Guest Post: The Application Generation is fed up as digital disruption rises across the world 

Posted in Commentary with tags on March 7, 2024 by itnerd

By Joe Byrne, CTO Advisor, Cisco Observability 

In the ever-evolving landscape of digital interactions, a new type of application user has emerged over the last two years – the ‘Application Generation.’ These users, have a heightened sophistication and demands for their use of applications and digital services, and are reshaping the expectations for organizations across industries. While these users actively pursue innovative, intuitive, and secure digital experiences, many brands find themselves at a crossroads, facing the challenge of meeting these elevated standards.  

The growing gap between Application Generation’s expectations and the current digital landscape is becoming increasingly frustrating, causing serious trouble for organizations who fail to keep up.  

The latest research from Cisco, The App Attention Index 2023: Beware the Application Generation, sheds light on this transformative group of global consumers ages 18 to 34 who are changing the criteria of what digital experience needs to be. 

Consumers’ expectations for digital experiences skyrocket 

According to the global research of more than 15,000 consumers, appetite for applications and digital services has remained strong in the two years post pandemic. However, today’s consumers feel they have more control of the applications they use and are more empowered to seek alternatives after poor experiences. 

During the pandemic, applications and digital services were a lifeline for many. With enforced lockdowns, relying on digital platforms became the only viable option for shopping, accessing essential services, and staying connected with friends. Today, things are back to normal. People can once again meet up face to face, shop in stores and visit offices and bank branches. This return to regular or pre-pandemic activities has provided individuals with choices, significantly influencing their interaction with digital services. 

A notable 59 per cent of Canadian consumers state their expectations for digital experiences are far higher now than they were two years ago. Additionally, 53 per cent feel some of the applications they relied on during the pandemic no longer meet their current expectations for digital experience. What was good enough during the pandemic is now inadequate. This evolving landscape underscores the necessity for digital platforms to adapt and exceed heightened user expectations.  

Consumers are encountering more bad digital experiences 

Alarmingly, while expectations for seamless digital experiences have reached new highs, as many as 94 per cent of the Application Generation globally report they have experienced performance issues when using digital services over the past 12 months. This figure is up from 83 per cent of consumers in 2021, when the App Attention Index was last published. 

63 per cent of Canadian consumers report they are now less forgiving of poor digital experiences. This means people are deleting applications at an unprecedented rate, with a staggering 70 per cent of Canadian consumers reporting they have stopped using digital services or deleted applications from their devices because of performance issues over the last 12 months.  

As well as banishing poorly performing applications, global consumers are also becoming far more vocal when they encounter issues – 67 per cent claim they are now more likely to warn people of applications that don’t perform than they were 12 months ago. 

Application observability is key for brands to avoid consumer outrage 

In order to retain and attract customers through their digital services, application owners need to consistently deliver seamless and secure digital experiences. But this is easier said than done. Rapid digital transformation has left IT teams struggling to manage a highly dynamic and dispersed application landscape. Many don’t have full visibility into cloud native technologies, and this is making it almost impossible to detect and fix issues before they impact end users. 

Application observability provides a solution to this critical and growing challenge. It provides IT teams with full and unified visibility across their hybrid environments so they can rapidly detect issues and understand root causes. Additionally, by correlating application availability, performance and security data with key business metrics, teams can prioritize those issues with the potential to do the most damage to digital experience. 

Application owners urgently need to recognize they can’t afford to maintain current levels of disruption and downtime to their applications and digital services. The Application Generation won’t tolerate anything less than the very best, most seamless and secure digital experiences.

Leave a comment »

HP launching PCs that protect firmware with quantum-resistant cryptography

Posted in Commentary with tags on March 7, 2024 by itnerd

HP is launching the world’s first business PCs to protect firmware against quantum computer hacks. The HP Endpoint Security Controller (ESC) chip will be built into select HP devices to futureproof PCs with quantum-resistant cryptography.

There has long been talk of quantum computers capable of breaking encryption and the risk this poses to security, particularly software. But the risk to firmware is often overlooked – threat actors could use quantum attacks to access and modify firmware to gain control of devices. 

This is what HP is innovating to solve, and there announcement is significant because:

  • The great firmware migration must begin now: While software cryptography can be updated, firmware can’t be. Given typical PC refresh cycles are now every 3 to 5 years, even longer due to efforts to improve sustainability – businesses need an eye on the future and to start migrating their fleets. 
  • Regulation is tightening: The USUKFrench and Dutch governments have outlined recommendations and timelines for migrating to quantum-resistance. For example, the US Commercial National Security Algorithm Suite says firmware migration to quantum-resistant cryptography is recommended from 2025, and required by 2033.

Please see the blog post for more details.

