October 24, 2016

Tech Bytes - Daily Digest: October 24, 2016

Why measure the value of an organization's information, AI can predict outcome of human right trials but shoud it, Everything you ever wanted to know about mobile payments, Rethinking marketing strategy in a digital economy, Flexible data architectures to help drive business needs, Testing for vulnerable IoT devices and more.

Why Measure the Value of an Organization’s Information?

Notwithstanding the real difficulty of measuring the "value of information" so that it can take its deserved place on a company's balance sheet, Mancini's second difficulty is the crux of the problem. The "value" of information, like the value of the structured and unstructured data that underlies it, is dependent on how the information is used. Sometimes that usage is planned. Many times information usage is unplanned or serendipitous. Plus, data and information can be used to support decisions and actions with negative outcomes as well as positive outcomes. Even if we restrict our definition of "value" to economic value, we are still faced with the need to define what we mean by "information" and "data." The metrics associated with their use would have to be reliable and repeatable. 


Where to find the world's best programmers

While Chinese and Russian coders perform well across many of the fifteen domains for which HackerRank poses challenges, it’s also worth noting that coders from specific countries excel in specific domains: Japanese coders are the best for artificial intelligence and Hong Kong produces the best Python programmers, while the best Ruby programmers are in Finland and Denmark is tops for SQL programmers. There are other surprises too. The best database programmers are from Switzerland, Ukraine produces the best security coders, Sri Lanka is the strongest for distributed systems, and France is tops for C++. Let's consider first why China and Russia produce such a wide range of skilled programmers. "One hypothesis is the way education in those countries is focused," says Heraldo Memelli, HackerRank's lead technical content manager.


Dyn DDoS attack highlights vulnerability of global internet infrastructure

An attack on the DNS directory system that resolves domain names into numerical IP addresses is a source of concern given it is a fundamental part of the internet’s inner workings. It highlighted just how vulnerable the internet really is, said Thomas Fischer, threat researcher and global security advocate at Digital Guardian. “It places more onus on the internet infrastructure providers to ensure their security is top of the field, and that they plan for large-scale disaster recovery scenarios,” said Fischer. Chase Cunningham, networks director at Cyber Operations, said: “It was an interesting point to see the bad guys are moving upstream for DDoS attacks on the DNS providers, instead of just against sites or applications.”


Cloud Security, AI, IoT Make List Of Hot Technologies For 2017

The Nucleus analysts pointed to the AI systems in the new HBO TV series,Westworld, or the older TV science fiction series, Humans, as representing what many people now think AI systems are capable of, or will be soon. "In practice, AI is far from reaching its potential," they warn. Vendors who actually offer AI will have it connected to machine learning and some form of human interface, whether audio, visual, or natural language. Google's AI system won the game of Go in March, a parallel IBM's Watson beating human contestants in Jeopardy! The win gave a glimpse of how far powerful AI systems can go. But there's "still a significant gap" between portrayals in science fiction and AI's accomplishments in practical settings on the ground.


AI can predict outcome of human rights trials, but should it?

According to the researchers, the language and topics of the cases were the most important predictors for determining the judgment. "The 'circumstances' section of the text includes information about the factual background to the case. By combining the information extracted from the abstract 'topics' that the cases cover and 'circumstances' across data for all three articles, an accuracy of 79% was achieved," the press release stated. The study, however, just looks at the official, text-based court statements—not the arguments in court. Toby Walsh, AI professor at the University of New South Wales, said he is "unimpressed." The outcomes, he said, are going to be predicted based on the summary of the judgement. Furthermore, even if the judgment were ignored, "the summary is going to be inherently biased towards the decision, focusing on evidence and law that supports the decision."


Everything you ever wanted to know about mobile payments [Infographic]

The world of mobile payments is a rapidly evolving one, with new players, new locations and technologies coming up faster and faster. Take Apple Pay for example. The tech giant’s payment service has only been around for two years, but its nascent OS payments, which was only launched last month, purchases made in-app and on websites via what it’s calling ‘OS-Pay’ (operating system pay) platforms will hit $8bn annually by 2018. With such rapid progress made, it’s always good to take a moment and take a snapshot of the industry and see how exactly these mobile payments work and who uses them. The infographic below, from Oberthur Technologies, does just that.


