Daily Tech Digest - November 14, 2017

Investigating IoT Crime in the Age of Connected Devices

A businessman examining a smartphone through a magnifying glass.
Smart devices are the main components of the IoT. They are easy to use and deploy and are usually connected to the internet without any security enabled. These devices range from smart locks to medical equipment, TVs, refrigerators, light controls, security systems, baby monitors and automobiles, any of which can be used to steal personal information, spread malicious code, eavesdrop or even interfere with the operation of machinery. In a worst-case scenario, these malicious acts can potentially put human lives at risk. Due to the rising number of connected devices, it has become necessary to develop new approaches and tap all available resources to combat future crimes. This new strategy should be implemented in the early stages of the investigation, particularly when investigators don’t know where to begin.


3 ways enterprises can reduce their cybersecurity risk profile

The first issue is how enterprises think about cybersecurity. There are two aspects to consider when looking at how cybersecurity is viewed. The first is that enterprises often want to be secure, but are unwilling or unable to provide the funding to match. That is, until a breach occurs. This has created a behavior within IT organizations where they leverage breaches to gain cybersecurity funding. Spending in cybersecurity is often seen in a similar vein as insurance and comes back to risk mitigation. Many IT organizations are challenged to get adequate funding to appropriately protect the enterprise. It should be noted that no enterprise will be fully secured and to do so creates a level of complexity and cost that would greatly impact the operations and bottom line of the enterprise. Therefore, a healthy balance is called for here.


Researchers developing building-free data centers

Researchers developing building-free data centers
The idea is that common servers are fully submerged in the barrels where they are chilled by the immersion. Expensive humidity control and air conditioning thus become irrelevant, as do buildings. One could even place the containers, which the researchers call RuggedPODs, out in the middle of a field (rendered image pictured above), observes Simon Sharwood, of The Register, who has reported on the project from the Sydney OpenStack Summit, where the idea is being bandied around. Horizon’s proposed outdoor cooling boxes have numerous other benefits, it explains on its website: The micro-ATX motherboard-containing, case-like pod can operate in an “extreme environment,” such as outdoors, and in “positive temperatures.” Costs might be low partly because the barrel is easy to make. Maintenance, too, is simple with an easy-to-operate gasket for the tub. It includes sealed connectors for the external power and network.



Russian Developer Snuck Cryptocurrency Mining into Android Apps

A Russian developer installed cryptocurrency mining code in his popular crossword game app Puzzle as well as his in-game awards and bonuses app Reward Digger, without notifying users they would be mining cryptocurrency coins on his behalf, according to researchers. Although it's not illegal for developers to put cryptocurrency-mining capabilities into their own apps, the issue becomes an ethical one if users are not aware their mobile devices are being used to mine cryptocurrency, says Steve McGregory, who leads the Application & Threat Intelligence (ATI) team at Ixia that recently studied the rigged apps. Oxothuk, the user name of the independent developer who created the two apps, included crypto-mining features in the apps without adequately informing users, McGregory told Dark Reading.


Digital transformation may be overhyped, but so is business as usual – with Brian Solis

change-same-cloud
Companies should be worried about the gap that gets exposed here as the so-called mavericks advance – not through financial investment, but good old trial-and-error. Digital is very much a learn-by-doing pursuit. When the gap becomes a chasm, you have a problem. I like that Solis emphasizes the culture and human impediments to digital change. I largely agree with Solis that digital is a culture and economic force rather than a marketing invention. However, change agents don’t have much protection in many organizations. The unsexy truth is that being a change agent is hard. To me, the next steps in this research are two-fold. One is documenting the practices of the mavericks and early adopters, and learning from their wins and struggles. The next is focusing these learnings on verticals and micro-verticals.


Google’s AI guru predicts humans and machines will merge within 20 years

The deadliest war in recorded human history, World War II, ended just 72 years ago. In the time since, humanity has engaged in what feels like countless skirmishes, police actions, and outright wars. And while the US remains engaged in the longest war in its history – with no end in sight – the human species is currently enjoying the most peaceful period in the history of our civilization. The existential fear is that AI will somehow compromise this progress and send us careening into the next extinction-level event. If technology like the atom bomb made World War II so much worse than everything before it, doesn’t it follow that WWIII will be even more devastating? It’s more complex than that, according to Kurzweil. He believes part of the reason we’re able to coexist so wonderfully (in the grand historical scheme) for so long is because democracy has begun to take hold globally.


How to Cultivate Leadership That Is Honed to Solve Problems


Talent development for challenge-driven leaders should focus on creating what Ideo CEO Tim Brown calls “T-shaped” contributors: people who can go deep in their particular, vertical specialty while maintaining a high-level understanding of other fields — and who can make connections between the two. This has serious implications for talent development. Development should focus more on developing singular strengths, and less on transitioning people from being individual contributors to being generalist managers. One person we interviewed used the phrase “Jedis in training” to describe the ongoing process of honing skills. In the Star Wars film franchise (which is, of course, popular at MIT), a qualified knight must master a series of skills, not just one, and each of them with deep proficiency.


Artificial Intelligence Will Automate Business Processes

In banking, we’ve enabled a trading platform to engage more customers via a mobile trading app. ... When a new market trigger occurs, we’re able to reach out to each client with a personalized stream of market insights every day, providing personalized insight at scale. In addition, there’s a built-in feedback loop for business performance. For the digital channel of a large retailer, we started a small pilot to learn the profiles and preferences of anonymous shoppers, resulting in a double-digit increase in conversions. By showing the client how the machine learning algorithm was learning with additional data and seeing the impact on conversions, this solution was rolled out across the entire digital commerce platform so the retailer is now making personalized, real-time recommendations based on each click.


Worried About Hackers, States Turn to Cyber Insurance

Stateline
Pizzini said the insurance company helped with the mailings, set up a call center, and provided forensic investigation, legal and communications assistance, and credit monitoring. “We used all of the services in our insurance policy,” she said. “It would have cost us a ton more than the premium we pay.” The state has a $2 million policy, which covers all agencies, including the university system, she said. It pays an $88,200 annual premium and has a $100,000 deductible per incident and a 10 percent copayment for credit monitoring. But Pizzini and IT officials in other states caution that having cyber insurance shouldn’t make states complacent and view it as a substitute for a comprehensive security program. While the coverage can be a big help after the fact, they say, states need to invest in security, keep their technology updated, and be prepared for hackers and cybercriminals.


Cisco: Most IoT projects are failing due to lack of experience and security

"The inaugural phase of IoT is characterised by numerous point solutions from a multitude of new -- often startup -- vendors. Typically, these solutions have been designed to solve a particular societal problem such as lighting or parking. In each case, a complete IT stack needs to be built in support of the solution," Bloch explained. "Eventually, customers find themselves with multiple siloes from multiple vendors that don't interoperate, are not cybersecure, use different protocols, and generate more complexity at greater cost." According to Bloch, this is why Cisco is constructing an "IoT Phase 2" foundation, which consists of a platform that is able to cope with multiple different sensors, vendors, applications, and data interchanges. The CTO added that IoT projects are also failing due to a lack of cybersecurity, qualified skills by those running them, project definition, governance, and support.



Quote for the day:


"Everything that irritates us about others can lead us to an understanding of ourselves." -- Carl Gustav