term AI first
Raffael Marty writes in Security Boulevard, "Artificial Intelligence (AI), as the term is used today, is the overarching concept covering machine learning (supervised, including Deep Learning, and unsupervised), as well as other algorithmic approaches that are more than just simple statistics. These other algorithms include the fields of natural language processing (NLP), natural language understanding (NLU), reinforcement learning, and knowledge representation. These are the most relevant approaches in cyber security.

Given this definition, how evolved are cyber security products when it comes to using AI and ML?..."

Security Boulevard, May 20th, 2021
(Get More Information . .) open to premium members only

IT News - Technology
disable
Ampere Altra Max 128-Core Server Processor Available As Company Lays Out 5 nm Roadmap
The 5nm process Ampere chips will debut in 2022 with a follow up in 2023.
"Ampere said its Altra Max 128-core server processor is now available, and the company outlined its roadmap for its next-generation chips," writes Larry Dignan in Zdnet.

"The chipmaker, which makes Arm-based server processors for hyperscale cloud deployments, also said its next-gen products will use cores developed by the company. The 5nm process Ampere chips will debut in 2022 with a follow up in 2023..."

Zdnet, May 19th, 2021
(Get More Information . .) open to premium members only

IT News - HR
disable
What Are CIOs Looking For In Current IT Grads?
Few industries are experiencing the growth and role diversification happening in computer and IT professions
Shelby Hiter writes in CIOinsitght, "IT roles, particularly in the areas of cloud computing, big data, and information security, are expected to grow by 531,200 jobs from 2019 to 2029, which bodes well for IT graduates entering the job market.

But in a booming IT job market, are IT graduates truly prepared for the work that they're heading toward? Do they possess both the technical and pragmatic skills to succeed when pitted against more experienced IT professionals? We connected with more than 50 CIOs and other IT leaders to learn more about what they're looking for in new hires. Here's what they had to say..."

CIOinsitght, May 19th, 2021
(Get More Information . .) open to premium members only

'Tension' Emerges Between Employers, Employees On Hybrid Work Preferences
A different set of preferences is emerging between employers and their employees on how to continue work arrangements after the danger of the pandemic has passed, a survey released May 12 by employment law firm Littler has found
"While 4% of employers estimated that most employees prefer to come back full time for in-person work, 28% said they expected to require such an arrangement regardless," reports Emilie Shumway in HR Dive.

"Future workplace structure has been top of mind for employers as more employees become vaccinated against the coronavirus and the CDC updates its guidelines to clear fully vaccinated people to safely associate without social distancing or wearing a mask..."

HR Dive, May 20th, 2021
(Get More Information . .) open to premium members only

4 Strategies For Retaining IT Talent
Author and career development expert Bev Kaye shares her best advice for inspiring, motivating, and keeping top performers
"Some are calling it the turnover tsunami," writes Dan Roberts in CIO, "One in four workers plans to quit their current jobs once the pandemic is over. That number jumps to one in three for Millennials and employees with children. As for the IT profession, a new survey by Blind, an anonymous social network popular with tech workers, found that almost half of their users (49%) plan to land a new position this year.

The headlines are attention-grabbing, but this has been a long time in the making. In fact, many companies were already dealing with high turnover before the pandemic. The past year may have delayed some employees' plans, but renewed confidence in the future has them looking ahead and considering their options. Now that organizations have adjusted to the idea of remote and hybrid workforces, top IT talent has more opportunities to choose from than ever before..."

CIO, May 20th, 2021
(Get More Information . .) open to premium members only

IT News - Operations
disable
Do Private Data Centers Make Sense Anymore?
What becomes of private data centers as hybrid architecture continues to evolve and redefine the norm?
"Hybrid architectures have been a popular choice for enterprise organizations for years," writes Andrew Froehlich in Network Computing, "but a mainstay of such infrastructure might be facing its sunset.

While the rational for a split public/private infrastructure may still exist, the logic behind doing so is dwindling thanks to new service models offered through public cloud service providers (CSPs). Let's look at reasons why enterprises still choose to operate private data centers in 2021, the downside of going this route, and why new edge computing solutions may signal the end of the private data center..."

