Put down the stilton! Step away from that tub of Cadburys Celebrations and refrain from pouring yourself a lunchtime Snowball Christmas is over, people. Its time to get serious. The UK TV schedules have got the memo at least; theyve stopped airing tinselly specials and getting dewy-eyed over Gavin & Stacey, and started airing crime shows again just the thing to toughen us up so we can face down 2025 with a steely glare. Grantchester series nines finally airing in the UK after its 2024 US debut, theres new Silent Witness, NCIS, Father Brown and all kinds of police-based business with Patience, Playing Nice and more.If crimes not your bag, then look forward to Western American Primeval on Netflix, the second series of mind-bending sci-fi Severance on Apple TV+, the second and final series of sci-fi Beacon 23, the Star Trek: Section 31 movie, plus a new run of From, all coming in January. Beyond that, we have more Yellowjackets, Reacher, Cobra Kai and The White Lotus, arriving on streaming in Feb, along with new six-part UK drama A Thousand Blows, from the creator of Peaky Blinders.As well as all that, heres a big look ahead to the new British drama coming up, all the big returning British series this year, and for crime fans, a list of the new UK crime dramas to anticipate in 2025.Well update this list of TV highlights weekly with more shows, dates and times as the release announcements arrive. If youre based in the US, heres where to look for the relevant info.

Today at CES 2025 in Las Vegas, Schlage unveiled its new Schlage Sense Pro Smart Deadbolt, marking the companys first Ultra Wideband-enabled smart lock, complete with support for Matter-over-Thread.Schlage has consistently been at the forefront of connected home smart locks. In March 2022, it made history as the first company to launch an NFC-assisted Apple Home Keys-enabled smart lock solution, the popular Schlage Encode Plus. Now, lets take a closer look at the features and capabilities of the upcoming Schlage Sense Pro Smart Deadbolt.Schlage Sense Pro Smart DeadboltThe Schlage Sense Pro will feature Matter-over-Thread support and deliver hands-free unlocking. Thread is, of course, the power-efficient, low-bandwidth, and low-latency communication protocol for IoT devices. Its more efficient than Wi-Fi, which prolongs battery life in connected devices, and because theres lower latency, theres less delay between issuing commands. Another advantage of Thread is that it eliminates the requirement for a separate hub for each brand or device. All you need is a thread-enabled border router, and the good news is that you might already have one. The HomePod (2nd-generation), HomePod mini, and the 3rd-generation Apple TV 4K with Ethernet all sport Thread radios and serve as border routers. There are quite a few non-Apple Thread border routers as well.The Schlage Sense Pro, with Matter support over Thread, is poised to become a versatile smart lock. It can be easily controlled through various platforms like Apple HomeKit, Amazon Alexa, and Google. Additionally, it leverages the efficiency, bandwidth, and latency advantages of Thread.But thats not all the Sense Pro aims to deliver. Schlages flagship lock boasts the latest version of its Converge technology, which introduces support for Ultra Wideband between the lock and the users paired and authorized device.Ultra Wideband technology intelligently calculates speed, trajectory, and motion, enabling the lock to better comprehend the users positioning and intent to enter. In essence, it will unlock the door precisely at the moment the user reaches it. The Sense Pro offers various convenient features, including hands-free unlocking, keypad access code entry, and tap-to-unlock using NFC, among others.The Schlage Sense Pro, similar to the Encode Plus (review) before it, is poised to become a compelling addition to connected homes. What are your thoughts on it? Schlage has announced that we can expect its new flagship smart lock to arrive later this year. Well provide more details, including a comprehensive review and hands-on experience, once its released!Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

We may be just a few days into 2025, but Apple thinks it can already tell which upcoming music artists are set to make a breakthrough this year. The company shared its predictions as the Shazam Fast Forward 2025.Apple looked at the trending artists in the first five days of music Shazammed by users, and had its own music editors review them The company said the method has a proven track record, though its perhaps hard to separate cause from effect when Apple highlights a musician.With more than 300 million global monthly users and over 100 billion global song recognitions since its launch, Shazams unique ability to accurately predict the next breaking artist is unparalleled and has become a reliable and invaluable tool for both artists and fans over the years.Last years predictions list proved to be another great batch of talent, with two-thirds of the artists reaching Apple Musics Daily Top 100 in 150 countries, and a third entering Shazam National charts in 46 countries. On average compared to the year prior, Shazams class of 2024 Predictions artists saw a +34% increase in Shazam song matches, a +146% increase in Apple Music streams, and a +269% increase in radio spins.Apple shared the first 10 of 50 artists, with the first day focused on dance music.Today, Shazam unveiled Shazam Fast Forward 2025, its revamped list of yearly predictions, spotlighting 50 artists that are perfectly poised to have a breakthrough year.Starting today and continuing through Friday, Shazam will unveil 10 artists per day, broken down into broader genres spanning Dance; Latin; Alternative, Rock, and Country; Pop; and Hip-Hop and R&B. To discover each batch of daily predictions, music fans can now explore an all-newmicrositeto get to know these emerging artists, discover their bios, and