In ongoing partnership with Microsoft Azure, CIS has released two CIS Benchmarks, one updated and one new, for Microsoft Azure.
Daily Archives: September 19, 2022
5 ways to grow the cybersecurity workforce
The demand for cybersecurity professionals has surged over the past decade. According to (ISC)2’s 2020 Cybersecurity Workforce Study, while the global cybersecurity workforce need stands at 3.1 million, with nearly 400,000 open cybersecurity positions in the U.S. In addition, more than half of survey respondents (56%) say that cybersecurity staff shortages are putting their organizations at risk.
“This remains an emerging industry with threats shifting almost on a daily basis, including new threat actors, new technologies and the evolution of 5G,” says Erin Weiss Kaya, a Booz Allen talent strategy expert for cyber organizations. “Yet we’re still dealing with an 0% unemployment rate, with far more demand than we have current supply.”
Large-Scale Collection of Cell Phone Data at US Borders
The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from “as many as” 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because “…courts have long granted an exception to border authorities, allowing them to search people’s devices without a warrant or suspicion of a crime.”
CBP’s inspection of people’s phones, laptops, tablets and other electronic devices as they enter the country has long been a controversial practice that the agency has defended as a low-impact way to pursue possible security threats and determine an individual’s “intentions upon entry” into the U.S. But the revelation that thousands of agents have access to a searchable database without public oversight is a new development in what privacy advocates and some lawmakers warn could be an infringement of Americans’ Fourth Amendment rights against unreasonable searches and seizures.
[…]
CBP conducted roughly 37,000 searches of travelers’ devices in the 12 months ending in October 2021, according to agency data, and more than 179 million people traveled that year through U.S. ports of entry.
What is Data-as-a-Service (DaaS)? Understanding the benefits, and common use cases
This blog was written by an independent guest blogger.
If you were looking at all the opportunities data unlocks for your businesses, you’ve probably stumbled upon DaaS. DaaS stands for data as a service, which may appear as something overly complicated and expensive to consider. It’s quite the opposite, and it has the power to help a company leverage IoT and cloud data without investing heavily in infrastructure and software.
To truly assess whether it is complicated to implement and what benefits it delivers, you need to know what DaaS is. That’s why we will go over the definition of data as a service, its benefits, and common use cases.
What is Data as a Service (DaaS) – The definition
“As a service” has become a common term in the software industry, especially in the B2B niche as “Software as a Service”. It refers to one company renting the software to another company. You get a complete software product, ready to be used out-of-the-box. Now let’s go back to data as a service definition with that in mind:
“Data as a service is a software sold by data provider companies and developed to deliver ready-to-use data to end-users.”
There is one big difference between software as a service and data as a service. Unlike SaaS, which provides access to software tools, DaaS leverages software to provide data. It can provide either raw data or enable companies to use an API.
Finally, DaaS may appear as only one service, but that’s not the case: it is a couple of services bundled into one solution. The most common services in a DaaS offer include:
Data collection (including various sources such as IoT)
Cloud data storage
Data lifecycle management
Data modeling and processing (including transformation, quality control, and replication)
Data marketplace (enabling businesses to get the most relevant data for their needs)
Benefits of data as a service
The next big question you might have is whether it is worth implementing DaaS. That’s not an easy question to answer because every business is unique, especially regarding its data needs. To help you reach an informed decision, we’ve put together a list of benefits that DaaS offers.
Reduced operational costs
Data is great because it can offer answers to so many questions. However, you need a lot of data to have accurate and relevant insights. Storing and processing big data costs money because it requires massive internal storage capacity and processing power.
Once you invest in DaaS, you will no longer need to continuously invest in your infrastructure and maintenance. The DaaS provider handles all these things internally and uses its own infrastructure, staff, and software to deliver ready-to-use data to you.
Increased security
You probably know how hard it is to handle security in your organization. There are many variables to consider, and each of them requires a unique approach and relevant cybersecurity solution. Unfortunately, data is a hot target these days, and cyber criminals seem to be on a constant lookout for backdoors they can exploit to get their hands on valuable data.
When you start using DaaS, you can stop worrying about data security at least. DaaS providers use state-of-the-art cybersecurity solutions to keep data safe. They also have pristine backup policies to ensure you get access to data even if something unforeseen happens.
