Daily Tech Digest - September 28, 2018

7 Most Prevalent Phishing Subject Lines

(Image: Amy Walters - stock.adobe.com)
People are curious and they want to help, he continues, and it's these two qualities that make them susceptible to phishing attacks. When they do fall for scams, most employees are quick to realize it. "I'm really busy," "I missed that," "I should've caught that email," are all commonly heard phrases from victims who have opened malicious emails and realized they did wrong. "No matter how much technology you put in place to block them, stuff always gets through," Hayslip adds. Webroot recently scanned thousands of phishing emails from the past 18 months to learn more about the trends around common subject lines designed to trick targets. Hayslip presented the findings to about 100 fellow CISOs around the country and learned "almost everybody's seeing the same thing," he says. Financially related messages and notions of urgency are commonly seen in phishing emails, albeit under different subject lines. John "Lex" Robinson, cybersecurity strategist at Cofense echoes Hayslip's sentiments and says attackers are getting better and better at understanding the context of the emails they're sending and who they're targeting.


Agile IT held back by legacy tech and legacy budgeting


“Re-architecting and integrating applications is difficult work, and for many CIOs, this barrier is best overcome by seeking outside help and bringing in skilled application remediation experts from a third party,” the report said. A big majority of organisations (87%) say legacy applications are slowing their journey to creating an agile workspace, with the main causes cited as cost of re-architecting or transforming applications (68%), disruption to the user experience (43%), and a lack of in-house skills to modernise applications (36%). Evolving alongside this application challenge has been the shift towards cloud computing, with organisations looking to software-as-a-service (SaaS) applications to increase workspace agility. However, only 25% of organisations think SaaS applications meet their requirements, and this figure drops to 17% in mid-size organisations. Overall, 84% of organisations say an inability to roll out new services and applications to their workforce quickly is affecting business competitiveness.


Blockchain Applications That Are Transforming Society

Primitive forms of smart property exist. Your car-key, for instance, may be outfitted with an immobilizer, where the car can only be activated once you tap the right protocol on the key. Your smartphone too will only function once you type in the right PIN code. Both work on cryptography to protect your ownership. The problem with primitive forms of smart property is that the key is usually held in a physical container, such as the car key or SIM card, and can’t be easily transferred or copied. The blockchain ledger solves this problem by allowing blockchain miners to replace and replicate a lost protocol. ... Any material object is a ‘thing.’ It becomes an internet of things (IoT) when it has an on/ off switch that connects it to the internet and to each other. By being connected to a computer network, the object, such as a car, become more than just an object. It is now people-people, people-things, and things-things. The analyst firm Gartner says that by 2020 there will be over 26 billion connected devices. Others raise that number to over 100!


Quantum Computing: Why You Should Pay Attention


Typical computers rely on bits, which are represented by ones and zeros. Using just these two numbers, our computers can solve any arithmetic questions and have excellent logic capabilities. Quantum computers, on the other hand, replace bits with quantum bits, or qubits. Unlike their binary counterparts, qubits can exist as both ones and zeros at the same time, in a so-called superposition. This isn’t an analogy: According to the most common interpretation of quantum mechanics, qubits are actually ones and zero simultaneously. With this capability, qubits are able to solve certain problems that are computationally expensive using binary arithmetic and logic in far fewer steps, and some problems can be solved with just a single step. Although the very concept of quantum computing sounds outlandish, devices are being developed by tech giants including Intel and Google, and Microsoft is already unveiling toolkits for developing software for quantum computers.


What Is Reinforcement Learning - A Simple Explanation & Practical Examples


Similar to toddlers learning how to walk who adjust actions based on the outcomes they experience such as taking a smaller step if the previous broad step made them fall, machines and software agents use reinforcement learning algorithms to determine the ideal behavior based upon feedback from the environment. It’s a form of machine learning and therefore a branch of artificial intelligence. Depending on the complexity of the problem, reinforcement learning algorithms can keep adapting to the environment over time if necessary in order to maximize the reward in the long-term. So, similar to the teetering toddler, a robot who is learning to walk with reinforcement learning will try different ways to achieve the objective, get feedback about how successful those ways are and then adjust until the aim to walk is achieved. A big step forward makes the robot fall, so it adjusts its step to make it smaller in order to see if that's the secret to staying upright. It continues its learning through different variations and ultimately is able to walk.


