March 30, 2022

Data Literacy Isn’t Keeping Pace

 

Many businesses store data on 6 different platforms on average as data continues to double in size, but many of the employees at these companies are not confident in their ability to fully utilise these platforms as data literacy fails to keep up. Executive leaders believe over 50% of their employees are data literate, while only 11% of the employees agree to this and 45% relied on their own instincts rather than data when making decisions.

This data was provided by a recent Qlik data literacy report which surveyed over 1,200 executives and 6,000 employees from all over the world. While it seems employees wish to increase their data literacy, only 27% have actually had formal training with hands-on exercises. Many workers in finance, marketing, sales, and customer service admitted that they needed to improve their data literacy far more than the training that was provided to them and there was a feeling amongst many employees that employers did not feel responsible for delivering this training.

Executives have focused the training on people working in roles that specifically relate to data such as data analyst or scientists (58% received training), and less so for people working in finance (11%), marketing (10%), and sales (9%). This means entire departments and lines of business are behind others in terms of data literacy and this can lead to a reduction in enterprise value. The data suggests enterprises with higher data literacy can have higher enterprise values by up to $534 million. The focus on data literacy will only increase as well, as many company leaders that were surveyed believed new positions such as ‘Chief Metaverse Officer’ and ‘Workplace Environmental Architect’ will be introduced to their businesses within the next decade.

Employee Data Literacy & Analysis

The Qlik report recommends organisations push a data-literate culture using active intelligence systems and embrace continual learning in order to keep pace. They also recommend democratising tools and literacy amongst all employees, promoting trust in the data, and using data for perpetual improvement and positive change within the organisation.

Another report by Red Hat and Starburst found businesses used an average of 4-6 data platforms and up to 12 different data systems. These trends are only projected to continue rising in 2023. As data becomes more spread over different systems, complexity and security risks rise too. Respondents that were surveyed recommended automating IT and data operations, implementing search tools across multiple platforms, and utilising AI and BI platforms to sift data and make recommendations in order to get these data systems to work together.

The volume of data being stored is also significantly increasing as streaming, video, event data, IoT, and image data is being collected on a far greater scale than previously. The survey identified many priorities for accessing real-time data including customer and employee engagement, real-time changes in risk and market shifts, and engagement on mobile applications.

Cloud and Open Source

 

While developers may prefer open source solutions over closed, proprietary ones as they offer more ‘freedom’, they actually prefer the convenience of using open source software without requiring approval from a swathe of other business departments in their organisation. This has also started applying to cloud solutions, as open source providers are available in a timelier manner and in a non-preferential manner.

In order for multicloud to work, developers need tools that allow them to build with the best-in-class technologies that are also open – such as MongoDB or PostgreSQL. This is because these technologies can run across different cloud, data centre, and PC environments thus making it more convenient for a developer to use. A developer must be able to run these technologies in their vanilla format so that the application is portable across different cloud environments.

Open Source Initiative Logo

PostgreSQL, for example, is run on certain cloud providers but with additional patches and performance improvements. The vanilla version that anyone can download doesn’t have these features, but those enterprises with multicloud success have decided to use these battle-tested vanilla versions of open technologies to improve portability and convenience for developers.

Each cloud environment is different and using an open source technology that developers can carry between these solutions is extremely powerful. A developer that knows one of these technologies can be just as productive with AWS, Azure, or Google Cloud. It is still important for a developer to know the intricacies of each cloud vendor, but these open source technologies allow developers to transfer their skills between these cloud environments.

So while cloud perfects many of the motives that developers first chose to work with open source, cloud has certainly not rendered open source extinct as previous commentators first imagined.

Cybersecurity Lessons from 2021

 

SecureWorks, an incident response service provider, covered over 450 incidents last year and recently published its feedback. 85% of the incidents they responded to were financially motivated and a further 5% were seemingly government-sponsored attacks. The remaining attacks were accidental or deliberate actions of employees.

43% of the initial access gained was through threat actors exploiting vulnerabilities in internet-connected devices and credentials theft represented another 18% of initial system access. These credentials can be obtained through the dark web, brokers, credential stealing, brute-force attacks, or password spraying. In previous years, credentials theft was the number one approach to compromising a target, so the focus for security professionals needs to shift to patching vulnerabilities.

The rise in multi-factor authentication may mean that attackers are focusing on exploiting vulnerabilities that do not require authentication. Alternatively, it can be easy for an attacker to exploit proof-of-concept code that is published shortly after a vulnerability is publicly disclosed. This can lead to wide scale exploitation of any vulnerable devices in multiple targets simultaneously.

Despite ransomware attackers being increasingly imprisoned for their actions and the US government prioritising ransomware the same with it does terrorism, SecureWorks has not seen a reduction in ransomware attacks in 2021.

Many of the attacks that relied on credential theft and abuse occurred because the target organisation failed to implement multi-factor authentication mechanisms at all or properly. However, attackers have been able to bypass MFA by exploiting legacy authentication protocols (e.g. IMAP and SMTP) which are either still in use or haven’t been disabled. These protocols cannot enforce MFA and pose a significant security risk to businesses.

Security Vulnerability Exploit

Even when MFA is implemented correctly, users may still eventually decide to approve an MFA request if attackers continuously send them due to “notification fatigue”. To mitigate this issue, consider implementing MFA that request a code from the user rather than a one-click solution.

If an enterprise is using cloud solutions, carefully investigate all of the security components and controls offered by the cloud provider to ensure logging and controlled access is offered by the cloud service. It may be attractive for businesses to implement these cloud solutions, but there are security considerations that must be accounted for before moving resources online.

To prevent cyberattacks going forward, SecureWorks recommends that IT and security professional regularly perform vulnerability scans, control access carefully and make use of IP lists, monitor newly registered domains that spoof or impersonate your company, improve your backup strategies and procedures to mitigate ransomware attacks, implement MFA properly, and implement DKIM and SPF authentication for email clients to avoid fake emails being sent by attackers.

Of course, you should also ensure your systems and software and kept up to date, use the principle of least privilege for account access, and ensure you implement an endpoint detection and response solution.