 |
| Concept artwork featuring network endpoints and data generated by Google Gemini (Imagen 3). |
July
An update from Crowdstrike caused a widespread outage.
"In 2024, we witnessed major tech outages at the regional and global stage, e.g. the Crowdstrike global outage. The outage trend is expected to continue and this will lead to companies putting in place IT strategies to withstand, adapt and recover from such outages."The CrowdStrike incident was a wake-up call to many. We were taught an important lesson: effective testing must move beyond system silos to encompass all the business processes that a system supports," said Damien Wong, Senior VP, APAC at Tricentis.
"Companies need to be cognisant that business processes increasingly span across multiple interconnected applications and systems, and the real risk lies in failing to account for the ripple effects of changes across these integrations. Hence, testing must be conducted in an end-to-end, model-based continuous testing approach.
"Additionally, any outdated practices should be replaced with modern methods, such as generative AI testing tools, automated test case generation and AI-augmented DevOps. We found that 60% of DevOps practitioners see testing as the area where AI offers the greatest benefit."
Beni Sia, GM and Senior VP of APJ at Veeam Software, also highlighted the July outage for 2024. "This outage by CrowdStrike highlights the dependencies businesses have on hyperscale public clouds, connectivity and more for critical leading services like healthcare, financial institutions, airlines and public transit.
"At a time when cloud-native solutions have become deeply embedded in business operations across industries, this incident underscores a key vulnerability: the potential impact of service disruptions on essential services that rely fundamentally on these cloud-based platforms," he said.
"Generally speaking, hyperscale public cloud services offer better availability than most organisations can offer in their own data centre practices. However, this incident also brought into focus the importance of having tested processes and mitigation strategies in place. When issues like this hit, the game plan needs to home in on minimising impact to the business and its smooth operations. The CrowdStrike incident was a wakeup call for the world to plan for disruption in a time when our reliance on critical digital services and infrastructure only continues to grow."
"Implementing a robust infrastructure with data immutability, consistent deployment processes, and resilience against unexpected failures is crucial."
Hardman suggested that partnering with a hybrid cloud infrastructure company can help to build a comprehensive data resiliency strategy. "Disruptions can erode public trust, and organisations must prioritise a swift return to normalcy. But this event shouldn't just be a recovery effort – it's a catalyst for positive change. Now is the time to ensure your systems are prepared for the unexpected," he said.
"This sophisticated scheme will exploit remote onboarding processes, manipulate employees, and even infiltrate payroll systems to divert funds and disrupt livelihoods. This incident will cause organisations to change how they approach identity verification and cybersecurity in the age of increasingly sophisticated synthetic identities."
August
SafeBreach Labs researcher Alon Leviev demonstrated how the Windows Update process could be compromised to craft custom downgrades on critical operating system (OS) components, elevate privileges, and bypass security features. While some of the vulnerabilities were addressed, Leviev further demonstrated in October that he was able to downgrade a bypass patch on a fully-updated Windows 11 system. A downgrade attack weakens the security on a supposedly protected system.
"In 2024 we’ve seen an upswing in downgrade attacks, in which an initial tactic causes a targeted system to switch to a less-secure mode of operation, making it more vulnerable to a follow-on attack. Downgrade attacks can compel users to abandon phishing-resistant authentication methods for less secure ones.
"For example, an attack might come in the form of an SMS message asking a user to disconnect the Yubikey from their laptop. Or a call from someone pretending to be on the user’s IT team, asking them to remove a security factor from their account," said Brett Winterford, Regional Chief Security Officer, Asia Pacific & Japan, Okta.
"We expect downgrade attacks to continue posing a significant security threat in 2025. Again, while implementing secure processes and procedures is critical, employees also play an important role. Teach them to be wary of social engineering attacks, and to never provide passwords or codes over channels like SMS."
A Yubikey is a hardware device used for multifactor authentication.
The Singapore government's Open Government Products team relaunched the ScamShield app with new features.
"As the SPF has reported in their Mid-Year Brief for 2024, the number of scam and cybercrime cases in Singapore has increased by 18% as compared to the same period in 2023. Scammers also now contact potential victims through messaging platforms, in addition to phone calls and SMS. In particular, the number of scam cases on Telegram increased by 137.5% in the first half of 2024 as compared to the same period in 2023.
"Most people think that scam victims are usually the elderly, but actually 74.2% of scam victims were below 50," said Clarisse Peralta, Senior Manager (Product Marketing), Open Government Products, GovTech.
"The app was originally launched in November 2020 but was limited to blocking and filtering scam calls and SMSes. Given the evolving nature of scams, we realised that we needed to expand the functionality of the app and turn into a more 'active' tool in protecting the public.
"Users can now check and report suspicious calls, websites, and messages that they receive from SMS, Telegram, and WhatsApp. After the authorities review the reports, the ScamShield app then blocks suspicious phone numbers and messages as quickly as possible to prevent others from falling victim to scammers. Thus, the app relaunch enables the public to do their part in helping keep our country safe."
SPF refers to the Singapore Police Force.
September
OpenAI announced a new large language model (LLM) trained with reinforcement learning to perform complex reasoning, OpenAI o1.
"OpenAI o1, dubbed Strawberry, thinks before it answers: It can produce a long internal chain of thought, correcting mistakes and breaking down tricky steps into simple ones, before responding to the user," said Linxi (Jim) Fan, Senior Research Scientist, AI Agents, NVIDIA."2025 will be the year a lot of computation begins to shift to inference at the edge. Applications will need hundreds of thousands of tokens for a single query, as small language models make one query after another in microseconds before churning out an answer.
Small models will be more energy-efficient and will become increasingly important for robotics, creating humanoids and robots that can assist humans in everyday jobs and promoting mobile intelligence applications."
 |
| Source: Salesforce. Abraham. |
Salesforce unveiled Agentforce, a suite of autonomous AI agents, and demonstrated how easy it is to build an agent. Agentforce 2.0 was announced in December.
"In 2024, we entered the third wave of AI with autonomous AI agents that can make decisions and take action without human intervention – just as AI was meant to be. AI agents are a game-changer for businesses, allowing them to boost productivity, deliver personalised customer experiences and drive topline growth. The next year will see ASEAN businesses transition from AI experimentation to full-scale implementation, as they work towards a future where humans and agents drive customer success together with AI, data and action," said Sujith Abraham, Senior VP and GM, Salesforce ASEAN.
Explore
Milestones were also highlighted monthly for July, August, and September.
Hashtag: #2024milestones
No comments:
Post a Comment