Daily Tech Digest by Kannan Subbiah

October 27, 2016

How IoT technologies are disrupting the aerospace and defence status quo

While current solutions only permit the airborne transfer of data for key vital parameters to maintenance crews, expanding this remit would allow them to determine the continual status and performance of individual parts and components within the engines, systems, and subsystems across the wider aircraft. This continuous visibility of the aircraft’s performance is crucial. If, for example, one of the engine vitals fails mid-air, a standby system would kick in and run all of the necessary functions to enable it to complete its journey safely. An alert would then be sent to the ground staff, who could use the real-time information to determine the cause of the failure, before engaging the necessary personnel and sourcing the components required to get the aircraft back up and running as soon as it lands.

Dealing with multiple service providers: A necessary evil

If dealing with an ever-expanding IT ecosystem is a mandate for enterprises, then developing the organizational maturity and capability of integrating and managing services purchased from disparate and specialized vendors is a necessary part of it. This means automating multi-vendor governance capabilities and leveraging tools and processes that help integrate the delivery and management of services from an end-to-end perspective. The fast-developing ecosystem proffers a strategic choice: to buy services (outsource to a third party) or to build services (develop in-house capability and implement within the enterprise). And, at the risk of stating the obvious, there’s no one-size-fits-all answer.

Can Fintech Prevent The Next Financial Crisis?

Under the current system, bankers do not risk their own money; rather, the risk is entirely on their savers aka the bank’s depositors. Under extreme circumstances, the government may be required to foot the bill if and when things turn sour at the bank. As for the bankers themselves they have very little at stake; in fact, their willingness to take risks (with their depositors’ funds, of course) often leads to lucrative bonuses. Bankers at no time do they risk their own savings or pensions. And that’s the real problem; how can professionals be expected to take low risk on behalf of others when they have so much to gain and so little to lose? We can’t expect them to take the high road; indeed, the sub-prime crisis proves that. So how exactly will P2P lending make a difference?

The difference between open source and open governance

On the open domain, the only two non-functional things that matter in the long term are whether it is open source and if it has attained momentum in the community and industry. None of this is related to how the software is being written, but this is exactly what open governance is concerned with: the how. Open source governance is the policy that promotes a democratic approach to participating in the development and strategic direction of a specific open source project. It is an effective strategy to attract developers and IT industry players to a single open source project with the objective of attaining momentum faster. It looks to avoid community fragmentation and ensure the commitment of IT industry players.

Ransomware: The Next Big Automotive Cybersecurity Threat?

“The current ransomware business model works well because the attackers ensure that the price paid is well worth the data restored,” explained Tony Lee, technical director at security research firm FireEye. “Can home users put a price on precious family photos or financial documents? Can organizations put a price on critical information necessary to conduct business? If that answer is yes and the price is low enough, the ransom will be paid.” The same rationale can be extended to vehicles. Approximately 250 million connected cars are expected to be on roads worldwide by 2020, according to a 2015 analysis by technology consulting firm Gartner, making connected cars the next potential market for hackers. These attacks could range from simply locking motorists out of their vehicles to locking them inside; a more ominous scenario would allow hackers to freeze the ignition, essentially “bricking” the car and making it completely unusable.

5 strategies to reboot your IT career

Technology changes faster than many of us can keep up with it. New paradigms like software-defined networks and the cloud emerge, and the old ones continue to hang around. But while the hotshot programmers and big data geeks get to play with the shiny new toys, you're busy waiting for the robots to come and take away your job. ... It doesn't have to be that way. Whether you cut your teeth on Unix and AIX or you tire of doing the necessary but thankless tasks that come with keeping the lights on and the datacenter humming, there's still time to reinvent yourself. It won't be fast or easy. It will mean investing a lot of time and possibly some money, taking risks, and hacking code. But it can turn into a much greater reward, both financially and psychically.

A Quick Primer on Isolation Levels and Dirty Reads

If you need to repeat the same read multiple times during a transaction, and want to be reasonably certain that it always returns the same value, you need to hold a read lock for the entire duration. This is automatically done for you when using theRepeatable Reads isolation level. We say “reasonably certain” for Repeatable Reads because of the possibility of “phantom reads”. A phantom read can occur when you perform a query using a where clause such as “WHERE Status = 1”. Those rows will be locked, but nothing prevents a new row matching the criteria from being added. The term "phantom" applies to the rows that appear the second time the query is executed. To be absolutely certain that two reads in the same transaction return the same data, you can use the Serializableisolation level.

Residential routers easy to hack

Weak passwords can be easily exploited. Fourteen percent of simulated attacks on the routers were, in fact, victorious. The probing attack methodology was simply to use common default usernames and passwords, along with some frequently used combinations. Telnet was left open on 20 percent of the routers, and command injection vulnerabilities were also caught. Telnet, as an unsecured service, shouldn’t be openly available to even a local network, ESET explains. Command injection vulnerabilities “aim for the execution of arbitrary commands on the host operating system.” They use a vulnerable application, the security company says. Proper input validation fixes the deficiency. Of that 7 percent of the now-common household devices with software vulnerabilities, about half (53 percent) had “bad access rights vulnerabilities,” or permissions problems, in other words.

Can government-funded innovation solve the cyber security threat?

Expecting the federal government to produce solutions is hopeful at best and woefully naive at worst, though that isn’t to say that it can’t somehow play a part. Even if it can’t actually develop the technologies necessary to compete in this new battle arena, it can still fund innovative R&D that can be developed into the next generation of defense infrastructure. This can be achieved through the Small Business Innovation Research (SBIR) program, a highly competitive research initiative through which domestic small businesses respond to federally specified R&D requirements with commercial applications. Awards are distributed in two phases, first for feasibility and proof of concept of the product, and then for further development and commercialization.

Five Questions General Counsels Should Ask About Privacy and Cybersecurity in Third-Party Contracts

Regulators are cultivating an ever-increasing patchwork of data protection laws and regulations. Because third parties may host and process data in various locations around the world, companies must keep abreast of constantly evolving developments in global data protection laws and regulations, including data localization laws and data transfer regulations. Compliance failures may subject a company to considerable fines and penalties (e.g., the EU General Data Protection Regulation, effective in May 2018, will allow penalties of up to four percent of worldwide revenues for compliance failures). In addition, data localization laws, which require that data must remain in the country, are emerging. For example, Russia has such a law, and others have been proposed in Indonesia and China.

