Analysis of over 230,000 ransomware attacks which took place between April and September has been published by cyber security researchers at Emsisoft and one family of malware accounted for over half (56%) of reported incidents: the 'Stop' ransomware. Stop – also known as DJVU – first emerged in late 2018 and several different variants are known to exist. The ransomware is typically distributed by torrent websites, often hidden in cracked versions of software which users are attempting to download while avoiding paying for the product. However, this can come with an additional cost for the victim as Stop encrypts files with AES-256 encryption and demands a ransom of $490 in bitcoin in exchange for the decryption key. The ransom amount doubles after 72 hours in an effort to scare the victim into paying up immediately. "While attacks against home users have declined, Stop proves that consumer ransomware continues to be profitable," Fabian Wosar, CTO at Emsisoft told ZDNet. Commodity malware attacks remain common, but the most successful ransomware operations are making large amounts by compromising entire networks then demanding a ransom payments of hundreds of thousands of dollars in exchange for the network being restored.
In the tech industry, there’s a lot of talk about hiring candidates who may have the soft skills but fall short on some of the technical skills. There are many opinions on the topic, but is there really a right or wrong on this issue? With IT unemployment at its lowest on record, companies are desperate for tech talent. So, are you settling for talent if you hire someone without all the qualities and skills on your check list? Absolutely not. How do you know when it’s okay to hire a candidate when they don’t check every box? The answer can depend on the type of talent you are hiring. Hiring is very different for permanent and contract positions. You are on an entirely different timeline, with very different goals. For contract talent, the goal is a sprint to successfully deliver a project. For full time employees, it’s a marathon where winning means the growth, development and success of your team and company. These different goals mean you’re looking for different candidates and using a different interview process to identify and secure them. While the best-case scenario is to hire a candidate with both technical and soft skills, for permanent positions you can, and should, absolutely hire for soft skills, even when all the technical expertise isn’t there.
"It's easy to think of tasks as the individual actions, which can often be generic, that make up an overall process," said Pankaj Chowdhry, founder and CEO of FortressIQ, based in San Francisco. A simple example would be sending an email. That's a task that, in context -- such as responding to a complaint or updating a salesperson with a new shipping date -- would be part of a process. Processes are composed of tasks and decisions and are usually across multiple systems and user groups. Workflows are typically the technical view of a process, which are implemented in BPMN systems. "We've seen aha moments from clients when they see how a process spans multiple systems and sometimes even extends outside their enterprise," Chowdhry said. Access to accurate, up-to-date process information changes the way a business is run. This is evolving from simple log analysis to "Fitbit for the enterprise," allowing the same simplicity in software activity tracking and analysis.
One of the biggest hurdles to establishing a strong data protection framework is that small and mid-size businesses have much fewer resources than large corporations. Data protection and back-up is costly, and business owners may be left wondering whether spending on it is actually justified. When in doubt, it’s paramount to consider the costs associated with breached or lost data. Compromised customer or intellectual property information not only results in revenue loss, but is also damaging to a business’s reputation, which can have long-term consequences in the marketplace. Then there are the damage control costs: Following a data breach, a business may need to spend money on legal fees, public relations to remediate their image, and new technology to secure their data moving forward. There are solutions emerging that are specifically tailored to address the growing business needs of midsized companies with fewer IT resources than their enterprise counterparts, yet are facing the same technical challenges. Metallic, a new division of Commvault, offers a comprehensive data protection software as a service (SaaS) portfolio, with recovery and backup, that was designed for scalability and flexibility.
