Tech Bytes - Daily Digest: October 30, 2016
Shareholders sue companies for lying about cyber security, Can anyone keep us safe from a weaponized IoT, The top reason digital transformations fail, Experts share their cybersecurity horror stories, Important tips for updating your breach response plan, Actionable agile tools and more.
Directors owe fiduciary duties to their shareholders and have an important role in overseeing corporate risk management, which is now understood to include cyber security risk. There are two ways that breaches can give rise to suits in this context. The first involves a board making an affirmative decision regarding cyber security that permitted a breach—say, putting a woefully inadequate security system in place, or just delegating the whole issue to IT. A second factual scenario would involve the failure to take any precautions at all. Because it established that a board has a duty with respect to cybersecurity, doing nothing about risk would land you in trouble.
The big problem is that too many of those connected products come with lax security features that make them juicy targets for hackers, according to Herzberg. For instance, cheap Internet of Things devices are often secured with default passwords and may lack support for security updates. And the rapid expansion of the Internet of Things market means even more vulnerable devices are likely to be in use soon: By 2020, there will be over 20 billion Internet of Things devices online, according to one estimate from analysis firm Gartner. ... “It would be great if we could say, 'If you want to produce a device connected to the Internet you must go through basic security checks,’ but we don’t have that right now,” he said.
A key challenge in asynchronous execution is ensuring that the clocks of all participants and constituent components or modules remain synchronized. For human interaction, such as a live chat session, such skew is not important. However, in synchronous execution, read-and-write storage operations are likely to occur milliseconds (or less) apart, so proper clock synchronization is essential in guaranteeing that I/O operations occur in the correct order. Another challenge is the need to correlate multiple data streams that encompass both synchronous and asynchronous collection methods. Especially acute in the area of data mining and streaming analytics, dealing with this issue through the technique of singular value decomposition was examined in research first published in 2002.
We should not spend time testing the logging subsystem itself, such as log4net, log4j, etc.; we should assume that the mechanics of logging (writing to disk, rotating log files, flushing buffers, etc.) are already handled. Instead, we should concentrate on ensuring three separate but related things ... Of course, by checking for these things, we exercise the logging subsystem and implicitly test that too. By addressing logging as a testable system component, we also tend to reduce the ‘time-to-detect’ for problems, increase team engagement, enhance collaboration, and increase software operability. We need to define a set of event type IDs that correspond to useful and interesting actions or execution points in our software. Exactly how many of these IDs you use depends on your software
Despite awareness of the importance of digital technology and business models, we continue to see that most leaders don’t know how to lead a digital transformation. Many work to enable others in their organizations, but this often results disjointed, independent, tactical initiatives, which are costly and go nowhere, creating bad blood inside and outside the organization. To be successful, digital platforms need to be unified across the organization, spanning every division, product, service and supplier. Doing this takes real leadership and board support. That doesn’t mean that it always looks the same, though. If you look at how big players are approaching digital transformation, you can see different approaches playing out.
The process involved understanding the various infection patterns that affect an inpatient. Since this is a multi- clinical disciplinary activity, such a project entails the involvement of the microbiologists, lab teams, doctors from various clinical specialties and pharmacologist. “These stakeholders play a key role in promoting appropriate practice for prevention of such infections. So we wanted to equip these multiple stakeholders with powerful big data analytics to enhance their ability to define both preventive as well as prescriptive treatment patterns and ensure that the patient’s well-being is maintained,” states Sivaramakrishnan. The hospital took all the diagnostics results, patient conditions, other relevant clinical information and created analytics models out of it.
Cybersecurity experts warn that large-scale, coordinated cyber-strikes targeted at essential infrastructure, like last week's Dyn DDoS attack, could cost the economy billions of dollars in lost productivity and potentially harm individuals. ... When companies are attacked, TechRepublic ordinarily advises them to follow damage-mitigation best practices. In the spirit of Halloween, however, let your fears run wild with these hacking horror stories. ... Car hacking has been demonstrated. Shutting down power to a hospital can threaten lives. Network-connected healthcare devices can be misused. IoT is a new frontier with new risks - the things we're putting on the internet range from convenience devices for comfort and lighting to life-sustaining devices like pacemakers and other medical implants.
The most frustrating part of the recent DDoS attack is that IoT manufacturers only needed to look at 30 years of consumer technology to see the proverbial writing on the wall. And if they couldn't do that, they could have heeded the warnings spouted by security researchers (corporate and hobbyist hacker alike). These people have told anyone who would listen how putting billions more devices on the Internet without careful consideration of how they will be used is a bad idea. In 2014, Dan Geer opened the Black Hat conference by saying that the IoT is already upon us and could lead to trouble.
The "set it and forget it" approach may be great for a thermostat, but breach response plans should never be left on autopilot. Modern hackers are often highly educated with extensive experience and top-notch skills. Furthermore, many hackers work for their governments or corporations, giving them access to the latest technologies. Hackers have become increasingly adept at finding vulnerabilities that they can exploit, the Heartbleed vulnerability being just one example. Given that payouts are huge, cyber-criminals are extremely persistent at finding a way into secure networks. With the growing threat level, increasing regulations, evolving technologies and changing motives, it has become increasingly important to update breach response plans frequently.
Do you often hear things like “That is a typical (insert person's name here) job” or “only (insert person's name here) knows about (insert subsystem or component name here)”? This is an all too common issue in IT companies, and is a seriously dangerous situation to be in. Especially in the modern age where people do not stay at companies for long durations of time anymore. All companies know this and all talk about how they need to start doing something about it. But very few ever actually do until that person finally announces that they are leaving, then they need to make do with a brief handover period and muddle through without them until the next person becomes an expert in that area and we repeat this process all over again.
Quote for the day:
"Present solutions. Minimize waste. Engage willingly." -- S. Chris Edmonds