August 31, 2016

UAE infrastructure ministry upgrades IT to support smart government

“As a result of this project, we have also been able to bring our e-services back in-house, which were earlier hosted at a third-party datacentre. Now, all 23 services are available through our website and can paid for through e-dirhams or credit card. “We had the support of higher management, especially Abdullah Belhaif al Nuaimi, minister of public works, in achieving our goal of 100% small governance.”  The MoID’s datacentre and network upgrade project has won multiple independent awards. It is an example of how to harness the power of technology to improve customer service, enhance employee collaboration and keep costs in line.


How bitcoin was brought down by its own potential—and the banks

Bitcoin may be the platform on which this coming blockchain boom operates, or it may not. I imagine this will depend on some purely economic calculations being done by unfathomably vast and powerful financial institutions. In comparison to the almost $5 trillion traded on the international currency markets each and every day, bitcoin’s $10 billion market cap is next best thing to a rounding error. It could vanish entirely and only a small cadre of true believers (and high-end drug dealers) would even mark its passing. What does seem certain is that the revolution heralded by bitcoin now looks more likely to be transactional rather than transformational. Don’t get me wrong: I think bitcoin is a fundamentally useful thing. Its myriad advantages over fiat currency would seem to demand its widespread adoption.


How Cyber Security Pros Transition To Board Level Decision Makers

Many successful candidates were CISOs or CSOs with a cyber or IT background and a deep understanding of cybersecurity issues from a more technical point of view, he says. ... Candidates from the consulting or legal world who focused on cybersecurity were also successful in getting board positions, Comyns says. CEOs of cybersecurity companies who have moved on from those roles after acquisitions or IPOs have also become very interesting to boards, he adds. “These candidates also shared a strong business acumen that adds value to the board beyond the cyber topic. That’s always the tricky part,” Comyns says. “Finding a true, deep cyber-level expert and somebody who is a broad business leader and can communicate at that level with the board on other topics beside cybersecurity – that would always be first choice.”


Enterprise Architects “Know Nothing”: A Conversation with Ron Tolido

Because customer and business needs are constantly changing there really is no way to know what IT landscapes will look like in the future or what type of solutions organizations will need, Tolido says. Therefore, rather than asking clients what they need, IT must instead provide users an architected platform of services that can be mixed and matched to meet a variety needs, enabling business customers to go in any direction they want. As such, Tolido says Enterprise Architects in this emerging digital era are comparable to the character Jon Snow from HBO’s Game of Thrones—a character who is often told “You know nothing.” Like Jon Snow, today Enterprise Architects effectively know nothing because businesses have no idea what the future will hold, whether two days or ten years from now. With new business scenarios developing in real-time, architectures can no longer be painstakingly planned for or designed.


Global cybercrime costs will exceed $6T annually by 2021

"The lack of user awareness when combined with a significant uptick in criminal activity (and improved tactics) has given rise to a number of large scale private and public sector breaches that have resulted in a global epidemic of issues surrounding confidentiality, integrity and availability of data and services," he added. Ransomware attacks have risen a whopping 300 percent in 2016, the report found. And cybercriminals produced malware at a rate of 230,000 new samples per day in 2015. However, 2016 figures are predicted to be much higher. Even worse, a new zero-day vulnerability was discovered every day in 2015.


Devops and cloud: Great together, great apart

Most enterprises still use laborious processes for design, development, testing, and deployment of new and incremental software releases. And many claim they use those complex approaches because they are not yet ready to move to the cloud, which would be a catalyst for adopting devops. Yes, there's a synergy between devops and cloud computing. But one does not require the other. Devops is useful for any software development, not cloud deployments alone. Similarly, you can use different development models for the cloud, such as agile -- not only devops. Devops and cloud computing should be independent but complementary concepts. If you remember the old Reese's peanut butter cup commercials, devops and cloud computing go together like peanut butter and chocolate.


87 percent of IT execs think mobile apps are secure — they're wrong

According to several sources, between 54 and 84 percent of cyberattacks are occurring at the application layer. This data means that there are actual attempts to exploit these vulnerabilities. These types of attacks are only expected to increase due to the continued dramatic rise in mobile and IoT, and applications represent the soft, vulnerable underbelly for organizations. Devices have been shown time and time again to be vulnerable, from hospital infusion pumps to remotely-accessed automobile controls. The good news is that no catastrophic incidents have been prevalently reported. However, we are at a tipping point where there have been numerous wake-up calls for organizations to adapt their security strategies to be better prepared for the new wave of risks and threats that are in front of them.


Cyber threat grows for bitcoin exchanges

The security challenge for the bitcoin world does not appear to be letting up, according to experts in the currency. "I am skeptical there's going to be any technological silver bullet that's going to solve security breach problems. No technology, crypto-currency, or financial mechanism can be made safe from hacks," said Tyler Moore, assistant professor of cyber security at the University of Tulsa's Tandy School of Computer Science who will soon publish the new research on the vulnerability of bitcoin exchanges. His study, funded by the U.S. Department of Homeland Security and shared with Reuters, shows that since bitcoin's creation in 2009 to March 2015, 33 percent of all bitcoin exchanges operational during that period were hacked.


Swift warns banks of fresh wave of cyber heists

Elite cyber criminal groups are investing heavily in penetrating high-value payment platforms, high-value corporate and banking networks, and payment processes such as Swift. “Hackers targeting financial institutions are much more professional than they used to be,” said Troels Oerting, group chief security and information security officer at Barclays and former head of Europol’s European Cybercrime Centre (EC3). “They take their time, they look at the processes, they have good resources, they are very adaptive, and they are more dedicated to going after bigger prizes rather than going after easier targets with smaller prizes,” he told Computer Weekly. These elite groups typically use social engineering and spend a lot of time identifying who in a bank has privileged access to payment platforms to target them exclusively to steal their login credentials.


How can cities with 18th century infrastructure support 21st century life?

In Los Angeles, a simple move of switching the city’s street lamps to LED bulbs equipped with mobile sensors is saving the city $8 million a year. And most Americans probably recall the disastrous and deadly collapse of a bridge in Minneapolis in 2007—today the “smart bridge” that replaced it is outfitted with over 300 sensors that track temperature, vibration and possible corrosion, among other factors. Similar technology is being used in bridges across the US to anticipate similar tragedies before they can happen. Among transportation experts, mobility-focused digital innovations like apps that encourage car-sharing and microsimulations that predict travel demand are expected to be essential for the safe and efficient growth of the 21st-century city, as reported in a new study from EY.