Leave a comment »

FBI Releases Their 2023 Internet Crime Report

Posted in Commentary with tags on March 7, 2024 by itnerd

The FBI has released it’s Internet Crime Report for 2023, which shows that the US lost a record $12.4 billion to online crime in 2023. For 2023, the types of crimes that increased were tech support scams and extortion.

Darren Williams, CEO and Founder, BlackFog had this comment:

    “Extortion pays so it comes as little surprise that it continues to be one of the most used tactics for attackers.  Many organizations make it easy for attackers to access and steal sensitive data by focusing on perimeter defense instead of watching the back door. Once a hacker infiltrates a device or network and data is exfiltrated, the extortion that follows can be endless for the victims. Anti data exfiltration technology ensures that even when attackers gain access, they are unable to leave with any data, ultimately putting an end to extortion.”

I for one am not surprised by anything that this report says. Thus it highlight the fact that organizations and individuals need to do everything possible to protect themselves from being the next victim of these scumbags who carry out these crimes.

Leave a comment »

Darktrace Releases 1H FY 2024 Results Along With New Threat Landscape Data

Posted in Commentary with tags on March 7, 2024 by itnerd

 Darktrace released its half year financial results today, and you can find the full announcementhere.

Alongside its financials, Darktrace released new data from across its customer base that shows how phishing attacks are continuing to evolve:

  • ‘Novel social engineering’ attacks – phishing attacks that use more sophisticated language and punctuation than a typical phishing email – grew by 35% between September and December 2023.
  • This follows data previously released by Darktrace showing a 135% increase, on average, in these attacks in January and February last year, coinciding with the general adoption of ChatGPT.
  • The ongoing rise in these sophisticated techniques suggests attackers are continuing to increase their use of generative AI tools to make their attacks more potent.
  • It’s not just the sophistication of phishing attacks that is increasing, but also the scale, with Darktrace customers receiving 2,867,000 phishing emails in December alone, a 14% increase on September.

As they grow, AI threats have become a critical priority on the agendas of security teams, and they are questioning whether their organizations are prepared. In new data Darktrace is also releasing today, the company recently surveyed over 1700 security experts around the world to understand how they perceive this challenge:

  • 89% of IT security experts believe AI-augmented cyber threats will have a significant impact on their organization within the next two years. 
  • Yet, 60% believe they are currently unprepared to defend against these attacks.
  • Their two greatest concerns, both rated as 3.84 by respondents, on a 1-5 scale of risk are:
    • Increased volume and sophistication of malware attacks – like those delivered by phishing emails – that target known vulnerabilities in software.
  • Employee use of generative AI tools, leading to sensitive data being leaked.

The growing adoption of AI adds to the impact automation and as-a-service attacks are already having on the threats organizations face. The Darktrace threat report, released in January, showed that as-a-service attacks, which provide cybercriminals with everything from pre-made malware to templates for phishing emails, payment processing systems and even helplines, make up the majority of attacks.

You can find a blog post from Darktrace’s Chief Product Officer, Max Heinemeyer, delving more deeply into the findings here.

Commenting on the cybersecurity landscape, Darktrace CEO Poppy Gustafsson, said: “We continue to see the cyber-crime landscape evolve rapidly in a challenging geopolitical environment and as the availability of generative AI tools lowers the barrier to entry for hostile actors. Against this backdrop and in the period ahead, we are preparing to roll out enhanced market and product positioning to better demonstrate how our unique AI can help organizations to address novel threats across their entire technology footprint.”

Leave a comment »

NSA Issues Guidance On Adopting A Zero Trust Stance

Posted in Commentary with tags on March 7, 2024 by itnerd

The National Security Agency has issued new guidance for adopting zero-trust network principles: Advancing Zero Trust Maturity Throughout the Network and Environment Pillar. 

The NSA first issued guidance for a zero-trust (ZT) framework in February 2021, inspired by the 2020 Verizon breach and then again in April 2023 with – Advancing Zero Trust Maturity Throughout the User Pillar

This week’s release focusses on the third pillar of the seven ZT pillars, the network and environment component of Zero Trust, comprised of hardware and software assets, non-person entities, and protocols for inter-communication.

The Zero Trust maturity model network is secured in-depth through key functions of the four networking and environment pillar capabilities:

  • Data flow mapping
  • Macro segmentation
  • Micro segmentation
  • Software Defined Networking

The NSA CSI, Embracing a Zero Trust Security Model, defines the concept of ZT as a security strategy with core principles: acknowledgement of the ubiquity of cyber threats, and elimination of implicit trust favoring instead continuous verification of all aspects of the operational environment.

A zero-trust security model requires stringent access controls for accessing network resources, whether inside or outside the physical perimeter, to limit the breach consequences.