access playlists, or check outShazams curator pageon Apple Music.Apple says there are multiple indicators of success for each artist.Each artist featured has shown early indicators of future growth, including early and consistent momentum in Shazam activity, as well as discovery trends in more than one country. You can find the 10 dance artists below.ProphecyThe Spanish DJ duo first gained traction on Shazam in May 2023, with early popularity in Romania and Argentina. Collaborations with David Guetta on Kill The Vibe (their top song on Shazam) and Tisto on My City saw Prophecy enter charts in Denmark, Hungary, and Croatia. Their top countries for Shazam activity are the US, Germany, and Mexico. Prophecy have also reached Apple Musics Top Dance Songs chart in more than 50 countries worldwide, including nine where theyve reached the top 10.KhathapillarThe South African Amapiano DJ first appeared on Shazams radar in May 2024 in South Africa. His top track, Diqabang, saw him collaborating with Sol Phenduka, Smash SA, and Kamoh Xaba, and it would spend over five months on the South African Shazam chart in 2024.ALSO ASTIRThe North Macedonia Electronic artist first popped on Shazam in October 2022 in Greece. His top track, Forget, drove a peak in song recognitions for him in July 2024. His top countries for Shazam activity are the US, Germany, and Brazil.Joe HuntThe British Garage DJ first gained traction on Shazam in August 2024 in New Zealand. His top track, Up To No Good (Extended), landed him on the Shazam charts for the first time, enjoying Shazam chart runs in New Zealand as well as his home country of Great Britain.MarasiThe Greek DJ first popped on Shazam in March 2023 in the United Arab Emirates. His top track Opera earned him a spot on the Greek Shazam chart, spending over 6 months on the chart and peaking at No. 64. His top countries for Shazam activity are his home country of Greece, followed by the US and France.Nu-LaThe British dance singer-songwriter first appeared on Shazams radar in January 2023. Her top track on Shazam is a collaboration with British DJ CHANEY, Out of My Depth (feat. Nu-La).QuentroThe Turkish DJ first showed up on Shazams radar in June 2024 in Greece. As Quentro geared up to debut his top track Perreo, song recognitions for Quentro on Shazam hit its peak.TR3NACRIAThe Italian DJ trio first gained traction on Shazam in April 2023 in the Netherlands. The trio enjoyed massive chart success this year with their top song La Foule (feat. StereoKilla) [Le Monde Mix] spending more than four months on the French Shazam chart, peaking at No. 36 in March. Their tracks Le Vent Nous Portera and Intro also hit the French chart this year. Previously, TR3NACRIA spent more than 5 weeks on the Greek Shazam chart with their song Sikulambele (feat. Lizwi) in 2023.VXSIONThe Brazilian House DJ first popped on Shazam in February 2023 in Romania. Their top song, Amana with Maz, spent more than seven months on the Greek Shazam chart this year, peaking at No. 35. Following the release of his remix of Days Of The Week by Flight Facilities, VXSION saw an uptick in song recognitions in July 2024.WITH UThe German Dance duo first gained traction on Shazam in April 2024 in Israel. Their top song, Karibu, spent nearly five months on the Italian Shazam chart, peaking at No. 33 in June 2024. July 2024 was one of the duos strongest months on Shazam, following the release of their track Alive with Albert Breaker and Mohalizer.Image: AppleAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Ensuring HomeKit compatibility for smart home products is now very much easier to achieve. Apple has agreed to accept Matter certification for all new devices, without requiring additional testing before granting the Works With Apple Home badge.Although it was always the goal that Matter support meant automatic compatibility with HomeKit, Google Home, Alexa, and Samsung Smart Things, there was previously a difference between theory and practice Theory and practice of the Matter standardPrior to the development of the Matter standard, every smart home device had to achieve separate compatibility with each of the main smart home platforms it wanted to support.Brands would have to submit applications to Apple, Google, Amazon, and Samsung, and then send their products for specific testing by each company. This added both time and expense to the product development process.The Matter standard was intended to change all of this. All the main platforms supported it, which meant that so long as a device was Matter-compatible, it would by definition also be compatible with Apples HomeKit, Google Home, Amazon Alexa, and Samsung Smart Things.In practice, however, none of the smart home platforms took this for granted. Each still required devices to be subjected to their own tests before they would grant the Works With badge.HomeKit compatibility now assumedHowever, Apple has now agreed to accept Matter certification as proof of HomeKit compatibility, without the need for additional testing. Provided a product passes all the Matter tests, Apple will allow it to use the Works With Apple Home badge. The news was announced by the Connectivity Standards Alliance.A key part of many Matter device makers go-to-market journey is earning major smart home ecosystems Works With certification and badges. These programs often require device makers to complete the Alliances certification process, and then participate in an entirely separate testing process for each Works With ecosystem.Recognizing the need for a more streamlined end-to-end certification process, the Alliance is excited to share that Apple has begun accepting Alliance Interop Lab test results for Matter devices for Works With Apple Home, and that Google and Samsung will be doing the same for their respective Works With Google Home, and Works With SmartThings certifications later this year, underscoring the credibility and reliability