Not surprisingly, the IoT is making strong inroads in the medical devices industry. Medical devices companies are transforming themselves from devices/consumables providers to disease/care management organizations. Digitization in acute care, chronic care or in adherence is greatly aided by IoT-powered medical devices such as subcutaneous drug delivery units, continuous glucose monitors and vitals monitoring equipment. There are also more fundamental shifts forcing medical devices companies to reinvent themselves: the consolidation of group purchasing organizations (GPOs) and accountable care organizations (ACOs) under healthcare reform, the growing focus on prevention and wellness management, technology convergence, value-based healthcare, etc. The arrival of digital enterprises such as Google and Apple into the consumer health space is ushering in new possibilities.
Things are never that clear cut in the world of cyber-crime and, as last year's Hidden Threats in Encrypted Traffic report revealed, almost half of cyber attackers used encrypted traffic to evade detection. So, are the kinds of encrypted tunnels created using HTTPS helping the bad guys, and how can enterprises best secure data from attackers hiding in encrypted traffic? SC Media has been investigating. We started by looking at how threat actors typically use something like HTTPS as part of an attack scenario. "HTTPS creates encrypted tunnels that go in and out of our organisations. Security controls can't look inside unless they are enabled to do so,” Kevin Bocek, VP security strategy at Venafi, reminds us, continuing “cybercriminals exploit the inability to look inside of encrypted HTTPS tunnels to launch their attacks…”
No matter what industry you’re in, data is the lifeblood of modern business. A high-quality cyber preparedness program will not only focus on keeping the data safe and secure. It will also help to increase and improve the integrity of that data to make sure that you have the right and complete data upon which to base your business decisions. Recently, an equipment manufacturer with a long track record of strong sales and premium pricing noticed that they were losing market share. Their analysis revealed that their products were having a much higher fail rate than usual. As a result, an increasing number of customers were opting to buy from other competitors. After further investigation, the company realized it had actually been the subject of a cyber attack. However, this wasn’t a typical breach in which customer or company information was stolen.
"This is in fact my first hack ever," they said in an email sent from the same address posted to the hacked Freedom Hosting II sites. "I just had the right idea." The hacker said they first compromised the service on January 30, but only had read access; meaning they couldn't change or delete files, but just see what sites were hosted. "Initially I didn't want to take down FH2, just look through it," the hacker said. But they then allegedly found several large child pornography sites which were using more than Freedom Hosting II's stated allowance. Usually, Freedom Hosting II has a quota of 256MB per site, but these illegal sites comprised of gigabytes of material, the hacker claimed. "This suggests they paid for hosting and the admin knew of those sites. That's when I decided to take it down instead," the hacker said. At the time of writing, the hacker claims to have found 10 child pornography sites with approximately 30GB of files.
Just when you think you've got search engine optimization down, Google shakes things up. And in 2016, the search behemoth was busy. An animated infographic published by digital agency E2M explains Google's algorithm changes and how they affect marketers. The good news for marketers is that the impact of those changes has lessened over the years, the infographic explains. But marketers should still understand what happened and why. For example, AdWords placement changes had a big effect on clickthrough rates, the infographic says, and the Possum update in September changed how local results rank. For more on Google's 2016 SEO updates, check out the animated infographic
When you visit an emcSSL-enabled site, the site requests your browser to present a client certificate. If the client has no certificate or doesn't present one, the server, depending on the settings, can switch to a traditional password authentication system or refuse to proceed. If the certificate exists, you submit it and the browser automatically associates the server with a certificate. Upon receiving a certificate, the server, in turns, checks its signature. Successful signature verification proves that the certificate was generated for the emcSSL system. The server generates a random number (session password), encrypts it with the public key of the presented certificate, and sends it to user’s browser. The session password is established for this and only this connection.
In the retail asset management sector we have witnessed a wave of consolidation in the US, notably with roboadvisors. Most incumbents have placed their bets and the few remaining independent startups have survived, so far. We have yet to see consolidation in Europe. Arguably, there are fewer roboadvisors in Europe than in the US and most are younger so we might not see full consolidation yet. I would not be surprised if a European incumbent or two makes an acquisition though. I remain interested in roboadvisor models, especially those that will make effective use of ETFs, micro investing or micro saving and build a social layer that enables high engagement. I think there is still space for these types of models. Additionally, there is still much to be done to modernize incumbents and to date few fintech startups with a b2b model have emerged in asset management.
"Nowadays, everything about technology moves fast, including what skills companies look for in their IT staff," said John Reed, senior executive director for Robert Half Technology, an IT staffing company based in Menlo Park, Calif. Interest in cloud technology continues to grow: IDC expects spending on public cloud services to rise from $96.5 billion in 2016 to $195 billion in 2020 -- a compound annual growth rate (CAGR) of 20.4%. And, as that growth continues, companies face a dearth of available talent as they try to deploy more cloud technologies, said Jay Lyman, principal analyst, cloud management and containers, at 451 Research, an analyst firm based in Boston. There are a few steps IT pros can take to nudge their resumes toward the top of the Human Resources pile.
“The conversation hasn’t even gotten to the hill because [the Mirai attack] happened during the elections,” Scott says. “The hill is slow to evolve because they think additional standards will somehow snuff out the entrepreneurial marketability. But security-by-design as an enforceable standard is no different from car manufacturers having to include brakes on their vehicles.” The manufacturers won’t do anything until their hand is forced. And the consumers can only do so much. We’re all left floating in the iceberg field, waiting for the big one to crack the hull. When I ask Grau to predict the future of these attacks, he mentions the possibility of hackers using ransomware to infect a bunch of devices and then telling the manufacturers to pay up or face the consequences.
What is less well documented are the pain points which are common across all industries. The differences often come to the fore - security execs tend to stay within a vertical, and for the majority of my career, I was no exception. I have taken the leap from the end-user or customer space, into the world of security platform vendor and in my new role, I get to speak with leaders in all industries and the similarities far outweigh any esoteric differences. While regulation differs across industry, technology is pervasive in all fields. Everyone is handling customer data, all industries have a web presence, a breach has a catastrophic effect on stock price, shareholder confidence, and your board credibility. Granted, regulations in certain industries which require prescriptive controls but good security hygiene should not be reserved for those in government or financial services.
Quote for the day:
"Do what you can, with what you have, where you are." -- Theodore Roosevelt