In contrast to the conventional IT security model, where all network entities are presumed trustworthy, zero-trust architecture assumes the presence of existing threats and restricts network access accordingly.

Mark Cooper, President & Founder, PKI Solutions had this comment:

   “Public Key Infrastructure (PKI) supports the zero-trust model by managing and securing digital certificates and keys. PKI is core to critical infrastructure protection environments. It ensures authenticated and encrypted communication within a network, aligning with zero-trust principles by verifying every user and device before granting access. PKI is core to critical infrastructure protection environments. What is often missing and overlooked is the required level of posture management that focuses on proactive monitoring for misconfigurations and remediating them before they become vulnerabilities that get exposed. “

   “This approach highlighting the required level of security posture management complements the NSA’s guidance by enhancing trust verification and limiting adversaries’ network access.”

I’m a big fan of zero trust as it reduces the chance that you could get pwned by a threat actor. Which is why I am glad that the NSA is offering guidance that organizations of all sizes should be following.

Leave a comment »

LinkedIn Takes A Dirt Nap [UPDATE: Fixed]

Posted in Commentary with tags on March 6, 2024 by itnerd

For the second straight day, we have an online service that has fallen and can’t get up. This time it’s LinkedIn. This is what my LinkedIn app looks like at the moment:

And Down Detector confirms that they have issues:

You will also note that Twitter and Facebook apparently have issues. I can’t find any evidence that Twitter has issues. Though given Twitter’s track record under Elon Musk, it would not be a shock if they did. I also don’t see evidence that Facebook is currently down. But they were down 24 hours ago so who knows. In any case, I’ll be watching this and providing updates when there are any.

UPDATE: This is now fixed.

Leave a comment »

PoC & IoCs for Progress Sw. OpenEdge Authentication Bypass Vulnerability

Posted in Commentary with tags on March 6, 2024 by itnerd

Zach Hanley, Horizon3ai Chief Attack Engineer, has just published CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive, a deep dive with a proof of concept link and indicators of compromise on the vuln in Progress Software’s OpenEdge application development suite.

The post follows the February 27, 2024, security advisory Progress issued for OpenEdge, their application development and deployment platform suite, warning of an auth bypass vuln impacting some platform components, stemming from a failure to properly handle username and password. Certain unexpected content passed into the credentials enables unauthorized access without authentication.  

The Progress advisory linked below notes: “When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins. Similarly, when an AdminServer connection is made by OpenEdge Explorer (OEE) and OpenEdge Management (OEM), it also utilizes the OS local authentication provider on supported platforms to grant user-id and password logins that may also lead to unauthorized login access.”

Links:

Leave a comment »

Mission Cloud Achieves the AWS Generative AI Competency

Posted in Commentary with tags on March 6, 2024 by itnerd

Mission Cloud, a US-based Amazon Web Services (AWS) Premier Tier Services Partner, announced today that it has achieved the AWS Generative AI Competency in the category of Consulting Services. This specialization recognizes Mission Cloud as an AWS Partner that helps customers and the AWS Partner Network (APN) drive the advancement of services, tools, and infrastructure pivotal for implementing generative AI technologies.

Achieving the AWS Generative AI Competency in the category of Consulting Services differentiates Mission Cloud as an AWS Partner that has demonstrated technical proficiency and proven customer success empowering businesses to build a successful future in the cloud with AI technologies and by delivering a full suite of solutions that leverage AWS. Mission Cloud possesses the experience and expertise demonstrated through successful projects addressing customer challenges using generative AI solutions. These solutions enable digital transformation strategies for augmenting customer experience, delivering hyper-personalized and engaging content, streamlining workflows, and delivering actionable results powered by generative AI technology from AWS.

The AWS Competency Program aims to assist customers in connecting with AWS Partners who possess extensive knowledge and technical expertise in using AWS technologies and best practices to adopt generative AI. These AWS Partners facilitate the seamless integration and deployment of AWS-based solutions to meet the unique needs of all customers, from startups to global enterprises.

Mission Cloud provides AI services and software for businesses on AWS by using generative AI to scale existing models and build new, secure applications. Mission Cloud’s team of experts considers the unique needs of companies, offering customized solutions and strategic guidance for professional services projects.

Mission Cloud is a leading born-in-the-cloud managed services, consulting provider, and Amazon Web Services (AWS) Premier Tier Services Partner at the forefront of generative AI technology. We help innovative companies use gen AI to scale existing models or build new, groundbreaking applications. Mission Cloud empowers businesses to build a successful future in the cloud with the broadest capabilities, software, and services. Our team of AWS experts empowers businesses to migrate, manage, modernize, and optimize their cloud environments, ensuring a successful future in the cloud. 

