Daily Tech Digest - December 13, 2017

Cyber security skills shortage can be addressed, says (ISC)2


McCumber, who has been working in information security in military, national security and civilian roles for the past 30 years, argues that in the light of the fact that there are jobs for people coming out of trade schools, there is no reason that aspects of cyber security cannot be turned into trades. “By treating cyber security as a trade, it will enable school leavers to get some basic skills without having to do a four-year course and to provide valuable services in well-paid jobs in the cyber security field,” he said. “There are a lot of productive jobs in the cyber security field that do not need a four-year degree.” ... “We work with industry to ensure we are training people to meet industry’s needs, and government that wants to drive down unemployment rates, and provide transportable certifications that are recognised by government, industry and academia,” he said.



HP Spectre 13 review: This stylish ultrabook conceals real power

HP Spectre Laptop 13 af0xx
Whether open or closed, the Spectre 13’s elegance shines through. It’s a beautifully architected notebook PC, with metallic accents that complement the understated white of the chassis. (Normally, the Spectre 13 ships in black; the Ceramic White option our test machine included is an extra $10—and worth it.) Would I have chosen a series of circular holes to replace the hexagonal slits of the fan grille? Maybe. A narrow power button to one side also feels a bit out of place. But these are just nitpicks. ... At 2.4 pounds, the Spectre 13 is light, yet solidly constructed. Many aspects reminded me, though of a tablet: its weight; the power-efficient, 1080p display; and the pair of silver hinges that conceal the I/O and electric connections, slightly lifting the display above the keyboard. HP also includes a pleather laptop sleeve to protect the Spectre Laptop from nicks and scratches while in your bag.


Programmers and developers more important to companies than IT managers

istock-670517478.jpg
"IT is really going to have to shift to more of a partner to the business, and making sure they are in lockstep with what the business goals are," Hayman said. ... Decentralization makes it challenging for IT and the business to align, Hayman said. For successful digital transformation projects, both parties need to be at the table for important conversations about how technology can help realize goals, rather than IT waiting for direction from the business. "Digital transformation is going to give organizations this unique opportunity to use technology as that strategic asset for the whole enterprise," Hayman said. "Those capable IT teams that can support it are really going to help separate and differentiate organizations from the rest of their competition. That's going to mean identifying areas to increase efficiency, and add greater value to the technology."


Cyber attack surface facts, figures and statistics for 2017 to 2022

Cyber attack surface grows immensely, raises security concerns
The far corners of the Deep Web — known as the Dark Web — is intentionally hidden and used to conceal and promote heinous criminal activities. Some estimates put the size of the Deep Web (which is not indexed or accessible by search engines) at as much as 5,000 times larger than the surface web and growing at a rate that defies quantification, according to one report. ABI has forecasted that more than 20 million connected cars will ship with built-in software-based security technology by 2020 — and Spanish telecom provider Telefonica states by 2020, 90 percent of cars will be online, compared with just 2 percent in 2012. Hundreds of thousands — and possibly millions — of people can be haced now via their wirelessly connected and digitally monitored implantable medical devices (IMDs) — which include cardioverter defibrillators (ICD), pacemakers, deep brain neurostimulators, insulin pumps, ear tubes and more.


GDPR and the human element of personal data protection

Finding the precise location of data defined as ‘personal’ under GDPR from among the thousands of tables and columns (or fields) in complex and customized packaged systems, represents a significant challenge. Traditional tools and methods, such as searching for documentation, using templates and reference models or employing external consultants, do not address the challenge in an effective and timely fashion. Safyr offers an interesting approach - it interfaces with all the most popular ERP and CRM solutions in order to speed up that discovery process. Speed and accuracy here are vital for several reasons - obviously ‘bad’ data discovery initially means that risk assessments will be skewed, and even worse it may cause a loss of focus, so that less critical issues are fixed first, rather than the real high risk issues. These issues are the major benefit of using a discovery tool, rather than attempting hand cranked scripted procedures.


