August 28, 2016

Cyberthreats Targeting the Factory Floor

Cyberattacks targeting manufacturing companies are on the rise, according to a recent report from IBM X-Force Research’s 2016 Cyber Security Intelligence Index. The report noted that the sector is the second most-attacked industry behind healthcare. Automotive manufacturers were the top targets for criminals, accounting for almost 30% of all cyberattacks in 2015, while chemical companies were attackers’ second-favorite targets. ... Until recently, industrial networks were separated from the rest of the world by ‘Air Gaps.’ In theory, an ‘Air Gap’ is a great security measure — disconnecting the industrial network from the business network and the Internet. However, an ‘Air Gap’ is no longer operationally feasible in today’s connected world.


French submarine maker data breach highlights challenges of IP security

“Often these controls are poorly understood. A file will be placed in what is thought to be a restricted location, but it turns out many more people have access than realised through poorly configured permissions,” Jonathan Sander said. Without diligent data access governance, Sander said these misplaced files are easy targets for malicious insiders, malware and other mundane attacks. “It’s hard to blame people for misplacing these files as most organisations lack data classification. They may have a policy on the books about it and if you open the file to read it you may see all manner of references to its level of secrecy, but those typically fail to be marked on the file in a way that will signal who should open it at all or where it should be allowed to live on fileshares.


Experts challenge Skyhigh's patent for cloud-based encryption gateway

The Skyhigh patent also appears to overlap with the Key Management Interoperatbility Protocol, said Rich Campagna, VP of products at Campbell, Calif.-based security firm Bitglass, Inc. KMIP dates back to 2010, and is a standard protocol for the exchange of encryption keys, he said, that is widely adopted commercially. It includes a function that "is used to derive a symmetric key or Secret Data object from a key or secret data that is already known to the key management system," he said, adding that this is "exactly the process described in claim number one of the patent." Garrett Bekker, analyst at New York-based 451 Research LLC, said that while Skyhigh has some unique aspects to their technology, several vendors already offer encryption gateways for cloud applications.


Artificial intelligence and the future of cyber-security

The future of cyber-security will continue as it always has, as a game of cat and mouse. Attackers will create new methods of concealment and defenders will create new methods of detection. The difference with AI is that we are trying to make something that will adapt to the changes the attackers make. Current research suggests we will soon see distributed AI detection schemes operating similarly to the human immune system, giving some form of environmental awareness. Like the human immune system, one part would be dedicated to addressing common threats (innate immune system), whilst another part would investigate anomalies to detect threats that have not yet been seen by the system (adaptive immune system).


How the Internet of Things will affect security & privacy

New developments would allow connected cars to link up with smart city infrastructure to create an entirely different ecosystem for the driver, who is simply used to the traditional way of getting from Point A to Point B. And connected healthcare devices give people a deeper and fuller look at their own health, or lack thereof, than ever before. But with all of these benefits comes risk, as the increase in connected devices gives hackers and cyber criminals more entry points. Late last year, a group of hackers took down a power grid in a region of western Ukraine to cause the first blackout from a cyber attack. And this is likely just the beginning, as these hackers are looking for more ways to strike critical infrastructure, such as power grids, hydroelectric dams, chemical plants, and more.


Target is shifting focus to in-sourcing technology and not outsourcing

Moving away from the out-sourcing model, CIO McMamara says that he is emphasizing on in-sourcing and building internal engineer teams. "About 70% of our engineering staff was third-party contractors vs. 30% Target team members. We had far more contractors than we needed—especially once we pared back our roster of projects to focus on key priorities," McMamara writes. "In just a year's time, we've completely flipped that ratio—so that now about 70% of our engineering staff is team members while 30% is made up of contractors. ...". Since McMamara's IT strategy is focused on in-sourcing, obviously company will have to ramp up hiring in a big way that would ensure he has a big team and support staff to execute business aligned IT plans.


Bridging the business intelligence and analytics gaps

Of course, internal politics also play a part in failed BI projects. Overcoming this requires data silos between departments to be broken down. At the same time, it’s important to get the balance right, so each department is still in control of its own performance. Therefore, companies need to create the right metrics that they can track over time. They should create an overall key performance indicator (KPI) for the business, as well as sets of key value indicators (KVIs) and drivers assigned to individual departments to show how each delivers value. This can be achieved using analytics tools to create the right dashboards that can show the contribution each particular role makes to the organisation. The KPI can sum up a business-critical process – for example, customer acquisition or profitability. The KVIs are then provided for each team involved.


Design Thinking and the Business Agility Ecosystem

Design Thinking can provide a mature and proven set of principles and practices that both the business/product management and software development parts of the organization can use to identify which problems are worth solving and very rapidly ideate potential solutions to those problems by using prototypes and testing assumptions. It can fill the gap that exists in many organizations that have successfully passed through the first and second waves of Agile and are looking for a set of practices to help them enter into the third wave of Business Agility. One approach to implementing Design Thinking toward achieving Business Agility is to view it in relation to the entire value stream.


How Fintech is improving Retail Banking

Fintech and retail banks have complementary strengths which should be leveraged to make a better central financial experience for customers. Banks offer capital and deep customer bases while fintech excel in innovation, agility and exploiting new technology. Fintech firms are sprouting all over the world and they have come up with Robo-advisers, online wealth advisors, mobile banking, improved and fast payments , easy and inexpensive transfer of money. Consequently, fintech has positively impacted the customer experience in retail banking. A Robo-advisor offers automated algorithm-based portfolio management advice without using financial planners. Retail banks have adopted this new technology because it requires a lower minimum investment to get started than traditional financial advisors.


Growing up in the intelligence era

Today, information technology is shifting from the SaaS workflow applications that characterized the cloud computing era to those that help customers make decisions.Characterized as the intelligence era, the source of competitive advantage is shifting from code to unique data + self-learning code. As with the previous shift, this brings a change in the expectations of investors. We are seeing investors outright ignore SaaS companies with solid traction in favor of companies that have a strategic position in the market granted by their “intelligent” software. This post generalizes the requirements of enterprise software investors in the intelligence era in the hope that it helps founders of enterprise software companies think about how to sequence their fundraising, product development and data strategy.



Quote for the day:


"Perfecting oneself is as much unlearning as it is learning." -- Edsger W. Dijkstra