October 12, 2016

Shielding your company from cyber enforcement

In order to protect themselves, organizations need to develop cyber frameworks and internal security environments that are living, breathing and constantly evolving, both to adequately protect against outside threats and in order to meet the increasing demands of regulators. They must also ensure their cyber insurance policies provide sufficient coverage for regulatory proceedings and associated penalties. When controls fail and security incidents occur, it goes without saying that investigations and fines are close behind. A review of the FTC’s cyber enforcement actions, demonstrate that regulatory enforcement is not limited solely to Fortune 500 companies – there are many “smaller” companies included on that list.


How Learning and Development Are Becoming More Agile

Organizations depend more on freelancers because they are more available and accessible as a result of platforms like Toptal, and because they lack the in-place talent needed to complete critical projects. As a senior tech leader at Wal-Mart put it, “It often just takes too long to recruit, hire and on-board full-time staff.” These agile talents are matched to projects typically for 3 to 6 months. In past, these individuals were often kept at arm’s length, and treated as marginal to the “real” team. That’s changing – slowly, but clearly. For example, Qualcomm includes its agile talent when the team is in training. So does ScanDisk and Shire. This is an important shift for both the organization and for the agile talents themselves.


How artificial intelligence is changing online retail forever

An online shopper, who often knows what they are looking for, is faced with the task of coming up with the right search terms, or scrolling through many pages of inventory to find it. Attempts at augmenting the keyword search experience with natural language have not made a major difference yet, partly because of the fact that shopping, for most users, is a very visual experience. Deep learning can be of help here, too! Auto-encoding features of images in an inventory based on similarities and differences brings about a rich model of what is available in the inventory, and the model is surprisingly close to how we as humans perceive shoppable items. The model alone, of course, is not enough: We need a way to understand a shopper’s preferences as they interact with the inventory.


Upskilling staff through disruptive times

The only constant is change, and one of the major untold challenges for enterprises across the globe is the underlying need to ramp up the capabilities of staff so they can operate in a whole new way. It is critical to not only embrace new people, ideas and methodologies, but also to tap into the wisdom and culture of the more experienced workforce to create an effectively trained organization. In an era where reinvention and some form of technology refresh seemingly happens every year, companies that offer pathways to help their employees build skillsets to to meet the needs of tomorrow will find themselves ahead. Perhaps the most prominent example of this in recent times is AT&T. Its competitors were once other phone companies. Now? It also competes in the cloud and internet space against other carriers as well as the web-scale giants.


Best Practices for Loosely Coupled Classes

One best practice (which I've discussed elsewhere) is to follow the Interface Segregation principle: Organize the members of the "other class" into a series of interfaces that contain all -- and only -- the members that particular clients need. This ensures that a client only needs to be changed if a member in the interface it uses changes (and, ideally, that change is forced by the client changing its requirements -- see the same article for a discussion of the Dependency Inversion principle). Following these principles gives you some flexibility in how the other class can be enhanced without impacting every client that uses it. When you follow the Interface Segregation principle, code in the client only refers to the other object using an interface. It's the difference between the client having this code:


4 strategies for curtailing insider fraud

“Oftentimes a perpetrator is not necessarily someone you might expect,” Ostwalt said. “It is four times more likely to be someone well-respected than someone who has a lower reputation, and generally it’s someone who is characterised as working well with others.” One key to preventing fraud is to understand why employees steal from their companies in the first place. The KPMG study found that 66% commit fraud for personal gain or greed. Another 27% stole from their employer because the systems in place enabled access. ... “Most are going after something that will enrich them or put them in a position to meet objectives inside or outside the organisation,” Ostwalt said. “Lots of times it’s just because they can – because they have access to the systems because the control was not tight enough.”


How tech vendors can boost IT's business acumen

If you are like most CIOs, you have an IT organization that is good at many things, but when it comes to understanding how its own work in IT drives business value, the team has room for improvement. That was the situation that Guy Brassard faced when he joined Southwire, a $4.8 billion electrical-wire, cable and cord manufacturer. The company's management team set a strategy for growth and operational excellence, which put increased pressure on IT. Several acquisitions and transformational activities later, Brassard saw that his IT team had many of the skills necessary to support the company's growth strategy, but not the business acumen and knowledge required to step into newly created global business-facing positions.


