Archive for January 18, 2023

SAP Labs Canada Appoints New Chief Operating Officer

Posted in Commentary with tags on January 18, 2023 by itnerd

SAP Labs Canada has announced the appointment of Christine Vukusic as its new Chief Operating Officer (COO). Christine will be operating, managing, and executing the strategic vision and mission of SAP Labs Canada by developing and implementing the operational plan for the organization and promote SAP’s award-winning company culture.

Labs Canada is one of seven SAP Global Research Hubs, which represent SAP’s most significant R&D locations, in terms of size and delivery of best-in-class solutions across the many SAP product portfolios. Based in Vancouver, Christine brings her over 15-year tenure with SAP to this new role. In her previous role, her passion for innovation with internal processes was her focus, as the manager of the SAP Language Experience North America team. Here she led a multi-functional team of developers, project managers, and language quality engineers providing industry-leading translation technology and processes across SAP. She joined SAP with a decade of tech industry expertise in growing teams and businesses.

The SAP Labs Canada team has been a big supporter of creating innovative outlets for its employees such as its sustainability and green technology expertise, the d-Shop technology makerspace, volunteer programs to support students and girls in STEM, and its valuable Internship Program. With the breadth and depth of her years of experience, Christine is ready for new challenges, inspiring ideas, and aims to showcase Labs Canada operations as an innovative gold standard.

Christine is known for always being one to step up to help SAP be stronger together. She has consistently been an advocate for diversity, inclusion, and employee engagement. This includes her role as a member of the Vancouver ELT, being co-chair of the Vancouver Business Women’s Network, sponsor for SAP Canada’s Green team and a steering member of SAP’s Indigenous Inclusion Initiative.

Nissan Took Six Months To Notify People Of A Data Breach

Posted in Commentary with tags on January 18, 2023 by itnerd

If you go to The Office Of The Maine Attorney General, and look at this data breach notification, you’ll quickly see the following:

Nissan North America has a data breach last June. Almost 18000 people were affected by this breach which was. caused by “Inadvertent disclosure, Insider wrongdoing” which means either someone on the inside screwed up or someone on the inside did something nefarious. The breach wasn’t discovered until the end of September, but Nissan North America didn’t let the public know until December.

That sounds pretty bad. But I will get back to that in a second.

Here’s what Nissan said:

The impacted third-party service provider provides software development services to Nissan. Nissan provided certain information to this service provider for processing during the testing of the software.

On June 21, 2022, Nissan received notice that certain data it provided for software testing had inadvertently been exposed by the third-party service provider. During our investigation, on September 26, 2022, we determined that this incident likely resulted in unauthorized access or acquisition of our data, including some personal information belonging to Nissan customers. Specifically, the data embedded within the code during software testing was unintentionally and temporarily stored in a cloud-based public repository.

And here’s the information that is now out there:

The information that was potentially accessed or acquired during the time that it was temporarily available on a public repository included your name, date of birth, and NMAC account number. This information did not include your Social Security number or credit card information.

Again, that sounds pretty bad. And I have to admit that my initial reaction was to say “WTF? Six months to notify people?” But here’s an alternate view of this from Ani Chaudhuri, CEO, Dasera:

Though Nissan allegedly took six months to disclose the data breach to the affected parties, it is clear that they took the incident very seriously and moved quickly to contain the damage and protect the affected individuals. We should work to appreciate the transparency and honesty with which they communicated the incident to the public, as any form of a data breach is extremely hard on a company due to potential damage to reputation, revenue, culture, etc. 

One of the key takeaways from this incident is that data breaches can happen to any company, regardless of size or industry. It is important for companies not to be afraid to disclose data breaches publicly, as it raises awareness and helps other organizations learn from the incident. By being open and transparent, Nissan has set an example for other companies to follow.

Moving forward, companies like Nissan can prevent data breaches with a robust data governance and security strategy by providing a framework for managing and protecting sensitive information. Some ways data governance can help prevent data breaches include:

  • Establishing clear policies and procedures for data management: Data governance policies and procedures can set standards for how data is collected, stored, and shared within the organization. By having clear guidelines in place, the organization can reduce the risk of accidental data breaches caused by employees not following proper protocols.
  • Identifying sensitive data: Data governance can help identify sensitive data by classifying data based on its level of sensitivity, and then implementing appropriate controls to protect that data. By identifying sensitive data, Nissan can take the necessary steps to protect it from breaches.
  • Implementing access controls: Data governance can help implement access controls to ensure that only authorized personnel have access to sensitive data. By implementing access controls, Nissan can ensure that vendor employees only have access to the data they need to perform their duties, reducing the risk of breaches caused by unauthorized access.
  • Regularly monitoring and auditing data: Data governance can help implement regular monitoring and auditing of data to detect any anomalies or suspicious activities that could indicate a data breach. By regularly monitoring and auditing data, Nissan can detect a data breach early on and take action to contain the damage and protect the affected individuals.
  • Conducting vendor risk assessment: Data governance can help implement a vendor risk assessment program that allows the organization to assess the security risk of their vendors and make sure that their vendors are meeting the company’s security standards. This can help Nissan to identify potential vulnerabilities and take steps to mitigate them before a data breach occurs.

