April 29, 2016

Cyber security in Belgium will gain prominence after terror attacks

There is some good news for the country’s cyber security. Belgium is one of the countries least affected by online banking trojans.  And there is a very good reason for that, according to Eddy Willems, security evangelist at Gdata Software. “Most Belgian banks use advanced authentication system, which makes it more difficult for cyber criminals to obtain the required authentication details to get entrance to the victim’s bank account,” he said. ... Not such good news for Belgium is that it and the other Benelux countries, the Netherlands and Luxembourg, have seen a dramatic increase in the number of ransomware incidents. More incidents have been reported in February 2016 alone than in the last six months of 2015, according to research by security supplier Trend Micro.


In the digital enterprise, everyone is a security newb

In the digital enterprise, protecting critical data has changed. Communication is the missing ingredient because security teams don't have the information they need for the other business leaders who are focused on different objectives, like sales goals or the customer experience. "Those department heads are so concerned about keeping their own systems up so that they can continue bringing in revenue, that they overlook security. For example, the managers of a POS system do not want to have their IT guy take the system offline for an hour to fix a patch during Black Friday," Stolte said. In order to best defend against the threats of malicious actors, leaders across all departments need to become more security savvy. "Line of business and application owners, those who manage assets that contain valuable information, must first recognize that the information they manage is of high value and they must communicate with the security team," Stolte said.


IT performance management pegged for increase of virtualization tools

"There are [fewer] IT organizations using cloud services than everybody expects," said Edward Haletky, CEO and principal analyst for The Virtualization Practice LLC. There has been a large increase in shadow IT, wherein cloud services are purchased ad hoc by workers, but since IT pros are not involved with these unknown services, they aren't factored into decisions about what management tools to buy. Many companies have just started to branch out into the cloud. MetLife Insurance, for example, started with development platforms and has moved to putting new and some existing apps in the cloud, but most of its IT operations are still in owned and hosted data centers, according to Tony Granata, assistant vice president of capacity performance & monitoring engineering at the New York-based insurer.


Rip up the script when assembling a modern security team

Hiring analysts who’ve worked at the same companies or attended the same schools means you may end up with a team that approaches security issues in a similar manner. If they all think alike, they’ll probably miss the same security blind spots. ... look for people who have worked in different companies and industries and have experience fighting a variety of threat vectors. Ideally, your team will include someone with either a military or government background. They’ll have a completely different way of looking at security, forcing your company out of its comfort zone. Military personnel are often familiar with nation-state attacks and malicious intent and understand how complex offensive operations work. And with hackers launching advanced attacks against companies, people who have experience dealing with these threats can apply their knowledge to defend a business.


Don't overlook these two hidden risks to your corporate data

The data your SMB partners have in hand may seem minimal, but it's still critical corporate data. Contact information and services rendered may be valuable to an individual who hacks the SMB's network. As an InfoSec professional, you know what measures you have in place—but what about the SMB? The extent of its security depends upon available resources and what's affordable for it to implement. ... When it comes to internal colleagues exposing sensitive corporate data, it's all about timing and pulling the emotional strings. Along with having the technical skill set to spoof a business's email address, the attacker executed the data breach beautifully by understanding the time of year and knowing who to target at a busy time. The accountant's inbox was potentially flooded with deadline notifications and requests, which created a stressful environment. This makes for an easy target.


The Holistic Approach: Preventing Software Disasters

Understanding each kind of source code and scripts, interpreting the configuration files, evaluating the value of variables throughout the execution cycle for finally piecing all these findings together and reverse-engineering the system blueprint gives CIOs an “X-Ray view” into the inner workings of their organization’s software systems and empowers the CIO to make data-informed decisions to fortify overall software quality. ... But looking at the unit-level source code is not everything, it’s just the beginning - specifically with modern architectures where loose coupling between the different layers is a must. Hence CIOs must also X-Ray the “glue” between software layers and components, which is sometimes defined in configuration, property files or annotations stored directly inside the source code files


10 Free Tools For API Design, Development And Testing

The rise of RESTful APIs has been met by a rise in tools for creating, testing, and managing them. Whether you’re an API newbie or an expert on an intractable deadline, you have a gamut of services to help you get your API up and running quick, and many of them won’t cost you a dime. Following is a sampling of free services for working with APIs: load testers, API designers, metrics collectors, and much more. Some are quick and dirty applications to ease the job of assembling an API. Others are entry-level tiers for full-blown professional API services, allowing you to get started on a trial basis and later graduate to a more professional level of (paid) service if and when you need it.


Is There a Need to Redesign Cyber Insurance?

As insurers increasingly focus on operational risk — that is, failure due to systems, processes, people and external events — as a key element of managing their capital adequacy and solvency, how will the regulators and insurance commissioners view the potential increase in the risk of someone infiltrating an insurer’s own site through some form of remote device? Overall, there seems to be agreement that prevention is better than cure, but where cyber crime happens, it is critical that companies carry appropriate insurance cover. Cyber insurance cover has been around for a decade or so, but as cyber crime has developed, then doesn’t insurance cover also need to mature? With policies provided by some major insurers giving cover to $100m, isn’t it time to think about whether this is enough?


You'll soon be using GPU as a Service

As an example of this new wave, AMD and AP are collaborating to bring immersive experience to news and storytelling. This can significantly enhance the ability to get information to content viewers, while also providing a more concise way to impart information, including the ability to see multiple perspectives, exhibit full dimensional accuracy, get a better sense of time, etc. Although still a niche market, this will help accelerate the adoption of VR clients. In addition to VR clients, the need to process immersive information means that there will be a significant need for high performance graphics processors -- not only at the individual server level, but available as an on-demand service based in the cloud. GPUs as a Service will expand greatly over the next 2-3 years, and will eclipse the PC GPU market in sheer numbers of units.


Production Like Performance Tests of Web-Services

Tests should always keep the end user view in mind to ensure that the software meets with acceptance on the part of the users. But how to test web services which are not directly customer-facing, and in particular, how to performance test them in a meaningful way? This article outlines performance test approaches that we have developed and proven to be effective in the company HERE, which is a leading location cloud company.  ... Tests should be created with knowledge regarding the end user so that they are effective and risk-based. Because of this factor, as well as release techniques such as canary releases and feature toggles, the line between tests run prior to the release and of the released software on production becomes blurred.



Quote for the day:


"Fear causes hesitation and hesitation will cause your worst fears to come true." -- Patrick Swayze