Insider Threats – the myth of the black swan
Obviously, the average impact of insider threat cases does not tell anything about their overall frequency. Even if an average case is less than $50,000 in cost, when these low-profile cases happen on a daily basis, the cumulative loss will be very significant for most companies. And this says nothing for reputation lost, which is difficult to measure. As we have seen in previous posts of this series, the threat landscape broadens and diversifies with new BYOD policies, reduced and changing employee loyalty to employers, and higher employee churn rates create a large gray area of threats that include unintentional misbehaviors, violation of policies, and minor thefts.
A CIO's guide to the future of work
It can seem like a no-win situation, yet organizations can clearly not do nothing, and in fact, most realize they must do far more than they have until now. The net result of all of these trends and forces is that most organizations are busy undergoing some form of large-scale 'digital transformation.' A recent study by Altimeter found that 88% of the organizations they studied are in middle of such change efforts already, with social media, mobility, and information discovery as key elements of the process for more than half of respondents.
Private Links to Cloud Now Fastest Growing Business Segment
Private cloud connection services like AWS Direct Connect or Azure ExpressRoute were designed to address this problem. Through them, colocation providers like Equinix, CoreSite, TelecityGroup, and Datapipe, among others, can link their enterprise customers’ servers to the cloud data centers privately, bypassing the Internet altogether. In addition to colos, the cloud providers also partner with network carriers, which exponentially increases the amount of data centers around the world that can connect customers to the public clouds privately.
The Interdependence of Technology and Culture
Yes, technology will cause new challenges and further problems. Human creativity will use once again technology to solve those, not a methodology or legislation that restricts and demands safety and conformity. There is no need to fear technology as long as enough humans have the freedom to choose in a democratic environment. Technology that empowers will free the employees minds and unlock creativity and innovation. The same free minds will mostly use freedom to do the moral thing. No matter what your opinion is on the subject, the evolution of technology is tightly linked to our own.
Does NoSQL = NoDBA?
Many companies will keep their relational databases for applications like OLTP where the level of data persistence is, by default, very high. At the same time, when new needs arise because of Big Users or Big Data, revolutionary apps or cloud-based offerings, they’ll think non-relational. And in some cases, both will be chosen. A relational database, for example, is an expensive way to store data, so lots of people will use, say, Hadoop to store the raw data and then process into a relational database for fast service and interactive queries. So it’s actually not a question of SQL or NoSQL, it’s more one of SQL and NoSQL.
UK cyber threat sharing ahead of target, says Cert-UK
Initially, the remit of CISP was to focus on technical network-level defender issues for large organisations, but that is now being broadened to include small and medium enterprises (SMEs). “This means that, in addition to technical information, we are now also pushing out more general information aimed at raising the level of awareness around cyber security topics,” said Gibson. For the September Nato Summit in Wales, Cert-UK set up a CISP-style node for all those involved in the event, from Nato’s incident response teams down to the hotel where the summit was being held.
Flipboard’s latest update integrates Zite’s tech to make you fall in love with digital magazines
The updated Flipboard addresses the problem of finding the best digital magazines by first asking you to select a handful of topics you’re interested in. When you start reading content based on a particular topic, Flipboard will then suggest other topics to follow and related magazines worth checking out. The idea, McCue told me, is to slowly refine how Flipboard delivers and recommends content by occasionally prompting you to follow or favorite the stuff you enjoy.
Facebook gives away homebrewed OS monitoring tool
The tool, called Osquery, allows administrators to run SQL-based queries on operating system characteristics stored in a high-performance database, collecting data such as running processes, loaded kernel modules and open networking connections, wrote Mike Arpaia, a Facebook software engineer. In the last few months, Facebook let other companies try Osquery after "it became clear to us that maintaining insight into the low-level behavior of operating systems is not a problem which is unique to Facebook," he wrote.
CIO relationships and priorities remain conflicted
A closer look at the data raises concerns about the CIO’s ability to achieve the promise of those good intentions. Although 70 percent of respondents say their organization has maturity in delivering business outcomes, only 55 percent prioritize this goal. Likewise in the next dimensions, enhancing customer experience and building a more agile IT delivery model. ... It is interesting to compare relationship importance to relationship quality, in the above diagram. We see that the CIO does not have a “very good” relationship with the CEO, CFO, or COO even though CIOs report these relationships as “very important.”
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
Here’s how the attack worked in the case Shape observed: The hacker first set up an anonymous Gmail account, then infected a computer on the target’s network with malware. (Shape declined to name the victim of the attack.) After gaining control of the target machine, the hacker opened their anonymous Gmail account on the victim’s computer in an invisible instance of Internet Explorer—IE allows itself to be run by Windows programs so that they can seamlessly query web pages for information, so the user has no idea a web page is even open on the computer.
