Daily Tech Digest - September 24, 2018

10 signs you aren't cut out to be a cybersecurity specialist

ankarbistock-877825762.jpg
Closely related to a cybersecurity world in a constant state of change is the need to continuously learn and implement new and better protection strategies. The balance between the attackers and the cybersecurity specialist is in a constant state of flux, with battles going to the side with the better technical know-how. Is this environment, a cybersecurity specialist must be willing and able to learn and adapt to new ways of approaching security. If you have ever uttered the words, "But that is the way we have always done it," with any measurable sincerity, you may not be cut out for cybersecurity. ... Building on the pressures of chaotic change and continuous learning is the relentless pressure to keep an enterprise safe from intrusion. Cybercriminals and their orchestrated attacks on enterprise information technology infrastructure never rest, never take a day off. There is no respite from the stress of knowing your systems. The systems you are responsible for protecting are under constant attack.


For telecom, media, and entertainment companies, the key may be understanding how such a versatile technology can be applied directly to their businesses. There are now clear paths to implementation—and clear reasons to commit funding. To do so effectively can require an understanding of what blockchain really is and where it can add value. Is blockchain really necessary? After all, plenty of already-existing solutions aim to help telecom and M&E companies mitigate losses, streamline intercompany transactions, and open new strategic revenue opportunities. The answer likely lies with the technology’s strength in several areas: Blockchain is cryptographically secure, it automatically records events and transactions into an immutable and shared ledger, it can be built to execute rules, and it is a decentralized and distributed network of peers that all vote to majority validation of any changes. For the telecom industry, blockchain can manage and limit fraud, secure user identities, support next-generation network services, and help deploy IoT connectivity solutions.


Blockchain-Powered Ads To Disrupt Digital Marketing


The first thing that makes blockchain possible is the absence of any kind of central authority governing the policy. If there is no single source dictation value, then this value is consensual. With no authority capable of diminishing the value of a digital asset, its value is as high as we agree it to be. As of now, we are used to perceiving these scarce digital assets as money because it makes the most sense when we speak of a finite valuable entity. However, this concept reaches far beyond money. We are fine with replicated digital media and tend to tolerate even our own digital identities being duplicated across various platforms. Now imagine every single thing you produce or every datum shared being delivered in a manner where ownership is mathematically verified. This reshapes the concepts of ownership and property as we knew it. ... Ads have to guarantee customer satisfaction. They have only one shot on goal with no right to miss. If the ads do hit the spot, everything else about the product marketing has to be on point in order for the product to be effective.


3 Drivers Behind the Increasing Frequency of DDoS Attacks

In an increasingly politically and economically volatile landscape, DDoS attacks have become the new geopolitical tool for nation-states and political activists. Attacks on political websites and critical national infrastructure services are becoming more frequent, largely because of the desire and capabilities of attackers to affect real-world events, such as election processes, while staying undiscovered. ... DDoS attacks carried out by criminal organizations for financial gain also demonstrate cyber reflection, particularly for global financial institutions and other supra-national entities whose power makes them prime targets, whether for state actors, disaffected activists, or cybercriminals. While extortion on the threat of DDoS continues to be a major threat to enterprises across all vertical sectors, cybercriminals also use DDoS as a smokescreen to draw attention away from other nefarious acts, such as data exfiltration and illegal transfers of money.


Is predictive maintenance the 'gateway drug' to the Industrial IoT?

Is predictive maintenance the 'gateway drug' to the Industrial IoT?
According to Nelson, the drivers of IIoT growth vary by markets: “Oil companies and mining companies are looking at ways to reduce their costs and insulate themselves from commodity price fluctuations, utilities want to incorporate renewables, pharma and food manufacturers are building smarter supply chains and reduce the risk of recalls.” As that growth continues, the IIoT market is entering a new stage, Nelson said. ... While it’s easy to get distracted by shiny new IoT devices, enterprises know that infrastructure is often more important — and that’s even more true in the IIoT. Nelson explained it this way: “A smart thermostat might cut your power by 2 percent, or $150 a year. In comparison, a paper manufacturer that cuts energy by 1 percent could save $15 million. Likewise, increasing production by 1 percent can mean $1 million at a mine or metal processing facility.” Given the potential of the IIoT, I asked Nelson why the rise of IIoT remains overshadowed by consumer IoT? One reason, Nelson said, is the phenomenal success of consumer plays like Uber, Facebook, and the iPhone.


