CYBER WEEK RESULTS: Online Sales In Canada Down 8% YoY, But Up 2% globally

Posted in Commentary with tags on November 30, 2022 by itnerd

As Cyber Week 2022 draws to a close, Salesforce released its annual Cyber Week report, which analyses shopping data from over one and a half billion shoppers on the Salesforce Customer 360 platform. Overall, global sales reached $280.8 billion, a 2% increase YoY. However, Canadian shoppers held back as compared to last year.

In Canada, over the course of Cyber Week we saw:

  • Online sales down 8% YoY
  • While the online sales were down as compared to last year, the average order value was up by 0.3% at $106
  • Overall traffic was down 1% YoY. In terms of device traffic, mobile proved to be the most popular for shoppers to visit from, with 70% of Black Friday traffic coming from mobile, 29% from computer and 3% from tablet

Further information on the results is available in the Holiday Hub, which has been updated daily over Cyber Week.

UK Updates Cyber Security Regulations To Include MSPs

Posted in Commentary with tags on November 30, 2022 by itnerd

The UK Government has just updated their Network and Information Systems (NIS) regulations in order to bring providers of outsourced IT and managed service providers (MSPs) into scope. The regulations were introduced to improve the cyber security companies which provide services to energy, healthcare and transport sectors. Fines of up to £17m will could be issued for non-compliance.

Yaron Kassner, CTO and Cofounder, Silverfort had this commentary:

“The Government’s decision to update these regulations reflects how MSPs present a ripe target for attackers.

“As central points of cybersecurity management for lots of organizations – they provide a jumping-off point for lateral movement inside a large number of environments. As we saw with Operation Cloudhopper – attackers were able to access MSP customers using seemingly legitimate credentials, before moving through the network to exfiltrate data.

“While controls such as MFA on internal resources could technically help address attacks like this, the regulation provides a necessary impetus to ensure MSPs act according to best practice.”

Many clients that I work with use MSPs and they, along with anyone else who uses an MSP should heed this advice.

Telstra Taps Katy Greenfield to Lead Customer Solutions for the Americas

Posted in Commentary with tags on November 30, 2022 by itnerd

Telstra has named Katy Greenfield as Vice President of Customer Solutions for the Americas. She will lead a specialized team working directly with enterprises across the region to develop customized network connectivity products and services.

In her new role, Greenfield will draw on a diverse background in retail, commerce, information technology and telecommunications with direct experience in network infrastructure, operations and logistics, product development and cross-functional project management.

Her career includes a range of technical and sales management roles, most recently with Boulder, CO-based Zayo Group as Director of Solutions Engineering. She will report to Noah Drake, President, Americas for Telstra.

Greenfield is a certified AWS Solutions Architect and holds a Bachelor of Science in Business Administration from the University of Colorado at Boulder.

Venafi Releases The Top 10 Cybersecurity Trends for 2023

Posted in Commentary with tags on November 30, 2022 by itnerd

Venafi, the inventor and leading provider of machine identity management, today released its predictions for the cybersecurity landscape in 2023, indicating that this will be one the most challenging years yet for the cybersecurity industry.

“With economic uncertainty casting a heavy shadow across the globe, the geopolitical landscape the most unstable it’s been in decades and cloud migration marching on relentlessly, cybersecurity has never been more important. This will present unprecedented challenges for security teams in 2023,” comments Kevin Bocek, VP of security strategy and threat intelligence at Venafi.

The predictions include insights from Bocek; Matt Barker, president of cloud native solutions; Yana Blachman, threat intelligence specialist; Sitaram Iyer, senior director of cloud native solutions; and Pratik Savla, lead security engineer, on the year ahead. Highlights include:

  1. The ransomware cash cow may stop mooing in 2023, forcing hackers to pivot to other revenue generators – like selling stolen machine identities. We’ve already seen a high price for code signing machine identities on dark web markets, and groups like Lapsus$ regularly use them to launch devastating attacks. Their value will only increase this coming year.” – Kevin Bocek
     
  2. In 2023, we will see continued efforts to manage the risk posed by software supply chain attacks, with more start-ups and open source tools – like cosign and sigstore – designed to help in this area. Biden’s SBOM initiative has helped bring attention to the requirement, with The OpenSSF leading the charge. As a result, we expect to see some positive movement in this space.” – Matt Barker
     
  3. Russian cyberattacks will aim to disrupt the West’s greatest asset – their economies – as Russia is excluded from the international finance community. Cyber-enabled economic warfare will be crucial to Russia’s geopolitical strategy, with the aim of either generating revenue or disrupting rival economies. We’ve already started to see this with recent attacks on the US Treasury.” – Yana Blachman
     
