October 26, 2016

Tech Bytes - Daily Digest: October 26, 2016

Advanced use cases for repository pattern in .NET, Everything we know about the great Indian debit card hacking, Integrating hotel systems can create hacking liabilities, Best practices for securing your data in motion, Cyber security staffing issues may be putting you at risk and more.

7 Deadly Sins of Project Management You Should Never Commit

The biggest blunder that can derail your project is selecting the wrong person as your Project Manager. According to American Eagle Group data, around 80% of Project Managers lack formal training, which is one of the major reasons why 55% of projects fail. On the other hand, a Standish Group CHAOS report revealed that Project Managers equipped with formal training have a success rate of more than 70%. This goes to show the importance of trained Project Managers and how it could increase your chances of completing your projects on time and within the budget. Select a Project Manager whose experience and skills coincide with your project management requirements. On the other hand, a Standish Group CHAOS report revealed that Project Managers equipped with formal training have a success rate of more than 70%.

Advanced Use Cases for the Repository Pattern in .NET

When designing a repository, you should be thinking in terms of “what must happen”. For example, let us say you have a rule that whenever a record is updated, its “LastModifiedBy” column must be set to the current user. Rather than trying to remember to update the LastModifiedBy in application code before every save, you can bake that functionality right into the repository. ...  Normally repositories are context free, meaning they have no information other than what’s absolutely necessary to connect to the database. When correctly designed, the repository can be entirely stateless, allowing you to share one instance across the whole application. Context aware repositories are a bit more complex. They cannot be constructed until you know the context, which at the very least includes the currently active user’s id or key. For some applications, this is enough.

Everything we know about the great Indian debit card hacking

The data breach happened in August and September, according to the Mint newspaper. But the banks apparently weren’t aware, several bankers told Mint. This is the list of all of those involved: bank customers, 19 Indian banks, the NPCI, Hitachi Payments Systems, Mastercard, Visa, RuPay. But they are all shirking responsibility for the mess. Most banks, including SBI, HDFC Bank, and ICICI Bank, have said their systems are safe. The platforms these banks use for debit cards—Mastercard, Visa, and Rupay—have also washed their hands off the crisis. Hitachi Payments Services, which managed Yes Bank’s ATMs, said that an initial review “does not suggest any breach/compromise.”

Integrating hotel systems can create hacking liabilities

Integration. It’s one of the industry’s biggest buzzwords for streamlining operations. With everything on property collecting data and providing options for interaction, wouldn’t it be nice if every device collaborated? It’s the dream of many operators to have a property that is running fully in-sync, but Shaun Murphy, communications security expert, inventor, CEO and co-founder of communications app SNDR, said the persistent threat of data breaches may be reason enough to question which devices on property are working in tandem. “During a breach, the worst-case scenario is that all your systems are integrated,” Murphy said. “From your point of sale to your soda machine, at that point you are losing not only financial information, which you have to disclose, but other confidential information as well.”

How Big Data Is Changing Recruitment Forever

Dana Landis, vice president of global talent assessment and analytics at Korn Ferry, said “When you’re talking about big data you’re talking assessing millions of people all over the world, so you need self-assessment. We’ve designed our tools to take out a lot of the problematic aspects of that – instead of being able to rate yourself high on all the good things and low on all the things that sound bad, you’re forced to make really difficult decisions based on ranking and prioritizing your skills.” Moving their assessment process to an online, self-assessment model has greatly increased the volume of candidates that Korn Ferry has been able to assess. This further increases the size of the dataset used to measure candidates’ suitability. By comparing their individual profiles against amalgamated profile data from people who have proven themselves successful in similar job roles, a more accurate picture of the skills a person will need to succeed in a particular role emerges.

