Daily Tech Digest - June 23, 2017

Where to spend your next security dollar

You probably haven’t thought about NACD for cyber security training. But, the program is the best security management course I have seen, is online and will give your senior executives a great overview of what your organization needs to be doing about security and risk management. The course describes the security management function and is general in scope, not compliance focused. If your executives participate in this training, they (and you) will have an excellent idea of the essential practices your organization needs to follow. The program connects security practices with business issues and language. I don’t have anything against my ISC2 and ISACA training courses, but their roots are in technology and audit. This training’s roots are in business.


Lightworks 14 review: Free video editing software lacks proper Mac decorum

With version 14, developer EditShare has taken great strides to make the Lightworks more consumer-friendly, consolidating the previously modular user interface into a fixed, full-screen workspace. (The flexible “classic” mode is still available from the Project Layout settings.) With the organized, single-window UI comes an easier to use application, but Mac users won’t feel quite at home. For starters, there are no menu options at all, and Lightworks shuns Apple’s traditional contextual menu shortcuts in favor of the Windows right-click approach. Likewise, the file browser has a distinctly Unix look and feel that makes macOS seem like a second-class citizen. Coming from years of experience with native Mac editing software, the transition was a bit jarring to say the least.


Atomistic and Holistic View of an Enterprise

Enterprises are complex adaptive systems where a complex adaptive system is defined as systems that are characterized by complex behaviors that emerge as a result of non-linear interactions in space and time among a large number of component systems at different levels of organization. That is a view of the enterprise arrived at by breaking it down into smaller units of organization may be useful in comprehending each individual part and how they fit into the larger whole, but it will not lead to a holistic understanding of the enterprise itself. To use an analogy, for example, if you get two cars, one from UK and the one from US, and break it apart and understand it in terms of their components, that analysis might answer some questions about the functioning of these cars, but that analysis alone will not tell you why one has the steering wheel on the left side and the other has it on the right side.


Automation And Society: Will Democracy Survive The Internet Of Things?

When the internet first went live, many commentators assumed it would provide a pure form of democracy. Everyone was given the same platform; age, race and gender were no longer relevant and we were all anonymous. But the reality was more chaotic, as we struggled to comprehend the power of a new tool that would revolutionize human life. This strange world was somewhere we could get lost and detach ourselves from everyday existence, but often it was also a quasi-reality that proved overwhelming and dangerous. Yet slowly we have found structure. Society has become inherently more intelligent - we can find the answer to almost anything at the click of a button. Those at the cutting-edge can now gain previously unimaginable insight into human tendencies and interests.


Stay out of the hot seat with turnkey private cloud

When it comes to implementing a multi-cloud strategy, your approach to private cloud can have a dramatic effect on your organization’s results. When compared with a DIY private cloud approach, implementing a turnkey private cloud will dramatically reduce the friction you experience. Less static friction with a turnkey private cloud means that your strategy will be implemented faster, accelerating time-to-value. Less dynamic friction with a turnkey private cloud means that ongoing cost and risk will be reduced, resulting in improved service levels and a better bottom line. Less friction means less heat. Keep yourself out of the hot seat and adopt a turnkey private cloud.


A new release management strategy depends on speed and efficiency

Dark launching is a similar process. Software is gradually and stealthily released to users in order to get their feedback as well as to test performance. Code is wrapped in a feature toggle that controls who gets to see the new feature and when. Facebook and Google rely on dark launches to gradually release and test new features to a small set of users before fully releasing them. This approach lets operations staff determine if users like or dislike the new function. It also allows for an assessment of system performance before moving ahead with a full release. As these different delivery options emerge, companies are looking for ways to train and familiarize their staff as part of a new software deployment strategy.


What it takes to be a security incident responder

The skills needed for a quality incident responder can be categorized into two main groups: personal skills and technical skills. “The greater one’s technical skills, the better the incident responder,” Henley says. Among the desirable skills are a good grasp of basic security principles such as confidentiality, authentication, access control and privacy; security vulnerabilities; physical security issues; protocol design flaws; malicious code; implementation flaws; configuration weaknesses and user errors or indifference. Responders should also know about the Internet of Things (IoT), risk management, network protocols, network applications and services, malicious code, programming skills and intruder techniques. IT security professionals who become leaders or members of response teams sometimes take circuitous routes to these positions.


5 ways businesses can cultivate a data-driven culture

The pressure on organizations to make accurate and timely business decisions has turned data into an important strategic asset for businesses. In today’s dynamic marketplace, the ability for businesses to use data to identify challenges, spot opportunities, and adapt to change with agility is critical to its survival and long-term success. Therefore, it has become an absolute necessity for businesses to establish an objective, data-driven culture that empowers employees with the capabilities and skills they need to analyze data and use the insights extracted from it to facilitate a faster, more accurate decision-making process. Contrary to what many people think, cultivating a data-driven culture is not just a one-time transformation. Instead, it’s more like a journey that requires efforts from employees and direction from both managers and executives.


The fight to defend the Internet of Things

One job of the IoT ecosystem, including technology, products, and service providers, is to protect millions (or even billions) of other people by introducing robust security capabilities into the wide variety of connected devices shipped everyday. A robot or IP camera might require advanced computer vision and data processing power, while a connected light bulb may only need basic connectivity and a simple microcontroller. But they all need to be protected. Security needs to be considered in every aspect of the IoT, whether that’s the device itself, the network, the cloud, the software, or the consumer. Attacks are imminent. A study from AT&T, for instance, revealed a stunning 458 percent increase in vulnerability scans of IoT devices in the course of two years. Hackers usually exploit combinations of vulnerabilities to perform an attack.


It's Time To Upgrade To TLS 1.3 Already

The designers of TLS 1.3 chose to abandon the legacy encryption systems that were causing security problems, keeping only the most robust. That simplicity is perhaps one of the reasons it will be ready in half the time it took to design its predecessor. Connections will still fall back to TLS 1.2 if one end is not TLS 1.3-capable -- but if a MITM attacker attempts to force such a fallback, under TLS 1.3 it will be detected, Valsorda said. Almost 93 percent of the websites in Alexa's top one million supported TLS 1.2 as of January, up from 89 percent six months earlier, according to a survey by Hubert Kario's Security Pitfalls blog. But seven percent of one million means a lot of websites are still running earlier and even less secure protocols. Among the laggards are some sites you would hope to be on top of security: those taking online payments.



Quote for the day:


"A good programmer is someone who always looks both ways before crossing a one-way street." -- Doug Linder


Daily Tech Digest - June 22, 2017

The future is not the cloud or the fog: it is actually the SEA!