  4. Nation state attacks will become more feral as ground war tactics become more untamed and unpredictable, bringing the cyber and physical worlds into a collision course. These will have the potential to spill over into other nations, as Russia becomes more daring, trying to win the war by any means – and could be used as a distraction to target other nations with cyberattacks.” – Kevin Bocek
     
  5. The rise of the platform engineering team will be one of the big trends of 2023. Cloud Native reimagines how companies think about building and operating infrastructure; they require a totally new team to build and support it. Platform engineering teams will build on the learnings of DevOps culture, encompassing every persona needed to build and run IT infrastructure – including Dev, Security and Operations.” – Matt Barker
     
  6. As we build our knowledge of cloud risk, we’ll start to uncover breaches we knew nothing about. We’ll find that threat actors are ahead of the curve and have already infiltrated cloud networks – perhaps weeks, months or even years ago.” – Yana Blachman
     
  7. There will be more failed audits in regulated industries as multi-cloud, multi-cluster complexity causes companies to breach compliance requirements. The increased volume of machine identities in cloud native environments will make compliance with regulations on machine identity management a real challenge. If this process isn’t automated via a control plane, failed audits will become commonplace.” – Sitaram Iyer
     
  8. With cloud costs predicted to rise by as much as a third in the coming year, we will see an increased focus on FinOps – i.e., financial operations – a management practice to promote shared responsibility for an organization’s cloud computing infrastructure and costs. How FinOps is implemented in Cloud Native and which tools you should use to help manage it, including security solutions, will come into sharp focus in 2023.” – Matt Barker
     
  9. In 2023, API security will rise to the top as one of the biggest concerns and priorities for enterprises as organizations increasingly move to an API-first software development approach. This exponential adoption of APIs will exacerbate security concerns, with the potential to cause significant security breaches.” – Pratik Savla
     
  10. As recession bites, we expect to see more everyday people turning to cybercrime as a source of income in 2023. Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) will rise, as they enable people that don’t have technical skills to launch attacks.” – Yana Blachman

News From Waze: Canadian Traffic Trends For 2022 And Drive with Santa And Mrs. Claus

Posted in Commentary with tags on November 30, 2022 by itnerd

With the holidays quickly approaching and 2022 coming to a close, community-based navigation app Waze is today sharing two announcements: The first is related to the jolly man himself, while the second concerns a look back at traffic trends across Canada over the last year – including the most trafficked destination and city-related trends:

Canadian Traffic Trends for 2022: Waze’s Year-in-Review Data
Drivers are returning to the office this Fall; eight cities saw a triple-digit percentage jump

1. GO FOR A FESTIVE DRIVE WITH SANTA

Beginning now, drivers can get into the holiday spirit and go for a festive ride with Santa or Mrs. Claus. With the new holiday experience in Waze, you can select Santa as your guide while navigating over the holidays, have his signature Sleigh as your vehicle and swap out your Mood for Santa. This year Mrs. Claus joins the holiday experience (please note: Mrs. Claus is only available for users selecting English US as their Waze voice). As the real brains behind the North Pole operation, Mrs. Claus will offer a twist on the holiday theme as one-part friendly grandmother and one-part savvy business woman — complete with a friendly, but no-nonsense Mood and a vehicle fit for an executive. 

You can activate this holiday experience in the Waze app by tapping “My Waze” and the “Drive with Santa” banner. If Mrs. Claus is available for you, she’ll appear in your selection card. Santa Claus is available in English, French and Spanish globally, and Mrs. Claus is available in English U.S.


For more details about the holiday experience, a blog post can be found here:https://blog.google/waze/go-for-a-festive-drive-with-santa-and-mrs-claus/

2. TOP TRAFFIC TRENDS ACROSS CANADA:

Waze also took a look in the rear view mirror and today revealed the most trafficked destination for Canadians using the app this year, plus other traffic trends for 2022:

