August 02, 2016

Accenture, Endgame team up to become the Van Helsing of cybersecurity

The digital era has brought with it a number of new tools and technologies. Things like IoT, the cloud, mobility, DevOps and software-defined networks (SDN) were futuristic things a decade ago but are now the norm. While those technologies have enabled businesses to become agile organizations, they also increased the number of attack points to the level where security teams can no longer keep up. The good guys need to protect an increasingly larger number of entry points, while the bad guys simply need to find a single way in. Once the network has been breached, the threat spreads laterally, information is gathered and data is eventually exfiltrated.


5 Ways to Manage an Outsourced Team on a Startup Budget

Getting everyone to work together on a project can become a costly nightmare due to time zones, work habits and deadlines. Rather than resort to spending fees on a massive project management platform that you really do not need, you can work with companies like Wrike, which offers various products to serve your size and budget but offers functionality to get projects done and enhance the collaborative experience in the process. Everything is located in a central hub for my entire team, including files, due dates, tasks and messages about every project that I'm working on. Best thing about them is I can individually track each individual on my team.


Latham on Systems Thinking

John Latham combines experience and research to create flexible frameworks that facilitate the process of reimagining, redesigning, and transforming organizations. Some of the frameworks such as the Design Framework for Organization Architects™ emerged from practice and later tested and refined. Others emerged from research and further developed in practice such as the CEO research that led to the Leadership Framework for Organization Architects™. These two award-winning, peer-reviewed frameworks form the foundation of the Organization Design Studio™ was founded to provide a virtual space for organization architects to learn how to (re)create the organization they really want!


Ready for a hack

Greg Spencer, principal consulting partner from IT consulting firm Beyond Technology, says the cyber threats facing Australian businesses have materially changed over the last 24 months. “Whereas organisations have traditionally taken solace from the understanding that they are not a target, the emergence of the hacker industry has taken this distinction away,” he says. “All organisations are susceptible to ransom attacks, and more and more seemingly harmless mid-tier firms are the focus of deliberate and targeted electronic intrusions seeking to either gain financially from their information or undertake data kidnap and ransoms.” Often hackers are not necessarily seeking information about their immediate target, but about one of their clients.


This Time, Miller & Valasek Hack The Jeep At Speed

Miller and Valasek reverse-engineered the electronic control unit (ECU) firmware, which communicates via the unsecured CAN bus in short messages. In a nutshell, they tricked the Jeep’s controls by impersonating messages. They basically took the ECU offline and impersonated real traffic to force it to follow their instructions, whether it was to accelerate, or turn the steering wheel 90 degrees. Unlike last year’s hack that the two conducted from Miller’s living room while Wired journalist Andy Greenberg drove the Jeep, this time they physically plugged into the diagnostic port of the vehicle to send their phony CAN messages, mainly for expediency reasons. “Last year, we showed you can remotely send CAN messages.


Economics Behind Ransomware as a Service: A Look at Stampado’s Pricing Model

The law of supply and demand also applies to the ransomware business model. In the course of monitoring the various underground markets over time, we noticed a fluctuation in ransomware prices. In 2012, ransomware services in the Russian cybercriminal underground only cost US$10–20. This included a Windows blocker or a piece of malware “that paralyzed a system’s OS.” This didn’t allow the criminals to hold data for ransom though. In addition, ransomware then weren’t as in demand then compared to now, which could explain why they were sold more cheaply. As more users and even organizations succumbed to paying the ransom just to get access to their files and systems back, it was natural for cybercriminals to hike the threat’s price up.


DevOps: The (Absolutely Critical) Cloud Enabler

One of the most fundamental problems that’s part and parcel of a move to reliance on the cloud is that IT orgs want every scrum team to have its own environment, complemented by an individual database instance. Eventually, that leads to creating a distinct database instance for every single developer. You probably can see where this is headed. I’ve used this comparison time and time again, but cloud and database instances become like the wire hangers in your closet you accumulate every time you pick up clothes from the dry cleaner. They multiply over time and, all of a sudden, you seemingly have a million on your hands, with no idea where they came from and no good way to get rid of them. To compound things, once the proliferation begins, it’s hard to stop.


How the Internet of Things (IoT) Will Impact the Logistics Industry

It’s now a given that a parcel can be tracked every step of its journey, from the moment it’s shipped to when it’s finally delivered into the hands of the consumer. But in most cases, it’s still a matter of barcodes being scanned – usually by humans – as the item goes through various distribution points. With the IoT, an RFID tag is placed on the parcel or pallet and the truck or van acts as the ‘reader’, eliminating the need for humans to do anything more than load the vehicle. The delivery vehicle will then connect to the cloud and transmit the RFID-derived information and its location. And it won’t just be the vehicle’s position – temperature data will be available in real-time as well, except in very remote areas.


CIA Cyber Official Sees Data Flood as Both Godsend and Danger

Today “people are putting all their thoughts, their conversations, their movements, their ideas into this digital stream," Roche said July 30 on the sidelines of the annual Aspen Security Forum in Colorado. A career CIA official, Roche joined the agency’s new Directorate for Digital Innovation, which opened in October, after serving as deputy director for science and technology. Roche wouldn’t comment on recent hacking incidents, including breaches of the Democratic National Committee’s system and a data analytics program used by presidential nominee Hillary Clinton’s campaign, attacks that technology experts attribute to Russia. But he said that Russia, China, Iran and North Korea top the list of nations posing cybersecurity threats to the U.S. government and its contractors.


IoT and liability: Who pays when things go wrong?

As one might expect, when monetary values can be assigned to liability claims, the blame game get serious. "The question becomes who is ultimately responsible for the interactions of the product," asks Amodio. "And more importantly to the people in the cybersecurity field, who is responsible if a hacker breaches the security to the device and causes damages in the real world?" ... "Manufacturers of IoT devices, IoT network providers, and IoT software developers need to be aware users may bring claims against one or all of them following a device malfunction or security breach," mentions the post. "It is not clear if the aggrieved IoT user will be required to prove they have suffered damage as a result of an IoT player's actions or if the courts and lawmakers will adopt a 'strict liability' approach."



Quote for the day:


“Business is like a sport where the games never end. I’m always competing.” -- Mark Cuban