Home Posts tagged know

Tag: know

Posted on Posted in Digital transformation, General topics Tagged with , , , , ,

Cybersecurity vendor CrowdStrike initiated a series of computer system outages across the world on Friday, July 19, disrupting nearly every industry and sowing chaos at airports, financial institutions, and healthcare systems, among others.

At issue was a flawed update to CrowdStrike Falcon, the company’s popular endpoint detection and response (EDR) platform, which crashed Windows machines and sent them into an endless reboot cycle, taking down servers and rendering ‘blue screens of death’ on displays across the world.

How did the CrowdStrike outage unfold?

Australian businesses were among the first to report encountering difficulties on Friday morning, with some continuing to encounter difficulties throughout the day. Travelers at Sydney Airport experienced delays and cancellations. At 6pm Australian Eastern Standard Time (08:00 UTC), Bank Australia posted an announcement to its home page saying that its contact center services were still experiencing problems.

Businesses across the globe followed suit, as their days began. Travelers at airports in Hong Kong, India, Berlin, and Amsterdam encountered delays and cancelations. The Federal Aviation Administration reported that US airlines grounded all flights for a period of time, according to the New York Times.

What has been the impact of the CrowdStrike outage?

As one of the largest cybersecurity companies, CrowdStrike’s software is very popular among businesses across the globe. For example, over half of Fortune 500 companies use security products from CrowdStrike, which CSO ranks No. 6 on its list of most powerful cybersecurity companies.

Because of this, fallout from the flawed update has been widespread and substantial, with some calling it the “largest IT outage in history.”

To provide scope for this, more than 3,000 flights within, into, or out of the US were canceled on July 19, with more than 11,000 delayed. Planes continued to be grounded in the days since, with nearly 2,500 flights canceled within, into, or out of the US, and more than 38,000 delayed, three days after the outage occurred.

The outage also significantly impacted the healthcare industry, with some healthcare systems and hospitals postponing all or most procedures and clinicians resorting to pen and paper, unable to access EHRs.

Given the nature of the fix for many enterprises, and the popularity of CrowdStrike’s software, IT organizations have been working around the clock to restore their systems, with many still mired in doing so days after the initial faulty update was served up by CrowdStrike.

On July 20, Microsoft reported that an estimated 8.5 million Windows devices had been impacted by the outage. On July 27, Microsoft clarified that its estimates are based on crash reports, which are “sampled and collected only from customers who choose to upload their crashes to Microsoft.”

What caused the CrowdStrike outage?

In a blog post on July 19, CrowdStrike CEO George Kurtz apologized to the company’s customers and partners for crashing their Windows systems. Separately, the company provided initial details about what caused the disaster.

According to CrowdStrike, a defective content update to its Falcon EDR platform was pushed to Windows machines at 04:09 UTC (0:09 ET) on Friday, July 19. CrowdStrike typically pushes updates to configuration files (called “Channel Files”) for Falcon endpoint sensors several times a day.

The defect that triggered the outage was in Channel File 291, which is stored in “C:WindowsSystem32driversCrowdStrike” with a filename beginning “C-00000291-” and ending “.sys”. Channel File 291 passes information to the Falcon sensor about how to evaluate “named pipe” execution, which Windows systems use for intersystem or interprocess communication. These commands are not inherently malicious but can be misused.

“The update that occurred at 04:09 UTC was designed to target newly observed, malicious named pipes being used by common C2 [command and control] frameworks in cyberattacks,” the technical post explained.

However, according to CrowdStrike, “The configuration update triggered a logic error that resulted in an operating system crash.”

Upon automatic reboot, the Windows systems with the defective Channel File 291 installed would crash again, causing an endless reboot cycle.

In a follow-up post on July 24, CrowdStrike provided further details on the logic error: “When received by the sensor and loaded into the Content Interpreter, problematic content in Channel File 291 resulted in an out-of-bounds memory read triggering an exception. This unexpected exception could not be gracefully handled, resulting in a Windows operating system crash (BSOD).”

The defective update, which included new exploit signatures, was part of CrowdStrike’s Rapid Response Content program, which the company says goes through less rigorous testing than do updates to Falcon’s software agents. Whereas customers have the option of operating with the latest version of Falcon’s Sensor Content, or with either of the two previous versions if they prefer reliability over coverage of the most recent attacks, Rapid Response Content is deployed automatically to compatible sensor versions.

The flawed update only impacted machines running Windows. Linux and MacOS machines using CrowdStrike were unaffected, according to the company.

How has CrowdStrike responded?

According to the company, CrowdStrike pushed out a fix removing the defective content in Channel File 291 just 79 minutes after the initial flawed update was sent. Machines that had not yet updated to the faulty Channel File 291 update would not be impacted by the flaw. But those machines that had already downloaded the defective content weren’t so lucky.

To remediate those systems caught up in endless reboot, CrowdStrike published another blog post with a far longer set of actions to perform. Included were suggestions for remotely detecting and automatically recovering affected systems, with detailed sets of instructions for temporary workarounds for affected physical machines or virtual servers, including manual reboots.

On July 24, CrowdStrike reported on the testing process lapses that led to the flawed update being pushed out to customer systems. In its post-mortem, the company blamed a hole in its testing software that caused its Content Validator tool to miss a flaw in the defective Channel File 291 content update. The company has pledged to improve its testing processes by ensuring updates are tested locally before being sent to clients, adding additional stability and content interface testing, improving error handling procedures, and introducing a staggered deployment strategy for Rapid Response Content.

CrowdStrike has also sent $10 in Uber Eats credits to IT staff for the “additional work” they put in helping CrowdStrike clients recover, TechCrunch reported. The email, sent by CrowdStrike Chief Business Officer Daniel Bernard, said in part, “To express our gratitude, your next cup of coffee or late night snack is on us!” A CrowdStrike representation confirmed to TechCrunch that the Uber Eats coupons were flagged as fraud by Uber due to high usage rates.

On July 25, CrowdStrike CEO Kurtz took to LinkedIn to ensure customers that the company “will not rest until we achieve full recovery.”

“Our recovery efforts have been enhanced thanks to the development of automatic recovery techniques and by mobilizing all our resources to support our customers,” he wrote.

What went wrong with CrowdStrike testing?