Rethinking Market Strategy In A Digital Economy

The convergence of market-oriented behaviors and new market rules are asking senior executives to reframe their overall market strategies. Knowing full well that reframing market strategies are tied to answering the questions of where the next area of growth will come from and what path they need to take to achieve growth. ... Affecting the development of market strategy is a multitude of market forces. Primarily driven by digital transformation. Movement from hosted environments to the cloud, the SMB market enabled by digital technologies to be on equal footing with large enterprises in their customer service capabilities, increase in mobile technology as a key touchpoint, an increase in executive decision-makers who want hands-on and daily interaction with critical applications – in essence becoming important users, and addressing omnichannel engagement.


Are your marketing pros ready to handle big data?

"As a marketer, it's harder than ever to get a complete picture of your audience. Their interactions are siloed by walled gardens, multiple devices per person or platforms strategically locking users in. Each one of those channels requires a customized strategy," says Platzer. The best thing a marketer can do to get around such challenges is to keep up on the latest trends, according to Platzer. He recommends that all marketers educate themselves on the most popular channels people are using on a daily basis to access content from. It's also vital to have a finger on the pulse of what the next best app will be -- like when Twitter came on the scene and completely changed the way people share and interact.


Flexible Data Architectures to Help Drive Business Needs

Some software vendors have identified the need to drive data architectures from the business and have built this capability directly into their tools, allowing users to map data entities together more easily, integrate processes, develop customized views and dashboards, etc. However, many such tools currently on the market are performing this technique using rather old hat methods. One such method is to utilize Entity Relationship Diagrams. ERDs depict the logical structure of one’s data as it would be used in a relational database. Therein lies part of the current problem – the world is slowing moving away from using relational databases for everything. NoSQL databases are on the rise. Graph databases have been in existence for some time. Unstructured data sources that utilize text extraction or natural language processing revolve more around terms and their usage within a domain of interest.


Testing for vulnerable IoT devices

Poor security is standard practice with IoT, but these devices are especially bad. Even if their web interface is used to change the default password, the devices have hard coded Telnet and SSH passwords that can not be changed.  Part of yesterdays DDoS attack against DYN came from the Mirai botnet, composed of assorted hacked devices that were using default passwords. Unlike pretty much every other article on this subject, I am not going to quote a spokesperson from a security firm saying that things are really really bad. Instead, I have some hopefully useful advice, a way to test if devices in your home (or office or wherever) are vulnerable to software attacks similar to the Mirai malware. It's far from perfect, but it's a step in the right direction.



Quote for the day:

"Insulate yourself from those who bully, lie, or steal. Don't let their selfish values infect you." -- Chris Edmonds

October 23, 2016

Tech Bytes - Daily Digest: October 23, 2016

How analytics will underpin artificial intelligence, How knowing your staff will protect your business from attack, Cyber security threats getting less easy to ignore, Are you ready for remote project management, Information governance: Yes it can create RoI and more.

Virtuous Machines -- How Analytics Will Underpin Artificial Intelligence

Ultimately, just like humans, AI will need to draw on a constantly-growing database of information. An intelligent program should read historical data, analyze it for patterns, and be able to classify what it sees. Without a database to learn from and then call upon this information to match with new data, a program cannot really “learn”. For most enterprises, practical use of AI is not yet feasible. The actual solutions on the market are not very accessible, by and large. A good example of AI for the masses is Google introducing machine learning to the G Suite, formerly known as Google for Work. By shaving seconds off delays at every level, Google is trailblazing user-friendly AI. Not everything need be as complex as IBM Watson!


An Introduction to Modern Agile

Seth Godin famously said, “People aren’t afraid of failure, they’re afraid of blame.” Blaming increases negativity and helps no one. This is why Etsy has a “blameless culture.” They understand that, rather than being the fault of a single individual or group, mistakes are usually the result of unseen problems in the environment that may have been around for some time but happened to be triggered one day by someone. Their concern is to learn blamelessly from failures and quickly improve. The same is true at Google. Once, an engineer at Google confessed, “I screwed up a line of code and it cost us a million dollars in revenue.” The code in question was part of Google’s highly profitable AdWords software. In many organizations, a mistake like that could lead to further losses, like the loss of one’s job, a loss of confidence or respect. Not at Google.