of the Alliances testing programs.The Lab is continuing to work with other members [read: Amazon] towards integrating additional Works With programs.Streamlined certification for improved versionsAnother obstacle for smart home products was that a software update for an existing product would need to go through the same certification process as the original, making it slower and more expensive to push over-the-air upgrades.The CSA has now agreed to a streamlined process, merely checking that they still work in the same way.The FastTrack Recertification Program was introduced by the Matter Working Group in November 2024. This new recertification program simplifies the process, significantly reducing costs and administrative overhead for product makers. It ensures product makers can more easily release critical updates to enhance their products and utilize the Interop Lab as a light touch check using the Labs capabilities to check that updates do not unintentionally degrade in functionality or performance when used with other popular devices and systems.Companies can also gain certification for carrying out their own tests using the CSAs test suite.Photo byPatrick CampanaleonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Jan 06, 2025Ravie LakshmananBlockchain / MalwareCybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems."By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, and configuration details," the Socket research team said in an analysis.Hardhat is a development environment for Ethereum software, incorporating various components for editing, compiling, debugging and deploying smart contracts and decentralized apps (dApps).The list of identified counterfeit packages is as follows -nomicsfoundations@nomisfoundation/hardhat-configureinstalledpackagepublish@nomisfoundation/hardhat-config@monicfoundation/hardhat-config@nomicsfoundation/sdk-test@nomicsfoundation/hardhat-config@nomicsfoundation/web3-sdk@nomicsfoundation/sdk-test1@nomicfoundations/hardhat-configcrypto-nodes-validatorsolana-validatornode-validatorshardhat-deploy-othershardhat-gas-optimizersolidity-comments-extractorsOf these packages, @nomicsfoundation/sdk-test has attracted 1,092 downloads. It was published over a year ago in October 2023. Once installed, they are designed to harvest mnemonic phrases and private keys from the Hardhat environment, following which they are exfiltrated to an attacker-controlled server."The attack begins when compromised packages are installed. These packages exploit the Hardhat runtime environment using functions such as hreInit() and hreConfig() to collect sensitive details like private keys, mnemonics, and configuration files," the company said."The collected data is transmitted to attacker-controlled endpoints, leveraging hardcoded keys and Ethereum addresses for streamlined exfiltration."The disclosure comes days after the discovery of another malicious npm package named ethereumvulncontracthandler that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but instead harbored functionality to drop the Quasar RAT malware.In recent months, malicious npm packages have also been observed using Ethereum smart contracts for command-and-control (C2) server address distribution, co-opting infected machines into a blockchain-powered botnet called MisakaNetwork. The campaign has been tracked back to a Russian-speaking threat actor named "_lain.""The threat actor points out an inherent npm ecosystem complexity, where packages often rely on numerous dependencies, creating a complex 'nesting doll' structure," Socket said."This dependency chain makes comprehensive security reviews challenging and opens opportunities for attackers to introduce malicious code. _lain admits to exploiting this complexity and dependency sprawl in npm ecosystems, knowing that it is impractical for developers to scrutinize every single package and dependency."That's not all. A set of phony libraries uncovered across the npm, PyPI, and RubyGems ecosystems have been found leveraging out-of-band application security testing (OAST) tools such as oastify.com and oast.fun to exfiltrate sensitive data to attacker-controlled servers.The names of the packages are as follows -adobe-dcapi-web (npm), which avoids compromising Windows, Linux, and macOS endpoints located in Russia and comes with capabilities to collect system informationmonoliht (PyPI), which collects system metadatachauuuyhhn, nosvemosssadfsd, holaaaaaafasdf (RubyGems), which contain embedded scripts designed to transfer sensitive information via DNS queries to an oastify.com endpoint"The same tools and techniques created for ethical security assessments are being misused by threat actors," Socket researcher Kirill Boychenko said. "Originally intended to uncover vulnerabilities in web applications, OAST methods are increasingly exploited to steal data, establish command and control (C2) channels, and execute multi-stage attacks."To mitigate the supply chain risks posed by such packages, it's recommended that software developers verify package authenticity, exercise caution when typing package names, and inspect the source code before installation.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

