Daily Tech Digest - April 24, 2018

The Importance Of EA for Business Transformation: Lessons Learned

In short, managing uncertainty is a necessity. Despite all the turbulence created by digital disruption, we believe that EA is mandatory for becoming a pioneer of innovation and a critical enabler of business vision. The main driver of this is that business reality is changing, and therefore IT needs to change. And EA practices need to reflect this change as well. Organizations that support Business Architecture as an integral part of EA have a significantly higher ability to execute on their corporate strategy because they have a clear understanding of the strategy and its impact on business and IT – and therefore have guidance to drive delivery. Enterprise Architects that deliver the highest business value and outcomes to their organization are those that focus on understanding the impact of major trends and opportunities on their business ecosystem, not just their own business. SKF IT uses Business and Enterprise Architecture to gain business insight and increase the relevance of IT.

Study Reveals Hottest Trends in Industrial IoT

Study Reveals Hottest Trends in Industrial IoT TechNative
Any time automation is mentioned, concerns about jobs are raised. While disruptive technology will affect job markets, it’s also leading to increased demand for talent, as AI and machine learning provide valuable information that must be carefully interpreted. When asked, CEOs around the globe discuss how critical talent is for remaining competitive, and demand will fuel higher salaries as companies compete for the best talent available. In the US, for example, over 80 percent of manufacturers claim to have difficulty finding qualified talent. Furthermore, 3.5 million jobs across the globe are likely to be created, leading to an increasing skills gap. New technology provides valuable opportunities for manufacturing and other fields, but it’s also placing pressure on C-level executives, as the cost of this new technology will demand responses for companies to remain viable. Executives will need to ensure they properly understand these new technologies and how they affect their segments, and they’ll need to uncover problems promptly to avoid being undercut by competitors.

Threat Actors Turn to Blockchain Infrastructure to Host & Hide Malicious Activity

Because blockchain top-level domains such as .bit are not centrally managed and have DNS lookup tables shared across a peer-to-peer network, takedown efforts become much more difficult. "When an individual registers a .bit — or another blockchain-based domain — they are able to do so in just a few steps online, and the process costs mere pennies." Domain registration is not associated with an individual's name or address but with a unique encrypted hash of each user. "This essentially creates the same anonymous system as Bitcoin for Internet infrastructure, in which users are only known through their cryptographic identity." Criminal interest in cryptocurrency-related topics are not new. As FireEye notes, threat actors have been exploring the possibility of leveraging the unique properties of blockchain technology to support malicious operations since at least 2009. One example is malicious actors' interest in Namecoin, a Bitcoin code-based cryptocurrency that allows pretty much anyone to register and manage domain names with the .bit extension. 

Next generation of SCADA industrial controls will protect against cyber attack

Industrial control systems – known as supervisory control and data acquisition (SCADA) systems – which are used to control valves, motors and other industrial processes, are frequently based on technology that pre-dates the internet, and can be vulnerable to attack in modern control systems which transmit and receive data over the internet. But large oil and manufacturing companies are working on plans to replace existing control system infrastructure with lower-cost alternatives that promise greater security against cyber attacks on control devices connected to the industrial internet of things which links millions of internet-connected industrial devices. The project, co-ordinated by the Open Process Automation Forum, part of independent standards organisation The Open Group, aims to help oil and gas and process companies break free from manufacturer-specific industrial control systems, which are expensive to maintain and upgrade and difficult to patch to protect against the latest security vulnerabilities.

Spring Has Splunk'd: Announcing New & Expanded Artificial Intelligence Capabilities

Reports claim AI is shaping the latest in consumer tech and also threatening future job growth. All of this is in the absence of a widely accepted definition of the term. Those of us dedicated to enterprise software are presented with a critical opportunity to move beyond the buzz. I’m excited to lead Platform marketing at Splunk, a company that has, for a decade, invested heavily in machine learning (ML)—predictive analytics, data clustering, and anomaly detection—which is a subset of artificial intelligence. Our customers—Hyatt, Recursion Pharmaceuticals, and TransUnion to name a few—rely on Splunk AI and ML to deliver actionable performance, productivity, and security benefits that map their real-world IT, security and business needs. Artificial intelligence through machine learning is integrated across our portfolio. AI through ML is embedded in our premium solutions (Splunk ITSI and Splunk UBA) for specific IT and security use cases. We also offer a customizable solution, Splunk Machine Learning Toolkit (MLTK)—applicable for a broad variety of use cases—within Splunk Cloud and Splunk Enterprise.

