A cybersecurity breach can significantly impact a company’s stock value. A 2019 study by Bitglass found that publicly traded companies lost 7.5 percent of their stock value after suffering a security incident. On average, it took 46 days for the stock value to recover. Clearly, a security breach...

The term “screen scraping” refers to a method of collecting data from a display screen. This can be done automatically through software designed to recognize the various elements of the user interface. Screen scraping can also be performed by taking an image of the text and using optical...

There’s no question that mobile devices improve productivity. According to the Evolving Workforce Project, 83 percent of workers feel that advances in mobile technology have made them more productive. A Cisco study found that Bring Your Own Device (BYOD) policies enabled 37 minutes more...

Many employees primarily use mobile devices for work. Cybercriminals are well aware of this fact, and mobile devices are increasingly targeted with malware, phishing and other threats.

Researchers at Zimperium say that sophisticated attacks against mobile devices are on the rise. According...

A 250-employee organization spends an average of $1,234 per employee annually on mobile enablement, according to a 2022 Oxford Economics study. That includes the cost of the device, software, connectivity and management. Even BYOD programs cost $893 per employee.

There is a fair amount of...

Like it or not, all clouds have hardware and operating systems, and your application may perform better on one particular cloud or instance type than it would on others. The cloud runs on electrical devices that were optimized in different ways to achieve different objectives. We generally can’t...

Manual processes are a leading contributor to increased cloud costs — in ways you might not consider. When organizations try to manage their cloud environments manually, they wind up overspending on security tools, backup and other resources. There’s also the operational overhead of managing...

In our last post, we explained why poor design is the likely cause of high cloud costs. Many organizations pay three times more than necessary for cloud services because they don’t know how to optimize their applications and security tools. They...

Managing cloud spend remains a top challenge for organizations of all sizes, according to the Flexera 2023 State of the Cloud Report. Cost concerns were cited by 82 percent of survey respondents, surpassing security for the first time in a decade to become the No. 1...

Most organizations have traditionally distinguished between “technical” and “nontechnical” projects. Today, however, it’s difficult to think of any business project that does not have a technology component.

In a recent Techaisle study, most midmarket executives agreed that all business...

Nontechnical project managers can doom an IT project. As we discussed in a previous post, nontechnical PMs often struggle to set appropriate project timelines, determine what...

In our last post, we explained why your IT project needs an experienced IT project manager. Any individual with project management experience might seem capable of spearheading IT...

It’s difficult to get accurate statistics on IT project failures. Few organizations like to self-report wildly inaccurate time estimates and budget overruns. They hesitate to say that projects are abandoned because of these and other issues.

One frequently cited report from The Standish...

Financial services organizations are showing keen interest in artificial intelligence. According to a recent report by the Economist Intelligence Unit (EIU), 85 percent of banks have a “clear strategy” for incorporating AI into their products and services. Almost half (46 percent) of bank...

Artificial intelligence has many compelling use cases in healthcare. Computer vision systems, for example, can identify patterns that humans might not detect. A recent study published in the Lancet found that AI-assisted analysis of medical images improved the detection of breast cancer by about...

In 2022, New York City passed a law regulating the use of artificial intelligence to assess candidates for hiring or promotion. Local Law 144, which went into effect July 5, 2023, requires employers to conduct a “bias audit” to determine if the AI tool discriminates against candidates in...

People often wonder what it would be like if computers could think. Computer vision is about enabling them to see. Not literally, of course. But the field of computer vision allows machines to understand the content of visual inputs and take action based on that information.

It’s pretty...

The natural language processing market is booming. Researchers with Fortune Business Insights expect the NLP market to exceed $112 billion by 2030, a compound annual growth rate of 24.6 percent. Organizations are adopting NLP tools to increase the efficiency of business processes and capture...

Advances in deep learning technology have generated today’s hype surrounding artificial intelligence. Applications such as ChatGPT and Lensa AI have captured the imagination of users worldwide. The tools are fascinating because they can create text, art and more, blurring the lines between...

The term “artificial intelligence” was first popularized at the 1956 Dartmouth Conferences, and until the past few years it was largely considered science fiction. From R2D2 and C3PO to The Terminator, people have always wondered what it would be like if machines could think, learn, reason and...

