Daily Tech Digest - May 30, 2019

GDPR - Data Privacy And The Cloud

GDPR - Data Privacy and the Cloud - CIO&Leader
The recent and rapid transition to multi-cloud networks, platforms, and applications complicates this challenge. To meet data privacy requirements in such environments, organizations need to implement security solutions that span the entire distributed network in order to centralize visibility and control. This enables organizations to provide consistent data protections and policy enforcement, see and report on cyber incidents, and remove all instances of PII on demand. Achieving this requires three essential functions: Security needs to span multi-cloud environments. Compliance standards need to be applied consistently across the entire distributed infrastructure. While privacy laws may belong to a specific region, the cloud makes it easy to cross these boundaries. ... Compliance reporting requires centralized management. Compliance reporting needs to span the entire distributed infrastructure. As with other requirements, this also demands consistent integration throughout the cloud and with the on-premise security infrastructure. Achieving this requires the implementation of a central management and orchestration solution

Disruption, data and the changing role of the CIO

This paradigm shift is a necessary result of the accelerated pace of technological change and increased pressure to adopt emerging technologies to avoid falling behind competitors. One possible response is to cling to the old ways, that is, to slow down adoption of 4IR technologies, and to resist the democratization of technology. But the risks of this approach, tempting as it might be given the sometimes overwhelming challenges, are high. First, a rigid or cumbersome process for adopting technologies will surely mean that competitors are moving forward faster. Second, a company that resists the democratization of technology may discourage potential employees who are intellectually curious. Further, such resistance to change may limit the potential of employees by signaling that compliance is more important than creativity. While having a heavy foot on the brake is a problem, a CIO who is pushing too hard on the accelerator isn’t the solution. The temptation is understandable.

Top 10 Future Trends In Android Development You Cannot Miss In 2019

IOT apps future trends in android development
Yes! People can now command the smart devices to perform basic routine activities and these devices will interact with the machine to run, stop, and function through the internet connection. Internet of Things (IoT) refers to the increased interconnectedness among different smart devices through the internet. It is one step ahead in device-to-machine interaction. For this, the smart devices should feature internet connection and sensors in order to allow the device to gather, receive, and transfer the information. It’s very much easy to operate and control the smart TV or a toaster in the kitchen or an air conditioner in the living room or a treadmill in the gym area through the smart devices. ... It’s fascinating that the wearables market is thriving and alive. Smart wearables are basically the use of technology which is worn on the body, close to the body or in the body. There’s no doubt about the trends in Wearables will go a step ahead to get many tasks done from a single smart device. Be it playing a game from a VR glass, from a smartwatch or from other Android wearables. Be it having a moving nurse with you to track your health through a smart belt, smartwatch or smart glasses.

Hackers targeting UK universities a threat to national security

In light of this, and the threat research programmes are under, 10% of 75 senior IT leaders polled by Vanson Bourne research “strongly agree” that a successful attack could have a harmful impact on the lives of UK citizens. Findings also show that nearly a quarter (24%) of UK universities polled believe their security and defence research may have already been infiltrated, while over half (53%) say a cyber attack on their institution has led to research ending up in foreign hands. “British universities have long been celebrated around the world for their academic excellence, and the role they play in not only driving technological and social innovation through research, but also advances in defence and security,” said Louise Fellows, director, public sector UK and Ireland, at VMware. “Keeping pace with today’s sophisticated cyber threats is an enormous challenge. Those responsible for protecting universities and the data they hold must examine how they can evolve practices and approaches in line with an increasingly complex threat landscape, including cyber security as a consideration at every stage of the research process by design,” she said.

Natural language processing explained

Natural language processing explained
Like any other machine learning problem, NLP problems are usually addressed with a pipeline of procedures, most of which are intended to prepare the data for modeling. In his excellent tutorial on NLP using Python, DJ Sarkar lays out the standard workflow: Text pre-processing -> Text parsing and exploratory data analysis -> Text representation and feature engineering -> Modeling and/or pattern mining -> Evaluation and deployment.  Sarkar uses Beautiful Soup to extract text from scraped websites, and then the Natural Language Toolkit (NLTK) and spaCy to preprocess the text by tokenizing, stemming, and lemmatizing it, as well as removing stopwords and expanding contractions. Then he continues to use NLTK and spaCy to tag parts of speech, perform shallow parsing, and extract Ngram chunks for tagging: unigrams, bigrams, and trigrams. He uses NLTK and the Stanford Parser to generate parse trees, and spaCy to generate dependency trees and perform named entity recognition. 

