Daily Tech Digest - April 18, 2018

Study Suggests Lack of Analytical Capability is Slowing IoT Adoption


IoT data is of no use if it isn’t analyzed appropriately, and descriptive analysis is essential for gaining a more granular view of specific processes. Prescriptive analysis matters as well; creating a strong feedback loop to optimize and even automate data analysis can create a much more powerful system. Artificial intelligence can be a cornerstone technology. Predictive capabilities are key to maximizing IoT resources, and effective IoT management involves recognizing patterns and responding accordingly. The power of IoT devices comes with a risk: Security. Capgemini stresses the importance of ground-up security investment, as a flawed architecture will always present certain risks even if it’s patched and monitored. ... Other components of a company’s resources need to be secured as well, but it’s important to recognize the unique nature of IoT devices and implement appropriate solutions instead of trying to fold IoT devices underneath a broader, but incompatible, security umbrella.


Using intelligence to advance security from the edge to the cloud

Security increasingly is a team sport not only within an enterprise but across the customer network. Intelligence data, in particular, gets better with additional signals coming in, and so we’re increasing the ability for customers and partners to collaborate with us, with one another and with their own customers. Today we’re announcing the preview of a new Microsoft Graph security API for connecting to Microsoft products powered by the Microsoft Intelligent Security Graph. The new security API provides an integration point that allows technology partners and customers to greatly enhance the intelligence of their products to speed up threat investigation and remediation. Already, leading companies like Palo Alto Networks, PwC and Anomali are exploring the security API for their own solutions. And because we’re committed to collaborating with customers and partners to enable integration between Microsoft’s security technology and the broader ecosystem, we are also announcing the new Microsoft Intelligent Security Association.


Security budgets up, but talent scarce, says Isaca


The data also shows that gender disparity can be mitigated through effective diversity programs. In organisations with a diversity program, men and women are much more likely to agree that men and women have the same career advancement opportunities. Some 87% of men said they have the same opportunities, compared with 77% of women. Another positive finding is that security managers are seeing a slight improvement in the number of qualified candidates. Last year, 37% said fewer than 25% of candidates for security positions were sufficiently qualified. This year, that number dropped to 30%. Budgets are also increasing, with 64% of respondents indicating that security budgets will increase this year, compared with 50% last year. “This research suggests that the persistent cyber security staffing problem is not a financial one. Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organisations critically need,” said Isaca CEO Matt Loeb.


Cryptographers spank blockchain, social media

Marlinspike said blockchain's distributed nature can show value, but he said the problem is that there are not many apps where distributed is valued. "The consumer space sees zero value," he added, noting that blockchain reminds him of the peer-to-peer crazy in the early 2000s. "There were a lot of people with a lot of enthusiasm and ideas about a lot of great things, but it was not very sound." Marlinspike had similar feelings on social media, which he said has suffered a substantial perception hit in the past year. "The utopian narratives of connecting the world and organizing information is coming to an end.," he said. "Across all contexts and political spectrums, people are seeing social technology less as a hopeful tool for a brighter, better tomorrow and more like weapons everyone simultaneously thinks are in the wrong hands." He said this has direct consequences on society and things people are doing [at RSA] and what people and thinking in the worlds of privacy and cryptography."


Technology doesn’t mean you can forget the basics of customer service


Whether you step into a store, or order your shopping online, you expect a level of personalisation. No individual, or customer, is the same and should not be treated with the same manner, temperament and style of service. 66% of all consumers say they’re extremely or somewhat likely to switch brands if they feel like they’re treated like a number rather than an individual. With the explosion of data and digital interactions, customers now expect a more tailored service. One example of a company that aims to deliver this highly personal experience is Atom Bank, which lets customers design their own user interface when signing up to an account – whether that’s a brand logo, colour scheme or name. Speaking of this strategy, the bank has stated that “no one should have exactly the same experience of Atom”. This example, combined with plans to let customers access accounts through biometrics, perfectly showcases how some brands are making completely digital interactions as personal as if you were dealing with them face to face.


