Daily Tech Digest - February 02, 2017

These are the threats that keep me awake at night

The concept of threat intelligence is sound: Use another organization’s discoveries about potential threats to augment your own security. The problem is that the quality of threat intelligence data is highly variable. Those who rely on it without the proper vetting may make matters worse and not better. As an example, many organizations applied the indicators of compromise provided by the U.S. government as part of the Grizzly Steppe investigation to their own monitoring systems. Burlington Electric was one such organization, and it quickly identified a PC with activity matching information in the government alert, causing a media storm related to the U.S. electrical grid being "hacked." Sadly, some of the information in the alert turned out to be inaccurate, and much time was expended investigating an employee who had innocently checked his Yahoo email.


Data from pacemaker used to arrest man for arson, insurance fraud

A man has been charged for arson and fraud after law enforcement used data gleaned from his pacemaker to uncover an alleged plot to cheat his insurance company. ... Suspicions were aroused when Compton's statements did not seem to match up with how the blaze begun, especially after he told a 911 dispatcher that after spotting the fire, he packed a number of suitcases and threw them out of his bedroom window after breaking the glass with a walking stick. Compton has medical conditions which include an artificial heart linked to an external pump. According to court documents, a cardiologist said that "it is highly improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions."


How Machine Learning Can Improve Healthcare Cybersecurity

Currently SIEM technology is considered one of the most advanced types of infrastructure cybersecurity. SIEM aggregates event data from all solutions across an IT infrastructure and applies security analytics in real-time for the earliest possible security threat detection. Introducing machine learning into enterprise cybersecurity will separate and integrate SIEM log-based methods with other UEBA. Machine learning will allow this process to be unsupervised, eliminating breaches caused by human error. Machine learning has proved useful in healthcare analytics, with providers and vendors looking to apply the technology to security solutions to protect clinical health data store on-premise and in the cloud. ... "This radical transformation is already underway and is occurring as a response to the increasingly menacing nature of unknown threats and multiplicity of threat agents," Pavlakis concluded.


Why You’re Doing Cybersecurity Risk Measurement Wrong

Broadly speaking, cybersecurity is risk identification and risk mitigation in the cyber domain. Measuring risk quantitatively is good because it helps security teams measure their capabilities somewhat objectively, which helps everyone make better decisions. For example, when deciding whether to upgrade all your firewalls or invest in organization-wide two-factor authentication, that decision should be based, in part, on what risk exists now and what risk will be after you implement a change. It may surprise you but people are generally pretty bad at this, resulting in things like transportation disasters, major breaches, economic bubbles, wars, and bad movies. ... Here’s where it gets more complicated: evaluating current and future risk requires accounting for people … and people make everything harder. A good risk analysis should account for risky behaviors by users, administrators, and security personnel, both before and after you make the change.


EVGA splashes into CPU chilling with new closed-loop liquid coolers

EVGA's venture into CPU cooling is further evidence that the enthusiast sector of PCs is thriving. Indeed, the AIO coolers are just the tip of the iceberg for EVGA, which is poised to meet the cooling needs of more sophisticated users, as well.  While all-in-one coolers are designed for simple, straightforward installation, EVGA will soon expand its selection into something much more ambitious. EVGA’s QRC, or quick-release cooling, system will mix the ease of AIOs with the flexibility of custom water-cooling setups by offering a variety of prefilled liquid-cooled components with snap-on quick-release connections at their ends. The idea is you can buy these separate AIO parts and expand the cooling system to fit the needs of your particular system.


The digital workplace - IT’s biggest challenge?

The opportunity is huge. A successful digital workplace is not only a means of attracting talent it also maximizes the creative potential of the workforce and enables new ways of working that deliver better business outcomes. So much so that Gartner predicts that by 2020 the greatest source of competitive advantage for 30 percent of organizations will come from the workforce’s ability to creatively exploit digital technology. I also see the digital workplace as a foundation stone for any organization that is approaching artificial intelligence and automation as an opportunity to empower employees to create value in new ways. It puts people, and what they need to be more collaborative and creative when administrative tasks are automated, in the spotlight.  At its simplest, the digital workplace is one that offers employees anytime, anywhere access to technology devices and services in a way that boosts engagement, creative thinking and agility.


How security can directly impact the bottom line at banks, financial institutions

Financial organizations certainly recognize that these technologies impact their bottom line, but calculating the precise ROI of preventive solutions can be difficult. As a result, security is often viewed simply as a cost center. However, security has a valuable and untapped role to play that can deliver immediate tangible results across the entire organization – while using many of the security technologies already deployed. The transformation and expanded role of security can best be seen in its potential to contribute via technology to four additional key business operations: reducing inefficiencies in processes and procedures, predictive analysis, delivering actionable data and reports and achieving compliance. These tasks are often performed with time-consuming, costly and error-prone manual processes.


How Facebook and Google are battling internet terrorism

In one initiative, Facebook has been partnering with universities to set up challenges for teams of students to develop counter-messaging campaigns. ... "The campaigns have reached tens of millions of people," she said. "Some of the campaigns are just absolutely amazing in terms of how many people they reach." Google has been backing other efforts to counter extremist propaganda online, including offering up tailored ads to users who might be recruitment targets. Last September, Google launched the "Creators for change" campaign, through which the company identifies potentially influential YouTube users and works to "resource them up and help them understand how to utilize their audience, which is really millennials around the globe, to kind of convey messages that push back on hate and extremis and violence and xenophobia," Walden said.


Vespa team creates Gita, a robot for lugging your stuff

Introducing Gita -- a little round robot that will carry up to 40 pounds of your stuff. It is the first offering from Piaggio Fast Forward (PFF), a new company from the folks who created Vespa, the iconic Italian scooter. Michele Colaninno, Chairman of the Board of PFF tells us that the company is part of a 21st century revolution on mobility. He says, "... The way forward is that robotics engineering must help people and not substitute people." We spoke with Colaninno and members of the Boston-based team that developed Gita. The team isn't developing a self-driving car. Instead, they envision a future where cities are filled with active pedestrians and their robot assistants. In a closed environment, Gita can navigate entirely on its own. But it can also head outside to tag along with a person, following the human operator's wearable device and avoiding obstacles along the way.


Businesses are at a database crossroads

As the SQL monolith splinters, developers are ending up with increasingly more data handling options; programmer website DB-Engines counts more than 300 different options. That’s a great array of choices, and choice is good. But it’s a number that also shows the complexity of the problems organisations are looking to solve in the information age. However, it can’t continue in this vein – that’s not how markets work, so consolidation and market transformation are clearly coming. However, the question for the CIO, who needs to make the largest bets on technology, is who will emerge as the Oracle or DB2 of tomorrow. By 2020 there’ll be a fragmentation of the database world into three parts.



Quote for the day:



"You can have anything in the world you want if you'll just help enough other people get what they want." -- Zig Ziglar