Daily Tech Digest - November 13, 2019

Best Strategies For Data Security And Compliance

Assessing which obligations apply to your organisation can be arduous but it’s a vital process when considering the consequences of non-compliance. On balance, the costs incurred to establish the necessary policies, acquire the relevant applications, and hire the right staff are far outweighed by the huge costs which come from failing to comply. The value of adequate preparation is even higher for those industries held accountable to the most stringent regulation. In particular, financial services, healthcare and public sector organisations are key targets for cybercriminals due to the ‘sensitive’ data they handle. Companies operating in these sectors must be even more focused on boosting collaboration between security, privacy and compliance teams to ensure the appropriate privacy and security policy-setting and monitoring has taken place. Organisations can avoid major fines and hits to their bottom line caused by reputation damage and lack of customer trust if they adhere to the data privacy and security regulations that apply to their data. The costs of proactively protecting an organisation against bad actors will very likely save a lot of money in the long run.

“After witnessing a gradual increase in compliance from 2010 to 2016, we are now seeing a worrying downward trend and increasing geographical differences,” said Rodolphe Simonetti, global managing director for security consulting at Verizon. “We see an increasing number of organisations unable to obtain and maintain the required compliance for PCI DSS, which has a direct impact on the security of their customers’ payment data. With the latest version of the PCI DSS standard 4.0 launching soon, businesses have an opportunity to turn this trend around by rethinking how they implement and structure their compliance programmes.” Verizon’s report also incorporated data from its in-house Threat Research Advisory Centre (VTRAC), which found that compliance programmes lacking the proper controls to protect data were completely unsustainable and far more likely to be hit by a cyber attack. 

China Said It’s Developing 6G. What Does That Mean?

Though the United States has not launched its own assertive statement about 6G endeavors, critical research on the next generation of wireless technology is already happening at academic institutions across the country. Professor in the Bradley Department of Electrical and Computer Engineering at Virginia Tech Walid Saad and his team are already exploring the future of 6G wireless communication systems—with funding from the United States’ government.  “From my perspective, this announcement doesn’t worry me—it actually corroborates that we are doing the right thing in doing this research. From an academic perspective, it’s also nice to see, whether it’s China or other countries working on similar topics, because we can have collaboration and the exchange of ideas,” Saad said. “So it doesn’t feel threatening at all from an academic perspective, it’s more like ‘that’s nice, let’s see more activity happening.”

7 Ways to Make Test Automation Effective in Agile Development

One of the main reasons behind not achieving desired results in agile testing with automation is that agile development is all about continuous delivery with a number of short iterations in a development and deployment pipeline. Because of which QA teams often get to run short and frequent regression testing sprints as well. Small testing cycles means that it has now become more complicated for the testers to find, fix, and test the products of each iteration. Thus, it is essential to allocate enough time for testing, automation testing as well. The first step in reducing the test times is to start executing parallel testing, i.e., running multiple test threads at the same time. Parallel testing will not only improve the automation process, but it will also improve the team’s productivity. It will even allow your testers to invest time in more exploratory testing and actually debugging the issues there are. Another vital factor to consider is building robust tests. Testers need to develop quality test scripts that can be integrated with regression testing easily.

How much does it cost to launch a cyberattack

United States one-cent coin / penny / binary code
The low cost of entry, relative ease with which attacks can be deployed, and the high returns means the potential pool of threat actors isn’t limited by technical skill level. “If we look at the barrier to entry three years ago versus the barriers to entry now, a lot of these very focused services really didn't exist or were just starting to kind of really come into the market,” says Keith Brogan, managed threat services leader at Deloitte Cyber Risk Services. “It really isn't that expensive or hard for cybercriminals to go out and make some money very easily. The barrier to entry is very low; you could very easily get access to these different services and enablers and really turn a profit pretty easily. You are in some cases limited by your own imagination,” Brogan adds. This low cost of doing business and high rate of return means disparity between the profit criminals make versus the cost of repairing the damage is huge, says Oliver Rochford, director of research at Tenable. With ransomware, for example, he says even with a payment rate of 0.05% the ROI is estimated to be over 500%. While estimated global revenue of cybercrime is around $1.5 trillion, Rochford says the cost of damage is thought to be upwards of $6 trillion.