CrowdStrike’s review of its testing shortcomings noted that, whereas rigorous testing processes are applied to new versions of its Sensor Content, Rapid Response Content, which is delivered as a configuration update to Falcon sensors, goes through less-rigorous validation.

In developing Rapid Response Content, CrowdStrike uses its Content Configuration System to create Template Instances that describe the hallmarks of malicious activity to be detected, storing them in Channel Files that it then tests with a tool called the Content Validator.

According to the company, disaster struck when two Template Instances were deployed on July 19. “Due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data,” CrowdStrike said in its review.

Industry experts and analysts have since come out to say that the practice of rushing through patches and pushing them directly to global environments has become mainstream, making it likely that another vendor could fall prey to this issue in the future.

How has recovery from the outage fared?

For many organizations, recovering from the outage is an ongoing issue. With one suggested solution for remedying the defective content being to reboot each machine manually into safe mode, deleting the defective file, and restarting the computer, doing so at scale will remain a challenge.

It has been noted that some organizations with hardware refresh plans in place are considering accelerating those plans as a remedy to replace affected machines rather than commit the resources necessary to conduct the manual fix to their fleets.

On July 25, CrowdStrike CEO Kurtz posted to LinkedIn that “over 97% of Windows sensors are back online as of July 25.”

What is CrowdStrike Falcon?

CrowdStrike Falcon is endpoint detection and response (EDR) software that monitors end-user hardware devices across a network for suspicious activities and behavior, reacting automatically to block perceived threats and saving forensics data for further investigation.

Like all EDR platforms, CrowdStrike has deep visibility into everything happening on an endpoint device — processes, changes to registry settings, file and network activity — which it combines with data aggregation and analytics capabilities to recognize and counter threats by either automated processes or human intervention. 

Because of this, Falcon is privileged software with deep administrative access to the systems it monitors, making it tightly integrated with core operating systems, with the ability to shut down activities that it deems malicious. This tight integration proved to be a weakness for IT organizations in this instance, rendering Windows machines inoperable due to the flawed Falcon update.

The company has also introduced AI-powered automation capabilities into Falcon for IT, to help bridge the gap between IT and security operations, according to the company.

What has been the fallout of CrowdStrike’s failure?

In addition to dealing with fixing their Windows machines, IT leaders and their teams are evaluating lessons that can be gleaned from the incident, with many looking at ways to avoid single points of failure, re-evaluating their cloud strategies, and reassessing response and recovery plans. Industry thought leaders are also questioning the viability of administrative software with privileged access, like CrowdStrike’s. And as recovery nears completion, CISOs have cause to reflect and rethink key strategies.

As for CrowdStrike, US Congress has called on CEO Kurtz to testify at a hearing about the tech outage. According to the New York Times, Kurtz was sent a letter by Representative Mark Green (R-Tenn.), chairman of the Homeland Security Committee, and Representative Andrew Garbarino (R-NY).

Americans “deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking,” they wrote in their letter to Kurtz, who was involved in a similar situation when, as CTO of McAfee, the company pushed out a faulty anti-virus update that impacted thousands of customers, triggering BSODs and creating the effect of a denial-of-service attack.

Financial impacts of the outage have yet to be estimated, but Derek Kilmer, a professional liability broker at Burns & Wilcox, said he expects insured losses of up to $1 billion or “much higher,” according to The Financial Times. Insurer Parametrix pegs that number at $5.4 billion lost, just for US Fortune 500 companies, excluding Microsoft, Reuters reported.

Based on Microsoft’s initial estimate of 8.5 million Windows devices impacted, research firm J. Gold Associates has projected the IT remediation costs at $701 million, based on 12.75 million resource-hours necessary from internal technical support teams to repair the machines. That coupled with the fact that, according to Parametrix, “loss covered under cyber insurance policies is likely to be no more than 10% to 20%, due to many companies’ large risk retentions,” the financial hit from CrowdStrike is likely to be enormous.

In response to concerns around privileged access, Microsoft announced it is now prioritizing the reduction of kernel-level access for software applications, a move designed to enhance the overall security and resilience of the Windows operating system.

Questions have also been raised about suppliers’ responsibilities to provide quality assurance for their products, including warranties.

Delta Airlines, which canceled nearly 7,000 flights, resulting in more than 175,000 refund requests, has hired lawyer David Boies to pursue damages from CrowdStrike and Microsoft, according to CNBC. The news outlet reports Delta’s estimated costs as a result of the outage is $500 million. Boies led the US government’s antitrust case against Microsoft in 2001. Delta CEO Ed Bastian told CNBC that the airline had to manually reset 40,000 servers and will “rethink Microsoft” for Delta’s future.

Meanwhile, CrowdStrike shareholders filed a class-action lawsuit against the company, arguing that CrowdStrike defrauded them by not revealing that its software validation process was faulty, resulting in the outage and a subsequent 32% decline in market value, totaling $25 billion.

Ongoing coverage of the CrowdStrike failure

News

July 19: Blue screen of death strikes crowd of CrowdStrike servers 

July 20: CrowdStrike CEO apologizes for crashing IT systems around the world, details fix 

July 22: CrowdStrike incident has CIOs rethinking their cloud strategies 

July 22: Microsoft pins Windows outage on EU-enforced ‘interoperability’ deal 

July 24: CrowdStrike blames testing shortcomings for Windows meltdown

July 26: 97 per cent of CrowdStrike Windows sensors back online

July 26: Counting the cost of CrowdStrike: the bug that bit billions

July 29: CrowdStrike was not the only security vendor vulnerable to hasty testing

July 29: Microsoft shifts focus to kernel-level security after CrowdStrike incident

Aug. 1: Delta Airlines to ‘rethink Microsoft’ in wake of CrowdStrike outage

Analysis

July 20: Put not your trust in Windows — or CrowdStrike 

July 22: Early IT takeaways from the CrowdStrike outage 

July 24: CrowdStrike meltdown highlights IT’s weakest link: Too much administration

July 25: CIOs must reassess cloud concentration risk post-CrowdStrike

July 29: CrowdStrike debacle underscores importance of having a plan

July 30: CrowdStrike crisis gives CISOs opportunity to rethink key strategies

Originally published on July 23, 2024, this article has been updated to reflect evolving developments.

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , ,

It’s no secret that the labor market has been volatile in recent years, with workers moving positions in record numbers.