John Edwards, Technology Journalist & AuthorJanuary 6, 20256 Min ReadSergei Kovalkov via Alamy StockAlthough most of the software development lifecycle is now automated, infrastructure continues to be a largely manual process requiring specialized teams. Yet with infrastructure demands rapidly growing, more organizations now look toward automation for help.GitOps uses Git project repositories as the single source of truth for managing application configuration and deployment information, says Elliot Peele, senior manager of software development at analytics software provider SAS. "By using declarative specifications stored in a Git repository, it ensures that the desired state of the system is always maintained and continuously reconciled," he explains in an email interview.Mike Rose, data and analytics director at technology research and advisory firm ISG, notes that a GitOps framework ensures that the entire system -- including infrastructure, applications, and configurations -- is described in a consistent manner within Git, allowing for consistent, repeatable, and auditable changes across environments. "It enhances transparency and traceability and significantly reduces the risk of configuration drift between the desired state and the actual state of the infrastructure." he states via email.Peele adds that the approach not only enables continuous integration and deployment, but also provides version management and rollback capabilities, which are crucial for maintaining consistency and reliability in infrastructure management.Related:GitOps in ActionGitOps implementations have a significant impact on infrastructure automation by providing a standardized, repeatable process for managing infrastructure as code, Rose says. The approach allows faster, more reliable deployments and simplifies the maintenance of infrastructure consistency across diverse environments, from development to production. "By treating infrastructure configurations as versioned artifacts in Git, GitOps brings the same level of control and automation to infrastructure that developers have enjoyed with application code."Rose states that GitOps reduces manual errors, allows increased deployment frequency, and generally improves overall system reliability. "Probably one of the most valuable but intangible benefits of GitOps is its ability to foster closer collaboration between development and operations teams as both groups work from the same set of Git repositories to manage application code and infrastructure configurations," he says. "This alignment will accelerate the feedback loop between development and operations."Related:GitOps will have a significant impact on infrastructure automation, Peele predicts. "By providing consistency, version control, continuous deployment, reduced configuration drift, and enhanced security and compliance, GitOps is a game changer in software development and deployment practices," he says. "It enables peer review for configuration changes and allows developers without prior operations experience to control their application's deployment."Multiple BenefitsGitOps' primary benefit is its ability to enable peer review for configuration changes, Peele says. "It fosters collaboration and improves the quality of application deployment." He adds that it also empowers developers -- even those without prior operations experience -- to control application deployment, making the process more efficient and streamlined.Another benefit is GitOps' ability to allow teams to push minimum viable changes more easily, thanks to faster and more frequent deployments, says Siri Varma Vegiraju, a Microsoft software engineer. "Using this strategy allows teams to deploy multiple times a day and quickly revert changes if issues arise," he explains via email. "This high deployment velocity accelerates releases, allowing teams to deliver business impact quicker."Related:Since infrastructure state is defined in code and stored in Git, static analysis can be performed to detect security misconfigurations, Vegiraju says. "This approach helps enhance the overall security posture by identifying and addressing potential vulnerabilities early."Rose reports that ISG research shows that an environment using GitOps -- along with complementary AI Ops improvements -- can see a productivity efficiency of at least 30% over a two-year time horizon.Top AdoptersGitOps is most likely to be adopted by enterprises that focus on automation and consistency, Peele says. "The peer review nature of GitOps lends itself to companies that are focused on compliance, requiring multiple reviews of any application configuration or deployment changes."Enterprises with cloud-native environments, and those heavily invested in DevOps practices, are also likely to adopt GitOps, Rose says. "This includes any organization prioritizing rapid, reliable software delivery and infrastructure management," he notes. Such enterprises often have a high rate of change in their infrastructure and applications, making the version control and automation aspects of GitOps particularly valuable.Enterprises undergoing digital transformation or moving toward microservices architectures are also prime candidates for GitOps adoption, Rose says. He notes that Gits "single source of truth" aligns well with container orchestration platforms, such as Kubernetes, making it especially attractive for organizations using such technologies.Possible PitfallsWhile GitOps offers numerous benefits, many new adopters face obstacles. "The significant challenge is the steep learning curve for teams unfamiliar with Git or DevOps concepts," Rose says. "This can lead to initial productivity slowdowns and may require a substantial investment in training and upskilling."GitOps requires a deep understanding of the organization's current IT infrastructure and applications, as well as advanced knowledge of Git, Peele warns. "This can be daunting for teams that are new to these concepts."Small organizations with simpler infrastructures may find GitOps adds unnecessary overhead, since the complexity of managing a GitOps pipeline may outweigh the benefits, Vegiraju says.Looking ForwardAn important emerging trend is the increasing intersection of GitOps and AIOps. "This convergence is leveraging AI and machine learning to enhance automation, predict issues, and optimize infrastructure management within the GitOps framework," Rose says. He notes that AI algorithms can analyze Git commit patterns to predict potential conflicts or issues before they occur or to optimize deployment strategies based on historical performance data.About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Carrie