Artificial intelligence is transforming cybersecurity, and in many ways taking it out of human hands. Cybercriminals are using AI to accelerate their activities and gain new insights into the systems they’re trying to attack. In recent articles, we talked specifically about the use of ChatGPT in...

Software supply chain attacks have reached epidemic levels. In a 2023 study, 90 percent of IT professionals said their organizations had been affected by software supply chain threats in the past year. Additionally, 88 percent said these threats created risk for the entire organization. However,...

The technology industry is fond of buzzwords, and “artificial intelligence” is the buzzword du jour. In the few months since the introduction of ChatGPT, AI products have cropped up everywhere. Unfortunately, many companies are engaging in “AI washing” — claiming their products are AI-enabled...

In our last post, we discussed how bad actors can use ChatGPT to take phishing attacks to a new level. That’s not the only threat. The AI chatbot can also generate malware that is more effective at gaining access to the network and finding data that may be valuable to the hacker.

Some industry analysts are heralding ChatGPT as the solution to many cybersecurity problems. After all, hackers are using artificial intelligence to boost the scale and frequency of their attacks to unprecedented levels. Organizations are recognizing the need to leverage AI and machine learning...

Stryker Corp. has sued a former employee for allegedly downloading multiple folders of data to a personal thumb drive before resigning. The former employee also deleted hundreds of documents from her company-issued laptop and cloud-based storage. The medical equipment company says the data...

On March 22, 2023, Microsoft announced the release of a new version GitHub Copilot, its AI-assisted coding tool. Based on OpenAI’s GPT-4 multimodal large language model, the new solution adds chatbot functionality similar to...

Many hiring managers look for vendor certifications when vetting candidates for IT positions. Unfortunately, certifications are no longer a reliable benchmark for evaluating a candidate’s skills.

Years ago, most certifications required physical interaction with the vendor’s equipment....

When most people think of zero trust, they think of network security. All users and devices attempting to access the network are considered threats until their identity is verified and access rights validated. Access rights are strictly limited to what users need to do their jobs.

However,...

In our last post How DeSeMa’s Talent Appraisal Capabilities Take the Guesswork Out of Hiring, we discussed the challenges associated with endpoint provisioning and management as endpoint devices proliferate. Manual processes consume a...

When hiring IT professionals, managers often have more questions than answers. What skill sets do I need for this project or initiative? Does the candidate have those skill sets? Are the candidate’s certifications valuable? What kind of salary should I offer?

It’s a lot like buying a used...

It’s frustrating to have a key project funded, yet be unable to move forward due to a lack of human resources. It happens more often than you’d think, even among large enterprises. In a recent Gartner survey, IT leaders said that a shortage of talent was the most significant obstacle standing in...

Everyone knows the fable of The Boy Who Cried Wolf. A shepherd boy repeatedly tells the villagers that a wolf is attacking the flock, so no one believes him when he calls for help in a real wolf attack. The wolf devours the sheep and, in some versions of the story, the boy. It’s a cautionary...

In a previous post, we discussed version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS). All organizations that store, process or transmit payment card data must comply with PCI DSS, which requires minimum levels of security...

Bank of America introduced the world’s first general-purpose credit card, the BankAmericard, in 1958 and promptly lost an estimated $20 million to credit card fraud over the next 15 months. Efforts to eliminate credit card fraud have been only marginally successful since then.

The...

Massive layoffs by tech companies have put more than 125,000 people back into the job market, but it has not made a dent in the IT skills shortage. According to workforce analytics firm CyberSeek, the global tech worker shortfall now stands at about 3.5 million people, with 68 workers per 100...

Cloud repatriation is a hot topic, with IT industry analysts predicting that more organizations will migrate workloads from public cloud platforms back onto on-premises infrastructure. Cost is the usual reason. Many organizations have seen their cloud spend spiral out of control and are looking...

The average enterprise manages 135,000 endpoint devices, according to a 2022 report from the Ponemon Institute. Despite this enormous volume, most organizations continue to provision and manage endpoints manually.

Technicians often spend hours provisioning a single device, and ongoing...

