Daily Tech Digest - November 15, 2017

Digital transformation the career-defining issue for CEOs 


"If a CEO doesn't have a metric to drive a transformation, it's not a Transformation with a capital 'T'," Raskino said. "CIOs need to boil down digital into some very simple metrics of whatever matters to a company. "You have to define what a digital business means for your business. What is the number one goal, the metric which shows we are moving towards this digital goal? Then, what are the KPIs we will use in the management structure to drive that change?" The next step for CIOs was to propose more creative digital business strategy ideas like setting up a startup incubator, creating a tech or digital joint venture, setting up a venture capital fund, joining a consortium or acquiring a new business entity, Gartner suggested. Thus CIOs need to grow as leaders and be comfortable engaging in conversations around these subjects.



How Hackable is Your Smart Enterprise?


By the very nature of an IoT being connected, once a device becomes infected, the threat can spread throughout the entire network, continuing to exploit vulnerabilities, and requiring IT security to attempt to keep up with the infection and limit the damage. The necessity of security as part of an organization’s IT policy and processes is deeply ingrained in even the most old-fashioned of companies, but there is a curious blind spot when it comes to the IoT. A study commissioned by ForeScout Technologies shows that often organizations are not even aware of the number of connected devices they currently have on their networks (4 of 5 organizations surveyed). The obvious conclusion is that a network can not be secured if they do not know what devices are supposed to be there. 


OnePlus Phones Were Shipped With a Hidden Backdoor


Alderson found an application on OnePlus devices intended for factory testing, and discovered it could be used to obtain “root access” to the phone. Rooting an Android device allows a developer to essentially gain access to everything in the operating system, and permission to change anything about the device’s software. The application the researcher found is called “Engineer Mode.” It’s meant to be used while the smartphone is still in the factory, to test whether it’s working properly. Engineer Mode was hidden behind a password, but Alderson along with researchers at app security firm NowSecure were able to quickly crack it. The password is “angela,” which could ironically be another Mr. Robot reference. Alderson believes that the vulnerability can only be exploited with physical access, at least for now. He said in a tweet that it’s “too early to speak about a random app getting root access, but we are on the good tracks.”


Frustrated with coding? Microsoft releases new tools to relieve the grind

"Developers are core to Microsoft. We put developers at the heart of everything we do, deeply recognizing the role they play in developing the applications driving digital transformation across all organizations and industries," said Microsoft corporate VP of communications Frank Shaw, speaking ahead of event. First to be announced was Visual Studio App Center, which should help developers build and deploy apps more efficiently, according to Shaw. The service will make it easier to deploy, test, build and monitor applications, without having to stitch together multiple products to maintain this workflow, freeing up developers to spend more time adding features and improving the user experience. Shaw said it is a "one-stop" service where developers connect their code repository to app center and "within minutes App Center creates a pipeline of automated builds, testing on real devices in the cloud".


Fundamentals of Prescriptive Analytics

Prescriptive Analytics
An average business today has a digital footprint, which forces the business owner or operator to collect, ingest, analyze, and present the data to gain competitive intelligence. As business owners or operators are typically very busy folks running their day-to-day business operations, they do not have the time and leisure to pursue data technologies or more specifically, advanced business analytics for increased profit. However, they need the profit margins to remain healthy for future sustenance. For most business owners like these, either a Data Center or an advanced Data Analytics team or an out-sourced data service provider has to step in to handle and manage all data technology tasks. A previous executive survey indicated that most business executives prefer to get ready-made business solutions in times of need.


Cloud Computing Makes Everyone Their Own CIO -- Is That A Good Thing?

Cloud may have made everyone their own CIO, but there is too much cloud adoption for cloud's sake taking place, Crawford observes. "A great example of this -- and it’s something that just kind of raises the hair on the back of my neck -- is when I hear that boards of directors of publicly traded companies are giving mandates to their organization to 'go cloud,'" he illustrates. "The board should be very business-focused and instead they're dictating specific technology -- whether it’s the right technology or not. Another example is folks that try and go all-in on cloud but aren’t necessarily thinking about what’s the right use of cloud – in all forms, public, private, software as a service. What’s the right combination to use for any given application? It’s not a one-size-fits-all answer."


MasterCard has filed a patent on its own blockchain-based money transfer solution


While the abstract itself doesn’t mention blockchain, MasterCard intends to use the technology in the process, describing a step in which “the payment guarantee data stored in the third data element included in the received transaction message includes at least a blockchain network identifier and (i) a public key or (ii) a destination address, the record of payment guarantee is a blockchain transaction for payment of the transaction amount stored in the second data element included in the received transaction message to (i) the destination address or (ii) a destination address associated with the public key, and the computing system is a node in a blockchain network corresponding to the blockchain network identifier.”


Can fintech deliver the personal touch in banking?

Backed by analytical insights, banks also know the most preferred channels to reach out to their customers. And when banks reach customers at the right time using the right channel, customers are much more likely to engage in interactive conversations. With mobile banking apps in their smartphones, customers are far more connected to their banks. So the personal touch is not just restricted to the first engagement during the initial “sale” of the product but extends throughout the loan lifecycle. For example, lending provides considerably more opportunities to interact with customers during the loan servicing period, than in the short time when the original loan is being “sold”. During the life of the loan, a well-crafted personalized approach can translate into repeat business for the bank. 


Fileless malware attacks 10x more likely to infect your machine than others

istock-514031635.jpg
"This survey reveals that ignoring the growing threat of fileless attacks could be costly for organizations." Larry Ponemon, chairman and founder of Ponemon Institute, said in a press release. "The cost of endpoint attacks in the companies represented in this study could be as much as $5 million, making an enterprise-wide endpoint security strategy more important than ever." Ransomware also continues to wreak havoc on many businesses, with more than half of the organizations surveyed reporting that they experienced one or more ransomware attacks in 2017. Of those, 40% said they experienced multiple ransomware attacks. Some 65% of organizations hit reported that they paid the attackers, with the average ransom payment hitting $3,675.


Business in digital world demands considered approach


“We have to think about things to do with applications, infrastructure, identity, privacy and many other domains, as we execute on our strategies in response to the environment in which we all operate today,” said Verdonck. The next thing to consider, he said, is the need to be vigilant. “This means when an incident occurs, we need to know instantly what happened, what the impact is and how we need to respond. “For many organisations, vigilance is a new dimension, and for organisations which have complex environments, vigilance is consequently a complex domain, but a sense of urgency is important for all of us as we operate in our specific environments.” Finally, said Verdonck, when something happens, organisations need to be resilient and able to understand the extent of the event and how to restore normal business operations as quickly as possible.



Quote for the day:


"Knowledge is the new capital, but it's worthless unless it's accessible, communicated, and enhanced." -- Hamilton Beazley