elgan.com

On the morning of July 9, 2012, the world braced for an “internet doomsday”: a full-scale crash of the global internet.

Except it didn’t happen. And that non-event represented the culmination of a long and successful coordinated action taken between a huge number of organizations, spearheaded by the FBI.

It was one of the most remarkable operations in the history of cyber crime, and it led to lasting changes in how professionals think about and defend against malicious cyberattacks. 

Here's how the DNSChanger malware reaction changed cybersecurity forever. 

Artificial Intelligence (AI) continues to be widely adopted by businesses, with 86% of respondents to a recent PwC survey saying it is "mainstream technology" at their company. With such broad usage, it can be challenging to best determine how to use AI in your business to gain a competitive advantage.

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe.

With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And so the question arises: Are your organization’s misconfigured cloud resources being advertised to malicious hackers?

The biggest technology-driven trend to affect business in the coming years is synthetic media. Yet this phrase is rarely even uttered in boardrooms and on Zoom meetings.

It’s time to clarify what synthetic media is, and why it’s going to be so impactful.

Synthetic media is any kind of video, pictures, virtual objects, sound or words that is produced by, or with the help of, artificial intelligence (AI). This category includes deepfake content, text-prompted AI-generated “art,” virtual content in virtual reality (VR) and augmented reality (AR) environments, and other new content types.

Many synthetic media tools started as obscure academic research or limited-beta online playthings. But it’s now on the brink of making a colossal splash in business, marketing, media and, well, human culture.

How colossal? In the book “Deepfakes: The Coming Infocalypse,” author and synthetic media analyst Nina Schick estimates that some 90% of all online content may be synthetic media within four years.

Here's why media is going synthetic. 

My backpack failed me in the worst way. The zippers failed at the Marseille Airport rental car lot. The backpack was less than a year old. 

In October of last year, I bought the Endurax Camera Drone Backpack. I liked it because it had a flat drone launching pad, a rain-proof cover, lots of space and cost only a hundred bucks on Amazon. 

Big mistake. 

The front panel, which exposed the entire innards of the backpack, closed with two zippers, which met in the middle. 

Some months ago, one of the zipper's sliders slipped off the "teeth" or "chain" of the zipper. It was inconvenient, but I kept using it with the other zipper. 

Then, a couple months ago, the second zipper slipped off as well. I had to carry the backpack horizontally with both arms in front of me to the rental car. (I understood the possibility of using pliers to re-connect the sliders. But I had lost faith in the zipper.)

Once we arrived at our apartment in Provence, I used the mini day pack that attaches to, and came with, my Meridian rolling luggage. The pack is handy, but it's really a minimal, poorly protected skimpy backpack. That's what I used for the next two months. I carried it across France, Spain and Morocco. I wore it in the Sahara desert. 

In that tiny backpack I squeezed my brand-new M1 MacBook Pro, my iPad Pro and my Sony A7 III dslr into the backpack, using T-shirts for padding. 

During two months of travel, the flimsy backpack damaged the expensive Pad & Quill cover for my laptop, and probably damaged my camera. It was painful to wear. When it rained, I had to take shelter because I knew the backpack couldn't handle the rain. 

It was a stressful, painful two months, thanks to the failure of my backpack. 

But no more. 

I just bought the Peak Design 45L Travel Backpack (pictured above). It cost three times the amount as my previous backpack, and worth every penny. It has super high-quality, waterproof zippers. All the materials are extremely high quality, plus it has a gazillion great features that you can research if you're interested (mostly around the designs for wearability, access and straps). It's really an incredible backpack. I also bought a small "Camera Cube" to optimize the protection and use of my DSLR. 

My point is not to praise the Peak Design backpack specifically, but to offer the following advice: Don't fuck around with your backpack purchase if you're an internationally traveling digital nomad, especially one like me who carries expensive gear. 

My attempt to save a few bucks almost cost me thousands of dollars in damaged equipment, nearly wrecked my back and created needless stress while traveling. 

When you buy a backpack, get one that will not fail you. When you're abroad carrying expensive gear, backpack failure is not an option. 