Achieved compliance
Using data for business purposes is tricky if you want to comply with laws and regulations, especially if you use your customers’ data. You need to work with a team of lawyers to navigate the complex web of regulations, which costs both time and money.
Renowned DaaS providers take care of it for you. They have internal teams of lawyers ensuring that every data set that comes your way is not only ready for use but also legal to use. It helps you avoid all the nuances related to the legalities of using the data and expensive lawsuits.
Ability to use the data how you see fit
One of the common problems organizations face when using big data is moving from one platform to the other. It often happens when they want to use data with different analytics software, and it can take a lot of time to completely move the data. Plus, there are certain risks of doing it, such as getting data corrupted or ending up with an incomplete data set.
With DaaS, you can forget about moving data from one platform to another. You can use the API to stream the data to any tool you need. It saves time and facilitates the entire process, ensuring the data remains complete and healthy.
Common use cases
While the benefits of DaaS may be attractive, you probably need more information to assess whether it is worth implementing DaaS in your day-to-day operations. The best way to do it is to discover DaaS use cases. That’s how most businesses utilize DaaS.
Advanced business analytics
DaaS can provide you with enough data to run even the most complex and demanding business analytics. It can help overcome one of the most common challenges businesses interested in using data face – small data sets.
DaaS enables businesses to enrich their data sets. Some providers even offer telemetry data collected from IoT. With more relevant data at their disposal, they can get accurate analytics reports and get data-driven insights.
Improved market segmentation
When a business does market research and segmentation, it bases its decisions on the data collected during the research. The bigger the data set, the more accurate results are. That’s where DaaS significantly improves market segmentation, even in niche cases such as email marketing.
With enriched data set on your customers, you will be able to better understand them and discover their unique needs and wants.
Competitor analysis
Competitor analysis is also one of the most common use cases of data. However, organizations are limited to their own data sets, which are often outdated and small. For in-depth competitor analysis, they need access to big data.
DaaS is bound to forever change the analysis of competitors, especially for small and medium businesses. Through it, companies can access comprehensive data sets on their competitors and even assess competition in foreign markets.
With this data, they can also benchmark their business to discover whether their performance and profit are falling behind the industry average.
Final thoughts
Hopefully, the data as a service definition helped you understand what DaaS is and how it differs from SaaS. Given its many benefits to organizations and an extensive list of use cases, it’s safe to assume that the number of businesses using this service will only increase in the future.
International cooperation is key to fighting threat actors and cybercrime
In this era of cybersecurity, when nation-state digital attacks and cybercrime quickly cut across country borders and create global crises, international cooperation has become an urgent priority. The need for global collaboration to cope with various pressing threats, from electronic espionage to ransomware attacks on critical infrastructure, is imperative to prevent economic and social disasters, top cybersecurity professionals and government officials say.
At this year’s Billington Cybersecurity Summit, leaders from across the globe gathered to discuss the importance of international partnerships in managing the persistent threats governments must address. The near-total digitalization of every aspect of society that exposes virtually all public and private sector services to escalating cyber threats dictates a more robust, collective defense. Moreover, as cyber risks intensify and multiply, governments worldwide are stepping up their own independent efforts to protect against the rising tide of digital threats.
Collaboration is key to balance customer experience with security, privacy
The way Yaron Cohen sees it, companies today must do in the digital world what came naturally to neighborhood merchants who saw their customers every day. “In the old world, when people used to go to the corner store and meet the same shopkeeper every day, he’d know their tastes and what they’d buy and would personalize the experience for them,” says Cohen, a user experience researcher focused on digital strategy.
“But now we’re in a place where everything is mechanical. In the world of e-commerce there’s no human connection, and so to understand that customer, you have to collect data. This is where privacy problems start.”
Organizations of all sizes and stripes are collecting increasing amounts of data on individuals as they seek to create better customer experiences and deliver personalized services. A study of 1,000 executives from Skynova, which offers online invoicing for small businesses, found that 86% of the 1,000 business owners and executives it surveyed gathered data from its customers. It found 75% of businesses with fewer than ten employees did so, compared to 93% of those at organizations with 100-plus workers. The study also showed that 64% collected data on their customers from their social media sites.
ZDI-22-1288: Microsoft SharePoint Workflow Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability.
ZDI-22-1289: Apple macOS vImage ICC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1278: Adobe Animate SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1279: Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.