Leave a comment »

Metomic For Slack Up-Levels Data Security and Compliance 

Posted in Commentary with tags on March 6, 2024 by itnerd

 Metomic, a next generation data security solution for protecting sensitive data in the new era of collaborative SaaS, GenAI and cloud applications, today announced Metomic for Slack Enterprise. By partnering with Slack, Metomic gives security teams full visibility and control of sensitive data sent across an organization’s entire Slack workspace. Metomic for Slack enables heightened levels of security within public, private and Slack Connect channels by identifying vulnerable information that has been shared on the app and pinpointing critical security and compliance risks, such as PCI DSS, HIPAA, GDPR, and more.

As a verified Slack DLP Partner, Metomic for Slack Enterprise enables compliance and security teams to automate data security tasks on Slack, such as data redaction, data retention, data quarantining, and employee notifications. Metomic’s workflow-based setup makes it easy to begin monitoring Slack conversations in real-time, significantly minimizing the risk of data leaks and compliance breaches on the platform. Using pre-built classifiers and policies, companies can implement Metomic for Slack to identify common data security risks.

Slack is one of the world’s most popular collaborative work apps, with industry reports claiming the platform has as many as 35 million daily active users. According to Slack’s own data, more than 80% of Fortune 100 companies rely on the app to drive productivity across their organizations. Its ease of use and wide adoption rates—along with its distinct ability to integrate with thousands of other work apps—make Slack everyone’s favorite collaborative app, but its lack of end-to-end encryption opens the platform up to serious data security risks. 

Metomic for Slack gives companies of all sizes using Slack Enterprise the full benefits of Slack without the data security risks that come with it—it’s the essential data security tool for organizations that rely on Slack to drive productivity across the organization. To learn more or request a personalized demo, visit the Metomic for Slack integration page. 

Leave a comment »

SAP Unveils Data Innovations for AI-Driven Business Transformation

Posted in Commentary with tags on March 6, 2024 by itnerd

SAP today announced transformative data innovations that will help customers harness the full power of their data to drive deeper insights, faster growth and more efficiency in the era of AI. New capabilities in the SAP Datasphere solution, including new generative-AI features, transform enterprise planning through simplified data landscapes and more-intuitive data interaction.

At the heart of these announcements is the business data fabric, an architecture that helps ensure data is not just an asset but also the core underpinning of strategic initiatives. The innovations and partnership announced today equip organizations to deliver meaningful data to data consumers – with business context and logic intact.

Today’s SAP Datasphere innovations help customers achieve a unified data view that simplifies their data landscapes while retaining context and logic – enabling them to adapt faster to market changes and make more-efficient decisions. From new copilot and vector database capabilities that help ensure business context remains constant in generative AI outputs to a new knowledge graph that helps uncover insights and patterns in complex data, SAP’s data innovations help ensure customers have the full power of their data at their fingertips.

Today’s key innovations include:

Generative-AI Copilot and AI Governance

SAP’s generative-AI assistant, the Joule copilot, is now coming to the SAP Analytics Cloud solution to automate the creation and development of reports, dashboards, plans and more. This automation is enabled by the SAP HANA Cloud vector engine capabilities, which combine the power of large language models with the relevant data of your organization – helping ensure business context is a constant for generative-AI outputs. 

Incorporating generative AI across the business isn’t possible without trusted and governed data. To provide organizations with a solution to govern the policies, processes and practices of AI, SAP is announcing an expansion of our partnership with Collibra to integrate Collibra’s AI Governance with SAP data assets. This can help provide transparency and accountability for organizations and help ensure regulatory, compliance and privacy policies are met.

Discover Hidden Insights and Patterns with Knowledge Graph

With the new SAP Datasphere knowledge graph, organizations can discover hidden insights and patterns across their applications and systems. This enables both technical and business users to deeply understand the relationships between data, metadata and business processes, as well as boost the effectiveness of machine learning and large language models.

Unified and Advanced Planning and Analytics

The new SAP Datasphere integration with SAP Analytics Cloud offers a single data management system and advanced analytics to power cross-organizational planning. Planners can leverage a single flexible model to break down silos between planning using one tool for data preparation, modeling and planning.

Additionally, business users can use the new compass capability in SAP Analytics Cloud to realize better outcomes in planning and analytics through data-driven simulation. It enables organizations to run complex simulations using a chat interface to evaluate predictive outcomes and continually adjust controllable variables to find the optimal plan.

This supports customers to transform their planning by unifying financial, operational, supply chain and workforce planning with native connection to SAP applications and third-party data.

To learn more, please read: Unleashing the Latest SAP Data and Analytics Innovations.

Leave a comment »

« Older Entries
Newer Entries »