But it’s not just lower-level staffers making moves: Plenty of CIOs have been shuffling jobs during the past few years, too.

In its 2022 Global Leadership Monitor survey, executive search firm Russell Reynolds Associates reported that 56% of technology executives moved to a different company during the prior year — a higher percentage than their peers in finance, human resources, legal, risk & compliance, and operations.

The same survey revealed that 50% of technology executives, which includes CIOs as well as CTOs, CISOs and chief digital officers, said they’re willing to change employers for the right opportunity. Half of that cohort further expressed “a strong desire to leave their current employer.”

But how do CIOs know it’s time to make a move — particularly when there are no real problems driving them out the door?

There are both telltale and personally-felt signs that indicate the time is right to move on — even if everything is going well in a current job, according to experienced CIOs, career coaches, and executive advisers.

“Jobs often have a natural ending,” says Trevor Schulze, who became CIO of analytics software company Alteryx in 2021 after three years as senior vice president and CIO at RingCentral.

Schulze, who says he has some strategies for knowing when to make a move, is thoughtful about what he wants to do for work, acknowledging that he has “a passion for building.” As such, he looks for roles at companies “that I really feel passionate about” and are looking to transform.

The Monday morning test

Even if he’s in a position that meets his transformative criteria, Schulze still keeps an eye out for signs that it’s time to depart. Here, the “Monday morning test” can be a key indicator for making that call.

“First, I’m honest [when asking myself]: Are you energized or deflated on Monday morning going into that workweek? Am I fulfilled in my role? With fulfillment for me meaning I’m learning and growing. Or have I hit a ceiling?” he explains, noting that he has mentored others to use such questions as they make career choices.

Schulze developed this litmus test early in his career when heading to work one Monday following a particularly tough stretch of days. Going into his office, he knew that he and his colleagues would be challenged with fixing some issues that had surfaced.

“So I tested myself by asking: Is this something I wanted to do?” he says. “I said, ‘Absolutely.’ I wanted to be a change agent. I saw exciting things ahead of me.”

Schulze has used this test ever since to help guide decisions on whether to stay in a current role — a practice that is particularly helpful for making the right call when he’s approached by recruiters.

“It’s human nature when you find something dangled in front of you to want to pursue it. But if you are doing a great job at a good organization and you are changing the organization, that’s a great thing and not something that I’d walk away from,” he says. “Technology leaders get approached constantly with new opportunities, and I’m no exception. But if I’m still energized with driving my [current] company’s agenda I say, ‘No thank you.’”

He adds: “I pass opportunities onto other people constantly, and I think more people need to do that. They need to have the courage to say ‘Not now.’”

On the other hand, there have been times when Schulze’s response to that test question has helped him realize it’s best to consider new opportunities. The tipping point? “When too many Monday mornings you feel you don’t want to do this anymore.”

Breaking points

There are, of course, many circumstances that would prompt a CIO to leave. CIOs are sometimes pushed out, something they may recognize is evolving when they’re excluded for strategy sessions or sidelined to special projects. In such cases, advisers say most CIOs can read the tea leaves and know it’s time to put themselves back on the job market.

But veteran CIOs, executive advisers, and recruiters say it may take some introspection and good observation skills to understand other scenarios that might indicate that it’s time to exit a position on a high note.

For example, CIOs who find that they’re transforming elements that they already transformed at least once before often see that as a good time to break away.

“Some CIOs can start again, but others, or even more CIOs, say, ‘I’ve done this and I’ve had a good run.’ And once they get through one transformation, they may not want to do it again there,” says John-Claude (JC) Hesketh, the London-based CEO of global executive search and leadership advisory firm Marlin Hawk.

Coming to such realizations takes time and attention.

“There’s no one clear ‘That’s it, this happened, that’s the linchpin, it’s time to go,’” says Kristen Lamoreaux, president and CEO of Lamoreaux Search, who has seen plenty of CIOs opt for graceful exits by departing while they’re still effective in their roles.

In many cases, she says, CIOs who leave on a high note recognize that the role or its mission are changing in ways that they don’t want or aren’t suited for. A CIO who excels at growth, for example, may see the company — and thus IT — heading into maintenance or cost-cutting mode and, being self-aware about their strengths and interests, see that as a good time to start looking.

“They know it’s not going to be a good fit,” Lamoreaux says, adding that some CIOs have told her that they recognized a need to move on when they started to feel stunted or worn down in their current role, rather than energized.

Still other CIOs decide to leave once they’ve accomplished what they set out to do, she says.

“When you hit certain stage gates, when you can say, ‘I did this. It’s going well. Wow, look at what I did.’ When you’re crafting those bullet points to go your resume and you say, ‘I don’t think I’m going to top that,’ then it may be time to look,” she adds.

Establishing the exit signs in advance

Raj Iyer had an approach like that when it came to his position as CIO for the US Army. Iyer accepted that post in late 2020, after working nearly six years at Deloitte Consulting first as senior manager for Technology Strategy, Defense and National Security and then managing director for Government and Public Services.

Iyer says he decided to take the Army CIO job because it “was a tremendous opportunity to serve our nation and give something back and to help shape its future.”

But he adds: “I also knew I wasn’t going to spend the rest of my career there.”

Iyer says he took the position with a transformation mandate, one that would require “running at 200% all the time every day” to create a “future-ready” organization that he outlined in his Army Digital Transformation Strategy.

He set objectives and deadlines, saying that having these in place motivated everyone to get the work done quickly and on time. And he gave himself a deadline of three years, aiming to hit the markers he had established for himself as CIO and then transition out.

“I knew I had to drive a sense of urgency, and to do that, I knew I had to put time limits on myself so I could pull everyone at a quicker pace than they were used to,” he says, noting that “the sooner I worked myself out of the job, the better for the Army and the nation.”

He further explains: “When you want to be a transformative leader and a change agent, there’s a certain lifespan you have. You can come in as an outsider, question the status quo, make changes. But the longer you stay, you become the status quo, and someone else then has to come in. And so I told myself when we got to a point where we had critical mass, where we built irreversible momentum, it was going to be time for me to leave.”

Iyer stepped down as Army CIO in March 2023 and joined ServiceNow as head of its Global Public Sector business.

