The organisations have also developed a series of joint initiatives, which are still in their early stages and in the process of being launched. One of these is a cyber security working group, which will bring together industry representatives with NHS Digital. The working group has three initiatives that are now in the planning phase. These are: TechUK promoting NHS Digital’s hunt for a partner organisation to expand its security operations centre; setting an innovation challenge for suppliers to create a mechanism to trace data back to the original source; and “to assist NHS Digital to baseline the level of cyber security of medical devices”. The partnership will also undertake a review of NHS Digital’s domains within the Personal Health and Care 2020 framework to find a “common view of the best way to engage with the market at an early stage” and establish governance groups for each domain.
We're facing the prospect of many or most employees carrying semi-concealed sensor bundles that connect either via Bluetooth, Wi-Fi or cellular networks and that track location. It will be difficult or impossible to know which sensors and components are built into which glasses. And in any event, the banishment of these sensor bundles will be extremely difficult, since they're also required for vision and therefore the basic performance of employees' jobs. You can ask meeting attendees or R&D visitors to leave their phones in a box outside, but you can't do that with glasses. In addition to threats to trade secrets and heightened exposure to hacking, there will be new issues with illicit recordings and captured data between and among employees and by partners, customers and others. Nobody has the answers to these challenges. But companies that want to stay ahead of the game need to start figuring out solutions sooner rather than later.
Most breaches we see target traditional apps and on-premises environments, not the cloud infrastructure itself. Think Target, Yahoo, and JP Morgan Chase. To date, no cloud application or cloud vulnerability has been the direct source of a cataclysmic breach, and we don't envision this changing anytime soon. In analyzing more than 2.2 million verified security incidents captured in the Alert Logic network intrusion detection system over an 18-month period, the public cloud accounted for, on average, 405 incidents per customer. This was significantly lower than incidents occurring in on-premises environments (612 per customer), hosted private clouds (684), and hybrid cloud environments (977). While the Spectre and Meltdown vulnerabilities didn't bypass cloud deployments, the impact is likely to be disruption from necessary patching and subsequent performance issues. We're unlikely to see a major breach attributed to Spectre and Meltdown because they are unlikely to be used as initial attack vectors.
Hiring great talent starts with attracting the right talent. Here, an effective, engaging and inclusive job description is key. With a little upfront effort, you can craft just the right job description to bring a wide range of highly talented candidates into your pipeline — and ensure you’re not turning off talent before they even apply. "The best job descriptions combine a little bit of marketing, the reality of the role, the necessary skills and competencies and the organization's culture. All those things put together are key to how to present an open role to the market," says Justin Cerilli, managing director of financial services and technology at Russell Reynolds and Associates, an executive search and leadership transition firm. In addition to the standard role description and skills and experience required, recruiters and hiring managers must place an emphasis on culture, mission and values to avoid making a bad hire.
“We need to scale AI out to more people,” Fei-Fei Li, chief scientist at Google Cloud, said ahead of the launch today. Li estimates there are at most a few thousand people worldwide with the expertise needed to build the very best deep-learning models. “But there are an estimated 21 million developers worldwide today,” she says. “We want to reach out to them all, and make AI accessible to these developers.” Cloud computing is one of the keys to making AI more accessible. Google, Amazon, Microsoft, and other companies are rushing to add machine-learning capabilities to their cloud platforms. Google Cloud already offers many such tools, but they use pretrained models. That limits what they can do—for example, programmers will only be able to use the tools to recognize a limited range of objects or scenes that they have already been trained to recognize. A new generation of cloud-based machine-learning tools that can train themselves would make the technology far more versatile and easier to use.
While many people hear the term "disruption" and immediately think Amazon and Uber, industry-changing companies that tap tech advancements are now a reality across all business sectors, according to a Monday report from Accenture. Of 3,600 companies surveyed across 82 countries, with annual revenues of at least $100 million, 63% said they currently face high levels of disruption, the report found. ... Instead, it has a pattern that businesses can identify and prepare to combat. "Disruption is continual and inevitable — but it's also predictable," Omar Abbosh, Accenture's chief strategy officer, said in a press release. "Business leaders need to determine where their company is positioned in this disruption landscape and the likely speed of change. The more clearly they see what's changing around them, the better they can predict and identify opportunities to create value from innovation for their business and rotate to the 'new.'"
For those determined enough, there are always ways to smuggle data out, from photographing a computer screen using an iPod with a built-in camera, or inserting a device known as a Teensy, which can bypass USB blocking technology by masquerading as a computer keyboard. ... Such controls may irrelevant, however, if contractors are able to access GCHQ's operational IT system remotely from the offices of an IT supplier, or even from home. Depending on the security of the computer systems they are using, it could be much easier to download and remove sensitive data. On this matter, GCHQ has so far appears to have had little to say in public. Why GCHQ is focusing almost exclusively on the security of its command line interfaces in its evidence is difficult to understand. One explanation may be that the organisation does not feel sufficiently confident about the systems it has in place to monitor the activities of its systems administrators
“Our hope is that CISOs and senior leaders can use this report as a tool to start a deep dialogue about the critical need for cybersecurity within their organizations,” said Raytheon Chairman and CEO Thomas A. Kennedy. “Every day the cyber threat is growing more sophisticated and aggressive, posing a real threat to global businesses across all sectors. To reduce risks, leaders must urgently work with their IT teams to identify potential vulnerabilities, develop an action plan and make the investments needed to protect the value of their organization.” The study looks at how cyber trends have evolved since 2015. It also asks security professionals in the U.S., Europe, Middle East and North Africa to identify future trends over the next three years. ... Senior leadership are also seen as seemingly disengaged in the oversight of their organization’s cybersecurity strategy with 68% of CISO/IT executives surveyed saying their Boards are not being briefed on measures taken to prevent or mitigate the consequences of a cyberattack.
A well-implemented threat intelligence capability can help improve your organization's situational awareness, threat responsiveness and ability to detect threats. Market research firm Markets & Markets estimates the market for threat intelligence services will top $8.9 billion by 2022 from around $3.8 billion in 2017. Threat intelligence is available from a variety of sources and includes IOCs, malware hashes, listings of bad URLs and files, threat actor TTPs, incident reports, exploits and targets. You can get threat intelligence via free open source feeds, paid commercial services, from peer organizations, from sector-specific information sharing groups, even newsletters, emails and spreadsheets. In order to benefit from threat intelligence, you need to be able to operationalize it. That means you need to have systems and processes in place for consuming external threat intelligence and correlating it with data from your internal systems.
Developers love to tout their new favorite toy by saying it’s the “new standard” or “it’s quickly becoming the new standard.” Again, “standard” becomes a touchstone that’s meant to make everyone feel good about the choice. The word “new,” however, should raise the hair on the back of your neck. Standards don’t become standards without time. If something is “new” then it’s too early to know whether the crowds will gather behind the bandwagon or your company will be one of the few left out to dry. Developers of the “new standard” may be blowing all the right horns and lighting lots of fireworks, but we won’t know whether the parade will fall into line without time. That doesn’t mean developers don’t have good intentions when they tell you it’s a “new standard” that they’re hot to adopt. After all, this often means they are interested in abandoning or deprecating some old approach.
Quote for the day:
"Sprints must be long enough to complete Stories, but short enough so that the reqmts churn is slower than the Sprint length can accommodate." -- @JamesSaliba