October 29, 2016

Tech Bytes - Daily Digest: October 29, 2016

Former NSA leader talks Snowden & the future of infosec, How big data can improve student performance and learning approaches, What is data quality & how do you measure it for best results, How economists view the rise of Artificial Intelligence, Companies complacent about data breach preparedness, How much does a data breach cost and more.

19 psychological tricks that will help you ace a job interview

So if the hiring manager offers you some flexibility in choosing an interview time, ask if you could come in around 10:30 a.m. on a Tuesday. That's likely when your interviewer is relatively relaxed. In general, you should avoid early-morning meetings because your interviewer may still be preoccupied with everything she needs to get done that day. You'll also want to avoid being the last meeting of the workday, as your interviewer may already be thinking about what they need to accomplish at home. ... Twenty-three percent of interviewers recommended wearing blue, which suggests that the candidate is a team player, while 15% recommended black, which suggests leadership potential. Meanwhile, 25% said orange is the worst color to wear, and suggests that the candidate is unprofessional.


Former NSA leader talks Snowden and the future of infosec

When it was put to Inglis that Snowden might be viewed as a whistle-blower acting with the intent to take a stand on the right of citizens to data privacy, Inglis said: “I don’t think he thought that. Whistle-blowers should be formally supported and within the US system they are. You have the right and authority to take [your concerns] to some other places … Snowden did none of that – he made no complaints to anyone ... [He] recklessly released information that had nothing to do with the protection of privacy.” Snowden helped to “fill the vacuum of information [about how the NSA works],” he said, and “a lot of the cost was a vilification of the NSA”.


Uber’s New Goal: Flying Cars in Less Than a Decade

In fact, Uber reckons that the technology for these kinds of vehicles will mature within five years. Google cofounder Larry Page seems to agree: earlier this year he invested in two flying-car companies. But there are still some significant wrinkles that need to be ironed out before that happens, which make the five-year time frame seem overly optimistic. To be fair, Uber realizes there are hurdles. In its white paper, Uber lists a number of issues it’s worried about (deep breath): battery technology, vehicle efficiency, vehicle performance and reliability, cost and affordability, safety, aircraft noise, emissions, takeoff and landing infrastructure, pilot training, air traffic control, and the certification process.


How Big Data Can Improve Student Performance And Learning Approaches

The data-based approach periodically tracks an individual student’s performance by using indicators such as: prior knowledge, level of academic ability, and individual interests. What this approach achieves is that it allows for personalized learning where the students can actively learn at their own pace. Furthermore, educators can provide their support, tools, and assistance to those students who need their attention in the classroom. One of the highly regarded platforms that features personalized courses and exercises is Khan Academy. Aside from the fact that it can be used by students and parents, this platform also allows teachers to provide individualized video tutorials and practices in many different subjects, predominately math. Specifically, teachers can modify tutorials and playlists and recommend certain videos and exercises to students.


China’s Baidu to open-source its deep learning AI platform

The announcement follows the open-sourcing in the last two years of other machine intelligence and deep learning tools such as Torch and machine-vision technology from Facebook, TensorFlow from Google, Computation Network Tool Kit (CNTK) from Microsoft and DSSTNE from Amazon.com, as well as independent open source frameworks such as Caffe. Baidu also has open-sourced other pieces of its AI code. But Xu Wei, the Baidu distinguished scientist who led PaddlePaddle’s development, said this software is intended for broader use even by programmers who aren’t experts in deep learning, which involves painstaking training of software models. “You don’t need to be an expert to quickly apply this to your project,” Xu said in an interview. “You don’t worry about writing math formulas or how to handle data tasks.”


What is Data Quality and How Do You Measure It for Best Results?

What do we do when we find errors or issues? Typically, you can do one of four things: Accept the Error – If it falls within an acceptable standard (i.e. Main Street instead of Main St) you can decide to accept it and move on to the next entry; Reject the Error – Sometimes, particularly with data imports, the information is so severely damaged or incorrect that it would be better to simply delete the entry altogether than try to correct it; Correct the Error – Misspellings of customer names are a common error that can easily be corrected. If there are variations on a name, you can set one as the “Master” and keep the data consolidated and correct across all the databases; and Create a Default Value – If you don’t know the value, it can be better to have something there than nothing at all.


