Human nature is a funny thing, and often has little to do with rational decision making. In 2008, the global economy descended into crisis, for a while it felt as if capitalism itself was tottering. The Queen of England famously asked: “Why didn’t anyone see it coming?” Actually, many did. But as a whole, economists and politicians who warned of a major crisis in the making, fell under the media radar or were dismissed as doomsayers. Yet, even among these ‘Cassandras’, few anticipated the full extent of the crisis to follow. There may be a good reason for this. A new book, Crisis of Beliefs: Investor Psychology and Financial Fragility, by the economists Nicola Gennaioli and Andrei Shleifer, argues that one of the reasons why the 2008 crisis was so severe is that people changed. It seems that human psychology may at least partially explain the crash of 2008, investors beliefs on the level of debt or leverage that was sustainable, for example, changed. And that’s the tricky thing about predicting stock markets. Human nature, especially when it is aggregated and subjected to forces such as group think, is notoriously difficult to understand, let alone predict.
The use of security metrics and the formation of security teams should be viewed as complementary activities, though for many organizations some upskilling will be necessary, Robinson explained. "Foundational skills such as network security, endpoint security and threat awareness still form the bedrock of a strong team,” Robinson said. “But as the cloud and mobility have become ingrained into IT operations, other skills have taken on equal or greater importance.” In order to acquire the security skills organizations require, many are primarily looking to train current employees or expand their use of third-party security expertise. New hires and new partnerships are usually secondary considerations, Robinson explained. When it comes to the use of external resources, 78 percent of companies rely on outside partners for some or all of their security needs. Many firms rely on more than one partner, another indicator of the complexity of cybersecurity, Robinson explained.
"Because of the rapidly evolving nature of cyber threats, we're updating our [premarket] guidance to make sure it reflects the current threat landscape so that manufacturers can be in the best position to proactively address cybersecurity concerns when they are designing and developing their devices," says FDA Commissioner Scott Gottlieb, M.D. "This is part of the total product lifecycle approach to device safety, in which manufacturers must adequately address device cybersecurity from the design phase through the device's time on the market to help ensure patients are protected from cybersecurity threats." The draft guidance provides updated recommendations on cybersecurity considerations for device design, labeling and documentation that should be included in premarket submissions for agency approval of medical devices that have cybersecurity risk, FDA notes. The agency will conduct a public workshop for industry stakeholders on Jan. 29-30, 2019, to discuss the newly released draft guidance before it's finalized.
“If you can create a whole ecosystem that connects every individual without dropping anyone, you can create a network much greater than what Bloomberg has done,” Gurle said in an interview on the sidelines of Symphony’s Innovate conference in New York recently. “The key is openness.” Gurle compares Symphony to America’s interstate highway system. In that analogy, the banks are cities and towns, and use their own cars to travel on a network Symphony has built. The advantage is that banks can use their own proprietary systems and still interface with other systems. Using Symphony, banks are deploying chatbots that “talk” amongst themselves to make and settle trades. Bots at RBC and AllianceBernstein, for example, can execute trades with each other over the Symphony platform, while BlackRock and BNP Paribas use them to settle mismatched foreign-exchange swaps.
A modern application stack has four layers: infrastructure, data, networking and application code. At each of these layers, containers and microservices introduce a new way to deliver apps. As a result, container orchestration tools like Kubernetes are central to microservices management. While many security tools that work for standard applications produce effective results when applied to a microservices application, two aspects of microservices require additional attention and protection: application security and container security. Fortunately, there are plenty of advanced automation tools that support the fast and agile requirements of microservices security. Microservices application security is important because it involves multiple services rolled into one app. Those multiple services all work together to deliver a unified experience, and that means it's essential to perform dynamic testing on the services at the application level. In a microservices system, networking occurs between the services, as well as at the instance level.
Samsung’s 7LPP manufacturing technology offers impressive advantages over the company’s 10LPE specifically for mobile SoCs. Meanwhile, in a bid to make the process attractive to a broad range of potential customers, the foundry offers a comprehensive set of design-enablement tools, interface IP (controllers and PHY), reference flows, and advanced packaging solutions. The final PDK is months away, but many customers may start development of their 7LPP SoCs even with existing set of solutions. At this point 7LPP is supported by numerous Samsung Advanced Foundry Ecosystem (SAFE) partners, including Ansys, Arm, Cadence, Mentor, SEMCO, Synopsys, and VeriSilicon. Among other things, Samsung and the said companies offer such interface IP solutions HBM2/2E, GDDR6, DDR5, USB 3.1, PCIe 5.0, and 112G SerDes. Therefore, developers of chips of SoCs due in 2021 and onwards, which will rely on PCIe Gen 5 and DDR5, can start designing their chips right now.
It’s important to realize services are not tangible goods. An interface is not a service. A product is not a service. Shostack states, “People confuse services with products and with good manners. But a service is not a physical object and cannot be possessed. When we buy the use of a hotel room, we take nothing away with us but the experience of the night’s stay. When we fly, we are transported by an airplane but we don’t own it. Although a consultant’s product may appear as a bound report, what the consumer bought was mental capability and knowledge, not paper and ink. A service is not a servant; it need not be rendered by a person. Even when people are the chosen means of execution, they are only part of the process.” This makes it quite difficult to design for services. Often, the design of a service is overlooked by organizations and decisions related to the service supporting a product are not routinely considered in relation to how they impact the overall design of an experience. This results, most often, in poor service design and a poor experience.
Increasingly, threat hunting is a practice that enterprises want to understand and implement. But it is not always feasible to do so in-house, given the demand for resources and skills. That's where managed threat hunting enters, says CrowdStrike's Jennifer Ayers. Ayers, VP, OverWatch and Security Response at CrowdStrike, says the in-house/managed services decision is becoming a common, pragmatic discussion. "Companies want to be able to build out all this stuff, but in reality, if you only have $100, do you want to focus that $100 on building out a threat hunting organization that might only find evil once or twice a year in your particular environment, or do you want to use that funding to shore up your defense and response to those types of attacks?" In an interview on managed threat hunting, Ayers discusses: Her perspective on threat hunting; In-house vs. outsourced threat hunting; and The latest threats and how to defend against them.
Network engineer Brian Keys took a look at network resiliency and why it's so difficult for enterprises to have a network that's highly available. For one thing, nobody wants to pay for the technology necessary to achieve that goal. Additionally, finding architects with the experience to design a highly available network isn't easy. Still, Keys said, enterprises can take steps to improve their network's reliability. The use of uninterruptable power supplies is a good approach. So are redundant links for branch office connectivity. But knowing which techniques are necessary and which ones are just nice to have requires careful study. "A competent network designer should be able to tell with a high degree of certainty just how resilient the network is and in which ways," Keys said. "Probably the toughest part is to explain to upper management the pros and cons of the new proposal and get their buy-in."
It’s a radical shift from the way organisations collect and access personal data, but Holtby thinks is better not only for consumers but for organisations too. He explained: “Most companies treat the personal data of their users in a way that is, at best, hamstrung and at worst completely dysfunctional. “I would argue in the future most companies are going to want to have a pretty clear understanding of who their users are and who their customers are. They want to know as much as they can about those people. At best even the very biggest companies, today, have a very limited understanding of who their users are. “The quintessential ‘I know who my user is kind of company’, I would argue at the moment, is Google. Many think of Google as being the company that has the most data about its users. If you are being charitable to Google you could say it knows everything it would possibly want to know about its users, but in reality, all they have is Google’s data.
Quote for the day:
"Leaders must be good listeners. It_s rule number one, and it_s the most powerful thing they can do to build trusted relationships." -- Lee Ellis