Quote for the day:

"Without Simplicity and Transparency, you could become a Happy Underachiever." -- @GordenTredgold

October 26, 2016

7 Deadly Sins of Project Management You Should Never Commit

The biggest blunder that can derail your project is selecting the wrong person as your Project Manager. According to American Eagle Group data, around 80% of Project Managers lack formal training, which is one of the major reasons why 55% of projects fail. On the other hand, a Standish Group CHAOS report revealed that Project Managers equipped with formal training have a success rate of more than 70%. This goes to show the importance of trained Project Managers and how it could increase your chances of completing your projects on time and within the budget. Select a Project Manager whose experience and skills coincide with your project management requirements. On the other hand, a Standish Group CHAOS report revealed that Project Managers equipped with formal training have a success rate of more than 70%.

Advanced Use Cases for the Repository Pattern in .NET

When designing a repository, you should be thinking in terms of “what must happen”. For example, let us say you have a rule that whenever a record is updated, its “LastModifiedBy” column must be set to the current user. Rather than trying to remember to update the LastModifiedBy in application code before every save, you can bake that functionality right into the repository. ... Normally repositories are context free, meaning they have no information other than what’s absolutely necessary to connect to the database. When correctly designed, the repository can be entirely stateless, allowing you to share one instance across the whole application. Context aware repositories are a bit more complex. They cannot be constructed until you know the context, which at the very least includes the currently active user’s id or key. For some applications, this is enough.

Everything we know about the great Indian debit card hacking

The data breach happened in August and September, according to the Mint newspaper. But the banks apparently weren’t aware, several bankers told Mint. This is the list of all of those involved: bank customers, 19 Indian banks, the NPCI, Hitachi Payments Systems, Mastercard, Visa, RuPay. But they are all shirking responsibility for the mess. Most banks, including SBI, HDFC Bank, and ICICI Bank, have said their systems are safe. The platforms these banks use for debit cards—Mastercard, Visa, and Rupay—have also washed their hands off the crisis. Hitachi Payments Services, which managed Yes Bank’s ATMs, said that an initial review “does not suggest any breach/compromise.”

Integrating hotel systems can create hacking liabilities

Integration. It’s one of the industry’s biggest buzzwords for streamlining operations. With everything on property collecting data and providing options for interaction, wouldn’t it be nice if every device collaborated? It’s the dream of many operators to have a property that is running fully in-sync, but Shaun Murphy, communications security expert, inventor, CEO and co-founder of communications app SNDR, said the persistent threat of data breaches may be reason enough to question which devices on property are working in tandem. “During a breach, the worst-case scenario is that all your systems are integrated,” Murphy said. “From your point of sale to your soda machine, at that point you are losing not only financial information, which you have to disclose, but other confidential information as well.”

How Big Data Is Changing Recruitment Forever

Dana Landis, vice president of global talent assessment and analytics at Korn Ferry, said “When you’re talking about big data you’re talking assessing millions of people all over the world, so you need self-assessment. We’ve designed our tools to take out a lot of the problematic aspects of that – instead of being able to rate yourself high on all the good things and low on all the things that sound bad, you’re forced to make really difficult decisions based on ranking and prioritizing your skills.” Moving their assessment process to an online, self-assessment model has greatly increased the volume of candidates that Korn Ferry has been able to assess. This further increases the size of the dataset used to measure candidates’ suitability. By comparing their individual profiles against amalgamated profile data from people who have proven themselves successful in similar job roles, a more accurate picture of the skills a person will need to succeed in a particular role emerges.

Best practices for securing your data in-motion

Data in-motion has to contend with human error, network failures, insecure file sharing, malicious actions and more. In today’s economy, almost every business has data that needs to be transferred outside protected business applications and systems to enable collaboration between co-workers, users, systems, partners and more – so simply not letting data be shared is not an option. To remediate the security risk that’s inherent with sending data outside of your walls, companies must accept the reality of data insecurity in-motion and take proactive steps to prevent an expensive and embarrassing data breach. The first step is to accept that your company data, including sensitive data, is being sent insecurely via shadow IT. When IT isn’t involved with how data is being transferred, there are critical disadvantages, which often trigger other serious issues

Intel wants to make its IoT chips see, think, and act

Intel is working to help machines evolve from accurately sensing what’s going on around them to acting on those senses. For example, if a device can see defective parts going through an assembly line, it can alert someone or even stop the line. Cameras in cars could see that the driver is drowsy and set off an alarm in the car, and ones pointed in front of the vehicle could tell a pedestrian from a shadow and stop the car – if its vision was accurate enough. ... The new chips are also better at capturing and processing images. They have four vector image processing units to perform video noise reduction, improve low-light image quality, and preserve more color and detail. In a networked video recorder, an E3900 could take 1080p video streams from 15 cameras and display their feeds simultaneously at 30 frames per second on a video wall, Caviasca said.

Agile Manufacturing: Not the Oxymoron you Might Think

Industry 4.0, digital manufacturing, agile manufacturing, “digital thread”—these are all terms that describe the way we are making some things now and will make almost everything in the future. ... Digital manufacturers are organizing from an outside-in mindset that starts with the customer, and looks to deliver creatively on market opportunities, whatever they happen to be, however they will be delivered, and whoever will deliver them. Profits are seen as the consequence of providing value to customers, not the goal of the firm. Soon, when you walk into your mechanic’s shop to replace a broken fender, he will not need to order the replacement part from overseas and call you back in three weeks. He will take some measurements, step to an attached room with a 3D printer and make your new fender on the spot, revised to attach more firmly and with accent trim to update the style.

Cybersecurity staffing issues may be putting you at risk

Chances are you already have future security pros within your own ranks -- it would stand to reason that businesses have turned to internal talent to find cybersecurity experts. But, according to the data from Spiceworks, that's not necessarily the case. When asked how willing they would be to invest in IT training for 2016, 57 percent said they were "somewhat open, but it would take some convincing," while only 6 percent said they were "extremely open" and had already made investments in training. "Smart people within your own ranks have the huge advantage of already knowing the context of the enterprise to be protected. By using in-house staff, you can save on the time it takes to teach them the context of the enterprise," says Ryan Hohimer, co-founder and CTO of DarkLight Cyber.

The QA Success Story: Where Business and Technology meet

Technology is playing an ever increasing role in the business cycle – influencing buying decisions, transacting through online platforms, integrating with payment channels, collaborating with partners in co-creating and delivering products / services, and being evaluated by the customer across multiple touch points. The exceptional visibility of technology across customers, partners and stakeholders has brought greater focus onto non-functional user experience dimensions – usability, performance, security, inter-operability, and response times. The ability of technology to dis-intermediate and bring businesses closer to the customer is seeing an explosion in platforms targeting the Cloud, leveraging Social Media and Analytics and delivering services on the Mobile.

