•   
  •   
  •   

Technology The boom in collaboration software creates extra security risks

01:20  23 april  2021
01:20  23 april  2021 Source:   techrepublic.com

Low-code and no-code is shifting the balance between business and technology professionals

  Low-code and no-code is shifting the balance between business and technology professionals 'With no- and low-code, business domain experts can sit alongside professional developers and share the same visual representation of business logic. The very definition of a developer is changing.'This new phase we've entered -- low-code and no-code, 2020s style -- shifts the relationship between IT and business professionals. In this Q&A, Sheryl Koenigsberg, head of global product marketing at Mendix, provided her insights on where the low-code and no-code movement has taken and will be taking us.

a circuit board © Image: Mackenzie Burke
graphical user interface © Provided by TechRepublic
Are your Zoom meetings secure? More collaboration means more vulnerabilities
Watch Now

TechRepublic's Karen Roby spoke with Otavio Freire, president, CTO and co-founder of SafeGuard Cyber, about security issues in collaboration software. The following is an edited transcript of their conversation.

More about cybersecurity

  • 10 fastest-growing cybersecurity skills to learn in 2021
  • Meet the hackers who earn millions for saving the web
  • Top 5 programming languages for security admins to learn
  • End user data backup policy (TechRepublic Premium)

Karen Roby: We do all of our work now, or the good majority of it, through things like this, right? Zoom and Teams, and we're talking on Slack, and we're talking with people outside of our organization, and bringing them in through all of these channels and all of this is going on. And the criminals out there, they're waiting to take a bite out of everything, and that's what we're seeing so much of. Since this pandemic has started, what are the problems we're seeing more of right now?

Return of Stallman to FSF sparks outrage among open-source and free software leaders

  Return of Stallman to FSF sparks outrage among open-source and free software leaders Many open-source and free software people and organizations are upset that The Free Software Foundation has brought its founder, Richard M. Stallman, back to its board of directors.This move has enraged many open source and free software leaders and organizations. Indeed, the FSF itself still hasn't officially announced the news, although its site does list RMS now as a member of the FSF board of directors. The FSF Twitter feed's latest message is: "No LibrePlanet [the FSF annual meeting] organizers (staff or volunteer), speakers, award winners, exhibitors, or sponsors were made aware of Richard Stallman's announcement until it was public.

SEE: Security incident response policy (TechRepublic Premium)

Otavio Freire: We've seen a massive adoption of collaboration platforms, such as Teams, Slack, WebEx, Zoom. Some of these are growing 700% per quarter. Teams is the fastest growing product for Microsoft ever. But, look, they do bring a series of risks, not much different, ultimately, than we've seen in email. There are malicious Word documents that can be accidentally dropped into a Slack channel. We've seen misconduct, and inappropriate and threatening language taking place. And more classic cybersecurity issues such as insider threats, cyber fraud, and sharing of critical information.

Karen Roby: This always is really fascinating to me how this happens. You talk about social engineering and business email compromise, I mean, things like this are still happening every day and even more now.

Still Obsessed With Netflix's The One? Here Are 12 Similar Shows to Stream Next

  Still Obsessed With Netflix's The One? Here Are 12 Similar Shows to Stream Next If a show features any combination of dystopian worlds, science, and romance, consider me hooked.

Otavio Freire: From a risk perspective, I think the challenge is the scale. It is a massive amount of data. There's a video stream, there's an audio stream, there's text, there's files. And how you identify those risks through that data is hard. We had a customer with 5,000 employees and had 160,000 messages every day. And only with advanced machine learning can you detect that malware. You can detect that link that could be spearfishing your employees.

Karen Roby: What are you seeing, right now, a lot of? I mean is it malware, still phishing attempts? Even though we talk about don't click on this, don't click on that, people still do. Passwords are still weak. I mean, where are you seeing a lot of weak spots?

Otavio Freire: Exactly what you described, Karen. There's, certainly, the classic cybersecurity issues. Just like the email they still happen, they still take place in all of these channels. What we've seen, the difference and the scary difference, is that these attacks can be more targeted. They can be more spearfishing-focused because there's a lot more data about the victim that takes place. So, that is certainly a major area of concern.

Imperiled cities, mounting costs: Facing the big climate risk blindspot

  Imperiled cities, mounting costs: Facing the big climate risk blindspot Vulnerable cities that are impacted by climate change also face severe limits in their ability to raise funds to take on these risks and responsibilities. Today, the physical impacts of climate change are colliding with the particular vulnerabilities of public entities. The financial risks to these entities - as both capital market participants and as guardians of our common good - are significant. And when the assets of many cities in a region are simultaneously impacted, the risks might imperil the broader financial system itself -regionally, if not nationally.