Will Facebook Workplace help or sideline workers?

"Companies don't want to have their workers get lost in social networks on work time, and their fear is that this is the first step in that direction. There could be a need for this if Facebook can thread the needle correctly." Judith Hurwitz, an analyst with Hurwitz & Associates, agreed that making deep inroads into the enterprise won't be easy for Facebook. "Very sophisticated security is mandatory," she said. "I am not sure that [Facebook] has put an emphasis on this. Obviously, the pricing model is established to get a massive amount of signups, but the question is, what is next? How do you manage users? How do you prevent a former employee from remaining on the network? How do you make sure that information on this environment meets regulatory requirements? There are a lot of questions."


There's no easy way to do IoT management

The mobile industry coalesced to two operating systems: iOS and Android. Both use APIs that have high overlap, so management vendors can now let IT manage all these devices from a single panel of glass using a consistent set of controls. The variability and exceptions are thus now quite manageable -- even if you add Windows 10 and MacOS computers to the equation (they use similar APIs). We won't see that level of consolidation in the IoT world. Even if every type of device ended up being dominated by one or two providers, the huge diversity of devices would still mean hundreds of providers. The chances of them agreeing to a common set of APIs is close to zero.


Bank of the future – How AI, big data and fintechs could save the big banks

“So if you’re a very large bank and starting from scratch it’s not something that is entirely straight forward and the view has always been do I really need to do it. There’s hasn’t been much of a burning platform until recently.” That has changed, there is a burning platform and the sharks are circling underneath. Banks have to change and if they want to see things like a 45% increase in profitability then they will need to look at technology. This is where the idea of the cognitive bank comes in. IBM is one of the companies pushing this notion of a bank’s systems and processes being more intelligent, mainly with the help of Watson.



Quote for the day:


"When human judgment and big data intersect there are some funny things that happen." -- Nate Silver


October 11, 2016

Russian group that hacked DNC also nearly destroyed French TV channel, report says

The attackers defaced the TV5Monde website and placed an image of a disguised jihadist with a black-and-white checked keffiyah and the words “Cyber Caliphate,” a group set up by the Islamic State. “We saw this as the first foray into an active false flag operation,” Galante said, using the espionage term for one side in a conflict disguising itself as a different party. “This was not long after the Charlie Hebdo shooting in Paris, and it served as a laboratory.” Galante, who previously held posts in the State and Defense departments, said Russian President Vladimir Putin sought to regain glory for a powerful Russia and that the state-backed hacking teams sought to cause political damage and rifts between Western countries that might stymie Russian interests.


Blockchain publications that should be on your reading list - How many can you check?

Agreed that it is a powerful technology which has potential to change the end-to-end business processes, networks and trust models. Beyond that, blockchain could potentially be viewed as a design thinking paradigm because it compels one to un-learn the way things have always been done and embrace new ways in which collaboration with trust is the new normal. Blockchain is also a catalyst to re-imagine, re-define and re-create experiences for the end user as it enables peer-to-peer exchange of assets of value in a reliable, cost-effective and pragmatic manner. It is interesting to note that blockchain has applications across all industries and is at the interplay of business, process, technology and people, so it can potentially transform the current normal in more than one way.

Read more here: http://www.mcclatchydc.com/news/nation-world/national/national-security/article107321047.html#storylink=cpy

National cybersecurity strategy aims to make Smart Nation safe: PM Lee

The first pillar is meant to step up protection of the Republic’s essential services in key sectors such as emergency services, e-Government, banking and finance, utilities, transport and healthcare, according to the Cyber Security Agency of Singapore (CSA). To do so, it is looking to expand the National Cyber Incident Response Team and National Cyber Security Centre. It is also looking to equip IT security professionals by mounting multi-sector exercises to test cooperation and where the scope of responsibilities overlap. Last May, CSA held its first cybersecurity table-top exercise, CyberArk IV, for the finance and banking sector, which was witnessed by the Minister-in-Charge of Cyber Security Yaacob Ibrahim.  Additionally, there are plans to strengthen the country’s existing cybersecurity governance and legislative framework.