Stresspaint Malware Campaign Targeting Facebook Credentials

On April 12, 2018, Radware’s threat research group detected malicious activity via internal feeds of a group collecting user credentials and payment methods from Facebook users across the globe. The group manipulates victims via phishing emails to download a painting application called ‘Relieve Stress Paint.’ While benign in appearance, it runs a malware dubbed ‘Stresspaint’ in the background. Within a few days, the group had infected over 40,000 users, stealing tens of thousands Facebook user credentials/cookies. This rapid distribution and high infection rate indicates this malware was developed professionally. The group is specifically interested in users who own Facebook pages and that contain stored payment methods. We suspect that the group’s next target is Amazon as they have a dedicated section for it in the attack control panel. Radware will continue to analyze the campaign and monitor the group’s activity. Prior to publication of this alert, Radware has detected another variant of the malware and saw indication of this new version in the control panel.


Chatbots are dead. A lack of AI killed them.

chatbot.jpg
While Bloch is right to say that "No one can point to a chatbot that 'all your friends were using'" as "Such a thing simply never existed," once upon a time many pundits pointed to chatbots as the future of commerce, social, and just about everything else. Chatbots were one of the big themes of Mobile World Congress 2017, with the conference organizers summarizing the buzz from main stage and hallway conversations thus: "There was overwhelming acceptance at the event of the inevitable shift of focus for brands and corporates to chatbots (often referred to as 'conversational commerce'), reflecting the need for brands to go where consumers are, even if many companies remain uncertain at this stage of the eventual outcome." While they went on to acknowledge that "the true potential of chatbots will require further advances in AI and machine learning," the people behind the industry's biggest mobile event felt the only significant question around chatbots had to do with who would dominate, and not whether chatbots would take off: "Will a single platform emerge to dominate the chatbot and personal assistant ecosystem?"


Five Surprising Reasons to Invest in Better Security Training

A businesswoman training colleagues in a meeting room.
Seventy-one percent of attacks against healthcare companies fall into this category, while 58 percent of incidents in financial services, the most-attacked sector, originate from insiders. The majority of these insiders are inadvertent actors — mostly employees who were tricked into initiating the attacks. These numbers expose the inadequacy of today’s normal training programs. They’re not frequent, memorable or thorough enough. In other words, they’re not working. The bottom line is that training has not kept up with the evolution of cyberthreats or their remedies. That’s why it’s more important than ever to implement the best possible tools to protect sensitive data. But decision-makers must remember that even the best software cannot stop all threats. For example, any employee with access to any phone anywhere at any time is potentially vulnerable to social engineering. The reality of bring-your-own-device (BYOD) environments is that employees may be connecting to company resources at all hours and exposing their devices to threats in arbitrary locations and over insecure networks. 


IoT devices could be next customer data frontier


Finally we, have sensors like iBeacons sitting in stores, providing retailers with a world of information about a customer’s journey through the store — what they like or don’t like, what they pick up, what they try on and so forth. There are very likely a host of other categories too, and all of this information is data that needs to be processed and understood just like any other signals coming from customers, but it also has unique characteristics around the volume and velocity of this data — it is truly big data with all of the issues inherent in processing that amount of data. The means it needs to be ingested, digested and incorporated into that central customer record-keeping system to drive the content and experiences you need to create to keep your customers happy — or so the marketing software companies tell us, at least. ... Regardless of the vendor, all of this is about understanding the customer better to provide a central data gathering system with the hope of giving people exactly what they want. We are no longer a generic mass of consumers.


DDoS attacks cost up to £35,000


The research also highlights the growing complexity of DDoS attacks, and their capacity to act as a distraction for more serious network incursions. The majority of those surveyed (85%) believe that DDoS attacks are used by attackers as a precursor or smokescreen for data breach activity. In addition, 71% reported that their organisation has experienced a ransom-driven DDoS attack. “A DDoS attack can often be a sign that an organisation’s data is also being targeted by cyber criminals. As demonstrated by the infamous Carphone Warehouse attack, DDoS attacks can be used as a smokescreen for non-DDoS hacking attempts on the network,” said Stephenson. “Hackers will gladly take advantage of distracted IT teams and degraded network security defences to exploit other vulnerabilities for financial gain. Considering the huge liability that organisations can face in the event of a data breach, IT teams must be proactive in defending against the DDoS threat, and monitor closely for malicious activity on their networks,” he said.



Quote for the day:


"To have long term success as a coach or in any position of leadership, you have to be obsessed in some way." -- Pat Riley