Overall, a mature data governance and security strategy can help companies like Nissan prevent data breaches by providing a framework for managing and protecting sensitive information, and by identifying and mitigating risk.

While all of that is true, I do wish that the public knew of this sooner. Because the faster the public knows that something like this happens, the more able the public are able to take precautions from threat actors who would use this information for nefarious reasons.

DNV Discloses Ransomware Attack That Affected Ships At Sea

Posted in Commentary with tags on January 18, 2023 by itnerd

DNV, a maritime software supplier, has disclosed that it is the victim of a ransomware attack that has affected about 1,000 vessels. The ransomware attack took place on the evening of January 7th. In response to the incident, the company has shut down the IT servers connected to the ShipManager system operated by the company. At this time, the company has yet to disclose the strain of ransomware that infected its systems.

Dr. Darren Williams, CEO and Founder, BlackFog, has offered perspectives on this news:

     “Although the strain of ransomware used in this attack is still to be officially declared, the first major concern that comes to mind in relation to the attack at Maritime DNV is it adds yet another critical infrastructure victim to the list. With a global war at play and the DNV holding a global market share of 21% of the solutions and services of any maritime vessel, suppliers such as the DNV are ideal victims for attackers due to the large-scale disruption they can potentially cause.

As we wait for more details on the DNV attack, we can be confident that data exfiltration and extortion were a motive for the currently unknown attackers. With 89% of all publicly disclosed attacks in 2022 exfiltrating data, it’s evident that bad actors have moved on from encryption well and truly. The escalation and severity of the attacks we are seeing on a regular basis clearly demonstrate that older technologies relied on by organizations are insufficient when it comes to preventing ransomware. 

In any case, once access to a system is gained by attackers, it is only a matter of time before ransomware is deployed. In addition to reporting the incident to the authorities and shutting its IT servers down, as the Norwegian supplier has done, organizations must refuse to pay the ransom where possible, and focus on preventing data exfiltration to put a stop to ransomware and extortion. Fortunately, third-generation cybersecurity tools have been specially designed to do this. Organizations adding this technology to their cybersecurity stack in 2023 will stay out of the ransomware headlines while attackers move on to less protected companies.”

This shows the effects of a ransomware attack can be downstream in nature. Which makes stopping ransomware attacks of paramount importance.

Radiant Logic Announces 4th Consecutive Year of Profitable 20%+ Revenue Growth and 95%+ Customer Retention Rate

Posted in Commentary with tags on January 18, 2023 by itnerd

Radiant Logic, the enterprise Identity Data Fabric company,  delivers a 4th straight year of profitable growth and an expanding customer base despite economic uncertainty. In 2022, Radiant Logic delivered 20%+ revenue and EBITDA growth on the strength of the RadiantOne platform’s ability to harness identity data to unlock meaningful business value for enterprise organizations. Radiant Logic also maintained its world-class customer retention rate of 95%+ and further invested in the success of its customers with the appointment of its first Chief Customer Officer, Dieter Schuller, a 22-year Radiant Logic veteran. 

According to Gartner, “IAM leaders must start with a strategy for managing identity data. Identity data drives your IAM engine.[i]” The past year saw a growing recognition of identity data management as an important discipline with cybersecurity and an essential component of the identity fabric architecture. As IAM maturity models demand a composable, unified operating model, the role of accurate and available identity data becomes a prerequisite. 

Radiant Logic’s Intelligent Identity Data Platform continues to act as the cornerstone in many of the world’s most complex identity infrastructures. The company had some notable customer deployments in 2022, including providing the identity data foundation at Defense Information System Agency (DISA), and enabling the Naval Identity Service in the Department of Navy. 

Radiant Logic also recently released the commissioned Total Economic Impact™ study conducted by Forrester Consulting, which demonstrated an ROI of 239% and an 80% increase in efficiency, among other quantified benefits. By deploying RadiantOne to address these challenges, a composite customer achieved a 239% ROI on the initial investment (totaling $20.3M over three years), with technical debt reduced by $9.2M, operational efficiency improved by 80% by year three and risk of a data breach reduced by 25% by year three.