The two CAs will be separated and their CEO will be replaced

The company said that the decision to backdate certificates was taken to help desperate customers in China who could no longer obtain SHA-1 certificates and were having trouble supporting the millions of computers in the country that still use Windows XP with Service Pack 2. Chinese Internet security company Qihoo 360, which owns a majority stake in WoSign and implicitly in StartCom, has stepped in and decided to separate the two CAs. "360’s Corporate Development team has been notified to execute the process to legally separate Wosign and Startcom and to begin executing personnel reassignments," the company said. "StartCom’s chairman will be Xiaosheng Tan (Chief Security Officer of Qihoo 360). StartCom’s CEO will be Inigo Barreira (formerly GM of StartCom Europe). Richard Wang will be relieved of his duties as CEO of WoSign."


Shellshock Anniversary: Major Security Flaw Still Going Strong

Right at the onset, we observed a significant increase in focused attacks leveraging these vulnerabilities — over 2,000 security events within 24 hours of the Shellshock bug disclosure. To get an idea of the magnitude of this activity, there were just over 7,500 Shellshock security events for the entire month of August 2016, according to IBM MSS data. When a zero-day vulnerability surfaces, especially a high-profile one that can affect many systems, the corresponding exploit is usually disclosed promptly. With Shellshock, an exploit targeting the first vulnerability was publicly disclosed a mere 28 hours after the zero-day vulnerability emerged. As news of this vulnerability and its ease of exploitation spread, the number of attackers opting to leverage and exploit it increased tremendously.


The Impact of Smart Machines on the Workforce

Smart machines that are connected to IoT infrastructure are becoming more common in every industry. Whether we look at automated checkouts at supermarkets, self-serve check-in machines at airports and train stations, or even ATM machines, we are seeing examples of how smart machines have, at least in some part, taken over functions previously performed by human workers. Does this mean that people would naturally be accepting of an automated, machine driven future? It’s possible, but not necessarily the case. Gartner Research surveyed influential CEO’s in 2013, asking whether they considered that machines would be capable of taking over millions of jobs within the next 15 years. Surprisingly, 60% of these CEO’s said no, and referred to the situation as a ‘futurist fantasy’.


Considerations for Successful SDN Deployments

Starting with an immediate problem and looking for an SDN solution to fix it is very tempting for the resource-starved enterprise. It’s no surprise that in many organizations, SDN starts with a proof-of-concept or testing of some point solutions. For example, in a data center, microsegmentation offers a solution to the security issue of east-west traffic, which is a problem for most enterprises.Revamping an aging and old hybrid WAN infrastructure provides a compelling business use case as well. Obviously, it’s expected that businesses will address such immediate issues, and there is nothing wrong with considering SDN-based solutions. The problem is when such point SDN solutions are considered without the context of a broader IT or network strategy.


The Middle East is Waking Up to Possibilities of Fintech Market

A consensus is emerging among financial institutions and governments that nurturing fintech startups is beneficial for the region. In particular, the UAE is already showing signs of supporting fintech industry, as well as several early success stories. Abu Dhabi aims to be the Middle East’s fintech hotspot. Recently, Abu Dhabi’s Financial Services Regulatory Authority has proposed building a framework that will enable fintech startups to conduct their activities in a cost-effective and controlled environment. To encourage fintech growth, the Middle East and North Africa (MENAset up a Regulatory Laboratory(RegLab). The aim of RegLab is to cater for the unique requirements and risks of fintech companies. There are various fintech companies that have emerged in the Middle East.


Robo-advisory in banking: do you trust a robot’s financial advice?

As part of its long awaited Retail Distribution Review (RDR), the FCA approved the use of robo-advice as an alternative to costly face-to-face advisors, which help to reduce costs for investors. The desire to increase the availability of robo-advisors is part of a policy to expand the financial advice market. The view of the FCA is that the market currently delivers high-quality solutions for those investors that can afford full advice. However, not every potential investor requires or wants a personal recommendation for every decision – in this context, robo-advisors have an important role to play. Robo-advisors should be viewed as a service that compliments traditional wealth management advice rather than one that seeks to replace it – they each address different client needs and goals.