  • Home was the most trafficked destination in 2022 to date, followed by school (#2). Food and drink, restaurant and shopping centre round out the top 5 destinations with hospital and medical centre ranked at #6. This is a change since 2021, when home, restaurant and park were top destinations, with school ranking after that. This reflects schools across the country opening back up to in-person learning this past September.
  • While “office” was not included in the top 10 destinations in 2022 (“office'”was ranked #32), Waze found that commuting to “office” across Canada increased significantly in October compared to January 2022. Triple-digit percentage changes in traffic were recorded in these metro areas:
    • Quebec City (+263 per cent)
    • Kitchener-Cambridge-Waterloo (+173 per cent)
    • Calgary (+172 per cent)
    • Hamilton, Ont. (+161 per cent)
    • Montreal (+157 per cent)
    • Ottawa-Gatineau (+146 per cent)
    • London, Ont. (+129 per cent)
    • Greater Toronto Area (+111 per cent)
  • Drives to restaurants across Canada increased 30 per cent, comparing October 2021 to October 2022.  Kitchener, Cambridge and Waterloo metro areas saw a 69 per cent increase, while Calgary and Edmonton saw a 30 per cent increase. Ottawa, Greater Toronto Area, Hamilton, Montreal and London all saw at least 20+ per cent increases.
  • Canadians seemed to stay home this Thanksgiving with cities including Winnipeg, Vaughan (Ont.), Ottawa, Edmonton, Toronto, Calgary, Montreal and more all showing significant drops in traffic on October 10, when compared to the previous week.

    However in Niagara Falls and London (Ont.), drivers were out and about with traffic increasing in those cities on Thanksgiving Day.
  • Data also showed that August was the month with the most kilometres (kms) driven across the country for 2022, while January was the month with the least kms driven.
  • When looking at busy times in select cities, navigation to popular tourist destination Niagara Falls shot up 94 per cent in August 2022 compared to July. This coincided with the city’s hosting duties for the Niagara 2022 Canada Summer Games, which took place August 6-21, 2022. Ottawa also saw a spike; traffic increased 29 per cent during the January 22 – February 23, 2022 timeframe, compared to the previous time period.
  • Back to school resulted in increased traffic in university cities across the country over the Labour Day long weekend, including Waterloo, Ont. (+74 per cent), Kingston, Ont. (+69 per cent), London, Ont. (+26 per cent), Halifax (+22 per cent) and Guelph, Ont. (+11 per cent). Looking at the week after the Labour Day long weekend (September 6-9), Kingston saw a 109 per cent increase in traffic (Halifax +50 per cent; Waterloo +20 per cent; London +9 per cent).

Guest Post: Over 90% of online trackers are from Google, Facebook, and Microsoft

Posted in Commentary with tags on November 29, 2022 by itnerd

Online data trackers on websites are used to follow your browsing habits, IP address, and personal information. According to the data presented by the Atlas VPN team, 93.7% of online trackers are from Google, Facebook, and Microsoft. Beyond trackers, other web privacy threats, such as session replay and fingerprinting, are also present.

Notably, Google’s trackers make up 49.9% of all trackers found on the web. They follow your activity on their apps and services and have an extensive set of data based on how you interact and what purchases you make.

YouTube and ad network Doubleclick, which belong to Google, also have a significant share of trackers online. YouTube has a 13.8% share, while Doubleclick trackers make up 8.3%.

Out of all trackers, Facebook’s trackers make up 15.7% of the share. Facebook has suffered multiple data breaches in the past and has been involved in privacy scandals.

Microsoft’s trackers are the least common in this list, with 6% of the share. Finally, Hotjar has a 6.3% share of trackers online. Their tracker helps websites collect your IP address, device type, operating system browser type, window size, and content.

Other web privacy threats

Beyond trackers, other web privacy threats exist that can corrupt your safety online.

Session replay script was found in 35% of the scanned websites. This type of threat captures visitors’ journey on the website. During the recording of the user’s session, the script may also capture personal identifiable information (PII).

Fingerprinting scripts were present in 30.9% of websites. About one out of four (24.9%) websites had a newly registered domain name. Foreign actors from countries like Russia, Belarus, China, and Iran originated 9% of malicious scripts. Malware and bad SSL were each present in just 0.1% of websites.

To read the full article, head over to:

https://atlasvpn.com/blog/over-90-of-online-trackers-are-from-google-facebook-and-microsoft

  over-90-of-online-trackers-are-from-google-facebook-and-microsoft

Take Control of Cloud Costs and Maximize Cloud Benefits: Aptum Cloud Impact Study

Posted in Commentary with tags on November 29, 2022 by itnerd

Aptum, a hybrid multi-cloud managed service provider, has announced Part 3 of its annual Cloud Impact Study 2022, titled Taking Control of Cloud Costs. The findings reveal cloud computing has resulted in higher-than-expected costs for 73 per cent of IT decision-makers – a notable increase of 28 per cent from just over half (57 per cent) of companies in 2021. The report explores the common financial drivers behind cloud computing, and the causes of its unplanned expenses. 

Overall, cloud computing has given respondents more control over IT expenditure, with more than half (63 per cent) of respondents saying cloud transformation positively impacts IT spending, and the majority (86 per cent) saying cloud technology is essential to their company’s financial security. 

