Almost half of Australian IT leaders will drive their organisations' transition to hybrid cloud infrastructure over the next few years, according to a study by Microsoft. Approximately 40 percent of Australian respondents indicated that their organisations are already transitioning to hybrid cloud with either integrated or non-integrated public and private cloud infrastructure. Microsoft expects this number to increase to 49 percent in the next 12 to 18 months. However, 43 percent of IT leaders in Australia are still using only private cloud, while 17 percent are using only public cloud solutions, according to the survey that sampled 1,200 IT leaders within Asia Pacific. Australian organisations are not likely to increase their investments in private or public-only cloud solutions, it added.
AustCyber is working with the Australian Department of Education and Training, and PwC's Skills for Australia program, to understand our needs for cyber vocational education and training. "We are gathering insights to learn about key cyber security skills needs and industry trends," wrote AustCyber on Wednesday. The aim is "to provide an evidence-based case for developing vocational training in cyber security skills that are transferable across multiple industries". We've been hearing that for years, although some of the guesstimates seem extravagant. Cisco said in 2015 that there were one million unfilled cyber jobs [PDF].
Mark 2016 as the year that researchers applied artificial intelligence (AI) to the challenges of cybersecurity. If machines can steer our cars and predict our shopping habits, then why not watch over our networks and servers too? IBM in May 2016 announced Watson for Cyber Security, in which the IT behemoth began teaching its pattern-recognition supercomputer to learn the difference between safe and risky data. That could ease the burden on overworked cybersecurity professionals, IBM hopes. Several universities involved with that project began having students train the system within the past several weeks, explained IBM Watson's Jeb Linton, chief security architect.
To no one's surprise, end users continue to be the favorite target of cybercriminals. Verizon's 2017 Data Breach Digest, the companion to its annual data breaches report, states that of the data-loss incidents studied, 90% involved phishing or the social engineering of end users. A July 2018 Cybersecurity Insiders report (PDF) concluded, once again, that more than 90% of the participating organizations felt vulnerable to insider malicious behavior or inadvertent errors by end users. Some experts suggest attitude is a big reason why end users are targeted. "Some IT pros will say that training end users is a waste of time, as they [end users] will click through the training but not heed the warnings," writes CompTIA product manager Stephen Schneiter, in his CompTIA.org
The National Security Agency develops advanced hacking tools in-house for both offense and defense--which you could probably guess even if some notable examples hadn't leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency chose for the first time demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity advisor Rob Joyce called the tool a "contribution to the nation's cybersecurity community" in announcing it at RSA, it will no doubt be used far beyond the United States. You can't use Ghidra to hack devices; it's instead a reverse engineering platform used to take "compiled," deployed software and "decompile" it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveals what the software you churn through it does.