Internal Tech Conferences - How and Why

Internal tech conferences can help people to build relationships and discover more about things that are going on in a friendly environment and non-threatening context, so that they have the confidence to wholly participate and know that others will be able to get in step with them to help make new ideas happen. ... There is no ‘right way’ to run an internal tech conference - it depends on what your team, department or organisation needs. An important thing to consider early on is the audience: who should we invite? Who would benefit most from the conference? The answers to those questions should help to frame your conference planning: as the attendee list grows the focal point of discussions stretch to fit the audience, whereas a compact group allows the focus and aims of the conference to remain tight and on track.



Quote for the day:


"The greatest thing is, at any moment, to be willing to give up who we are in order to become all that we can be." -- Max de Pree


October 10, 2016

Software Fail Watch 2016, Quarter Three

Ultimately it doesn’t matter if you are a restaurant, a legal firm, a plastic manufacturer, or an investment bank: your software is your brand. As such, every unexpected error message, forced restart, or failed update is a ding against your brand’s shiny reputation. We’ve said it before and we’ll say it again: software may come and go, but software testing is here to stay. ... As per usual, the first place for most-software-bugs in Quarter 3 goes to the Government sector, with 41 stories. Transportation comes in second with 20 incidents, another not-so-surprising figure given how travel related bugs always seem to emerge just in time for vacation. The surprise this quarter has been the uptick in finance related software fails. In our experience, software fails in the finance industry are hard to come by. It is not that the industry does not have software fails – rather, they simply seem to be reported less.


Payments & Marijuana: Different Ways The Blockchain Is Being Used Today

Everyone from Brazilian software developers waiting for payrolls that never arrive to legal marijuana dispensaries in Colorado, blockchain solutions are in use today. When you think about international payments, you might think about guest workers sending a remittance home to a family member in Mexico, or payroll for call center employees in the Philippines, or perhaps a large invoice payment to a manufacturer in China. Those are all interesting scenarios, but Brazil turns out to be one that had some surprising obstacles. Paying developers there can cost 4% to 8% of the total pay, take up to fifteen days, and it isn’t unheard of for wire payments to simply vanish. How did a blockchain change this?


The smart credit card designed for preventing fraud

However, having the security code in digitised form establishes a potential problem that needs to be answered: can the card itself be hacked? If it now has a digital display, can this be compromised externally? David Emm, principal security researcher at Kaspersky told Information Age that this is “possible, of course. But the attackers would have to gain access to the providers’ systems and steal the algorithm used to generate the one-time generated codes. This happened to RSA in 2011. However, this was almost certainly not done to commit fraud against consumers.” He went on to suggest that this technology will only “add security for cases where the card *details* have been stolen. It will not help where the card itself has been stolen.” However, Emm did also mention that MotionCode will reduce the ‘window of opportunity’ available to a criminal to use a stolen card number.


Even the US military is looking at blockchain technology—to secure nuclear weapons

The case for using a blockchain boils down to a concept in computer security known as “information integrity.” That’s basically being able to track when a system or piece of data has been viewed or modified. DARPA’s program manager behind the blockchain effort, Timothy Booher, offers this analogy: Instead of trying to make the walls of a castle as tall as possible to prevent an intruder from getting in, it’s more important to know if anyone has been inside the castle, and what they’re doing there. A blockchain is a decentralized, immutable ledger. Blockchains can permanently log modifications to a network or database, preventing intruders from covering their tracks. In DARPA’s case, blockchain tech could offer crucial intelligence on whether a hacker has modified something in a database, or whether they’re surveilling a particular military system.


How to keep IT security together in a company that's gone bankrupt

The supply chain upon which modern multinational commerce depends was thrown into chaos earlier this year when South Korea's Hanjin Shipping filed for bankruptcy. Dozens of container ships with hundreds of crew and thousands of pounds of cargo onboard were essentially stranded at sea, as ports barred the ships' entry for fear that they wouldn't be able to pay for docking services. If you're working for a company that's filed for bankruptcy, the consequences probably won't be as dramatic—you'll be able to stay on dry land, for one thing. But you're definitely going to encounter choppy waters when it comes to maintaining tech security. We talked to IT pros who have been through it to find out the best ways to cope.


