Daily Tech Digest - May 08, 2017

And Now a Ransomware Tool That Charges Based On Where You Live

The payment scheme is based on the so-called Big Mac Index, an interactive currency comparison tool that The Economist created in 1986 to assess whether international currencies are at their correct relative levels or are undervalued. It basically compares the average price of a Big Mac in the U.S. against prices for the same product in various other countries to determine currency trends. The tool, which The Economist has said was originally designed as a lighthearted attempt to gauge currency misalignment, has become a global standard for measuring international purchasing power parity. Fatboy, according to Recorded Future, uses the same index to determine which of its victims get to pay more and which of them get to pay less—at least in relative terms.


Do You Really Have Big Data, Or Just Too Much Data?

The type of information companies are collecting is also multiplying -- from traditional sources such as customer mailing addresses and phone numbers to more advanced demographics, web histories, shopping preferences, and even biometric data. Advances in technology, computer power, and analytics mean companies can collect and process data in almost real-time. This may lead executives to believe that the more data they have, the greater their advantage. However, collecting a virtually unlimited amount of data can create a serious threat for organizations, because the amount collected often outstrips the ability to protect it. In fact, when CEB surveyed 54 information risk executives around the globe in 2015, more than three-quarters of them indicated it is harder, or significantly harder, to prevent data breaches than in the past.


Why SMBs are at high risk for ransomware attacks, and how they can protect themselves

Gibbons recommends having basic IT protections around how files are shared within a network, including a basic VPN setup for employees who work from home, or a fileshare system like Dropbox. "Having a corporate-sponsored way of sharing files remotely, working on them, and getting them safely back into the network goes a long way," Gibbons said. Basic employee education programs about email phishing and other cyber threats is also very effective, Gibbons said. "You need to plan as though you're absolutely going to get infected," he added. "The problem is you're subject to the weakest link in the chain—the least technically skilled individual in the business will be how you become a victim." When ransomware does hit, it's key to identify and isolate the infected machine to ensure it doesn't spread throughout the network, Gibbons said.


5 Career Paths in Big Data and Data Science, Explained

The first article provides a general overview of some of the dominant concepts in data science, with the second being an update to these concepts from earlier this year. The third article provides a deeper treatment of the concepts of data science and Big Data. The fourth and final article is a quick discussion touching on some of the complexities and nuances surrounding the use of the term "data science" versus a number of other terms. I have broken up the various professional possibilities into an easily manageable set of 5 career paths. While there may be mass outcry and widespread panic related to this particular division of roles, they really serve to categorize skills and professional responsibilities at a high level, and so I believe the following is quite useful for orienting newcomers to the myriad opportunities which exist in this professional realm, myriad opportunities


Why CFOs and CIOs need to partner on cybersecurity

“In the old days when your CIO and CFO had no relationship and didn't talk to one another, it was bad management,” said Lee Lofthus, assistant attorney general for administration at the Department of Justice. “Now, if you don't talk to one another, it's a real cyber risk for the whole agency.” Other panelists pointed to DOJ as a federal leader in institutionalizing the relationship between the CFO and CIO. The CIO sits on the working capital board at Justice, while the deputy CFO sits on the department’s investment review board. Lofthus added that there is no longer a bright line between a cybersecurity budget and an IT budget at DOJ. “It's an increasingly composite budget we get that has cyber baked into it,” he said. He pointed to the example of data center consolidation, which was originally viewed as a cost-cutting measure.


Another Tectonic Shift: The Cloud Disrupts Traditional BI Architectures

“Cloud” is not a technology it’s an architecture. In the same way that software built for the mainframe made assumptions about the environment in which it operates, software built for client-server architectures made a different set of assumptions. This is why we saw the rise of an entirely new set of vendors who seemed to appear from nowhere to become some of the largest software vendors in the industry. Almost no vendors of data technologies (databases, integration tools, query or reporting products) carried over from the mainframe market into the later stage client-server market of the late 1990s to early 2000s. We are at a stage in cloud adoption where the BI vendors are beginning to recognize that the way their software was built, deployed and managed is not well suited to the way cloud architectures work.


Computer Forensics Follows The Bread Crumbs Left By Perpetrators

The extent to which deleted data and historical activity may be recoverable varies on a few factors, but generally degrades over time and commensurate to the volume of activity on a system, he said. This approach to computer forensics remains suitable for focused, small-scale investigations, but is too time and resource-intensive for enterprise-scale tasks, such as hunting across thousands of systems in a corporate environment, Kazanciyan said. “As a result, technologies that facilitate rapid search and analysis of evidence across ‘live’ systems began to flourish in the past decade, and formed the foundation of what's referred to as the endpoint detection and response (EDR) market,” he said.


Tech execs unsure about cyberinsurance, want storage flexibility, and wonder about AI

"I wish they would understand that most of the data that I deal with is dark data, and what that means is just like the proportions of the universe, where 3 percent we can see but 97 percent is dark matter, just because you can't see it, it doesn't mean it's not there. My data are high-resolution images, very rich information, and I wish what they understood is we need to stratify that data better." "I'm very jazzed about screenless. The processing power has been woven into everything that we have, and so I believe that anything I touch, anything I speak to, it's all alive and I'm loving how it's evolving." ... "Oh, man. Well we're healthcare so HIPAA. I just wish that was a little bit more of an out-of-the-box type of setup, that they would just figure out how to make that more turnkey than it's their first rodeo every time.


Will the Internet of Things always be so vulnerable?

The Internet of Things doesn’t have to be as vulnerable as it currently stands. In many cases, the transition to managing business affairs online — everything from accounting and storing customer data, to production and inventory management — has occurred faster than business leaders can adopt new security measures. In their eagerness to improve communication, data storage, and business operations through IoT devices, many businesses simply haven’t paused long enough to think about the careful protection of that data.  Though countless enterprises would like to say otherwise, the truth is cyberattacks cannot be fully prevented. Nevertheless, smart companies — and individual users — can adopt quality standards and best practices that minimise those risks to ensure IoT becomes a boon, not a burden.


Data Breaches: Fear the simple, not the complex

John Grim explained how this works and how prevalent it is, he said: “Financial pretexting is tricking somebody, like sending them a fake invoice, and having an executive sign off on it, and basically stealing money that way.” “In terms of pretexting the top communication vector email, we’re seeing 88% there, and then we are seeing pretexting 10% of the time in telephonic or phone communications.” With close to 90% of this most basic form of attack being sent in via email, it begins to raise the possible question as to whether email is still a suitable platform for transferring sensitive information. CBR recently spoke to a startup called Pushfor that is tackling the space, aiming to provide a secure solution for sending important information.



Quote for the day:


"You can know a lot about something and not really understand it" -- Charles F. Kettering