Iyer says he has not set deadlines for himself in this new role, noting that his work and the sense of urgency are different at ServiceNow than they were at the Army. He says he’ll stay “as long as I’m challenging myself and I’m in positions where I am learning and can grow and work in a bigger scale than I was before.”

Seeking more challenges

The desire for growth is, in fact, a common refrain among CIOs as they talk about their career decisions and their decisions about whether to stay or leave.

It’s a big part of Mojgan Lefebvre’s story and her three-decade tech career. Lefebvre has been CIO at four companies, explaining that she decided to leave each role despite all their positive aspects for the chance to tackle new challenges.

“I knew I was ready to move,” she says, noting that they were calculated even if they weren’t easy to make.

As an example, she points to her decision to move in 2010 from her job as corporate vice president and global CIO of the French company bioMerieux to work as SVP and CIO of Commercial Insurance Business at Liberty Mutual Insurance.

“That was a tough call for me,” she says.

She had to weigh what she was getting versus what she was giving up, explaining that she would head up IT for a division that was bigger than bioMerieux but would no longer be reporting to a CEO but instead Liberty Mutual’s global CIO.

Lefebvre made the call to leave bioMerieux after a mentor advised her the move to Liberty Mutual “would be the best move you could make” if she aimed to someday be CIO of a large organization.

In fact, she credits that move for putting her on the path to Travelers. She left her position as senior vice president and CIO of Global Risk Solutions at Liberty Mutual in 2018 to become CIO at Travelers. She is now Traveler’s executive vice president and chief technology and operations officer.

Careers, CIO

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , ,

At Choice Hotels, cloud is a tool to help the hospitality giant achieve corporate goals. That can include making progress on immediate objectives, such as environmental sustainability, while keeping an eye on trendy topics such as the metaverse and ChatGPT.

“We’re investing in technology, we’re investing in leveraging the cloud to do meaningful things while we figure out what does tomorrow look like?” said CIO Brian Kirkland.

Kirkland will describe key points on how cloud is enabling business value, including its sustainability initiatives, at CIO’s Future of Cloud & Data Summit, taking place virtually on April 12.

The day-long conference will drill into key areas of balancing data security and innovation, emerging technologies, and leading major initiatives.

The program kicks off with a big-picture view of how the cloud will change the way we live, work, play, and innovate from futurist and Delphi Group Chairman and Founder Tom Koulopoulos. Afterward, he will answer questions in a lively discussion with attendees.  

Before organizations map an architectural approach to data, the first thing that they should understand is data intelligence. Stewart Bond, IDC’s vice president for data integration and intelligence software, will dissect this foundational element and how it drives strategy as well as answer audience questions about governance, ownership, security, privacy, and more.

With that foundation, CIOs can move on to considering emerging best practices and options for cloud architecture and cloud solution optimization. David Linthicum, chief cloud strategy officer at Deloitte Consulting and a contributor to InfoWorld, will delve into strategies that deliver real business value – a mandate that every IT leader is facing now.

Want to know how top-performing companies are approaching aspects of cloud strategy? Hear how Novanta Inc. CIO Sarah Betadam led a three-year journey to becoming a fully functional data-driven enterprise. Later, learn how Tapestry – home to luxury consumer brands such as Coach and Kate Spade – developed a cloud-first operating model in a conversation between CIO Ashish Parmar and Vice President of Data Science and Engineering Fabio Luzzi.

Another top trend is AI. Phil Perkins, the co-author of The Day Before Digital Transformation, will discuss the most effective applications of AI being used today and what to expect next.

At some organizations, data can be a matter of life and death. Learn about a data-focused death investigations case management system used to influence public safety in a conversation between Gina Skagos, executive officer, and Sandra Parker, provincial nurse manager, at the Province of Ontario’s Office of the Chief Coroner.

Throughout the summit, sponsors including IBM, CoreStack, VMware, and Palo Alto Networks will offer thought leadership and solutions on subjects such as new models of IT consumption, cloud security, and optimizing hybrid multi-cloud infrastructures.

Check out the full summit agenda here. The event is free to attend for qualified attendees. Don’t miss out – register today.

Cloud Management, Hybrid Cloud, IT Leadership, IT Strategy

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , ,

Purchase a cheap card swipe cloner off the Dark Web. Distract a hotel housekeeper for a moment and clone their master key.

Use your mark’s email address to access a login page. Choose to reset the password and have the code sent to the mark’s phone. Check their voicemail using the default last four digits of the number as the PIN.

Watch someone accessing their bank info or email account on their laptop in an airport lounge. They log off to get a drink but leave the laptop open. Quickly reset their password, sending the code to their phone which they conveniently left by their computer. Read the code off the phone screen without even unlocking the phone.

Or perhaps the easiest of all: wait for your victim to step away from their unlocked workstation and quickly copy down their plaintext passwords from their password manager app.

There are multiple takeaways from the examples above. First, attack surfaces continue to expand dramatically. The number and variety of endpoints are limited only by the imagination of the cybercriminal. 

Second, none of these attacks requires much technical sophistication. Even the Dark Web might be optional. Simply google for a variety of tools to accomplish the malicious goal.

But perhaps most importantly: no amount of expensive cybersecurity gear will keep someone from typing in their password in view of prying eyes, losing sight of their RFID badge for a moment, or unlocking their phone in the presence of a threat actor. In recent years, researchers have reported that 73% of mobile device users have (deliberately or accidentally) observed someone else’s PIN being entered.

Multifactor authentication and employee training help, but given time and opportunity, even less-experienced attackers can break into poorly secured accounts.

We call this a basic type of social engineering attack shoulder surfing

The simplest examples indeed involve looking over someone’s shoulder. The problem with shoulder surfing attacks is that there is no way to prevent all of them. Some of them are bound to succeed. 

As with the more widely known phishing attacks, all it takes is one vulnerable individual to break into an account—or into an entire organization.

Shoulder surfing mitigation: start with good cyber hygiene

Prevention will never stop all attacks, but an ounce of cyber hygiene still goes a long way. MFA is a must-have. Employee training should also include shoulder surfing awareness. 

You already have some form of social engineering mitigation (or if you don’t, then you should!). Shoulder surfing is technically a form of social engineering, but it differs from the more familiar approaches insofar as the target is often completely unaware they’re being pwned. 