Best practices for securing your data in-motion

Data in-motion has to contend with human error, network failures, insecure file sharing, malicious actions and more. In today’s economy, almost every business has data that needs to be transferred outside protected business applications and systems to enable collaboration between co-workers, users, systems, partners and more – so simply not letting data be shared is not an option. To remediate the security risk that’s inherent with sending data outside of your walls, companies must accept the reality of data insecurity in-motion and take proactive steps to prevent an expensive and embarrassing data breach. The first step is to accept that your company data, including sensitive data, is being sent insecurely via shadow IT. When IT isn’t involved with how data is being transferred, there are critical disadvantages, which often trigger other serious issues

Intel wants to make its IoT chips see, think, and act

Intel is working to help machines evolve from accurately sensing what’s going on around them to acting on those senses. For example, if a device can see defective parts going through an assembly line, it can alert someone or even stop the line. Cameras in cars could see that the driver is drowsy and set off an alarm in the car, and ones pointed in front of the vehicle could tell a pedestrian from a shadow and stop the car – if its vision was accurate enough. ... The new chips are also better at capturing and processing images. They have four vector image processing units to perform video noise reduction, improve low-light image quality, and preserve more color and detail. In a networked video recorder, an E3900 could take 1080p video streams from 15 cameras and display their feeds simultaneously at 30 frames per second on a video wall, Caviasca said.

Agile Manufacturing: Not the Oxymoron you Might Think

Industry 4.0, digital manufacturing, agile manufacturing, “digital thread”—these are all terms that describe the way we are making some things now and will make almost everything in the future. ... Digital manufacturers are organizing from an outside-in mindset that starts with the customer, and looks to deliver creatively on market opportunities, whatever they happen to be, however they will be delivered, and whoever will deliver them. Profits are seen as the consequence of providing value to customers, not the goal of the firm.  Soon, when you walk into your mechanic’s shop to replace a broken fender, he will not need to order the replacement part from overseas and call you back in three weeks. He will take some measurements, step to an attached room with a 3D printer and make your new fender on the spot, revised to attach more firmly and with accent trim to update the style.

Cybersecurity staffing issues may be putting you at risk

Chances are you already have future security pros within your own ranks -- it would stand to reason that businesses have turned to internal talent to find cybersecurity experts. But, according to the data from Spiceworks, that's not necessarily the case. When asked how willing they would be to invest in IT training for 2016, 57 percent said they were "somewhat open, but it would take some convincing," while only 6 percent said they were "extremely open" and had already made investments in training. "Smart people within your own ranks have the huge advantage of already knowing the context of the enterprise to be protected. By using in-house staff, you can save on the time it takes to teach them the context of the enterprise," says Ryan Hohimer, co-founder and CTO of DarkLight Cyber.

The QA Success Story: Where Business and Technology meet

Technology is playing an ever increasing role in the business cycle – influencing buying decisions, transacting through online platforms, integrating with payment channels, collaborating with partners in co-creating and delivering products / services, and being evaluated by the customer across multiple touch points. The exceptional visibility of technology across customers, partners and stakeholders has brought greater focus onto non-functional user experience dimensions – usability, performance, security, inter-operability, and response times. The ability of technology to dis-intermediate and bring businesses closer to the customer is seeing an explosion in platforms targeting the Cloud, leveraging Social Media and Analytics and delivering services on the Mobile.

Quote for the day:

"Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets." -- Mark Berven

October 25, 2016

Tech Bytes - Daily Digest: October 25, 2016

Massive DDos attack spotlights internet choke point, 60% of smaller companies that suffer a cyber attack are out of business within 6 months, Taking value-chain perspective on innovation, The toil of technology: MNC leaders struggle more than most, Hackers changing tactics techniques & procedures and more.

Calling disruptive fintech entrepreneurs

“With the value of financial technology investments climbing dramatically over the past decade, fintech has clearly become mainstream," said Maria Gotsch, president and CEO of the Partnership Fund for New York City. “Now in its seventh year, the FinTech Innovation Lab has become embedded in the entrepreneurial and financial services ecosystem in New York City, helping drive job growth and building on its rich concentration of tech talent, financial expertise and close proximity to some of the world’s largest financial institutions. "The connections made through our programme enable tech entrepreneurs to closely engage with these top financial institutions and accelerate growth.” The success of the FinTech Innovation Lab in New York has led to the founding of three other FinTech Innovation Labs around the world in London, AsiaPacific and Dublin.