Quote for the day:


“It’s okay that we’re not perfect...that we all have problems. It’s okay to cry, to show emotions” -- Marina Abramovic


August 29, 2016

Generation Blockchain’s Move To The Mainstream

As corporate lawyers, media executives, politicians, environmentalists, and mom and pop shops begin to harness and realize the power of the blockchain, discount online retailers are creating FinTech subsidiaries prompted by it. Panelist Judd Bagley, Director of Communications at Overstock.com, described the creation of their FinTech subsidiary, t0. t0 was established to bring greater efficiency and transparency to capital markets through the integration of blockchain technology. It was established after Overstock, one of the first online retailers to accept Bitcoin, recognized its power. Furthering environmental applications, are companies using blockchain to cater to farmers and sustainable agriculture. Bill Schafer, CEO of Fairledger, described how their system creates and executes digital contracts that are confirmed and recorded on the blockchain in order to trace agricultural products through the entire supply chain.


Cyber Extortion Is No Way to Get Rich

A recent study of Cerber estimates that the operator does pretty well, earning $78,000 in the month of July. The average affiliate, by contrast, brought in $726 in revenue. From that, subtract operating expense. The affiliate needs to buy an exploit kit -- a piece of software that scans a victim’s machine for known security holes. Before the kit can be delivered to a victim, it must pass through a crypter, which modifies malware to get it through virus filters. Both exploit kits and crypters must be updated every few weeks to stay ahead of security experts. Between tools of the trade and email spam campaigns, an attack could cost more than the expected income before a single ransom payment comes in


Considering Privacy in the Age of the Camera

“We have a fundamental problem with monitoring everybody just because somebody might do something wrong. That’s not how life is supposed to work in a democracy,” he explained. “The government is not supposed to be looking over your shoulders all the time, just because you might be engaged in wrongdoing, and we’re approaching the point as a technological matter, that is increasingly something that is possible to do.” Stanley also doubts the ability of video analytics technology to fully understand the complex and varied behavior of human beings. This was the case in San Diego several years ago, when the Municipal Transit Agency tried a program that didn’t pan out. Though the agency still uses cameras for monitoring purposes, the analytics deployed at the time wasn't quite ready for prime time.


Deception technology grows and evolves

The new approach is to cast a wider net, of more subtle traps. "We want to create a large decoy surface area -- a cyber minefield field," said James. TrapX, along with several other vendors in this emerging space, uses automation to create phony workstations, servers, databases, even medical devices, point of sale terminals and automatic teller machines. Then TrapX lays a trail of breadcrumbs that leads them to the decoys. The breadcrumbs are only visible to attackers, who are using backdoor tools or command line interfaces to explore corporate networks. "The real trick is that the legitimate user never sees these links," James said. "They're never stumbling on a trap and tripping the alarm." Then the TrapX decoys keep the hacker on the hook, giving the security team time to respond.


Enabling business-aligned cybersecurity

Business leaders, more attuned to the need to support cyber risk efforts, now routinely consult with cyber risk leaders before making changes to applications and technology infrastructure, and have enforced a program among their own technology teams to regularly provide IT asset updates to the central monitoring operations team. As executives and business risk leaders gained confidence in the effectiveness of DriveNice’s monitoring program, it was easier for IT leaders to gain support for new technology investments. Implementing an end-user behavioral analytics program has provided analysts with better pattern detection capabilities to help identify previously unknown cyberattack tactics. The success of DriveNice—in the second hypothetical case, that is—cannot be attributed solely to either enhanced technology or enlightened leadership.


How to spot signs your project is about to fail

When considering the enormous amount of planning, time and effort that goes into project's, any 11th-hour changes can completely derail a project, especially when we're talking about major changes. This can be a sign that the planning stage was too light, or requirements were not sufficiently identified. It can also mean stakeholder expectations have changed throughout the project, but, regardless it still should be of significant concern. ... There can be a multitude of other HR-based issues that can negatively impact the project. Some others that are of more concern could be constant conflict, team members who don't really understand their role, and if the wheels fall off the wagon during every meeting, a PM should be concerned and deal with these right away before they get out of control.


How to Build an Economically-Driven Cyber Defense Strategy

A standard ransomware campaign could earn an attacker a 1,425 percent ROI, according to a report by Trustwave. This is in large part thanks to the explosion of Exploit Kits (EKs) – toolkits with packaged exploit codes – and other black market malware that puts sophisticated attack techniques into criminals’ hands for a fraction of the cost of the potential payout. Commercial crimeware can be purchased for as little as $500 a month. For an extra fee, customers can even rent “crypting services” to make the malicious software harder to detect. As with any SAAS product, more sophisticated packages are available for a higher price. Some exploit kits come complete with built-in distribution channels, technical support and are updated regularly with newly discovered vulnerabilities.


The curious technology shift that is making television shows better than movies

What’s changed in technology that has caused this massive shift in my own thought process? I’m a major movie buff and, for the past two decades, I’ve always picked a theatrical release like Star Trek: Beyond over anything on HBO. Even up until last year, I viewed Netflix as a movie-watching channel (such as they are) and not as a way to stream original shows. If I used the HBO app, it was to find movies. Here’s the shift: Instant access definitely favors episodic television. It took me a long time to make this transition, though, and I still plan to watch the new Star Wars movie this December. It’s not like I’m giving up on Hollywood. And yet, I can tell that I’m a bigger fan now of a different format, one that encourages not just binge watching but, more importantly, lean-in entertainment.


Laying the foundation for a virtualized network infrastructure

The placement of the VNF, as it relates to data flow, must be considered when looking at virtualizing a formerly physical appliance. If data flowing in or out of your network must be significantly rerouted so it passes through a VNF residing in the data center, you may want to reconsider a virtualized network infrastructure. A benefit of physical appliances is they are point-based services that can be physically installed anywhere along the network path. Redirecting traffic into a data center can increase complexity -- and potentially create network bottlenecks, as the amount of north-south data center traffic can increase exponentially. Ultimately, enterprise organizations have adopted the approach of "virtualize when possible."


Getting Started with ASP.Net Performance Monitoring and Optimization

A top-bottom approach, i.e. identifying an issue more and more precisely, works well in the context of an issue localized to a single page. How about issues that spawns multiple pages? What if, for example, various pages experience intermittent slow response time due to a subsystem not keeping up or an antique network switch which each reboot may be its last? This is where a monitoring approach focused on the application shows its limitations. At this level, other metrics are needed to assess the healthiness of every component in the system, both at software and hardware level. At the hardware level, the first machines that comes to mind are the web and database servers. However, these are only the tip of the iceberg. All hardware components must be identified and monitored: server, network switch, router, load balancer, firewall, SAN, etc.