Network Computing, May 21st, 2021
(Get More Information . .) open to premium members only

Data Center Threats: Turning Remote Access Into Money
Data centers are an appealing target for cybercriminals.
Giovanni Vigna blogs for vmware, VMware, "Even though they may be more difficult to compromise than the home computer of a kid playing Fortnite or the laptop of a sales representative connecting to a random wireless network, they can bring very large rewards: databases with millions of records containing financial and personal information, substantial computational resources that can be used to mine cryptocurrencies, and access to key assets that can be held for ransom..."
VMware, May 20th, 2021
(Get More Information . .) open to premium members only

Dealing With Software IT Hasn't Approved - Shadow IT
This article will explore how organisations can deal with and leverage shadow IT, software that hasn't been approved by IT
"Shadow IT has become more common within companies in various industries," opines Aaron Hurst in Information Age, "mainly through remotely based employees deviating from tools provided by the IT department and looking for more agile alternatives. But while making use of new software and applications may lead to tasks being completed faster, shadow IT does coe with the risk of vulnerabilities. In this article, we explore how IT teams can deal with shadow IT, and mitigate security risks while continuing to maintain high performance..."
Information Age, May 20th, 2021
(Get More Information . .) open to premium members only

Semiconductor Shortage Hurts Network Equipment Makers And Customers
Semiconductors are scarce, and so are many types of network gear. The wait for things to get back to normal may be a long one
"The global semiconductor shortage is forcing many tech manufacturers to slow or even halt production," writes John Edwards in Network Computing.

"Makers of PCs, servers, mobile devices, gaming consoles, vehicles, and industrial machines are all scrambling to find the chips they need to fulfill orders amid surging demand for their products. Network equipment manufacturers are also feeling the impact of the ongoing chip scarcity, and relief may still be months away.

Bill Wyckoff, vice president of hardware and advanced solutions at technology equipment provider SHI International, said he's seeing shipping delays afflicting a wide range of manufacturers. "Conservative production forecasts in response to the global uncertainty of 2020 didn't anticipate the sharp and surprising increase in demand from sectors like 5G infrastructure, automotive, mobile, cloud, and consumer products, creating a perfectly disconnected storm between supply and demand," he explained..."

Network Computing, May 20th, 2021
(Get More Information . .) open to premium members only

IT News - Security
disable
CMMC Is Not As Scary As You Think
Many federal contractors are nervous about the U.S. Department of Defense's new Cybersecurity Maturity Model Certification (CMMC)
Jim Delorenzo reports in Security Boulevard, "According to the U.S. Office of the Under Secretary of Defense for Acquisition & Sustainment (OUSD(A&S)):

'DoD is migrating to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB) sector. The CMMC is intended to serve as a verification mechanism to ensure that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks.'

And yes, that means that if contractors are not certified at the proper level, they will be unable to bid on federal contracts..."

Security Boulevard, May 20th, 2021
(Get More Information . .) open to premium members only

10 Legal Questions You Should Be Asking About Ransomware
Ransomware attacks have become so popular amongst cyberattackers that it has become its industry with shrink-wrapped and Ransomware-as-a-Service (RaaS) options made widely available for sale on the dark web.
"Data extortion through cyber means is an insidious threat that thousands of companies throughout the world experience firsthand. For many bad actors, it is the attack of choice owing to its ease of execution, low risk of detection, and huge financial upside. According to Coveware Inc., the average ransom payment ($111,605) has increased by 33% from Q4 2019 to Q1 2020. Companies big and small have suffered from ransomware attacks leaving them with an unimaginable business interruption..." - CISO MAG
CISO MAG, May 21st, 2021
(Get More Information . .) open to premium members only

Defend Against Insider Threats From Remote Workers
The dramatic increase in telework and the transition to cloud-based applications means more people are working from remote locations on personal and company-provided devices
Renee Tarun writes in CSO Online, "Security and IT teams have adjusted their strategies to contend with these changes, but one area that is often underestimated is the potential impact of insider threats. Remote work isn't likely to go away any time soon. In fact, 54% of employed adults who say that their job responsibilities can mostly be done from home say that they want to work from home all or most of the time when the coronavirus pandemic is over.

Businesses face significant risks from insider threats, but damage from insider sources can be difficult to track down because these threats cover such a wide range of behaviors and motives. It's even more difficult when employees aren't on site. Threats might come from a disgruntled staffer who wants to disrupt operations, an employee who sells customer data to get some extra cash, or a careless co-worker who ignores a company policy..."

CSO Online, May 19th, 2021
(Get More Information . .) open to premium members only

Infosec Experts: Threat Landscape Is Worst In 60 Years
Between an increasing sophistication seen in nation-state groups and a rise in ransomware that's affecting everyone, the threat landscape may be reaching a historic peak
"Ransomware is now a bigger threat to global security than nation-state campaigns, two infosec experts divulged during an RSA keynote Thursday," reports Arielle Waldman in SearchSecurity.