Massive DDoS attack spotlights internet choke point

The big question hovering over the incident is why go after a DNS provider that supports sites popular with millennials, according to Sirota."People aren't just trying to make millennials life a little bit hard. There must be some alternative." DDoS attacks can serve as cover for other malicious actions. It is also possible that the attack was an experiment used to test a new mode of attack. "Is the intention to just try out a new way of hijacking unattended devices, like TV monitors and turn them into zombies that drive traffic? Is the intention to use the attack as a distraction so that these companies like Shopify aren't necessarily paying attention to other parts of their infrastructure? It's hard to say," Sirota said.

Ex-NSA Contractor Hoarded Two Decades' Worth Of Secrets

U.S. authorities are still reviewing the seized information, but they allege that Martin illegally held documents he had no need to see. "The case against the Defendant thus far is overwhelming," the filing said. In addition, Martin may have done little to securely store what he allegedly stole. "Many of the marked documents were lying openly in his home office or stored in the backseat and trunk of his vehicle," the filing said. Investigators didn't mention finding any direct evidence of Martin leaking the stolen materials to hackers or a foreign government. But the court filing said he easily could have transferred the information over the internet and concealed his online communications. Attorneys for Martin have rejected the allegations that he betrayed the U.S.

60% of small companies that suffer a cyber attack are out of business within six months.

The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million. Recent events have proven that nobody is safe from the threat of cybercrime – not large corporations, small businesses, startups, government agencies or even presidential candidates. Small and mid-sized businesses are hit by 62 percent of all cyber-attacks, about 4,000 per day, according to IBM. Cybercriminals target small businesses because they are an easy, soft target to penetrate.

Social Data: Revolutionising Identity Verification

Unnecessarily long and complicated ID checks, such as Knowledge Based Authentication (KBA) like “what is your mortgage value?”, or “how much did you spend on your last phone bill” often results in incorrect answers because who can remember their mortgage details, and who pays that much attention to know their exact last phone bill? These inefficient methods often mean customers, particularly in banking and telecoms, end up having to go into branch and spend a significant amount of their little ‘free time’ finding proof of address and their passport, heading into town, queueing, and finally verifying their identity. Even consumers who order online shopping to store (be it clothes, food, electronics) have to remember to bring ID when they collect it, feeling disappointed when they forget and there is no alternative but to come back another time, driving licence in hand.

Taking a Value-Chain Perspective on Innovation

After all, any technology that requires substantially new routines, new task knowledge, or new complementary resources also will require any organization that interacts with it to change its processes, human capital, or other resources, and know-how. ERP software, for instance, was notoriously difficult to implement, requiring significant “business process reengineering” and non-trivial interruption or duplication of key internal processes. When we look at how digital technologies affect business-to-business interactions, we can see a similar potential to enable or disrupt key processes. This time, however, the processes cut across organizational boundaries. My research therefore focused on how links in the value chain — particularly, customers — might impact the behavior of leading companies at the onset of technological change.

The Toil of Technology MNC Leaders Struggle More Than Most

Technology is only as effective as the confidence of the leaders using it—on this, MNCs fall short based on a wide range of indicators, shown in the graphic on the previous page. Only 60 percent of MNC leaders are highly confident leveraging technology to improve their workforce. Technology as a mechanism for providing leaders with information to aid their decision making to channel and derive value ..., with 66 percent of leaders highly confident using data to guide decisions. Technology methods used specifically for leadership development are, at best, unproven, and, at worst, squandered. Only 1 in 20 of all MNC leaders selected mobile-accessible development as one of their top-three most effective learning methods, while social networking and self-study online learning were scarcely more effective at 11 percent and 12 percent, respectively

Hackers changing tactics, techniques and procedures

“Our Q3 2016 report confirms that hackers are relentless and constantly employing new means to penetrate networks to steal confidential data,” said Rob Kraus, Director, Security Research and Strategy, NTT Security. “Organizations’ first line of defense is to determine where and how these attacks are taking place so they can deploy the most efficient and appropriate network security solutions to minimize their exposure and liabilities.” The report cites an increase in the type and sophistication of attacks during Q3 ’16 across a broad range of industries with finance being the most affected, followed by retail and manufacturing. Further, traditional hacking is being supplemented by other, more sinister attacks such as “direct cash back” models including ransomware and Business Email Compromise (BEC) attacks.

