Daily Tech Digest - December 25, 2018

DevOps disruptors in 2019

null
In 2019, we see will be a significant shift from commercial testing to open source tools, which will have a dramatic effect on the testing vendors in the market. There are several reasons for this. We all know that continuous testing is a critical component for optimising DevOps pipelines, and by its definition, to continuously test teams must be able dramatically scale the number of tests being executed, including running full regression cycles nightly as opposed to end of the Dev cycle and a massive “shift-left” of testing, all the way to the pre-commit and per-commit level. However, traditional commercial solutions struggle to meet the demands of continuous testing in two ways. Firstly, they do not scale, nor do they have the reliability to meet continuous testing requirements. Secondly, with shift-left, the persona of the test author shifts from QA to Dev. All this means that yesterday’s commercial solutions are simply not a fit for today’s developers. Instead, Open Source solutions are a vital piece of making continuous testing a reality.


Web Portals: More Breaches Illustrate the Vulnerabilities

Web Portals: More Breaches Illustrate the Vulnerabilities
One factor contributing to security issues in web portals is that "most organizations don't think about the total cost of running the system/application," says Mark Johnson, a former healthcare CISO and shareholder at consulting firm LBMC Information Security. "Because of that, a newly reported vulnerability may not get patched, or they may be resource constrained and they make 'risky' configuration choices - like adding too many support people as system or application admins. Finally, they may not dedicate the resources necessary to monitor these systems as closely." Based on what BJC has publicly disclosed about its portal incident, it's unclear exactly what caused the breach, Johnson says. "If it was a problem with the portal software or some underlying system or middleware application configuration or patching, there are some basic things that everyone should look to do when they have interactive systems, especially portals, on the internet," he says. Those steps include understanding the requirements of the system or application and reviewing and then implementing security controls that need to be in place based on the "risk of the system or application" and the type of data involved.


Training machines sans bias will only augment humans: AWS executive

Machines
When it comes to humans, they are good in dealing with situations that have ambiguous kind of data points.  "Humans are really good at learning quickly with very little information. ML models are the opposite. They require a lot of data inputs to be able to be trained. "I would argue that you show someone a bicycle a few times and you show them how to ride a bicycle after few times the human being is able to ride that bicycle pretty easily. To just train a robot to ride a bicycle takes millions of hours of training," explained Klein.  In the last one year, AWS has released over 200 ML services and features.  When it comes to Amazon Alexa now talking to humans, he said lot of their customers are using the platform to do voice profiling for a variety of reasons.  "For example, in the financial services industry, we have customers that are looking into voice profiling as an additional factor at their call centres. So if they want to verify if it's you, they can add voice profiling as an additional factor to further reduce fraudulent or impersonation calls," he explained.


NIST Risk Management Framework 2.0 Updates Cyber-Security Policy

"The RMF provides a dynamic and flexible approach to effectively manage security and privacy risks in diverse environments with complex and sophisticated threats, evolving missions and business functions, and changing system and organizational vulnerabilities," the RMF states. "The framework is policy and technology neutral, which facilitates ongoing upgrades to IT resources and to IT modernization efforts—to support and help ensure essential missions and services are provided during such transition periods." The RMF 2.0 includes a long list of tasks that includes an outline of risk management roles within an organization as well as strategy. Identifying common controls as well as having a continuous monitoring strategy is another key component that is part of RMF. Risk itself is at the core of RMF 2.0, with the requirement that organizations execute a risk assessment that includes all assets that need to be protected.


Business owners must understand that having a one-size-fits-all approach to cybersecurity can leave substantial gaps making their businesses vulnerable. The first step is to think about exposure: this includes the hardware and software you are using as well as operations conducted via web or cloud-based systems. You should also consider what unique threats there are to a particular system. An important note: it isn’t enough to think about your own business. What about the third-party vendors you’ve hired? Any of their vulnerabilities will affect you, too. Connectivity of systems both internally and externally has been a major driver of technological progress, and the advent of things like cloud-based storage and mobile payment options have made doing business easier. But while interconnected systems may make things run more efficiently, it also can increase the risk – a vulnerability in one system can affect the connected ones as well.  Keeping critical systems like payroll, business email, and point-of-sale (POS) separate can decrease the inherent risks of connectivity and help ensure that one cyber threat doesn’t compromise a business’ entire operation.