A SEA device is a complete rethink of how your smartphone works. The phone in your pocket today is basically a fully integrated device consisting of many blocks of hardware and software all dedicated for you and your own purposes alone. With the exception of application software (e.g. gaming, music, personal assistants) that run in some part in the cloud, most everything you do on your device relies in some way or another on a local execution. A SEA device will not necessarily work like this. In the device virtualization paradigm, the same principles that allow virtualization across data centers or the abstractions of EPC elements in the cloud are applied to enable the dynamic decomposition of functions in a device into executable tasks.


10 tough security interview questions, and how to answer them

Suggest establishing an internal mentoring and training program, says Paul Boulanger, vice president and chief security consultant at consulting firm SoCal Privacy Consultants. That way the company can offer the staff personal growth through education and certifications, and a career path within the company itself so there’s an expectation from both sides to lay down roots and make a career, he says. “We want to avoid burnout with particular positions, so part of the training [would involve] job rotation,” Boulanger says. “Individuals will both be able to learn new technologies and stay fresh. We see this in the DevOps/agile movement now where developers are expected to be ‘full stack.’ We should encourage this on the security side too. It makes for better employees.”


Intelligence Panel Learns How to Hack Air-Gapped Voting Systems

How can air-gapped systems be hacked? Halderman explained that prior to an election, voting machines must be programmed with the design of the ballot, the races and candidates. Typically, he said, the programming - known as an election management system - is created on internet-connected desktop computers operated by local election officials or private contractors. Eventually, data from the election management system are transferred to voting machines. "Unfortunately," Halderman said, "election management systems are not adequately protected, and they are not always properly isolated from the internet. Attackers who compromise an election management system can spread vote-stealing malware to large numbers of machines." Another common perception is that because of the complexity and highly decentralized nature of the American election system, the results from a presidential election cannot be altered.


How containers will transform Windows 10

Helium, or application siloing, exists in Windows 10 today as part of the Creators Update, and especially Windows 10 S. This technology enables legacy Win32 applications to be ported to the Windows Store, using the Desktop Bridge (formerly code-named Project Centennial) to package apps. Application silos allow legacy Windows apps to install and update like native Modern Windows 10 apps. These converted desktop apps have full access to system resources, but use a virtual file system and virtualized registry entries like those associated with User Account Control (UAC) virtualization. A Helium-based container isn't a security boundary in the way that a Hyper-V virtual machine is. It lives on top of the existing registry and file system. You can think of it as the next generation of UAC but applied at an application level rather than a machine level.


Why and how to migrate cloud VMs back on premises

Before even thinking about a reverse migration, there are a number of nontechnical items that you need to consider. First, what does your contract say regarding early termination or leaving the cloud provider? This is more of a problem with smaller cloud service providers than with Amazon Web Services, Azure or Google, but it's worth checking, irrespective of provider. Also, check your licensing. An administrator can't just migrate a cloud VM back on premises and continue using the VM as if it still existed in the cloud. Prior to the migration, you need to check both the OS and application licensing small print. Be smart; get that confirmation in writing. Most likely, you'll find that different licensing rules apply. If you're trying to migrate a platform-as-a-service (PaaS) offering back to your data center, you need to have all the PaaS dependencies lined up.


How Will Analytics, AI, Big Data, and Machine Learning Replace Human Interactions?

“Amelia is working in areas such as wealth management, where she interacts with financial advisors: “They’re looking for the right answer the first time in as short a period of time as possible,” and Amelia was able to deliver just that. … The reaction from the executive team when he had demonstrated Amelia’s ability to answer questions “within seconds of that question being asked, the first time, correctly” had been overwhelmingly positive.” With the newer generation chat bots like Amelia, companies present an immersive and personalized interaction tool with customers, often on their web sites, able to access key data in knowledge management and then, using AI, to tee up the “best-fit” answers to questions (a) that are being asked by customers or (b) should have been asked by them.


AMD launches its Epyc server chip to take on Intel in the data center

Epyc will be socket-compatible with the next generation of the product family, and it also has a dedicated security subsystem, where AMD is burning cryptographic functions into the silicon of the memory controllers, effectively encrypting memory, Moorhead noted. This is AMD's third big try in the server market; it has had enough success and failure to say it knows what it takes to be successful. When it came out with the Opteron Dual Core processor in 2005, offering a twofold single-socket performance advantage over Xeon, it grabbed 20 percent of the market within two years. But a few years later, bugs and postponements in the launch of its Barcelona chip architecture allowed Intel to recapture lost ground.


Why Cisco’s new intent-based networking could be a big deal

A key component of an IBNS is that it provides mathematical validation that the expressed intent of the network can be and is implemented within the network, and that it has the ability to take real-time action if the desired state of the network is misaligned with the actual state. An IBNS is, in theory, a software platform that can be agnostic to the hardware that it runs on. The idea of IBNS has been around for a couple of years, Lerner says, but there have been very few platforms that can enable it. A handful of startups, such as Apstra, Veriflow and Forward Networks have some early components of IBNS in various product offerings. Lerner estimates there are less than 15 intent based-networking platforms in production deployments today, but the number could grow to more than 1,000 by 2020.


How to stop wasting money on security shelfware

Shelfware is not inevitable, and it can be reduced or even eliminated by some proactive and surprisingly simple first steps. Infosec professionals believe it comes down to a more controlled acquisition process, sweating the products you already have -- and getting the basics right before acquiring new solutions. “First, leverage the products that have the broadest of capabilities, something that can give breadth of coverage,” says Malik. “This will help get a lay of the land and understand the challenging areas which can then be focussed on more specifically. Don’t try to boil the ocean, but start from critical assets. Finally, the best way is to experiment with the product and network with peers to see how they have deployed capabilities. Security doesn’t need to be a complex offering -- often it boils down to doing the basics well and consistently.”


GitLab's CEO Sid Sijbrandij on Current Development Practices

The open source model fell short in being able to build a business around it. You need significant work on installation, performance, security and dependency upgrades. If everything is open source you can only make money on support. Taking what we learned in 2013, we engineered GitLab to be user friendly to install and maintain so after one year of subscribing organizations quickly figured out that they did not use the support at all. Therefore, building a business model around support wouldn’t have been sustainable. Instead, we decided that there are some features and functions that are more useful to large development teams, like an enterprise organization. By offering extra functionality to customers with larger development teams or even more advanced needs, we continue to show our value through our product offering.



Quote for the day:


"Education ... is a process of living and not a preparation for future living." -- John Dewey


Daily Tech Digest - June 20, 2017

How to make sure your big data solution actually gets used

To gain visibility and automate steps at every stage of the food pick, pack, ship and deliver process, food producers, shippers, warehouses and retailers use handheld devices, barcode scanners, hands-free, voice-based technology and even sensors placed on pallets, packages and refrigeration compartments in trucks. These sensors track temperature, humidity and tampering of the containers for perishables and other goods, and also issue auto alerts to supply chain managers as soon as one of these conditions is violated. Everyone in the food supply chain knows where every shipment is. Along the way, big data is collected in a central data repository where queries and reports are subsequently run to assess how well the supply chain is performing.