Quote for the day:
“The value of a man resides in what he gives and not in what he is capable of receiving." -- Albert Einstein
Obviously, the average impact of insider threat cases does not tell anything about their overall frequency. Even if an average case is less than $50,000 in cost, when these low-profile cases happen on a daily basis, the cumulative loss will be very significant for most companies. And this says nothing for reputation lost, which is difficult to measure. As we have seen in previous posts of this series, the threat landscape broadens and diversifies with new BYOD policies, reduced and changing employee loyalty to employers, and higher employee churn rates create a large gray area of threats that include unintentional misbehaviors, violation of policies, and minor thefts.
It can seem like a no-win situation, yet organizations can clearly not do nothing, and in fact, most realize they must do far more than they have until now. The net result of all of these trends and forces is that most organizations are busy undergoing some form of large-scale 'digital transformation.' A recent study by Altimeter found that 88% of the organizations they studied are in middle of such change efforts already, with social media, mobility, and information discovery as key elements of the process for more than half of respondents.
Private cloud connection services like AWS Direct Connect or Azure ExpressRoute were designed to address this problem. Through them, colocation providers like Equinix, CoreSite, TelecityGroup, and Datapipe, among others, can link their enterprise customers’ servers to the cloud data centers privately, bypassing the Internet altogether. In addition to colos, the cloud providers also partner with network carriers, which exponentially increases the amount of data centers around the world that can connect customers to the public clouds privately.
Yes, technology will cause new challenges and further problems. Human creativity will use once again technology to solve those, not a methodology or legislation that restricts and demands safety and conformity. There is no need to fear technology as long as enough humans have the freedom to choose in a democratic environment. Technology that empowers will free the employees minds and unlock creativity and innovation. The same free minds will mostly use freedom to do the moral thing. No matter what your opinion is on the subject, the evolution of technology is tightly linked to our own.
Does NoSQL = NoDBA?
Many companies will keep their relational databases for applications like OLTP where the level of data persistence is, by default, very high. At the same time, when new needs arise because of Big Users or Big Data, revolutionary apps or cloud-based offerings, they’ll think non-relational. And in some cases, both will be chosen. A relational database, for example, is an expensive way to store data, so lots of people will use, say, Hadoop to store the raw data and then process into a relational database for fast service and interactive queries. So it’s actually not a question of SQL or NoSQL, it’s more one of SQL and NoSQL.
UK cyber threat sharing ahead of target, says Cert-UK
Initially, the remit of CISP was to focus on technical network-level defender issues for large organisations, but that is now being broadened to include small and medium enterprises (SMEs). “This means that, in addition to technical information, we are now also pushing out more general information aimed at raising the level of awareness around cyber security topics,” said Gibson. For the September Nato Summit in Wales, Cert-UK set up a CISP-style node for all those involved in the event, from Nato’s incident response teams down to the hotel where the summit was being held.
Flipboard’s latest update integrates Zite’s tech to make you fall in love with digital magazines
The updated Flipboard addresses the problem of finding the best digital magazines by first asking you to select a handful of topics you’re interested in. When you start reading content based on a particular topic, Flipboard will then suggest other topics to follow and related magazines worth checking out. The idea, McCue told me, is to slowly refine how Flipboard delivers and recommends content by occasionally prompting you to follow or favorite the stuff you enjoy.
Facebook gives away homebrewed OS monitoring tool
The tool, called Osquery, allows administrators to run SQL-based queries on operating system characteristics stored in a high-performance database, collecting data such as running processes, loaded kernel modules and open networking connections, wrote Mike Arpaia, a Facebook software engineer. In the last few months, Facebook let other companies try Osquery after "it became clear to us that maintaining insight into the low-level behavior of operating systems is not a problem which is unique to Facebook," he wrote.
CIO relationships and priorities remain conflicted
A closer look at the data raises concerns about the CIO’s ability to achieve the promise of those good intentions. Although 70 percent of respondents say their organization has maturity in delivering business outcomes, only 55 percent prioritize this goal. Likewise in the next dimensions, enhancing customer experience and building a more agile IT delivery model. ... It is interesting to compare relationship importance to relationship quality, in the above diagram. We see that the CIO does not have a “very good” relationship with the CEO, CFO, or COO even though CIOs report these relationships as “very important.”
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
Here’s how the attack worked in the case Shape observed: The hacker first set up an anonymous Gmail account, then infected a computer on the target’s network with malware. (Shape declined to name the victim of the attack.) After gaining control of the target machine, the hacker opened their anonymous Gmail account on the victim’s computer in an invisible instance of Internet Explorer—IE allows itself to be run by Windows programs so that they can seamlessly query web pages for information, so the user has no idea a web page is even open on the computer.
Quote for the day:
“The value of a man resides in what he gives and not in what he is capable of receiving." -- Albert Einstein
No comments:
Post a Comment