DH2i Marks 2022 As Another Year of Record Product Innovation, Strategic Partnership Development and Industry Acclaim

Posted in Commentary on January 18, 2023 by itnerd

DH2i®, the world’s leading provider of always-secure and always-on IT infrastructure solutions, today announced that 2022 marked another year of record product innovation, strategic partnership development and industry acclaim. Building on an already enviable track-record of delivering the most advanced and real-world proven smart high availability (HA) clustering and software-defined perimeter (SDP) solutions for Windows, Linux and containers, DH2i announced the following last year:

Product Innovation:

Strategic Partnerships:

Awards and Accolades:

Lumenova AI Empowers Companies to Make Responsible AI a Part of Their DNA

Posted in Commentary with tags on January 18, 2023 by itnerd

Lumenova AI, the platform that automates the Responsible AI lifecycle, announced today that it has officially launched to enable organizations to understand deeply complex models and gain insights into what’s driving the AI decision-making process. With the company’s leading-edge technology, its clients can detect deep-rooted biases, optimize their models’ reliability and robustness, and build trust and transparency into their AI.

While most business leaders believe AI is their key to competitive advantage, many report it is still not used as widely as possible in 2023 — a decade into the AI revolution. Amongst the barriers, enterprises need help understanding their own deeply complex models, scaling their systems and reaching deployment. Responsible AI, a framework that helps organizations address ethical and legal challenges, explain how their AI works, and improve data integrity, security and resilience, as well as accuracy and validity around Artificial Intelligence, is part of the solution.

The company offers its customers the most complete Responsible AI solution. It provides for policy development to help prepare for regulations and internal requirements with its custom frameworks. It offers technical evaluation by opening the algorithmic “black box” to evaluate risks and quickly detect performance opportunities. It also provides monitoring and remediation to help assess and manage potential issues proactively.

This is not a one-time endeavor. Achieving a successful Responsible AI program is a journey and a complex process involving multiple steps and stakeholders. Lumenova AI’s platform, extended team of business consultants and ML engineers help customers navigate the ever-changing regulatory landscape through end-to-end guidance and practical support.

Driving the new generation of Responsible AI

Lumenova AI is committed to delivering value through its state-of-the-art AI Trust Platform that enables businesses to make AI ethical, fair, transparent and accurate. With over 15 years of experience working with related technologies, such as data, machine learning and the cloud, and over three years of experience in Explainable AI, we pledge to be pioneers of change and help organizations make Responsible AI a key pillar of their ML strategy.

About Lumenova AI

Headquartered in Los Angeles, Lumenova AI empowers organizations to make AI ethical, transparent and compliant with new and emerging regulations and internal policies. As an end-to-end solution, Lumenova AI streamlines and automates the entire Responsible AI lifecycle, so enterprises can efficiently map, manage and mitigate AI risk, comply with regulations and maximize the inherent value.

Lumenova caters to a diverse group of stakeholders, including business leaders, IT leaders, and the risk and compliance community. It allows them to analyze and optimize model performance, increase robustness and promote predictive fairness across all dimensions of trust. Their extended team of technical experts and business consultants can also provide strategy and execution consulting for enterprises to design and deploy Responsible AI at scale.

For more information, please visit www.lumenova.ai.

Guest Post: New Linux malware hits record highs in 2022, rising by 50%

Posted in Commentary with tags on January 18, 2023 by itnerd

Despite Linux’s reputation as the most secure operating system, it is not immune to malware. In fact, Linux malware has become increasingly prevalent in recent years as more and more devices and servers run on Linux operating systems. 

According to data analyzed by the Atlas VPN team based on malware threat statistics from AV-ATLAS, new Linux malware threats hit record numbers in 2022, increasing by 50% to 1.9 million.

The majority — 854,690 — of new Linux malware samples were detected in the first quarter of 2022. In the second quarter, new malware samples dropped by almost 3% to 833,065.

New Linux malware numbers plummeted again in the third quarter of the year, this time by a whopping 91% to 75,841. However, in the fourth quarter of 2022, they picked up again, growing by 117% to 164,697. 

Other operating systems see a decline in new malware 

While Linux malware reached never-before-seen numbers in 2022, the total number of new malware developments actually fell. Compared to 2021, when 121.6 million samples were detected, new malware numbers dropped by 39% to 73.7 million in 2022. 

Android saw the most significant fall in newly-programmed malware. New Android malware samples declined by 68%, from 3.4 million in 2021 to 1.1 million in 2022.