Baltimore Ransomware Attack Triggers Blame Game

The Times reports that the exploit was used numerous times, and proved very valuable for intelligence operations over a five-year period, before the agency lost control of it. Only then did the NSA alert Microsoft to the flaw, leading to it quickly issuing patches. And now Baltimore is one of the latest victims of attackers exploiting the flaw, the Times reports. The short list of who to potentially blame for the Baltimore incident now includes: the National Security Agency, for building the exploit and holding onto it for five years, without alerting Microsoft, before losing control of it; the shadowy group - maybe foreign, maybe domestic - calling itself the Shadow Brokers, which leaked the exploit in April 2017; Microsoft, for not building bug-free operating systems; the city of Baltimore, for having failed to apply an emergency Windows security update more than two years after it was released in March 2017 - and two months later for older operating systems - which blocked EternalBlue exploits in every Windows operation system from XP onward; and, of course, the attackers, whoever they might be.

Code Linux binary
In a technical report published today, Nacho Sanmillan, a security researcher at Intezer Labs, highlights several connections and similarities that HiddenWasp shares with other Linux malware families, suggesting that some of HiddenWasp code might have been borrowed. "We found some of the environment variables used in a open-source rootkit known as Azazel," Sanmillan said. "In addition, we also see a high rate of shared strings with other known ChinaZ malware, reinforcing the possibility that actors behind HiddenWasp may have integrated and modified some MD5 implementation from [the] Elknot [malware] that could have been shared in Chinese hacking forums," the researcher added. ... Hackers appear to compromise Linux systems using other methods, and then deploy HiddenWasp as a second-stage payload, which they use to control already-infected systems remotely.

Going beyond basic cyberhygiene to protect data assets

Skills and career development can start on a small scale, through free, vendor-sponsored programs, convenient online courses, or even at the library. ... By investing in learning as a lifestyle, common challenges such as finding time to sit down and complete a training module become easier to overcome. ... The scale and scope of cybercrime grows every day—new technologies introduce new vulnerabilities faster than they can be secured, and cybercriminals continue to find new ways to attack organizations. By understanding the pattern of evolution in the cyberlandscape and adopting an intelligence-based approach, technology and security professionals can arm themselves for anything that comes their way. As tech pros continue building security skills in daily operations, they take steps beyond basic cyberhygiene. Understanding their IT environment to uncover hidden risks, educating business leaders, leveraging data to show the value of IT efforts, implementing the “right” tools, and investing in training are key to going beyond basic cyberhygiene.

IoT > Internet of Things > network of connected devices
The technology itself has pushed adoption to these heights, said Graham Trickey, head of IoT for the GSMA, a trade organization for mobile network operators. Along with price drops for wireless connectivity modules, the array of upcoming technologies nestling under the umbrella label of 5G could simplify the process of connecting devices to edge-computing hardware – and the edge to the cloud or data center. “Mobile operators are not just providers of connectivity now, they’re farther up the stack,” he said. Technologies like narrow-band IoT and support for highly demanding applications like telehealth are all set to be part of the final 5G spec. ... That’s not to imply that there aren’t still huge tasks facing both companies trying to implement their own IoT frameworks and the creators of the technology underpinning them. For one thing, IoT tech requires a huge array of different sets of specialized knowledge. “That means partnerships, because you need an expert in your [vertical] area to know what you’re looking for, you need an expert in communications, and you might need a systems integrator,” said Trickey.

Business Associates Reminded of HIPAA Duties

Business Associates Reminded of HIPAA Duties
"Business associates still struggle with their HIPAA Security Rule obligations, in many of the same ways as do covered entities, including with regard to risk analysis, risk management and encryption, for example," says privacy attorney Iliana Peters of the law firm Polsinelli. "Business associates struggle with understanding their obligations to flow down the requirements of their business associate agreements with their own vendors that have access to protected health information." Covered entities and business associates alike must understand the lifecycle of their data so that appropriate HIPAA-required security safeguards are applied, Peters adds. And business associates should periodically conduct "mini-audits" of their security practices to ensure they are meeting obligations spelled out in their BA agreements, she says. Even though business associates became directly liable for HIPAA compliance nearly six years ago, confusion about their duties persists. "Some BAs fail to understand the full scope of their compliance responsibilities," says Kate Borten, president of privacy and security consultancy The Marblehead Group.

Quote for the day:

"If you truly love life, don’t waste time because time is what life is made of." -- Bruce Lee

No comments:

Post a Comment