Quote for the day:

"Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets." -- Mark Berven

October 25, 2016

Calling disruptive fintech entrepreneurs

“With the value of financial technology investments climbing dramatically over the past decade, fintech has clearly become mainstream," said Maria Gotsch, president and CEO of the Partnership Fund for New York City. “Now in its seventh year, the FinTech Innovation Lab has become embedded in the entrepreneurial and financial services ecosystem in New York City, helping drive job growth and building on its rich concentration of tech talent, financial expertise and close proximity to some of the world’s largest financial institutions. "The connections made through our programme enable tech entrepreneurs to closely engage with these top financial institutions and accelerate growth.” The success of the FinTech Innovation Lab in New York has led to the founding of three other FinTech Innovation Labs around the world in London, AsiaPacific and Dublin.

Massive DDoS attack spotlights internet choke point

The big question hovering over the incident is why go after a DNS provider that supports sites popular with millennials, according to Sirota."People aren't just trying to make millennials life a little bit hard. There must be some alternative." DDoS attacks can serve as cover for other malicious actions. It is also possible that the attack was an experiment used to test a new mode of attack. "Is the intention to just try out a new way of hijacking unattended devices, like TV monitors and turn them into zombies that drive traffic? Is the intention to use the attack as a distraction so that these companies like Shopify aren't necessarily paying attention to other parts of their infrastructure? It's hard to say," Sirota said.

Ex-NSA Contractor Hoarded Two Decades' Worth Of Secrets

U.S. authorities are still reviewing the seized information, but they allege that Martin illegally held documents he had no need to see. "The case against the Defendant thus far is overwhelming," the filing said. In addition, Martin may have done little to securely store what he allegedly stole. "Many of the marked documents were lying openly in his home office or stored in the backseat and trunk of his vehicle," the filing said. Investigators didn't mention finding any direct evidence of Martin leaking the stolen materials to hackers or a foreign government. But the court filing said he easily could have transferred the information over the internet and concealed his online communications. Attorneys for Martin have rejected the allegations that he betrayed the U.S.

60% of small companies that suffer a cyber attack are out of business within six months.

The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million. Recent events have proven that nobody is safe from the threat of cybercrime – not large corporations, small businesses, startups, government agencies or even presidential candidates. Small and mid-sized businesses are hit by 62 percent of all cyber-attacks, about 4,000 per day, according to IBM. Cybercriminals target small businesses because they are an easy, soft target to penetrate.

Social Data: Revolutionising Identity Verification

Unnecessarily long and complicated ID checks, such as Knowledge Based Authentication (KBA) like “what is your mortgage value?”, or “how much did you spend on your last phone bill” often results in incorrect answers because who can remember their mortgage details, and who pays that much attention to know their exact last phone bill? These inefficient methods often mean customers, particularly in banking and telecoms, end up having to go into branch and spend a significant amount of their little ‘free time’ finding proof of address and their passport, heading into town, queueing, and finally verifying their identity. Even consumers who order online shopping to store (be it clothes, food, electronics) have to remember to bring ID when they collect it, feeling disappointed when they forget and there is no alternative but to come back another time, driving licence in hand.

Taking a Value-Chain Perspective on Innovation

After all, any technology that requires substantially new routines, new task knowledge, or new complementary resources also will require any organization that interacts with it to change its processes, human capital, or other resources, and know-how. ERP software, for instance, was notoriously difficult to implement, requiring significant “business process reengineering” and non-trivial interruption or duplication of key internal processes. When we look at how digital technologies affect business-to-business interactions, we can see a similar potential to enable or disrupt key processes. This time, however, the processes cut across organizational boundaries. My research therefore focused on how links in the value chain — particularly, customers — might impact the behavior of leading companies at the onset of technological change.

The Toil of Technology MNC Leaders Struggle More Than Most

Technology is only as effective as the confidence of the leaders using it—on this, MNCs fall short based on a wide range of indicators, shown in the graphic on the previous page. Only 60 percent of MNC leaders are highly confident leveraging technology to improve their workforce. Technology as a mechanism for providing leaders with information to aid their decision making to channel and derive value ..., with 66 percent of leaders highly confident using data to guide decisions. Technology methods used specifically for leadership development are, at best, unproven, and, at worst, squandered. Only 1 in 20 of all MNC leaders selected mobile-accessible development as one of their top-three most effective learning methods, while social networking and self-study online learning were scarcely more effective at 11 percent and 12 percent, respectively

Hackers changing tactics, techniques and procedures

“Our Q3 2016 report confirms that hackers are relentless and constantly employing new means to penetrate networks to steal confidential data,” said Rob Kraus, Director, Security Research and Strategy, NTT Security. “Organizations’ first line of defense is to determine where and how these attacks are taking place so they can deploy the most efficient and appropriate network security solutions to minimize their exposure and liabilities.” The report cites an increase in the type and sophistication of attacks during Q3 ’16 across a broad range of industries with finance being the most affected, followed by retail and manufacturing. Further, traditional hacking is being supplemented by other, more sinister attacks such as “direct cash back” models including ransomware and Business Email Compromise (BEC) attacks.

How to prepare yourself for the next DDoS attack

Admit it: Do you even bother keeping phone numbers anymore? Many modern relationships -- especially business relationships -- exist solely online: email, Facebook, WhatsApp and so on. But imagine last week's attack had been worse, rendering some or all of those tools useless. Now what? Time to go old-school: Make sure you keep an address-book entry for the important people in your life (personal and business alike), and make sure that entry includes multiple modes of contact -- including work, mobile and/or home phone numbers. Of course I'm referring to the address book on your phone, but there's nothing wrong with keeping a print version as well. It's just one more item to keep under the you-never-know umbrella. Speaking of phones, a DDoS attack might render yours inoperable -- if it relies on voice-over-IP technology.

Unum's Lynda Fleury Navigates Changing Security Environment

“Companies want to facilitate anytime anywhere access to anything from anyone through mobile technology. And with the adoption of cloud, we are extending pieces and parts of our network to areas outside of our control,” she explains. “We have shifted from the enforcers, to becoming the trusted advisors, educating business partners and IT advisers on what the technology landscape is.” Fleury, who began her career in IT security in the banking industry, came to Unum as an IT auditor in the mid-1980s. Since then, she has been credited with growing Unum’s security organization from the ground up, increasing the size profile of the team over time. Today, Unum’s IT security organization has more than 40 professionals in it.

Quote for the day:

"In the business world, the rearview mirror is always clearer than the windshield." -- Warren Buffett

October 24, 2016

Why Measure the Value of an Organization’s Information?