How knowing your staff will protect your business from attack

“Over the years, we’ve invested resources and money to ensure it’s hard for people to break into our systems - but the problem is that you could be hacked by someone from the inside, with valid access to some part of your system that gives you access to your digital infrastructure.” In light of the cyberattacks on actors such as Jennifer Lawrence, Creese explained how the cloud now poses a larger threat for corporations. “I now no longer have to hack 50 organisations, I hack one cloud and I get every single employee using that cloud.” Creese spoke about the struggle of not only stopping threats, but also how we identify and define an insider threat. “One of the reasons we’re not as equipped as we should be is because we’re not dealing with the people and technology in tandem,“ she continued.


Cyber security threats getting less easy to ignore

October is National Cyber Security Awareness Month — a campaign that's headed by the federal Department of Homeland Security to raise awareness on how to protect our personal information and combat fraud. But this October, the public cannot help but be hyper-aware of hackers after all the news about stolen e-mails out of the Hillary Clinton presidential campaign. We've even heard reports that hackers have targeted the voter registration systems of more than 20 states in recent months. We're likely to face phishing scams both at work and at home that try to trick us into disclosing personal information. "The e-mail can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business," warned the American Bankers Association.


Defending Against Data Breaches: What Exactly they are and What to Do

Most cyber security analysts agree that the first phase of a data breach, from a criminal element, starts with research. Hackers or cybercriminals will investigate a company or institutions’ system weaknesses. This will be done by skimming social profiles online, exploiting employees or investigating company infrastructure. Once, the weakness has been a found an attack plan is put into place. The attack will usually be a network-based attack through infrastructure or a social attack where the criminal is let in through the backdoor with a malicious email or attachment. Following the attack, the data is extracted and can be used for a variety of purposes, including: blackmail, black market information sales r propaganda against the company. Not all data breaches are created equal and vary in severity, however.


'Smart' home devices used as weapons in website attack

Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability which the malware exploits. "Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords," explained cybersecurity expert Brian Krebs, "and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users." The owner of the device would generally have no way of knowing that it had been compromised to use in an attack, he wrote. Mr Krebs is intimately familiar with this type of incident, after his website was targeted by a similar assault in September, in one of the biggest web attacks ever seen.


Are you ready for remote project management?

If your organization is considering a transition to remote PM, having employees with the right aptitude, capabilities, focus, and dedication for working in this independent fashion is critical. If individuals lack the motivation or are individuals who require a significant amount of supervision and guidance, this may not be the best move. That said, if the remote project management drivers fit with higher-level strategic objectives, it may be necessary to still proceed in that direction, and hire individuals with the capabilities to execute projects remotely. It may also be a better option to invest in training for existing high potential employees. With either of these options, or a combination of both, make sure to carefully and properly identify the strengths and career interests of existing employees.


Yahacking: The Last Straw

“The year 2016 saw a record number of stolen account credentials up for sale on the Dark Web” is something you might have read in of our previous articles. That being said, MySpace no longer holds this record (with 360 million hacked accounts in 2008). The turn for the title is now passed on to another multinational thanks to what is better known in the media as the “Yahacking” incident. In a continuous freefall since Google first surfaced, what used to be the most popular internet portal of the year 2000 is now in a very tight spot. The company in question had announced in July that it would be bought by Verizon Wireless. However, in light of recent events, the acquisition is now at risk. Care to venture a guess of who we might be talking about?


How to Successfully Install Agile/DevOps in Asia

Value-stream mapping is a lean-management method for analyzing the current state and designing a future state for the series of events that are needed to deliver a product or service. It helps to identify the problems in the process and reduce the lead time. It also it works well for addressing the people element.  ... Each process step has a lead time and a process time. By drawing this map, you can easily identify the waste in the process and find opportunities for improvements and automation. I always call all stakeholders to attend a value-stream-mapping session: developers, operations, program manager, UCD, etc. You need to ask everyone who has permission to change the process to participate in this event. Japanese culture is hierarchical. Unfortunately, devs and ops don't have power, so you need to include upper management.


Information governance: Yes, it can create ROI

"Information is an asset, just like building, equipment, staff and full-time employees,” Reeves explained the worth of an IG program stems for protecing and leveraging it as such. By ensuring trusted and reliable information, healthcare organizations can enable more timely and accurate data, with faster access to it for more nimble decision-making, she said. Reeves offered advice on how to highlight IG's value – tangible and intangible – to the C-suite. Spiraling e-discovery costs, for instance, where evidence gatherers in malpractice suits must sift through electronic data, paper records, different legacy systems from acquired practices are a common problem. An enterprise-wide IG policy, alongside process improvement initiatives, could reduce both risk and cost, she said.