How Economists View the Rise of Artificial Intelligence

“Economists think of technology as drops in the cost of particular things,” Agrawal said. Likewise, the advent of calculators or rudimentary computers lowered the cost for people to perform basic arithmetic, which aided workers at the census bureau who previously slaved away for hours manually crunching data without the help of those tools. Similarly, with the rise of digital cameras, improvements in software and hardware helped manufacturers run better internal calculations within the device that could help users capture and improve their digital photos. Researchers essentially applied calculations to the old-school field of photography, something previous generations probably never believed would be touched by math, he explained.


Companies complacent about data breach preparedness

even as organizations are paying more attention to data breach preparedness, most aren't giving it the attention needed to execute their plans successfully when the time comes. Ponemon found that 38 percent of organizations have no set time period for reviewing and updating their plan and 29 percent have not reviewed or updated their plan since it was first put in place. Only 27 percent of organizations surveyed felt confident in their ability to minimize the financial and reputational consequences of a breach, and 31 percent lacked confidence in dealing with an international incident. For instance, in April, Symantec released its 2016 Internet Security Threat Report, which found that ransomware increased by 35 percent in 2015.


Protection is dead. Long live detection.

All too often, detection is an afterthought. A lot of planning and money go toward hardening protections, and then an intrusion detection system or a security information and event monitoring system is tacked on. It’s not enough. Detection strategy and architecture have to be the equal of protection strategy and architecture. If most organizations were already treating protection and detection equally, attackers would not be spending an average of 200 days inside target systems or networks before being detected. More than six months is plenty of time for adversaries to fully achieve their goals, plus explore, define new goals and find new targets. Don’t misunderstand. As essential as detection is, it is not necessarily a fail-safe. But the sooner a breach is detected, the sooner you can mount a defense and stop adversaries from achieving their goal, or at least minimize the damage.


How much does a data breach actually cost?

Knowing these numbers gives one a sense of how to measure their relative size. Because when it comes to measuring the cost of a data breach, size matters. It’s intuitive and true—the more records lost, the higher the cost. According to the same Ponemon study, the average cost of a data breach involving fewer than 10,000 records was nearly $5 million, while a breach of more than 50,000 records had an average cost of $13 million. Reviewing the numbers, it’s clear data breaches are a real and growing financial threat to businesses. The good news is it is a cost that can be avoided with a proactive investment in cybersecurity measures. Knowing the potential and average cost also gives business owners an idea of how much to budget to secure their information.



Quote for the day:


"How we think shows through in how we act. Attitudes are mirrors of the mind. They reflect thinking." -- David Joseph Schwartz


October 28, 2016

Tech Bytes - Daily Digest: October 28, 2016

Businesses shouldn't let security scares put them off IoT, Align intelligence UX & data to power exceptional customer moments, Focus your agile retrospectives on the learnings, IoT growing faster than the ability to defend it, The limits of encryption, Using smart city technology to power local economic development and more.

Businesses shouldn’t let security scares put them off IoT

Often, the hardware involved has more in common with a PC than with a cheap and cheerful consumer device, such as Dell’s Edge Gateway products, for example. The upshot of this is that they can be managed by the IT department using similar admin tools to the rest of the IT infrastructure, and also support many of the same security and monitoring tools. This is not to say that enterprises should be complacent about security, but that there other things that should be of greater concern than worries about an IoT deployment introducing new security vulnerabilities to the corporate network. If anything, last week’s attack should have been a wake-up call to how exposed businesses might become if they rely heavily on internet-based services such as those delivered from public clouds.


Align intelligence, UX and data to power exceptional customer moments

Today, our most advanced applications are intelligent. Look no further than IBM Watson or Salesforce Einstein A.I. Bluewolf's recent The State of Salesforce Report showed that over half of companies surveyed described their most essential applications as at least somewhat intelligent already, able to anticipate and either take or suggest the next action. Increasing investments in intelligent applications is one key element to driving business results, but that alone is not enough. Companies must also invest in their employee and customer experience, and focus on translating their overwhelming collections of data into intuitive, automated employee experiences that, in turn, can power incredible customer moments.


