Daily Tech Digest - August 09, 2017

Digital Payments Approaching Universal Acceptance

While consumers continue to use traditional payment methods such as direct mail, pay-by-phone and in-person payments, online and mobile payments (either through the financial organization or through the biller) now make up 59% of payments, according to the Fiserv research. Not only have the majority of consumers switched to digital channels, they are happy with their decision. For online bill pay users, 79% rated the service 8 of 10 or higher, with 70% of mobile bill pay users having the same sentiment. The reason for the satisfaction is clear. Both banking bill pay services and biller direct services provide speed and convenience. Major points of differentiation between the services are evident though, with biller direct services getting higher marks for speed and financial institution options being preferred due to the ability to pay multiple organizations in one sitting.


UK Gov: Firms could face £17M fine if cyber security is not up to scratch

Commenting on this latest government announcement, Sarah Armstrong-Smith, ... said this “demonstrates the reality we now all live in, where cyber attacks and data breaches are always going to be a threat. The worrying reality is that security is often an afterthought and security fundamentals are still not being followed such as changing default passwords. Hopefully the news of such fines will wake organisations up to the seriousness of the consequences from a financial stand point, never mind a reputational one.” “In security we talk about when not if a security breach will occur, but that does not mean organisations should not be taking all the necessary precautions to limit the potential impact of a breach. In fact, the fast approaching implementation of GDPR will oblige organisations to carry out thorough preparations of their systems.”


How IoT will change auto insurance

It’s slated to be a game-changer, but IoT technology still presents its own unique risks for which new lines of insurance coverage will become absolutely crucial — namely, cybersecurity. Recall the major cyberattack against domain name system provider Dyn back in October of 2016. Hackers were able to easily corrupt thousands of IoT-enabled cameras, printers and DVRs, assembling them in a botnet campaign to infect Dyn with malware and thereby cause it to crash. As a result, popular websites for which it routed traffic — including Netflix, Reddit, Amazon and Twitter — were rendered unavailable to a large portion of users in the U.S. and Europe. One could say that this is a harbinger for more to come, especially as more and more things become connected to the internet. The cyberinsurance market is already focused mostly on data protection


Monsanto IT turns data into 'decision science,' CIO says

We did a really big pivot on the IT organization over the last two years -- we call it our IT operating model -- that highlighted the key skills we needed for a future IT organization: Your high-end software engineering, your high-end decision science, mathematics and modeling capabilities, [and] things like human-centered design. So [that we're] actually building a user-friendly environment. As we continue to go out, the IT organization will continue to evolve. You're going to see more and more roles that have IT embedded in it -- whether you're a marketer or a supply chain professional or a researcher -- that's just going to become the norm. We're going be the enablers of that. But IT [will] continue to be distributed across all roles in every company.


We can’t rely on black swans: Three areas to improve cyber policy now

Declaratory policy is essential to deterrence, as it clearly specifies the repercussions for malicious behavior. This does not necessarily mean concrete red lines, but more so a playbook that addresses the range of U.S. responses when specific damage is inflicted or attempted. Just as Department of Defense response campaign plans are tailored, the same is necessary to ensure the U.S. is not stuck flat footed following a significant cyber attack. Furthermore, consequences must not only be clarified, but also credible. Deterrence relies entirely on whether the adversaries believe the consequences are real. This is not easy, and, unlike in many other domains, it requires the entire suite of diplomatic, economic, military, and information tools of statecraft to counter the broad range of adversarial objectives.


Blockchain and the future of IoT – Part 2

Different blockchains are emerging, each of them solving different problems, providing less or more flexibility and extensibility, and some of them are public while others are kept private. It is clear that there will not be one blockchain that will cover all use cases and solve all our distributed problems. Bitcoin is the godfather of all blockchains and still today is considered the most secure and most mature, while having the highest commerce volume, the most developers, the highest market cap, the most code review, the highest mining hash-rate and the most academic analysis. So why not leverage the existing Bitcoin blockchain for new applications? It would help a great deal of new applications, because the idea of distributed trustless consensus and the proof-of-work requires a 51% share in computing power to secure its ecosystem against attacks.


Australia's inside-out digital health strategy

The top critical success factor is "trust and security assurance", of course. And here we hit what I think is the big problem. If patients are to be "put at the centre of their healthcare", and their biggest worry is that their confidential health data might be breached, then surely this whole strategy is inside out. Surely you don't mitigate the data breach risks by pouring all that data into a massive, complex system that can be accessed by tens of thousands of people. If patients are meant to be at the centre of their healthcare, then maybe they should be carrying the data. After all, medical practitioners only need that data if the patient is right there in front of them. Give every Australian resident a USB stick to carry around their neck on a string, like soldiers wear dog tags recording their blood type. Or maybe a wristband with some Bluetooth cleverness.


How to Write a Perfect Error Message

Every system can’t work without errors. It can be user’s errors or system’s fails. In both cases, it’s very important to handle errors in a right way as they are crucial for a good user experience. ... Very often websites use only one error message for all validation states. You left this email field blank — “Enter a valid email address”, you missed the “@” character — “Enter a valid email address”. The MailChimp does it in another way — they have 3 error messages for each state of email validation. The first one checks if the input field isn’t blank when submitting the form. The other two check if there is “@” and “.” characters. (However “Please enter a value” isn’t a great example of the error writing, it is unclear what kind of value you need to enter.) Show your users actual messages instead of general ones.


Why serverless was made for mobile development

With a serverless architecture, you no longer need a dedicated devops and server team. You no longer need to know a server-side framework—just a little bit of JavaScript is enough. And you don’t even need to write all of the code that used to be necessary for communicating with a server, because the platform is designed to avoid that work in the first place. The Realm Mobile Platform is a serverless platform that puts mobile use cases first. Data syncing is fundamental to great mobile apps (whether it’s to show your Uber driver’s location or the latest pictures from your family on Facebook). Server-side coding is also necessary, but instead of writing all of the boilerplate code that makes it possible to connect and share data between mobile apps, you can focus on the coding that matters—code that you can now write in the dashboard of your server, without learning anything more than JavaScript.


Three Tough Lessons On Bias From The Google Memo

Distinguishing between unconscious and un-discussed is important because it means that the answer to undermining bias is not simply making biases conscious. While unconscious bias trainings are a great start, they aren’t thecatch-all inclusion solution. If we want to really make an impact, we must help people challenge and change their biases, including those they areprivately aware of but won’t vocalize until somebody like the memo writer decides to break the silence. ... So if we want people to be less biased, we have to dig into these issues more deeply and regularly. I’d take an educated guess that there are a good number of people who agree to some degree with the (scientifically disproven) points made in the memo about the “innate, biological differences between men and women.”


Intellectual Property Protection: The Basics

Your company's IP, whether that's patents, trade secrets or just employee know-how, may be more valuable than its physical assets. Security pros must understand the dark forces that are trying to get this information from your company and piece it together in a useful way. Some of these forces come in the guise of "competitive intelligence" researchers who, in theory, are governed by a set of legal and ethical guidelines carefully wrought by the Society of Competitive Intelligence Professionals (SCIP). Others are outright spies hired by competitors, or even foreign governments, who'll stop at nothing, including bribes, thievery, or even a pressure-activated tape recorder hidden in your CEO's chair. IP protection is a complex duty with aspects that fall under the purview of legal, IT, human resources and other departments.


Quote for the day:


"It is a leader's job to challenge the status quo. And when you do, you make enemies." -- @CarlyFiorina