Book review: Demystifying IT

Posted on by
Reply

This written by Ladi Adefala. I first met Ladi at a security conference where he was a speaker, and liked him immediately, not just because he played some Madonna before he took the stage. Ladi’s professional background includes stints at Accenture, Red Hat Consulting, AT&T, World Wide Technology and Fortinet. He now has his own consultancy where he specializes in cybersecurity and executive leadership services, helping organizations, CEOs and board directors with their IT and security strategy. I thought given his background he would be a great reviewer for this new book. Take it away Ladi.

If you are a small business and you are struggling to be effective in using digital technology, then you should read a new book, Demystifying IT, by Bhopi Dhall and Saurajit Kanungo. The two are experienced IT managers who will help you resolve some of your issues and help leverage your IT to produce greater business benefits.

Many of these struggles aren’t new problems, especially for this market. IT is often seen as a cost center and not to drive bigger profits. The authors demonstrate this mindset is a leadership failure, something that I have experienced first-hand when consulting with many of my small business clients. These failures take one of two potential paths:

  1. Lack of any eureka moments: Leaders that haven’t yet had an insightful encounter about IT’s strategic value tend to remain stuck with the IT-as-overhead mindset. True insight changes an organization’s core belief and pushes everyone into some unified action, working towards a common goal.
  2. Fears brought on by past failures: The second reason is the long shadow cast by past failures with IT projects. Leaders avoid engaging in major IT projects that would drive measurable business impact simply because they’ve had a previous bad experience. Just because our last ERP system implementation failed or was painful doesn’t mean we shouldn’t upgrade our ERP system or change it.

I once tried to get one client to implement using electronic funds transfers rather than mailing printed checks, something that would have saved them $200,000 annually. Two years later, the CEO had his eureka moment.

I have also worked with organizations who have kept their core IT application system for twenty years without a major upgrade, partly because of some ancient, failed implementation experience. Here’s the surprising part for me, they didn’t know it had been that long since an upgrade until they overcame this failure moment and made the move to a modern cloud-based system.

The most effective IT strategies is to appeal to both the head and the heart. This book provides numerous examples and stories of how organizations have leveraged IT in practical and meaningful ways. The trick is to align their leadership teams to both the business and IT functions and for everyone to work together. And for the CEO to be fully behind this as well, something that the McKinsey co-authors of CEO Excellence focused on in their book. A CEO’s mindset has to reflect this commitment for IT to succeed in driving a business’ success.

If CEOs and board directors of organizations have a desire to increase their effectiveness and business performance in the digital economy, I would encourage you to invest some time in reading this book. By doing so, you’d have sown a seed that’ll yield a significant harvest now and in the future.

Red Cross blog: Helping veteran Burl Brooks

Posted on by
Reply

Burl Brooks walked into the Southern Missouri American Red Cross chapter in Springfield, Mo. Looking for a better winter coat and left with a new bicycle. Well, almost. While it wasn’t an immediate transaction, Brooks took advantage of a unique program that the chapter administers with its partnership with the United Way of the Ozarks through its Veterans Fund. I interviewed him for the chapter’s blog here.

 

 

 

SiliconANGLE: It won’t be long before we are all chatbot prompt engineers

Posted on by
Reply

Back in January, Andrej Karpathy, who now works for OpenAI LP and used to be the director of artificial intelligence for Tesla Inc., tweeted: “The hottest new programming language is English.” Karpathy was only semiserious, yet he has identified a new career path: AI chatbot prompt engineer. It could catch on.

The term describes the people who create and refine the text prompts that users type into the chatbot query windows — hence the use of English, or any other standard human language. These types of engineers don’t need to learn any code, but they do need to learn how the AI chatbots work, what they’re good at doing and what they’re not good at doing.

I interviewed several experts about whether the discipline will become its own career path in my post for SiliconANGLE here.

SiliconANGLE: ChatGPT detectors still have trouble separating human and AI-generated texts

Posted on by
Reply

The growth of ChatGPT and other chatbots over the past year has also stimulated the growth of software that can be used to detect whether a text is most likely to originate from these automated tools. That market continues to evolve, but lately there is some mixed news that not all detector programs are accurate, and at least one has actually been discontinued.

I examine two different academic reviews of several of these detector tools, and how they have failed under varying circumstances, for my post for SiliconANGLE here.

Book review: Elonka Dunin and Klaus Schmeh’s new Codebreaking edition

Posted on by
2

What do the authors Beatrix Potter, Rudyard Kipling, Edgar Allan Poe and the British composer Edward Elgar have in common with the Zodiac killer, Mary Queen of Scots, and an enigmatic map left in the 1880s by Virginian buffalo hunter named Thomas Beale? They all were fascinated by communicating by codes. And if you are too and want to learn how to break them yourself, you should pick up the latest expanded edition of Codebreaking by Elonka Dunin and Klaus Schmeh that is expected in September. Their book takes you through the codes used by these historical luminaries, some of them (such as one of the Zodiac messages or the mysterious Voynich manuscript) have never been broken. And there are plenty that have been solved, such as a single telegram that was decrypted and brought the US to enter WWI.

The book’s focus is on using your wits and pencil and paper to solve the puzzles for the most part, although the authors aren’t computer-adverse: they use the old fashioned methods to help develop the reader’s skills and to pay attention to the frequency distribution of the coded letters and symbols used in the messages, among other tricks of the trade that they describe in detail.

Dunin may be a familiar name to you: Years ago, I had an opportunity to meet her in person when she spoke at a conference in St. Louis. She is a very impressive person, and carries a deep history and understanding of the genre. She is tightly associated with an encoded sculpture that sits on the grounds of the CIA campus, which still contains an unsolved portion after decades of tries by the best and brightest cryptographers. Her co-author has written numerous books as well and maintains the Encrypted Books List that is a useful companion to learn more about the topic, along with providing numerous illustrations that begin each of the book’s chapters.