The operating expenditure (OpEx) payment structures of cloud computing allow organizations to pay for the compute and storage they use, while also monitoring monthly usage and spend. The study’s respondents concur: 71 per cent believe cloud transformation positively impacts operational efficiency. 

However, 65 per cent of surveyed IT decision-makers reveal they have “wasted significant IT spend due to cloud inefficiencies” and only 20 per cent of respondents have a holistic strategy in place when it comes to their transformation. The report identifies the most common causes of unforeseen costs and details how businesses can overcome these hurdles to succeed and drive business growth. The top causes of unforeseen costs include the following: 

  • Lack of familiarity with the cloud – Limited internal knowledge, expertise and resources are obstacles to managing cloud effectively.
  • Runaway cloud costs – When businesses do not configure the cloud to scale up and down effectively, they often consume more resources than predicted. 
  • The ‘Hotel California of Cloud’ effect – Cloud is temptingly easy to enter, but hard to leave. To avoid egress charges, planning and expertise are crucial to choosing the best cloud infrastructure for workloads.
  • Hybrid complexity – Mixing hybrid, multi-cloud and legacy infrastructure platforms has its own additional management costs associated to it. 
  • Cloud modernization – Organizations are increasingly looking to modernize their cloud applications. However, lack of expertise and legacy systems often add complexity and costs for those looking to do this.
  • Wrong consumption model – Companies unfamiliar with cloud may find themselves adopting the wrong consumption model.

The full report provides detailed insight into the true cost of cloud, and calls for businesses to optimize their cloud environment and make the most of their cloud budgets.
To see the full findings from part three of Aptum’s Cloud Impact Study 2022, Taking Control of Cloud Costs, download the report here: https://aptum.com/cloud-hub/2022-cis-part-3/.

To see the full findings from part two of the report, Solving the Security Equation, download the report here: https://aptum.com/cloud-hub/2022-cis-part-2/.

For part one of the report, Hybrid: Why and How– Applying Lessons from Digital Transformation, visit here: https://aptum.com/cloud-hub/2022-cis-part-1/.

The study canvassed the opinions and approaches to cloud technology of 400 senior IT professionals. Respondents were from organizations with 250+ employees in the U.S., Canada and UK. Industries included financial services, technology, telecommunications, manufacturing, retail, public education, and the commercial sector.

Apple Appears To Have Deleted Its Tweets From Twitter

Posted in Commentary with tags , on November 29, 2022 by itnerd

If you go to Apple’s Twitter page, you’ll see something interesting. Which is nothing:

Apple appears to have deleted everything from their Twitter page. There is literally nothing left. I also checked Apple Podcasts and Apple Music and the same thing hasn’t happened on those two twitter accounts. But you have to wonder if that’s going to happen shortly. This has to part of what set Elon off yesterday when he went on multiple Twitter rants about Apple. Then there’s likely the fact that Apple not advertising on Twitter will cost him about $100 million. Either way, Apple is expressing its displeasure with Elon as only Apple can.

The next few days should be interesting to watch.

As Twitter Restores Banned Accounts, Things Go REALLY Downhill For The Social Media Platform

Posted in Commentary with tags on November 29, 2022 by itnerd

Since starting to cover this story, I’ve been saying on a daily basis that it cannot possibly get any worse. Except that it keeps getting worse and at some point, things will break for Twitter and it will be game over for the platform and it’s rather unstable leader Elon Musk. Here’s what’s happened overnight. And it’s a lot so buckle up:

First up, banned accounts are returning today. And according to Platformer around 62,000 banned or suspended accounts with 10k+ followers have so far been reinstated:

In fact, since Musk’s poll, Twitter has begun the process of reinstating roughly 62,000 accounts with more than 10,000 followers, Platformer has learned, including one account that has over 5 million followers, and 75 accounts with over 1 million followers. (The identities of the accounts could not be learned before press time.) Internally, employees have referred to this event as “the Big Bang.”

The project could cause more instability at Twitter at a time when the company is hemorrhaging engineering talent, according to current employees. Each reinstatement requires Twitter to rebuild a social graph, activating data on who the account follows and who follows the account. For large accounts like Trump’s, with 88 million followers, that’s millions of lists that Twitter has to update and maintain. 

