Board participation elevates cyber risk beyond the day-to-day concerns of the IT function to become a part of the company’s overall strategic planning. It’s a level of importance commensurate with the level of risk associated with a major breach. Companies can further prioritize cybersecurity by making sure the C-suite is involved in a review of the company’s information security strategy and budget. This includes gaining a clear understanding of what’s at stake in the event that certain systems or data are compromised — and ensuring plans are in place to mitigate the most pressing risks. The good news is the GSISS found companies are starting to elevate the role of chief information security officer (CISO) beyond IT: Respondents report it is more common for a company’s CISO to report directly to the CEO (40 percent) or the board of directors (27 percent) than to the CIO.
MIT predicts that more cyber attacks targeting electrical grids, transportation systems and other types of national critical infrastructure are likely in 2018. Cyber-physical attacks are expected to be designed to either cause immediate disruption or to threaten to shut down vital systems to extort money from operators. MIT also predicts that 2018 will see researchers and attackers uncovering cyber vulnerabilities in older planes, trains, ships and other modes of transport. Another trend expected to continue and expand in 2018 is the hijacking of computing power to mine cryptocurrencies by solving complex mathematical problems. According to security firm Malwarebytes, it blocked 11 million connections to cryptocurrency mining sites in a single day in 2017. MIT warns that cyber attackers hijacking computers for cryptocurrency mining could have a devastating effect if they target computing resources at hospitals, airports and other similar locations.
A multi-cloud management solution lets IT dramatically simplify operations through visibility and automation. The SaaS-based tool gives IT managers an aggregate view of their entire hybrid IT environment — from a variety of public clouds to traditional on premises IT and from containers to VMs. Shadow IT activities that were previously unaccounted for are now easily and quickly tracked, letting IT better understand and meet the needs of their developers. Automation and proactive management deliver a low-ops lifecycle management experience, giving IT more time to pursue new, innovative tasks that can help grow the business. In its new command and control role, IT is no longer reacting to constant needs. Instead, IT can build quota-based project workspaces for individuals or groups; IT can also streamline DevOps requests and the approval process.
This year will see the emergence of an AI-driven arms race. Security firms and researchers have been using machine-learning models, neural networks, and other AI technologies for a while to better anticipate attacks, and to spot ones already under way. It’s highly likely that hackers are adopting the same technology to strike back. “AI unfortunately gives attackers the tools to get a much greater return on their investment,” explains Steve Grobman, chief technology officer at McAfee. An example is spear phishing, which uses carefully targeted digital messages to trick people into installing malware or sharing sensitive data. Machine-learning models can now match humans at the art of crafting convincing fake messages, and they can churn out far more of them without tiring. Hackers will take advantage of this to drive more phishing attacks. They’re also likely to use AI to help design malware that’s even better at fooling “sandboxes,” or security programs that try to spot rogue code before it is deployed in companies' systems.
It's better for experts to partner with data scientists who already know what they're doing. The collective goal of this partnership is to curate the company's data into information, knowledge, and wisdom that expands and supports the experts' base of knowledge. For instance, hypotheses can be tested and vetted using the company's operational data and then developed into an expert system. This becomes a private repository of information that can only be accessed by the experts. ... The first pitfall is a very important one: Don't practice data science without the help of data scientists. The time spent struggling with the nuances of the database or the analytic engine is not time well spent. It's easy to spend days or weeks troubleshooting an inefficient query or a complicated database join when that work is better suited for the data professionals. Also, you must ensure your information doesn't lose its power by making it so obscure that nobody outside the expert group understands what it means.
As we enter the next phase of IoT evolution, businesses are now able to utilise the entire spectrum to improve the efficiency of their data processing and reduce the need for high-power resources. The emergence of fog computing is enabling companies to extend cloud computing to the edge of a network, to store data without relying on cloud-based centres and facilitate communication outside of the internet’s infrastructure. By sitting closely to the edge, which today in many cases would be a physical object such as a sensor, owners are able to gather more selective yet valuable data nearer to its source, reducing the data capacity needed for information to travel before it is processed. This improved decision-making can now be widely leveraged to ensure the most relevant intelligence is communicated to data centres, resulting in less unnecessary, energy-consuming data and more available resources for big data IoT.
With $4 billion in capital raised in ICOs, and very little utility value to show for it, it's tempting to call token offerings a bubble. However, the more likely truth is that the same forces that gave rise to today's paradigm-shifting technologies (see: Carlota Perez's definitive book) are at play in the world of crypto. And that while we may be entering bubble territory, the key difference between tulips and crypto is how speculative capital was deployed – the former into manufacturing an asset and the latter into technology development. Still, money is no guarantee of success, which is why I've been spending a lot of time thinking about capital deployment into crypto, a topic deserving of more attention because it will be a major proof point for the ecosystem's long-term trajectory. It is also an area of competitive advantage for crypto projects in the next five years.
Most current facial recognition options are incapable of determining if the subject of the verification is actually there in person, leaving them susceptible to spoofing by a photo, video, mask or an inanimate representation like a 3D fake head. Why? They lack the ability to detect a critical aspect of true authentication during login: liveness, or the detection of unique human traits that can include movements, skin texture and eye reflections. For context, Apple’s Face ID matches images and can determine three-dimensionality (depth analysis), but it lacks robust liveness detection that can determine whether or not the correct user is actually present in the flesh at the time of login. The multitude of spoof videos already on YouTube clearly show its current limits. Apple’s proprietary technology will undoubtedly improve over time. However, the speed at which it develops will be impeded by their decision to use a specialised – and costly – hardware-based approach.
The reasons behind the need for next-generation networks are manifold. Businesses are looking to cut their IT spend and improve operating costs while delivering services more quickly and maintaining superior-quality services. In an attempt to do that, enterprises are looking for systems that are agile and easy to deploy. Cloud-based applications and infrastructure platforms are the right match to meet high-level business objectives. Enterprises are adopting software-as-a-service (SaaS) such as Microsoft Office 365 and Salesforce and that has made the internet an essential component of the enterprise backbone. Archana Kesavan, senior product marketing manager at ThousandEyes, says that when the internet becomes the backbone of enterprise communication, organisations need to think proactively about their next-generation WAN having network monitoring tightly integrated within it.
Here’s how EIoT works: By adding sensors and connectivity to refrigeration units, automobiles, or assembly lines, vendors create “digital twins” — virtual representations of a physical object complete with key attributes and metrics. MicroStrategy applies this concept to people, creating a “digital badge” called Usher to enable the digital “twinning” of employees, partners and customers. “The device projects the badge holder’s identity to the system,” Lang says, and “can stream data about the person’s context and actions in real time” to power security and other analyses. Lang says MicroStrategy already uses Usher internally, and it is testing it with customers around the world. The concept makes sense, but I have to admit I find it a little bit creepy. Even in a workplace environment, I’m not sure I like the idea of a digital mini-me being tracked by my employer.
Quote for the day:
"Being challenged in life is inevitable, being defeated is optional." -- Roger Crawford