Focus your Agile Retrospectives on the Learnings

Agile Retrospectives are the cornerstones of any inspect and adapt cycle. Even though teams should not limit their learning to Agile Retrospectives, they are quite commonly the place where most of the learning happens. This is because they are a common place for data mining, whereby the team collects information about what happened during the sprint and is able to identify challenges. As a result of all of the learning that takes place during these sessions, teams arrange new ways of working in order to avoid default thinking patterns. During the last week when I worked with a Scrum Master and helped her with the Agile Retrospective, I realized something interesting. If we focus on the learning instead of the outcome, Agile Retrospectives will always be successful.


When IoTs Become BOTs, The Dark Side of Connectedness

The compromised IoT devices all appear to be built using the Swiss Army knife of Embedded Linux, BusyBox, and as such might not be readily patchable. Most of these IoT devices are webcams, smart DVRs, and home routers, but they are just the tip of the 1.2 million device iceberg that is the Mirai Botnet. To put this number in perspective the current active duty strength of the US Armed Forces is nearly the same number, 1.28 million. Image all of our active duty military sitting at keyboards running programs to attack a single website, that’s the power that “Anna_Senpai” the single person behind Mirai wields. Now by contrast Mirai isn’t the largest BOTnet we’ve ever seen, others like Conficker or Cutwall were larger, but this is the first one built entirely of IoT devices.


IoT Growing Faster Than the Ability to Defend It

The IoT is expanding faster than device makers’ interest in cybersecurity. In a report released Monday by the National Cyber Security Alliance and ESET, only half of the 15,527 consumers surveyed said that concerns about the cybersecurity of an IoT device have discouraged them from buying one. Slightly more than half of those surveyed said they own up to three devices—in addition to their computers and smartphones—that connect to their home routers, with another 22 percent having between four and 10 additional connected devices. Yet 43 percent of respondents reported either not having changed their default router passwords or not being sure if they had. Also, some devices’ passwords are difficult to change and others have permanent passwords coded in.


The Limits Of Encryption

It’s a simple point that many people haven’t grasped. Encryption can protect the contents of an email message, but it can’t hide who sent the message and who received it. That can be valuable information. Say that law enforcement officials are interested in a particular encrypted email that a suspect sent. If it can learn from the suspect’s carrier who the recipient was, it might be able to seize that person’s phone and read the message free of encryption. No muss and no fuss. As for meta-data, it can show times, dates and even location. So, despite Apple proudly declaring that it protects its customers’ data no matter what, it is still giving the government a lot of information “thousands of times every month.”


7 Tech Nightmares Haunting IT Pros This Halloween

"The challenges these IT decision makers face each day are truly daunting," said Sabrina Horn, managing partner and technology practice lead at Finn Partners, in a prepared statement. "From aging technology infrastructures, to cybersecurity threats, to the need to keep up with the latest innovations, it's no wonder we received a lot of scary, uncertain opinions about what lies ahead. But these findings also highlight the need for technology providers to better communicate the business outcomes they deliver, making it a little less uncertain for everyone." Finn Partners surveyed 511 US-based IT decision-makers between Sept. 6 and Sept. 13, 2016. Respondents to the survey identified themselves as senior employees with decision-making influence in one or more of the following areas:


Using smart city technology to power local economic development

Fundamentally, smart cities use technology and process innovation to improve the quality of life for all stakeholders within a community. One could make the case that thanks to broad adoption of SmartPhone technology and broadband wireless, most cities are already ‘smart.’ However, so far, it is the private sector that is leading. City management is responding rather than proactively initiating a coherent strategy for harnessing smart technology in a way that improves quality of life for residents and visitors. It is an incredibly exciting time as a number of social, cultural, geo-political and technological factors are converging to drive a tremendous amount of innovation in this space.


Experts on AI: Robotics Professor from Carnegie Mellon

The problem is not with AI but with humans who may misuse or abuse the technology. We’ve already seen the situation where AI has given the NSA and others the power to monitor and analyse our communications. You could say this invades our privacy and violation of the Constitution or you could say it protects us from terrorists. It’s up to us to decide how to use that power. Another ethical issue we should be thinking about is how computational biology is using AI to create designer babies, AI techniques are helping create tools to make this happen. Who wouldn’t opt to have a perfect, healthy child but if you eliminate naturally occurring diversity, what might the consequences be?