Notwithstanding the real difficulty of measuring the "value of information" so that it can take its deserved place on a company's balance sheet, Mancini's second difficulty is the crux of the problem. The "value" of information, like the value of the structured and unstructured data that underlies it, is dependent on how the information is used. Sometimes that usage is planned. Many times information usage is unplanned or serendipitous. Plus, data and information can be used to support decisions and actions with negative outcomes as well as positive outcomes. Even if we restrict our definition of "value" to economic value, we are still faced with the need to define what we mean by "information" and "data." The metrics associated with their use would have to be reliable and repeatable.

Where to find the world's best programmers

While Chinese and Russian coders perform well across many of the fifteen domains for which HackerRank poses challenges, it’s also worth noting that coders from specific countries excel in specific domains: Japanese coders are the best for artificial intelligence and Hong Kong produces the best Python programmers, while the best Ruby programmers are in Finland and Denmark is tops for SQL programmers. There are other surprises too. The best database programmers are from Switzerland, Ukraine produces the best security coders, Sri Lanka is the strongest for distributed systems, and France is tops for C++. Let's consider first why China and Russia produce such a wide range of skilled programmers. "One hypothesis is the way education in those countries is focused," says Heraldo Memelli, HackerRank's lead technical content manager.

Dyn DDoS attack highlights vulnerability of global internet infrastructure

An attack on the DNS directory system that resolves domain names into numerical IP addresses is a source of concern given it is a fundamental part of the internet’s inner workings. It highlighted just how vulnerable the internet really is, said Thomas Fischer, threat researcher and global security advocate at Digital Guardian. “It places more onus on the internet infrastructure providers to ensure their security is top of the field, and that they plan for large-scale disaster recovery scenarios,” said Fischer. Chase Cunningham, networks director at Cyber Operations, said: “It was an interesting point to see the bad guys are moving upstream for DDoS attacks on the DNS providers, instead of just against sites or applications.”

Cloud Security, AI, IoT Make List Of Hot Technologies For 2017

The Nucleus analysts pointed to the AI systems in the new HBO TV series,Westworld, or the older TV science fiction series, Humans, as representing what many people now think AI systems are capable of, or will be soon. "In practice, AI is far from reaching its potential," they warn. Vendors who actually offer AI will have it connected to machine learning and some form of human interface, whether audio, visual, or natural language. Google's AI system won the game of Go in March, a parallel IBM's Watson beating human contestants in Jeopardy! The win gave a glimpse of how far powerful AI systems can go. But there's "still a significant gap" between portrayals in science fiction and AI's accomplishments in practical settings on the ground.

AI can predict outcome of human rights trials, but should it?

According to the researchers, the language and topics of the cases were the most important predictors for determining the judgment. "The 'circumstances' section of the text includes information about the factual background to the case. By combining the information extracted from the abstract 'topics' that the cases cover and 'circumstances' across data for all three articles, an accuracy of 79% was achieved," the press release stated. The study, however, just looks at the official, text-based court statements—not the arguments in court. Toby Walsh, AI professor at the University of New South Wales, said he is "unimpressed." The outcomes, he said, are going to be predicted based on the summary of the judgement. Furthermore, even if the judgment were ignored, "the summary is going to be inherently biased towards the decision, focusing on evidence and law that supports the decision."

Everything you ever wanted to know about mobile payments [Infographic]

The world of mobile payments is a rapidly evolving one, with new players, new locations and technologies coming up faster and faster. Take Apple Pay for example. The tech giant’s payment service has only been around for two years, but its nascent OS payments, which was only launched last month, purchases made in-app and on websites via what it’s calling ‘OS-Pay’ (operating system pay) platforms will hit $8bn annually by 2018. With such rapid progress made, it’s always good to take a moment and take a snapshot of the industry and see how exactly these mobile payments work and who uses them. The infographic below, from Oberthur Technologies, does just that.

Rethinking Market Strategy In A Digital Economy

The convergence of market-oriented behaviors and new market rules are asking senior executives to reframe their overall market strategies. Knowing full well that reframing market strategies are tied to answering the questions of where the next area of growth will come from and what path they need to take to achieve growth. ... Affecting the development of market strategy is a multitude of market forces. Primarily driven by digital transformation. Movement from hosted environments to the cloud, the SMB market enabled by digital technologies to be on equal footing with large enterprises in their customer service capabilities, increase in mobile technology as a key touchpoint, an increase in executive decision-makers who want hands-on and daily interaction with critical applications – in essence becoming important users, and addressing omnichannel engagement.

Are your marketing pros ready to handle big data?

"As a marketer, it's harder than ever to get a complete picture of your audience. Their interactions are siloed by walled gardens, multiple devices per person or platforms strategically locking users in. Each one of those channels requires a customized strategy," says Platzer. The best thing a marketer can do to get around such challenges is to keep up on the latest trends, according to Platzer. He recommends that all marketers educate themselves on the most popular channels people are using on a daily basis to access content from. It's also vital to have a finger on the pulse of what the next best app will be -- like when Twitter came on the scene and completely changed the way people share and interact.

Flexible Data Architectures to Help Drive Business Needs

Some software vendors have identified the need to drive data architectures from the business and have built this capability directly into their tools, allowing users to map data entities together more easily, integrate processes, develop customized views and dashboards, etc. However, many such tools currently on the market are performing this technique using rather old hat methods. One such method is to utilize Entity Relationship Diagrams. ERDs depict the logical structure of one’s data as it would be used in a relational database. Therein lies part of the current problem – the world is slowing moving away from using relational databases for everything. NoSQL databases are on the rise. Graph databases have been in existence for some time. Unstructured data sources that utilize text extraction or natural language processing revolve more around terms and their usage within a domain of interest.

Testing for vulnerable IoT devices

Poor security is standard practice with IoT, but these devices are especially bad. Even if their web interface is used to change the default password, the devices have hard coded Telnet and SSH passwords that can not be changed. Part of yesterdays DDoS attack against DYN came from the Mirai botnet, composed of assorted hacked devices that were using default passwords. Unlike pretty much every other article on this subject, I am not going to quote a spokesperson from a security firm saying that things are really really bad. Instead, I have some hopefully useful advice, a way to test if devices in your home (or office or wherever) are vulnerable to software attacks similar to the Mirai malware. It's far from perfect, but it's a step in the right direction.

Quote for the day:

"Insulate yourself from those who bully, lie, or steal. Don't let their selfish values infect you." -- Chris Edmonds

October 23, 2016

Virtuous Machines -- How Analytics Will Underpin Artificial Intelligence

Ultimately, just like humans, AI will need to draw on a constantly-growing database of information. An intelligent program should read historical data, analyze it for patterns, and be able to classify what it sees. Without a database to learn from and then call upon this information to match with new data, a program cannot really “learn”. For most enterprises, practical use of AI is not yet feasible. The actual solutions on the market are not very accessible, by and large. A good example of AI for the masses is Google introducing machine learning to the G Suite, formerly known as Google for Work. By shaving seconds off delays at every level, Google is trailblazing user-friendly AI. Not everything need be as complex as IBM Watson!