Some new and potent myths about digital nomads have emerged in the past few weeks. I come to bury these myths, not to praise them.

Cybersecurity at U.S. federal agencies has been running behind the times for years. It took an executive order by President Joe Biden to kickstart a fix across the agencies. The government initiative also serves as a wake-up call to enterprises lagging in getting zero trust up and running. 

There’s much to be learned, and much to be gained, by CISOs from NIST’s zero trust guidelines. Above all, understand that the zero trust era is truly here.

Have you heard the news? Regular smartphones are getting satellite connectivity! Apple’s news is just one part of a larger story about satellite connectivity coming to everyday smartphones.

But it’s important to temper expectations about how these revolutions will transform business communications in the near future. Because they won’t.

Here's everything you need to know about the new world of smartphone satellite. 

Though definitions vary, quiet quitting is the deliberate withholding by an employee of their full potential effort at work.

The Gallup organization calls "quiet quitters" "actively disengaged workers," and their percentage has, in fact, risen in the past two years.

But the "quiet quitter" label is new, enabling the concept to go viral on social media.

Technically, the phrase is misleading. Quiet quitting is explicitly undertaken as an *alternative* to quitting. 

But quiet quitting represents a breakdown in communication. And that's the biggest problem. The problem isn't the "quitting" (that isn't quitting). The problem is the "quiet" part.

It's time to communicate. So don't quit on the quiet quitters.

The globally-recognized Certified Information Systems Auditor (CISA) certification shows knowledge of IT and auditing, security, governance, control and assurance to assess potential threats. As you can imagine, it’s very much in demand. It can also be confusing. Here's what you need to know. 

Based on comments by Apple CEO Tim Cook (most recently in June), the company believes AR is the future of Apple.

So why two platforms? Why the VR goggles? Why doesn’t Apple just wait until the revolutionary glasses are ready?

A survey by the UK's union for performing arts workers, Equity, found that 93% of audio artists thought AI posed a threat to their jobs. 65% of all members thought the same. 

AI-based audio tools aren't in the union, don't get tired and work super fast. Audiobook.ai, for example, can create an audiobook in 10 minutes in 43 languages. Great piece in the Financial Times. 

Companies have been increasingly complaining to the FBI about prospective employees using real-time deepfake video and deepfake audio for remote interviews, along with the person information of somebody else, to land jobs at American companies.

Here are the surprising trends driving this disturbing new scam. 

The clothing store PacSun has hired Instagram "influencer" Lil Miquela as their new model. 

Miquela is a fake person created by a Los Angeles software company called Brud. The simulated human, who has 3 million followers on Instagram, previously did "modeling" work for Calvin Klein and often appears superimposed in photographs interacting with real humans. 

Instagram posts on the @lilmiquela account generate confused but enthusiastic comments: 

How you been ????

Bestie you look hot!

I love you

Surely they know that there is no Miquela there. What's disturbing is that people do know, but don't care. They seem to want to interact with an influencer, but don't care that the influencer they're interacting with isn't there at all. 

Some consider Miquela to be the future of branding. As a model "she’ll never age, clothes will always fit her perfectly in advertisements, and she’ll always do exactly what you ask of her," according to Input magazine.

Come to think of it, those are great qualifications for actors -- either wholly fabricated or re-creations of living actors.  

It’s easy to say, as many have in recent months, that the office of the future is in the so-called metaverse or that the metaverse is the solution to remote and hybrid work issues.

It’s easy because the word “metaverse” does not have a universally accepted meaning.

For example, if the statement “The office of the future is in the metaverse” means people start their day by putting on virtual reality (VR) goggles, sitting at a virtual desk using a virtual computer surrounded by avatars, and going to virtual meetings in a universally shared extended-reality virtual space, I would strongly disagree with that prediction.

If, however, the statement means that, in addition to the tools we have now, we’ll also sometimes use augmented reality (AR) and VR briefly for specific purposes, I would not only agree, I would say:

“Of course — this has been assumed for decades. This is obviously going to happen.”

Forget the hype and wishful thinking. Here's how "metaverse" technologies will affect the future of work.