Digital KYC – why it’s finger-clickin’ good

The universal availability of electronic documentation, such as identity cards, is a fundamental building block without which a fully digitised, automated and near real-time KYC capability proves difficult. Progress towards this is being made, notably in developing nations where the challenge of undocumented segments of the population was tricky until digital solutions became available. The Unique Identification Authority of India (UIDIA) was established in 2008 to give a digital identity to every resident. This ‘Aadhaar’ ID now gives access to many key services, including banking ... “Estonia’s approach makes life efficient: taxes take less than an hour to file, and refunds are paid within 48 hours. By law, the state may not ask for any piece of information more than once, people have the right to know what data are held on them and all government databases must be compatible, a system known as the X-road. In all, the Estonian state offers 600 e-services to its citizens and 2,400 to businesses.”


Keeping AI Beneficial and Safe for Humanity


One analogy that Stuart Russell uses that I find helpful is bridges. When we ask a civil engineer to build a bridge, we don’t have to specify ‘make sure it’s safe’ or ‘make sure it doesn’t fall down’. These concepts are built-in when we talk about bridges. Similarly, CHAI would like to get the field of AI to the point where if we ask a software engineer to build an AI system, we don’t have to specify things like value alignment, ethics, and human-compatibility — they should be built right into the definition of AI. If AI is not beneficial to humans, it’s not actually achieving its purpose. Yet we currently have no guarantees that the systems that are in development at the moment are going to be beneficial, and some good reason to believe they won’t be by default — just as a bridge built without the right engineering expertise likely wouldn’t be safe. “I’m not sure we need to have ‘smarter than human’ AI for a system to be dangerous. Any system that is sufficiently competent could be dangerous, even if it doesn’t resemble something that we would recognise as human-like. ...”


2019 Security Predictions Report Released

This year’s security predictions span the categories of cloud, consumer, digital citizenship, security industry, SCADA/manufacturing, cloud infrastructure, and smart home. I won’t spoil your reading of it, but one of the predictions that jumped out for me was regarding Business Email Compromise (BEC) and how targeted threats will go lower down in the org chart. This makes a lot of sense given that CxOs are getting harder to exploit via BEC. They are becoming more aware of the threat and more BEC safeguards are deployed to protect them. An example of such a safeguard is machine learning to fingerprint executive writing styles, like our Writing Style DNA. This prediction is quite actionable, especially given there are tools and techniques being deployed to protect the C-suite, that can be expanded to protect their direct reports as this threat pivots.


Report: Over 300 British Blockchain Companies Shut Down in 2018

Report: Over 300 British Blockchain Companies Shut Down in 2018
Putting a number on it, the U.K.’s Sky News has found out that at least 340 companies claiming to be involved with crypto or blockchain were shut down this year. It obtained these findings by analyzing publicly available figures from the databases of Companies House and Open Corporates. This figure is an increase of 144 percent from just 139 blockchain-related companies that went bust in 2017. The data shows that over 200 of those companies were established during 2017 and 60 percent of them closed down between June and November 2018 alone. On the other side, the number of newly-registered blockchain companies continued to raise throughout the year, reaching a total of 817 in November 2018, which means the market continued to grow overall. However, the report notes that the number of new companies is now growing slower than the number of blockchain businesses shutting down for the first time. And of the companies which haven’t been shut down, over 50 have removed references to blockchain or crypto from their name.


Digital disruption may widen the gender gap: Jessie Qin, EY

Digital innovation is taking over the workplaces and now is the right time to build diversity. In digital innovation, you need the left brain and the right brain to work together. However, there are pain points and frustration that come from the hypothesis that digital disruption is likely to increase the gender gap.  For instance, there is World Economic Forum data that shows if you look at the 15 top economies of the world, digital, robotics and AI will lead to job losses of about 5 million. Men will get one new job out of the three jobs they lose; women, on the other hand, will get only one job out of the five jobs they are losing. What’s even more alarming is that while the disruption stems from technology, women are far less digitally connected — the global Internet user gender gap grew from 11% in 2013 to 12% in 2016, according to data from the International Telecommunication Union. The gap remains large in the world’s Least Developed Countries (LDCs) at 31%.



Quote for the day:


"Leadership is liberating people to do what is required of them in the most effective and humane way possible." -- Max DePree