Social engineering prevention techniques focus on awareness of social interactions and identifying suspicious behaviors. While this is an important piece of the puzzle, some attacks will still go unnoticed, no matter how diligent the victim is. 

Perhaps most important: adopt a zero-trust philosophy across your organization and cybersecurity roadmap. There is no longer any such thing as perimeter security. Do not grant trust without real-time evaluation of whatever network, device, or user account is accessing a resource. Trust, after all, is the most valuable asset an attacker can exploit.

The best solution: real-time detection of suspicious endpoint behavior

Regardless of the attack vector, or even the attacker’s level of stealth, shoulder surfing attacks are the beginning of an attack chain. All attack chains have one thing in common: the attacker wants to do something with their access that a compromised user wouldn’t normally do themselves.

In other words, fighting shoulder surfing and the attacks that it spawns depends upon behavioral analysis. What are the normal user behaviors when someone logs in or otherwise accesses an endpoint? Compare those to the actual behaviors for each attempt. Are they out of the norm?

Such behavioral analysis is a cybersecurity mainstay. When hunting or responding to abnormal behavior in your environment, there are some specific priorities to keep in mind:

Catching the perpetrators in real time is essential. Once the attacker has uploaded malware to the target system and begun the process of lateral movement, the scope of the attack (and cost of containment and recovery) has expanded. Effective behavioral analysis in real-time provides the opportunity to detect and respond to suspicious actions in seconds, not hours.The sorts of behaviors to look for are varied. It might be unfamiliar network traffic, newly installed software, or the plugging in of a new device. Suspicious behavior might also include unusual use of already installed apps or services, including uncommon usage patterns of common administrative tools like PowerShell.Something that is supposed to exist might be missing. Real-time awareness of health and configuration issues of critical security and incident response tooling is essential. Prime your environment operational efficacy at any moment by monitoring for disruptions to critical endpoint agents and endpoint detection and response (EDR) products.

Tools like the Tanium platform are adept at addressing all these priorities.

Be proactive

Despite huge investments in cybersecurity protection across the industry, breaches still occur and demand a multilayered approach to visibility, security policy enforcement, detection, and incident response. Security admins can then configure the appropriate endpoint security policies ahead of time, enabling the platform to evaluate behaviors in accordance with policies in real time.

Tanium can quickly assess your environment, and report on endpoint configuration and anomalies, apply configuration policies and automate updates and configuration to ensure that everything is in a ready state for rapid response when necessary. 

While social engineering and other shoulder surfing attacks may bypass much security tooling, the goal is to identify such anomalous use of access rapidly and evict the attacker before they accomplish their goals.

The Intellyx take

Endpoint protection has always been a cat-and-mouse game. The attackers are numerous, persistent, and imaginative.

Given the inexorable pace of technology innovation, with all the devices, applications, and protocols hitting the market every day, there are always new opportunities for hackers to find some new way to achieve their nefarious ends.

Individuals and their organizations must therefore take an active, multilayered approach to protecting themselves. Don’t trust any endpoint. Expect to be breached, nevertheless. And implement a platform like Tanium’s to keep one step ahead of the attackers.

Security

Posted on Posted in Digital transformation, General topics Tagged with , , , , ,

By Zachary Malone, SE Academy Manager at Palo Alto Networks

The term “shift left” is a reference to the Software Development Lifecycle (SDLC) that describes the phases of the process developers follow to create an application. Often, this lifecycle is depicted as a horizontal timeline with the conceptual and coding phases “starting” the cycle on the left side, so to move any process earlier in the cycle is to shift it left. “Shift-left security” is the concept that security measures, focus areas, and implications should occur further to the left—or earlier—in the lifecycle than the typical phases that used to be entry points for security testing and protections.

How did the term shift-left security originate?

Shift-left security spawned from a broader area of focus known as shift-left testing. The term was first coined by Larry Smith in 2001. Since then, the concept of shift-left security has continued to gain traction as organizations increasingly rely on the cloud and as higher-profile cyberattacks increasingly target development tools and pipelines for apps that are cloud-delivered and/or SaaS.

Why is shift-left security important in cybersecurity?

Simply stated, while the advancements of cloud services for developer and product teams provide incredible speed and breadth in delivering applications, they have also led to some extreme challenges in maintaining regulation and control. Security needs to keep up with the fast-paced growth and agility of development cycles and be flexible enough to support a broad array of cloud-delivered solutions.

The only common denominator in these new development workflows is the code that underlies everything from application to infrastructure is open and manipulatable to the development teams. As such, bringing security all the way “left” to the coding phase wraps security around the source of what malicious actors attempt to attack, leading to the greatest reduction in risk of exploits possible.

What is the spin around this shift-left security buzzword?

Like many cybersecurity buzzwords, many vendors treat shift-left security as “the only thing you need to be secure,” as if it were a panacea to security issues . In reality, this breaks the idea of Zero Trust as you would be implicitly trusting the developer/s and their coding abilities. Also, there is a distinct lack of consistent understanding and standard practice for how application development should work in a modern DevOps department—such as code supply chain (open source packages and drift) or integration tools (Git, CI/CD, etc.). This creates risks.

For example, if an organization believes, “Our data storage is freely open to everyone on the internet, but that’s not an issue because all the data is stored in an encrypted format,” this belief allows attackers to simply make a copy of the data and then work to either brute force the decryption or look for the keys in whatever storage place they happen to be.

What executives should consider when adopting shift-left security?

Shifting security left in your SDLC program is a priority that executives should be giving their focus to. The pervasive reach given to development teams to not only create business-critical applications via code but also to handle every step, from coding the application to its compilation, testing, and infrastructure needs with additional code, is an extraordinary amount of control and influence for a department that is singularly focused.

Extending security into all the workflows that development teams are moving into is the core ideology of shift-left security. However, it would be exceptionally risky to abandon or discredit the security programs that remain in the later or “right-side” stages of the lifecycle. Security needs to be wrapped around the entire lifecycle, from building the code to staging the surrounding deployment to, ultimately, the application and environment handling it.

