Daily Tech Digest - September 28, 2019

5G and IoT: How to Approach the Security Implications


The first thing is an IoT bot. The botnet nodes, they actually spend most of their time scanning the network looking for other victims. That’s their primary, the primary thing that they do. And because of that these botnets naturally increase in size over time. Eventually once they’ve covered all the devices available, again, the botnet sizes are sort of self-limiting. And that’s a thing to bear in mind when we start talking about the 5G thing. Because in the future with 5G, the number of IoT devices is going to increase exponentially and so the size of these potential botnets is going to be quite, quite incredible. That’s one thing to bear in mind. When an IoT bot finds a new victim, it responds back to its command-and-control server. And then they go ahead and infect that new device that’s been detected. And that device will then become a member of the bot. And the botnet gets larger and it continues to scan. One of the key things here is that in order to be infected, the device has to be visible from the internet, visible from the existing botnet members.
Much like any disruptive technology, blockchain has a diversity problem which further limits accessibility. For the most part, blockchain expertise is confined to the financial and technological industries and the affluent white men that dominate them. Services from Amazon, IBM, Microsoft and Oracle may bolster blockchain use, but they don’t solve this fundamental issue. Tech education startup Maiden aims to make blockchain more accessible by teaching members of traditionally underrepresented groups about transactions, smart contracts, and other applications of the technology. Ultimately, if blockchain products are created by groups that genuinely represent society, they will impact more people and break down educational barriers. Big businesses with tech expertise are making it possible for more organisations to benefit from blockchain with hosted platforms and BaaS. However, without more effort given to education and understanding, companies will continue to shy away from distributed ledger technology.


More Data Doesn’t Guarantee That Analytics Will Deliver Digital Transformation

A man holding a laptop and woman pointing to a digital screen
We often overlook the presence of disconnected and fragmented data silos – making it impossible to paint a complete picture of the business because different segments linger in detached states or isolated buckets. Left disintegrated, these data buckets rust in data warehouses and lakes – unless they evolve into cohesive and compatible building blocks that form the foundation of an intelligent enterprise. ... Having more data doesn’t do much good if we aren’t asking the right business questions or don’t understand the assumptions behind them. Through critical thinking, we need to carefully examine evidence based on what’s relevant to the question before reaching any conclusions or making any decisions. That starts by asking questions, which is a prerequisite for asking the right questions. The process of creating value with data begins and ends with business leaders who promote a culture of data-driven decision-making. When it’s absent, we lose direction and guidance and cannot make a significant impact.


GDPR: Only one in three businesses are compliant – here's what is holding them back

"For many organisations, the true size of the GDPR challenge only became apparent as they began the initial projects to identify the applicable data that they held. As a result, only the most focused organisations had completed their GDPR readiness by the time the legislation came into force," Chris Cooper, head of cybersecurity practice at Capgemini, told ZDNet. Businesses that aren't yet compliant with privacy legislation point to a number of obstacles that prevent them from being so. Chief among those is legacy IT systems, with 38% of those surveyed suggesting that their current IT landscape isn't aligned to the complexities of GDPR. Meanwhile, 36% believe the requirements of GDPR are too complex and require a lot of general effort to implement, while one third of respondents say that the financial costs of achieving alignment with GDPR are too prohibitive. Not only are businesses that remain non-compliant putting themselves at risk of falling victim to a data breach and the financial and reputational damage that could create – alongside the financial cost of a regulator fine – they're also holding themselves back from the benefits that compliance can bring.


New SIM card attack disclosed, similar to Simjacker

SIM card
This new attack, named WIBattack, is identical to Simjacker, an attack disclosed at the start of the month by mobile security firm AdaptiveMobile. Both attacks work in the same way, and they grant access to similar commands, with the exception that they target different apps running on the SIM cards. Mainly, Simjacker runs commands against the S@T Browser app, while WIBattack sends commands to the Wireless Internet Browser (WIB) app. Both are Java applets that mobile telcos install on SIM cards they provide to their customers. The purpose of these apps is to allow remote management for customer devices and their mobile subscriptions. In a report released earlier this month, AdaptiveMobile said it discovered that a "private company that works with governments" was using rogue commands sent to S@T Browser apps running on SIM cards to track individuals. In a report published last weekend, security researchers from Ginno Security Labs said that the WIB app was also vulnerable to similar attacks, although they were not aware of any attacks.