Why your providers should support IPv6

world globe global network nodes wifi internet code programming
It would be disappointing to discover that a service provider has not yet implemented IPv6 at all. That would be a huge red warning flag that the service provider is not innovative when it comes to network technology. If the provider isn’t offering IPv6 services at this stage, it calls into question its prioritization of innovation and whether it is falling behind the competition in other areas. This situation really puts the enterprise into a bind if they may need IPv6 capabilities sooner rather than later because the enterprise’s ability to enable IPv6 is based on the IPv6 deployment schedule of the provider. Each enterprise is different and has a different motivation for enabling IPv6 on their public-facing applications and services. IPv6 deployment is an inevitable technology as there is no other alternative to the IPv4 address exhaustion problem. Given that IPv6 is an eventuality for enterprises, they should start to plan for the deployment and assess the constraints to their deployment schedules. Enterprises should ask providers what services they offer with IPv6 to determine where they stand and what options they have.

Micron announces 1TB industrial microSD, aimed at surveillance markets

Micron is positioning the card for edge compute, with surveillance systems increasing storing video on-device, rather than transmitting everything to external storage as it is recorded, eliminating the need for on-site DVRs, lowering TCO costs. This may be an application where QLC NAND makes sense, if it takes three months to fill the microSD on a continuous write (though increasing the resolution of the storage image could undercut this). Given that QLC is rated for 100 to 1,000 erase/write cycles, for three months per device write, a pessimistic view would put the lifespan at 25 years. Micron returned to the microSD market earlier this year with the release of the c200 series, also powered by 3D QLC NAND.  The company previously owned the consumer-focused brand Lexar from 2006-2017, selling it to Longsys in August 2017. Under the direction of Longsys, Lexar re-entered the market in August 2018, introducing its first 1TB (full-size) SD card this January, 15 years after Lexar introduced its first 1GB SD card.

Shared responsibility model key to solving 5G security problem

“With the large number of devices associated with 5G, authentication and identity need to be considered in the scope of security, similar to the public cloud. The 5G service provider can help confirm device identity as well, because the network will know a device’s physical location. In a way, the 5G service provider uses the network itself as a security tool,” she added. Lanowitz said that while introducing 5G networking affected many different technical areas, it was also an ideal opportunity to enhance and modernise approaches to security. For example, software-defined networking (SDN) and network functions virtualisation (NFV) technology will help organisations prepare for the sheer scale of 5G, but in parallel, there is no reason why security cannot also be virtualised and automated to some degree.

Everything you need to know about brain-computer interfaces and the future of mind-reading computers

I'm not sure I'm willing to have a chip put in my brain just to type a status update. You may not need to: not all BCI systems require a direct interface to read your brain activity. There are currently two approaches to BCIs: invasive and non-invasive. Invasive systems have hardware that's in contact with the brain; non-invasive systems typically pick up the brain's signals from the scalp, using head-worn sensors.  The two approaches have their own different benefits and disadvantages. With invasive BCI systems, because electrode arrays are touching the brain, they can gather much more fine-grained and accurate signals. However, as you can imagine, they involve brain surgery and the brain isn't always too happy about having electrode arrays attached to it -- the brain reacts with a process called glial scarring, which in turn can make it harder for the array to pick up signals. Due to the risks involved, invasive systems are usually reserved for medical applications. Non-invasive systems, however, are more consumer friendly, as there's no surgery required -- such systems record electrical impulses coming from the skin either through sensor-equipped caps worn on the head or similar hardware worn on the wrist like bracelets.

Diligent Engine: A Modern Cross-Platform Low-Level Graphics Library

This article describes Diligent Engine, a light-weight cross-platform graphics API abstraction layer that is designed to solve these problems. Its main goal is to take advantages of the next-generation APIs such as Direct3D12 and Vulkan, but at the same time provide support for older platforms via Direct3D11, OpenGL and OpenGLES. Diligent Engine exposes common C++ front-end for all supported platforms and provides interoperability with underlying native APIs. It also supports integration with Unity and is designed to be used as graphics subsystem in a standalone game engine, Unity native plugin or any other 3D application. The full source code is available for download at GitHub and is free to use. ... The repository contains tutorials, sample applications, asteroids performance benchmark and an example Unity project that uses DiligentEngine in native plugin.

Quote for the day:

"Bad times have a scientific value. These are occasions a good learner would not miss." -- Ralph Waldo Emerson

No comments:

Post a Comment