A robotic path lined with cybersecurity bumps

robot
The robot controller is a complex device composed of multiple interconnected subsystems and computer systems. A controller can work in automatic mode – typically for regular operation of the robot; and in manual mode, in which the robot performs movements according to specific inputs fed by the operator.  Under this attack, the cybercriminal changes the setting of the control system so the robot moves unexpectedly or inaccurately. This type of attack could lead to production of defective or modified products, subsequently resulting in massive recalls. The first time a robot is connected to a controller, the sensing equipment must be calibrated. The controller uses the calibration data to compensate for known measurement errors. Manipulation on the calibration parameters can cause the servo motor to move erratically or unexpectedly. If an attack is launched when a robot is moving, the controller can detect it and engage stopping procedures.


A Pragmatic Assessment Of Disruptive Potential In Financial Services

Fintechs have seized the initiative – defining the direction, shape and pace of innovation across almost every subsector of financial services – and have succeeded as both stand‐alone businesses and crucial parts of financial value chains Fintechs have reshaped customer expectations, setting new and higher bars for user experience. Through innovations like rapid loan adjudication fintechs have shown that the customer experience bar set by large technology firms, such as Apple and Google, can be met in financial services Customer willingness to switch away from incumbents has been overestimated. Customer switching costs are high, and new innovations are often not sufficiently material to warrant the shift to a new provider, especially as incumbents adapt* Fintechs have struggled to create new infrastructure and establish new financial services ecosystems, such as alternative payment rails or alternative capital markets.


AIG launches new cyber threat analysis to gauge companies' risks

AIG.N
AIG’s underwriters have been using the computerized analysis since November, which combines information from a new insurance application designed for the process and data about current cyber threats to generate scores on various related factors, said Tracie Grella, AIG’s global head of Cyber Risk Insurance, in an interview. The analysis scores companies on the degree to which a cyber attack may affect their businesses and the potential costs of various cyber incidents, among other issues, according to a sample report seen by Reuters. Cyber coverage is a mounting concern worldwide as hackers increasingly target companies’ technology systems. Insurers are also struggling to estimate their potential exposure as cyber risks and interest in coverage increase.


Cloud-to-cloud backup: What it is and why you need it


In small-scale scenarios, users can copy files from, for example, Office 365 and G Suite to a local volume, or if security rules permit, an external drive. But this is a manual process that might not be reliable, and will struggle to scale. For larger files and larger applications, this is rarely practical. Enterprises using infrastructure-as-a-service (IaaS) or SaaS applications can use application programming interfaces (APIs) or third-party software to back up to local servers, network-attached storage (NAS) equipment or their own datacentre. But backing up cloud services to local storage is a step backwards. Instead of taking advantage of the cloud, it forces companies to retain on-site infrastructure, increases costs and limits flexibility. Enterprises that back up software-as-a-service applications will have the reassurance that they have copies of their data, but they will not be able to replicate or run the SaaS environment in-house.


Top 5 open source tools for MySQL administrators

Top 5 open source tools for MySQL administrators
For database administrators (DBAs), keeping databases running at peak performance can be a little like spinning plates: It takes agility, concentration, quick reactions, a cool head, and an occasional call out from a helpful onlooker. Databases are central to the successful operation of almost every application. As DBAs are responsible for an organization’s data, finding dependable tools that help them to streamline the database management process and ease day-to-day maintenance tasks is essential. DBAs need good tools to keep their systems spinning smoothly. So what are the tried and trusted tools for MySQL administrators? Here I share my top five open source tools for MySQL administrators and discuss their value in the support of day-to-day MySQL administration tasks. For each of them, I’ve provided a link to the GitHub repository and listed the number of GitHub stars at the time of writing.



Quote for the day:


"Failure defeats losers, failure inspires winners.” -- Robert T. Kiyosaki