Pallardy, Contributing ReporterJanuary 6, 20257 Min ReadNicoElNino via Alamy Stock PhotoCybersecurity leaders always have a lot on their minds. What are the latest threats to their enterprises? What emerging technologies can bolster their defenses? How can they secure the necessary talent and the budget? Whats on the regulatory horizon?As 2025 begins, InformationWeek spoke to four leaders in the cybersecurity space about some of the biggest issues on their minds.AI-Fueled Threats and DefenseAI was on everyones lips in 2024, and there is every reason to expect that this technology boom will continue to be top of mind in 2025.AI makes threat actors more prolific and sophisticated. They can use it to automate large-scale attacks. They can make phishing lures more convincing. Deepfake audio and video continue to improve, making them harder to spot. In 2024, scammers effectively manipulated a finance worker into paying them $25 million, thanks to a deepfake video conference.The same powerful capabilities of AI are, of course, being applied on the defensive side. AI-driven automation, for example, speeds threat detection and frees up analysts time for more complex work.But AI has myriad use cases. In addition to cybersecurity threats and defensive tools, this technology is being applied up and down the technology stack. Cybersecurity leaders must think about the security implications of AI throughout their enterprises.Related:We are seeing a lot of projects moving [forward] and it sort of feels like security is being asked to follow behind the business and reduce the risk after the fact, says Patrick Sullivan, CTO, security strategy at Akamai Technologies, a cloud computing and security company.Insider ThreatsIn 2024, KnowBe4 hired a North Korean hacker to fill an open IT position. The cybersecurity company recognized the insider threat early on, before the person was even onboarded. But this is not an isolated kind of threat.Aggressor nation states will continue to use this kind of approach to infiltrate US companies and critical infrastructure providers, whether to steal intellectual property and data or to cause disruption to essential services.We're really seeing a need now for advanced controls in that talent acquisition process and in our ongoing insider threat monitoring programs to be able to mitigate against these new kinds of attacks that are out there, Sharon Chand, principal of cyber risk services at consulting firm Deloitte, asserts.Escalating Geopolitical TensionsThe escalating geopolitical tensions across the world play out, in part, in the cybersecurity space. Nation state-backed threat actors and hacktivists targetorganizations in the US and across the world in the service of political goals.Related:The UK rangalarm bells regarding Russias ability to conduct cyber-warfare on British businesses, BBC reports. US Cyber Command warns of Chinas ability to disrupt US critical infrastructure in the event that conflict erupts between the two countries, according to Reuters.Disruptive CyberattacksThis year is set to be a record for ransomware payments, and blockchain data platform Chainalysis points out that big game hunting is a big driver.Sam Rubin, senior vice president of Unit 42 consulting and threat intelligence at cybersecurity company Palo Alto Networks, tells InformationWeek that attacks that cause crippling business disruption are on the rise.These disruptive attacks especially for large organizations that have a big role in the economy or in their market are becoming the target and a way for the threat actors to get very large multimillion-dollar pay days, he explains.Zero Day VulnerabilitiesIn November, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and a number of their partners released a list of the top routinely exploited vulnerabilities in 2023. Of the 15 top common vulnerabilities and exposures (CVEs), 11 were zero days.Related:Some of that is nation state actors. Some of that is ransomware operators. So, all adversary classes seem to be pivoting more toward zero days, says Sullivan.Third-Party RisksIn the summer of this past year, business at thousands of car dealerships was upended following two cyberattacks on a single software provider: CDK Global. The health care industry experienced a major disruption when Change Healthcare, a payment and claims provider, was hit with ransomware. The potential of another cyberattack with a massive ripple effect looms large in 2025.There's just so much so much dependency on third parties among lots and lots of companies and different industries. And, I think there will be a large-scale attack on a company that impacts not only that company but those [that] depend on it, says Ann Irvine, chief data and analytics officer at Resilience, a cybersecurity risk management company.As enterprises incorporate more third parties into their supply chains, more web apps and APIs are exposed, Sullivan points out. [Businesses need] to understand where those vulnerabilities emerge, prioritize them, and then have an efficient patching process to remediate, he urges.The Need for Integrated Security PlatformsThe market for security platforms and tools is massive. If you can think of a security challenge, there are probably a host of vendors clamoring to serve up a solution. But there is a movement to consolidate those solutions.We're seeing continued creativity of the bad actors coming into multiple different types of attack vectors, and historically, some of our defenses have been quite siloed in their ability to prevent [and] mitigate those kinds of attacks, says Chand. We're seeing the need for enterprise clients to really think about integrated security platforms.Networking company Extreme Networks surveyed 200 CIOs and IT decision markers, and 88% reported a desire for a single integrated platform that includes AI, networking, and security.Upskilling the Cyber WorkforceThe cybersecurity challenge shortage