How to prepare yourself for the next DDoS attack

Admit it: Do you even bother keeping phone numbers anymore? Many modern relationships -- especially business relationships -- exist solely online: email, Facebook, WhatsApp and so on. But imagine last week's attack had been worse, rendering some or all of those tools useless. Now what? Time to go old-school: Make sure you keep an address-book entry for the important people in your life (personal and business alike), and make sure that entry includes multiple modes of contact -- including work, mobile and/or home phone numbers. Of course I'm referring to the address book on your phone, but there's nothing wrong with keeping a print version as well. It's just one more item to keep under the you-never-know umbrella. Speaking of phones, a DDoS attack might render yours inoperable -- if it relies on voice-over-IP technology.

Unum's Lynda Fleury Navigates Changing Security Environment

“Companies want to facilitate anytime anywhere access to anything from anyone through mobile technology. And with the adoption of cloud, we are extending pieces and parts of our network to areas outside of our control,” she explains. “We have shifted from the enforcers, to becoming the trusted advisors, educating business partners and IT advisers on what the technology landscape is.” Fleury, who began her career in IT security in the banking industry, came to Unum as an IT auditor in the mid-1980s. Since then, she has been credited with growing Unum’s security organization from the ground up, increasing the size profile of the team over time. Today, Unum’s IT security organization has more than 40 professionals in it.

Quote for the day:

"In the business world, the rearview mirror is always clearer than the windshield." -- Warren Buffett

October 24, 2016

Tech Bytes - Daily Digest: October 24, 2016

Why measure the value of an organization's information, AI can predict outcome of human right trials but shoud it, Everything you ever wanted to know about mobile payments, Rethinking marketing strategy in a digital economy, Flexible data architectures to help drive business needs, Testing for vulnerable IoT devices and more.

Why Measure the Value of an Organization’s Information?

Notwithstanding the real difficulty of measuring the "value of information" so that it can take its deserved place on a company's balance sheet, Mancini's second difficulty is the crux of the problem. The "value" of information, like the value of the structured and unstructured data that underlies it, is dependent on how the information is used. Sometimes that usage is planned. Many times information usage is unplanned or serendipitous. Plus, data and information can be used to support decisions and actions with negative outcomes as well as positive outcomes. Even if we restrict our definition of "value" to economic value, we are still faced with the need to define what we mean by "information" and "data." The metrics associated with their use would have to be reliable and repeatable. 

Where to find the world's best programmers

While Chinese and Russian coders perform well across many of the fifteen domains for which HackerRank poses challenges, it’s also worth noting that coders from specific countries excel in specific domains: Japanese coders are the best for artificial intelligence and Hong Kong produces the best Python programmers, while the best Ruby programmers are in Finland and Denmark is tops for SQL programmers. There are other surprises too. The best database programmers are from Switzerland, Ukraine produces the best security coders, Sri Lanka is the strongest for distributed systems, and France is tops for C++. Let's consider first why China and Russia produce such a wide range of skilled programmers. "One hypothesis is the way education in those countries is focused," says Heraldo Memelli, HackerRank's lead technical content manager.

Dyn DDoS attack highlights vulnerability of global internet infrastructure

An attack on the DNS directory system that resolves domain names into numerical IP addresses is a source of concern given it is a fundamental part of the internet’s inner workings. It highlighted just how vulnerable the internet really is, said Thomas Fischer, threat researcher and global security advocate at Digital Guardian. “It places more onus on the internet infrastructure providers to ensure their security is top of the field, and that they plan for large-scale disaster recovery scenarios,” said Fischer. Chase Cunningham, networks director at Cyber Operations, said: “It was an interesting point to see the bad guys are moving upstream for DDoS attacks on the DNS providers, instead of just against sites or applications.”

Cloud Security, AI, IoT Make List Of Hot Technologies For 2017

The Nucleus analysts pointed to the AI systems in the new HBO TV series,Westworld, or the older TV science fiction series, Humans, as representing what many people now think AI systems are capable of, or will be soon. "In practice, AI is far from reaching its potential," they warn. Vendors who actually offer AI will have it connected to machine learning and some form of human interface, whether audio, visual, or natural language. Google's AI system won the game of Go in March, a parallel IBM's Watson beating human contestants in Jeopardy! The win gave a glimpse of how far powerful AI systems can go. But there's "still a significant gap" between portrayals in science fiction and AI's accomplishments in practical settings on the ground.