Quote for the day:


"About the time we can make the ends meet, somebody moves the ends." -- Herbert Hoover


August 28, 2016

Cyberthreats Targeting the Factory Floor

Cyberattacks targeting manufacturing companies are on the rise, according to a recent report from IBM X-Force Research’s 2016 Cyber Security Intelligence Index. The report noted that the sector is the second most-attacked industry behind healthcare. Automotive manufacturers were the top targets for criminals, accounting for almost 30% of all cyberattacks in 2015, while chemical companies were attackers’ second-favorite targets. ... Until recently, industrial networks were separated from the rest of the world by ‘Air Gaps.’ In theory, an ‘Air Gap’ is a great security measure — disconnecting the industrial network from the business network and the Internet. However, an ‘Air Gap’ is no longer operationally feasible in today’s connected world.


French submarine maker data breach highlights challenges of IP security

“Often these controls are poorly understood. A file will be placed in what is thought to be a restricted location, but it turns out many more people have access than realised through poorly configured permissions,” Jonathan Sander said. Without diligent data access governance, Sander said these misplaced files are easy targets for malicious insiders, malware and other mundane attacks. “It’s hard to blame people for misplacing these files as most organisations lack data classification. They may have a policy on the books about it and if you open the file to read it you may see all manner of references to its level of secrecy, but those typically fail to be marked on the file in a way that will signal who should open it at all or where it should be allowed to live on fileshares.


Experts challenge Skyhigh's patent for cloud-based encryption gateway

The Skyhigh patent also appears to overlap with the Key Management Interoperatbility Protocol, said Rich Campagna, VP of products at Campbell, Calif.-based security firm Bitglass, Inc. KMIP dates back to 2010, and is a standard protocol for the exchange of encryption keys, he said, that is widely adopted commercially. It includes a function that "is used to derive a symmetric key or Secret Data object from a key or secret data that is already known to the key management system," he said, adding that this is "exactly the process described in claim number one of the patent." Garrett Bekker, analyst at New York-based 451 Research LLC, said that while Skyhigh has some unique aspects to their technology, several vendors already offer encryption gateways for cloud applications.


Artificial intelligence and the future of cyber-security

The future of cyber-security will continue as it always has, as a game of cat and mouse. Attackers will create new methods of concealment and defenders will create new methods of detection. The difference with AI is that we are trying to make something that will adapt to the changes the attackers make. Current research suggests we will soon see distributed AI detection schemes operating similarly to the human immune system, giving some form of environmental awareness. Like the human immune system, one part would be dedicated to addressing common threats (innate immune system), whilst another part would investigate anomalies to detect threats that have not yet been seen by the system (adaptive immune system).


How the Internet of Things will affect security & privacy

New developments would allow connected cars to link up with smart city infrastructure to create an entirely different ecosystem for the driver, who is simply used to the traditional way of getting from Point A to Point B. And connected healthcare devices give people a deeper and fuller look at their own health, or lack thereof, than ever before. But with all of these benefits comes risk, as the increase in connected devices gives hackers and cyber criminals more entry points. Late last year, a group of hackers took down a power grid in a region of western Ukraine to cause the first blackout from a cyber attack. And this is likely just the beginning, as these hackers are looking for more ways to strike critical infrastructure, such as power grids, hydroelectric dams, chemical plants, and more.


Target is shifting focus to in-sourcing technology and not outsourcing

Moving away from the out-sourcing model, CIO McMamara says that he is emphasizing on in-sourcing and building internal engineer teams. "About 70% of our engineering staff was third-party contractors vs. 30% Target team members. We had far more contractors than we needed—especially once we pared back our roster of projects to focus on key priorities," McMamara writes. "In just a year's time, we've completely flipped that ratio—so that now about 70% of our engineering staff is team members while 30% is made up of contractors. ...". Since McMamara's IT strategy is focused on in-sourcing, obviously company will have to ramp up hiring in a big way that would ensure he has a big team and support staff to execute business aligned IT plans.


Bridging the business intelligence and analytics gaps

Of course, internal politics also play a part in failed BI projects. Overcoming this requires data silos between departments to be broken down. At the same time, it’s important to get the balance right, so each department is still in control of its own performance. Therefore, companies need to create the right metrics that they can track over time. They should create an overall key performance indicator (KPI) for the business, as well as sets of key value indicators (KVIs) and drivers assigned to individual departments to show how each delivers value. This can be achieved using analytics tools to create the right dashboards that can show the contribution each particular role makes to the organisation. The KPI can sum up a business-critical process – for example, customer acquisition or profitability. The KVIs are then provided for each team involved.


Design Thinking and the Business Agility Ecosystem

Design Thinking can provide a mature and proven set of principles and practices that both the business/product management and software development parts of the organization can use to identify which problems are worth solving and very rapidly ideate potential solutions to those problems by using prototypes and testing assumptions. It can fill the gap that exists in many organizations that have successfully passed through the first and second waves of Agile and are looking for a set of practices to help them enter into the third wave of Business Agility. One approach to implementing Design Thinking toward achieving Business Agility is to view it in relation to the entire value stream.


How Fintech is improving Retail Banking

Fintech and retail banks have complementary strengths which should be leveraged to make a better central financial experience for customers. Banks offer capital and deep customer bases while fintech excel in innovation, agility and exploiting new technology. Fintech firms are sprouting all over the world and they have come up with Robo-advisers, online wealth advisors, mobile banking, improved and fast payments , easy and inexpensive transfer of money. Consequently, fintech has positively impacted the customer experience in retail banking. A Robo-advisor offers automated algorithm-based portfolio management advice without using financial planners. Retail banks have adopted this new technology because it requires a lower minimum investment to get started than traditional financial advisors.


Growing up in the intelligence era

Today, information technology is shifting from the SaaS workflow applications that characterized the cloud computing era to those that help customers make decisions.Characterized as the intelligence era, the source of competitive advantage is shifting from code to unique data + self-learning code. As with the previous shift, this brings a change in the expectations of investors. We are seeing investors outright ignore SaaS companies with solid traction in favor of companies that have a strategic position in the market granted by their “intelligent” software. This post generalizes the requirements of enterprise software investors in the intelligence era in the hope that it helps founders of enterprise software companies think about how to sequence their fundraising, product development and data strategy.



Quote for the day:


"Perfecting oneself is as much unlearning as it is learning." -- Edsger W. Dijkstra


August 27, 2016

What is Bitshares?