Intel Core i9 review: The fastest consumer CPU prepares for Ryzen war

Like most major Intel launches, the Core i9 family represents a new platform, not just a new CPU, which means a new chipset, the X299, and a new socket, the LGA2066, all incompatible with previous CPUs.  The new platform also does something no previous one did by unifying two CPU families. Before today, if you wanted the company’s latest Kaby Lake core, you had to buy a motherboard using the LGA1151 socket. And if you wanted to buy, say, a 6-core Skylake CPU such as Intel’s Core i7-6800K, you had to buy an LGA2011 V3-based motherboard. With X299 and LGA2066, you can now pick your poison, because the platform encompasses everything from a 4-core Core i5 Kaby Lake CPU to an 18-core Core i9 Extreme Edition, which is a Skylake CPU.


Enlightened shadow IT policy collaborates with users

Now, the advantages of cloud services are changing shadow IT policy in many enterprises. The flat-out blocking of cloud services is unacceptable in most organizations today because team collaboration apps, for example, are useful to lines of business and work groups that use them to improve productivity. These apps are quick to deploy and eliminate the need for IT's permission or deployment. "Any IT leader who stands in the way of productivity probably isn't going to hold the job too long," Schilling said, adding that cloud services typically represent an opportunity, not a hindrance. Just like on-premises shadow IT efforts, however, Schilling knows that if something goes wrong and business users find themselves in trouble, IT will have to come to the rescue. "Rather than fighting it, we have to offer users governance and guidelines, he said.


The Rising Business Risks of Cyberattacks and How to Stay Safe

According to 2017 Internet Security Threat Report by Symantec, cyber criminals have revealed new levels of ambition and malice. Data breaches are now driven by innovation, sophistication, and organization to produce ominous results. Cybersecurity has become more of concern for businesses. This year, continue to face complex security threats. There is a growth of new malware that can bypass your antivirus and other levels of protection. Ransomware is on the rise. More than 4,000 ransomware attacked have occurred every year over the last one year. Ransomware and phishing work together with statistics from PhishMe showing a rising trend. When it comes to data breaches, the risk for organizations is high. The risks can range from the easily calculable costs of notification and business loss to the less tangible effect on a company’s brand and customer loyalty.


What you need to know about Power BI now

Starting in an Excel-like table view of your raw data, you use the query tools to construct a series of transformation steps, adding columns and changing data types using a formula-like approach. Once you’ve constructed a query, an advanced editor shows the resulting Power Query code, ready for additional editing or adding new steps. Power BI’s visual editing tools also help simplify your data, removing unwanted columns and changing names. Data from other sources can be merged into your query, adding additional information where necessary. Other tools pivot data into aggregate tables or add custom columns based on calculations. Sharing reports is as important as building them, and Power BI gives you several options. Perhaps the most useful is the ability to build and publish web dashboards that show key performance indicators and tie them to appropriate visualizations.


Excel 2016 cheat sheet

Excel has never been the most user-friendly of applications, and it has so many powerful features it can be tough to use. Excel 2016 has taken a good-sized step towards making it easier with a new feature called Tell Me, which puts even buried tools in easy reach. To use it, click the "Tell me what you want to do" text, to the right of the View tab on the Ribbon. (Keyboard fans can instead press Alt-Q.) Then type in a task you want to do, such as "Create a pivot table." You'll get a menu showing potential matches for the task. In this instance, the top result is a direct link to the form for creating a PivotTable -- select it and you'll start creating the PivotTable right away, without having to go to the Ribbon's Insert tab first. If you'd like more information about your task, the last two items that appear in the Tell Me menu let you select from related Help topics or search for your phrase using Smart Lookup.


Data should be stored in space, firm says

Data security will be another advantage when it comes to space-held data, the company says. It says “leaky internet and leased lines” are subject to “hijacking, theft, monitoring and sabotage” and that its dedicated telecom backbone network won’t be. In fact its “network-ring” won’t be connected to the internet it says. Better throughput, too, is obtained by “avoiding traditional terrestrial ‘hops,’” it claims. SpaceBelt’s still-to-be-launched data center platform will operate in low-earth orbit (LEO). That’s the area between the Earth’s surface and 1,200 miles up, and it is the same zone that SpaceX and the OneWeb Internet infrastructures will use for their upcoming broadband constellation roll-outs. Cloud Constellation Corp. expects to build eight satellites for testing at the end of 2018, according to an interview chief executive Scott Sobhani gave with SpaceNews Magazine last year.


5 Steps to Prepare for the Inevitable Cyber Security Attack

To determine how much insurance coverage you need, use a calculator, assessment tool, or modeling to assess your overall risk. Paez recommended using an interruption worksheet, similar to what you may see for property insurance. Your insurance can provide templates, employee awareness training, regulatory preparedness, and PCI compliance readiness. Look at cyber attack risks from a business interruption perspective. “There may be organizations that are not in the, what I would term ‘high hazard’ class– business retail, hospitality, financial institutions, healthcare,” Paez explained. “If you’re outside of that realm looking at it from a business interruption standpoint or supply chain perspective, or utility or critical infrastructure, that’s a different conversation altogether in terms of assessing that risk. ...”


Cybersecurity spend: ROI Is the wrong metric

While this article has focused on helping board members and C-suite executives understand how to quantify the value of their cybersecurity investment, the InfoSec team may need to assist in the effort. If management is making the mistake of asking IT to justify its cybersecurity budget in terms of ROI, the InfoSec team needs to educate management as to why the ask is wrong and refocus them on the correct one. Furthermore, when making your argument against focusing on ROI, you need to provide the right data to support your point. Based on my experience, when asked to report on the security readiness of the network, most teams simply provide management with an exhaustive list of every potential threat that could harm the network; the strategy being that, when management sees a list of thousands of potential threats, they’ll agree to any budget out of fear and misunderstanding.


Enterprise network monitoring tools address companies of all sizes

GroundWork offers a manual process for overlaying network infrastructure on geographic maps. Users can upload the image of a floor plan, topology, architectural software diagram or geographic map. Then, they can overlay GroundWork's performance and availability indicators on the image and drill down into those indicators for further analysis. The system's performance visualization features enable users to set dynamic thresholding and spot performance bottlenecks. The system gathers data from the network via SNMP, APIs, intelligent platform management interfaces, and a variety of other protocols and interfaces. Via these APIs, GroundWork has added the ability to monitor hybrid cloud environments. It integrates with cloud providers via a REST API, and it has out-of-the-box support for Amazon Web Services and OpenStack.