An Introduction to Modern Agile

Seth Godin famously said, “People aren’t afraid of failure, they’re afraid of blame.” Blaming increases negativity and helps no one. This is why Etsy has a “blameless culture.” They understand that, rather than being the fault of a single individual or group, mistakes are usually the result of unseen problems in the environment that may have been around for some time but happened to be triggered one day by someone. Their concern is to learn blamelessly from failures and quickly improve. The same is true at Google. Once, an engineer at Google confessed, “I screwed up a line of code and it cost us a million dollars in revenue.” The code in question was part of Google’s highly profitable AdWords software. In many organizations, a mistake like that could lead to further losses, like the loss of one’s job, a loss of confidence or respect. Not at Google.

How knowing your staff will protect your business from attack

“Over the years, we’ve invested resources and money to ensure it’s hard for people to break into our systems - but the problem is that you could be hacked by someone from the inside, with valid access to some part of your system that gives you access to your digital infrastructure.” In light of the cyberattacks on actors such as Jennifer Lawrence, Creese explained how the cloud now poses a larger threat for corporations. “I now no longer have to hack 50 organisations, I hack one cloud and I get every single employee using that cloud.” Creese spoke about the struggle of not only stopping threats, but also how we identify and define an insider threat. “One of the reasons we’re not as equipped as we should be is because we’re not dealing with the people and technology in tandem,“ she continued.

Cyber security threats getting less easy to ignore

October is National Cyber Security Awareness Month — a campaign that's headed by the federal Department of Homeland Security to raise awareness on how to protect our personal information and combat fraud. But this October, the public cannot help but be hyper-aware of hackers after all the news about stolen e-mails out of the Hillary Clinton presidential campaign. We've even heard reports that hackers have targeted the voter registration systems of more than 20 states in recent months. We're likely to face phishing scams both at work and at home that try to trick us into disclosing personal information. "The e-mail can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business," warned the American Bankers Association.

Defending Against Data Breaches: What Exactly they are and What to Do

Most cyber security analysts agree that the first phase of a data breach, from a criminal element, starts with research. Hackers or cybercriminals will investigate a company or institutions’ system weaknesses. This will be done by skimming social profiles online, exploiting employees or investigating company infrastructure. Once, the weakness has been a found an attack plan is put into place. The attack will usually be a network-based attack through infrastructure or a social attack where the criminal is let in through the backdoor with a malicious email or attachment. Following the attack, the data is extracted and can be used for a variety of purposes, including: blackmail, black market information sales r propaganda against the company. Not all data breaches are created equal and vary in severity, however.

'Smart' home devices used as weapons in website attack

Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability which the malware exploits. "Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords," explained cybersecurity expert Brian Krebs, "and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users." The owner of the device would generally have no way of knowing that it had been compromised to use in an attack, he wrote. Mr Krebs is intimately familiar with this type of incident, after his website was targeted by a similar assault in September, in one of the biggest web attacks ever seen.

Are you ready for remote project management?

If your organization is considering a transition to remote PM, having employees with the right aptitude, capabilities, focus, and dedication for working in this independent fashion is critical. If individuals lack the motivation or are individuals who require a significant amount of supervision and guidance, this may not be the best move. That said, if the remote project management drivers fit with higher-level strategic objectives, it may be necessary to still proceed in that direction, and hire individuals with the capabilities to execute projects remotely. It may also be a better option to invest in training for existing high potential employees. With either of these options, or a combination of both, make sure to carefully and properly identify the strengths and career interests of existing employees.

Yahacking: The Last Straw

“The year 2016 saw a record number of stolen account credentials up for sale on the Dark Web” is something you might have read in of our previous articles. That being said, MySpace no longer holds this record (with 360 million hacked accounts in 2008). The turn for the title is now passed on to another multinational thanks to what is better known in the media as the “Yahacking” incident. In a continuous freefall since Google first surfaced, what used to be the most popular internet portal of the year 2000 is now in a very tight spot. The company in question had announced in July that it would be bought by Verizon Wireless. However, in light of recent events, the acquisition is now at risk. Care to venture a guess of who we might be talking about?

How to Successfully Install Agile/DevOps in Asia

Value-stream mapping is a lean-management method for analyzing the current state and designing a future state for the series of events that are needed to deliver a product or service. It helps to identify the problems in the process and reduce the lead time. It also it works well for addressing the people element. ... Each process step has a lead time and a process time. By drawing this map, you can easily identify the waste in the process and find opportunities for improvements and automation. I always call all stakeholders to attend a value-stream-mapping session: developers, operations, program manager, UCD, etc. You need to ask everyone who has permission to change the process to participate in this event. Japanese culture is hierarchical. Unfortunately, devs and ops don't have power, so you need to include upper management.

Information governance: Yes, it can create ROI

"Information is an asset, just like building, equipment, staff and full-time employees,” Reeves explained the worth of an IG program stems for protecing and leveraging it as such. By ensuring trusted and reliable information, healthcare organizations can enable more timely and accurate data, with faster access to it for more nimble decision-making, she said. Reeves offered advice on how to highlight IG's value – tangible and intangible – to the C-suite. Spiraling e-discovery costs, for instance, where evidence gatherers in malpractice suits must sift through electronic data, paper records, different legacy systems from acquired practices are a common problem. An enterprise-wide IG policy, alongside process improvement initiatives, could reduce both risk and cost, she said.

Quote for the day:

"Practice isn't the thing you do once you're good. It's the thing you do that makes you good." -- Malcolm Gladwell

October 22, 2016

BMW's vision for the smart city of the future includes autonomous driving and AI

BMW is currently working with the city of Berlin, Germany, on a pilot project where three streets are being transformed into a new urban environment as residents use urban transportation for mobility. The parking areas are being transformed into green spaces to improve the quality of life. BMW is also developing ideas on how to transform city parking garages into affordable living spaces, he said. To create more ideas for urban living, BMW's MINI founded earlier this year Urban-X, which is a startup initiative to focus on engineering the city as a service. Three of the entrepreneurs who were part of the first round of participants presented their ideas at the BMW event in Santa Monica: Multimer,Brooklyness, and CTY. Each participant was in the program for 3-½ months and were able to work with BMW engineers to hone their ideas.

