In either a private or a public cloud, they need applications to behave a certain way. Unfortunately, it's not always possible to move legacy. A workaround that will require change over a long period, said Stern, is if they put what they can in their private or public cloud until they are able to examine which ones are worth rewriting. Before making the move to the cloud, Alex Hamerstone, GRC practice lead at TrustedSec, said, "Settle on a definition of what the cloud is. It’s really just someone else’s computer. A computer that’s not yours. You should know why you are you moving to the cloud. What are the advantages? Is it cost or that it is easier to maintain?"
Snowden’s revelations about a backdoor have undermined trust in large amounts of U.S.-made infrastructure, and have had lasting impact. The good news is that new thinking and research about encryption is emerging, with new techniques that can nail shut any attempted backdoors. Alex Russell is a professor at the University of Connecticut, and he has been focusing on the problem of how to ensure that a randomly generated number used to generate encryption keys is in fact random. Russell and his team have shown that by taking the output of the random number generator and running it through a hash function such as SHA-256 hash, a new and truly random number is created that can reliably be used to generate encryption keys.
Evolution of technology and the sophistication of hackers have made cybersecurity one of the most important areas of risk management for businesses. More than 95% of CGMA designation holders participating in a 2015 survey said their companies are concerned with the threat of database breaches, distributed denial of service (DDoS) attacks, phishing scams, and other cyberattacks. ... The proposed frameworks represent an effort by the auditing profession and the AICPA to develop a common foundation for CPAs’ services in response to the growing market demand for information about the effectiveness of cybersecurity risk management programs. “Our primary objective is to propose a reporting framework through which organizations can communicate useful information regarding their cybersecurity risk management programs to stakeholders,” said Sue Coffey
Part of the problem may be that loss prevention tools can’t stand up to new theft targets, the most common of which are personally identifiable information and protected health data. Organizations may also unwittingly alert hackers to their soft targets. Activities that publicize a new or improved service may signal that the service is not yet well secured, the report stated. Besides new projects or products, hackers look for reorganizations and strategic planning activities. This supports the report’s finding that organizations aren’t monitoring data movement in the right places. For instance, only 37 percent of DPB survey respondents said they use endpoint monitoring on physical media, despite the fact that 40 percent of data losses involve some type of physical media.
Even central banks across the globe have shown their intent to adopt the distributed ledger technology. The Dutch Central Bank has been actively experimenting blockchain and developing the DNBcoin. In July 2016, Bank of England issued a paper that discusses the ‘macroeconomics of central bank issued digital currencies’ which reveals some interesting findings. It says, “In a...model calibrated to match the pre-crisis United States, we find that CBDC issuance of 30% of GDP, against government bonds, could permanently raise GDP by as much as 3%, due to reductions in real interest rates, distorting taxes and monetary transaction costs.” Such findings showcase the potential that the blockchain holds for the financial machinery of a country.
The build – measure – learn loop suggests that speed is a critical factor during successful product development. First, you build the product, then you test its usability (gathering of user feedback and data), and lastly, you acquire critical insights. The insights you get will determine whether the product is ready for deployment, or it needs to be pivoted. The process is then repeated until it results in success. The lean startup method is a prime example of a good, productive mindset when approaching the problem of developing and marketing a product. Instead of being limited to your own company’s predictions and focusing only on early consumer adoption, the continuous monitoring of a product’s usability and tweaking of its features to suit the users’ needs will ensure success upon completion.
There are a few fundamental reasons why firmware can make a realistic target: No upgrade path for firmware: In contrast to software, firmware can be more difficult to update. Update policies may not exist; indeed, the ability to update may not even exist. Add to this the resiliency of these systems—literally devices that may sit around for decades. Changes in security requirements (e.g., updated encryption algorithms) may not be reflected in updated firmware. Even unsophisticated attack techniques are highly likely to work across outdated security mechanisms. Traditional methods don’t apply or can be side-stepped: No matter how many layers of security are built into the OS, ultimately a system relies on the underlying firmware to boot and interact with hardware.
Nobody inside Intel is coming anywhere near the kind-of-like fatalistic conclusions about where Moore's Law is. Intel has had a stellar track record in delivering node generation like clockwork. Maybe we've moved from a two-year to a two-and-a-half-year cadence, but we already see light at the end of the tunnel. We will continue to drive process technology and nobody is calling timeout on anything. We're working hard on 7-nanometer, we're talking about pathfinding for 5-nanometer. All of that is in the throes. We made a great announcement on Kaby Lake -- that's using an evolution of 14-nanometer transistor geometry that gave a substantially improved user experience compared to Skylake. We're going to continue to do more of that as we continue to drive process leadership.
Counter-terrorism policies underscore the need for resilience—the ability to identify terrorist attacks, control the damage and recover. Cybersecurity policy also highlights resilience as critical, and resilience informs development of national computer incident or emergency response teams and cooperation among them. However, cooperation on cyber resilience before or after an incident happens without international legal obligations, which mirrors international law on terrorism. Apart from obligations on law enforcement cooperation, antiterrorism treaties do not include duties to provide assistance to parties attacked by terrorists. This state of affairs also reflects the lack of legal obligations on states to assist countries hit by natural disasters.
Unless there is clear separation between the engine control units and other systems, hackers could block out the entire car "so you're not even going to get out of your driveway unless you pay," says Samani. This could be a lucrative option for cybercriminals because, while people might be OK with losing some files if they don't pay the ransom, when it comes to a car, they're going to give in, he added. "Quite frankly, if you're sitting in your driveway in 2021 in a self-driving car, if you have to pay two Bitcoins to get to work, what are you going to do? Are you going to pay? Of course you will. If you've got a $60,000 connected car to drive you work and you're being charged $200 to move? You'll pay," he says.
Quote for the day:
"We don't have a choice on whether we do social media, the question is how well we do it." -- @equalman