Quote for the day:


"It is not fair to ask of others what you are not willing to do yourself." -- Eleanor Roosevelt


Daily Tech Digest - June 19, 2017

A Data-Driven Approach to Identifying Future Leaders

Those with high motivation potential showed resilience and confidence in their capacity to lead; those who scored lower on this dimension were less likely to persevere when faced with new and unknown situations. Those who possessed strong people potential were empathetic and more adept at building relationships than their less people-savvy peers. And leaders with high change potential were able to move out of their comfort zones to experiment and take necessary risks; those who were more averse to change had more difficulty going against the status quo. ... Too many organizations eliminate talented leaders from consideration because the criteria used to determine potential are subjective and inconsistent. If created carefully, a clear, consistent definition of leadership potential can reduce the potential for bias, increase diversity, and save money by ensuring that the organization invests in high-potential employees early in their careers.


What Careers Are Safe From Automation And The Robot Takeover?

Jobs all across the business and finance landscape will be heavily affected in the manner of insurance underwriters: book keepers, accountants, auditors, loan officers, tellers, clerks, and postal service workers will easily be replaced by artificial intelligence. The legal profession is another highly populated sector that will have a difficult time as the need for secretaries, paralegals and court reporters will decline. And if experts are correct in their projections, the very top business leaders might not be immune either. Jack Ma from Alibaba, recently said that CEOs themselves could be on the chopping block, going so far as to predict that "In 30 years, a robot will likely be on the cover of Time Magazine as the best CEO." Ma paints a bleak picture of what the three transitional decades could look like for those who are “unprepared for the upheaval technology is set to bring.”


Approximately 350 000 current cybersecurity openings in US

In 2017 the U.S. employs nearly 780,000 people in cybersecurity positions, with approximately 350 000 current cybersecurity openings, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce. The current number of U.S. cybersecurity job openings is up from 209,000 in 2015. At that time, job postings were already up 74 percent over the previous five years, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics. Security starts at the top. Right now, about 65% of large U.S. companies have a CISO (Chief Information Security Officer) position, up from 50% in 2016, according to ISACA, an independent, nonprofit, global association.


Cybersecurity in an IoT and mobile world: The key trends

Cybersecurity incidents regularly hit the headlines, the WannaCry ransomware outbreak in mid-May being a particularly high-profile example. It says a lot about the current state of cybersecurity that the escalation of ransomware had been widely predicted, that the crude but effective WannaCry attack could easily have been defended, and that the perpetrators -- despite the attentions of multiple security firms and government agencies -- remain undiscovered (at the time of writing). Talking of predictions, at the start of the year ZDNet's sister site Tech Pro Research examined 345 cybersecurity predictions for 2017 from 49 organisations, assigning them among 39 emergent categories. Here's the ranking of topics that cybersecurity experts were worried about six months ago:


Attack of the Algorithms: Value Chain Disruption in Commodity Trading

The securitization of contracts involves ­creating standardized products fromlarge-scale, nonstandard contractual ­agreements between two parties. Examples include agreements regarding the long-term off-take of LNG and structured ­investment products, including those based on energy consumption patterns. Many traders in less-­developed commodity ­markets have created a business based on the securitization of contracts. Their ­business model will face growing pressure as commodity markets become increas­ingly ­developed and as more short-term ­markets emerge, offering greater ­liquidity, price transparency, and ability to hedge risk. That evolution is already evident in a ­number of markets, including ­European gas. In addition to the risks for traders, ­however, there will also be opportunities.


Designing for an unpredictable future

In recent years we have seen a surge of this kind of design thinking in business and a drive in governments to apply design principles to policy. An insurgency of Innovation Labs have sprung up like Sitra in Finland, Mindlabin Denmark, 18F in the US, and Policy Lab in the UK. Experimentation, prototyping, and openness underpin this way of operating which puts users first and brings in agile methods from tech and design communities to innovate in new ways. To encourage this, public institutions and charitable foundations have opened up challenge prizes to stimulate markets and promote design-led innovation. Social impact investment funds and incentives like the industrial strategy challenge fund in the UK now seek to drive innovation further.


11 predictions for the future of programming

When kids in college take a course called “Data Structures,” they get to learn what life was like when their grandparents wrote code and couldn’t depend on the existence of a layer called “the database.” Real programmers had to store, sort, and join tables full of data, without the help of Oracle, MySQL, or MongoDB. Machine learning algorithms are a few short years away from making that jump. Right now programmers and data scientists need to write much of their own code to perform complex analysis. Soon, languages like R and some of the cleverest business intelligence tools will stop being special and start being a regular feature in most software stacks. They’ll go from being four or five special slides in the PowerPoint sales deck to a little rectangle in the architecture drawing that’s taken for granted.


Perpetuating Bias: Why We Should Think Critically About AI in Marketing

“We have a situation where these artificial intelligence systems may be perpetuating historical patterns of bias that we might find socially unacceptable and which we might be trying to move away from.” While many people would assume that artificial intelligence algorithms are objective tools making objective calculations, the fact is these tools are created from and trained on large sets of data (images, text, video, etc.) that currently exist online. This is data that has been created by humans, and thus is data that’s not free from bias. When AI algorithms and content intersect, we need to be careful about the results. The danger with overuse of artificial intelligence in marketing is that our dominant, biased discourses will remain dominant and biased, especially if we assume an AI tool is taking an objective tack.


How to Beat the Odds and Make Your First IoT Project a Success

IoT solutions affect multiple teams within the organization. Partner with these affected teams early in the planning process to get their requirements, gain their support (knowledge, resources, and budget), and leverage their influence to remove barriers during the execution stages. Partner with your organization’s digital transformation or innovation office, if one exists. Equally important, partner with IoT solution vendors throughout the process. At this stage of the market, their solutions are still evolving. Work with your IoT vendor at a deeper level than you would with other vendors. Stay in close contact and leverage their product management and technical support teams throughout the project. Co-design the solution and project with them – tell them what features you like to see, report bugs, and test updated versions of the product.


Understanding the limits of deep learning

By contrast, humans “learn from very few examples, can do very long-term planning, and are capable of forming abstract models of a situation and [manipulating] these models to achieve extreme generalization.” Even simple human behaviors are laborious to teach to a deep learning algorithm. Let’s examine a situation such as avoiding being hit by a car as you walk down the road. If you go the supervised learning route, you’d need huge data sets of car situations with clearly labeled actions to take, such as “stop” or “move.” Then you’d need to train a neural network to learn the mapping between the situation and the appropriate action. If you go the reinforcement learning route, where you give an algorithm a goal and let it independently determine the ideal actions to take, the computer would need to die thousands of times before learning to avoid cars in different situations.