5 key lessons for organizations still struggling with GDPR

The new legislation enhances an individual’s right with regards to their persona data. One of these rights is the right of erasure (right to be forgotten) – i.e. to request that a company erases the data it holds on them. And, since this needs to happen within a reasonably short timeframe, on receipt of a request, it is important that you know where data is stored in your processes, and you have a procedure in place to delete that data so that you can respond quickly and efficiently. A lot of commonly used business software does not support the selective deletion of data, so this will be a good time to have a discussion with your IT people to see if, and how the right of erasure can be supported. To avoid potential fines and reputational damage for non-compliance, you may also need to introduce automated workflows for triggering and confirming the erasure of data from multiple internal and external systems. There are several good products on the market that will support workflow management, and some will even create a webpage for your clients to exercise their rights.


What is a data lake? Flexible big data management explained

What is a data lake? Flexible data management explained
A data lake holds a vast amount of raw, unstructured data in its native format, whereas the data warehouse is much more structured into folders, rows, and columns. As a result, a data lake is much more flexible about its data than a data warehouse is. That’s important because of the 80 percent rule: Back in 1998, Merrill Lynch estimated that 80 percent of corporate data is unstructured, and that has remained essentially true. That in turn means data warehouses are severely limited in their potential data analysis scope. Hiskey argues that data lakes are more useful than data warehouses because you can gather and store data now, even if you are not using elements of that data, but can go back weeks, months, or years later and perform analysis on the old data that might have been otherwise discarded. A flexibility-related difference between the data lake and the data warehouse is schema-on-read vs. schema-on-write. A schema is a logical description of the entire database, with the name and description of records of all record types.


For Hackers, Anonymity Was Once Critical. That’s Changing.

A number of Defcon attendees, citing various concerns about privacy, still protect their identities. Many conceal their real names, instead using only pseudonyms or hacker aliases. Some wear fake beards, masks or other colorful disguises. But new pressures, especially for those who attend Defcon, seem to be reshaping the community’s attitudes toward privacy and anonymity. Many longtime hackers, like Ms. Sell and Mr. Wyler, have been drawn into the open by corporate demands, or have traded their anonymity for public roles as high-level cybersecurity experts. Others alluded to the ways in which a widespread professionalization and gamification of the hacking world — as evidenced by so-called bug bounty programs offered by companies like Facebook and Google, which pay for hackers to hunt for and disclose cybersecurity gaps on their many platforms — have legitimized certain elements of the culture.


Better security needed to harness the positive potential of AI

security positive potential ai
“Enterprises must make the needed investments in well-trained staffs capable of putting AI safeguards in place,” said Rob Clyde, ISACA Board Chair. “As AI evolves—consider the likely proliferation of self-driving vehicles, or AI systems designed to reduce urban traffic—it will become imperative that enterprises can provide assurance that the AI will not take action that puts people in harm’s way.” In addition to today’s common uses for AI, such as virtual personal assistants and fraud detection, there are high hopes that AI and machine learning have the potential to cause major breakthroughs across various industries, including helping to accelerate medical research, improving crop yields and assisting law enforcement with cases. These advancements, though, are unfolding so quickly that it often is challenging for organizations to develop the expertise needed to put safeguards in place to account for security vulnerabilities and ethical implications.


Freelance workers targeted in new malware campaign

Freelancers, casual workers, and international contractors often rely on emails and communication over the Internet not only to retain relationships with employers but also to find and secure new opportunities. As a result, emailed communication and document attachments are commonplace. Unfortunately, it is this standard practice that cybercriminals are now targeting. MalwareHunter Team's campaign email examples do not appear suspicious. They ask the intended victim to check an attached document and then get back to the attacker with a "cost and time frame." However, a keen job hunter in one case on Fiverr opened the document and discovered that the file was malicious. In another example on Freelancer, the cybercriminal sent over "My details.doc," which also contained malware. In the latter example, the intended victim had an antivirus solution installed and so the infection was detected. The security researcher says "dozens of people" have been contacted this way on the platforms.



Quote for the day:


"You cannot always control what goes on outside. But you can always control what goes on inside." -- Wayne Dyer