Internet Providers Could Be the Key to Securing All the IoT Devices Already out There

There are two main ways that ISPs could contribute to IoT security. The first is by blocking or filtering malicious traffic driven by malware in known patterns. For example, some ISPs use a standard called BCP38 to reduce spoofing, the process used by attackers to transmit network packets with fake sender addresses. Protecting against spoofing can negate many of the strategies that allow for assaults like the one on Dyn, but it’s taken years to get the majority of ISPs to adopt the standard—and some still don’t because of the cost of installing and maintaining the filters. The second thing ISPs could do is notify customers—whether big corporate clients or individuals—if a device on their network is sending or receiving malicious traffic.



Quote for the day:


"Great thoughts speak only to the thoughtful mind, but great actions speak to all mankind." -- Theodore Roosevelt


October 27, 2016

Tech Bytes - Daily Digest: October 27, 2016

Dealing with multiple service providers - A necessary evil, Can fintech prevent the next financial crisis, The difference between open source & open governance, 5 strategies to reboot your IT career, A quick primer on isolation levels & dirty reads, Residential routers easy to hackand more.

How IoT technologies are disrupting the aerospace and defence status quo

While current solutions only permit the airborne transfer of data for key vital parameters to maintenance crews, expanding this remit would allow them to determine the continual status and performance of individual parts and components within the engines, systems, and subsystems across the wider aircraft. This continuous visibility of the aircraft’s performance is crucial. If, for example, one of the engine vitals fails mid-air, a standby system would kick in and run all of the necessary functions to enable it to complete its journey safely. An alert would then be sent to the ground staff, who could use the real-time information to determine the cause of the failure, before engaging the necessary personnel and sourcing the components required to get the aircraft back up and running as soon as it lands.


Dealing with multiple service providers: A necessary evil

If dealing with an ever-expanding IT ecosystem is a mandate for enterprises, then developing the organizational maturity and capability of integrating and managing services purchased from disparate and specialized vendors is a necessary part of it. This means automating multi-vendor governance capabilities and leveraging tools and processes that help integrate the delivery and management of services from an end-to-end perspective. The fast-developing ecosystem proffers a strategic choice: to buy services (outsource to a third party) or to build services (develop in-house capability and implement within the enterprise). And, at the risk of stating the obvious, there’s no one-size-fits-all answer.


Can Fintech Prevent The Next Financial Crisis?

Under the current system, bankers do not risk their own money; rather, the risk is entirely on their savers aka the bank’s depositors. Under extreme circumstances, the government may be required to foot the bill if and when things turn sour at the bank. As for the bankers themselves they have very little at stake; in fact, their willingness to take risks (with their depositors’ funds, of course) often leads to lucrative bonuses. Bankers at no time do they risk their own savings or pensions. And that’s the real problem; how can professionals be expected to take low risk on behalf of others when they have so much to gain and so little to lose? We can’t expect them to take the high road; indeed, the sub-prime crisis proves that. So how exactly will P2P lending make a difference?


The difference between open source and open governance

On the open domain, the only two non-functional things that matter in the long term are whether it is open source and if it has attained momentum in the community and industry. None of this is related to how the software is being written, but this is exactly what open governance is concerned with: the how. Open source governance is the policy that promotes a democratic approach to participating in the development and strategic direction of a specific open source project. It is an effective strategy to attract developers and IT industry players to a single open source project with the objective of attaining momentum faster. It looks to avoid community fragmentation and ensure the commitment of IT industry players.


Ransomware: The Next Big Automotive Cybersecurity Threat?

“The current ransomware business model works well because the attackers ensure that the price paid is well worth the data restored,” explained Tony Lee, technical director at security research firm FireEye. “Can home users put a price on precious family photos or financial documents? Can organizations put a price on critical information necessary to conduct business? If that answer is yes and the price is low enough, the ransom will be paid.” The same rationale can be extended to vehicles. Approximately 250 million connected cars are expected to be on roads worldwide by 2020, according to a 2015 analysis by technology consulting firm Gartner, making connected cars the next potential market for hackers. These attacks could range from simply locking motorists out of their vehicles to locking them inside; a more ominous scenario would allow hackers to freeze the ignition, essentially “bricking” the car and making it completely unusable.