10 principles of workforce transformation

Many business leaders realize that they can’t just hire the workforce they need. There aren’t enough prospective recruits, and the expense would be enormous. Instead, companies must upskill their existing employees or members of their communities. This means expanding people’s capabilities and employability, often using adult learning and training tools, to fulfill the talent needs of a rapidly changing economy. Upskilling is part of the answer. But you also need to rethink your jobs: redesign the workflow, combine some positions, add others, and probably eliminate some. You need to be more creative in finding and onboarding people, including through acquisitions, partnerships, gig economy–style freelancing arrangements, and talent pools oriented to flex work. Finally, you must fill your enterprise with opportunities for continual self-renewal via modern learning strategies and digital technologies, so that becoming adept in new technologies is just part of everyday life.


AI And The Evolutionary Commoditisation Of RPA


Artificial Intelligences’s evolutionary path is actually very different. Although it’s been around in various forms since the 1950s, we are still very early in the journey, but with the technology developing at an exponential rate. What we have now is the perfect storm of ubiquitous data (which AI feeds off), storage costs for all this data that is so cheap that they almost become irrelevant, the processing power to run complex models in minutes rather than days, and everything connected together(including access to publicly available data training sets). AI is ready to really lift off. But before we get carried away and start to imagine sentient machines that will take over the world, we need to remember that everything that AI does is very narrow. That means that each AI model can do one thing, and one thing only, very well. An AI trained to recognise pictures of dogs can’t read text. It can’t even be used to recognise pictures of cats – the system would need to be completely wiped and retrained using cat pictures instead of dog pictures.



The IT Pyramid of Pain: how IBM’s CIO Fletcher Previn retains top talent

For many organisations, digital transformation has shifted the function of IT from being solely a service provider to a business driver. On these grounds, Fletcher encourages other IT departments to get more involved in the cultural aspects of their organisation. He said: “The culture of any work environment is largely a function of how work gets done. That, in turn, means that the tooling and IT surrounding the employees is not trivial – it’s core to any strategy for creating a high-performance workforce. “In order to create an environment where talented people want to work, and in particular, where gifted engineers want to work, I have to provide a productive environment for our people. “Also important is building out a modern DevOps software development stack, and enabling employees with the best tools available. Our general approach to this is: give people the right tools and equipment, manage those assets in a modern way, and enable self-service in the environment.”


10 Ways AI And Machine Learning Are Improving Endpoint Security

10 Ways AI and Machine Learning Are Improving Endpoint Security
AI and machine learning are proving to be effective technologies for battling increasingly automated, well-orchestrated cyberattacks and breach attempts. Attackers are combining AI, machine learning, bots, and new social engineering techniques to thwart endpoint security controls and gain access to enterprise systems with an intensity never seen before. It’s becoming so prevalent that Gartner predicts that more than 85% of successful attacks against modern enterprise user endpoints will exploit configuration and user errors by 2025. Cloud platforms are enabling AI and machine learning-based endpoint security control applications to be more adaptive to the proliferating types of endpoints and corresponding threats. ... Combining supervised and unsupervised machine learning to fine-tune risk scores in milliseconds is reducing fraud, thwarting breach attempts that attempt to use privileged access credentials, and securing every identity on an organizations’ network. Supervised machine learning models rely on historical data to find patterns not discernable with rules or predictive analytics.



The best API strategy is not to start with an API strategy

clouds-crane-over-hudson-river-cropped-june-2013-photo-by-joe-mckendrick.jpg
Business requirements first -- APIs later, says David Berlind, editor of ProgrammableWeb, in his keynote presentation at the recent MuleSoft Connect event in New York.  "The APIs come at the very end," he says. Every effort should start with customer experience and business strategy, he explains. "You don't start with an API strategy. You tart with a business strategy and customer experience. Then you figure out what APIs need to be in place, so information can be exchanged between you and your partners. Then you think about the design of those APIs, the technical specifics and tactical stuff. Then you have an API strategy, and an ecosystem." There's been plenty of talk that the "i" in CIO or IT should stand for "innovation." However, Berlind believes "imagination" is more appropriate. "For decades now, we've been struggling to keep the lights on in IT, reduce costs, do more with less. In my view, its time to rethink that process. Get the organization to understand the power of the API, and how it could be such a game-changer to whatever industry you're in." ... "It's important to get everybody in the organization aware of where the APIs are. But it's also equally important to make sure the entire organization understands the power of the APIs, and how it allows them to imagine different outcomes -- outcomes that were quite unimaginable just a few years ago. ..."



Quote for the day:


"Valor in the leader is often an expression of the leader's character, fortitude, grace, vulnerability, openness, and honesty." -- Catherine Robinson


No comments:

Post a Comment