Five top tips for making agile development work for you

"We use many of the principles associated to agile, such as visualising, stand-ups, and co-location, in how we run the business day-to-day," says Harding. "There are people in the call centre, for example, using daily stand-ups to analyse their metrics and customer satisfaction scores." The aim, he says, is to create a flexible, fluid environment that allows people across the organisation to work to the best of their abilities. Here, Harding provides five best-practice tips for business leaders looking to make the most of an iterative way of working. ... "Waterfall tends to lead to an environment in which everyone goes away, works on their document individually, and then passes it around. Agile really suits people that like to think on their feet and solve problems in a collaborative way," he says.


Singapore: a nation united on its digital future

The restructure reflects the blurring of lines between IT and media. The Singaporean government hopes the organisation will help businesses, workers and the local community ride the current global transformation wave, where digital technology is being adopted by consumers, governments and businesses. In a separate but intrinsic announcement, the Singapore government has announced GovTech, a new department focusing on government IT that will attempt to transform the delivery of public services by creating citizen-friendly digital government services and managing the government’s IT infrastructure. Both this and the IMDA support Singapore’s ambitions to become a smart nation.


Principles for strengthening our data infrastructure

Data infrastructure connects together different parts of our society and economy. Weather data is being used by everyone from farmers to the transport industry to individual citizens. Mapping data is created and shared by the public sector and then built on by diverse organisations, from Google to construction companies to the home insurance industry. People buying a home might use a service that combines data on house prices, schools, transport times and insurance premiums. Data is infrastructure for our cities, nations and globally across each and every sector. ... Data infrastructure should be as easy to use as our road networks. The time and effort that goes into fixing data infrastructure when the equivalents of potholes, toll booths and missing intersections are discovered would be better spent building services that improve our lives.


Smartwatches banned from UK Cabinet as EC plans IoT security standards

The move by the UK government coincides with heightened concerns about cyber espionage, with US officials claiming that a Russian cyber espionage campaign started more than a year ago has targeted Republicans and Democrats whose work is strategically important to the Russian government, reports NBC News. On 7 October 2016, the Obama administration finally blamed Russia publicly for cyber espionage against the Democratic National Committee, but US officials said the campaign targeted both parties by accessing private email accounts. The Russian government has denied any involvement. ... The UK government is not alone in being concerned about the security risks of IoT devices. The EC is reportedly planning to introduce laws that will require device makers to meet tough security standards and undergo a certification process to guarantee privacy.


A Quick Primer on Isolation Levels and Dirty Reads

A phantom read can occur when you perform a query using a where clause such as “WHERE Status = 1”. Those rows will be locked, but nothing prevents a new row matching the criteria from being added. The term "phantom" applies to the rows that appear the second time the query is executed. To be absolutely certain that two reads in the same transaction return the same data, you can use the Serializableisolation level. This uses “range-locks”, which prevent new rows from being added if they match a WHERE clause in an open transaction. Generally speaking, the higher your isolation level the worse your performance is due to lock contention. So to improve read performance, some databases also support Read Uncommitted. This isolation level ignores locks (and is in fact called NOLOCK in SQL Server). As a result, it can perform dirty reads.



Quote for the day:


"The primary cause of unhappiness is never the situation but your thoughts about it." -- Eckhart Tolle


October 09, 2016

IBM launches industry first Cognitive-IoT ‘Collaboratory’ for clients and partners

German industrial heavyweight and one of the world’s leading automotive and industrial suppliers, has signed a multi-year strategic partnership agreement with IBM to accelerate the digital transformation of its entire operations and customer solutions using Watson’s cognitive intelligence and insight from billions of sensors. Schaeffler’s goal is to be the world’s leading manufacturer of cognitive solutions which keep the world moving. Tapping the connectivity and analytics capabilities of IBM’s cloud technologies and Watson IoT platform, Schaeffler will analyze huge amounts of data from millions of sensors and devices across its operations and provide insight to help it to be more flexible, make faster decisions and optimize the performance of equipment in the field.