Clueless CIO cloud confusion continues

Ignore the jargon. It means the cloud could be next door, or it might be in the next country. With a hybrid cloud, which uses both private and public cloud resources, it may be both. IT should know the specifics of what’s where. For the ordinary Joes and Janes in accounting, the resources are just in the cloud. From their seats, the cloud is just at their fingertips, the same way the internet is. Rapid elasticity and expansion are vital. In a cloud, you don’t ask for five more servers; you go out and get them. Your computing resources are dynamically assigned, released and reassigned at your request. In the best clouds, users don’t even know they’re asking for more resources. They just get on with their job, and if their work requires more resources, the cloud simply provides them.

FinTech Is Not a Niche Anymore, It’s a Powerful and Highly Disruptive Industry

There are plenty of reasons why FinTech was able to go from being a niche in the financial services industry to a massive industry with highly disruptive potential – customer-centricity, simplicity and scalability, freedom from legacy systems and more. Explaining the FinTech revolution, the Economist has also emphasized such factors as cost efficiency, the absence of the need to protect existing business and lack of regulatory burden along with above-mentioned legacy IT systems/branch networks. The scalability advantage was possible to gain due to a clever approach to risk assessment and use of smart data to profile potential clients. Smart data represents a more sophisticated approach to data collection and analysis, focusing on meaningful pieces of information for more accurate decisions.

DDoS attack Friday hits Twitter, Reddit, Spotify and others

"Because DNS is vital to every person, business and website across the entire internet for system stability and performance, online businesses commonly outsource DNS management to third-party providers who have better and more reliable infrastructures to operate on behalf of their customers," Jeremiah Grossman, chief of security strategy at SentinelOne, told SCMagazine.com on Friday. Historically, he said, this has worked to everyone's benefit. "However, what we're now seeing is that in light of the way the infrastructure works in the security landscape, they are attractive targets for large-scale DDoS attacks – because if you take out one of these DNS service providers, you can disrupt a large number of popular online services, which is exactly what we're seeing today."

Is the AI apocalypse a tired Hollywood trope, or human destiny?

Computers think really fast. In the best-case scenario, we’ll have enough time between an AI acquiring the ability to think as well as us and its rise to super-intelligent status that we can adjust and respond. On the other hand, as Bostrom points out, when you’re dealing with a machine that can think — and therefore develop — at an almost unimaginable speed, by the time we realize what’s going on, it will already be far too late to stop it. Some readers may remember the 1970s sci-fi horror flick Demon Seed, in which an AI not only predicts that it will be shut down by its fearful creator, but employs murder and rape to ensure its survival. “If and when a takeoff occurs,” Bostrom writes, “it will likely be explosive.” Stephen Hawking has echoed this sentiment: “Once humans design artificial intelligence,” he says

How enterprise software development is changing

Technology such as Docker, to enable developers to create code that can run in their own containers, along with the ability to have short feedback loops, helps businesses to adapt more quickly. Such technology and techniques form the basis of the cultural shift that companies of all sizes need to make to enable their developer teams to become more adept at delivering software quickly, says Davis. “Culture is very easy to instil when there is a small group of people,” he says. “Hiring is key.” Davis recommends that IT leaders plan in advance, and hire people appropriate to the direction the IT strategy is taking. Russ Miles, lead engineer at Atomist, believes IT leaders can learn much from the way webscale organisations approach software development. “Organisations of any size have to compete,” he says.

Using Analytics as a Force in Business

With anticipatory analytics, predicting the future is no longer science fiction! Anticipatory analytics build on predictive analytics which tells us to analyze many attributes over many years to make the best and most informed business decisions possible. Dave made a clear distinction between companies that use anticipatory analytics versus those that rely solely on historical data. His take is that using anticipatory data can be a critical differentiator between being an innovator on the cutting edge of meeting customer demand and being completely disrupted. Consuming data in real-time and leveraging it to build a model is what companies that are innovating and disrupting are doing. Companies that rely solely on historical data are most often the ones that fail, even after rising to greatness because their competitors are more effective at using data.

Why you should devote as much time to dark data as big data

"If companies can learn how to harness this data, it can yield new insights," said Mads C. Brink Hansen, product manager at TARGIT, a business intelligence and analytics solution provider. "In one case, a company wanted to assess the efficiency of its field-based salesforce. By looking at the travel expense reports submitted by its salespersons, it was able to determine the number of meetings that each salesperson had while in the field each day and then measure this against what should normally be expected in the way of meetings. This was one way in which an HR-based reporting function (travel and expense reports) was repurposed to provide insights into how many meetings per day an in-field salesperson was likely to have, and who was hitting those targets."

CERT-In had instructed banks on October 7 to stay alert in wake of surgical strikes

CERT-In and the National Critical Information Infrastructure Protection Centre sent an email to banks regarding the rise in ATM frauds following ET’s report. "On October 20, 2016, CERT-In has sent mails to State Bank of India, Axis Bank and HDFC Bank to report an incident to CERT-In as seen in media report stating that 3.2 million debit cards have been used in ATMs that are suspected to have been exposed to malware at the back end. The incident has so far not been reported to CERT-In," said the official cited above. Not reporting the matter is in breach of the rules, said another official. "There is an RBI framework… the Information Technology Act mandates that these incidents have to be reported so of course there is a lapse on the part of the banks," he said.

Clour Services Lift IT Outsourcing Market Higher Than Expected

In the Asia-Pacific region, as-a-service contract value has surpassed that of traditional IT services deals. That’s due, in part, to the fact that cloud solutions are particularly well-suited to more volatile markets and midsize enterprises, according to Keppel. The rest of the world has yet to reach that inflection point. “There is a notable uptake in interest in the U.K. in particular,” Keppel says. “The Americas are close but we’re not ready to say that as-a-service will consistently outpace traditional sourcing in [there].” Keppel is quick to point out that the cloud-traditional services story is one of growth rather than cannibalization, noting that the overall market was in the healthy range and has been more than 60 percent of the time in recent years.

Quote for the day:

"If there's a book that you want to read, but it hasn't been written yet, then you must write it." -- Toni Morrison

October 20, 2016

AI: the greatest threat in human history?

Stephen Hawking has warned that artificial intelligence (AI) could be the greatest disaster in human history, unless humans learn to mitigate the risks posed. Of these looming threats, Hawking suggested the rise of AI could lead to the creation devastating autonomous weapons and new oppressive methods of controlling the masses. Perhaps the most distressing point from Hawking’s speech was his notion that machines could develop a will of their own. To this, a Terminator-like scenario is not inconceivable. Humans make autonomous weapons for the next stage of combat, a global autonomous arms race beings, the machines learn to think, humans get wiped out. This may sound exaggerated, but it does mimic to some extent the speech Hawking delivered, if AI’s advancement goes unchecked.