Quote for the day:


"Practice isn't the thing you do once you're good. It's the thing you do that makes you good." -- Malcolm Gladwell


October 22, 2016

Tech Bytes - Daily Digest: October 22, 2016

Clueless CIO cloud confusion continues, Fintech - a powerful & highly disruptive industry, Is the AI apocalypse a tired hollywood trope or a human destiny, How enterprise software development is changing, Using analytics as a force in business and more.

BMW's vision for the smart city of the future includes autonomous driving and AI

BMW is currently working with the city of Berlin, Germany, on a pilot project where three streets are being transformed into a new urban environment as residents use urban transportation for mobility. The parking areas are being transformed into green spaces to improve the quality of life. BMW is also developing ideas on how to transform city parking garages into affordable living spaces, he said. To create more ideas for urban living, BMW's MINI founded earlier this year Urban-X, which is a startup initiative to focus on engineering the city as a service. Three of the entrepreneurs who were part of the first round of participants presented their ideas at the BMW event in Santa Monica: Multimer,Brooklyness, and CTY. Each participant was in the program for 3-½ months and were able to work with BMW engineers to hone their ideas.


Clueless CIO cloud confusion continues

Ignore the jargon. It means the cloud could be next door, or it might be in the next country. With a hybrid cloud, which uses both private and public cloud resources, it may be both. IT should know the specifics of what’s where. For the ordinary Joes and Janes in accounting, the resources are just in the cloud. From their seats, the cloud is just at their fingertips, the same way the internet is. Rapid elasticity and expansion are vital. In a cloud, you don’t ask for five more servers; you go out and get them. Your computing resources are dynamically assigned, released and reassigned at your request. In the best clouds, users don’t even know they’re asking for more resources. They just get on with their job, and if their work requires more resources, the cloud simply provides them.


FinTech Is Not a Niche Anymore, It’s a Powerful and Highly Disruptive Industry

There are plenty of reasons why FinTech was able to go from being a niche in the financial services industry to a massive industry with highly disruptive potential – customer-centricity, simplicity and scalability, freedom from legacy systems and more. Explaining the FinTech revolution, the Economist has also emphasized such factors as cost efficiency, the absence of the need to protect existing business and lack of regulatory burden along with above-mentioned legacy IT systems/branch networks. The scalability advantage was possible to gain due to a clever approach to risk assessment and use of smart data to profile potential clients. Smart data represents a more sophisticated approach to data collection and analysis, focusing on meaningful pieces of information for more accurate decisions.


DDoS attack Friday hits Twitter, Reddit, Spotify and others

"Because DNS is vital to every person, business and website across the entire internet for system stability and performance, online businesses commonly outsource DNS management to third-party providers who have better and more reliable infrastructures to operate on behalf of their customers," Jeremiah Grossman, chief of security strategy at SentinelOne, told SCMagazine.com on Friday. Historically, he said, this has worked to everyone's benefit. "However, what we're now seeing is that in light of the way the infrastructure works in the security landscape, they are attractive targets for large-scale DDoS attacks – because if you take out one of these DNS service providers, you can disrupt a large number of popular online services, which is exactly what we're seeing today."


Is the AI apocalypse a tired Hollywood trope, or human destiny?

Computers think really fast. In the best-case scenario, we’ll have enough time between an AI acquiring the ability to think as well as us and its rise to super-intelligent status that we can adjust and respond. On the other hand, as Bostrom points out, when you’re dealing with a machine that can think — and therefore develop — at an almost unimaginable speed, by the time we realize what’s going on, it will already be far too late to stop it. Some readers may remember the 1970s sci-fi horror flick Demon Seed, in which an AI not only predicts that it will be shut down by its fearful creator, but employs murder and rape to ensure its survival. “If and when a takeoff occurs,” Bostrom writes, “it will likely be explosive.” Stephen Hawking has echoed this sentiment: “Once humans design artificial intelligence,” he says


How enterprise software development is changing

Technology such as Docker, to enable developers to create code that can run in their own containers, along with the ability to have short feedback loops, helps businesses to adapt more quickly. Such technology and techniques form the basis of the cultural shift that companies of all sizes need to make to enable their developer teams to become more adept at delivering software quickly, says Davis. “Culture is very easy to instil when there is a small group of people,” he says. “Hiring is key.” Davis recommends that IT leaders plan in advance, and hire people appropriate to the direction the IT strategy is taking. Russ Miles, lead engineer at Atomist, believes IT leaders can learn much from the way webscale organisations approach software development. “Organisations of any size have to compete,” he says.