With BitShares it is possible to trade many different types of assets in addition to the native cryptocoin. In particular, there are what are called Smartcoins and User-Issued Assets. Smartcoins are coins like bitUSD, bitGOLD, and bitCNY that track the value of their counterparts, so that 1 bitUSD today will be worth 1 USD a week, month or year from now. With Smartcoins, people can enjoy the benefits of the blockchain payment network without being exposed to the volatility associated with its disruptive yet nascent stage of development. User-Issued Assets are, as the name suggests, assets issued by the user – meaning anyone can issue their own asset. The issuer of the asset can set various levels of control that they have of the asset, including having no control at all.


FinTech in Canada Explained

Robo-advisors are no joke, they’re completely changing the industry. Now you can get a professionally managed portfolio at a fraction of the price of mutual funds. It’s not like it’s actual robots running your portfolios, there are real people behind the scenes that have designed portfolios based around ETFs. The general idea is that you answer a series of questions and then a portfolio will be recommended to you. The portfolios are passive and change only happens when certain preset conditions are met. It’s still cheaper to be a DIY investor, but there’s no denying that robo-advisors are a good alternative. Your investments are also protected under the Canadian Investor Protection Fund. Don’t worry if you have lots invested, many robo-advisors have additional insurance available that is free.


Will Blockchain Technology Revolutionize the Banking Industry?

Given the unique capabilities of blockchain, it is no surprise that financial organizations are actively exploring its use in a variety of potential applications. They can, for example, use it to enable faster processing time, gain greater insight into market moves, increase transparency and compliance, and substantially lower costs. According to a report co-authored by Santander, it’s estimated that blockchain technology could reduce banks' infrastructure costs alone by up to $20 billion a year. There are broader applications of blockchain across other industries, as evidenced by the fact that investments and funding of blockchain-related start-ups had grown from US$298 million in 2014 to almost US$460 million. The potential exists to transform any transaction where speed, trusted and reconciled data, and secure handling of payments.


Public blockchains gaining acceptance at Bank of Japan’s Payment and Settlement Forum

“When digital currencies become to be widely used, people will not have to have bank accounts for payment purposes.” Commercial banks could become “unable to provide ‘finality’ to payments,” Hoki states. In this scenario, non-bank financial intermediation “might become more pronounced,” he claimed, and the possibility of using public-type DLTs for fund settlements will subsequently be undeniable. A discussion about financial blockchain applications followed Koji's presentation. Ryu Takaki, an Associate Partner at IBM Japan, Ltd, raised various issues including anonymity, transparency, delayed finality, and maintaining mining incentives.


How the ‘third unbundling’ is disrupting traditional business

The third unbundling is reshaping entire industries, as businesses break down enormous operating structures into smaller, more agile and innovative units. As with most transformational trends, this idea is heavily rooted in Silicon Valley thinking – where companies think big and think disruptive, asking the question, ‘How can we challenge the big institutions that are forcing us to do things in a certain way?’ The ‘Silicon Valley’ mind-set takes the view that by using the right people, processes, tools and technologies, it is possible to remake whole industries for the better. The services and suppliers that are causing unnecessary hassle in people’s lives are disassembled and then remade as ‘customer first’ businesses.


Why Compliance is a Key Element in Fintech

Consider a case where a client’s fraudulent scheme placate a financial institution. If they willfully defects to file a Suspicious Activity Report (SAR), then by default it will be flagged as the co-conspirator and becomes liable to litigation. This renders a clear message for fintech companies to possess higher accountability for actions which it may have otherwise neglected. CCOs (Chief Compliance Officers) will be under the constant burden to substantiate that their ventures are on track and compliant with the rules. Hence, nowadays they primarily come up with sandbox protocols for testing required compliance issues. To augment it, they are creating internal control processes to analyze Currency Transaction Reports (CTRs) and SARs. Regular audits are invoked to rejuvenate the regulatory updates to the concerned officials.


How to prevent your IoT devices from being forced into botnet bondage

Some of the problem stems from inherent limitations characterizing IoTdevices. “Device constraints preventagents such as antimalware, antivirus and firewall to be run on the device to protect itself, thus, traditional IT security practices are difficult to deploy on IoT devices,” says Preetham Naik, business development expert at Subex. These constraints include computation and storage limitations, as well as the use of stripped-down versions of known operating systems such as Linux. As Zeifman points out, the combination of advanced computing capabilities, high connectivity and lackluster security makes IoT devices “perfect candidates for botnetrecruiters.” Also relevant is the mostly autonomous nature of IoT devices.


Debunking the most common big data backup and recovery myths

Big data has become a priority for most organizations, which are increasingly aware of the central role data can play in their success. But firms continue to struggle with how to best protect, manage and analyze data within today's modern architectures. Not doing so can result in extended downtime and potential data loss costing the organization millions of dollars. Unlike traditional data platforms (Oracle, SQL*Server, etc.), which are managed by IT professionals, big data platforms (Hadoop, Cassandra, Couchbase, HPE Vertica, etc.) are often managed by engineers or DevOps groups and there are some common misconceptions around big data backup and recovery that need to be cleared up.


So your company’s been hacked: How to handle the aftermath

"Companies are getting hacked left and right. When you get to the point where every day you read about another major company getting hacked and your reaction is, like, 'OK,' then that's a really, really big problem. People are apathetic about cyber security. We have a serious problem. "It's not like we use devices only as a tool. They have become part of daily life and we rely on them. We have shifted to where have so many different types of systems -- from banking to healthcare to transit and the power grid." Cohen Wood believes companies need to educate workers about cyber threats and that IT shops need to assiduously stay on top of cyber threats with a shed of tools. She's also concerned that the major university computer science programs in the U.S. are failing to do nearly enough to prepare IT workers and coders with cyber security courses.


The 3 Biggest Mistakes In Cybersecurity

Cyber security is not an IT problem. It is a risk management problem. This is easier to understand in you work in a regulated industry. There, the concept, language, even governance of risk management is part of the daily lexicon. Not so with small and mid-market business less familiar with the risk management function. It doesn’t help that the very nature of the threat and the way the “payload” of the attack is delivered is via information technologies. It almost makes sense to have IT deal with cyber security. But the victims are not the computers. The victims are the businesses and their people. More importantly: A company’s Information Technology generates Value. It does so a myriad different ways depending on the business you are in, from the actual delivery of goods to clients to complementing, enhancing, and realizing the mission and vision of the company



Quote for the day:


"If Columbus had turned back, no one would have blamed him. Of course, no one would have remembered him either." -- Unknown


August 26, 2016

Financial Networking Company Prepares for ‘Post-Quantum’ World

Traditional computers process information encoded in a binary format — represented by either 0 or 1. Quantum computers, by contrast, work on quantum mechanical principles, including the concept of “superposition” — the idea that a particle can be in two different states, representing both a 0 and 1, simultaneously. This is what potentially gives quantum computers their incredible processing power, theoretically carrying out trillions of calculations per second. And that is what has cybersecurity experts worried. Most digital encryption systems rely on numerical keys that are tens or hundreds of digits long. To break one by trying every possible combination, or by searching for numerical patterns that would allow the encryption algorithm to be reverse-engineered, is beyond the capability of conventional computers — at least in reasonable timescales.