Here are some questions to ask your team for a successful shift-left security adoption:

How can we envelop all the phases of our SDLC into our security program without creating a massive overhead of new tools to learn for each step covered?How do we enable our development team to correct simple security mistakes without delaying or blocking their ability to release critical applications and updates?We must integrate into the tools and workflows that our development uses to code, aggregate, test, and deploy. How do we accomplish this while still meeting the needs listed above?Suppose something does happen to be deployed insecurely. How do we send the request for a fix back into the workflow that our developers utilize with actual coding changes included automatically?Are there any platforms that can handle our need to shift left, protect our runtime environment, and feed into our security operations, governance, and compliance; infrastructure architects’ workflows to provide visibility, protection, and auditing layers for our entire application landscape?

Ready to elevate the security of your development lifecycle? We can help.

About Zachary Malone:

Zachary is the SE Academy Manager at Palo Alto Networks. With more than a decade of experience, Zachary specializes in cyber security, compliance, networking, firewalls, IoT, NGFW, system deployment, and orchestration.

Data and Information Security, IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , ,

We know that the Contact Center-as-a-Service (CCaaS) market is growing; an increasing number of companies are choosing this flexible model to support their CX operations, and this will continue through 2023. Vendors are also increasingly expanding the capabilities of their CCaaS solutions and evolving them at speed. What can we expect over the next 12 months? Here’s where Avaya sees the market heading…  

The Growth of Hybrid Cloud Among Large Enterprises

SMBs will continue to benefit from CCaaS this year with the ability to consume advanced capabilities that were previously out of reach. Enterprises, however, will use 2023 to gravitate towards a hybrid cloud approach as public cloud adoption grows and off-premises capabilities continually improve. Overall, it’s expected that 60% of enterprises will be using CCaaS by 2025. 

This transition is happening for several specific reasons:

Access to vendor-specific capabilities: The complexity of digital customer journeys, where no single vendor can adequately cover every necessary element, motivates vendors to partner and form multi-cloud systems. Large enterprises that leverage hybrid cloud benefit from innovative solutions composed of complementing capabilitieswithout having to abandon their on-prem investments. 

Innovation overlay: The pressure is on for enterprises to become more digital and agile using technologies like AI, automation, and API customization. A hybrid cloud environment allows them to leverage an innovation model that safeguards the stability of their existing operations. 

Reduced dependencies: A hybrid model allows enterprises to bring disparate IT environments together under a single management framework, minimizing dependencies between systems that run in different environments. 

Investment protection: Enterprises often contend with requirements of specific countries, industry verticals, or compliance and security policies and mandates. A hybrid cloud approach enables them to mitigate disruption as they migrate to the cloud in alignment with these requirements, ensuring service innovation and CX improvement irrespective of global economics and geopolitics. 

Cost optimization: Existing IT investments can’t be cost-effectively discarded in favor of new technology. A hybrid deployment model improves the economics of current investments by not disrupting users’ present environment. In fact, a recent study conducted by 451 Research across 10 countries found that, overall, the average savings possible for an enterprise with a hybrid cloud approach is 29-45%. 

On-premises and cloud both have demand for enterprises today. We expect 2023 to be a watershed year for enterprise CCaaS adoption, driven by hybrid deployment. 

Top CCaaS Capabilities of 2023 

A continued driver of CCaaS adoption will be innovation without disruption. Organizations are limited by proprietary, on-premises technology (hence why hybrid adoption will grow among traditional enterprises), meanwhile CCaaS capabilities continue to get better and better. These are the capabilities Avaya expects to be most popular this year:

1. AI and Machine Learning (ML)

AI and ML will continue to experience steady growth in the coming years. Large enterprises especially benefit from the ability to uncover operational efficiencies more quickly, reduce call volume (and thus, the burden on live agents), and help reps access information faster to accelerate resolution of issues. 

A quickly growing AI capability is AI noise removal, which eliminates unwanted background sounds for customers and agents during service conversations. AI-based voice and chatbots will also continue to grow in popularity. Any company that underestimates the value of AI in these areas will inevitably fall behind in 2023. 

2. Attribute-based Routing

It makes sense from both a cost and CX perspective to match customers with resources more intelligently based on business rules, internal and external context, and desired outcomes. Organizations can fine tune conversations, deepen customer relationships, and help agents succeed while improving First Contact Resolution (FCR) and reducing costly transfers.

3. Automated self-service

Give customers the freedom to choose their experience while reducing repetitive and routine calls for agents. Large enterprises once again stand to benefit most from the ability to automate processes and deliver faster response times across customers’ channels of choice. Web self-service portals, conversational IVRs, SMS, and live chat will all be in high demand for self-service this year.

The “freedom to choose” aspect of self-service is paramount and must be a top focus in 2023. Customers should never feel like they’re fighting an automated assistant to get what they want, nor should they be forced to use it. 

Greater Emphasis on Cost Containment

CCaaS helps contain contact center costs by improving contact duration and deflection, however, contact center projects in 2023 will need to show even more hard-cost savings in order to move forward. Avaya expects the following investments to be front and center as companies further tighten the reins: 

Identity and verification: Verifying and authenticating a customer in a contact center using common methods like Knowledge-based Authentication (KBA) takes anywhere from one to two and a half minutes. Research shows eliminating this time using Identity-centered Security can save as much as $3 a call, creating the potential for millions in annual savings while at the same time providing a better customer experience. 

Digital redirection: Redirecting calls to a digital or mobile self-service experience like SMS, messaging, chatbots, or a mobile app can save $3-5 per call, reducing interaction costs by up to 80% while giving callers the information they need more efficiently.    

CTI screen pops: The faster agents can access information, the faster they can resolve issues and move on to assist more customers. CTI screen pops can also help increase sales through targeted cross-selling and upselling by providing agents with the right information at just the right time. This will be a key investment in 2023.

Demand for Cloud Efficiencies and Security 

A big focus for 2023 will be minimizing the impact to the customer experience with increased data protection and privacy in the contact center. Can zero trust initiatives be successful without affecting customer perception? Absolutely. In fact, this is why Avaya is partnered with Journey, a digital identity verification and authentication platform provider that is blazing a trail in this field with award-winning innovation. 

Improving the speed, accuracy, and techniques used in contact center customer verification and authentication will be crucial this year for making necessary improvements to operational efficiency, security, customer experience, and costs. You can read this blog to learn more about how Identity-centered Security better protects customer data while increasing organizational efficiency. 

Want innovation without disruption? Register to attend Avaya Engage 2023 this June to learn what Avaya Experience Platform can do for your business.  