OpenAI’s ChatGPT software has dominated IT industry headlines in recent months, with many pundits pontificating on the future of artificial intelligence. When asked an open-ended question, the ChatGPT app will generate text on that subject. GPT-3, the pre-trained multi-modal large language model...

You’ve developed a cloud-based application. Do you have the foundation you need to put your app into production?

Software-as-a-Service is a popular application delivery model in a wide range of industries, from healthcare to financial services to hospitality and retail. It enables...

They say that moving is the third most stressful event in life, following death and divorce. If the millions of Americans who will move their households this year are feeling the pinch, just imagine the pressure on IT managers who must oversee the relocation of corporate data center...

Building a DevOps team isn’t easy, and a skills shortage adds to the challenge. DevOps professionals are in high demand, which means they’re in limited supply. In a recent DevOps Institute survey, 64 percent of IT leaders said they’re having a hard time finding professionals who are skilled in...

“Identity is the new perimeter.” Security experts have repeated this catchphrase for at least 10 years. It started when organizations began large-scale adoption Software-as-a-Service applications, and the workforce became increasingly mobile. These trends created a porous network perimeter...

Three trends have converged to drive a dramatic increase in endpoint security threats:

It has often been said that public cloud services are more secure than the typical corporate data center. While that’s true, consider the following:

· Approximately 1.6 million files involving more than 80 municipalities were exposed due to a misconfigured Amazon S3 bucket related to...

It is nearly impossible to overstate cybercrime’s threat to global economic growth and stability. Recent research from the United Nations, the World Economic Forum and others suggests that cybercrime now costs the world more than $11 million per minute! Threats are being...

On Nov. 25, 2022, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) issued a joint alert warning of attacks directed by the Hive ransomware gang. The agencies...

A 2020 report found that 75 percent of organizations need to upgrade their IT infrastructure in order to take advantage of new technologies. Many are leveraging the cloud to minimize capital investments and implement new solutions with limited risk. However, the manual processes associated with...

The term “shift left” has traditionally been applied to the process of testing “early and often” in software development. Today, that concept also extends to security.

Conventional software development focuses on solving a problem, with security tacked on once the application is put into...

Organizations are putting a lot of time, money and effort into combating cybersecurity threats. In a recent Gartner survey, 66 percent of CIOs said that cybersecurity is their top area for increased investment in 2023, even though many are facing a budget squeeze.

The research firm...

Organizations have a lot to gain by migrating their databases to the cloud.

Traditionally, databases are installed on “bare metal” servers and carefully configured by expert administrators. Once the database is implemented — a process that could take weeks or even months — significant...

Cloud adoption continues to accelerate. Gartner has forecast that spending on public cloud services will increase 20.7 percent in 2023, up from the 18.8 percent growth predicted for 2022. The KPMG Global Tech Report 2022 finds that 88 percent of businesses consider themselves advanced in their...

Internet of Things (IoT) devices provide significant value to organizations in a wide range of industries. If they’re not properly secured, however, they pose significant risk to mission-critical operational technology (OT) systems.

The Microsoft Defender for IoT research team recently...

Well-funded hackers with sophisticated tools strike fear into everyone responsible for cybersecurity. For instance, the Conti ransomware gang was responsible for 20 percent of ransomware attacks in the first quarter of 2022, including one that caused Costa Rica to declare a state of emergency....

In August 2022, the California Office of Attorney General (OAG) issued its first fine for California Consumer Privacy Act (CCPA) violations. The OAG sued cosmetics retailer Sephora, in part for failing to provide consumers with a “Do Not Sell My Personal Information” link and continuing to sell...

Cyberattacks are among the most significant threats organizations face, and boards of directors are taking notice. Not long ago, boards had limited awareness of cyber threats. Today, 77 percent of board members say cybersecurity is a priority, according to a new study conducted by MIT Sloan’s...

Organizations are shifting their applications to the cloud to gain new levels of efficiency, elasticity and scalability. According to Flexera, 57 percent of organizations have moved workloads to the cloud, and that number should continue to increase.

However, moving mission-critical apps...

Recent cyberattacks such as the SolarWinds hack, along with exploits that take advantage of vulnerabilities such as Log4j, have highlighted the weaknesses inherent in the software supply chain. In light of the risk, the White House issued Executive Order (EO) 14028 on May 12, 2022, establishing...

