Daily Tech Digest - January 10, 2020

The smart cities challenge: How tech will update antiquated infrastructures

In terms of transportation initiatives , "Yes, we have to think of transportation," Lightman said, but for smart cities to operate optimally, she continued, we need to "look holistically as a system of a system," one that includes issues of "climate change and the critical thread of citizen engagement which runs through it."  She cited an example in her home state: 16 years ago, Pittsburgh went bankrupt and lost half of its population. Now stable and growing its a city poised to become an ideal smart city (Lightman acknowledges that losing half the population put considerably less stress the city's infrastructure). Carnegie Mellon , she said, is looking to address issues with "the infrastructure that's been neglected for almost 20 years; there are a lot of bridges and roads crumbling, and we have 40 active landslides."  This is where emerging technology like artificial intelligence (AI) and machine learning shines. Lightman stressed how important artificial intelligence (AI) is in predicting natural disasters such as landslides. "AI," she said, "will solve many problems."

5 Tips on How to Build a Strong Security Metrics Framework

Know your audience. This advice applies to many areas, including metrics. The first step toward building a strong metrics framework is to understand who you're building it for, even if there are multiple audiences. The metrics reported to the board and executives will be different than those you use to make operational improvements and tactical adjustments. The metrics provided to customers showing that their data is protected will be different than the metrics for security management to make well-informed decisions. A good metrics framework provides the right metrics to the appropriate audiences, even when there are multiple audiences. ... If you've ever had your home or car inspected, you know that there are acceptable levels for radon in a home or emissions from a car. It isn't black or white or on or off. There is a range of levels within which the home or car passes the test, and outside of which, it fails. The same should be true for metrics.

U.S. Funds Program With Free Android Phones For The Poor — But With Permanent Chinese Malware

Cyber Security Concerns In The Global Wake of Hacking Threat
The affected device is a UMX phone shipped by Assurance Wireless and one of the preinstalled malware, according to MalwareBytes senior analyst Nathan Collier, is the creation of a Chinese entity known as Adups. Though the tool looks and operates as a Wireless Update program, it’s capable of auto-installing apps without any user consent, which it starts doing immediately, according to a MalwareBytes analysis of a device, shared with Forbes ahead of publication. Adups hadn’t responded to a request for comment at the time of publication. “This opens the potential for malware to unknowingly be installed in a future update to any of the apps added by Wireless Update at any time,” Collier wrote in a blog post published Thursday.  Historically Adups tools have been caught siphoning off private data from phones, including the full-body of text messages, contact lists and call histories with full telephone numbers.  A second malware comes preloaded on the Assurance Wireless-supplied device—the phone’s own Settings app, Collier claimed. 

4 habits of effective DevOps engineers

Having an understanding of technology foundations will go a long way in DevOps, says Dempers. Enterprise deployments are accelerating, and there isn't enough time to dig into the weeds of every new technology, he says. "Learn about the underlying fundamentals of a technology, rather than how to use the technology, and how to apply the technology." For example, "instead of just learning how to run a Docker container, dive into the Linux features that make containerization work, and learn about those features. It makes it really easy to understand how Docker works. Then you can then move on to technologies like Kubernetes that use the same Linux kernel features." With an understanding of the underlying technology, it will be easier to communicate across the organization and understand how the technologies interact, Dempers adds. "You basically learn how to put all the pieces of the puzzle together and paint a picture in your head about the technologies. Then you can focus on the gaps of the things you're missing, rather than just focusing on how to use a technology."

The US just released 10 principles that it hopes will make AI safer

An American Flag
The newly proposed plan signifies a remarkable U-turn from the White House’s stance less than two years ago, when people working in the Trump administration said there was no intention of creating a national AI strategy. Instead, the administration argued that minimizing government interference was the best way to help the technology flourish. But as more and more governments around the world, and especially China, invest heavily in AI, the US has felt significant pressure to follow suit. During the press briefing, administration officials offered a new line of logic for an increased government role in AI development.  “The US AI regulatory principles provide official guidance and reduce uncertainty for innovators about how their own government is approaching the regulation of artificial intelligence technologies,” said US CTO Michael Kratsios. This will further spur innovation, he added, allowing the US to shape the future of the technology globally and counter influences from authoritarian regimes. There are a number of ways this could play out.