Hybrid Cloud

Posted on Posted in Digital transformation, General topics Tagged with , , , , ,

Don’t miss CIO’s Future of Digital Innovation Summit and Awards Canada, happening on November 29-30 produced by IDC and CIO, in partnership with TECHNATION. Registration is complimentary, and attendees will have the opportunity to gain the latest knowledge in innovation from experts in a broad range of industries.

The conference will kick off on November 29 with a keynote from Lee-Anne McAlear, Program Director, the Centre of Excellence in Innovation Management, York University. McAlear will focus on digital leadership in a time of continuous change. Kelley Irwin, Chief Information Officer, Electrical Safety Authority, Kalyan Chakravarthy, Chief Information Officer, the Regional Municipality of Durham, and Kyla Lougheed, Digital Transformation Lead, United Way Greater Toronto, will participate in the CIO Panel: Jumpstarting Innovation for Customer & Employee Experience. Theywill discuss developing new innovative capabilities to improve the customer and employee experience. In this interactive group session, you’ll have the opportunity to ask questions, share your thoughts, and dive into some of the lessons learned when implementing innovative projects.

The afternoon sessions include collaborative solutions for hybrid work environments presented by Aruna Ravichandran, SVP and Chief Marketing Officer, Webex by Cisco, and Culture, Growth, and the Modern Digital Enterprise, in which Sabina Schneider, Chief Solutions Officer – North America, Globant, will focus on current and future business environments. The day will end with a highly anticipated session on Transforming the Technology Foundations for Business Enablement and Agility with CIO Awards Canada Winners CIBC, represented by Richard Jardim, Executive Vice-President and CIO, and Bradley Fedosoff, Senior Vice-President, Architecture, Data and Analytics.

Day one offers a full day of insights and discussions with Canadian CIOs and senior technology leaders who are building digital innovation and transforming into digital businesses. Check out the full agenda here.

Day two, November 30, kicks off with a presentation on The End Game: How to Deliver Sustained Digital Innovation, lead by Nancy Gohring, Research Director, Future of Digital Innovation, IDC. Immediately following her presentation, you’ll be able to ask questions about the future of digital business. The final session before the double awards ceremony will be a fireside chat with Shaifa Kanji, Assistant Deputy Minister, Chief Digital Officer of DTSS, Innovation, Science and Economic Development Canada, interviewed by Angela Mondou, President and CEO of TECHNATION, who will discuss accelerated digitization in Canada. The summit will cap off with the best of the best, with the unveiling of TECHNATION’s Ingenious Awards, and then the CIO Awards Ceremony where we celebrate Canadian organizations that are using technology to innovate and deliver business value. To attend the summit and access the full agenda, register today.

C-Suite

Posted on Posted in Digital transformation, General topics Tagged with , , , , , ,

What you need to know about IoT in enterprise and education  

 
In an era of data driven insights and automation, few technologies have the power to supercharge and empower decision makers like that of the Internet of Things (IoT).  

 
As the adoption of IoT devices is expected to reach 24.1 billion by 2030, forward-thinking organisations and higher education institutions are realising that IoT technologies are providing access to insights and making things possible now that were too expensive or difficult just a few years ago.  

 
Sustainability and smart energy management are emerging as important IoT use cases, offering organisations real-time power usage monitoring and predictive analytics to reduce energy spending.  

 
In the future, IoT will play a critical role in enabling organisations to fulfil their ESG goals and demonstrate compliance to movements such as B Corp and the Climate Pledge

The potential use cases for enterprise users  

 
Futhermore, the potential use cases for IoT goes well beyond the confines of sustainability. For instance, organisations can even go as far as monitoring the air quality of spaces, to support the health and wellbeing of building occupants. 

 
Decision makers and facility managers also have the ability to monitor environmental factors like CO2 levels, which are known to impair cognitive function.  

 
IoT devices also can be used more broadly to help leverage maximum value from assets, by optimising room occupancy and utilisation, or tracking the location and usage of high value assets.  

 
Together these tools can help reduce carbon emissions, optimise processes and asset maintenance, and enable organisations to better comply with sustainability regulations and meet long-term green and operational goals.  

 
It is these widespread use cases that are contributing to the growth of the IoT market as a whole, which analysts predict will increase from a value of $384.70 billion in 2021, with some estimates putting the expected  value as high as  $2,465.26 billion by 2029. But it’s not just the commercial sector that can reap the rewards of IoT.  

How IoT can help education providers  

 
While IoT adoption in the education industry is in its infancy, these distributed devices have the potential to provide detailed operational insights and automation capabilities the same way they already do in commercial environments.  

 
Once again, the most potent use case of IoT devices is in supporting sustainability initiatives, enabling institutions to cut energy costs, optimise resource usage for water and gas, and meet their green goals.  

 
It also enables them to enhance their operations through enhancing the occupancy of classrooms, and monitoring learning environments for comfort, health and safety concerns, influencing factors like light, VOC, CO2, and sound, to ensure that students are in an ideal position to learn.  

Green Custard’s role in the IoT market  

 
One of the providers paving the way for the ongoing IoT revolution is Green Custard, a UK-based cloud native professional services company providing bespoke IoT solutions to organisations across the commercial, educational, and public sectors.  

 
Green Custard is also an Amazon Web Services (AWS) Advanced Tier partner, and one of a small number who specialise solely in IoT deployment and management.  

 
Leveraging AWS, Green Custard help to deliver products and services across IoT, edge, embedded, infrastructure, data analytics, mobile, and web applications with the necessary best practices, to help decision makers bring their green visions to life.  

For more information click here to find out how Green Custard can help your organisation. 

Education Industry

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , ,

If you’ve noticed changing patterns of fraud and the way your business manages fraud threats since the start of the pandemic, you’re not alone. Our latest survey of industry trends, with MRC and Verifi, the 2022 Global Fraud and Payments Report, highlights some important shifts in the extent of fraud and the way merchants are responding to it. It also reveals what merchants really think about upcoming rule changes.

Here are the key take-outs for 2022:

Fraud is on the rise…

For the second year running, fraud KPIs are on the rise. Estimated global revenue lost to fraud is up 16% — and in North America there was a sharp jump of 38%. 