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

But the challenge is visibility. The enterprise, the security team, the CIO, doesn't have a full understanding of what is taking place on that massive amount of data. They're very well aware of all the risks that could happen, everything from brand reputation to a compliance issue, to true cybersecurity. But how do you gain that visibility at the message level? You really need security that is, first, portable because the difference in these channels is that I could leave the network, I could go to Starbucks, I can get on a Wi-Fi. I can switch to my iPad that is not a protected device. It's a new on-ramp into Teams. So, the security layer has to really think about how these platforms are used, which is a different mindset for how typically security has been approached at the enterprise level.

Karen Roby: And they're not going away, right? I mean, these are platforms that we're using more and more in light of this last year, but they're not going anywhere. So, companies have to wrap their arms around this.

Linux Foundation and OpenTreatments Foundation team up to fight rare genetic diseases

  Linux Foundation and OpenTreatments Foundation team up to fight rare genetic diseases Rare diseases kill millions, but because they don't make the headlines that coronavirus does, they're often ignored. Now, the Linux Foundation and the OpenTreatments Foundation are joining forces to create open-source gene therapies for rare genetic diseases. Just because a disease is "rare" doesn't mean it doesn't affect millions. A recent European Journal of Human Genetics study found there are 400 million patients worldwide affected by over 7,000 rare diseases. Most of these diseases attack children, and 95%+ of rare diseases have no approved treatment.

Otavio Freire: I'll date myself here, but I remember a time when companies didn't allow email. They blocked email, believe it or not. Like, I put files in my inbox and outbox in this folder here. And "I don't know about this email thing, everything's going to be recorded." I actually recall that time.

The old is new again. We've seen first, it was closed gardens, Slack and Teams only. You can only talk within the Slack of your company. And, now, Slack through Slack Connect, can connect to other companies. The evolution that we saw in email is taking place again. And with that comes new and additional risks. But, just like email, you can't close it because there's just a lot more business agility. There's just a strong business case for greater communication, more agile communication. So, to your point Karen, it's not being shut down. In fact, it's only going to accelerate because the business need is tremendous. And the upside is tremendous.

Metrigy, a well-known research firm did a recent study. They found that if you look at the ROI of collaboration channels, 22% increase revenue, there's a 40% improvement in employee productivity. And, of these successful companies, 66% had security in place explicitly for those collaboration channels. So, there's this strong relationship here about thinking of these channels as a core of the enterprise, how the enterprise can grow, especially during our work-from-anywhere world that we're living in. It'll increase revenue, but you have to think of it in terms of ... just like you would secure your email, you have to secure these channels from all these risks we've been discussing today, Karen.

The Free Software Foundation's leadership crisis worsens

  The Free Software Foundation's leadership crisis worsens RMS has been kicked off the GCC Steering Committee while FSF management team members are resigningThe day-to-day FSF leaders, John Sullivan, Executive Director; John Hsieh, Deputy Director; and Ruben Rodriguez, Chief Technology Officer, announced:

Karen Roby: Final thoughts from you on where we are, where we're heading and how people need to be thinking in general about cybersecurity. What are your final thoughts there?

Otavio Freire: I think, as a user, we have to be aware that there is a tremendous amount of data that is generated by using these modern and novel communication channels. I mean, thinking of this as Zoom, there's a video stream, there's the audio stream, there's the files I share in a chat, there's the users who are part of it, there's the security stamps. And we've become very well aware of that in email. But training needs to happen about the security implications of using these channels. And then use technology to actually protect them as we protect other critical applications in the enterprise. They are critical infrastructure. When you make the jump to start thinking of these apps as critical infrastructure, just like we would our financial system, that's super well-protected, adoption will increase as we saw with information from that report. And even productivity and revenue could increase.

Karen Roby: Otavio, it's not about dating yourself. You're just showing us the level of experience you have, right?

Otavio Freire: Okay, well, thank you. I'll take that.

Karen Roby: I like to tell my kids, because they just can't wrap their head around it, that the internet really didn't exist when I started working in the real world. That's just is such a foreign concept. So, if anything, it just shows your experience level and when it comes to cybersecurity, hey, that's never a bad thing.

Otavio Freire: Oh, I appreciate that, Karen. You're very kind.

graphical user interface, application: TechRepublic's Karen Roby spoke with Otavio Freire, president, CTO and co-founder of SafeGuard Cyber, about security issues in collaboration software. Image: Mackenzie Burke © Provided by TechRepublic TechRepublic's Karen Roby spoke with Otavio Freire, president, CTO and co-founder of SafeGuard Cyber, about security issues in collaboration software. Image: Mackenzie Burke

The Linux Foundation's demands to the University of Minnesota for its bad Linux patches security project .
ZDNet has obtained a copy of the Linux Foundation's letter to the University of Minnesota laying out what happened with the bad Linux kernel patches 'research project' and demanding that 'all information necessary to identify all proposals of known-vulnerable code from any U of MN experiment'.Greg Kroah-Hartman, the Linux kernel maintainer for the stable branch and well-known for being the most generous and easy-going of the Linux kernel maintainers, exploded and banned UMN developers from working on the Linux kernel. That was because their patches had been "obviously submitted in bad faith with the intent to cause problems.

usr: 1
This is interesting!