Although the number of attacks declined in the first half of 2022, ransomware remains the most significant cybersecurity threat organizations face. In a recent SpyCloud survey of IT professionals in organizations with 500 or more employees, 90 percent said they had been affected by ransomware in...

With millions of employees now accessing IT resources remotely, the corporate network perimeter has all but disappeared. That’s why the “zero trust” model has become an essential element of modern security. Zero trust is a system-wide cybersecurity strategy that assumes every user and device is...

In his 2004 book “The Paradox of Choice: Why More is Less,” psychologist Barry Schwartz suggests that an overabundance of choice contributes to anxiety, dissatisfaction and regret by setting us up for unrealistic expectations. With so many choices, he theorizes, we will invariably second-guess...

2022 is shaping up as a potentially grim year for cybersecurity due to a combination of factors, including the inherent risks of remote working, the chronic shortage of IT security professionals and the spread of increasingly sophisticated threats. As such, all organizations should conduct...

Cloud computing has turned IT management on its head in multiple ways. Users have the power to procure and use cloud resources without the involvement of IT. In light of that, users have a greater need for privileged access to those resources, increasing the complexity...

In a global economy, businesses are highly dependent on goods and services moving through a complex supply chain of international participants. Bringing a product to market involves intricate relationships with hundreds or even thousands of “links” in the chain,...

Software-as-a-Service (SaaS) has long been the most popular cloud computing model. It enables organizations to eliminate the cost and headaches of implementing and managing applications on premises. SaaS also increases productivity and flexibility, and allows...

Redundancy is the linchpin of resilience. Organizations commonly implement redundant IT infrastructure to ensure the availability of applications in the event of hardware failure or network outage. The same principles apply to cloud applications. Although public cloud...

There has long been a tug of war between software developers and IT security. Developers want the freedom to download and run whatever applications they want. IT teams are concerned with ensuring that systems are secure.

A lot of organizations walk a fine line...

On July 6, the heads of the FBI and MI5 issued an unprecedented joint statement about the threat of corporate espionage, intellectual property theft and election tampering from China. FBI Director Christopher Wray said that Chinese government-backed cybercrime “poses the biggest long-term...

Most organizations get the big things right when it comes to security. They are really good at securing the perimeter and patching the major security holes. They understand what they need to do to keep critical systems and applications secure.

Problems often arise with the little things in...

Organizations are outsourcing many business functions, from recruiting to purchasing to legal and compliance processes. In today’s tight job market, outsourcing can be an effective way to gain needed skills while allowing existing staff to focus on core business functions.

IT has long been...

Every user needs access to technology tools and resources to do their jobs. However, organizations must restrict access to IT resources to reduce the risk of security incidents. When security is prioritized over access, productivity suffers. Users start looking for workarounds to get their jobs...

Application modernization is a top priority of organizations looking to streamline business processes, enhance the user experience and move more workloads to the cloud. Many organizations have business-critical software that has been used for decades, and dedicate as much as 70 percent of their...

Today’s economy is driven by software, with businesses constantly using applications for a wide range of tasks and processes. One recent survey found that the average knowledge worker uses 9.4 apps in a given day.

The cloud has accelerated application adoption. According to a Produtiv...

Many organizations see tremendous value in open source software. Most open source solutions are available for free download, and organizations can customize the source code to meet specific needs. Because open source licensing schemes generally prohibit the addition of proprietary components,...

Most people think of cybersecurity as locking users out of particular systems or keeping them away from certain types of data. But truly good security is more about enabling users to work where and how they want, and accomplish tasks seamlessly and efficiently.

This typically involves...

IT security systems are designed to prevent malicious outsiders from invading the network. However, these systems generally do little to keep data inside the network. After all, employees, contractors, suppliers, partners and even customers need ready access to data in order to keep the...

On average, it takes organizations 212 days to identify a security breach and 75 days contain it, according to the 2021 Cost of a Data Breach Report by the Ponemon Institute and IBM. Breaches that took more than 200 days to identify and contain cost 35 percent more than those that were contained...

In our last article 6 Tips for Getting Your Cloud Spend Under Control, we discussed six tips for getting the cloud spend under control. Here are six more advanced techniques.