The remote work revolution comes with challenges that have not been remotely solved in most organizations that have made the transition.

Among these challenges are:

• Remote onboarding;
• Zoom fatigue and remote meeting overload;
• Up-to-date cybersecurity and tech training;
• Culture-building by remote staff;
• Asynchronous communication

The solution to these problems may be right there in your pocket: podcasting. Here's why. 

Endpoint management is a simple concept that’s become more complex over time. Initially, it was about provisioning and managing the computers and devices that people use in your organization in the bring your own device (BYOD) and mobile computing era. Then the Internet of Things (IoT) made things far more complex. And now perimeter security is being replaced by zero trust. 

The evolution of endpoint management is one of tackling increasing complexity. Here's what you need to know. 

The Guelaguetza: Oaxaca’s epic indigenous cultural event of food, dance, music and spectacle

Each summer, the city of Oaxaca dresses up in retina-searing colors and transforms itself into the most important indigenous cultural event anywhere in the Americas.

We've had the privilege of attending this year's Guelaguetza Festival for the first time, thanks to the help and courtesy of Oaxacan friends. And we have loved every minute of it.

Here's what the Guelaguetza is all about. 

Remember when tech workers were ruining San Francisco by their very presence?

The crisis peaked between 2014-2017 when the booming tech industry was blamed for driving up the cost of real estate. Tech companies drove high demand for office space and also rental housing.

Now they're being blamed for ruining San Francisco — by their absence.

The absence of tech and other workers is crushing city budgets and services, which could cause a chain reaction leading to the decay and shrinking of urban centers.

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) recently published updated guidance for reducing cybersecurity risks in supply chains.

Titled “Software Supply Chain Security Guidance,” the update is NIST’s response to directives issued by an executive order by President Joe Biden, designed to improve cybersecurity in the United States. 

This NIST guidance is assumed to target federal agencies. However, NIST points out that it can apply to all kinds of organizations. It’s one of the most thorough references out there for cyber supply chain risk management. 

Don’t want to read a 326-page document? Here are the 10 key takeaways that can inform your efforts to secure your supply chain.

Call it “artificial emotional intelligence” — the kind of artificial intelligence (AI) that can now detect the emotional state of a human user.

Or can it?

More importantly, should it?

For the most part, and for now, the use of emotion AI tools may be misguided, but mostly harmless, as long as everyone involved truly consents. But as the technology gets better, and face-interpreting, body-language reading technology approaches mind-reading and lie detection, it could have serious implications for business, government, and society.

In general, all this is part of a new phase in the evolution of AI and our relationship to the technology. While we’re learning that it can solve myriad problems, we’re also finding out it can create new ones.

Meetings don't work.

Or, at least, the majority of staff meetings are time-wasting, productivity-killing, creativity-stifling products of wishful or delusional thinking.

Before the pandemic and its mass movement to remote and hybrid work, meetings were already problematic.

We've all seen how meetings fail.

Most meetings in the office result from a policy to hold regular — often weekly — staff "update" meetings. Or they're the result of procrastination. We can't make a decision right now, so let's schedule a meeting. Or some new initiative, problem, or idea inspires action, and scheduling a meeting feels like action.

Once the meeting begins, eyes glaze, and some meeting participants start mentally tuning out the conversation while pretending to pay attention. (Others don't even pretend; it's become increasingly normal or acceptable to stay glued to a laptop or phone screen during meetings.

Meetings are often dominated by attention-seekers, ladder climbers, extroverts, and long-winded speech-makers. In contrast, others mostly remain silent with little to no correlation between saying something and having something to say.

Meetings suppress creative thought. Most end in a fog of vagueness, without clear objectives, deadlines, and assignments.

And employees hate them.

Here's why meetings don't work anymore and what to do instead. 

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

More than a year ago, a ransomware attack made the news across the nation. The Colonial Pipeline Company announced on May 7, 2021, that the DarkSide Ransomware-as-a-Service group, based in eastern Europe, had hit it. The FBI has since confirmed DarkSide, which has since shut down, as the threat actors. 

In the wake of the Russian attack on Ukraine, here's what’s changed about U.S. cyber policy.