The Benefits of Semantic-Based Data Modeling in the Smart Data Lake Era

With semantic-based data modeling in a smart data lake, all your data can be neatly organized using business models that the user defines, based on human-readable, standardized terms that allow you to link and contextualize information regardless of where it came from. And all this smart data can then be used to automatically create data extracts, ETL, and ELT jobs for quick and efficient analysis. Because the data model has been created with a semantic approach, that model can be queried endlessly. Analysts can ask the model where data came from, what it means, and what conservation happened to that data. Bringing the data together from various sources, combining it together in a database using a customized domain model, and then conducting analytics on that combined data set creates a huge benefit and freedom to analysts, and to the organization.

Organizational Culture of Fear and Innovation Assassination

There are innovation-obliterating assassins lurking in all parts of your organization. Frighteningly, the biggestinnovation assassins are often wearing a disguise. So many high-level executives will earnestly (and with a straight face) wax poetically about how important it is to change the organizational culture, catalyze innovative thinking throughout all ranks of the company, and dismantle the power and comfort of the status quo. ... So why the discrepancy between what such executives say and what they actually do? They typically aren’t “lying” for the sake of deceit or other callous intentions; but instead, their self-contradictory statements and behaviors are usually due to fear. As stated in Robert’s Rules of Innovation II, “Sometimes, it is pure fear. Fear of failure. Fear of the unknown. Fear of criticism. Fear of change. Fear of being terminated.”

Survey On Consumer Attitudes Toward Fintech Spells Trouble For Banks

As for a takeaway for banks, Blumberg says, “Banks need to adapt, adopt or hasta la vista, baby. Banks cannot continue to do what has made them successful for the last 50 or 100 years. We are at a fundamental changing point because of big data, cloud infrastructure, mobile telephony, social media, artificial intelligence, machine learning, etc. That combination of new technologies have unleashed incredible power from the bottom up. Yes, some of it is used for hedge funds for sophisticated trading, but the business-to-consumer portion of our portfolio is focused on helping to level the playing field, helping Joe Lunch Pail do better in their finances. Traditionally, that’s only been available for the wealthy. Fintech makes it cheaper and easier to distribute those tools of algorithms, that advantage, to average people.”

Apple Pay at two years: Not much to celebrate (yet)

"People ask, 'What's the benefit?'" Ranta added. "For someone who's not tech savvy, they have probably tried it once and said, 'What's the big deal with this? Opening up my wallet and swiping my card wasn't a big deal to me, so why do I need to get rid of that habit? Instead of relying on some weird, wireless thing -- screw that. I have a physical card that I can put in a terminal." Not everybody feels that way. The biggest users of mobile wallets are under age 35, according to various surveys,including one in May by The Pew Charitable Trusts. Smartphone users will pay for goods over the internet or through an app without entering a store, but in-store mobile payments are not as popular. "We're still at the early-adopter stage," said Bryan Yeager, an analyst at eMarketer.

In a colocation provider, look for security, a solid SLA

There are warning signs that a colocation provider may not meet its SLA. For example, unexpected or frequent changes to the SLA can suggest that the provider is struggling to meet responsibilities. Internal company instabilities, such as acquisitions and mergers, can also indicate that an SLA will change or service a larger customer base. Use SLA monitoring tools, such as IDERA Uptime Infrastructure Monitor or Mindarray Systems' Minder. But first, talk to your colocation provider to make sure these tools can integrate with your provider's APIs or monitoring hooks. You can also test colocation services by occasionally triggering their support function to determine response time and quality.

Big data is eating the world – but it’s not eating the data scientist

The missing piece is visionary leadership. McKinsey predicts that by 2018 there will be a shortage of 140,000 to 190,000 people with analytical experience and a staggering 1.5 million shortage of managers with adequate skills to make critical big data decisions. Hiring a couple of PhDs will reap a few rewards, but without direction and support from the top, the highly paid data scientists may end up being glorified (and overpaid) analysts, who make a few SQL queries followed by the odd Tableau visualisation. Management needs to clearly define the key business questions that need to be answered and create roadmaps for the medium to long term – showing what software needs to be built or bought, and who needs to be hired along the way.

Why Poor Cyber Hygiene Invites Risk

Despite a growing awareness of the threats that target them, some organizations still aren’t practicing some of the fundamental steps of cybersecurity to ensure the level of resiliency needed to endure current threats. It is imperative for organizations to prioritize addressing the problem of aging infrastructure and systems. ... The time has come for organizations to realize that they must move away from products that are no longer supported and can’t be upgraded to meet today’s security challenges. Modern cybersecurity is about risk management - that is, eliminating and mitigating risks where possible, and knowingly accepting those that remain. Poor cyber hygiene — not patching, keeping outdated solutions in place, etc. - puts the overall resilience of an organization into jeopardy.

Stupid encryption mistakes criminals make

Writing secure code can be challenging, and implementing cryptography correctly in software is just plain hard. Even experienced developers can get tripped up. And if your goal is to swindle people quickly, not to wow them with the quality of your software, there are sure to be serious crypto mistakes in your code. ... Malware authors may provide significant lessons in how not to implement cryptography. Such was the upshot of research by Check Point’s Yaniv Balmas and Ben Herzog at the recent Virus Bulletin conference in Denver. Malware authors may be more likely to insert crypto doozies in their code than developers working on legitimate software because they may not care as much about code quality or design, said Balmas and Herzog.

Secret Service cybersecurity audit shows 'unacceptable' flaws

According to the cybersecurity audit report, the USSS has little room for error in its primary mission of "protecting the president, other dignitaries and events, and investigating financial [crimes] and cybercrimes to help preserve the integrity of the nation's economy." "USSS has much work to do to make IT a priority. This requires establishing and implementing an IT governance framework that addresses, at a minimum, the IT organizational and management deficiencies identified in this report," the report read. "It also requires that USSS leadership fully understand and address the potential for insider risks, not only from system administrators and inadequately managed IT contractors, but also from employees and business partners."

Quote for the day:

“If you don’t have a competitive advantage, don’t compete.” -- Jack Welch

October 19, 2016

Knowledge workers demand intelligent search!

In most businesses, knowledge workers are frustrated by the information search and retrieval experience, whether it is on their company intranet or in critical business applications such as a CRM system. This frustration is made worse when they have to repeat the same searches with mixed results across multiple disconnected data repositories. ... Fortunately there have been incredible advances in machine learning, natural language processing, artificial intelligence and cognitive computing. Modern day search platforms are a lot more powerful, automated, and easy to implement. Cloud big data solutions such as Hewlett Packard Enterprise Haven OnDemand don’t require any investment in servers or platform administrative staff— solutions can simply be built and implemented in hours or days, rather than weeks or months.