Nurses want to use IT, but are held back by barriers

“Poor connectivity when mobile working hinders information technology from being used to best effect,” the report said. “Systems fail to update and/or synchronise, programmes used for recording information fail to load and systems crash. This leads to nurses having to use paper-based methods of recording information and duplicating this onto IT systems back at base.” Another challenge is the cost of good IT systems. NHS organisations often work on yearly budgets, whereas the return on investment (ROI) of implementing digital systems is usually more long-term. “The ‘up-front’ cost of IT in a tight financial climate serves to increase the risks of waste if technology is not fully used,” the report said. “Systems are prone to crashing and are slow, leading to frustration and compelling community nurses to work from paper.” Some of the nurses surveyed also highlighted concerns that the use of IT took away from time spent with the patient, and that they often felt like the use of technology has “detracted from the role of being a nurse”.

Tech support scams are on the rise, up 24%, warns Microsoft

Tech support scams are up 24%, warns Microsoft
Not all of those scams were cold calls from fake tech support; some started at random websites that had a popup warning about detecting fake threats or fake error message popups. Other social engineering attacks started in email campaigns where the user would click on a URL or open a malicious attachment; once malware is on a computer, it can make system changes or flash fake error messages with a number to call to fix the problem. Scammers continue to resort to these tactics because they work so well to scare the pants off non-tech-savvy users. Of the 153,000 tech support scams reported to Microsoft, 15 percent of victims admitted to losing money in the scam. While most paid between $200 and $400 for the fake problems to be “fixed,” one scammer managed to drain the bank account of a user in the Netherlands. That poor person lost €89,000, which is about $108,838.54. For anyone wondering how a scammer managed to empty the victim’s bank account, Oregon’s FBI explained that some victims of tech support scammers first received a notification about a refund after overpaying for a previous tech support incident.

5 key enterprise IoT security recommendations

5 key enterprise IoT security recommendations
Not so long ago, the phrase “consumerization of IT” was on everyone’s lips. Whole publications and conferences (remember CITE, for Consumerization of IT in the Enterprise?) were created to chronicle the trend of corporations relying on products and services originally created for consumers — which was often easier to use and of higher quality than its business-oriented competitors. ... It turns out that in addition to the “enterprise grade” Internet of Things (IoT) devices they buy, corporate IT teams also have to deal with “consumer-grade” devices that may enter the company via a variety of channels, from non-IT company purchases to staff members bringing them in on their own. Examples include smart TVs, thermostats, smart speakers, fitness trackers, video cameras … basically anything connected to the company network that isn’t a computer, a phone, or a router. Not surprisingly, these devices often lack the comprehensive security features more commonly found on IoT products designed for enterprise use. Worse, perhaps, IT teams may not even be aware that these devices are being connected to their networks, much less be able to plan for their security.

'Death to JavaScript!' Blazor, for .NET Web Apps Using WebAssembly, Goes Alpha

Instead of a heavy dependence on JavaScript, notorious for its complex ecosystem, the new .NET Web framework lets developers use C#, Razor and HTML to create Web apps, with the help of WebAssembly, a low-level assembly-like language that serves as a compilation target for higher-order languages, including C, C# and C++. Razor is "an ASP.NET programming syntax used to create dynamic Web pages with ... C# or Visual Basic .NET." All those technologies combine to form Blazor, which we first reported on when a developer asked Microsoft's Scott Hanselman if the company was working on .NET targeting WebAssembly "so that we can get delivered from the insanity of JavaScript." The answer was "yes," and that answer has been realized in the first public preview. "Blazor enables full stack Web development with the stability, consistency, and productivity of .NET," Microsoft's Daniel Roth announced in a post yesterday. "While this release is alpha quality and should not be used in production, the code for this release was written from the ground up with an eye towards building a production quality Web UI framework."

Optimizing web apps with the Sonarwhal linter

The heart of Sonarwhal is its rule set. These contain the tests it applies to your website, and you can turn them on and off or adjust severity in its configuration files. The default configuration offers a selection of rules, so you can choose to test HTTP options, as well as HTML, site security, and support for PWA functions. Many of the tests require a deep knowledge of web server capabilities as well as HTML and JavaScript. However, once you’ve tested a site, the report data can help tune content and server for the best, and most secure, performance. Results arrive in any of several formats. One option gives you the data in a raw JSON format, ideal for use in other applications. While JSON isn’t human-readable, other options show summaries, a list of specific code issues, or a table of error data. You can even drop result data in an Excel spreadsheet. The formatter model is extensible, so you can create your own and offer them to other users.

Quote for the day:

"Speak when you are angry, and you'll make the best speech you'll ever regret." -- Laurence Peter

No comments:

Post a Comment