Daily Tech Digest - April 21, 2018

IoT Security Concerns Peaking - With No End In Sight


While IoT security has been criticized over the past few years, IoT device privacy is another rising pain point highlighted at RSAC, particularly with the rise of voice assistant devices such as Amazon Echo and Google Home. “One issue we found with these [IoT] devices is that it might not be a vulnerability – it might be that we’re oversharing data,” said Anscombe. In the case of the IoT scales, these scales could be connected with Amazon Alexa so that data stores various interactions between the scale and the user – a “cybercriminal’s dream,” said Anscombe. Despite the various security issues with IoT devices, significant steps still need to be taken from both IoT device manufacturers and the end users themselves to ensure device security. IoT device manufacturers, for their part, see security as a costly alternative to other factors that small, low power connected devices need. For instance, said Marc Bown, senior director of security at Fitbit, many connected device manufacturers would prefer to use low power, cheaper chips as opposed to ones that come with higher levels of security.



How Blockchain Could Put an End to Identity Theft

With blockchain-based Decentralized Identifiers (DiDs), individuals could regain complete control of their data. DiDs are basically a secret URL (which actually stands for Uniform Resource Locator) stored on a blockchain ledger, with each being assigned to the different parts of a user’s identity, such as their name, birthdate, and Social Security number. Using a digital wallet app on their smartphone or desktop, users have the power to temporarily grant access to the DiDs of their choosing. For example, when you sign up for a new app today, you typically have to share your name, email address, and other basic information. With DiDs, the process is faster and more secure. The app shows a QR code, you scan it, your digital wallet app automatically transfers your relevant DiDs over the blockchain, and the app grants access. The changing parts of our identity, like phone numbers, job titles, and home addresses, further complicate individual privacy because it is possible for a single identifier to become associated with more than one person at different times. 


Avoiding the IOT ‘Twister’ Business Strategy


Business stakeholders make isolated IOT product decisions because of the compelling ROI from the perspective of that particular business unit. However, the IOT solution vendor is motivated to sell the solution to other business units and that’s when the scalability problems start because many IOT solutions don’t scale. Scalability” refers to the ability to expand without running into obstacles that increase the per-unit costs of doing business, the ability to increase production inputs by a certain percentage, and get an equal percentage increase in output. However, most organizations want more than just “linear scalability”; these organizations want to leverage “economies of scale” to drive down incremental or marginal costs. Economies of scale arise when there is an inverse relationship between the quantity produced and per-unit fixed costs; i.e. the greater the quantity of goods produced, the lower the per-unit fixed cost because costs are spread over a larger number of goods. Economies of scale reduce variable costs per unit via operational efficiencies and synergies



This malware will take screenshots, steal your passwords and files

Named 'SquirtDanger' after a dynamic-link library (DLL) file consistently served by its distribution servers, the malware is written in C Sharp and has multiple layers of embedded code. The malware is set up to perform its tasks on an infected PC every minute in order to hand the attacker as much information as possible. Uncovered by Palo Alto Networks Unit 42 researchers, the malware has infected individuals and organisations around the world, including a Turkish university, an African telecommunications company and a Singaporean internet service provider. Given SquirtDanger is for sale for any user who wants to buy it, so no specific industry is under attack. But those who do opt to make use of it have a large box of malicious tricks at their disposal. Attackers gain access to a wide variety of functions through the malware, including taking PC screenshots, sending, downloading and deleting files, and stealing passwords. Other functions include swiping directory information and potentially taking the contents of cryptocurrency wallets using switch tactics similar to those found in ComboJack malware.


Three ways the Internet of Things and the GDPR will impact Third Party Risk


The IoT rests on the use of the data that IoT devices generate to shape additional engagement. For example, a television that is IoT enabled will create data around what is being viewed and when. For the user, this could be valuable – the device could suggest programming, or automatically record things it knows its users watch. This data could also be combined with information from other sources – area social-economic data, for example – to create a generic user profile for a neighborhood. This data could then be sold to marketing companies keen to better understand the dynamics of their audience. A TV manufacturer who didn’t get user permissions correct was recently fined in the US for doing just this. For some opportunities, organizations may wish to partner with third parties – for example, if delivering a new service that is related to a product but not in an area of core competency. An example of this might be a concierge service for a car based on the data the car was sending back via the IoT. Other organizations may vertically integrate or evolve, acquiring new types of operations to help grow an IoT-based offering. Such expansion will most likely bring it into relationship with new third parties too.