Russian hacking crisis tests Obama's nerve

“What we cannot do is have a situation in which suddenly, this becomes the wild, wild West, where countries that have significant cybercapacity start engaging in unhealthy competition or conflict through these means,” Obama said. There is no evidence that Obama has taken punitive cyber action in response to several major cyber breaches in the past few years, although by its nature cyber war is often invisible to outsiders. After the government of North Korea hacked Sony’s email servers in 2014, for instance, Obama issued a stern condemnation of North Korea’s actions but took no visible action beyond adding modestly to the long list of sanctions against that rogue state.


Data Science – The MUST KNOW to become a successful Data Scientist!

Data Science / Data Analytics / Business analytics is all about analyzing the data, which is getting generated through multiple sources. Sources range from traditional databases to satellite signals to sensors in Internet of Things, and the list will go endlessly. Easier asked question is, “Where is data not getting generated?” Also the technological advancements are happening at a pace, which will leave us dumbstruck. With these advancements, comes new data, which gets generated relentlessly, for e.g., wearable devices are tracking your heart rate, sleeping pattern (data being generating even while we sleep!), calories consumed, etc. Analyzing such wide variety of data, which is getting generated at a rapid continuous pace, requires extraordinary reasoning and skills.


Digital IDs will revolutionize your health and banking

Having a digital ID would put the power back in your hands, where it belongs. With a digital ID, you control your own personal information, and you decide who to share it with. You retain control over your identity and your health, financial, demographic and other personal data. All this sounds great — and even better, it’s becoming possible. Earlier this week, I attended the Distributed: Health conference, focusing on blockchain technology’s impact on the health industry. When you create a digital ID with blockchain, you get a private key and a public key that you use to securely exchange money or data. Your digital ID can even indicate that certain information about you can be disclosed if you are incapacitated. Blockchain is really just a sequential, irrefutable ledger of encrypted digital events that is shared between parties.


Data management for cybersecurity: Know the essentials

If your cybersecurity program focuses primarily on keeping intruders out of your networks, that needs to change. The answer isn’t to build higher walls and tighter controls around our information infrastructures. The answer is to have threat deterrence that works even against determined, targeted threats. You have to have visibility into network activities and the ability to rapidly detect and trace attacks. That requires strong data management in cybersecurity. Security teams generally haven’t needed to have a deep data science background, so they tend to underestimate the importance of data management in security analytics. As with any function or application, weak data leads to weak results. In cybersecurity, that means too many false positives for overburdened security analysts, higher risk of successful breaches, and greater losses from each breach.


How blockchain can change the music industry

In the music industry, the blockchain could transform publishing, monetization and the relationship of artists with their communities of fans. First, music can be published on the ledger with a unique ID and time stamp in a way that is effectively unalterable. This can solve the historic problem of digital content being downloaded, copied and modified at the leisure of users. Each record can store metadata containing ownership and rights information in a transparent and immutable way for everyone to see and verify. This will ensure that the correct people will get paid for the use of the content. Blockchain technology can also revolutionize the monetization of music. The infrastructure is based on smart contracts, programs that can be run on the blockchain along with the payment transactions.


The Internet of Things and security: smart business requires smarter security in IoT

There needs to be a mandate coming from the boardroom, where CSOs, CISOs, CIOs and data experts should get a place around the table (and increasingly do get one) and where the money and message needs to come from, to embed security everywhere, steer away from developing new solutions with a mindset of just maximal profit (leaving investments in key security controls out), go for security by design and not just talk the talk but also walk the walk when it boils down to mitigating the risks of that key business asset, called data, which in the end, along with process automation, is what the Internet of Things is all about. This boardroom aspect is also mentioned in another article on The Register, covering an event where the IoT and security/privacy issue was tackled, again with the ‘Krebs case’ in mind.


IoT, sensors, and all things digital: can we handle it all?

The interesting question here is: How will our life-world and behavior change when sensors are present everywhere? With the omnipresence of sensors and devices that sense locations and other types of human agency, we find ourselves in an environment that is not only tracked by living beings, but also by highly interconnected technological devices. You could even one day say that walls, streets, or cars have eyes in the most literal sense possible. Sensing is not a concept only about living organisms anymore. Rather, it’s a ubiquitous property of our life-world. This will deeply change how we act and interact with each other – but more important, it will transform how we engage with objects. Our life-world is altered by the Internet of Things as objects sense and communicate among themselves. The impact of this technological development has yet to be estimated and described.