Quote for the day:


"Leadership is not a solo sport; if you lead alone, you are not leading." -- D.A. Blankinship


Daily Tech Digest - June 18, 2017

How to Start Incorporating Machine Learning in Enterprises

Most of the economists and social scientists are concerned about the automation that is taking over the manufacturing and commercial processes. If the digitalization and automation continue to grow at the same pace it is currently happening, there is a high probability of machines partly replacing humans in the workforce. We are seeing some examples of the phenomena in our world today, but it is predicted to be far more prominent in the future. However, Dynes says, “Data scientists are providing solutions to intricate and complex problems confronted by various sectors today. They are utilizing useful information from data analysis to understand and fix things. Data science is an input and the output is yielded in the form of automation. Machines automate, but humans provide the necessary input to get the desired output.”


Understand these 5 basic concepts to sound like a machine learning expert

Most people seem a bit intimidated or confused by machine learning. What is it? Where is it going? Can I have some money now please? All valid questions. The truth is, you’ve been training machine learning models for years now, probably without realizing it. Do you use an iPhone or Apple photos? Or how about Facebook? You know how it shows you a group of faces and asks you to identify them? Well, by tagging those photos, you are training a facial recognition model to identify new faces. Congratulations, you can now say you have experience training machine learning models! But before you do, read these machine learning basics so you can accurately answer any follow up question.


Will the rise of AR mean the end for smartphones and TVs?

The problem, naturally, is that a huge chunk of the world's economy hinges on the production of phones, TVs, tablets, and all those other things that Facebook thinks could be replaced with this technology. Even Zuckerberg acknowledges it's a long road ahead. That said, this Camera Effects platform, should it succeed in attracting a bunch of users, could go down as a savvy move. The apps that are built for the Facebook Camera today could wind up as the first versions of the apps you'd use with those glasses. In the short term, Facebook's play for augmented reality is going to look a lot like competing with Snapchat — and in a meaningful way, it is. Facebook needs developer and user love, so it needs to keep offering fun and funny tools to keep people from moving away from using its apps.


A discussion about AI’s conflicts and challenges

“The big breakthrough over the last ten years has been deep learning but I think we’ve done that now,” he argues. “People are of course writing more papers than ever about it. But it’s entering a more mature phase where at least in terms of using deep learning. We can absolutely do it. But in terms of understanding deep learning — the fundamental mathematics of it — that’s another matter.” “But the hunger, the appetite of companies and universities for trained talent is absolutely prodigious at the moment — and I am sure we are going to need to do more,” he adds, on education and expertise. Returning to the question of tech giants dominating AI research he points out that many of these companies are making public toolkits available, such as Google, Amazon and Microsoft have done, to help drive activity across a wider AI ecosystem.


How Will Analytics, AI, Big Data, and Machine Learning Replace Human Interactions?

Today using Big Data analytics companies and isolate which web pages, IVR logic paths, and customer service agents are starting snowballs and which web pages, IVR logic paths, and customer service agents are successfully resolving them, or melting them; these analytics also spotlight which issues or reasons are not resolved the first time and result in snowballs. Digging into the root causes of both of these areas produces improvements in processes that can help to Eliminate many thorny issues. In addition, analytics and machine learning can help to predict that there might be a snowball, and recommend how to address that customer in that moment in order to prevent a repeat contact from happening. As with the predictive models that I described earlier this forms a much stronger engine – either automated or human provided – that in turns delivers a combination of Best Service is No Serviceand Me2B success.


How to Prepare the Next Generation for Jobs in the AI Economy

Ethics also deserves more attention at every educational level. AI technologies face ethical dilemmas all the time — for example, how to exclude racial, ethnic, and gender prejudices from automated decisions; how a self-driving car balances the lives of its occupants with those of pedestrians, etc. — and we need people and programmers who can make well-thought-out contributions to those decision making processes. We’re not obsessed about teaching coding at the elementary levels. It’s fine to do so, especially if the kids enjoy it, and languages such as Snap! and Scratch are useful. But coding is something kids can pick up later on in their education. However, the notion that you don’t need to worry at all about learning to program is misguided. With the world becoming increasingly digital, computer science is as vital in the arts and sciences as writing and math are.


9 shell tips every developer should know

The shell is your friend. But many developers don’t really know the shell, the Unix or Linux command-line environment available in several operating systems. (Bash is the best known, but there are others.) Some of you, when you transitioned from Windows to Mac, took your (slow) clickety habits with you, not realizing that the power laid in that app called Terminal hidden under Applications somewhere. Some of you have been shelling into “the server” to tweak a setting or two without realizing that you could automate your life away without even cracking a devops tool. Whatever brought you to the shell, chances are you’re not using it to its full advantage. Here are my top nine tricks for doing so


Why are so many customers still afraid of mobile banking?

Overall mobile adoption among Americans remains relatively low — 31 percent for banking and 17 percent for credit cards, according to J.D. Power. It’s not surprising that card apps are used less, because they’re typically limited to providing balances, payment due dates and loyalty points. Online banking adoption, by contrast, is 80 percent. “Eight out of 10 are comfortable doing their banking electronically, and mobile offers them a more convenient alternative to that, and they have the phone to do it, but they’re still not comfortable with it, particularly older customers,” Neuhaus said. Because 80 percent of Americans have smartphones, “there’s a big pool of potential mobile banking users that have not gotten comfortable with it or have not seen the value yet in making that move,” Neuhaus said.


How To Tell If AI Or Machine Learning Is Real

If someone claims an application, a service, or a machine is smart, you’re almost certainly getting snowed. Of course, people will use the word “smart” as a shortcut to mean “more capable logic,” a phrase that won’t sell anything. But if they don’t explain what “smart” means specific to their offering, you know they think you’re dumb. The fact is that most technologies labeled “smart” are not smart, merely savvy. The difference is that smart requires intelligence and cognition, whereas savvy requires only information and the ability to take advantage of it (it’s no accident that “savvy” come from the French word for “to know”). A savvy app or robot is a good thing, but it’s still not smart. We’re simply not there yet. bEven IBM’s vaunted Watson is not smart. It is savvy, it is very fast, and it can learn.


Identifying And Overcoming Cybersecurity Risks

Many SMBs don’t understand the extent to which their data is at risk, and those who do often don’t know where to start in addressing this problem. In 2015, the U.K. government issued a press release suggesting that businesses need to plan for a cyberattacks. The research revealed that as many as 90% of big businesses and 74% of SMBs had experienced an information-security breach. It’s understandable, then, that a large proportion of small-business owners don’t pay the danger much attention, perhaps failing to realize that something as innocent as a social-media post or a USB stick left in the wrong place can be enough to bring down their whole organization. If you’re in this group, you should start reviewing the risks and putting security procedures in place. This guide gives you a starting point, with five steps you can implement right away to improve the safety of your company.



