Daily Tech Digest - June 13, 2017

4 ways mentoring employees leads to company growth

This growth-centric mentorship isn’t casual or sporadic. In fact, at least 20% of your time should be devoted to mentoring. It’s a purposeful weekly meeting scheduled by, prepared for and owned by the employee. The meetings don’t have to be long, but they’re the best opportunity for employees to discuss their goals, get feedback and present their ideas. As their supervisor, it’s your opportunity to encourage and ask questions to push them to do their best work. ... An increased sense of ownership, loyalty, and engagement leads to a successful mentorship program, which in turn ensures growth. You achieve this by making these one-on-one mentorship meetings, allowing you to ask the best questions, demonstrate how you think through business challenges, and show each employee that he or she is a priority.

Three attributes a serial technology CEO looks for in a CTO

CTOs need to be able to understand both the ‘why’ and the ‘how’ of a product and where the value-add element can be incorporated – this is something I feel they won’t get by carrying out their work with a hands-off approach. As a company, we can’t afford to miss our business targets of driving a customer-informed view of the product roadmap, and ensuring delivery infrastructure that leads to positive customer experience. Hitting these targets contributes to revenue growth and customer satisfaction. No doubt, a deep and wide technology background remains the essential foundation for any enterprise-grade CTO. He or she will need to understand how our products work at a fundamental level and combine this knowledge with important technology and business trends.

Banks are more trustworthy data guardians than Google

Could financial institutions use their trusted role as data guardians to monetize that trust and compete with the big tech firms?Bloomberg NewsSo Conor’s idea is this: Google gives us searches, email, storage and more, for free — in exchange for letting the search giant mine and use our data. Google claims that it won’t be evil, but is the company using our data ethically and is it all aboveboard? Not everyone thinks so. On Natural News, Mike Adams claims that Google is the most evil corporation in the world “for its outrageous censorship, collusion with spy agencies and blatant attempts to propagandize the world with dishonest, deceitful information about everything from politics to natural medicine."

Risk aware IAM for an insecure world

Over the past several years, modern cloud security solutions such as user behavior analytics (UBA), cloud access security brokering (CASB) and security information and event management (SIEM) systems were born and matured alongside IDaaS solutions, but their integration and utilization has not always been demanded by IT leaders. Integrating and uniting these platforms unleashes the full power of a risk aware IAM system. From a market standpoint, integration is inevitable and necessary. Organizations not only have the opportunity to enhance the security of identity, they have the obligation to do so. IT leaders who haven’t done so already can drive a risk aware IAM agenda in their organizations with the following critical capabilities:

Prepare for increasing 'nation-state' cyberattacks with strategy, not technology

Just as there would be a problem with untrained persons walking around with live explosives, we have a problem with possibly explosive outcomes on the horizon. The reality is that NSA-level attack tools and government-"issued" weaponized exploits have leaked online, and within months, the bad guys had reconfigured them for their purposes, attacking more than 100 countries and many multinational companies. In a few noted and publicized instances, the malicious actors using these tools and frameworks literally reconfigured code blocks and exploit samples overnight to ensure their effectiveness. How fast can a defensive tool vendor move to fight that threat? Do you think your anti-virus tool vendor will move faster than a cybercriminal organization that has no bureaucracy and no motive other than profit?

Cyber threats are inevitable, paralyzing impact is not

Cyber security is a question of a way of life. Europeans are used to the benefits and advantages of digital services and the availability of electronic networks. Nations have no choice but to build up robust cyber security measures – reverting to a paper-based system would not be more secure, is as prohibitively expensive as it is impractical, and would rob us of the conveniences we currently enjoy. The almost-crippling WannaCry campaign highlighted the immediacy of truly international and cross-sector solutions. Cyber security is not simply the prerogative of a narrow range of technical experts or particular agencies. As said previously, Estonia will hold the rotating presidency of the Council of the EU in the second half of this year. We believe that the Digital Single Market and the free movement of data within the EU are of existential importance for Europe

Beware the next wave of cyber threats: IoT ransomware

Despite the fact that IoT devices often have serious security weaknesses, it is still premature to talk about the imminent ransomware threat for smart homes and connected cars. The wide variety of apps and devices created by thousands of manufacturers complicates extensive malware usage. The IoT industry is highly fragmented these days. It lacks standardized approaches, common platforms and communication systems. It is tough to carry out mass attacks. Every time a compromise occurs, hackers only target a specific type of devices, which reduces the number of potential victims. We can conclude that hackers’ benefits from attacking consumer IoT devices are currently small. But the situation is likely to change in the future as the Internet of Things is going to deeper penetrate into our homes and offices.

Cyber Threats 101: Fileless Attacks (The Stealthiest of All)

This evolving threat vector calls for a rethink in the cybersecurity tools that companies use. Anti-virus software that only scans files on hard drives is no longer enough. Some vendors claim to be adopting memory scanning techniques, or watching for in-memory behavioral patterns. These are new approaches, and customers should always be wary about vendors’ claims for their security tools. Use independent testing organizations to validate those features. Administrative security is an important weapon in the battle against fileless malware attacks. Consider restricting access to administrative tools like Powershell, Apple Script, and WMI, that attackers can use as weapons. In general, application controls on endpoints are a good idea. The Australian Signals Directorate highlighted whitelisting as a key protective measure in its own general security recommendations to stop unauthorized software from running in memory.

3 things that must be addressed in your cloud agreement

It is important to mention that many cloud vendors will resist such requests, stating that in order to keep costs competitive they need to standardize on security policies in a one-size-fits-all approach that applies to all customers. Therefore, the cloud vendor will claim they simply cannot customize the cloud solution and associated services to match unique customer security requirements. Nonetheless, we still recommend engaging in these discussions early in the evaluation process when you have the greatest leverage, as vendors may be willing and able to get creative in providing some level of flexibility that either addresses your unique security requirements or substantially mitigates your financial risk. Other security measures to address include the physical location of your data and where the cloud solution will be hosted.

Forget the GUI: The return of the command line

Recent Windows 10 desktop releases have added support for Linux command-line tools, initially using Ubuntu in the Window Subsystem for Linux, exposed through the Bash shell. More distributions and alternative shells are coming, but Bash’s wide adoption make it an attractive route to bringing Unix tool chains to Windows. Ubuntu’s wide catalog of software, and its easy apt-get installation and update features mean you can quickly go from a bare prompt to a fully featured set of tools in a matter of minutes. SSL capabilities give you remote access to Unix servers, and Windows software is treated just like Linux binaries: Set a path so you can launch apps straight from the command line. Bash is becoming an important piece of Microsoft’s developer outreach, making Windows accessible to the developers who’ve been using MacOS for its Unix tools.

Quote for the day:

"There is only one valid definition of business purpose: to create a customer." -- Peter F. Drucker