6 Growth Tips From America's Most Valuable Fintech Startup

The company in question is Social Finance -- the San Francisco fintech company commonly known as SoFi (I invested in SoFi in December 2014) -- valued at $4 billion in its latest round of fund-raising. SoFi provides student loans, mortgages, and other services to Millennials whom it believes have the brains and discipline to use those services to achieve financial success. SoFi generates fees from selling bundles of loans. More specifically, it sells loans to third-party investors via securitizations or whole loan sales. ... SoFi has expanded considerably along other dimensions as well. It now has over 600 employees with offices in San Francisco, Healdsburg, Calif, Utah, Montana, and New York. And it has made about $12 billion worth of student loans mortgages and others -- serving 175,000 members.


Financial markets face disruption from artificial intelligence

One of the risks for individual and professional investors is that those investment companies that start to build AI into their processes will start to outperform other investors, making those investors increasingly reluctant to trade. "Disruption is likely to come from an uprising of disenfranchised investors around the world who are losing to technology. As taxi drivers feel disenfranchised by Uber, fund managers and investors will feel disenfranchised by other fund managers who have access to AI," Mr Sicilia said. "They will stop trading. Why play the game when you are always going to lose? This is all uncharted territory," he said. Looking further ahead, markets face even greater disruption as intelligent computers trade against each other and, having studied the same patterns, want to buy and sell the same security at the same time, potentially causing trading to stop altogether.



Qoute for the day:


"Your success will be the degree to which you build up others who work with you. While building up others, you build up yourself." -- James Casey


October 08, 2016

How Companies Can Deal With Insider Data Theft

"Inadvertent leakage is also a big problem," said Salim Hafid, product manager for Bitglass.  Cloud-based applications and bring-your-own-device policies have only made it easier to accidentally share or publish confidential data, he said. As a result, more corporate data is getting out of company networks and into personal smartphones and file-sharing systems.  "A huge number of organizations that have cloud applications deployed have no means to identify these careless activities and no way to mitigate the threat," Hafid said. Companies like Bitglass sell services to fill those gaps. Security vs. Privacy. To solve the problem, security firms are also coming up with products that can monitor access to a company's most sensitive files. 


On-premise IT still the only way to run certain tasks

A hybrid cloud that incorporates cloud bursting will allow you to take a workload and spin it up on the private cloud, but if the workload needs more resources, it can be seamlessly moved out to the public cloud and easily work with data sources, no matter where they are – in the cloud or on-premise. Cloud bursting is therefore a great way for businesses to handle peaky demand patterns, such as e-commerce providers with big peaks in sales at Christmas, or news and sports websites with steady demand that spikes when something big happens, for example the World Cup or the Olympics. Cloud bursting can also be a useful tool for businesses that need to carry out analysis on large datasets, and for traditional applications such as month-end accounting runs where the demand is predictable but requires servers and storage to sit idle most of the time.


Beware of “spear phishing”

The scammer sends an e-mail to an employee at the company, often from a hacked or “spoofed” e-mail address or an address that closely resembles the company’s e-mail format. For example, if a company’s e-mail format is user@321company.com, a scammer might use user@321company.co, or user@321compny.com.  Spear phishing is often more profitable than a basic phishing scam. First, scammers research a company to convincingly impersonate the target’s boss or co-worker. People are more likely to be victimized because the e-mail appears to come from a trusted source. Second, spear phishers may use the information they obtain to steal the identities of every employee at a business and file thousands of fake tax returns. By filing fake tax returns or selling private information to other criminals, spear phishers can make a lot of money very quickly, even if only one person falls for the scam.


What will happen to blockchain in 2017?