"Dmitri Alperovitch, chairman of Silverado Policy Accelerator, and Sandra Joyce, executive vice president and head of global intelligence at FireEye, led a discussion on the current global threat landscape, and ransomware attacks topped the list. While nation-state groups instill fear by taking advantage of the global pandemic or targeting things like critical infrastructures, and new trends like DNS hijacking are returning, they said ransomware is affecting everyone. The risk has only advanced over the years, as ransomware gangs turn to extortion and double extortion tactics. During the keynote, Alperovitch and Joyce revealed that the next step in ransomware's evolution may be far more dangerous..."

SearchSecurity, May 20th, 2021
(Get More Information . .) open to premium members only

5 Dangerous Beliefs Companies Hold About Cybercrime
Just as the world seems to finally be recovering and re-opening, a cyber pandemic is looming large on the horizon
"Bad actors continue an unrelenting cyber assault that the pandemic did nothing to diminish," writes Melody Kaufmann in Security Boulevard.

"In fact, cybercrime has been on the rise. Open-source software supply chain attacks have surged by 430% in the past year, cyberattacks on healthcare organizations have risen by 45% since November 2020, and credential theft accounts for about 56% of attacks organizations experience. Companies like Colonial Pipeline, SolarWinds, and Experian keep showing up in the headlines because organizations still refuse to read the writing that has been on the proverbial wall for over a decade..."

Security Boulevard, May 19th, 2021
(Get More Information . .) open to premium members only

User Behavior Analytics: What It Is And How It Advances Digital Security
Organizations are struggling to pinpoint threats that come from real user accounts
"Take insider threats, as an example," suggests David Bisson in Security Intelligence.

"In a 2020 report, 68% of IT and security experts felt their employers were somewhat or very at risk to insider attacks. Over half (53%) said it had become at least somewhat harder to detect an insider attack after migrating to the cloud. About the same proportion admitted that it was more difficult to detect insider threats than external attacks. When asked why, 59% said it was because insiders already had credential access to the network and services. User behavior analytics (UBA) presents one way to solve these problems..."

Security Intelligence, May 19th, 2021
(Get More Information . .) open to premium members only

Cybersecurity Training: Raising Awareness And Securing Your Business
Organizations are increasingly faced with threats from sophisticated criminal organizations and nation-state actors
"To mitigate the risks posed by cyber criminals, organizations must secure and protect their proprietary and sensitive information. They must also commit to training their employees to do their part to protect proprietary and sensitive information. Cybersecurity awareness and training programs educate employees about cybersecurity threats, risks and best practices as well as how to navigate the ever-changing and evolving threat landscape..."
Tripwire, May 17th, 2021
(Get More Information . .) open to premium members only

Why Anti-Phishing Training Isn't Enough
Not only is relying on employees' awareness insufficient to prevent sophisticated social engineering attacks, some training methods can create other problems
Aviv Grafi writes in Dark Reading, "It's time we take a hard look at why we rely so much on end users to catch phishing scams that can jeopardize an entire company. As hackers continue to advance their social engineering techniques, phishing attacks are becoming harder to detect and are missed 39% of the time. While you might think your anti-phishing training program is up to date, your organization will continue to be at risk as long as email is necessary for business operations.

Because we all engage with email daily, we have a degree of blind trust despite continuous, sophisticated anti-phishing training. On many occasions, hackers scheme to elicit emotional responses from their target - for example, by sending urgent messages "from" human resources or the CEO. These are more likely to result in improper downloads or email responses that can damage the entire organization..."

Dark Reading, May 18th, 2021
(Get More Information . .) open to premium members only

IT News - Cloud
disable
How To Build A Cloud Security Observability Strategy
Security observability in the cloud involves more than workload monitoring. Read up on the essential observability components and tools needed to reap the security benefits
Dave Shackleford writes in SearchCloudSecurity, "Public cloud adoption is complicated. It typically requires a significant focus on threat detection and the retooling of workflows and playbooks for security event management, monitoring, detection and response.

Fortunately, a wide variety of third-party and cloud-native tools and services offer capabilities that enable effective cloud event collection, aggregation and analysis. Many organizations are considering the use of observability and security event orientation and decision-making in their cloud monitoring, detection and response strategies. The observability approach may aid in developing sound metrics and tracking to ensure security operations improve over time..."

SearchCloudSecurity, May 19th, 2021
(Get More Information . .) open to premium members only

Sections in this issue:
click to jump to section