Data lakes security could use a life preserver

The most important security functions with regard to data lakes are authorization and access. Research firm Gartner has warned companies not to overlook the inherent weaknesses of lakes. Data can be placed into a data lake with no oversight of the contents, Gartner analyst Nick Heudecker noted at the firm’s Business Intelligence & Analytics Summit last year. Many data lakes are being used by organizations for data whose privacy and regulatory requirements are likely to represent risk exposure, Heudecker said. The security capabilities of central data lake technologies are still emerging, and the issues of data protection will not be addressed if they’re left to non-IT personnel, he said. Many of the current data lake technologies on the market “don’t have fine-grained security controls that allow for multi-faceted control at the object level,” Hockenberry says.


The AI revolution is coming fast. But without a revolution in trust, it will fail

Deploying AI will require a kind of reboot in the way companies think about privacy and security. AI is fueled by data. The more the machine learns about you, the better it can predict your needs and act on your behalf. But as data becomes the currency of our digital lives, companies must ensure the privacy and security of customer information. And, there is no trust without transparency – companies must give customers clarity on how their personal data is used. It turns out that the capability of AI to detect and remedy security breaches plays a critical role in protecting user privacy and building trust. AI is going to unleash a whole new level of productivity and augment our lives in many ways.


The Most Practical Big Data Use Cases Of 2016

Timely analysis of real-time data is seen as key to driving business performance – as Walmart Senior Statistical Analyst Naveen Peddamail runs Wal Mart’s Data Cafe and tells me: “If you can’t get insights until you’ve analysed your sales for a week or a month, then you’ve lost sales within that time. Our goal is always to get information to our business partners as fast as we can, so they can take action and cut down the turnaround time. It is proactive and reactive analytics.” Peddamail gives an example of a grocery team struggling to understand why sales of a particular produce were unexpectedly declining. Once their data was in the hands of the Cafe analysts, it was established very quickly that the decline was directly attributable to a pricing error. The error was immediately rectified and sales recovered within days.


SD-WAN, NFV deployment leads software-defined networking charge

SD-WAN products combine the power of big data analytics and traditional networking. They monitor traffic flows and network latency and jitter, making real-time decisions on traffic management. A common comparison to SD-WAN is voice traffic management. A PBR approach may dictate leveraging aMultiprotocol Label Switching (MPLS) connection for all voice traffic and a lower-quality Internet VPN for non-latency sensitive traffic. This isn't a hard-and-fast rule; if an MPLS connection is congested on the far side, the Internet VPN is the more viable option. Trying to create a routing policy for this type of dynamic traffic routing wasn't feasible -- at least not until SD-WAN vendors combined the power of general compute with inexpensive network links. Using real-time traffic analysis, middleboxes direct traffic over the best available link.


Threats on Every Side

Some of VMware's liveliest competition is coming from open source communities and suppliers that have based their offerings on open source projects. This includes competitors such as Red Hat Inc., SUSE, Canonical Ltd. and others. The open source communities have addressed all seven layers of the Kusnetzky Group model. The technology coming out of these efforts often are well-tested and quite sound; but they do require some IT background and flexibility. The suppliers in these communities typically ask, "Why pay the xtax on your business?" (where "x" is whatever commercial supplier they're competing with at the moment) when speaking about any commercial vendor. Red Hat, for example, is known to speak about the "Red Hat discount" that other vendors would offer when they learned that Red Hat was one of the competitors.


Mozilla launches free website security scanning service

The tool doesn’t only check for the presence of these technologies, but also whether they’re implemented correctly. What the tool doesn’t do is scan for vulnerabilities in the actual website code, something that already exists in a large number of free and commercial tools. In some respects, achieving a secure website configuration—using all the available technologies developed in recent years by browser makers—is even harder than finding and patching code vulnerabilities. “These technologies are spread over dozens of standard documents, and while individual articles may talk about them, there wasn’t one place to go for site operators to learn what each of the technologies do, how to implement them, and how important they were,” King said in a blog post.


Apple May Be Too Late To Make A Big Social Impact

"Apple is behind in social media," said Jeff Kagan, an independent industry analyst. "This does not mean they will ever be a significant player in social media, but I'm sure that's a target they would like to achieve... If they can marry a successful social media app with their technology, it will help them grow further and faster." Judith Hurwitz, an analyst with Hurwitz & Associates, said it might be easier for the company to buy its way into the social networking world. "It would be interesting to see if Apple will buy a company like Twitter," she told Computerworld in an email. "Starting from scratch may be difficult." However, Hurwitz also noted it might make sense for Apple to focus on a social network based on photos since that would tie into the use of the iPhone's camera.


Blockchain: It's not just for finance anymore

Use of blockchain in financial systems continues to expand and will be an increasingly important technology going forward. But blockchain capability may actually be as or more important to enabling a growing number of high value IoT functions that must also be effectively protected. In the important field of the Enterprise of Things (EoT), having proof of unaltered data is often mission critical and can make the difference in a life or death situation, in hazardous response requirements, or in many other high value interactions/operations. For example, imagine health related data from some monitors that could control life or death situations, being sent to the cloud for processing. How do you know that data is legitimate and unaltered?


Person-to-object interface: Next gen bionics for amputees

In practice CBAS’s aim is to replace the cup and socket system that usually connects prosthetics to the body. This socket is customised to the patient – so expensive – but still doesn’t work very well. People experience pain, their limbs lack functionality and it is hard to track gradual everyday wear and tear. CBAS wants to “standardise the interface” explains Hewage. And using advanced bioengineering and monitoring technologies it aims to create the “USB connector” of prosthetics. This is the next wave of integrated bionics and allows complex interactions between a range of different devices and a number of the body’s organs and systems. The benefit of this standardisation is clear. There is an immediate decrease in the cost of amputee care.



