Daily Tech Digest - February 03, 2017

These 10 cities have the worst malware infection rates in the US

Malware attacks are on the rise across the US, but some cities are more susceptible than others, according to a recent report from Enigma Software Group (ESG). In 2016, Tampa, Orlando, and St. Louis each had malware infection rates per capita more than five times the national average—the highest in the US, the report found. ... "The important thing is that people in these cities, and everywhere else for that matter, need to always remain vigilant against malware, spyware, and other nefarious online activity." ESG compiled malware detection data from its SpyHunter anti-spyware software in the 100 largest cities in the US in all of 2016. Enterprises should be on the lookout for ransomware attacks in particular: Nearly half of businesses report that they were the subject of a cyber-ransom campaign in 2016, according to a recent Radware report.


Global Application and Network Security report finds ransom is top motivation for cyber attacks

“The intent of today’s threat actor is to develop the best tools possible to either disable an organisation or steal its data,” said Geenens. “While businesses focus on delivering the highest value to their customers, they will also have to stay vigilant and ensure they are able to meet the security challenges they will likely face. Security must be woven into the customer experience for a company to truly succeed. Without this change in thinking, organisations will remain vulnerable.” Radware’s Emergency Response Team (ERT), which actively monitors and mitigates attacks in real-time, creates this annual report for use by the security community. The ERT team compiles this report using a combination of data from a vendor-neutral survey of organisations, Radware’s in-the-trenches experience fighting cyber-attacks, as well as the perspective of third-party service providers.


IT execs: Most sought-after skills aren't IT-focused

There are lots of technologies that are developing, but coding, to my mind, is primarily syntax. [I try to] find somebody who's a good problem solver, who knows how to take a problem, break it down into pieces and get to a solution. Whether they're doing that in Java code or in Python or in CSS or in whatever the next JavaScript technology we're going to roll out to market is going to be, that's syntax that smart people can learn.  If I can find people who are great problem solvers and who are really aggressive learners [that] constantly want to be playing and learning with new things, [those] are the [people] that are going to be the best to build into my team. That's a team that I can point at any problem, even one that I can't anticipate, and any technology -- even one that I haven't seen -- and know that they're going to be able to pick it up and carry it to a new place.


Attention to cyber-security is becoming daily routine in the C-suite

Nearly half (45 percent) said the responsibility for monitoring “immediate risks to cyber-security” rests with those who are directly in charge of cyber-security (meaning cyber teams). Thirty-three percent picked either C-suite or both (meaning cyber teams and C-suite). When asked about responsibility for “emergent risks to cyber-security”, responsibility resting solely with the cyber team fell to 30 percent and the portion of respondents who picked C-suite or both jumped to 46 percent. Widespread social issues present business risk for companies around the world. Whatever the underlying causes of insecurity may be, they manifest themselves in many ways, physical and cyber-threats among them. Executives are confident in political authorities' ability to mitigate the causes of insecurity, but there remain opportunities for companies to address their exposure to the threats motivated by insecurities.


A value stream mapping process is best under a DevOps approach

Value stream mapping usually starts with the product person or team as they are the direct line to the customer, Alley said. The process moves through the development lifecycle, QA testing, release and operations, and how the IT team monitors and manages this product or feature after release. The value stream doesn't end there; it looks down through deployment and up at the customer to see if the project achieves its goals. The value stream mapping process assembles everyone involved with a workflow into the same room at the same time, to clarify their roles in this product delivery process and identify bottlenecks, friction points and handoff concerns. Value stream mapping reveals steps in development, test, release and operations support that waste time or are needlessly complicated.


Convert your big data into beautiful graphics with Google’s Data Studio tool

Part of the Analytics 360 suite that Google Inc. revealed earlier this year, Data Studio provides enterprises and small businesses alike with a simple, user-friendly interface that lets them build living charts and graphs using their analytics data. “One of the fundamental ideas behind Data Studio is that data should be easily accessible to anyone in an organization,” developers Nick Mihailovski and Nathan Moon wrote in a May 25 blog post announcing the American version of Data Studio. “We believe that as more people have access to data, better decisions will be made.” In addition to the main subscription-based program, American users can access a free version of Data Studio that limits each account to five reports, though both versions allow access to unlimited data and report viewing, editing and collaboration. A Canadian beta version has since been released.


RSA 2017: The Internet of Things security threat

IoT gear doesn’t exist in isolation, so attackers will seek ways to compromise other devices that they interact with in an effort to affect their usefulness, according to Anthony Gambacorta, the vice president of operations at Synack, who is speaking at the conference. He’ll present specific examples to look out for including products such as IoT’s relationships with cloud servers and mobile applications. Using data that IoT devices gather as legal evidence poses its own set of problems, which include preserving the data and its integrity, and analyzing it for incident investigations and to present as evidence in court. The nuances of these emerging needs will be examined by attorney Erik Laykin of Duff & Phelps LLC. Security luminary Bruce Schneier will offer up two sessions about regulating IoT devices, which are woefully insecure, some say because they are not held to any set of security standards.


Mesh networking: Why it's coming to a home or office near you

Increasing your range is only one advantage to mesh networking. You also increase your network stability. With a mesh, even if one node goes down, you still have a working Wi-Fi network. In addition, a mesh can deliver more bandwidth on average to each device and deal better with heavy-traffic congestion. Setting up a mesh network used to require either high-end equipment or considerable networking skill. Today, you just need to buy the gear, plug it in, and run a simple setup routine. Unlike ordinary routers, though, you're more likely to set up mesh gear from an Android or iOS program instead of a web page. Most mesh networking packages comes in sets of three nodes. 802.11s enables you to expand to dozens. But there are limits. The more nodes you have, the more hops are needed to send messages between devices. The result is increased latency and poorer bandwidth


New Chrome Beta Feature Looks To Make Web Apps As Powerful as Native Ones

This could be the future of Mobile: Apps on Android are changing. A couple weeks ago, Google began testing its new Instant Apps that let users interact with aps without needing to download them in the Play Store, but Progressive Web Apps takes that concept one step further. Not only do they eliminate the Play Store middleman altogether, they let developers build powerful apps right in Chrome and deliver them quickly without the hassle of downloads and updates, or concern about compatibility. Native apps have served us well (and likely will for years to comes), but Google is already thinking beyond the present implementation of apps to a future where everything is instant and connected.


Protecting your critical digital assets: Not all systems and data are created equal

In determining the priority assets to protect, organizations will confront external and internal challenges. Businesses, IT groups, and risk functions often have conflicting agendas and unclear working relationships. As a result, many organizations attempt to apply the same cyber-risk controls everywhere and equally, often wasting time and money but in some places not spending enough. Others apply sectional protections that leave some vital information assets vulnerable while focusing too closely on less critical ones. Cybersecurity budgets, meanwhile, compete for limited funds with technology investments intended to make the organization more competitive. The new tech investments, furthermore, can bring additional vulnerabilities.



Quote for the day:


"My great concern is not whether you have failed, but whether you are content with your failure." -- Abraham Lincoln