Learning from the Travelex cyber attack: Failing to prepare is preparing to fail

The key lesson we can take from the Travelex breach is that an effective response to a breach is a critical business function and is no longer the sole province of the IT department. Rather, it should be a core business competency supported by senior management with input from other business areas, such as HR, legal and compliance, public relations, customer support and the data protection team. As demonstrated by the Travelex breach, an incident can disrupt your business, with critical systems taken offline. To minimise the levels of disruption a cyber attack can inflict on your business, your incident response plan should be integrated closely with your business continuity plans. Finally, practice makes perfect, so regularly test how effective your processes are. Better to discover weaknesses in how you can respond to an incident during an exercise rather than in the midst of a real crisis.

The Bank of the Future Will Have Data Vaults and Money Vaults

Think about Google Assistant and Google Live on Google. These are next-generation digital services that can learn from their users, and can get better as their users use them. In the banking world, almost all banks are trying to build such services on their digital channels – next-generation concierge services that can understand the needs of their users and can adapt and give the right information to the right user at the right time. That’s what we refer to as “context-aware computing” or “contextualization.” Building these types of capabilities in the past required a lot of I.T. processes, algorithmic expertise, understanding things such as statistical modeling and predictive modeling. Flybits has really simplified that process for banking institutions. Instead of expecting the institution to hire data scientists and algorithmic experts, we have built platforms that even a marketing intern can be trained on, allowing them to focus more on use cases and creativity rather than worrying about I.T. complexities. This allows the bank or credit union to bring these next-generation predictive use cases to the market faster and in more efficient ways.

Restart Data and AI Momentum This Year

Image: geralt - pixabay
Starting small is the right way to tackle such a project, Bean agrees. "Companies need to demonstrate quick wins and measurable results to establish credibility and build momentum," he said. "We believe that those firms that start small, focus on a key business question or two, and show quick results, are most successful at creating a foundation for future success." IT's contribution to these steps come in a few key ways. Davenport said that IT plays an important role in helping the business leaders understand what's possible with a particular technology. "They need to educate and build relationships as much as they need to build technology infrastructure," he said. The partnership between IT and line-of-business owners is key to the success of projects, according to Bean. ... One key role that remains in flux in 2020, according to the survey, is Chief Data Officer or Chief Analytics Officer. A growing number of organizations are hiring for this role from outside the firm.

Google details its three-year fight against the Bread (Joker) malware operation

android mobile malware
In a blog post detailing its fight against the Bread gang published last night, Google said that the operators "have at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected." Google's security team said the malware was not what someone would call sophisticated, but just more persistent than others. "Sheer volume appears to be the preferred approach for Bread developers," Google said. "At different times, we have seen three or more active variants using different approaches or targeting different carriers," Google added. "At peak times of activity, we have seen up to 23 different apps from this family submitted to Play in one day." Google also said that Bread malware strains have also been spotted on the Play Store, suggesting this malware operation knew what and who to target from the get-go and never deviated from its path even if they weren't initially successful.

The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About

The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
While AI is undoubtedly being researched and developed as a means of crippling an enemy state’s civil and defense infrastructure during war, it’s also easily deployable by criminal gangs and terrorist organizations. So rather than between nations, today’s race is between hackers, crackers, phishers and data thieves, and the experts in cybersecurity whose job it is to tackle those threats before they cause us harm. Just as AI can “learn” to spot patterns of coincidence or behavior that can signal an attempted attack, it can learn to adapt in order to disguise the same behavior and trick its way past our defenses. This parallel development of offensive and defensive capabilities will become an increasingly present theme as AI systems become more complex and, importantly, more available and simpler to deploy. Everything from spam email attempts to trick us into revealing our credit card details to denial-of-service attacks designed to disable critical infrastructure will grow in frequency and sophistication.

Quote for the day:

"Nobody in your organization will be able to sustain a level of motivation higher than you have as their leader." -- Danny Cox

No comments:

Post a Comment