Daily Tech Digest - February 10, 2017

Are Companies Doing Enough On The IoT Security Front?

Device manufacturers need to make sure security is incorporated into the design and embedded in the product life cycle, Laliberte says. “Design the product to be easy for the consumer to secure,” he says. “Do not rely on them to perform critical activities needed to secure the device. They will likely not do it.” Ultimately, users of IoT and the product manufacturers “have an obligation to install and create IoT products in ways that maximize usefulness and minimize risk,” Laliberte says. “The use of IoT devices is going to expand rapidly, and without adequate security we have the potential to introduce unknown dangers into our homes, workplaces and communities.” The overwhelming amount of insecure and unsecured IoT devices worldwide practically ensures that we’ll continue to see attacks such as DDoS continue to proliferate worldwide for the foreseeable future, DiDio says.

Solving Data Gravity Pain

Data gravity introduces significant industry challenges. BI has primarily lived on-premises, with only a minuscule 2 percent of BI applications living in the cloud. Even as the industry shifts more and more apps rapidly to the cloud, data warehouses and many other data sources still often reside on-premises for a long time. Thus, we anticipate an increased need for BI apps to query across both realms, on-premises and cloud, as the latter matures. Data gravity is an undeniable market force that we’re seeing in our BI industry mid-life crisis. The mobile- and cloud-first world – one in which a myriad of apps for every conceivable function generate more data in the cloud than on-premises. As more apps are delivered via mobile, cloud and Software as a Service (SaaS), the center of data gravity is already shifting.

Highlights from the Cisco 2017 Annual Cybersecurity Report

The cyber perimeter of organisations has not been restricted to their physical boundaries for some time, and the continued blurring of the line between work and private lives has further increased the attack surface area of many organisations. The increasing use of BYOD and home-working schemes, with employees carrying their devices everywhere, has continued to expand the security perimeter so that organisations’ physical borders have become a hub within the cyber perimeter. The security perimeter has also been extended beyond organisations’ physical devices to the immaterial and unlimited space represented by the Cloud environment, where Cloud solutions are being increasingly adopted worldwide.

Twitter hopes machine learning can save it from oblivion

Twitter began making more noise about its machine learning investments last summer when it acquired Magic Pony Technology, which had developed image-reading technology. At the time, Twitter also highlighted two past acquisitions in this space: Madbits in July 2014 and Whetlab in June 2015. During the call, Dorsey revealed that Twitter had hired Jan Peterson to oversee its “science efforts, all of our deep learning, all of our machine learning and artificial intelligence.” Dorsey pointed to the growth over the last three months in statistics like daily active users, engagement, and tweet impressions that people see. The company has been breaking away from its traditional firehose, real-time format to help users find more interesting tweets that they may have missed.

NACD Publishes Five Cybersecurity Principles Every Board Director Needs to Know

Directors are under tremendous pressure to appear to be doing something to get a handle on cyber risks. In many cases, this is manifested by the questions boards are asking CISOs and other managers. For example, the handbook warned that employees and contract workers, while indispensable assets, can also become easy vectors of attack for external actors, highlighting the need for regular security awareness training, strong controls and a strong organizational culture. According to NACD, only 42 percent of public directors are confident or very confident that their company is properly secured against a cyberattack, versus 29 percent for private companies. Similarly, just 42 percent of public directors are moderately confident, in contrast with 39 percent for private companies.

The Biggest Tech Trends of 2017

As the technology matures further over the course of the year we can expect prices to drop as more competitors enter the market. The technology as it stands currently has a prohibitively high pricing point, and increased competition in the sector should push prices down to a point that we see VR headsets in most households. VR is more than just a consumer phenomenon; there are strong business use cases for the technology as well. We can expect more and more business applications for VR to crop up over the next 12 months. One of the most interesting areas for expansion is retail – as retailers use VR to show how a watch might look on your wrist or how a new coffee table would look in your living room. There are so many possibilites with this technology that have yet to get the industry’s attention and investment that they deserve – this will all change in 2017.

Agility Robotics Introduces Cassie, a Dynamic and Talented Robot Delivery Ostrich

Today, Agility Robotics, a spin-off of Oregon State University, is officially announcing a shiny new bipedal robot named Cassie. Cassie is a dynamic walker, meaning that it walks much more like humans do than most of the carefully plodding bipedal robots we’re used to seeing. This makes it better at handling the kind of diverse and complex terrain that we walk over all the time without even thinking, a talent that’s going to be mandatory for robots that want to tackle the different environments and situations that they’ll need to master to be actually useful around people. In addition to search-and-rescue and disaster relief, Agility Robotics has one particular environment and situation in mind: They want Cassie to be scampering up your steps to deliver packages to your front door.

When Hackers Hack Hackers

While most cybercriminals tend to set their sights on siphoning valuable data from poorly protected enterprises, there's no limit to the kinds of targets they'll seek out. There's no honor among thieves, so it shouldn't be a surprise that with the right kind of motivation, malicious hackers will happily attack other black hat and grey hat hackers. Sometimes the attacks are purely mercenary: rivals know they can hit pay dirt very quickly if they find an easy way to tap into data stores of already vetted stolen identities or financial information. Similarly, certain kinds of cyber skirmishes are initiated to take competitors out. And then there are the attacks that are a little more personal: to show someone up, settle a score, or otherwise make a philosophical stand. Regardless of the motives, these kind of squabbles offer up a satisfying dose of schadenfreude for cybersecurity pros beleaguered by the bad guys.

Attorneys Predict A Demanding Year For IT Outsourcing Customers

Outsourcing customers will want to add flexibility to the IT service deals by seeking new termination rights, the right to switch locations, the right to insource, and other similar protections. However, Masur warned, providers are likely to push back insisting that these issues are customer — not provider — problems to solve. “To some degree these political changes may well accelerate the move to sourcing models offering cost savings not based on offshore labor arbitrage such as cloud services, robotic automation and utility offerings. “While these sourcing strategies may result in the elimination of American jobs,” Masur says, “they cannot be attacked as offshoring jobs to foreign countries.” The net result of the current political environment is hard to pinpoint.

Teaching smart gadgets privacy manners

So how should engineers approach building privacy controls into IoT devices? Use new ISACA privacy resources! I am grateful and proud to have been part of the two ISACA International Privacy Task Force groups, both led by Yves Le Roux, since 2013, and to have been the lead developer authoring the newly released ISACA Privacy Principles and Program Management Guide (PP&PMG), incorporating the recommendations and input of the International Task Force members, as well as a complementary privacy guide targeted for publication in mid-2017. The ISACA PP&PMG outlines the core privacy principles that organizations, as well as individuals, can use to help ensure privacy protections. These privacy principles can be used by engineers to build the important privacy and security controls into IoT devices right from the beginning of the initial design phase, and use them all the way through the entire product development and release lifecycle.

Quote for the day:

"A brand is no longer what we tell the consumer it is - it is what consumers tell each other it is." -- Scott Cook

No comments:

Post a Comment