% of revenue lost to fraud 1

Cybersource

…but spending on fraud is not

Despite the uptick in fraud, the overall amount merchants have spent on tackling fraud globally has flatlined since 2020. One explanation could be that managing fraud already accounts for a large proportion of merchants’ budgets. On average one-tenth of e-commerce revenue is spent on the issue. It’s a particular drain on resources for mid-sized firms:

% of eCommerce revenue spent managing fraud, by business size 2

Cybersource

Reducing manual reviews is in merchants’ sights

Given the significant ongoing costs of fraud management, it’s little wonder the majority of merchants are looking to reduce the amount spent on time-consuming manual reviews.

While most merchants foresee retaining a manual review process, 12% are planning to eliminate it entirely. In Europe this figure is even higher, with nearly one in five merchants planning a complete phase-out.

Role of manual review in future fraud management strategy 3

Cybersource

Merchants have a diverse armory

Fraud threats are a complex and constantly shifting threat, and merchants commonly use a number of approaches to tackle them.

On average, merchants use four different tools when detecting and thwarting fraud, although merchants who are members of the Merchant Risk Council typically use double that. Larger merchants also use a wider array of approaches than SMBs.

Global top five fraud-prevention methods 4

Cybersource

Changes are no big surprise

Regulatory changes are a potential minefield for merchants, but those we surveyed are generally pretty positive about incoming rules on customer authentication.

As the graph below indicates, merchants are feeling confident about the industry-wide implementation of EMV-3DS. Meanwhile changes to the EU’s Payment Services Directive (PSD2) are expected to have a major impact on organizations doing business in/with Europe. Here too, the vast majority of merchants feel at least partially prepared. 

Merchant preparedness for EMV® 3DS and PDS2 / SCA 5

Cybersource

To find out more download the Cybersource and Merchant Risk Council’s 2022 Global Fraud and Payments Report

1 2022 Global Fraud and Payments Survey Report, MRC. Figure 4, p7
2 2022 Global Fraud and Payments Survey Report, MRC. Figure 5, p8
3 2022 Global Fraud and Payments Survey Report, MRC. Figure 6, p9
4 2022 Global Fraud and Payments Survey Report, MRC. Figure 16, p18
5 2022 Global Fraud and Payments Survey Report, MRC. Figure 8, p11
Fraud Protection and Detection Software, IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , ,

By Viki Paige, Head of Broadcom Software Marketing

As recently announced, Hock Tan, Broadcom Inc.’s President and CEO, will be also directly overseeing the operations of the Broadcom Software Group. Now that Hock is leading Broadcom Software, we sat down with him to learn more about his career, personal philanthropy and areas of achievement.

Q: Having grown up in Malaysia, tell us a bit about how you got to the U.S. and what it was like to become an American citizen?

I came to the United States in 1971 on a scholarship to study at the Massachusetts Institute of Technology (MIT).  I was both fortunate and proud to attend MIT. The American college and post-graduate educational system has always been a magnet for aspiring students around the globe. Like so many world-class U.S. colleges and universities, MIT has opened many doors for me, and made it possible for me to live the American Dream. I graduated from MIT in 1975 with both my bachelor’s and master’s degrees in mechanical engineering, and then worked as a research engineer at Union Carbide Corporation for several years before attending Harvard Business School where I received my MBA in 1979. It was then in 1990 that I became an American Citizen.

Q: How have these defining moments shaped who you are and how you lead?   

I have the best job in the world as CEO of Broadcom because I get to work alongside some of the smartest and most creative people on the planet. Success is a team effort, and at Broadcom, we know that our talented workforce is our most valuable asset which is why we continue to take steps to ensure that we will have access to bright and hardworking talent in the future. The Broadcom Foundation, which funds science, technology, engineering and math (STEM) education programs for middle school students inside and outside the U.S., is just one example of how Broadcom is working to encourage the next generation to take an interest in areas of study that will be critical to the continued growth of both our company as well as our country.

Q: What was your career path to becoming Broadcom’s CEO?

My path to becoming CEO of Broadcom was not a straight line. After getting my MBA, I began my career in the auto industry with General Motors, before moving to the food and beverage industry and spending a few years at PepsiCo. From there, I held leadership roles at Hume Industries, in the building materials space, at PacVen Investments, a venture capital firm, as well as at Commodore International, best known for its personal computers.

I made the transition into semiconductors when I joined Integrated Circuit Systems (ICS) in 1994. Five years later, I moved from being CFO into the CEO role after leading a management buyout. It was while working at ICS that I first had the opportunity to collaborate directly with the U.S. Department of Defense, gaining a security clearance as part of the work we did on the radar systems for the Patriot anti-missile program.

We eventually sold ICS to Integrated Device Technology in 2005 and one year later, I was hired by the private equity firms Kohlberg Kravis & Roberts and Silver Lake Partners to become the CEO of Avago Technologies, which was a spin-out of the legacy Hewlett Packard semiconductors team. Avago later acquired Broadcom Corporation in 2016 and rebranded itself into the “Broadcom” that you all know today. I never would have predicted that I’d become CEO of this great company when I began my professional journey and consider myself fortunate to be where I am today.

Q: What personal initiatives and causes are important to you?

As I have had much good fortune in my life, it is really important to me to give back to the community and to others. Autism research is a cause that I’m deeply involved in and affects me personally as the father of two children with autism. My family has made substantial gifts to Harvard, MIT and Cornell to fund programs to improve the work-life of young adults with disabilities as well as to support research in the areas of neurodiversity.

Q: What has your greatest professional achievement been to-date?

I am very proud of the work that we have done at Broadcom in the 15+ years since I joined the company. The introduction of industry-pioneering products, such as optical navigation in PCS to the first Wi-Fi/Bluetooth/FM combo chip for mobile phones has enabled the company to achieve great success and to continue to be at the forefront of leading-edge innovation in technology. I look forward to welcoming the VMware team when the transaction closes to advance our strategy to build the world’s leading infrastructure technology company.

And if you haven’t taken a look, please visit https://Reimaginingsoftware.com, our recently launched website that contains useful materials about the VMware transaction and other relevant information.

About Viki Paige:

Broadcom Software

Viki is responsible for end-to-end marketing for Broadcom Software, ensuring that marketing strategies are developed and executed across the organization. Viki has extensive experience in product/solutions marketing, software solutions, and product strategy.

CEO, IT Leadership