is an ongoing concern. Consulting firm Gartner predicts that more than half of cyber incidents will stem from a lack of talent and human failure by 2025.In addition to filling roles, enterprises are also tasked with the prospect of upskilling their current cybersecurity talent. As threats evolve, in no small part due to AI, cybersecurity workers need to be able to keep up.And AI isnt the only area where cybersecurity teams will need to sharpen their skills. I do expect to see more and more attacks in that OT environment. So, we're going to need more and more humans that are focused on understanding and mitigating those attacks in the enterprise, says Chand.A Maturing Cyber Insurance IndustryInsurance is a big consideration for enterprise leaders wrangling with the management of cybersecurity risk. S&P Global anticipates that cyber insurance rates will continue to increase and the terms and conditions for policies will tighten. The market research company predicts premiums will increase 15% to 20%, hitting $23 billion by the end of 2026.Irvine points out that the cyber insurance space is still growing. As it matures, it has the opportunity to influence cybersecurity practices. The insurance industry is just going to continue to mature and demand good practices, which are good for their bottom line but also ultimately good for their customers, she says.The Spotlight on Security LeadersCISOs are increasingly being looked to as strategic enterprise leaders. The transition of the role is out of the IT tower into the boardroom to speak the language of risk, to speak the language of business and to help be a driver for that enterprise, says Rubin.In Deloittes The Global Future of Cyber Survey, about one-third of respondents reported that CISO involvement in strategic conversations increased over the past year.Boards and C-suites may be becoming more aware of the importance of cybersecurity, but there are personal liability concerns among CISOs. The 2024 Voice of the CISO report from cybersecurity company Proofpoint found that 66% of global CISOs are worried about their personal, financial, and legal liability.In recent years, there have been examples that fuel those concerns. Joseph Sullivan, the former chief security officer of Uber, received probation and a fine for his role in a 2016 data breach. The Security and Exchange Commission (SEC)filed a lawsuit against SolarWinds and its CISO Timothy Brown over 2019 cyberattacks that impacted the US government. A judge dismissed most of the charges, but it does not completely erase the possibility of personal liability for CISOs.A New AdministrationAs enterprise leaders consider the outlook for 2025, the incoming Trump administration is definitely a factor. A change in federal leadership means potential changes to regulation. Trump is also likely to make changes to CISA, and he has been vocal about his intentions to repeal the Biden administrations AI executive order.I am paying attention to is this change in US federal government says Irvine. It really does matter, and things could change quite dramatically.About the AuthorCarrie PallardyContributing ReporterCarrie Pallardy is a freelance writer and editor living in Chicago. She writes and edits in a variety of industries including cybersecurity, healthcare, and personal finance.See more from Carrie PallardyNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Andy Tay, Global Lead, Accenture Cloud First January 6, 20255 Min Readadempercem via Alamy StockWe seem to have entered a brave new world. A world being redefined by technological innovations at the speed of light, changing our reality and exerting a centrifugal force on companies. Generative AI is the new engine powering these innovations -- much like electricity once sparked the industrial age. Its reinventing processes, businesses, and entire industries at an unprecedented pace. Recent research from Accenture found that nearly all organizations (98%) now see technology as their top tool for reinvention, with 82% identifying generative AI as the driving force behind this shift.But to succeed, generative AI needs a robust digital core, built on a continuum of cloud capabilities across the enterprise, that integrates a secure digital foundation and digital platforms and creates seamless data and AI connections. All of this comes together through innovative engineering principles, and powers reinvention like an engine propels a car.The benefits are immediate and significant. Our research found that organizations with an advanced digital core, investments in strategic innovation, and a balanced approach to their technical debt achieved 60% higher revenue growth rate and 40% higher profits.Technical debt -- the accumulated cost of outdated technology -- is an important element to track and manage. As companies rush to adopt AI-driven innovations, technical debt grows alongside. But when used appropriately, generative AI can be a vehicle for remediating tech debt as well as minimizing tech debt creation. Related:The Cost of Technical DebtImagine a software engineer racing against an impossible deadline. To get the code into production by months end, the engineer skips error handling and documentation, cutting every corner to deliver something functional. This might seem like a quick win, but with each shortcut taken, the future cost mounts: Code becomes harder to maintain as errors pile up, and flexibility erodes. As new updates or fixes are needed, that initial debt goes into overdrive, slowing down progress and dragging innovation to a crawl.The cost of maintaining rushed decisions and outmoded systems is enormous. In the US alone, the price of technical debt has climbed to a staggering $2.41 trillion annually. This goes beyond a financial drain; it clogs IT systems, limits agility, and hinders innovation. Generative AI, while transformative, adds complexity to tech debt as companies integrate it with legacy systems