Daily Tech Digest - March 16, 2017

Ethical Hacking: The Most Important Job No One Talks About

Ethical hacking is used to build real-world potential attacks on an application or the organization as a whole, as opposed to the more analytical and risk-based analysis achieved through security audits. As an ethical hacker, the goal is to find as many vulnerabilities as possible, no matter the risk level, and report them back to the organization. Another advantage is that once hackers detect a risk, vendors can add the detection capability to their products, thus enhancing detection quality in the long run. For example, David Sopas, security research team leader for Checkmarx, discovered a potentially malicious hack within a LinkedIn reflected filename download. This hack could have had a number of potential outcomes, including a full-blown hijacking of a victims' computers if they had run the file. It's probably safe to say that just the audit wouldn't have identified this hidden flaw.


Unicef uses data science to track refugees

Unicef is working with Scottish data startup Brainnwave in a collaborative for one of its projects in Somalia, locating and tracking population movement in the country to enable Unicef to allocate resources and efforts to the areas in greatest need. The UK Disasters Emergency Committee is currently putting a spotlight on Somalia and neighbouring countries, and has estimated that 16 million people urgently need food, water and medical treatment. Some 60% of internally displaced people in Somalia are children, said Adler. When the Kenyan government threatened to close the Dadaab refugee camp last year – the biggest in the world, containing some 350,000 people – the need arose to understand where those people would move, to predict where goods and services should be sent.


Artificial Intelligence should not be seen as a threat, it will create more jobs

Human intelligence was still needed in a lot of jobs. It is still needed. But some level of automation in some sectors is bound to happen. “With the progress in technology, now with AI and machine learning, along with IoT, we are getting the ability to play around with more and more data. So definitely there has to be some skill-related training to help people analyse that data. So there will be emphasis on productivity. New jobs will be created eventually, and they will be different from what we have currently,” said Viswanathan. According to Viswanathan, IT companies are leveraging capacity to increase productivity for the customer. He dismisses doomsday talk when it comes to AI and machine learning giving an analogy of how it was predicted many decades ago that automation in the agricultural sector would wipe out the jobs of farmers.


Why hybrid cloud is not just a transitional environment

Hybrid cloud helps you in the same way. You can create amazing new capabilities that leverage the investments you have already made in your backend applications and the data you store. Leveraging cloud services with on-premises backends can add value even when there is no new cloud-native app. A common example is leveraging cloud analytics for new insight to on-premises data. How do you figure out how cloud can drive the most value for your company? For one, you need advisors who have driven success for other businesses. If you look at this purely from a speeds-and-feeds, cost-saving view, you may have missed the immediate value that hybrid cloud can provide. ...  A key aspect of driving this innovation is leveraging capabilities instead of building them. Cloud services are one of the fastest methods of driving value more quickly. So where are businesses creating impact?


Security Operations Center (SOC) Is Not New, But More Necessary Than Ever!

By definition, a SOC is an organized and highly skilled team whose mission is to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cyber security incidents with the aid of both technology and well-defined processes and procedures. The finer points of SOC deployment are very much network and organization-specific, however; following three are major components that every organization must include: People, Process, and Technology. The three exist in all elements of security and should be considered equally critical components while building a SOC. Through people, processes and technology, a SOC is dedicated to detection, investigation, and response of log events triggered through security related correlation logic.


The power of knowledge in the fight against cyber security

Currently, businesses face a real challenge in the search for the cyber security skills they need to succeed. Networkers’ recent Voice of the Workforce research confirmed this lack of skills, with more than half of the 1,656 technology professionals who were surveyed saying they believe there is a skills shortage in the sector they work in. In addition, we found that cyber security is seen as the greatest potential disruptor to the industry over the next five years. Essentially, these findings demonstrate that cyber security will live up to the hype over the coming years, but there aren’t enough people with the level of digital skills needed to deal with its impact. In addition, a 2016 Digital Skills Crisis report by the Science and Technology Committee indicated the full extent of the UK’s lack of digital capability, highlighting that 12.6 million adults lack basic digital skills - a skills gap which costs the economy more than £60 billion a year in lost income.


What Businesses Can Learn From the CIA Data Breach

Among the many CIA exploits that were leaked was one named Weeping Angel, which essentially turns a Samsung smart TV into a silent audio-recording device capable of listening in to conversations even after the device had supposedly been switched off. The exploit garnered attention not because it was particularly sophisticated, but because it demonstrated how trivially easy it is to hack many of the so-called smart "things" that are being connected to the Internet these days. For enterprises, the exploit should serve as a warning of the potential for attackers to increasingly target vulnerabilities in industrial and commercial IoT products in order to then gain entry into the enterprise. Many IoT vulnerabilities stem from Web and Web-based interfaces that are riddled with issues like remote code execution bugs and hardcoded passwords, Kolochenko says.


Is Your Connected Car at Risk? Previous Owners May Still Have Access

The most obvious problem is that, if someone sold the car but was still connected to it, in some cases it would be relatively easy for them to steal it, using the mobile phone as a key fob to unlock and start the vehicle. Many vehicles, however, still require the actual key fob to be present before the car or truck can be driven away. But the fact that prior owners could still be tracking the vehicle’s whereabouts would be enough to give most people pause. In terms of making car buyers aware of the vehicle’s potential connectivity, Hyundai’s Johnson said the automaker also slaps a sticker with an 800 number on its Blue Link–equipped vehicles letting the new owners know it’s equipped and how to get it serviced. These remote services also can cost money—in the case of Blue Link, it’s $198 per year—so most owners call and disconnect when they no longer have the car or truck, Johnson said.


Twitter Counter hacked: Hundreds of high-profile Twitter accounts hijacked

After the Twitter Counter hack, Michael Patterson, CEO of Plixer International said, “Given the political nature of the tweets, it’s not unreasonable to assume this was a state sponsored hack. The message delivered through this hack has received global attention that would likely not have been possible through any other method. This massive exposure becomes an incentive for others to use cyber-attacks as a means of gaining global attention to their cause.” “This highlights the expanded threat surface created when third party applications are granted access to social media platforms and the applications we use every day,” Patterson added. “It is common for consumer applications to request access to social media platforms, and most people will allow that access. Every time you link another application to your social media platforms, you are providing hackers with another possible point of entry.”


Want Good Cyber Insurance? Read The Fine Print

“The major threat to the insurability of cyber is that a systemic attack, such as a cyber attack on the power grid, could cause a catastrophic loss, with many insureds hit by the same event,” Coburn said. With that kind of uncertainty, erring on the side of caution tends to lead to higher prices, more exclusions that limit coverage – or both. “Cyber insurance is a nascent industry,” said Robin Gottschalk, insurance producer on Insureon's technology desk. “So, while complex models are forecasting costs, realized costs can be much different. They can vary widely because there are more incidents than insurance companies are forecasting or because the incidents are more expensive than anticipated.” Steve Durbin, managing director at the Information Security Forum, called risk measurement, “hugely complex,” and said many insurers are still struggling with cyber risks because of a lack of “significant data and trend analysis.”



Quote for the day:


"A man always has two reasons for doing anything: a good reason and the real reason." -- J.P. Morgan