Using Analytics as a Force in Business

With anticipatory analytics, predicting the future is no longer science fiction! Anticipatory analytics build on predictive analytics which tells us to analyze many attributes over many years to make the best and most informed business decisions possible. Dave made a clear distinction between companies that use anticipatory analytics versus those that rely solely on historical data. His take is that using anticipatory data can be a critical differentiator between being an innovator on the cutting edge of meeting customer demand and being completely disrupted. Consuming data in real-time and leveraging it to build a model is what companies that are innovating and disrupting are doing. Companies that rely solely on historical data are most often the ones that fail, even after rising to greatness because their competitors are more effective at using data.


Why you should devote as much time to dark data as big data

"If companies can learn how to harness this data, it can yield new insights," said Mads C. Brink Hansen, product manager at TARGIT, a business intelligence and analytics solution provider. "In one case, a company wanted to assess the efficiency of its field-based salesforce. By looking at the travel expense reports submitted by its salespersons, it was able to determine the number of meetings that each salesperson had while in the field each day and then measure this against what should normally be expected in the way of meetings. This was one way in which an HR-based reporting function (travel and expense reports) was repurposed to provide insights into how many meetings per day an in-field salesperson was likely to have, and who was hitting those targets."


CERT-In had instructed banks on October 7 to stay alert in wake of surgical strikes

CERT-In and the National Critical Information Infrastructure Protection Centre sent an email to banks regarding the rise in ATM frauds following ET’s report. "On October 20, 2016, CERT-In has sent mails to State Bank of India, Axis Bank and HDFC Bank to report an incident to CERT-In as seen in media report stating that 3.2 million debit cards have been used in ATMs that are suspected to have been exposed to malware at the back end. The incident has so far not been reported to CERT-In," said the official cited above. Not reporting the matter is in breach of the rules, said another official. "There is an RBI framework… the Information Technology Act mandates that these incidents have to be reported so of course there is a lapse on the part of the banks," he said.


Clour Services Lift IT Outsourcing Market Higher Than Expected

In the Asia-Pacific region, as-a-service contract value has surpassed that of traditional IT services deals. That’s due, in part, to the fact that cloud solutions are particularly well-suited to more volatile markets and midsize enterprises, according to Keppel. The rest of the world has yet to reach that inflection point. “There is a notable uptake in interest in the U.K. in particular,” Keppel says. “The Americas are close but we’re not ready to say that as-a-service will consistently outpace traditional sourcing in [there].” Keppel is quick to point out that the cloud-traditional services story is one of growth rather than cannibalization, noting that the overall market was in the healthy range and has been more than 60 percent of the time in recent years.



Quote for the day:


"If there's a book that you want to read, but it hasn't been written yet, then you must write it." -- Toni Morrison


October 20, 2016

Tech Bytes - Daily Digest: October 20, 2016

AI: The greatest threat in human history, Organizational culture of fear & innovation assassination, Big data is eating the world - but it is not eating the data scientist, Why poor cyber hygiene invites risk, Stupid encryption mistakes criminals make and more.

AI: the greatest threat in human history?

Stephen Hawking has warned that artificial intelligence (AI) could be the greatest disaster in human history, unless humans learn to mitigate the risks posed. Of these looming threats, Hawking suggested the rise of AI could lead to the creation devastating autonomous weapons and new oppressive methods of controlling the masses. Perhaps the most distressing point from Hawking’s speech was his notion that machines could develop a will of their own. To this, a Terminator-like scenario is not inconceivable. Humans make autonomous weapons for the next stage of combat, a global autonomous arms race beings, the machines learn to think, humans get wiped out. This may sound exaggerated, but it does mimic to some extent the speech Hawking delivered, if AI’s advancement goes unchecked.