Quote for the day:


"It doesn’t make sense to hire smart people and then tell them what to do; we hire smart people so they can tell us what to do." -- Steve Jobs


August 25, 2016

Reprogram Your Culture

There is power in story as they inform, persuade and educate. Using the power of story, you can tap into foundational beliefs that shape culture. ... Although that’s unlikely, the reinforcing power of the story is that it communicates the value of customer service. It’s far more impactful to share that story than to say, “a Nordstrom core value is customer service.” ... There are four types of stories that shape culture. Identity stories are about who we are and where we came from. They capture what’s unique and special in the DNA. Success and Failure stories are about what is rewarded versus punished. Finally, future stories are about where the organization is going. ISFF (Identity, Success, Failure and Future) are the core stories that you can tell or will be defined by your culture. Change the story to change the culture.


European law enforcement seeking smart ways to fight cyber crime

Manufacturers need to wake up to the risks they face in the connected world and realise that most cyber security vulnerabilities are not solvable using bolt-on systems, but instead relying on sound engineering, software development practices and cyber security best practices. “The most effective cyber security work occurs during the planning, design and early implementation phases of the products, with the difficulty and cost of remediation increasing in correlation with product age and complexity,” said Thuen. Failing to address security at the early development stages could be very costly in the long-run, he said, leading to loss of consumer confidence or even product recalls, which some vehicle manufacturers would find difficult to recover from.


Are You Agile Enough for Polyglot Programming?

An interesting case study in Polyglot Programming is the Obama re-election campaign. The entire project was conceived of, designed, deployed, and dismantled in 583 days. It was spread across 3 data centers and 2000 nodes; it consumed 180 TB of data and supported 10,000 requests per second. Luc Perkins (@lucperkins) says in his blog that the Obama campaign was unbelievably agile. It was 100% cloud based and polyglot. Poly-language, poly-framework, and poly-db. Harper Reed, the CTO for the Obama re-election campaign, knew from the beginning he was resource constrained, so he bet big on the cloud. Without millions of dollars for servers, Harper chose Amazon Web services to host everything.


Trying to make sense of Google's messaging mess

Google's overall approach to development is a problem that impacts strategy and branding throughout the company, according to Dawson. "Teams within Google seem to be empowered to go and create stuff without coordinating with other teams — that can lead to great innovations, but more often than not it appears to lead to this kind of fragmented, disjointed approach to a space," he says. ... Google's seemingly unfocused approach to messaging is also related to the company's failure to create or acquire a wildly popular app. None of its messaging apps have ever reached the scale of WhatsApp, Facebook Messenger, WeChat, Line or others. "The best case scenario for Google is that they hit it big with one of their messaging and communication platforms, and then can start from a base of success before consolidating," says Patrick Moorhead


Apps for Work vs. Office 365 debate as much about culture as tech

Companies are increasingly looking to outsource their email and other productivity software like calendaring and word processing. They're enticed by lower costs, better disaster recovery and scalability offered by vendors, but the market is still nascent. A 2016 study by market research outfit Gartner shows 13% of publicly traded companies are using cloud offerings from either Microsoft or Google. Office 365 claims nearly 9% of the email market; Apps for Work grabs just under 5%. The remaining 87% has email in-house, in data centers or private clouds, or use hosted email services. The two vendors' software packages have the same basic lineup: web-based email, word processing, calendar, messaging, spreadsheets and slideshow generator.


Phishing for Insurance Coverage

Frequently, insurers assert that there is no coverage because the loss did not proximately result from the fraudulent hack, but rather from the intervening actions of duped individuals. Last year, in Apache Corp. v. Great American Insurance Co., a federal court in Texas ruled on an insurer’s challenge that the requirement in the Computer Fraud clause of a Crime policy that the loss result “directly” from the use of a computer was not met. An Apache employee received a call, and then an email attaching a letter, from a person claiming to be an employee of one of Apache’s vendors, requesting a change of the account information to which payment was to be sent for the vendor’s services. The change was made, and $2.4 million was directed to the fraudulent account.


Advocates Want FCC to Address Car Hacking Threat

The PSA noted that a vehicle’s susceptibilities may lie in its wireless communications functions, for example in a mobile device connected to the car through Bluetooth, a USB or Wi-Fi. Third-party devices connected to the car can also cause vulnerabilities, the agencies said. “In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle,” the announcement said. In July 2015, two hackers showed WIRED how they could remotely access a Jeep Cherokee’s systems to manipulate the air conditioning and radio settings, as well as cut the transmission entirely while the reporter was on the highway. Later that month, Fiat-Chrysler formally recalled 1.4 million of their cars that could have been affected by the vulnerability.


How Bloomberg is advancing C++ at scale

Large projects differ in complexity and difficulty in multiple dimensions, which kick in at different magnitudes. For example, as software size crosses the threshold where frequently recompiling the entire system becomes infeasible, you need to be taking insulation techniques seriously.There are three global techniques available in C++, two of which are architectural and one of which is not. The procedural interface, the first of the two architectural techniques, is very specific to C APIs; the second is the pure abstract interface, or protocol, which we use routinely throughout BDE and in system integration in general. The non-architectural technique uses a concrete class, also called PIMPL, or “pointer to implementation”. But, all three are totally insulating, meaning that with them you can insulate the entire implementation.


CISCO Starts Patching Firewall Devices Against NSA-Linked Exploit

ExtraBacon was released earlier this month together with other exploits by one or more individuals who use the name Shadow Brokers. The files were provided as a sample of a larger Equation group toolset the Shadow Brokers outfit has put up for auction. ... Even though the ExtraBacon exploit was designed to work for versions 8.4(4) and earlier of the ASA software, other researchers demonstrated that it can be modified to also work on newer versions. Cisco confirmed in an advisory that all versions of SNMP in Cisco ASA software contain the flaw. On Wednesday, the company updated its advisory to announce the availability of patched versions for different Cisco ASA branches, namely 9.1.7(9), 9.5(3), and 9.6.1(11).


How CISOs can adopt a proper risk management approach

A better approach would be to have a flight detector approach on individual endpoints. When you're on the plane you hope you never need it but in case you have a crash it is a critical feature. Likewise, if you see any unusual network activity you can activate this endpoint and do a real-time analysis. Enterprises should analyse the network traffic in real- time and look for anomalies. This process will give them an early warning. It's called breach detection system and it is very effective on the network layer. But trying to record change at every end point in real-time is cost prohibitive and not very meaningful. Installing an intelligent smart endpoint sensor and a flight recorder at end points will be more beneficial for the enterprises.