5 strategies to reboot your IT career

Technology changes faster than many of us can keep up with it. New paradigms like software-defined networks and the cloud emerge, and the old ones continue to hang around. But while the hotshot programmers and big data geeks get to play with the shiny new toys, you're busy waiting for the robots to come and take away your job. ... It doesn't have to be that way. Whether you cut your teeth on Unix and AIX or you tire of doing the necessary but thankless tasks that come with keeping the lights on and the datacenter humming, there's still time to reinvent yourself. It won't be fast or easy. It will mean investing a lot of time and possibly some money, taking risks, and hacking code. But it can turn into a much greater reward, both financially and psychically.


A Quick Primer on Isolation Levels and Dirty Reads

If you need to repeat the same read multiple times during a transaction, and want to be reasonably certain that it always returns the same value, you need to hold a read lock for the entire duration. This is automatically done for you when using theRepeatable Reads isolation level. We say “reasonably certain” for Repeatable Reads because of the possibility of “phantom reads”. A phantom read can occur when you perform a query using a where clause such as “WHERE Status = 1”. Those rows will be locked, but nothing prevents a new row matching the criteria from being added. The term "phantom" applies to the rows that appear the second time the query is executed. To be absolutely certain that two reads in the same transaction return the same data, you can use the Serializableisolation level.


Residential routers easy to hack

Weak passwords can be easily exploited. Fourteen percent of simulated attacks on the routers were, in fact, victorious. The probing attack methodology was simply to use common default usernames and passwords, along with some frequently used combinations. Telnet was left open on 20 percent of the routers, and command injection vulnerabilities were also caught. Telnet, as an unsecured service, shouldn’t be openly available to even a local network, ESET explains. Command injection vulnerabilities “aim for the execution of arbitrary commands on the host operating system.” They use a vulnerable application, the security company says. Proper input validation fixes the deficiency. Of that 7 percent of the now-common household devices with software vulnerabilities, about half (53 percent) had “bad access rights vulnerabilities,” or permissions problems, in other words.


Can government-funded innovation solve the cyber security threat?

Expecting the federal government to produce solutions is hopeful at best and woefully naive at worst, though that isn’t to say that it can’t somehow play a part. Even if it can’t actually develop the technologies necessary to compete in this new battle arena, it can still fund innovative R&D that can be developed into the next generation of defense infrastructure. This can be achieved through the Small Business Innovation Research (SBIR) program, a highly competitive research initiative through which domestic small businesses respond to federally specified R&D requirements with commercial applications. Awards are distributed in two phases, first for feasibility and proof of concept of the product, and then for further development and commercialization.


Five Questions General Counsels Should Ask About Privacy and Cybersecurity in Third-Party Contracts

Regulators are cultivating an ever-increasing patchwork of data protection laws and regulations. Because third parties may host and process data in various locations around the world, companies must keep abreast of constantly evolving developments in global data protection laws and regulations, including data localization laws and data transfer regulations. Compliance failures may subject a company to considerable fines and penalties (e.g., the EU General Data Protection Regulation, effective in May 2018, will allow penalties of up to four percent of worldwide revenues for compliance failures). In addition, data localization laws, which require that data must remain in the country, are emerging. For example, Russia has such a law, and others have been proposed in Indonesia and China.



Quote for the day:


"Without Simplicity and Transparency, you could become a Happy Underachiever." -- @GordenTredgold


October 26, 2016

Tech Bytes - Daily Digest: October 26, 2016

Advanced use cases for repository pattern in .NET, Everything we know about the great Indian debit card hacking, Integrating hotel systems can create hacking liabilities, Best practices for securing your data in motion, Cyber security staffing issues may be putting you at risk and more.

7 Deadly Sins of Project Management You Should Never Commit

The biggest blunder that can derail your project is selecting the wrong person as your Project Manager. According to American Eagle Group data, around 80% of Project Managers lack formal training, which is one of the major reasons why 55% of projects fail. On the other hand, a Standish Group CHAOS report revealed that Project Managers equipped with formal training have a success rate of more than 70%. This goes to show the importance of trained Project Managers and how it could increase your chances of completing your projects on time and within the budget. Select a Project Manager whose experience and skills coincide with your project management requirements. On the other hand, a Standish Group CHAOS report revealed that Project Managers equipped with formal training have a success rate of more than 70%.


