Daily Tech Digest - March 03, 2017

Businesses blame rivals for DDoS attacks

Rival firms are considered more likely culprits than cyber criminals, which were cited as suspects by just 38% of DDoS victims on average. Industrial sabotage is considered to be the most likely reason behind a DDoS attack, coming out higher than political conspiracy and personal vendettas against a business. Typically, DDoS attacks target web servers and aim to make websites unavailable to users. Although no data is stolen, the interruption to the service can be costly in terms of lost business damage to reputation. ... “DDoS attacks have been a threat for many years, and are one of the most popular weapons in a cyber criminals’ arsenal,” said Russ Madley, head of B2B at Kaspersky Lab UK. “The problem we face is that DDoS attacks can be set up cheaply and easily, from almost anyone, whether that be a competitor, a dismissed employee, socio-political protesters or just a lone wolf with a grudge.


De-mystifying Digital Transformation

Digital transformation is more than just a technology initiative. It means ensuring our organisations are ready for the challenges and opportunities of digitisation in terms of products and services, but also the organisation that produces them and the business models it operates. It impacts structures, culture, practices, and leadership, which means it is as much about people as it is about technology. Given so many organisations are connected only vertically, at the top, rather than laterally, some initiatives fall back into the old model of top-down change management, which no longer works in a complex world. Instead, as we have written before, organisational improvement and maintenance needs to be an ongoing priority at every level – we need to make change routine.


How Artificial Intelligence Can Benefit E-Commerce Businesses

While “artificial” tends to imply something negative or dehumanized, Artificial Intelligence actually allows sales people to provide a more personalized experience for their customers. How so? AI can analyze vast data sets way more efficiently than a human being. This means that it can rapidly identify clusters and patterns in the information - such as similarities between customers, past purchasing behavior, credit checks and other common threads. Millions of transactions can be analyzed every day to target offers down to a single customer. Key information that may have previously remained in cyberspace can be put to good use. Through actionable sales intelligence, companies have access to rich insights regarding client behavior before, during and after a purchase.


Spooked by spike in cyber extortion, businesses are stockpiling bitcoin for payoffs

U.S. corporations that have long resisted bending to the demands of computer hackers who take their networks hostage are increasingly stockpiling bitcoin, the digital currency, so that they can quickly meet ransom demands rather than lose valuable corporate data. The companies are responding to cybersecurity experts who recently have changed their advice on how to deal with the growing problem of extortionists taking control of the computers. “It’s a moral dilemma. If you pay, you are helping the bad guys,” said Paula Long, chief executive of DataGravity, a Nashua, N.H., company that helps clients secure corporate data. But, she added, “You can’t go to the moral high ground and put your company at risk.”


The latest research into digital banking's future: Four key takeaways

In its whitepaper Juniper states that almost $14bn was invested in the fintech industry in 2015 through venture capitalism, and this hasn’t slowed down in the past 12 months. The Chinese fintech industry in particular is being pumped up with huge amounts of capital. And of course banks themselves have set aside funds for digital transformation and the adoption of the mobile first approach. Amongst the banks highlighted by Juniper is Deutsche Bank, who have already announced that it will invest $750m in digital transformation by 2020. Spanish banking giant BBVA is also on the record pledging $1.2bn of investment into digital innovation, including the acquisition of 29.5% of UK challenger bank Atom for $68m, and UK bank Lloyds has confirmed that it will invest £1bn over the next three years in improving its digital banking capabilities.


5 things to think about for industrial IoT readiness

The number of connected devices is growing exponentially. In fact, current estimates from IDC Research predict IoT spending will reach $1.29 trillion by 2020. Although many of these are consumer devices (such as Fitbits or smartphones), the presence of IoT devices in industrial settings is skyrocketing as well, with manufacturing forecasted to be the industry making the largest investment in IoT. With this increased connectivity, the Industrial Internet of Things (IIoT) offers exciting possibilities for transforming many different industries – from industrial automation and manufacturing, to oil & gas and building security. By utilizing the IIoT, industrial companies can leverage technologies like big data analytics to optimize operations, improve efficiency and generate insights that can increase profitability and competitive advantage.


A digital revolution in health care is speeding up

Rapid medical and diagnostic innovation will disrupt all businesses that rely heavily on physical facilities and staff. A mobile ultrasound scanner made by Philips, called Lumify, means that a far larger number of patients can be seen by their own doctors. As for data-based diagnostics, one potential example of its power to change business models is Guardant Health, a startup that is analysing large quantities of medical data in order to develop a way of diagnosing cancer from blood tests. If the firm can devise an early test for breast cancer, demand for mammograms and the machines that take them would fall, along with the need for expensive drugs and spells in hospital. There is also good news for hospitals, however. Increasingly, machine-learning programs are able to make diagnoses from scans and from test results.


Cyber attack on Barts NHS trust exploited zero-day vulnerability

The incident at Bart, said Rowan, yet again shows that the signature-based approach is very limited and needs replacing with methods capable of detecting the attributes and behaviours of malware, rather than depending entirely on “knowing” the sample from other affected sites. Andy Norton, risk officer for Europe, Middle East and Africa at SentinelOne, said the incident also shows that despite the fact that the existing antivirus system was up to date, malware was still able to execute unhindered. “This is because the volume of new variants of malware far outstrip the ability of the antivirus system to keep up to date,” he said. At the time of the attack, security commentators said it further underlined the importance of cyber security at healthcare organisations and raised renewed fears about NHS legacy IT systems


Security experts talk insider threats

The greatest resource of a company is its people. The role of the Human Resources leader is to help the CEO in managing that great resource, but all line of business executives care for and lead their people. In the case where a person becomes malicious the HR department and line of business executive both have huge responsibilities, but they will need support of IT and security. How this plays out will vary from company to company. Our recommendation for larger firms is to appoint an insider threat manager who can help HR, IT and the line of business executives think through policies to mitigate threats in advance and, if the unthinkable occurs, help lead actions across boundaries to detect, respond and recover.


How To Get Your Infrastructure In Shape To Shake Off Scriptable Attacks

Scriptable attacks simply use scripts. “A script is a series of commands or computer tasks that execute automatically,” says Michael Cook, Team Lead, CERT Division, SEI, Carnegie-Mellon University. Scripts enable attackers to orchestrate many simultaneous attacks where they would otherwise have to perform each one by hand, one at a time. Attackers select their scripts from several scripting languages including Bash, Ruby, Python, PowerShell, Visual Basic, JavaScript, and others. The language of choice can be the one they find most familiar, the one best suited to the necessary steps along the attack path, or the one that is compatible with the system they plan to attack, says Cook. For this reason, attackers will use multiple scripting languages in their attacks. An attacker can also use a wrapper to make a script work in an environment where it is not otherwise compatible, explains Cook.



Quote for the day:


"Experience without theory is blind, but theory without experience is mere intellectual play." -- Immanuel Kant