The technologies used by remote workers to access the information they need to undertake their day-to-day operations from home has needed to evolve. Simply allowing your staff to access the file repositories on your network from home as they would in the office, could leave you open to being infected should their laptop or home PC be carrying a virus. It is just not practical to rely on the IT department to secure the myriad of bring your own device (BYoD) personal end-points that remote workers use, therefore, other solutions have become necessary. Many organisations have started providing specific remote desktop solutions via the cloud. These send a live snapshot of your office desktop to a remote device. If a user clicks or types, these interactions are reflected on the server.
In a detailed review of the opportunities for such attacks, GReAT researchers identified two main approaches: passive and active. Passive attacks involve intercepting other groups’ data in transit, for example as it moves between victims and command and control servers – and are almost impossible to detect. The active approach involves infiltrating another threat actor’s malicious infrastructure. There is a greater risk of detection in the active approach, but it also offers more benefits as it allows the attacker to extract information on a regular basis, monitor its target and their victims, and potentially even insert its own implants or mount attacks in the name of its victim. The success of active attacks relies heavily on the target making mistakes in operational security.
According to Allianz, premium income from cyber security will rise to $20 billion by 2022. That’s a big jump from researchers’ current estimate of $3 billion gross written premiums. But cyber security is not something insurers want to attempt on their own—they will need to acquire, grow or partner for the advanced cyber security skills and capabilities ... The first wave got a tepid response because businesses were oblivious to the threat. The second fell flat as businesses chose to invest in security infrastructure rather than cyber insurance. Today, however, high profile breaches have made both insurance and business leaders keenly aware of the potential business and financial impacts. The magnitude of the threat is being emphasized by the emergence of new industry and government regulations around cyber security. However, cyber insurance is not an easy offering to design.
In Silicon Valley, failing has turned into a badge of honor. The more you fail, the more you are praised. It's kind of like an unusual victory where no one actually wins. This mentality isn't contained to one region though. It has spread throughout the entire tech industry. Bradley says, "Failing fast is a joke. Anybody who says they want to fail fast or fail slow doesn't understand it. You don't want to fail fast. You don't want to fail slow. You don't want to fail." I've had my fair share of failures in the past, and I'm sure you have as well. If you have truly experienced failure, you would know that the last thing anyone would ever want to do is fail. So what's the alternative? "To get ahead, you want to accelerate and improve your rate of learning on everything that you do," Bradley says.
Monitoring and threat detection are crucial if businesses are to stay ahead of the curve, and security analytics has emerged as a popular way to counter attacks. It involves the collection, aggregation and analysis of security data, usually combining datasets with sophisticated detection algorithms. Security analytics is extremely diverse, and there is a plethora of ways to collect data, including software, cloud resources, external threat intelligence sources and network traffic. According to a report from Markets & Markets, the industry was worth $2.83bn in 2016 and will reach $9.8bn by 2021. But does the sector live up to the hype? As a market, security analytics is packed with suppliers. Ranging from corporate diehards to fast-growing startups, the industry abounds with choice.
“Entrepreneurial businesses have a much closer understanding than multinationals of how the rules of doing business have changed. This awareness combined with their size and agility has enabled many of them to adjust to the uncertain market conditions. The research shows that tech entrepreneurs are acutely aware of the need to react to changes in market demand and make business decisions more quickly. For many, the ability to lay their hands on reliable and up-to-date data in a format that is tailored to the operational needs of the business is now critical.” With more changes on the agenda, tech entrepreneurs know they could be facing diverse risks in the year ahead. The top three risk factors identified were cash flow difficulties; the potential impact on geopolitical uncertainty on trading activity and a general lack of resources – in particular, a shortage of senior management time.
The sluggish progress in building an Edge add-ons e-mart was, argued Williams, the result of Microsoft's "purposefully metered approach as we onboard new extensions," as well as the company's "high bar for quality." Additionally, said Williams, Microsoft was taking its time approving add-ons because poorly crafted extensions could weaken the security of the browser, impede its performance and degrade its reliability. Her explanations — depending on one's cynicism, they could be called excuses — were in sync with other statements Microsoft has made over the last two to three years. "Our experience over the past 20 years has taught us that poorly written or even malicious add-ons were a huge source of security, reliability and performance issues for browsers," wrote Drew DeBruyne, a general manager in the Edge group
As we noted earlier, Java support in Visual Studio is skimpy, leading many developers to turn to the "Language Support for Java by Red Hat" extension in the Visual Studio Code marketplace. Although it's still listed as a preview, Red Hat yesterday noted the tool was first announced a year ago and has reached the 1 million download threshold. "During this past year, we made 10 releases, added various features, fixed many bugs but more importantly, we have constantly grown our user base and finally reached and passed a million downloads on the Visual Studio Marketplace," Gorkem Ercan said in yesterday's post. When announcing the extension in September of last year, Gorkem said the initial release sported a modest feature set
Upping the security of IoT/EoT is not that hard. Most current-generation IoT devices are built using commodity microcontrollers that are not inherently designed with the security components built into mobile phone-derived SoCs (e.g., trusted execution “vaults,” encryption engines, VPNs). With a long history of security enhancements over the years and a compelling need to compete in security features, it’s much more appropriate to utilize “downsized” mobile SoC technology than trying to reinvent security in software on chips not inherently designed with the same number of security subsystems. As a result, downsized mobile SoCs have both a competitive advantage in system capability, even if they may cost somewhat more, and have already-proven security features that microcontrollers generally can’t match.
Risk management is a standard part of doing business. Organizations are already adept at tolerating and mitigating such problems as shrinkage, downtime, turnover and waste. These are treated not as threats to the business, but as costs to be managed and avoided. Why not take the same approach to cybersecurity? CEO silence damages the security posture of any organization. When top executives talk, things happen, but as long as cybersecurity is delegated to a subgroup of the IT organization, people will believe that it’s someone else’s problem. That’s a shame, because the vast majority of breaches can be prevented with a few basic practices: Choose strong passwords, don’t click on unknown links, keep up-to-date with patches and antivirus definitions and protect devices with authentication. Most business professionals are aware of these facts, yet surprisingly few observe them.
Quote for the day:
"Ineffective leaders don't react to problems, they respond to problems and learn." -- Danny Cox