Quote for the day:


"A good leader can't get too far ahead of his followers" -- Franklin D. Roosevelt


Daily Tech Digest - June 15, 2017

How big data is disrupting education

Some people are visual learners and others more hands on. Also, some people are simply good at taking tests. There’s a difference between passing a test on a subject and actually having that subject mastered. Big data analytics allows educators to use a wider range of sources when grading a student to come up with a more realistic picture of how well they’ve learned a subject. It also provides the opportunity to... Data analytics has pointed out some startling truths about education in the inner-cities of America. Studies show that inner-city schools are more likely to higher less educated teaching staff to reduce costs. Unfortunately, those cost-savings have directly translated into lower grades and higher dropout rates. This problem that big data pointed out, can be monitored in real time and solved using the same tools.


Trends Shaping Machine Learning in 2017

Businesses greatly value data to take the appropriate actions, whether it is to understand the consumer demand or comprehend a company’s financial standing. However, it is not the data alone they should value because without an appropriate algorithm, that data is worth nothing. Peter Sondergaard, Senior Vice President of Gartner Research, says that, “Data is inherently dumb and the real value lies in the algorithms which deduce meaningful results from a cluster of meaningless data". Algorithm Economy has taken center stage for the past couple of years, and the trend is expected to follow as we expect to see further developments in machine learning tools. The use of algorithm economy will distinguish small players from the market dominators in 2017. Small businesses that have just entered the transitional phase of embedding machine learning processes in their business models will be using canned algorithms in tools such as BI, CRM and predictive analysis.


The evolution of data center networks

With an open platform powering each, we no longer have to solve the same problem twice (once for networking, and once for compute). Often, the two solutions are vastly different for no reason other than history. Computing was opened up when Linux replaced the proprietary server OSes; this changed the application landscape as we know it. I think solutions such as clouds and the Google search would have been harder to invent if not for the widespread use of Linux. For too long people have innovated around networks, not with them. If networking can be opened up as computing has been, and if people can innovate with the network rather than around it, I think networking and computing as we know it can change dramatically.


Stakeholders Collectively Designing Future Of Artificial Intelligence

The goals of the partnership are to understand what the main issues are “in the pervasive use of Ai in our lives,” economic and societal impacts, such as data policy, data privacy, data ownership, and sharing. ... A number of issues have been identified for further focus over the next two years, she said, such as safety, trustworthiness and transparency. IBM Watson, as explained by Whatis.com is “an IBM supercomputer that combines artificial intelligence (AI) and sophisticated analytical software for optimal performance as a ‘question answering’ machine.” According to Technopedia, “IBM’s Watson supercomputer is a question-answering supercomputer that uses artificial intelligence to perform cognitive computing and data analysis. With a processing rate of 80 teraflops, Watson performs deep-level input analysis to present accurate answers to questions generated by humans.“


Miniservices may deliver, much to microservices purists' chagrin

Scalability is probably one of the big reasons why we've kind of been looking at moving toward a microservices architecture. I think, in that case, it's fair to say HTTP doesn't solve the problem. I'm not sure that there's a firm line in the sand here. [But] just because you've got a hundred services or a thousand services doesn't necessarily mean that HTTP is the wrong choice. It may be just as functional as any other integration technology. But, you will get to a point, I'm sure, where the amount of traffic starts to get in your way. And then the other angle around HTTP or within web-centric integration that's perhaps useful is the concept of governance. HTTP affords us more capability there simply because with an easier way of seeing where traffic is coming from and flowing to.


Facebook teaches machines to negotiate with humans

Over the course of the interactions, machines naturally adopted many common negotiation tactics — like placing false emphasis on a low-value item in an attempt to use it as a more valuable bargaining chip later. Under the hood, Facebook’s rollout technique takes the form of a decision tree. Decision trees are a critical component of many intelligent systems. They allow us to model future states from the present to make decisions. Imagine a game of tic-tac-toe, at any given point of the game, there is a finite option set (places you can place your “X” on the board. In that scenario, each move has an expected value. Humans don’t usually consider this value in an explicit way but if you decompose your decision process when playing the game, you are effectively short-handing this math in your head.


Public cloud services show no sign of slowing down

Cloud experts predict growth in the PaaS realm. "For ten years, cloud companies focused on getting companies to purchase IaaS," said Maribel Lopez, strategic advisor at Lopez Research. "Today, cloud providers are delivering more value in the PaaS area to help people build new mobile-cloud ready apps as well as cybersecurity services that will help companies secure everything from devices to network and cloud-resident services." "As companies put more data into the cloud," said Lopez, "developing a richer set of services as a way to manage and secure corporate data has become a critical set of features and services for cloud providers. The cybersecurity market is the toughest market to crack but has tremendous opportunity." While it is clear that the cloud is showing signs of huge growth, it has still not quite caught up with the use of data centers.


Fintech developers tell you what to look for and why the fintech revolution arose

"Connecting the dots is what matters these days so the trend is towards establishing a data lake for investigation. AI needs data to be effective, the more the merrier, and the rise of 'big' unstructured data from social media, news and other sources helps this, as does the cloud as a connective layer. More data translates into better insights for anti-fraud or money laundering pattern spotting behavioral systems, financial market surveillance systems and other such applications. These are the key trends and technologies for me." What you do with the technology is important too. If people, process and technology aren't aligned and embedded in stringent management, risk and governance layers, then the full effectiveness of any new technical development won't be unleashed. People rely on machines and vice versa.


7 Techniques to Handle Imbalanced Data

What have datasets in domains like, fraud detection in banking, real-time bidding in marketing or intrusion detection in networks, in common? Data used in these areas often have less than 1% of rare, but “interesting” events. However, most machine learning algorithms do not work very well with imbalanced datasets. ... It is noteworthy that cross-validation should be applied properly while using over-sampling method to address imbalance problems. Keep in mind that over-sampling takes observed rare samples and applies bootstrapping to generate new random data based on a distribution function. If cross-validation is applied after over-sampling, basically what we are doing is overfitting our model to a specific artificial bootstrapping result. That is why cross-validation should always be done before over-sampling the data, just as how feature selection should be implemented.


Will Augmented and Virtual Reality Replace the Bank Branch?

Banking bots will soon be able to support most banking queries, with 24/7/365 access benefits afforded the consumer and significant cost savings being the driving force for the banking industry. Once the transition is complete for simple teller transactions, will the technology be used for full-function robo-advising as well? ... USAA was the first to offer limited voice banking, with Capital One enabling banking by voice, connecting via Amazon’s Alexa – embedded in devices like the Amazon Echo, Amazon Dot and newly introduced devices. Capital One customers can check balances, review transactions, make payments and more using simple voice commands. Bank of America is also working on voice recognition technology called Erica, that will allow people to do virtual banking by voice with a computer, similar to how people already use Amazon Alexa or Apple’s Siri.