Organisations are beginning to find cyber threats more effectively

Organisations are beginning to find cyber threats more effectively image
“Threat hunting is part of nonstandard security operations. It’s a good combination of threat intelligence and hypothesis generation based on likely and probable locations of intrusions into a network. Once an organisation begins consuming threat intelligence, natural hunting begins to take place,” said Robert M. Lee, SANS certified instructor and co-author of the report. Rob T. Lee, co-author and curriculum lead for digital forensic and incident response training, SANS Institute added: “One of the most notable highlights of the 2018 survey is that it demonstrates a more accurate use of threat hunting in many organisations. This change in threat hunting practices has increased since the last survey in 2017, which showed many organisations typically were hunting incorrectly through traditional intrusion detection. In this year’s survey, many more organisations were using proper threat intelligence to help identify the best locations inside an organisation’s network to look for anomalistic behaviours that are direct indicators of threats.”


“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security

russian hacking us election  putin voting fraud hacked
Humans are really bad at assessing risk. We tend to fixate on catastrophic but unlikely occurrences—like terrorism, for example—while ignoring mundane risks that cause cumulative harm such as eating poorly, or not maintaining bridges, or failing to save for retirement. This difficulty in assessing and responding to risk is especially pronounced in information security, where non-technical people, in particular, find themselves forced to choose between extreme paranoia (and thus, a defeatist attitude) and unrealistic optimism ... Mitigations that improve, but by definition do not perfect, security are worth nothing if we are not able to calibrate our trust to the level of security they provide. I trust that the lock on the front door to my apartment is good enough to withstand all but the most determined attacks. But if someone with a battering ram, explosives, or a talented black bag team want to get into my apartment, I know that I can't prevent intrusion by those kinds of attackers. Nevertheless, I don't stay awake at night obsessing over unlikely threats or threats I cannot defend against.


Analytics Translator – The Most Important New Role in Analytics


The role of Analytics Translator was recently identified by McKinsey as the most important new role in analytics, and a key factor in the failure of analytic programs when the role is absent. As our profession of data science has evolved, any number of authors including myself has offered different taxonomies to describe the differences among the different ‘tribes’ of data scientists. We may disagree on the categories but we agree that we’re not all alike. Ten years ago, around the time that Hadoop and Big Data went open source there was still a perception that data scientists should be capable of performing every task in the analytics lifecycle.  The obvious skills were model creation and deployment, and data blending and munging. Other important skills in this bucket would have included setting up data infrastructure. And finally the skills that were just assumed to come with seniority, storytelling, and great project management skills. Frankly, when I entered the profession, this was true and for the most part, in those early projects, I did indeed do it all.


Shell CTO Yuri Sebregts talks about using AI to amplify the human impact of its workforce


As well as the predictive maintenance project, the company has also created a service called Machine Vision using Azure-based deep learning technologies that combines CCTV footage with internet of things devices to alert employees at its service stations to potential safety hazards occurring on the forecourt in real time, such as someone lighting a cigarette or driving erratically close to a petrol pump. There is also potential for this technology to be applied in a stocktaking context in Shell’s warehouses and petrol stations, says Sebregts, so that staff can intervene and replenish suppliers, as and when needed. Beyond its retail sites, robotics is already commonly used to install equipment in offshore environments where it would be hazardous and impossible to send humans, and Sebregts also sees potential for AI to enhance how that work is carried out in future.


How Data Security Improves When You Engage Employees in the Process

A great example of inclusive programming is anti-phishing training, which teaches employees to identify fraudulent attempts to obtain sensitive information electronically, often for malicious reasons, under the guise of a trustworthy source. In order for this training to be successful, employees must learn how to make choices when they receive potential phishing emails. Experiential training with real-world simulations — where employees build their knowledge base and ability to make choices in the moment, as it relates to them and their learning style — has proved to be effective. According to the research from Herman Miller Learning Pyramid, learning by doing yields a 75% knowledge retention rate compared with 5% relying on lectures. Giving employees a choice of password management software to use to achieve company security may also foster an environment of partnership versus rigid control.



Quote for the day:


"The leader has to be practical and a realist, yet must talk the language of the visionary and the idealist." -- Eric Hoffer