Also, the same Platformer article shows that Musk has apparently come up with his own “reality distortion field” when it comes to Twitter Blue:

The move also comes the same week that Musk plans to relaunch Twitter Blue, allowing anyone to buy a verified badge for $8 a month. An internal document about the launch, designed for employees in sales, says that impersonations have been “extremely rare,” despite all evidence to the contrary

“We anticipated early efforts like this from bad actors, and we are adapting dynamically to prevent and detect them,” the document reads. What about “large scale coordinated misinformation attacks funded by wealthy organizations or governments?” the document asks. “Large-scale bad actors would also require a huge supply of unique credit card numbers and mobile phones,” the document says. “As we detect and suspend these, the logistical hurdles to re-offend at scale become insurmountable.”

Uh… No. We saw what happened the last time. It was a mess. And this re-launch has the potential to be the same for Twitter.

Now over to Donald Trump. You know, the first guy to be let back onto Twitter by Musk. Except that he’s still suing Twitter:

Donald Trump is not backing down from his ongoing legal fight against Twitter despite his ban from the site being lifted by Twitter’s new owner Elon Musk.

Trump’s attorney, John Coale, said the former US president has no plans to withdraw his appeal against a May ruling that dismissed his lawsuit against Twitter, per Bloomberg.

Earlier this month, Trump asked an appeals court to revive his legal challenge against Twitter for suspending his account after the January 6, 2021 riot at the Capitol.

Trump separately sued Meta’s Facebook and Google’s YouTube over similar bans they imposed on him after the riot.

Lawyers for Trump argue that the Twitter ban was “contrary to First Amendment principles,” and amounted to “overtly partisan censorship,” according to court documents.

However, legal experts have said it will be challenging for them to prove that the ban amounted to censorship, per Bloomberg.

Despite Trump’s Twitter account being reinstated, Coale said the former president had no intention to drop the case without reaching an agreement on terms to end the dispute, per Bloomberg.

“There’s more to it than just letting him back in so we want to talk to see if we can figure something out,” Coale said. “You don’t just do things on your own, you should talk to the other side or wait.”

Trump seems to want back onto Twitter. But on his terms. And despite having his own social media platform which he claims that he wants to stick to. That’s curious. We’ll have to keep an eye on this one.

Next up, is Wired reporting that cuts to Twitter CSAM monitors have been drastic. How drastic you ask? Well…:

REMOVING CHILD EXPLOITATION is “priority #1”, Twitter’s new owner and CEO Elon Musk declared last week. But, at the same time, following widespread layoffs and resignations, just one staff member remains on a key team dedicated to removing child sexual abuse content from the site, according to two people with knowledge of the matter, who both requested to remain anonymous. 

It’s unclear how many people were on the team before Musk’s takeover. On LinkedIn, WIRED identified four Singapore-based employees who specialize in child safety who said publicly they left Twitter in November. 

With only one person on that time, I am not sure how Musk squares that circle. Because clearly with that staffing level, it’s not “priority #1” for musk.

Finally is CNN reporting that alongside the account restorations, Twitter has abandoned its ban on harmful COVID-19 misinformation:

Twitter did not appear to formally announce the rule change. Instead, some Twitter users Monday night spotted a note added to the page on Twitter’s website that outlines its Covid policy.

“Effective November 23, 2022, Twitter is no longer enforcing the COVID-19 misleading information policy,” the note read.

Free speech is one thing. But allowing misinformation about a communicable disease that kills people is another thing entirely. And when you tie this into the sort of people Twitter is letting back onto the platform, it seems to me that Twitter is becoming a cesspool under Musk’s leadership. And he is fine with that quite clearly.

No wonder advertisers are leaving the platform in droves as they clearly don’t want to be associated with this sort of toxic mess.

Elon Musk Claims That Apple Is Threatening Him With The Removal Of The Twitter App From The App Store

Posted in Commentary with tags on November 28, 2022 by itnerd

Related to this Twitter rant from Elon Musk earlier today comes this:

Musk then went on to say this:

I suspect Elon isn’t telling the complete truth here. My thought is that Apple did tell him why, assuming that this conversation did happen, but since that doesn’t fit with the narrative of being the victim, he’s resorted to this. But we don’t have both sides of this conversation so that’s impossible to prove or disprove.

It would not at all surprise me if Apple made demands to have moderation on the Twitter platform or face being Thanos Snapped off the App Store, just like Parler was after January 6th. This could be a terminal event for Twitter. Doubly so if Google follows suit. Which they did with Parler. So you can see why Elon has become extremely unhinged today. And he’s decided to pick a fight against a trillion dollar company in the process. The problem for Elon is that he will lose. Apple makes the decisions in terms of if and what is on its App Store, and there are rules that Twitter agreed to. Though Twitter has tested the limits of that from time to time. Regardless, Elon should really reconsider his position here because he doesn’t have the cards to play that will lead to a win.