Advanced Use Cases for the Repository Pattern in .NET

When designing a repository, you should be thinking in terms of “what must happen”. For example, let us say you have a rule that whenever a record is updated, its “LastModifiedBy” column must be set to the current user. Rather than trying to remember to update the LastModifiedBy in application code before every save, you can bake that functionality right into the repository. ...  Normally repositories are context free, meaning they have no information other than what’s absolutely necessary to connect to the database. When correctly designed, the repository can be entirely stateless, allowing you to share one instance across the whole application. Context aware repositories are a bit more complex. They cannot be constructed until you know the context, which at the very least includes the currently active user’s id or key. For some applications, this is enough.


Everything we know about the great Indian debit card hacking

The data breach happened in August and September, according to the Mint newspaper. But the banks apparently weren’t aware, several bankers told Mint. This is the list of all of those involved: bank customers, 19 Indian banks, the NPCI, Hitachi Payments Systems, Mastercard, Visa, RuPay. But they are all shirking responsibility for the mess. Most banks, including SBI, HDFC Bank, and ICICI Bank, have said their systems are safe. The platforms these banks use for debit cards—Mastercard, Visa, and Rupay—have also washed their hands off the crisis. Hitachi Payments Services, which managed Yes Bank’s ATMs, said that an initial review “does not suggest any breach/compromise.”


Integrating hotel systems can create hacking liabilities

Integration. It’s one of the industry’s biggest buzzwords for streamlining operations. With everything on property collecting data and providing options for interaction, wouldn’t it be nice if every device collaborated? It’s the dream of many operators to have a property that is running fully in-sync, but Shaun Murphy, communications security expert, inventor, CEO and co-founder of communications app SNDR, said the persistent threat of data breaches may be reason enough to question which devices on property are working in tandem. “During a breach, the worst-case scenario is that all your systems are integrated,” Murphy said. “From your point of sale to your soda machine, at that point you are losing not only financial information, which you have to disclose, but other confidential information as well.”


How Big Data Is Changing Recruitment Forever

Dana Landis, vice president of global talent assessment and analytics at Korn Ferry, said “When you’re talking about big data you’re talking assessing millions of people all over the world, so you need self-assessment. We’ve designed our tools to take out a lot of the problematic aspects of that – instead of being able to rate yourself high on all the good things and low on all the things that sound bad, you’re forced to make really difficult decisions based on ranking and prioritizing your skills.” Moving their assessment process to an online, self-assessment model has greatly increased the volume of candidates that Korn Ferry has been able to assess. This further increases the size of the dataset used to measure candidates’ suitability. By comparing their individual profiles against amalgamated profile data from people who have proven themselves successful in similar job roles, a more accurate picture of the skills a person will need to succeed in a particular role emerges.


Best practices for securing your data in-motion

Data in-motion has to contend with human error, network failures, insecure file sharing, malicious actions and more. In today’s economy, almost every business has data that needs to be transferred outside protected business applications and systems to enable collaboration between co-workers, users, systems, partners and more – so simply not letting data be shared is not an option. To remediate the security risk that’s inherent with sending data outside of your walls, companies must accept the reality of data insecurity in-motion and take proactive steps to prevent an expensive and embarrassing data breach. The first step is to accept that your company data, including sensitive data, is being sent insecurely via shadow IT. When IT isn’t involved with how data is being transferred, there are critical disadvantages, which often trigger other serious issues


Intel wants to make its IoT chips see, think, and act

Intel is working to help machines evolve from accurately sensing what’s going on around them to acting on those senses. For example, if a device can see defective parts going through an assembly line, it can alert someone or even stop the line. Cameras in cars could see that the driver is drowsy and set off an alarm in the car, and ones pointed in front of the vehicle could tell a pedestrian from a shadow and stop the car – if its vision was accurate enough. ... The new chips are also better at capturing and processing images. They have four vector image processing units to perform video noise reduction, improve low-light image quality, and preserve more color and detail. In a networked video recorder, an E3900 could take 1080p video streams from 15 cameras and display their feeds simultaneously at 30 frames per second on a video wall, Caviasca said.