The Benefits of Semantic-Based Data Modeling in the Smart Data Lake Era

With semantic-based data modeling in a smart data lake, all your data can be neatly organized using business models that the user defines, based on human-readable, standardized terms that allow you to link and contextualize information regardless of where it came from. And all this smart data can then be used to automatically create data extracts, ETL, and ELT jobs for quick and efficient analysis. Because the data model has been created with a semantic approach, that model can be queried endlessly. Analysts can ask the model where data came from, what it means, and what conservation happened to that data. Bringing the data together from various sources, combining it together in a database using a customized domain model, and then conducting analytics on that combined data set creates a huge benefit and freedom to analysts, and to the organization.


Organizational Culture of Fear and Innovation Assassination

There are innovation-obliterating assassins lurking in all parts of your organization. Frighteningly, the biggestinnovation assassins are often wearing a disguise. So many high-level executives will earnestly (and with a straight face) wax poetically about how important it is to change the organizational culture, catalyze innovative thinking throughout all ranks of the company, and dismantle the power and comfort of the status quo. ... So why the discrepancy between what such executives say and what they actually do? They typically aren’t “lying” for the sake of deceit or other callous intentions; but instead, their self-contradictory statements and behaviors are usually due to fear. As stated in Robert’s Rules of Innovation II, “Sometimes, it is pure fear. Fear of failure. Fear of the unknown. Fear of criticism. Fear of change. Fear of being terminated.”


Survey On Consumer Attitudes Toward Fintech Spells Trouble For Banks

As for a takeaway for banks, Blumberg says, “Banks need to adapt, adopt or hasta la vista, baby. Banks cannot continue to do what has made them successful for the last 50 or 100 years. We are at a fundamental changing point because of big data, cloud infrastructure, mobile telephony, social media, artificial intelligence, machine learning, etc. That combination of new technologies have unleashed incredible power from the bottom up. Yes, some of it is used for hedge funds for sophisticated trading, but the business-to-consumer portion of our portfolio is focused on helping to level the playing field, helping Joe Lunch Pail do better in their finances. Traditionally, that’s only been available for the wealthy. Fintech makes it cheaper and easier to distribute those tools of algorithms, that advantage, to average people.”


Apple Pay at two years: Not much to celebrate (yet)

"People ask, 'What's the benefit?'" Ranta added. "For someone who's not tech savvy, they have probably tried it once and said, 'What's the big deal with this? Opening up my wallet and swiping my card wasn't a big deal to me, so why do I need to get rid of that habit? Instead of relying on some weird, wireless thing -- screw that. I have a physical card that I can put in a terminal." Not everybody feels that way. The biggest users of mobile wallets are under age 35, according to various surveys,including one in May by The Pew Charitable Trusts. Smartphone users will pay for goods over the internet or through an app without entering a store, but in-store mobile payments are not as popular. "We're still at the early-adopter stage," said Bryan Yeager, an analyst at eMarketer.


In a colocation provider, look for security, a solid SLA

There are warning signs that a colocation provider may not meet its SLA. For example, unexpected or frequent changes to the SLA can suggest that the provider is struggling to meet responsibilities. Internal company instabilities, such as acquisitions and mergers, can also indicate that an SLA will change or service a larger customer base. Use SLA monitoring tools, such as IDERA Uptime Infrastructure Monitor or Mindarray Systems' Minder. But first, talk to your colocation provider to make sure these tools can integrate with your provider's APIs or monitoring hooks. You can also test colocation services by occasionally triggering their support function to determine response time and quality.


Big data is eating the world – but it’s not eating the data scientist

The missing piece is visionary leadership. McKinsey predicts that by 2018 there will be a shortage of 140,000 to 190,000 people with analytical experience and a staggering 1.5 million shortage of managers with adequate skills to make critical big data decisions. Hiring a couple of PhDs will reap a few rewards, but without direction and support from the top, the highly paid data scientists may end up being glorified (and overpaid) analysts, who make a few SQL queries followed by the odd Tableau visualisation. Management needs to clearly define the key business questions that need to be answered and create roadmaps for the medium to long term – showing what software needs to be built or bought, and who needs to be hired along the way.


Why Poor Cyber Hygiene Invites Risk

Despite a growing awareness of the threats that target them, some organizations still aren’t practicing some of the fundamental steps of cybersecurity to ensure the level of resiliency needed to endure current threats. It is imperative for organizations to prioritize addressing the problem of aging infrastructure and systems. ... The time has come for organizations to realize that they must move away from products that are no longer supported and can’t be upgraded to meet today’s security challenges. Modern cybersecurity is about risk management - that is, eliminating and mitigating risks where possible, and knowingly accepting those that remain. Poor cyber hygiene — not patching, keeping outdated solutions in place, etc. - puts the overall resilience of an organization into jeopardy.