Cisco Extends Its Intent-based Networking to IoT

Cisco is working on three areas in IoT. The first is an Identity Service Engine (ISE) software that will help enterprises recognize devices when those devices connect to the network, and report detailed information about those devices such as the manufacturer, model number, and what software is installed on the device. In the latest ISE upgrade, Cisco said it has doubled the number of IoT device and user device groups that can be classified and identified including those that use industrial protocols like BACNet, Profinet, CIP, and Modbus. The ISE 2.4 software is available today. The second area is software-defined access (SD-Access), which Cisco is extending to enterprises with distribution centers, manufacturing plants, or warehouses. SD-Access is basically a new model for network administrators to use to automate access and management of devices. According to Shenoy, an IoT gateway agency will take information from devices and create a set of profiles. Those profiles determine what device gets access to what information. SD-Access then takes those profiles and matches them with users.


Future Factory: How Technology Is Transforming Manufacturing


3D printing is already a staple in any design studio. Before ordering thousands of physical parts, designers can us 3D printing to see what a future product looks like. Similarly, robotics is automating the physical process of trial-and-error across a wide array of verticals. In R&D for synthetic biology, for example, robotics making a big impact for companies like Zymergen and Ginkgo Bioworks, which manufacture custom chemicals from yeast microbes. Finding the perfect microbe requires testing up to 4,000 different variants concurrently, which translates to lot of wet lab work. Using automatic pipette systems and robotics arms, liquid handling robots permit high-throughput experimentation to arrive at a winning combination faster and with less human error.  Below is the robot gene tester Counsyl (left), used for transferring samples, and Zymergen’s pipetting robot (right) for automating microbe culture testing.


How complexity, multicloud sprawl, and need for maturity hinder hybrid IT


For the short term, I would say everyone. It’s not as simple as it has been in the past where we look to the IT organization as the end all, be all for all things technology. As we begin talking about different consumption models—and cloud is a relatively new consumption model for technology—it changes the dynamics of it. It’s the combination of changing that consumption model, but then there’s another factor that comes into this. There is also the consumerization of technology, right? We are “democratizing” technology to the point where everyone can use it, and therefore everyone does use it, and they begin to get more comfortable with technology. It’s not as it used to be, where we would say, “OK, I'm not sure how to turn on a computer.” Now, businesses may be more familiar outside of the IT organization with certain technologies. Bringing that full circle, the answer is that we have to look beyond just IT. Cloud is something that is consumed by IT organizations. It’s consumed by different lines of business, too. It’s consumed even by end consumers of the products and services. I would say it’s all of the above.


2018: The ‘Year of AI and Machine Learning’ for Financial Marketers

Making matters worse, the vast majority of these consumers engage with one of your well-trained customer service representatives less than they ever have in the past. Bottom line, financial marketers have their work cut out for them. The only viable and potentially scalable solution is content that is so personalized and relevant that it’s impossible to ignore. We need to look for ways to communicate to an ‘audience of one,’ using artificial intelligent (AI) systems that constantly work in the background to enhance every step of the customer journey. We need to leverage new tools that were previously only available to the very largest companies with huge support staffs. True personalization at scale requires advanced analytics, which is why banks and credit unions of all sizes are using AI and machine learning to customize all components of the marketing mix. Your marketing team can no longer postpone using AI-powered solutions in your content development, offer selection, segmentation and targeting, website integration, customer service/support, product pricing and churn management.


Why Artificial Intelligence Roles Need Cross-Over Skillsets

Employers hand measuring potential skills of employees standing in line with a ruler
The report has a very specific focus through. It outlines what the authors believe are the opportunities for the United Kingdom in an AI-driven world and what the UK government needs to do to turn the workplace change to the advantage of its citizens. It is, in fact, a thought provoking and enlightened report that treats AI not as a problem to be overcome, but as a technology that future-looking workers should embrace and can use to their own advantage. “It [AI] is a tool which is already deeply embedded in our lives. The prejudices of the past must not be unwittingly built into automated systems, and such systems must be carefully designed from the beginning. Access to large quantities of data is one of the factors fueling the current AI boom,” the report reads. It also warns that the builders of AI driven applications need to take heed to make sure their machines are accessible to everyone. The report warns, “Companies and organizations need to improve the intelligibility of their AI systems. Without this, regulators may need to step in and prohibit the use of opaque technology in significant and sensitive areas of life and society.”



Quote for the day:


"All journeys have secret destinations of which the traveler is unaware." -- Martin Buber