Daily Tech Digest - July 21, 2017

Big Data Technology: In-House vs Outsource

For any technological venture, speed to market is key to determining overall success. This includes the development of internal technology. From project inception to launch, creating a big data solution can take as much as 2-3 full years. That’s two-plus years for a solution you need today. And while the need for an immediate solution is a sizable, the lifecycle of technology isn’t. A two-year wait time can create one of two problems: Either your newly developed solution is nearly outdated at launch, or you become caught in an unending cycle of redesign in an attempt to get ahead of a rapidly progressing technological landscape. Meanwhile, with the wide adoption of cloud-based SaaS model, speed of integration and deployment for third-party solutions has never been faster.

Scammers demand Bitcoin in DDoS extortion scheme, deliver empty threats

This week, the FBI says they’ve investigated hundreds of these cases, including several in Indiana – home to several major companies, the Indy 500, and this reporter. However, there has been no indication of attacks. When the targeted organization fails to meet the deadline or refuses to pay, those responsible for the demands fade into the background and the promised DDoS never happens. So, while the extortion attempts are turning out to be empty threats for now, that wasn’t always the case. In fact, it’s likely the people responsible for the most recent threats are using the ‘Anonymous’ and ‘Lizard Squad’ brands because they’ve been associated with DDoS attacks in the past. Most administrators will remember the panic that swept through enterprise and SMB channels when Anonymous was using DDoS as their primary means of protest in 2010, something they still do to this day.

A coding error led to $30 million in ethereum being stolen

The perils of a blockchain’s immutable transactions was brought home yesterday as some $30 million in ether was stolen due to a bug in the code of a well known ethereum wallet. It could have been worse: an additional $75 million was at risk because of the same coding fault, but a group of vigilante hackers rescued those funds and are promising to give them back to their owners. The ether was grabbed from the wallets of at least three projects that had recently completed so-called “initial coin offerings” (ICOs). More worryingly for ICO boosters, the vigilante hackers—who call themselves “The White Hat Group“—saved funds from wallets belonging to some of the biggest coin offerings to date. The bug has now been fixed. Those wallets required multiple people to sign off on transactions, which were supposed to make them more secure.

The 3 most in-demand cybersecurity jobs of 2017

"For lower-level professionals, companies need to consider if they want to pay a premium for an analyst to get every skillset they're looking for, or if they want to invest in trainings and seminars," Zafarino said. If you chose the latter, it's key to bring in a consultant for a short amount of time to help get the employee up to speed. "In the long term, that person is probably perfect, especially if you don't have the money at hand," he said. "If you do, you absolutely want to go with the more senior resource, and you can bring in lower-level people along the way." Zafarino said he commonly sees two paths to becoming a cybersecurity professional. In the first, a person comes from a computer science background, and can usually command a higher salary.

Bank workloads to be taken over by machines

Cognitive technologies, or machines that perform human tasks – have become cheap enough for banks to deploy them throughout their organisation. McKinsey said that automating tasks will “free up capacity” for staff to focus on higher-value work, such as research, generating new ideas or tending to clients. “This is really starting to take steam and it’s going to transform the industry over the next two to three years,” Jared Moon, a McKinsey partner who co-wrote the report, said in an interview. These cognitive technologies are estimated to free up 20 to 30% of employees’ capacity in units processing trades. Automation has not unanimously been welcomed with open arms. Workers worry they will be replaced by machines that can do their job for them, at a fraction of the cost.that can However, this won’t be the reality.

Data Mining - What, Why, When

The broad benefit of identifying hidden patterns, consequent relationships and establishing predictive models can be applied to many functions and contexts in organizations. Specifically, customer-focused functions can mine customer data to acquire new customers, retain customers, cross-sell to existing customers. Other examples are to enhance customer lead conversion rates and/or build future sales prediction models or new products & services.  Financial sector companies can build fraud-detection models and risk mitigation models. Energy and manufacturing sector can come up with proactive maintenance models and quality detection models. Retailers can build stock placement/replenishment models in stores and assess the effectiveness of promotions and coupons. Pharmaceutical companies can mine large chemical compounds data sets to identify agents for the treatment of diseases.

COBIT 5 for Risk—A Powerful Tool for Risk Management

One would think that, IT being critical to an organization’s operations, the risk related to IT and IT security would be covered by many different risk management frameworks, including the Committee of Sponsoring Organizations of the Treadway Commission (COSO) for enterprise risk management (ERM), the Risk Management Society’s RIMS Risk Maturity Model (RMM), Project Management Institute’s (PMI) Project Risk Management, International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27005 Information technology—Security techniques ... Arguably, there is only one globally accepted and in-use business framework to employ when it comes to risk management in the IT domain and, specifically, the governance and management of enterprise IT. That framework is COBIT 5.

How to monitor MongoDB database performance

In a smoothly running set of primary and secondary nodes (referred to as a “replica set”), the secondaries quickly copy changes on the primary, replicating each group of operations from the oplog as fast as they occur (or as close as possible). The goal is to keep replication lag close to zero. Data reads from any node should be consistent. If the elected primary node goes down or becomes otherwise unavailable, a secondary can take over the primary role without impacting the accuracy of data to clients. The replicated data should be consistent with the primary data before the primary went down. Replication lag is the reason that primary and secondary nodes get out of sync. If a secondary node is elected primary, and replication lag is high, then the secondary’s version of the data can be out of date.

7 Things Your IT Disaster Recovery Plan Should Cover

“Completing a BIA for major IT systems will allow for the identification of system priorities and dependencies,” notes Testoni. “This facilitates prioritizing the systems and contributes to the development of recovery strategies and priorities for minimizing loss. The BIA examines three security objectives: confidentiality, integrity, and availability.” Testoni adds that a BIA helps establish priorities for your disaster recovery, business continuity, and/or continuity of operations plans. “A standard approach to developing a comprehensive disaster recovery plan is to first develop the policy, then conduct the BIA,” he says. “After creating a prioritization with the BIA, contingency strategies are developed and formalized in a contingency plan.”

Android O: The Reddit AMA's 8 most interesting reveals

Google teased us with dark mode on both the Android N and O developer previews, but it’s not making it into the full release anytime soon. The reason? “Reliable and consistent theming is hard.” Numerous questions about themes and dark mode stacked up on the Reddit board, and Android engineer Alan Viverette addressed it thusly: “There are technical and logistical issues with theming. The technical side is largely solved in O with Runtime Resource Overlay support (a Sony framework that allows the system to modify the look and feel of an app while it is running); however, we still don’t have stable APIs for describing what can be themed or adequate ways to verify that existing applications properly support theming.”

Quote for the day:

"It's the little details that are vital. Little things make big things happen." -- John Wooden