Stupid encryption mistakes criminals make

Writing secure code can be challenging, and implementing cryptography correctly in software is just plain hard. Even experienced developers can get tripped up. And if your goal is to swindle people quickly, not to wow them with the quality of your software, there are sure to be serious crypto mistakes in your code. ... Malware authors may provide significant lessons in how not to implement cryptography. Such was the upshot of research by Check Point’s Yaniv Balmas and Ben Herzog at the recent Virus Bulletin conference in Denver. Malware authors may be more likely to insert crypto doozies in their code than developers working on legitimate software because they may not care as much about code quality or design, said Balmas and Herzog.


Secret Service cybersecurity audit shows 'unacceptable' flaws

According to the cybersecurity audit report, the USSS has little room for error in its primary mission of "protecting the president, other dignitaries and events, and investigating financial [crimes] and cybercrimes to help preserve the integrity of the nation's economy." "USSS has much work to do to make IT a priority. This requires establishing and implementing an IT governance framework that addresses, at a minimum, the IT organizational and management deficiencies identified in this report," the report read. "It also requires that USSS leadership fully understand and address the potential for insider risks, not only from system administrators and inadequately managed IT contractors, but also from employees and business partners."



Quote for the day:


“If you don’t have a competitive advantage, don’t compete.” -- Jack Welch


October 19, 2016

Tech Bytes - Daily Digest: October 19, 2016

Knowledge workers demand intelligent search, Digital today Cognitive tomorrow, Running an open source & upstream-oriented team in agile mode, Can the data center be defended from a data breach, Hack proofing ID & access management and more.

Knowledge workers demand intelligent search!

In most businesses, knowledge workers are frustrated by the information search and retrieval experience, whether it is on their company intranet or in critical business applications such as a CRM system. This frustration is made worse when they have to repeat the same searches with mixed results across multiple disconnected data repositories. ... Fortunately there have been incredible advances in machine learning, natural language processing, artificial intelligence and cognitive computing. Modern day search platforms are a lot more powerful, automated, and easy to implement. Cloud big data solutions such as Hewlett Packard Enterprise Haven OnDemand don’t require any investment in servers or platform administrative staff— solutions can simply be built and implemented in hours or days, rather than weeks or months.


Digital Today, Cognitive Tomorrow

Cognitive systems are already transforming everything from the world-changing to the everyday. For example, cognitive oncology is a reality thanks to technology developed in partnership with Memorial Sloan Kettering Cancer Center in New York City that helps oncologists identify personalized, evidence-based treatment options based on massive volumes of data. This breakthrough technology is now helping scale access to knowledge at Bumrungrad International Hospital in Thailand, Manipal Hospitals in India, and more than 20 hospitals in China. Cognitive assistants are at work helping build more intimate, personalized relationships at the Brazilian bank Banco Bradesco, the insurance company GEICO, and the retailer The North Face. Dublin-based Medtronic plc, a global health care solutions company, is creating a cognitive app for people with diabetes to predict a hypoglycemic event hours in advance.


Some Hadoop vendors don't understand who their biggest competitor really is

With Forrester projecting that "100% of all large enterprises will adopt [Hadoop and related technologies such as Spark] for big data analytics within the next two years," the chances are pretty high that your enterprise is in the midst of a decision, or has already made it: Which Hadoop vendor do I pick? Though this will change over time, "currently there is no absolute winner in the market," Forrester pointed out, and it's easy to get confused trying to parse differences between the different stacks. The Hadoop vendors themselves, however, give us clues as to who they think is winning, as Ovum analyst Tony Baer highlighted. All you have to do is look at who they position themselves against in their marketing literature.