Rachel Reeves, chair of the Business, Energy and Industrial Strategy (BEIS) committee, said: “The switch to automation brings challenges for businesses and workers, with fears for livelihoods or disruption to job roles coming to the fore. The real danger for the UK economy and for future jobs growth is, however, not that we have too many robots in the workplace, but that we have too few. “The government has failed to provide the leadership needed to help drive investment in automation and robot technologies. If we are to reap the potential benefits in the future of improved living standards, more fulfilling work, and the four-day working week, the government needs to do more to support British businesses and universities to collaborate and innovate. Factors limiting the ability of the UK to take advantage of automation and robotics include management teams who do not understand or recognise the potential of automation; a lack of digital skills among parts of the workforce;
Around the world, organizations are showing a worrisome disconnect between their acknowledgement of cyber-risk as a top-rank priority and the way they are dealing with it. Essentially, it seems that organizations are zeroing in more on technology and prevention than on setting aside the time, resources, and activities they need to build meaningful cyber-resilience. Seventy-nine percent of respondents ranked cyber-risk as a top-five concern in their organization. This, in comparison to 62 percent in 2017. In fact, the number of firms that cited cyber-risk as their prime concern almost quadrupled, from 6 percent to 22 percent. This year’s survey revealed a notable drop in the firms’ confidence in every cyber-resilience area that matters. These include understanding, assessing, and measuring potential cyber-risks; the ability to reduce the likelihood of cyber-attacks or avert potential damage; and managing, responding to, and recovering from adverse cyber-events. This year, a mere 11 percent of companies reported a high degree of confidence in all three aspects of cyber resilience.
The ModelOps and ModelOps Health Check Assessment announcement marks a change in tone for SAS, a company that has traded on its reputation as a top provider of analytics software but hasn't been quick to embrace the changes happening in the market all around it. For instance, the market has welcomed a huge number of open source tools, new players in the field of big data, new programming languages such as Python, and new momentum for old programming languages like R. Plus, don't forget about cloud computing and storage. All the while, SAS remained confident in its core products and offerings, which had been closed to the open source technology that had gained so much popularity with undergraduate and graduate students pursuing data science degrees. In recent years SAS has gained a reputation of being "your grandfather's data science platform," according to Hare. "There are things that were happening outside the world of SAS that SAS was pretty much ignoring," Hare said. "SAS recognized over the past 3 to 5 years that they needed to do something different."
Ransomware continue to put many businesses, municipal governments and schools in a bind. Earlier this month, the FBI issued a new advisory saying that ransomware attacks "are becoming more targeted, sophisticated and costly, even as the overall frequency of attacks remains consistent." The FBI says it has seen a sharp decrease in indiscriminate ransomware attacks. But the losses from the successful attacks - often targeting healthcare, industrial and transportation companies - have become increasingly costly (see: Texas Pummeled by Coordinated Ransomware Attack). Attackers often first infect systems by sending phishing emails with attached malware. Also, they hunt for vulnerabilities in remote desktop protocol - or go on dark web marketplaces to buy stolen credentials for access to organizations via RDP - which is widely used in Windows environments but may have vulnerabilities or weak authentication credentials, the FBI says.
Many enterprises do not realize how often IPv6 is being used on devices that access their networks via VPN. Phones, tablets and laptops used for remote access to corporate networks commonly support IPv6 as do broadband and cellular services they might use to access the internet. As a result, enterprises often don’t recognize IPv6 as a security factor. They configure their VPNs to inspect only IPv4 traffic, which can leave mobile devices free to access IPv6 sites that could prove dangerous to business networks, devices and data. The way IPv4 protections work is, once the VPN has been established, the VPN concentrator inspects traffic bound for the internet and blocks traffic bound for destinations judged out of bounds by the policies the enterprise has configured. Most corporate VPNs enforce what is called no split-tunneling to enhance security by forcing all IPv4 connections to traverse the VPN. With no split-tunneling, once a VPN connection has been established, remote devices cannot make a separate connection to the internet at large.
Regression testing helps detect bugs in the source code early in the deployment cycle whenever code changes. The product team can save much time and effort in resolving build-up defects after releasing. Rather than functional testing that only focuses on inspecting behaviors of the new features, regression testing goes beyond to confirm the compatibility between newly added features and the existing ones. Hence, developers or tester can find it easier to investigate the primary cause of a test failure. With a software project that requires frequent updates and continuous improvements, regression testing is vital to guarantee the stability of application performance. With the fast speed of regression testing, software teams can receive more informative feedback instantly as well as resolve problems more quickly and effectively. Regression testing helps developers and testers put effort into building new features for software applications rather than turn back to fixing bugs on the previous test case.
Quote for the day:
If you don't write your own story, you'll be nothing but a footnote in someone else's. -- Peter Shankman