Quote for the day:


"If a window of opportunity appears, don't pull down the shade." -- @tom_peters


August 24, 2016

A Portable Hard Drive Made For Mobile Streaming

Unlike its very thick predecessor, the My Passport Wireless Pro could easily be mistaken for a portable optical drive (you remember those, right?). Except that this enclosure sports a micro-USB 3.0 connector, a USB 2.0 Type A port (for charging other devices from the drive’s battery), and an SD memory-card slot (for transferring files—automatically on insert, if you so choose. You can push a button if you don’t.) The new model weighs in at nearly a pound--that's four ounces heavier than the original--and we're pretty sure it's attributable to the 6400 mAh battery. ... Streaming was a mixed bag of easy and not so easy. This wasn’t the Wireless Pro’s fault, but the uneven implementation of streaming protocols across platforms.


Android 7.0, Nougat: The complete FAQ

The way split-screen mode works in Nougat is pretty simple, though the function is a bit hidden: While using an app, you press and hold the Overview key (the typically-square-shaped button next to Back and Home). That splits the screen in two, with your current app on top (or left) and a list of your most recently opened apps on bottom (or right). ... Updated appearances aside, notifications in Nougat are bundled by app -- so if you have, say, three new email alerts from Gmail, they'll all appear within a single card in your notification panel. ... Android's Quick Settings gets far more useful with Nougat, thanks to a new set of always-present toggles on top of the regular notification panel (illustrated above) and a newly customizable set of tiles when you swipe down from that view.


Google's Cloud Bigtable Database Handles Petebyte-Scale Workloads

Google this week alsoannounced general availability of its Cloud Datastore managed NoSQL database service and talked up its existing and forthcoming support for applications built in Microsoft's ASP.Net environment. Cloud Bigtable is a technology that Google has used internally for several years. It powers many of Google's most heavily used services, such as Gmail, Search, Maps and Analytics. It is designed to handle very large data sets at high speeds. According to Google, that makes it well-suited for analytical and operational applications, such as financial data analysis, internet of things and user analytics. Google has previously described Bigtable as delivering more than double the performance of other NoSQL technologies, such as Cassandra and Hbase, while running faster and delivering a lower total cost of ownership.


IT Investment Uptick Triggered By Productivity Goals

"In the long-run, productivity gains are mostly generated through innovations in technology and in the way that businesses manage people and technology," Ira Kalish, chief global economist for Deloitte Touche Tohmatsu, wrote in the report. "One problem is that new innovations, while always exciting, don't necessarily lead to productivity gains immediately. Rather, it can take years before innovations are absorbed into the way businesses operate, only then causing gains in productivity that lead to faster economic growth." Looking ahead, those companies surveyed noted that the greatest opportunity is in internet of things-powered technology that tracks business processes, with the ability to track customer behavior and the possibility of tracking employee productivity high on the list of capabilities businesses said they were pursuing in this area.


34 Most Disruptive Technologies of the Next Decade

For those who associate the term "hype" with failure, realize that that's what this report is bringing into focus. Instead, it highlights "the set of technologies that is showing promise in delivering a high degree of competitive advantage over the next five to 10 years," Mike J. Walker, research director at Gartner, said in a statement. The phases of the hype cycle, as outlined in a graph created by Gartner, are as follows: Innovation Trigger, Peak of Inflated Expectations, Trough of Disillusionment, Slope of Enlightenment, and finally, Plateau of Productivity. Basically: There's a breakthrough, a flurry of press coverage touting successes, a bunch of failures that ultimately contribute to disillusionment, then people start to understand the technology more, and it goes mainstream.


Deconstructing the development mindset

A development mindset is a pattern of thinking and a way of looking at the world that invites ongoing opportunities for continuous individual and organizational transformation. It’s an abundant perspective that recognizes significance that others might overlook. Those with a development mindset appreciate that development is a state of mind, not a series of discrete activities or classes. ... Given the environmental impediments to promoting a development mindset, it would be easy to simply throw our hands up and declare defeat. But savvy leaders who understand the long-term benefits to individuals and the organization can choose to take steps to create more hospitable and supportive conditions for their employees.


Cisco well positioned to dominate cybersecurity market

The “big data” approach is the foundation of Cisco’s “Network as a Sensor” and “Network as an Enforcer” strategy. Because of its dominant share in networking, the company has more devices in more places than any other vendor. Also, it has a wealth of information available to it, including log files, NetFlow, DNS information, identity, IP address records and other network-related data that can help it quickly find anomalies and breaches. Industry-wide, the average time taken to find a breach today is 100 days. Cisco’s senior vice president and general manager of networking and security, David Goeckeler, told me Cisco could find breaches in 17 hours. I challenged him on this point and said 17 hours is still far too slow.


How to get your network and security teams working together

So, for a team focused on speed and availability, security can often be seen as a roadblock in reaching those goals -- and vice versa. "This becomes a problem when network professionals feel that security measures are red tape getting in the way of their processes, and security professionals feel that network team's expansion and development of complex architectures are opening up the system to potential attacks," says Vigna. It's not that security isn't important to networking professionals, it's just that it isn't necessarily their focus. And the same goes for security pros. They don't want things to run slower or to create more steps for people, but it is their job to keep things as secure as possible. And as it becomes increasingly important for businesses to avoid any security breaches -- both teams will need to shift their priorities.


An iPhone feature has exposed a biometrics security flaw

The vulnerability is unlikely to present a serious threat to security, for now. Banks that employ facial recognition technology generally use it alongside other security measures — like requiring users to have a lock on their phone or only allowing a customer's account to be accessed from a single registered device. Exploiting the weakness would also require a hacker to have both the victim's phone and a Live Photo of them, which is an unlikely scenario. But this development suggests that banks should think carefully about how they use biometrics. Only 9% of UK consumers are happy to use facial recognition as a means of identification, according to Experian, and stories like this are likely to further dent consumer confidence. This implies that banks should continue to use biometrics as an additional or optional security measure, rather than a replacement for existing methods.


New report confirms you need NoSQL, and probably in the cloud

NoSQL is not an option—it has become a necessity to support next-generation applications. And increasingly, enterprises of all types and sizes are embracing NoSQL to support their business technology (BT) agenda. A key strength for NoSQL is the ability to support scale-out architecture leveraging low-cost compute servers that are clustered to deliver performance of large, high-end SMP servers. In addition, its flexible schemaless model offers the ability to store, process and access any type of customer and business data. ... NoSQL delivers one side of the business agility equation, allowing for disparate data types at high velocity and volume. Public cloud takes care of the infrastructure side of the equation, enabling enterprises to grow or shrink resources according to data demands.