Major ransomware attacks are scary, but against hospitals, they are even worse. One notable attack in August 2021 forced Ohio’s Memorial Health System emergency room to shut down (patients were diverted to other hospitals). In all hospital attacks, the health, safety, privacy and lives of patients face risk. But this incident also shows that whether targets are hospitals or any other kind of organization, the time and money spent preventing attacks is almost always worth it. 

But what do you do if protective measures fail? What can be done once an attack is already happening? 

One health care IT director set a fantastic example of what to do when an active ransomware attack was detected.

After decades of playing defense, the United States government went on the offense in the past few years against global state-sponsored cyber attackers. U.S. Cyber Command conducted “hunt forward” operations recently in 16 countries, including in Ukraine, as part of a policy set in 2018. 

This policy involves partnering with foreign countries on finding cyber threats against them. The idea is that, instead of the U.S. and its smaller allies each facing common adversaries alone, they do so together. The U.S. provides more resources and its allies provide access to its critical networks. What can cybersecurity teams working with other organizations learn from their tactics?

Before COVID-19, open-plan offices were on the rise. Facebook's new Menlo Park headquarters boasted the "largest open floor plan in the world," for example.

The open-plan office obsession, which probably peaked around ten years ago, was based on what I've called "collaboration bias" — the under-examined assumption that ad-hoc social encounters are more valuable for business, creativity, and productivity than un-interrupted "deep work."

But a series of recent surveys shed new light on the misguided disaster that is the open-plan office and the importance of private offices, regardless of where they are.

While employees hated open-plan offices before, disdain for open-plan offices is greater now than before the pandemic, according to a survey by Framery, which makes sound-proof booths for offices. Some 41% say their ability to concentrate in an open-floor plan office significantly worsened after the pandemic.

But let me be very clear: Open-plan offices are a threat to your company's ability to succeed. 

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

The privately held Colonial Pipeline company, which provides nearly half of the fuel used by the East Coast — gasoline, heating oil, jet fuel and fuel for the military totaling around 100 million gallons a day — was hit by a double-extortion ransomware attack by a DarkSide group in May of 2021. 

In reaction, the company shut down pipeline operations and IT systems. Next, they brought in FireEye’s Mandiant to conduct cyber forensics. 

The event triggered panic in national security circles. After years of talk about whether a state-sponsored cyberattack could shut down major infrastructure or utilities on a massive scale, it seemed like that fear finally came true. In fact, the company was motivated by money and chose to shut down.

Still, the Colonial Pipeline attack mobilized the federal government into action. And that action is what’s still causing lingering problems.

The FBI warned last week that people are interviewing for tech jobs using stolen identities — and even deepfake videos.

Specifically, the FBI Internet Crime Complaint Center (IC3) on June 28 reported an increase in complaints about the use of stolen personal information — and even real-time deepfake video technology during Zoom interviews — by some tech job candidates to misrepresent their job experience or lie about who is actually applying for the job.

The FBI said that the rise in fake applicants is happening mainly in software development, database, and other software-related job openings.

Here's what you need to know about deepfake remote job interviews.

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

This brainy bunch bloviates about Silicon Valley's response to the overturning of Roe v Wade, GitHub Copilot, Elon Musk, the Bitcoin crash, Instagram, Facebook, Meta's constant theft, TikTok (is it actually a force for good?), the Splinternet, Steve Jobs, the many Metaverses, 

Watch now, get all the details and links and subscribe!

In a market economy, some human spaces are provided as services that compete with other services to attract customers. This is true of hotels, gyms, and shopping malls.

But it hasn't been true of workplaces.

In the past, the workplace was provided by a monopoly provider — the company you worked for. As a result, offices hadn't been particularly appealing or creative, with industry exceptions like tech, where the nature of employment can be fluid.

Once an employer was chosen, individual employees didn't have a choice like customers. Instead, workplace quality was just another factor lumped in with many other factors for how appealing an employer might be.

You might accept a substandard workplace if other factors like higher salary and better growth opportunities were available.

But in the future of work, that's going to change. It's already changing.

Get ready for the rise of the "destination workplace."

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]