Quote for the day:


"A pessimist is somebody who complains about the noise when opportunity knocks." -- Oscar Wilde


Daily Tech Digest - June 14, 2017

Machine learning demystified: the importance of data

The software’s functional rules are based on assumptions that are limited to a linear number of observations. Reality often proves to be far more complex than expected, meaning automation is eventually suboptimal or the software ends up requiring expensive corrections. Machine learning on the other hand absorbs and develops itself using all available data, regardless of the volume. This means the risk of patterns or a use case being left out of the picture is therefore limited. Limitations show their head when machines avoid human intelligence and are restricted to imperfect selections. A good example is that of the automated processing of loan requests received by banks. An algorithm parses the archives of previous requests where each borrower’s key information is recorded along with reimbursement information. It therefore highlights the likely relationship between a borrower profile and a default risk.


Virtual Reality’s Missing Element: Other People

If you’re hanging out in virtual reality, you’re going to need a body, and what this body must look like, or whether it even has to be human, depends on the context. Often, it seems cartoonish human figures are best for staying clear of the uncanny valley, since it’s still difficult to make avatars look just like us. ... Regardless of how well designed your avatar is in VR, one way these worlds resemble real life is that your perceived gender shapes the interactions you have. In Rec Room and other socially geared apps, like AltspaceVR and Facebook Spaces, I prefer to make my avatar female—and preferably similar in appearance to me, with brown hair and, when it’s an option, glasses. Being true to your actual identity can make you feel that your virtual self is authentic, but as a female character you’re likely to face behavior that is obnoxious or worse.


Infographic: A Beginner's Guide To Machine Learning Algorithms

We hear the term “machine learning” a lot these days (usually in the context of predictive analysis and artificial intelligence), but machine learning has actually been a field of its own for several decades. Only recently have we been able to really take advantage of machine learning on a broad scale thanks to modern advancements in computing power. But how does machine learning actually work? The answer is simple: algorithms.  Machine learning is a type of artificial intelligence (AI) where computers can essentially learn concepts on their own without being programmed. These are computer programmes that alter their “thinking” (or output) once exposed to new data. In order for machine learning to take place, algorithms are needed. Algorithms are put into the computer and give it rules to follow when dissecting data.


How to build a highly effective AI team

AI professionals are in high demand. To assemble -- and maintain -- an AI team, retention and recruitment are key. But that doesn’t necessarily mean having to look outside the organization. ... “In EY’s tax group, we provide extensive training on technical tax matters. However, we are also starting to add training on automation and AI. While recruiting a graduate with degrees in tax and AI is excellent, there is a significant talent shortage. That is one of the reasons we put resources in upskilling our people,” says Fiore. In the past year, EY has hired over 20 professionals focused on automation and AI. Recruiting AI talent in a hot hiring market often requires going directly to academic institutions. “Being active in the community – especially presenting at conferences and publishing papers – has supported our recruiting efforts. We have also presented at Columbia, MIT, and other leading organizations,” explains Thomson Reuters’ Al-Kofahi.


How CFOs Are Driving Digital Transformation Beyond The Finance Department

If finance can be the driving force behind digital transformation, how can it do so when the primary goal is to ensure budgets are stuck to like glue. It is this exact attitude that leads to CFOs adopting a conservative mentality in digital, effectively preserving the status quo. CFOs are by nature risk averse, so subverting this mentality becomes a challenge. ... Finance as a function can drive the implementation of internal processes to upscale efficiency. Using their organisational view of resource and budget allocations, they may then pull this process change back to customer facing systems to create customer intimacy. From here, they may move I.T. strategy to focus on a new product and bring the budget in line for the next year.


APIs, Fintech, and the Future of Finance

APIs enable developers to integrate the features of one application into the code of another. This means that developers can use the existing work of other programmers as they build out their products, drastically increasing speed to market. ... With account authentication now quickly out of the way, the developers can focus their attention on the product itself. Fintech APIs can be viewed as the building blocks out of which new fintech products can be built. As more and more fintech APIs are developed and leveraged for new products, the speed of fintech innovation is likely to increase, which has significant implications for the wider finance industry. In fact, an increase in innovative fintech products is a massive opportunity for traditional financial institutions such as banks, and these institutions can play an active role in fintech innovation with the deployment of their own internal APIs.


The Future of Digital Financial Advice: Who Will Succeed?

The key to success in the digital advice market lies with customer service, according to panelists at both New York meetings this week. “It starts with the client,” said Mike Sha, co-founder and CEO of SigFig. “There’s been a lot of focus on driving alpha, beating the markets [but] fee efficiency is better at driving long-term returns and improving client outcomes. We control not the investment returns through alpha, but how we serve clients.” And clients will expect to set their own preferences for digital advice like they do for the music they listen to on digital platforms like Spotify, said Steve Scruton, president of Broadridge Advisor Solutions. “People are conditioned to have what they want.” Data collection and predictive analysis will help digital advisors learn what clients needs and desire, said Scruton.


Digital Payments Approaching Universal Acceptance

While consumers continue to use traditional payment methods such as direct mail, pay-by-phone and in-person payments, online and mobile payments (either through the financial organization or through the biller) now make up 59% of payments, according to the Fiserv research. Not only have the majority of consumers switched to digital channels, they are happy with their decision. For online bill pay users, 79% rated the service 8 of 10 or higher, with 70% of mobile bill pay users having the same sentiment. The reason for the satisfaction is clear. Both banking bill pay services and biller direct services provide speed and convenience. Major points of differentiation between the services are evident though, with biller direct services getting higher marks for speed and financial institution options being preferred due to the ability to pay multiple organizations in one sitting.


AI and the Future of Mortgage Lending

Speaking to The Adviser, Brett Spencer, the former CEO of the Stargate Group and executive director of TICH Consulting Group, said that he thinks anyone who believes the broking industry is being replaced by technology is talking “absolute rubbish”. Mr Spencer said that the fact an abundance of “fintech” solutions are coming to the market is exactly the main driver behind brokers remaining relevant and increasingly relied upon by consumers. He explained: “The reason brokers are here and will continue to be here, and market share will grow… is that the sheer proliferation of the number of mortgage products in the market today is in the thousands. “You talk to any one lender and they might say they have three products, but there are probably 30 variations on those products. Joe Consumer just doesn’t understand it.


4 things SaaS vendors need to get right

When it comes to technology falling below its potential, what better industry to learn from than the world of conference calling and remote meetings? Despite being a mature industry that has witnessed new technologies emerge and evolve, the clear majority of conference calls are still audio-only, with employees choosing to ‘dial in’ using numbers and codes just as they did decades ago. While more capable software products have been available for many years now, they continue to be shunned by most users. ... Winning SaaS products are those which recognise and deliver upon distinct needs. For example, Salesforce is a great CRM tool for sales teams, but there’s likely a better one for investment professionals. Jira is a great workflow tool for product and engineering teams, but there’s likely a better one for marketing teams.