that may lack the compatibility and security necessary to manage both human and AI interactions.Related:But technical debt doesnt have to be inherently negative. Even when it is an inadvertent means to an end, it can be balanced. We found that investing about 15% of the IT budget in debt remediation is the most effective way to sustain a modern digital core, while continuing to focus on innovation.3 Ways To Drive Down Tech DebtLooking beyond, the pace and proliferation of tech innovations, and therefore technical debt, calls for new and strategic approaches to strike a balance and enable reinvention.Heres how leaders can act today:1. Focus on the principalEffective management of technical debt begins with focusing on the principal -- the outdated technology that directly impacts current operations. Tracking and tackling principal debt first helps prevent interest costs, which accrue as organizations use workarounds and quick fixes to maintain outdated systems.For instance, Correios de Portugal (CTT), Portugals national postal service, addressed its technical debt by migrating to a hybrid, cloud-first infrastructure. CTT worked with Avanade, a joint venture between Accenture and Microsoft, to enhance and modernize its digital core. Just migrating to the cloud reduced costs by 15% and provided the flexibility to scale capacity up or down as needed. By focusing on the principal debt through a targeted cloud strategy, CTT was able to reduce technical debt while simultaneously enhancing operational agility.Related:As an essential part of a digital core, a cloud-first strategy will consolidate and optimize workloads, add flexibility and innovation capabilities, and cut costs in the process. Cloud-native practices such as pervasive automation, microservices, and continuous delivery can build systems that remove silos and remain consistent across a hybrid, multi-cloud estate.2. Create an inventory and trace debt to sourceBuilding a clear inventory of tech debt allows organizations to trace its origins and impact across code, architecture, data, and processes. This comprehensive inventory makes it easier to prioritize updates based on potential business value and technical risk. For instance, a major benefit of migrating to cloud as it relates to technical debt is that you can transfer some responsibility for handling technical debt -- such as patching -- to the cloud provider who can do it more consistently and more efficiently.Mondelz International demonstrates the value of this approach. Mondelz faced a complex IT environment with over 1,000 applications, creating inefficiencies and driving up operational expenses. Accenture worked with Mondelz to conduct a full assessment of each application, identifying those that were outdated or redundant, and charting a roadmap for remediation. This initiative has significantly lowered Mondelzs total cost of ownership, allowing the company to refocus resources on innovation.3. Use the right metricsYou cant manage what you cant measure, especially key if there are compliance requirements from sovereign clouds or intelligence from edge networks. Effective technical debt management relies on measurable insights, with metrics like technical debt density -- such as cost per line of code --providing a clear view of code health. Tech debt is not always a bad thing. If your tech debt remediation budget is increasing and your innovation and the business value you are delivering is outpacing that debt, thats a positive sign of the success of your strategic efforts.Being Reinvention ReadyAs generative AIs adoption continues to scale, companies need to actively manage their technical debt to prevent it from ballooning, especially relevant in modernization across public, private, hybrid, and multi-cloud options. Organizations that build their digital core, boost innovation, and focus on these three actions to balance tech debt can achieve remarkable results in streamlined operations, new opportunities, and revenue growth.The writing is on the wall: In todays fast-paced environment, a future-ready mindset is crucial. Its essential to scale GenAI securely, responsibly, cost-effectively, and in a manner that delivers real business value. Its time for C-suite leaders to think bigger, modernize across the enterprise, and employ a controlled, intentional reinvention strategy that leverages new technology capabilities to achieve not just faster outcomes, but better ones.About the AuthorAndy TayGlobal Lead, Accenture Cloud First Andy Tay leads Accenture Cloud First, comprising of a global team of 130,000+ skilled cloud experts focused on helping enterprises harness the full power of cloud to accelerate business value.See more from Andy TayNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

About the Role:This is a full-time technical customer support position. We primarily communicate with our customers through email and to a lesser extent by video call.A normal support ticket here is equivalent to an escalations ticket at another company, so if you love a challenge and you're inherently curious to know more, this is the job for you.About You:You love to research and your analytical and written skills are top-notch.Obstacles are not roadblocks to you; they are challenges to be figured out. Youre a problem solver who likes to find solutions rather than waiting to be told what to do.Youre not afraid to ask questions, are comfortable admitting your limitations, and see your gaps in knowledge as opportunities to grow and not flaws.Youre comfortable finding your way around a new software program.Youre someone who can be self-directed and thrive in a remote environment.You appreciate the balance between fun and professionalism.Youre collaborative and thrive on sharing your thoughts, ideas, and problem-solving strategies with a diverse team.Youre receptive to feedback and can appreciate a gentle no, with multiple redirections until you arrive