AI can predict outcome of human rights trials, but should it?

According to the researchers, the language and topics of the cases were the most important predictors for determining the judgment. "The 'circumstances' section of the text includes information about the factual background to the case. By combining the information extracted from the abstract 'topics' that the cases cover and 'circumstances' across data for all three articles, an accuracy of 79% was achieved," the press release stated. The study, however, just looks at the official, text-based court statements—not the arguments in court. Toby Walsh, AI professor at the University of New South Wales, said he is "unimpressed." The outcomes, he said, are going to be predicted based on the summary of the judgement. Furthermore, even if the judgment were ignored, "the summary is going to be inherently biased towards the decision, focusing on evidence and law that supports the decision."

Everything you ever wanted to know about mobile payments [Infographic]

The world of mobile payments is a rapidly evolving one, with new players, new locations and technologies coming up faster and faster. Take Apple Pay for example. The tech giant’s payment service has only been around for two years, but its nascent OS payments, which was only launched last month, purchases made in-app and on websites via what it’s calling ‘OS-Pay’ (operating system pay) platforms will hit $8bn annually by 2018. With such rapid progress made, it’s always good to take a moment and take a snapshot of the industry and see how exactly these mobile payments work and who uses them. The infographic below, from Oberthur Technologies, does just that.

Rethinking Market Strategy In A Digital Economy

The convergence of market-oriented behaviors and new market rules are asking senior executives to reframe their overall market strategies. Knowing full well that reframing market strategies are tied to answering the questions of where the next area of growth will come from and what path they need to take to achieve growth. ... Affecting the development of market strategy is a multitude of market forces. Primarily driven by digital transformation. Movement from hosted environments to the cloud, the SMB market enabled by digital technologies to be on equal footing with large enterprises in their customer service capabilities, increase in mobile technology as a key touchpoint, an increase in executive decision-makers who want hands-on and daily interaction with critical applications – in essence becoming important users, and addressing omnichannel engagement.

Are your marketing pros ready to handle big data?

"As a marketer, it's harder than ever to get a complete picture of your audience. Their interactions are siloed by walled gardens, multiple devices per person or platforms strategically locking users in. Each one of those channels requires a customized strategy," says Platzer. The best thing a marketer can do to get around such challenges is to keep up on the latest trends, according to Platzer. He recommends that all marketers educate themselves on the most popular channels people are using on a daily basis to access content from. It's also vital to have a finger on the pulse of what the next best app will be -- like when Twitter came on the scene and completely changed the way people share and interact.

Flexible Data Architectures to Help Drive Business Needs

Some software vendors have identified the need to drive data architectures from the business and have built this capability directly into their tools, allowing users to map data entities together more easily, integrate processes, develop customized views and dashboards, etc. However, many such tools currently on the market are performing this technique using rather old hat methods. One such method is to utilize Entity Relationship Diagrams. ERDs depict the logical structure of one’s data as it would be used in a relational database. Therein lies part of the current problem – the world is slowing moving away from using relational databases for everything. NoSQL databases are on the rise. Graph databases have been in existence for some time. Unstructured data sources that utilize text extraction or natural language processing revolve more around terms and their usage within a domain of interest.

Testing for vulnerable IoT devices

Poor security is standard practice with IoT, but these devices are especially bad. Even if their web interface is used to change the default password, the devices have hard coded Telnet and SSH passwords that can not be changed.  Part of yesterdays DDoS attack against DYN came from the Mirai botnet, composed of assorted hacked devices that were using default passwords. Unlike pretty much every other article on this subject, I am not going to quote a spokesperson from a security firm saying that things are really really bad. Instead, I have some hopefully useful advice, a way to test if devices in your home (or office or wherever) are vulnerable to software attacks similar to the Mirai malware. It's far from perfect, but it's a step in the right direction.

Quote for the day:

"Insulate yourself from those who bully, lie, or steal. Don't let their selfish values infect you." -- Chris Edmonds