"The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of trusted organizations," Durbin says. "In 2017, we will see increased sophistication in the threat landscape with threats being tailored to their target's weak spots or threats mutating to take account of defenses that have been put in place. Cyberspace is the land of opportunity for hacktivists, terrorists and criminals motivated to wreak havoc, commit fraud, steal information or take down corporations and governments. The solution is to prepare for the unknown with an informed threat outlook. Better preparation will provide organizations of all sizes with the flexibility to withstand unexpected, high-impact security events."
Some experts don’t like talking about “Crisis Theory” when talking about the “challenges” that the software industry is increasingly facing in today’s harsh business environment. If we look further into the yield of the industry for the last 5 years as expressed by the Standish Group CHAOS Report 2015, we should at least pause. I’ve seen debates from some expert watchers about the methodology used in gathering data and deriving results to produce this report. However, I still don’t think that there is much disagreement on the significance of the report to a wide sector of watchers and practitioners as a source of data on performance in the industry. I personally find that piece of work very representative of what I see on the ground during my daily practice.
Despite media darling success stories, for most organizations this is probably a bit too much to wrap their heads around at this point. This is understandable, as the pace of change outperforms their ability to digest and keep up with it. As for developers, on either side of the fence (vendor or application developers), both the challenges they are faced with and the stakes are higher. Of course, none of this is all that new. IDC has called this the 3rd platform, but names aside, we've seen it all before: many riding the wave and few actually getting it, the .com boom and bust, initial resistance giving way to unquestioning convert, more or less successful unification of disparate frameworks in application server environments for enterprises, skill shortage and rock star developers, the long tail for people and organizations alike.
The new version of KillDisk encrypts the local hard drives of the machines it infects as well as any network-mapped folders shared across the organization, using RSA 1028 and AES algorithms, CyberX’s vice president of marketing Phil Neray said in a blog this week. The security firm’s reverse engineering of the malware sample showed it containing a pop-up message demanding a ransom payment of 222 Bitcoins or roughly $206,000 in return for the decryption key. Ransomware attacks on companies in the industrial sector could cause significantly bigger problems than similar attacks on companies in other sectors. For example, an attack that succeeded in locking up the operational data upon which physical processes rely could do serious and potentially even catastrophic damage to people and property.
The technology will be the "backbone of many of the most innovative apps and services of tomorrow," but it remains a mystery for many people who will eventually see AI influence their daily lives, according to LeCun. "Increasingly, human intellectual activities will be performed in conjunction with intelligent machines," he wrote. "Our intelligence is what makes us human, and AI is an extension of that quality." LeCun also predicted that health care services and transportation will be among the first industries that AI transforms. "The most meaningful thing Facebook can do in AI in 2017 is to make their chatbots useful, as so far they are weak and lack slick utility," Moorhead says. "Consumers are using them a few times, see they don't do much well and stop using them."
While some systems learn by looking at a set of examples in bulk, other sorts of systems learn through interaction. Bias arises based on the biases of the users driving the interaction. A clear example of this bias is Microsoft’s Tay, a Twitter-based chatbot designed to learn from its interactions with users. Unfortunately, Tay was influenced by a user community that taught Tay to be racist and misogynistic. In essence, the community repeatedly tweeted offensive statements at Tay and the system used those statements as grist for later responses. Tay lived a mere 24 hours, shut down by Microsoft after it had become a fairly aggressive racist. While the racist rants of Tay were limited to the Twitter-sphere, it’s indicative of potential real-world implications.
Unless you have been living under the proverbial rock, you probably heard about a number of Internet of Things (IoT) attacks this fall, beginning with KrebsOnSecurity, then OVH, then the DDoS attack on Dyn DNS. All of this started with a bot called Mirai, and involved IoT devices. Why is this important? By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion. A survey by HP indicates that about 70% of these devices have vulnerabilities, making them the perfect targets for botnets like Mirai. Below is a collection of 10 blogs written by industry experts on this topic, that will help you fully understand the implications of this botnet and what it means for the future of connected devices.
Hopefully the information security team has already planned out a procedure to follow in the event of a ransomware attack. They should begin by notifying the authorities and applicable regulatory bodies. The plan identifies the organization’s recovery time objective (RTO), and recovery point objective (RPO) for data breaches. In the event that a backup exists, then cyber-forensic evidence of the incident should be preserved and documented for/by law enforcement. In the event that there are no redundancy systems or if the secondary systems are compromised, then the information security team can find and implement a vendor solution or decryption tool. In many cases, files may be partially corrupted or incompletely decrypted. Even if a vendor solution is a simple executable, the victim may not be able to assure that their system is not still compromised by inactive ransomware, backdoors, or other malware.
Today, enterprises are moving toward a clean SOA and embracing the concept of an MSA within a SOA. Possibly the biggest draws are the componentization and single function offered by these microservices that make it possible to deploy the component rapidly as well as scale it as needed. It isn't a novel concept though. For instance, in 2011, a service platform in the healthcare space started a new strategy where whenever it wrote a new service, it would spin up a new application server to support the service deployment. So, it's a practice that came from the DevOps side that created an environment with less dependencies between services and ensured a minimum impact to the rest of the systems in the event of some sort of maintenance.
Dealing with inadvertent and malicious insiders is similarly hard, as it poses similar challenges. It requires a unique set of tools and practices to be implemented, and can only be done when company fully realizes and acknowledges the danger of insider threats in cyber security and how to combat them. All of this is due to the fact that insiders have legitimate access to sensitive data, with which they work on a daily basis. Therefore, it is very hard to distinguish any malicious actions on their part from the usual everyday routine. Whether your system administrator does regular backup or copies data to an external storage in order to steal it and sell it – there is almost no way for you to know. Moreover, it is also almost impossible to distinguish between deliberate malicious actions and inadvertent mistakes.
Quote for the day:
"Tact is the ability to describe others as they see themselves." -- Abraham Lincoln