Gartner 2017 CIO Agenda: Digital Ecosystems, Interoperability, Bimodal IT

There's a significant shift underway in terms of where CIOs are opting to invest, according to the report, which was presented at the 2017 Gartner Symposium/IT Expo 2016, Oct. 16-20 in Orlando, Fla. But there's much more to it than simply following the money. Let's start with the digital ecosystem. What's that all about? According to the report, "Gartner defines digital ecosystem as an interdependent group of actors (enterprises, people, things) sharing standardized digital platforms to achieve a mutually beneficial purpose." What does that mean for the bottom line? "A digital ecosystem amplifies the reach of a company. It enables scalable connections between known partners and customers, but also provides a platform for unknown parties to connect with one another," said Andy Rowsell-Jones


Running an Open-Source and Upstream-Oriented Team in Agile Mode

The atmosphere you set up with your team will also forge the outcome of your team work. Run your team with trust, peace, and humor (remember, I'm on the team!) and awesome things will happen. Run your team with fear, pressure, and finger-pointing, and nothing good will happen. There's little chance that when a team is built, everyone will be on the same level. We were no exception. We had more and less experienced engineers. But the most experienced engineers took the time needed to invest and mentor the less experienced. That also helped to build trust and communication links between members of the team. In the long run, everyone is getting more efficient; the less experienced engineers are getting better and the more experienced can delegate a lot of stuff to their fellows.


Nothing Brings Banks Together Like A Good Hack

Banks, in other words, will start to look less like isolated fortresses and more like open-border platforms hosting numerous apps and services, like Google’s Android system. While digitization may be the future, it poses a major security migraine. “Every time there is a new app or a new channel opened, that provides criminal opportunities,” says Jamie Saunders, the director of the U.K. National Cyber Crime Unit. “Banks are taking enormous care to design security into their apps, but as the technology evolves, the criminal will evolve, too, and vulnerabilities will open up.” By then, Oerting plans to be drawing strength from his networking push and the next generation of cyberdefenses. He helps select and mentor promising startups in the accelerators that Barclays runs in Tel Aviv, London, and other cities.


Can the Data Centre be Defended from a Data Breach?

Why are the odds of being able to protect a data centre so poor? There are a number of important factors. First of all, the reality is that a motivated attacker will be able to get into any given network. There are far too many ways for an attacker to get in, particularly by way of compromising a user’s computer or account. Getting in is a certainty, and this is a hard notion for security professionals to accept. Gartner and most crime-fighting organisations around the world agree on this point: attackers will get in. Most of the attempts of breaking into a network can be successfully defended—perhaps upwards of 95 or even 99 percent—but that leaves open the possibility that a dedicated attacker will find a way in through the balance. Attackers can have a nearly unlimited number of attempts of breaking in.


Hack-proofing ID and access management

With a gap in communication between HR and the IT department, many of these user accounts remain open. While it may not seem like a major problem, these single accounts can begin to add up with hundreds or thousands of dormant accounts within an organization — creating a serious vulnerability. The biggest problem is these past users can still gain entry into the system or a criminal can use these dormant, unsecured accounts to gain the same amount of access as the previous account holder. According to a recent Clearwater Compliance analysis on risk ratings, user control review and user permission review controls are only partially in place or missing about 71 percent of the time — despite urging from the U.S. Department of Health and Human Service Office of Civil rights for organizations to make it a priority.


Digital Risk Monitoring, Q3 2016

Digital channels are now ground zero for cyber, brand, and even physical attacks. Cybercriminals use a variety of tactics to weaponize social media, impersonate or embed malware into mobile apps, deface websites, collude in dark channels, and cause financial, reputational, or physical harm. Digital risk monitoring tools combat these methods by deploying a variety of data-gathering and advanced risk analysis techniques. They aggregate data via open-source intelligence (OSINT), technical intelligence (TECHINT), human intelligence (HUMINT), and even covert human intelligence (CHIS). Then they analyze the collected data with data classifiers, machine learning, and risk scoring algorithms to determine the most likely and most threatening risk events in a quick and efficient manner.


Hackers Create More IoT Botnets With Mirai Source Code

Hackers have been taking advantage of the Mirai malware's source code, following its role in launching a massive DDOS (distributed denial-of-service) attack that took down the website of cybersecurity reporter Brian Krebs. Unlike other botnets that rely on PCs, however, Mirai works by infecting internet-connected devices such as cameras and DVRs that come with weak default usernames and passwords. Since Mirai's source code was released, hackers have been developing new variants of the malware, according to Level 3. It has identified four additional command-and-control servers associated with Mirai activity coming online this month. About half of the infected bots Level 3 has observed resided in either the U.S. or Brazil. More than 80 percent of them were DVR devices.



Quote for the day:


"Be honest - Without objectivity and honesty, the project team is set up for failure, even if developing iteratively." -- @JamesSaliba