Many organizations are proactively adopting or updating key technologies that are essential to gathering and analyzing threat intelligence. Few capabilities are more fundamental to proactive threat intelligence than real-time monitoring and analytics. This year, more than half of respondents say they actively monitor and analyze threat intelligence to help detect risks and incidents. These technologies provide contextual awareness of threats and an understanding of the tactics, techniques and procedures of adversaries. When analytics and threat intelligence are synthesized in the cloud, it becomes possible to create a single source of enterprise-wide data. Another trend lies in adaptive authentication. As IT systems capture increasingly more information, businesses are starting to leverage additional data points to identify suspicious behaviors and patterns.
Mike Kelly, CTO of Blue Medora, agrees, stating that, “the inability to quickly update something, such as your home thermostat, is where we will see the risk. It’s not about malware getting on the devices, the focus will need to be on the ability to remediate the issue. Like we saw with Windows, there will be a slew of vulnerabilities, but unlike with a computer, patching won’t be as easy with IoT devices,” he says. More connected devices will create more data, which has to be securely shared, stored, managed and analyzed. As a result, databases will become more complex and the management burden will increase. Those organizations that can most effectively monitor their database layer to optimize peak performance and resolve bottlenecks will be in a better position to exploit the opportunities the IoT will bring, he says.
Regulatory scrutiny of cyber risk management, meanwhile, shows no signs of abating and could grow with time. Although the Trump administration is still taking shape, the president’s nominee to lead the Securities and Exchange Commission, Jay Clayton, notably co-authored a 2015 article underscoring the need to proactively manage cyber risks. Further, the new cybersecurity regulation for New York’s financial industry, which went into effect this month, requires identification and documentation of material deficiencies, remediation plans and annual certifications of regulatory compliance. Corporate leaders might wonder how they can begin to assess their conformance with voluntary standards, further strengthen risk management and demonstrate progress in cybersecurity.
First, circumventing established parts of the financial system’s “plumbing” such as Visa and MasterCard is hard. Indeed, several fintech businesses use MasterCard (like Monzo, Revolut, Tide, DiPocket, Loot and Starling). But for the newest startups, this is a ladder to kick away at the earliest convenience. Cryptocurrencies (and other innovations) will start making a dent in the payments infrastructure – but it will take years. ... Second, the major players in the established financial ecosystem try to take care of many of their clients’ needs. Fintech companies could try to replicate this by becoming technologically more integrated with each other, thus enabling users to frictionlessly purchase additional products from alternative fintech providers.
In the finance sector, too many processes remain tedious and time consuming without needing to. Take electronic invoicing as an example of the automation of a task that removes huge amounts of friction. The exchange and handling of almost any data, and particularly things like invoices, purchase enquiries, and requests of financing, are not only more efficiently done digitally, they also greatly reduce errors and delays. Every day, businesses waste time and energy by manually checking invoice documents received from a growing global supply chain. Technology exists that would ensure incorrect invoices are rejected before they even arrive. Additional time is wasted calling and emailing to check on invoices statuses, instead of accessing the information online.
Broadly two classes of AI systems exist. First category called Artificial General Intelligence systems also called as strong AI are supposed to mimic human beings on most aspects. Few systems that fall, attempting to rather, in this class are IBM Watson, Google Assistant and Apple Siri. These systems are not just complex to develop, their usage within an enterprise as well to general public are questionable and limited at best. Obviously these systems are still in research stage and the progress has been comparatively slow. Other class of AI systems called Artificial Narrow Intelligence are supposed to solve a specific problem or useful in a specific kind of scenario. These systems are also called weak AI although an unfair nomenclature and doesn’t justify the complexity, practicality and usefulness involved.
“UK tech must continue to be underpinned by talent that is attracted to, and able to work in, the UK,” she said. “The government has repeatedly voiced support for tech in its recent industrial strategy and digital strategy. Now that Article 50 has been triggered, it is time to back up that approach with concrete details on how the sector will be able to access the talent it needs.” The report also called on the government to undertake a review of how “new technologies can be deployed to ensure frictionless migration systems, including visa applications and movement of people across borders”. It said a smart migration working group should be established to create and evolve a “data-driven, real-time smart migration system”.
While Android-based smartphones and tablets continued to be the primary targets, reflecting the prevalence of the operating system worldwide, iOS-based devices also suffered attacks in the second half of the year, primarily by Spyphone surveillance software that tracks users' calls, text messages, social media applications, web searches, GPS locations and other activities. The Threat Intelligence Report also exposed major vulnerabilities in the rapidly expanding universe of IoT devices, underscoring the need for the industry to re-evaluate its IoT deployment strategies to ensure these devices are securely configured, managed and monitored. ... “The Mirai botnet attacks last year demonstrated how thousands of unsecured IoT devices could easily be hijacked to launch crippling DDoS attacks. As the number and types of IoT devices continue to proliferate, the risks will only increase."
During the 54-hour DDoS attack on the college, researchers observed a pool of attacking devices normally associated with Mirai such as CCTV cameras, DVRs and routers. Attack traffic originated from 9,793 IPs worldwide, but 70% of the botnet traffic came from 10 countries. The U.S. topped the list by having 18.4 percent of the botnet IPs. Israel was next with 11.3 percent, followed by Taiwan with 10.8 percent. The remaining seven countries of the top 10 were India with 8.7 percent, Turkey with 6 percent, Russia with 3.8 percent, Italy and Mexico both with 3.2 percent, Colombia with 3 percent and Bulgaria with 2.2 percent of the botnet traffic. ... Incapsula said, “This–and the size of the attack itself–led us to believe that we might be dealing with a new variant, which was modified to launch more elaborate application layer attacks.”
What do an iOS developer, a social media intern, a UX designer and a big-data architect have in common? As recently as 10 years ago, their job titles were rare (or didn't exist at all). Today, these titles are a dime a dozen for young professionals. In 2008, there were zero big-data architects on LinkedIn. In 2013, there were 3,440. (It might not come as a surprise that nearly 70 percent of parents admit they don't have a clear understanding of their children's jobs). Technology's rapid evolution has led to a surge of digital tools in the workplace. In some cases, it's created entirely new industries. But it's also created a gap between generations. If companies hope to address the challenges of a multigenerational workforce, it's critical for leaders to embrace these differences as opportunities.
Quote for the day:
"The best minute I spend is the one I invest in people." -- Ken Blanchard