Quote for the day:


"Leadership is a potent combination of strategy and character. But if you must be without one, be without the strategy." -- Norman Schwarzkopf


Daily Tech Digest - June 13, 2017

4 ways mentoring employees leads to company growth

This growth-centric mentorship isn’t casual or sporadic. In fact, at least 20% of your time should be devoted to mentoring. It’s a purposeful weekly meeting scheduled by, prepared for and owned by the employee. The meetings don’t have to be long, but they’re the best opportunity for employees to discuss their goals, get feedback and present their ideas. As their supervisor, it’s your opportunity to encourage and ask questions to push them to do their best work. ... An increased sense of ownership, loyalty, and engagement leads to a successful mentorship program, which in turn ensures growth. You achieve this by making these one-on-one mentorship meetings, allowing you to ask the best questions, demonstrate how you think through business challenges, and show each employee that he or she is a priority.


Three attributes a serial technology CEO looks for in a CTO

CTOs need to be able to understand both the ‘why’ and the ‘how’ of a product and where the value-add element can be incorporated – this is something I feel they won’t get by carrying out their work with a hands-off approach. As a company, we can’t afford to miss our business targets of driving a customer-informed view of the product roadmap, and ensuring delivery infrastructure that leads to positive customer experience. Hitting these targets contributes to revenue growth and customer satisfaction. No doubt, a deep and wide technology background remains the essential foundation for any enterprise-grade CTO. He or she will need to understand how our products work at a fundamental level and combine this knowledge with important technology and business trends.


Banks are more trustworthy data guardians than Google

Could financial institutions use their trusted role as data guardians to monetize that trust and compete with the big tech firms?Bloomberg NewsSo Conor’s idea is this: Google gives us searches, email, storage and more, for free — in exchange for letting the search giant mine and use our data. Google claims that it won’t be evil, but is the company using our data ethically and is it all aboveboard? Not everyone thinks so. On Natural News, Mike Adams claims that Google is the most evil corporation in the world “for its outrageous censorship, collusion with spy agencies and blatant attempts to propagandize the world with dishonest, deceitful information about everything from politics to natural medicine."


Risk aware IAM for an insecure world

Over the past several years, modern cloud security solutions such as user behavior analytics (UBA), cloud access security brokering (CASB) and security information and event management (SIEM) systems were born and matured alongside IDaaS solutions, but their integration and utilization has not always been demanded by IT leaders. Integrating and uniting these platforms unleashes the full power of a risk aware IAM system. From a market standpoint, integration is inevitable and necessary. Organizations not only have the opportunity to enhance the security of identity, they have the obligation to do so. IT leaders who haven’t done so already can drive a risk aware IAM agenda in their organizations with the following critical capabilities:


Prepare for increasing 'nation-state' cyberattacks with strategy, not technology

Just as there would be a problem with untrained persons walking around with live explosives, we have a problem with possibly explosive outcomes on the horizon. The reality is that NSA-level attack tools and government-"issued" weaponized exploits have leaked online, and within months, the bad guys had reconfigured them for their purposes, attacking more than 100 countries and many multinational companies. In a few noted and publicized instances, the malicious actors using these tools and frameworks literally reconfigured code blocks and exploit samples overnight to ensure their effectiveness. How fast can a defensive tool vendor move to fight that threat? Do you think your anti-virus tool vendor will move faster than a cybercriminal organization that has no bureaucracy and no motive other than profit?


Cyber threats are inevitable, paralyzing impact is not

Cyber security is a question of a way of life. Europeans are used to the benefits and advantages of digital services and the availability of electronic networks. Nations have no choice but to build up robust cyber security measures – reverting to a paper-based system would not be more secure, is as prohibitively expensive as it is impractical, and would rob us of the conveniences we currently enjoy. The almost-crippling WannaCry campaign highlighted the immediacy of truly international and cross-sector solutions. Cyber security is not simply the prerogative of a narrow range of technical experts or particular agencies. As said previously, Estonia will hold the rotating presidency of the Council of the EU in the second half of this year. We believe that the Digital Single Market and the free movement of data within the EU are of existential importance for Europe


Beware the next wave of cyber threats: IoT ransomware

Despite the fact that IoT devices often have serious security weaknesses, it is still premature to talk about the imminent ransomware threat for smart homes and connected cars. The wide variety of apps and devices created by thousands of manufacturers complicates extensive malware usage. The IoT industry is highly fragmented these days. It lacks standardized approaches, common platforms and communication systems. It is tough to carry out mass attacks. Every time a compromise occurs, hackers only target a specific type of devices, which reduces the number of potential victims. We can conclude that hackers’ benefits from attacking consumer IoT devices are currently small. But the situation is likely to change in the future as the Internet of Things is going to deeper penetrate into our homes and offices.


Cyber Threats 101: Fileless Attacks (The Stealthiest of All)

This evolving threat vector calls for a rethink in the cybersecurity tools that companies use. Anti-virus software that only scans files on hard drives is no longer enough. Some vendors claim to be adopting memory scanning techniques, or watching for in-memory behavioral patterns. These are new approaches, and customers should always be wary about vendors’ claims for their security tools. Use independent testing organizations to validate those features. Administrative security is an important weapon in the battle against fileless malware attacks. Consider restricting access to administrative tools like Powershell, Apple Script, and WMI, that attackers can use as weapons. In general, application controls on endpoints are a good idea. The Australian Signals Directorate highlighted whitelisting as a key protective measure in its own general security recommendations to stop unauthorized software from running in memory.


3 things that must be addressed in your cloud agreement

It is important to mention that many cloud vendors will resist such requests, stating that in order to keep costs competitive they need to standardize on security policies in a one-size-fits-all approach that applies to all customers. Therefore, the cloud vendor will claim they simply cannot customize the cloud solution and associated services to match unique customer security requirements. Nonetheless, we still recommend engaging in these discussions early in the evaluation process when you have the greatest leverage, as vendors may be willing and able to get creative in providing some level of flexibility that either addresses your unique security requirements or substantially mitigates your financial risk. Other security measures to address include the physical location of your data and where the cloud solution will be hosted.


Forget the GUI: The return of the command line

Recent Windows 10 desktop releases have added support for Linux command-line tools, initially using Ubuntu in the Window Subsystem for Linux, exposed through the Bash shell. More distributions and alternative shells are coming, but Bash’s wide adoption make it an attractive route to bringing Unix tool chains to Windows. Ubuntu’s wide catalog of software, and its easy apt-get installation and update features mean you can quickly go from a bare prompt to a fully featured set of tools in a matter of minutes. SSL capabilities give you remote access to Unix servers, and Windows software is treated just like Linux binaries: Set a path so you can launch apps straight from the command line. Bash is becoming an important piece of Microsoft’s developer outreach, making Windows accessible to the developers who’ve been using MacOS for its Unix tools.



Quote for the day:


"There is only one valid definition of business purpose: to create a customer." -- Peter F. Drucker