Next up is Windows. Despite being the most targeted operating system last year, with over 95% of all new malware threats aimed at it, Windows still had a 40% decline in new malware samples. They fell from 116.95 million in 2021 to 70.7 million in 2022. 

Finally, new malware applications aimed at macOS plunged by 26% from 17,061 in 2021 to 12,584 in 2022. 

To read the full article, head over to: https://atlasvpn.com/blog/new-linux-malware-hits-record-highs-in-2022-rising-by-50

BlackFog Annual State of Ransomware Report For 2022 Is Out

Posted in Commentary with tags on January 18, 2023 by itnerd

BlackFog has today released their 2022 full Annual Ransomware Attack Report. Since 2020 BlackFog has measured publicly disclosed attacks globally. The 2022 ransomware attack report reflects on the key findings from 2022. They have also published a blog discussing the key lessons learned from ransomware in 2022 which expands on the general trends they see going forward. Reading this will give you an idea of what’s likely to come in 2023 based on the attacks of last year.

The full report can be found here: https://www.blackfog.com/wp-content/uploads/2023/01/2022_Ransomware_Report_v2.pdf

OpsGuru Announces Team Up With AWS

Posted in Commentary with tags on January 18, 2023 by itnerd

OpsGuru, a Carbon 60 Company and a leading Canadian cloud consulting organization, today announced it has signed an expanded multi-year strategic collaboration agreement (SCA) with Amazon Web Services (AWS). This multi-year agreement builds on OpsGuru’s existing AWS expertise and further allows the organization to accelerate digital transformation initiatives for the benefit of Canadian companies. 

As an AWS Premier Tier Service Partner in the AWS Partner Network (APN), OpsGuru is continuously adding to its key AWS competencies and holds five AWS competencies including AWS Migration Consulting Competency, AWS SaaS Consulting Competency, AWS DevOps Consulting Competency, AWS Networking Consulting Competency, and AWS Microsoft Workloads Consulting Competency. OpsGuru’s team maps their deep technical expertise with solutions and leadership in the cloud computing consulting industry.

OpsGuru, A Carbon60 Company, guides organizations through digital transformation journeys with deep technical expertise, service, and partnerships. We live and breathe cloud technology, helping customers focus on their business objectives by relieving them of the mystification of the cloud. We focus on solutions such as cloud adoption, application modernization, Kubernetes enablement, managed cloud operations, cloud security, and data analytics services. For more information, visit www.opsguru.io.

New LinkedIn Data On the 20 Fastest-Growing Job Titles in Canada

Posted in Commentary with tags on January 18, 2023 by itnerd

Despite economic uncertainty and global hiring slowing down, a recent global survey from LinkedIn reveals that 60% of professionals are considering a new job this year – driven by the desire for bigger salaries as the cost-of-living increases. The survey found that 38% desire higher pay while also revealing that 30% are looking to pursue a better work-life balance.  

To provide insight on these trends, LinkedIn’s 2023 Jobs on the Rise list shows the 20 fastest-growing jobs in Canada, offering insights into where job seekers can find opportunity and stability as they search for their next role. The report features links to open positions, average salaries, remote work availability, the top skills for each role along with free LinkedIn Learning courses.  

The top 5 roles in Canada include:  

  1. Growth Marketing Manager – including work in sales, marketing, and communications, and using data to develop and communicate strategies and processes to increase business revenue. 
  2. Product Operations Manager  usually have a cross-functional role, working with management and companies’ various teams to build and oversee the effectiveness of business processes, operations, products and/or services. 
  3. Dispensary Technician – typically involves taking and filing out orders at cannabis dispensaries. 
  4. Technical Program Manager – work involves developing and managing organizations’ various technical projects and programs. 
  5. Sustainability Manager – works to balance an organizations’ needs with its capacity for sustained profitability, involving the monitoring and forecasting of its impact on the surrounding environment.    

The full list, including industry, region, and salary insights for each role can be found here.

Methodology 

LinkedIn Economic Graph researchers examined millions of jobs started by LinkedIn members from January 1, 2018 to July 31, 2022 to calculate a growth rate for each job title. To be ranked, a job title needed to see consistent growth across our membership base, as well as have grown to a meaningful size by 2022. Identical job titles across different seniority levels were grouped and ranked together. Internships, volunteer positions, interim roles and student roles were excluded, and jobs where hiring was dominated by a small handful of companies in each country were also excluded. Additional data points for each of the job titles are based on LinkedIn profiles of members holding the title and/or open jobs for that title in the country.