This book is nearly 500 pages, and chock full of illustrations of the original coded messages as well as other helpful materials that show how codebreakers figure things out. Because of this, I would recommend buying the printed copy rather than an ebook. Each chapter is devoted to particular techniques, such as “hill climbing” where you proceed to decode a word at a time and continually measure your progress. This technique has proven very successful at breaking historical codes and uses computer algorithms.

The authors were motivated to update their first edition because so many major codes have been cracked over the past few years — including the aforementioned one by Mary Queen of Scots. The stories of these escapades  is what makes this book entertaining as well as informative, and you realize that codebreaking is a team sport. The encoded message above, by the way, is one of the many Zodiac copycats who wrote messages to the police pretending to be the actual killer. See if you can work out what it says.

SiliconANGLE: That Chinese attack on Microsoft’s Azure cloud? It’s worse than it first looked

Posted on by
Reply

The revelations last week that Chinese hackers had breached a number of U.S. government email accounts indicate the problem is a lot worse than was initially thought, according to new research today by Wiz Inc. Indeed, this hack could turn out to be as damaging and as far-reaching as the SolarWinds supply chain compromises of last year.

In my post for SiliconANGLE, I summarize what Wiz learned about the attack, what you have to do to scan and fix any potential problems, and why people who choose “login with Microsoft” are playing with fire.

A new foe of card skimmer crooks: Target Corp.

Posted on by
Reply

The war on credit card skimmers continues, this time from an unexpected source: Target Corp. Yes, the retailer. Cyber criminals attach skimmers to the outside of ATMs, gas pumps and other credit/debit card readers. When you insert your card into the machine, these skimmers capture your account number and PIN, which will be used later to clean out your account.

Brian Krebs has written about card skimmers for years, and I quoted him in this piece that I referenced when I last wrote about the topic in 2015.  Last year, he documented some of the ultra-thin skimmers that ATM vendors found inside their machines. It is pretty amazing how the crooks continue to innovate in smaller and smaller devices to steal our data.

Skimming is sadly on the rise: 161,000 cards were stolen annually, up more than four times the rate from 2021. Now they have a new nemesis — Target Corp. They recently blogged about their approach, which uses a piece of plastic called EasySweep to ferret out the skimmers. There isn’t any electronics on this card — it is just thick enough to see if something else is already inserted in the slot, and is sheer genius. Their cybersecurity group took the rather unusual step of 3-D printing the plastic that measures the thickness of the card reading slot. Target staffers can quickly swipe the thing in each of their 20 or so terminals in a typical store in a few minutes. And it is simple: if the card fits, the reader is clean. If it jams, it could indicate the presence of a skimmer. Each store now checks their readers daily. They have sent 60,000 of the cards to their stores, and they offer the design to other retailers free of charge.

Granted, the war on skimmers is a cat and mouse game: originally, many IT folks thought they could find them by scanning for unknown Bluetooth devices, because many of them sent out their collected data via that frequency. Then the crooks developed skimmers that had to be removed and the data downloaded. While there is a limit to how thin they can be made, so far the EasySweep cards are still a valid testing tool.

Still, consumers should be on the lookout, as the cops say. Check your machine for obvious signs of tampering, such as a loose part or something odd either with the card slot or the keyboard (which might have an overlay to capture your keystrokes). If you are at a bank of machines, compare the one you intend to use with its neighbor to see if there are any physical differences. And cover your hand as you enter your PIN number. If you can, use an embedded EMV chip card, which are harder to skim. And also consider more advanced cards, such as from Apple/Goldman Sachs, that can create virtual CVV numbers on the fly to make it more difficult to skim.

SiliconANGLE: The state of collaboration: It’s the people, not the tech, who make it all work

Posted on by
Reply

Business collaboration is finally fulfilling its promise — but less because of new technology than people finding better ways to use it.

The technology has gotten a boost, thanks to post-COVID distributed work teams that have embraced video conferencing and instant messaging. But figuring out the collaboration workflows isn’t just choosing between Microsoft Teams and Zoom. but becoming more adept about when and how to work with others. In other words, having the right people with the right mindsets and operating under the right corporate culture are more important than having the right technical infrastructure.

My take on the evolution of collaboration tools for SiliconANGLE can be found here.

Next week, tune in for this webinar that I am doing for Vonage that will cover this ground in more detail.

SiliconANGLE: Attackers target the Domain Name System, the internet’s phone book. Here’s how to fight back

Posted on by
Reply

The foundational Domain Name System, essentially the phone book for the internet, used to be something nobody using the net much noticed, but lately it has become more of a target, and the cost of attacks against it are huge and growing.

Recent events have once again brought issues involving the DNS, as it’s called for short, to the forefront.

One reason has to do with the expansion of the internet. There are more targets, more bandwidth and more automated tools to launch attacks, making it easier for the bad guys to cast a wider net with more destructive power.

I explore the role of DNS, the collection of various attacks, and the role this protocol plays in my latest story for SiliconANGLE here.

 

SiliconANGLE: Understanding these nine ransomware stages can help harden cyber defenses

Posted on by
Reply

Ransomware payouts are on track to make 2023 another banner year for criminals, netting more than $440 million since January, according to a recent analysis by Chainalysis. But there are ways for organizations to blunt the impact. Ransomware continues to be a growth business opportunity for criminals, whether or not victims pay up, because stolen data carries a certain value on the dark web, the shady corner of the internet reachable with special software.

For my latest post for SiliconANGLE, I put together a nine-stage model for how ransomware operates, to bring some clarity and be useful in figuring out how to detect an attack before it develops into a full-on multidimensional threat.