at a solution with a firm and confident yes.Youre looking for stability in your career and gaining several years of experience before looking to grow in any other direction.RequirementsMinimum 2 years of working directly within email-based technical support in SaaS or combined technical and writing experience. Bonus points if youve already worked in a remote e-commerce role!Extensive experience troubleshooting complex software issues.The ability to concisely explain technical concepts in a non-technical way and a passion for meeting customers where they are in their tech knowledge.Fluency in both written and spoken English.The ability to work between Pacific Standard Time (US) hours of 9am to 6pm permanently, regardless of your physical location.Preferred skillsExperience troubleshooting APIs, JSON, and utilizing application log analysis.Sound knowledge of key data flow/transfer protocols such as SFTP and FTP.Experience with rule-based automation and complex settings.Experience helping new users implement SaaS applications in a B2B environment.Order Desk is committed to breaking structural barriers within our hiring process and driving fair hiring practices in our workplace. Women and underrepresented minorities (URMs) continue to be underrepresented within our industry. Research has shown women and people of color disproportionately do not apply for jobs where they do not meet 100% of the requirements.Regardless of whether or not you identify as one of these groups, if you meet most of the technical requirements and this role aligns with your career goals, then we encourage you to bet on yourself and apply!BenefitsThis is a full-time position. The salary range for this role is $55,000 - $58,000 USD/year. We base our offer on your skills, experience, and role alignment.Our international team members are hired as contractors but considered full-time, permanent members of our team.We offer our team members benefits like flexible time off, paid parental leave, access to wellness and health services, and a technology upgrade program to ensure everyone has all the tools they need to successfully perform their role!We meet up once a year for a company retreat. So far weve been to the U.S., Mexico, and Vietnam!To ApplyWe value authenticity and encourage you to let your true voice come through. Instead of a cover letter, we've provided specific questions for you to answer honestly. This allows you to showcase your skills and experience in your own words, without relying on tools like AI to speak for you. We believe in the strength of human creativity and individuality. Let us know what sets you apart and why you're the ideal candidate for our team!Please note: Candidates who are detected using AI tools will be disqualified.There are a few steps to our application process:Application QuestionsFollow-Up QuestionsSkills TestVideo ResponseInterview(s)If you are moved to the next round, we will contact you to let you know next steps.This process usually takes a few weeks from start to finish, so our tiny hiring team appreciates your patience while we review each application. We will follow up with everyone who applied by the end of this process.*If you havent heard from us within two weeks, please get in touch with us!

We're looking for a senior rails developer to come work with us at WodBoard WodBoard is gym management software that helps gym owners run their businesses and helps their customers, the gym members, live healthier lives. The brand name won't make any sense unless you've walked into a functional fitness gym before so I'll move swiftly on...We're a bootstrapped company so there's no VCs to answer to. That doesn't mean we're not ambitious though - there's a massive market we're going after and we want to create lasting change. As a combination of these two things we've a heavy focus on getting stuff done.Our development ethos could be best described as "full DHH". Whilst there's some bits we don't 100% agree with we stick to the core Rails ethos and stack, focussing on what we can achieve with the technology, rather than the technology itself. If you've enjoyed some of the blog posts on how Basecamp structure code, or enjoy the work of boringrails.com, you'd like working with us.We're a small (but mighty) tech team of 3 so you'll be jumping straight in and writing code for customers from day 1. There's also infrastructure/UI work/mobile app development work that happens and you can become involved in if you so wish. The role has the opportunity to build into a CTO role for the right person.A little more about the role and us:It's really refreshing using technology to do something that helps people in a real world tangible way. Changing lives and increasing health through technology is very motivating!We love simplicity. We're fanatical about it. This goes from our codebase, to our infrastructure, to how we operate as a company. It can be harder work upfront but it sure makes life easier down the road.You'll need strong ownership skills. As a small team we don't have project managers. You're responsible for your tasks so you'll need to be good at taking ownership and reporting back to the team.An ability to renegotiate requirements as you get into the technical details is most welcome! In Computer Science there's hard problems and hard problems that don't need solving. We are constantly asking ourselves if there's an easier way to do something.We spend a lot of time talking to our customers and understanding their problems. This won't ever change. Be prepared to go back and evaluate previously held assumptions on new features after testing with beta customersThe position is fulltime and by no means do you need to be into health/fitness to work here (only about 50% of our staff are). It's fully remote position but you'd need to be on an EU timezone so there's sufficient overlap with the rest of the team. We also do a full team meetup in person twice per year.