For blockchain to truly function properly, its builders need to fully comprehend the entire ecosystem. A great example of this is Blythe Masters and her company Digital Asset Holdings. They’re completely changing public capital markets, not just one piece of the market, but every cog in the public capital markets machine. For that, the company needed to make sure it had the sector expertise it needed to ensure on implementation its product would work, and the company has both Nasdaq and the Australian Stock Exchange in its corner to demonstrate that. No other blockchain provider has had this level of success. In 2017, many of the blockchain companies that want to enter the business application sector will not survive beyond their concept stage.


Security concerns rising for Internet of Things devices

Indeed, when LIFX found out about the Wi-Fi credentials flaw, they patched it right away. Because there are so many small companies making IoT devices, the problem won’t go away anytime soon. Foeckl says IT departments need to start including IoT devices in their security monitoring efforts and certification and testing processes, and that they should work with their vendors to make sure these devices are patched, tracked, and protected. “Another important task is the development of privacy policies that inform users about the collected information and guide them to maintain a security good practice, advising on changing passwords, reporting unusual activity,” says Foeckl. “A well informed user represents a great premise to prevent data breaches regardless of the threat vector.”


A CTO's IT spending strategy for a fast-growing platform startup

"Every business has to maintain that delicate balance between reinforcing the old and creating the new," she said. "They need to be ambidextrous: exploiting their existing infrastructure and the capabilities which they have already built while simultaneously exploring new opportunities and innovating for the future." Morgan said he didn't lose sight of how the technology needed to support business objectives and strategic goals. His early re-engineering work, in addition to correcting problems, allowed for the addition of new functions that could drive company growth. As part of his strategy for the growth, Morgan said he moved his team away from a monolithic design toward a client front-end model, exposing APIs which led the team into building out its enterprise portal.


Password Guidance: Simplifying Your Approach

The death of the password was predicted some ten years ago. It was assumed that alternative authentication methods would be adopted to control access to IT infrastructure, data, and user material. But since then, password use has only risen. This increase in password use is mostly due to the surge of online services, including those provided by government and the wider public sector. Passwords are an easily-implemented, low-cost security measure, with obvious attractions for managers within enterprise systems. However, this proliferation of password use, and increasingly complex password requirements, places an unrealistic demand on most users. Inevitably, users will devise their own coping mechanisms to cope with ‘password overload’.


Business transformation proves to be a catalyst for cybersecurity spending

Pescatore agrees: “Increased use of SaaS and IaaS is definitely causing breakage in security approaches. It is causing a shift in spend from security software and hardware to actually more skills on the security staff side,” he says, adding that it’s common for SANs to hear such challenges from large enterprises. The reason for this, Pescatore explains, is that “SaaS means you cannot use security agents or appliances except the big SaaS services, such as Outlook365, Google at Work, Salesforce, and so on. They have security features and APIs that can be used to extend security policies to the SaaS app -- but that takes a higher level of skill in the security staff. Similarly, in IaaS you can use software and virtual appliances,” he says.


When a Payment is More Than a Transaction

One of the most important implications of electronic payments (whether domestic or international remittances) is the opportunity for disadvantaged groups of population to plug into the global financial system. A notable example of the way electronic payments are put to benefit the developing world is the joint effort by Stellar, the Stripe-backed open-source payment network, and Oradian, a cloud-based software provider for microfinance institutions in developing countries. Those companies have developed a payment-transfer network inside Oradian – built on top of Stellar’s platform – that allows 300,000 Nigerians (90% of them women) to cheaply transfer money between microfinance institutions over the Stellar network. International remittance services by FinTech startups are another case.


Information sharing still a heavy lift

Raskin said her department, “encourages a lot of sharing of information. We would like institutions to feel that they can benefit just as much from receiving information as giving information.” She added a failure of security in the banking system would lead to a different breakdown of trust – trust from depositors that their assets are safe. “Potential exploitation has the effect of undermining trust,” she said. “Our ultimate objective should be to reinforce the public's trust in the resiliency of the financial product, service, or institution.” McCabe, interviewed by Walter Isaacson, president and CEO of Aspen, admitted there is resistance “throughout the private sector” to allowing the FBI to monitor their systems in real time, even though he said that would let the agency notify an organization much sooner in the event of an attack.



Quote for the day:


"The future belongs to those who believe in the beauty of their dreams." -- Eleanor Roosevelt