Digital Today, Cognitive Tomorrow

Cognitive systems are already transforming everything from the world-changing to the everyday. For example, cognitive oncology is a reality thanks to technology developed in partnership with Memorial Sloan Kettering Cancer Center in New York City that helps oncologists identify personalized, evidence-based treatment options based on massive volumes of data. This breakthrough technology is now helping scale access to knowledge at Bumrungrad International Hospital in Thailand, Manipal Hospitals in India, and more than 20 hospitals in China. Cognitive assistants are at work helping build more intimate, personalized relationships at the Brazilian bank Banco Bradesco, the insurance company GEICO, and the retailer The North Face. Dublin-based Medtronic plc, a global health care solutions company, is creating a cognitive app for people with diabetes to predict a hypoglycemic event hours in advance.

Some Hadoop vendors don't understand who their biggest competitor really is

With Forrester projecting that "100% of all large enterprises will adopt [Hadoop and related technologies such as Spark] for big data analytics within the next two years," the chances are pretty high that your enterprise is in the midst of a decision, or has already made it: Which Hadoop vendor do I pick? Though this will change over time, "currently there is no absolute winner in the market," Forrester pointed out, and it's easy to get confused trying to parse differences between the different stacks. The Hadoop vendors themselves, however, give us clues as to who they think is winning, as Ovum analyst Tony Baer highlighted. All you have to do is look at who they position themselves against in their marketing literature.

Gartner 2017 CIO Agenda: Digital Ecosystems, Interoperability, Bimodal IT

There's a significant shift underway in terms of where CIOs are opting to invest, according to the report, which was presented at the 2017 Gartner Symposium/IT Expo 2016, Oct. 16-20 in Orlando, Fla. But there's much more to it than simply following the money. Let's start with the digital ecosystem. What's that all about? According to the report, "Gartner defines digital ecosystem as an interdependent group of actors (enterprises, people, things) sharing standardized digital platforms to achieve a mutually beneficial purpose." What does that mean for the bottom line? "A digital ecosystem amplifies the reach of a company. It enables scalable connections between known partners and customers, but also provides a platform for unknown parties to connect with one another," said Andy Rowsell-Jones

Running an Open-Source and Upstream-Oriented Team in Agile Mode

The atmosphere you set up with your team will also forge the outcome of your team work. Run your team with trust, peace, and humor (remember, I'm on the team!) and awesome things will happen. Run your team with fear, pressure, and finger-pointing, and nothing good will happen. There's little chance that when a team is built, everyone will be on the same level. We were no exception. We had more and less experienced engineers. But the most experienced engineers took the time needed to invest and mentor the less experienced. That also helped to build trust and communication links between members of the team. In the long run, everyone is getting more efficient; the less experienced engineers are getting better and the more experienced can delegate a lot of stuff to their fellows.

Nothing Brings Banks Together Like A Good Hack

Banks, in other words, will start to look less like isolated fortresses and more like open-border platforms hosting numerous apps and services, like Google’s Android system. While digitization may be the future, it poses a major security migraine. “Every time there is a new app or a new channel opened, that provides criminal opportunities,” says Jamie Saunders, the director of the U.K. National Cyber Crime Unit. “Banks are taking enormous care to design security into their apps, but as the technology evolves, the criminal will evolve, too, and vulnerabilities will open up.” By then, Oerting plans to be drawing strength from his networking push and the next generation of cyberdefenses. He helps select and mentor promising startups in the accelerators that Barclays runs in Tel Aviv, London, and other cities.

Can the Data Centre be Defended from a Data Breach?

Why are the odds of being able to protect a data centre so poor? There are a number of important factors. First of all, the reality is that a motivated attacker will be able to get into any given network. There are far too many ways for an attacker to get in, particularly by way of compromising a user’s computer or account. Getting in is a certainty, and this is a hard notion for security professionals to accept. Gartner and most crime-fighting organisations around the world agree on this point: attackers will get in. Most of the attempts of breaking into a network can be successfully defended—perhaps upwards of 95 or even 99 percent—but that leaves open the possibility that a dedicated attacker will find a way in through the balance. Attackers can have a nearly unlimited number of attempts of breaking in.

Hack-proofing ID and access management

With a gap in communication between HR and the IT department, many of these user accounts remain open. While it may not seem like a major problem, these single accounts can begin to add up with hundreds or thousands of dormant accounts within an organization — creating a serious vulnerability. The biggest problem is these past users can still gain entry into the system or a criminal can use these dormant, unsecured accounts to gain the same amount of access as the previous account holder. According to a recent Clearwater Compliance analysis on risk ratings, user control review and user permission review controls are only partially in place or missing about 71 percent of the time — despite urging from the U.S. Department of Health and Human Service Office of Civil rights for organizations to make it a priority.

Digital Risk Monitoring, Q3 2016

Digital channels are now ground zero for cyber, brand, and even physical attacks. Cybercriminals use a variety of tactics to weaponize social media, impersonate or embed malware into mobile apps, deface websites, collude in dark channels, and cause financial, reputational, or physical harm. Digital risk monitoring tools combat these methods by deploying a variety of data-gathering and advanced risk analysis techniques. They aggregate data via open-source intelligence (OSINT), technical intelligence (TECHINT), human intelligence (HUMINT), and even covert human intelligence (CHIS). Then they analyze the collected data with data classifiers, machine learning, and risk scoring algorithms to determine the most likely and most threatening risk events in a quick and efficient manner.

Hackers Create More IoT Botnets With Mirai Source Code

Hackers have been taking advantage of the Mirai malware's source code, following its role in launching a massive DDOS (distributed denial-of-service) attack that took down the website of cybersecurity reporter Brian Krebs. Unlike other botnets that rely on PCs, however, Mirai works by infecting internet-connected devices such as cameras and DVRs that come with weak default usernames and passwords. Since Mirai's source code was released, hackers have been developing new variants of the malware, according to Level 3. It has identified four additional command-and-control servers associated with Mirai activity coming online this month. About half of the infected bots Level 3 has observed resided in either the U.S. or Brazil. More than 80 percent of them were DVR devices.

Quote for the day:

"Be honest - Without objectivity and honesty, the project team is set up for failure, even if developing iteratively." -- @JamesSaliba

Tech Bytes - Daily Digest: October 27, 2016

Tech Bytes - Daily Digest: October 26, 2016

Tech Bytes - Daily Digest: October 25, 2016

Tech Bytes - Daily Digest: October 24, 2016

Tech Bytes - Daily Digest: October 23, 2016

Tech Bytes - Daily Digest: October 22, 2016

Tech Bytes - Daily Digest: October 20, 2016

Tech Bytes - Daily Digest: October 19, 2016