Agile Manufacturing: Not the Oxymoron you Might Think

Industry 4.0, digital manufacturing, agile manufacturing, “digital thread”—these are all terms that describe the way we are making some things now and will make almost everything in the future. ... Digital manufacturers are organizing from an outside-in mindset that starts with the customer, and looks to deliver creatively on market opportunities, whatever they happen to be, however they will be delivered, and whoever will deliver them. Profits are seen as the consequence of providing value to customers, not the goal of the firm.  Soon, when you walk into your mechanic’s shop to replace a broken fender, he will not need to order the replacement part from overseas and call you back in three weeks. He will take some measurements, step to an attached room with a 3D printer and make your new fender on the spot, revised to attach more firmly and with accent trim to update the style.


Cybersecurity staffing issues may be putting you at risk

Chances are you already have future security pros within your own ranks -- it would stand to reason that businesses have turned to internal talent to find cybersecurity experts. But, according to the data from Spiceworks, that's not necessarily the case. When asked how willing they would be to invest in IT training for 2016, 57 percent said they were "somewhat open, but it would take some convincing," while only 6 percent said they were "extremely open" and had already made investments in training. "Smart people within your own ranks have the huge advantage of already knowing the context of the enterprise to be protected. By using in-house staff, you can save on the time it takes to teach them the context of the enterprise," says Ryan Hohimer, co-founder and CTO of DarkLight Cyber.


The QA Success Story: Where Business and Technology meet

Technology is playing an ever increasing role in the business cycle – influencing buying decisions, transacting through online platforms, integrating with payment channels, collaborating with partners in co-creating and delivering products / services, and being evaluated by the customer across multiple touch points. The exceptional visibility of technology across customers, partners and stakeholders has brought greater focus onto non-functional user experience dimensions – usability, performance, security, inter-operability, and response times. The ability of technology to dis-intermediate and bring businesses closer to the customer is seeing an explosion in platforms targeting the Cloud, leveraging Social Media and Analytics and delivering services on the Mobile.



Quote for the day:


"Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets." -- Mark Berven


October 25, 2016

Tech Bytes - Daily Digest: October 25, 2016

Massive DDos attack spotlights internet choke point, 60% of smaller companies that suffer a cyber attack are out of business within 6 months, Taking value-chain perspective on innovation, The toil of technology: MNC leaders struggle more than most, Hackers changing tactics techniques & procedures and more.

Calling disruptive fintech entrepreneurs

“With the value of financial technology investments climbing dramatically over the past decade, fintech has clearly become mainstream," said Maria Gotsch, president and CEO of the Partnership Fund for New York City. “Now in its seventh year, the FinTech Innovation Lab has become embedded in the entrepreneurial and financial services ecosystem in New York City, helping drive job growth and building on its rich concentration of tech talent, financial expertise and close proximity to some of the world’s largest financial institutions. "The connections made through our programme enable tech entrepreneurs to closely engage with these top financial institutions and accelerate growth.” The success of the FinTech Innovation Lab in New York has led to the founding of three other FinTech Innovation Labs around the world in London, AsiaPacific and Dublin.


Massive DDoS attack spotlights internet choke point

The big question hovering over the incident is why go after a DNS provider that supports sites popular with millennials, according to Sirota."People aren't just trying to make millennials life a little bit hard. There must be some alternative." DDoS attacks can serve as cover for other malicious actions. It is also possible that the attack was an experiment used to test a new mode of attack. "Is the intention to just try out a new way of hijacking unattended devices, like TV monitors and turn them into zombies that drive traffic? Is the intention to use the attack as a distraction so that these companies like Shopify aren't necessarily paying attention to other parts of their infrastructure? It's hard to say," Sirota said.


Ex-NSA Contractor Hoarded Two Decades' Worth Of Secrets

U.S. authorities are still reviewing the seized information, but they allege that Martin illegally held documents he had no need to see. "The case against the Defendant thus far is overwhelming," the filing said. In addition, Martin may have done little to securely store what he allegedly stole. "Many of the marked documents were lying openly in his home office or stored in the backseat and trunk of his vehicle," the filing said. Investigators didn't mention finding any direct evidence of Martin leaking the stolen materials to hackers or a foreign government. But the court filing said he easily could have transferred the information over the internet and concealed his online communications. Attorneys for Martin have rejected the allegations that he betrayed the U.S.


60% of small companies that suffer a cyber attack are out of business within six months.

The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million. Recent events have proven that nobody is safe from the threat of cybercrime – not large corporations, small businesses, startups, government agencies or even presidential candidates. Small and mid-sized businesses are hit by 62 percent of all cyber-attacks, about 4,000 per day, according to IBM. Cybercriminals target small businesses because they are an easy, soft target to penetrate.