Quote for the day:

"A vision needs to be shared in a consumable way and integrated into business plans, each decision, each procedure and each employees' tasks." -- @RichMcCourt


August 23, 2016

Tiny $35 computer gets major new release of HypriotOS

The stripped back Debian-based OS comes pre-installed with a number of Docker tools for Raspberry Pi versions 1, 2, and 3, as well as the Pi Zero and the compute module. HypriotOS utilizes the pre-installed Docker Engine 1.12.1, and Docker's Swarm Mode helps spread containers between a multi-node Pi cluster, which could be helpful for developers looking to build a network of Internet of Things devices. To get up and running, users will need to install the HypriotOS flash tool on an SD card, which is then inserted into a Raspberry Pi. Booting up takes less than five minutes, according to Hypriot. HypriotOS developers have optimized the toolset to only require 600MB of disk space and have reduced the size of the download packages to 232MB. They're also promising security out of the box by, for example, removing the 'root' user by default.


Using an Agile Software Process with Offshore Development

Although world-wide Continuous Integration is resoundingly popular, we have run into some problems. Communication pipes aren't as wide and reliable as we'd like, so many source control operations can get awkward from a remote site. In general we keep the build servers in the same site as the majority of developers, but remote sites can find it takes an annoyingly long time to get a fresh update from the mainline. The longer the communication lines are, the more they are prone to anything from glitches to lines being down for a while. Having the repository accessible 24 hours makes it annoying to take it down to do backups. All of these issues would mitigated by a clustered code repository, but we haven't experimented with anything like that yet.


How Bitcoin Makes Each Of Us As Powerful As A Bank

“Bitcoin and the concept of the internet of money that it creates are this new model for a payment network that spans the globe, that has no borders, very much like the internet, that allows you to run financial applications that are controlled by software and, rather than political rules, are controlled by mathematical rules.” He says the fact that the network can process payments as small as hundredths of a penny or as large as billions of dollars will enable all kinds of applications that are impossible with the traditional financial system. Tune in to our fun and chock-filled conversation to hear why he says, “Bitcoin doesn’t care if you’re a person, a piece of software or an automatic dog-feeding bowl,” and for his far-out descriptions of how taxis and disaster relief could operate in the future.


Disrupting beliefs: A new approach to business-model innovation

Every industry is built around long-standing, often implicit, beliefs about how to make money. In retail, for example, it’s believed that purchasing power and format determine the bottom line. In telecommunications, customer retention and average revenue per user are seen as fundamental. Success in pharmaceuticals is believed to depend on the time needed to obtain approval from the US Food and Drug Administration. Assets and regulations define returns in oil and gas. In the media industry, hits drive profitability. And so on. These governing beliefs reflect widely shared notions about customer preferences, the role of technology, regulation, cost drivers, and the basis of competition and differentiation. They are often considered inviolable—until someone comes along to violate them. Almost always, it’s an attacker from outside the industry.


How to Mitigate the Top 3 Risks of Cloud Migration

Operational excellence is a key success factor for enterprise IT. However, building operations to support growth and business innovation, while maintaining day-to-day operations can be challenging. Clearly, the public cloud offers compelling agility to support rapid change and growth. But successfully moving existing applications to the cloud requires good process, along with good technology that can bridge the gap between heterogeneous cloud environments. As enterprise IT departments attempt to match data center supply with growing and often fluctuating demand from users, balancing between a situation of under-utilized resources and that of over-commitment, becomes essential. The cost-effective, pay-as-you-go nature of the public cloud can complement existing private cloud computing resources.


Across the pond: the EU-US Privacy Shield

For most companies, these requirements will mean updated privacy policies in dealings with customers and employees. Another key principle – the ‘choice’ principle – requires companies to offer individuals the opportunity to choose whether their personal data will be disclosed to a third party or used for a purpose that is different from the purpose for which such personal data was originally collected or subsequently authorised. Companies must respect individual choices and implement technical mechanisms so that data subjects may be informed, and be given the opportunity to opt out, of uses of their personal data. In addition, contracts with third party data processors will need to be reviewed to ensure that personal data will only be processed in a manner consistent with the basis on which the data was collected in the first place and with the level of protection required by the Privacy Shield.


Distributed Ledger Technology: What We Can Learn from Recent Blockchain Attacks

The security around private keys is a particularly relevant topic now given the recent hacking of the Bitfinex exchange in which bitcoins worth about $70 million were stolen. Although the exact details of the attack are not yet available, it is clear that the hackers were somehow able to access the private keys that secured customers’ accounts and steal the bitcoin.  Private keys can be thought of as secret codes or passwords that prove ownership of digital assets. Technology companies developing permissioned blockchains for financial services will need to completely rethink the multi-sig/cold storage approach currently employed by digital currency exchanges.


Security Soars As a Priority, But Many Struggle to Use Tech for Protection

“With tens of thousands of malware variants being generated each day, this lack of defense may leave an organization wide open to compromise,” the report notes. Hospital data security professionals continue to fight for adequate budgets and resources, Kim notes. On the non-acute side, which includes physician practices and other providers such as long-term care facilities, the data suggests they are paying more attention and money to address security, but there is not yet a trend of small providers fortifying their cyber defenses. These providers are aware of looming threats, “but may not yet be aware of the pervasiveness of cyberattacks,” Kim says. Further, only 42 percent of surveyed non-acute providers have intrusion detection technology, so they may not even be aware that an attack has occurred.


Third-party vendors -- your weakest link?

Corporate leadership must make third-party risk management a priority for it to be successful. Such a program requires resources, and often involves delays in the purchase of products and services while the related risk is assessed. Without strong support from the C-Suite, managers will simply ignore third-party risk, and just buy whatever they want whenever they get in a hurry. Third-party oversight should begin with a structured program, with proper documentation and procedures. The program must be an ongoing effort, rather than a one-time review. This should include complete analysis of each vendor BEFORE a contract is signed. For ideas on how to structure such a system, I would suggest that you review "Third-party risk management -- not just papering the file."


C Programming Language's Tiobe Rating Drops To Lowest Level

One of the main reasons for this drop is that C is hardly suitable for the booming fields of web and mobile app development. Moreover the C programming language doesn't evolve like the other big languages such as Java, C++ and C#. There is a "new" C11 standard available but this contains only minor changes. The constraint that C object code should remain small and fast doesn't help here. Moreover, adding C++ like features is also out of the picture because that's what C++ is for already. So C is a bit stuck. Yet another reason why C is getting into trouble is that there is no big company promoting the language. Oracle supports Java, Microsoft supports C++, C# and TypeScript, Google supports Java, Python, Go, Dart and JavaScript, Apple promotes Swift and Objective-C, etc. but none of them supports C publicly.



Quote for the day:


"Gratitude is absolutely the way to bring more into your life." – Joe Vitale