October 08, 2016

How Companies Can Deal With Insider Data Theft

"Inadvertent leakage is also a big problem," said Salim Hafid, product manager for Bitglass.  Cloud-based applications and bring-your-own-device policies have only made it easier to accidentally share or publish confidential data, he said. As a result, more corporate data is getting out of company networks and into personal smartphones and file-sharing systems.  "A huge number of organizations that have cloud applications deployed have no means to identify these careless activities and no way to mitigate the threat," Hafid said. Companies like Bitglass sell services to fill those gaps. Security vs. Privacy. To solve the problem, security firms are also coming up with products that can monitor access to a company's most sensitive files. 


On-premise IT still the only way to run certain tasks

A hybrid cloud that incorporates cloud bursting will allow you to take a workload and spin it up on the private cloud, but if the workload needs more resources, it can be seamlessly moved out to the public cloud and easily work with data sources, no matter where they are – in the cloud or on-premise. Cloud bursting is therefore a great way for businesses to handle peaky demand patterns, such as e-commerce providers with big peaks in sales at Christmas, or news and sports websites with steady demand that spikes when something big happens, for example the World Cup or the Olympics. Cloud bursting can also be a useful tool for businesses that need to carry out analysis on large datasets, and for traditional applications such as month-end accounting runs where the demand is predictable but requires servers and storage to sit idle most of the time.


Beware of “spear phishing”

The scammer sends an e-mail to an employee at the company, often from a hacked or “spoofed” e-mail address or an address that closely resembles the company’s e-mail format. For example, if a company’s e-mail format is user@321company.com, a scammer might use user@321company.co, or user@321compny.com.  Spear phishing is often more profitable than a basic phishing scam. First, scammers research a company to convincingly impersonate the target’s boss or co-worker. People are more likely to be victimized because the e-mail appears to come from a trusted source. Second, spear phishers may use the information they obtain to steal the identities of every employee at a business and file thousands of fake tax returns. By filing fake tax returns or selling private information to other criminals, spear phishers can make a lot of money very quickly, even if only one person falls for the scam.


What will happen to blockchain in 2017?

For blockchain to truly function properly, its builders need to fully comprehend the entire ecosystem. A great example of this is Blythe Masters and her company Digital Asset Holdings. They’re completely changing public capital markets, not just one piece of the market, but every cog in the public capital markets machine. For that, the company needed to make sure it had the sector expertise it needed to ensure on implementation its product would work, and the company has both Nasdaq and the Australian Stock Exchange in its corner to demonstrate that. No other blockchain provider has had this level of success. In 2017, many of the blockchain companies that want to enter the business application sector will not survive beyond their concept stage.


Security concerns rising for Internet of Things devices

Indeed, when LIFX found out about the Wi-Fi credentials flaw, they patched it right away. Because there are so many small companies making IoT devices, the problem won’t go away anytime soon. Foeckl says IT departments need to start including IoT devices in their security monitoring efforts and certification and testing processes, and that they should work with their vendors to make sure these devices are patched, tracked, and protected. “Another important task is the development of privacy policies that inform users about the collected information and guide them to maintain a security good practice, advising on changing passwords, reporting unusual activity,” says Foeckl. “A well informed user represents a great premise to prevent data breaches regardless of the threat vector.”


A CTO's IT spending strategy for a fast-growing platform startup

"Every business has to maintain that delicate balance between reinforcing the old and creating the new," she said. "They need to be ambidextrous: exploiting their existing infrastructure and the capabilities which they have already built while simultaneously exploring new opportunities and innovating for the future." Morgan said he didn't lose sight of how the technology needed to support business objectives and strategic goals. His early re-engineering work, in addition to correcting problems, allowed for the addition of new functions that could drive company growth. As part of his strategy for the growth, Morgan said he moved his team away from a monolithic design toward a client front-end model, exposing APIs which led the team into building out its enterprise portal.


Password Guidance: Simplifying Your Approach

The death of the password was predicted some ten years ago. It was assumed that alternative authentication methods would be adopted to control access to IT infrastructure, data, and user material. But since then, password use has only risen. This increase in password use is mostly due to the surge of online services, including those provided by government and the wider public sector. Passwords are an easily-implemented, low-cost security measure, with obvious attractions for managers within enterprise systems. However, this proliferation of password use, and increasingly complex password requirements, places an unrealistic demand on most users. Inevitably, users will devise their own coping mechanisms to cope with ‘password overload’.


Business transformation proves to be a catalyst for cybersecurity spending

Pescatore agrees: “Increased use of SaaS and IaaS is definitely causing breakage in security approaches. It is causing a shift in spend from security software and hardware to actually more skills on the security staff side,” he says, adding that it’s common for SANs to hear such challenges from large enterprises. The reason for this, Pescatore explains, is that “SaaS means you cannot use security agents or appliances except the big SaaS services, such as Outlook365, Google at Work, Salesforce, and so on. They have security features and APIs that can be used to extend security policies to the SaaS app -- but that takes a higher level of skill in the security staff. Similarly, in IaaS you can use software and virtual appliances,” he says.


When a Payment is More Than a Transaction

One of the most important implications of electronic payments (whether domestic or international remittances) is the opportunity for disadvantaged groups of population to plug into the global financial system. A notable example of the way electronic payments are put to benefit the developing world is the joint effort by Stellar, the Stripe-backed open-source payment network, and Oradian, a cloud-based software provider for microfinance institutions in developing countries. Those companies have developed a payment-transfer network inside Oradian – built on top of Stellar’s platform – that allows 300,000 Nigerians (90% of them women) to cheaply transfer money between microfinance institutions over the Stellar network. International remittance services by FinTech startups are another case.


Information sharing still a heavy lift

Raskin said her department, “encourages a lot of sharing of information. We would like institutions to feel that they can benefit just as much from receiving information as giving information.” She added a failure of security in the banking system would lead to a different breakdown of trust – trust from depositors that their assets are safe. “Potential exploitation has the effect of undermining trust,” she said. “Our ultimate objective should be to reinforce the public's trust in the resiliency of the financial product, service, or institution.” McCabe, interviewed by Walter Isaacson, president and CEO of Aspen, admitted there is resistance “throughout the private sector” to allowing the FBI to monitor their systems in real time, even though he said that would let the agency notify an organization much sooner in the event of an attack.



Quote for the day:


"The future belongs to those who believe in the beauty of their dreams." -- Eleanor Roosevelt