Social Data: Revolutionising Identity Verification

Unnecessarily long and complicated ID checks, such as Knowledge Based Authentication (KBA) like “what is your mortgage value?”, or “how much did you spend on your last phone bill” often results in incorrect answers because who can remember their mortgage details, and who pays that much attention to know their exact last phone bill? These inefficient methods often mean customers, particularly in banking and telecoms, end up having to go into branch and spend a significant amount of their little ‘free time’ finding proof of address and their passport, heading into town, queueing, and finally verifying their identity. Even consumers who order online shopping to store (be it clothes, food, electronics) have to remember to bring ID when they collect it, feeling disappointed when they forget and there is no alternative but to come back another time, driving licence in hand.


Taking a Value-Chain Perspective on Innovation

After all, any technology that requires substantially new routines, new task knowledge, or new complementary resources also will require any organization that interacts with it to change its processes, human capital, or other resources, and know-how. ERP software, for instance, was notoriously difficult to implement, requiring significant “business process reengineering” and non-trivial interruption or duplication of key internal processes. When we look at how digital technologies affect business-to-business interactions, we can see a similar potential to enable or disrupt key processes. This time, however, the processes cut across organizational boundaries. My research therefore focused on how links in the value chain — particularly, customers — might impact the behavior of leading companies at the onset of technological change.


The Toil of Technology MNC Leaders Struggle More Than Most

Technology is only as effective as the confidence of the leaders using it—on this, MNCs fall short based on a wide range of indicators, shown in the graphic on the previous page. Only 60 percent of MNC leaders are highly confident leveraging technology to improve their workforce. Technology as a mechanism for providing leaders with information to aid their decision making to channel and derive value ..., with 66 percent of leaders highly confident using data to guide decisions. Technology methods used specifically for leadership development are, at best, unproven, and, at worst, squandered. Only 1 in 20 of all MNC leaders selected mobile-accessible development as one of their top-three most effective learning methods, while social networking and self-study online learning were scarcely more effective at 11 percent and 12 percent, respectively


Hackers changing tactics, techniques and procedures

“Our Q3 2016 report confirms that hackers are relentless and constantly employing new means to penetrate networks to steal confidential data,” said Rob Kraus, Director, Security Research and Strategy, NTT Security. “Organizations’ first line of defense is to determine where and how these attacks are taking place so they can deploy the most efficient and appropriate network security solutions to minimize their exposure and liabilities.” The report cites an increase in the type and sophistication of attacks during Q3 ’16 across a broad range of industries with finance being the most affected, followed by retail and manufacturing. Further, traditional hacking is being supplemented by other, more sinister attacks such as “direct cash back” models including ransomware and Business Email Compromise (BEC) attacks.


How to prepare yourself for the next DDoS attack

Admit it: Do you even bother keeping phone numbers anymore? Many modern relationships -- especially business relationships -- exist solely online: email, Facebook, WhatsApp and so on. But imagine last week's attack had been worse, rendering some or all of those tools useless. Now what? Time to go old-school: Make sure you keep an address-book entry for the important people in your life (personal and business alike), and make sure that entry includes multiple modes of contact -- including work, mobile and/or home phone numbers. Of course I'm referring to the address book on your phone, but there's nothing wrong with keeping a print version as well. It's just one more item to keep under the you-never-know umbrella. Speaking of phones, a DDoS attack might render yours inoperable -- if it relies on voice-over-IP technology.


Unum's Lynda Fleury Navigates Changing Security Environment

“Companies want to facilitate anytime anywhere access to anything from anyone through mobile technology. And with the adoption of cloud, we are extending pieces and parts of our network to areas outside of our control,” she explains. “We have shifted from the enforcers, to becoming the trusted advisors, educating business partners and IT advisers on what the technology landscape is.” Fleury, who began her career in IT security in the banking industry, came to Unum as an IT auditor in the mid-1980s. Since then, she has been credited with growing Unum’s security organization from the ground up, increasing the size profile of the team over time. Today, Unum’s IT security organization has more than 40 professionals in it.



Quote for the day:


"In the business world, the rearview mirror is always clearer than the windshield." -- Warren Buffett