Managing the cloud spend is a top challenge for 81 percent of organizations, according to the Flexera 2022 State of the Cloud Report. Survey respondents said that their public cloud spend exceeded budget by 13 percent on average, and estimated that 32 percent of their cloud spend is wasted....

Clouds may seem isolated, but in reality they are just a component part of the extended IT infrastructure. Treating them as distinct entities only creates headaches and risk.

Even organizations that have standardized on a single cloud technology stack have a hybrid, multi-cloud...

Most organizations understand their regulatory compliance obligations with regard to data security and privacy. Or do they?

Two key trends are complicating compliance: laws and regulations are becoming more numerous and complex, and organizations are storing more data than ever. For...

The rise of electronic health records (EHRs) means that healthcare organizations are collecting, storing, and sharing more data than ever before. That data is very valuable to cybercriminals.

Experts say that a full medical record can sell on the black market for as much as $1,000 due to...

According to a March 8, 2022, report, analysts at Armis Research Labs discovered three vulnerabilities in uninterruptible power supplies (UPSs) that could allow attackers to take down critical infrastructure. The security flaws, collectively dubbed TLStorm, could enable remote code execution,...

The EU’s General Data Protection Regulation (GDPR). Sarbanes-Oxley. The Health Insurance Portability and Accountability Act (HIPAA). Gramm-Leach-Bliley. The Payment Card Industry Data Security Standard (PCI DSS). These are just a few of the regulations that include stringent requirements for IT...

DevOps has seen widespread adoption in recent years as organizations seek to accelerate technological innovation. The DevOps model integrates software development and system operations skill sets, enabling these teams to become more agile and customer-focused. It incorporates a set of practices...

Recognizing the need for faster, more automated development-to-production processes, almost 75% of organizations have adopted DevOps practices. Yet, security remains a significant gap.

In a 2021 Osterman Research study, just 56% of security professionals felt confident that their...

When most IT shops look at asset management, they’re thinking about managing the physical equipment. They track when the equipment was purchased, where it was deployed in the organization, and any associated maintenance agreements. Some organizations also track software licenses as part of their...

Cybersecurity Ventures estimates that cybercrime cost $6 trillion globally in 2021, making it more profitable than the combined global trade in illegal drugs. Because much of the impact falls directly on businesses, it is one of the most significant threats organizations face. In a recent...

When you engage an IT consultant or solution architect, one of the first questions you should ask is how that person is being compensated. The same goes for the engineers who implement the solution. The answer may surprise you.

In our last post, we covered some of the ongoing costs of poor cybersecurity practices. Organizations with inadequate security often suffer from network performance problems and have increased IT staffing needs due to improperly tuned security tools. Inflexible security environments limit remote...

The cost of a security breach is well documented, but it’s only one of the financial consequences of inadequate security. Poor security practices can have effects that resonate across the organization and impact the top and bottom lines.

At DeSeMa, we’re proud to offer expert IT security...

The COVID-19 pandemic has spurred the Great Resignation, with millions of people leaving their jobs. According to Harvard Business Review, resignations have been highest among mid-career workers between 30 and 45 years old. The tech industry has been hit particularly hard, with turnover...

Most organizations recognize the critical importance of endpoint security. In a recent Ponemon Institute study, 68% of respondents said their organization had been compromised by at least one endpoint attack during the preceding 12 months. The average cost of a successful attack, including lost...

In November 2021, security researchers noted a zero-day exploit affecting the Java version of the Minecraft video game. Hackers could execute malicious code by manipulating Minecraft log files — simply by typing things in a chat box. When it became apparent that the vulnerability was in a...

The average organization used 110 Software-as-a-Service (SaaS) applications in 2021, according to a new report from Statista. That’s 110 different places where data is entered, processed and stored. Generally, these standalone applications don’t talk to one another, so users end up having to...

DeSeMa transforms complex IT environments into streamlined, highly secure systems. We make your IT assets work together more effectively to save money, increase operational efficiency, and reduce risk. Keep reading to learn about our expertise and the IT services we offer, and contact us...

In principle, security information and event management (SIEM) sound like the solution to the challenge of detecting cyber threats. SIEM collects log files and other security data from across the enterprise and stores it in a central database. The system then correlates and analyzes the data to...