The importance of wearable hardware in the enterprise
“A large oil and gas firm is using geolocation wearables, connected via an IoT network, for site workers across multiple fields and rigs,” said Didier Pagnoux, director for IoT solutions at Altran. “It is also adding ‘wearable trackers’ for spare parts so workers can find them faster during emergencies, such as leakages. This is especially useful given how vast and extensive some fields, rigs and mines can be. “Wearables are starting to play a major role in the oil and gas industry. This is significant because much of the oil and gas industry is rooted deeply in 20th century methodologies, systems and processes.” Pagnoux continued by explaining how wearable hardware helps oil and gas companies to gain real-time insight into the environment in which their employees work, and gauge whether or not conditions are safe enough. “Embedded sensors within safety jackets and helmets are also being used within mines and rigs to feed a range of data on the conditions workers experience,” he said. “This is to monitor the air quality and to prevent accidents.
Operationalizing Threat Intelligence at Scale in the SOC
The period of time for which threat data is valid is limited. Organizations need current information about vulnerabilities and malware being used in attacks before they are targeted. Intelligence feeds will have shifting levels of urgency and simplifying the prioritization process is a complex task. In the past, security practitioners shared Word documents, PDFs, or simple file formats like CSV tables and Excel Sheets of indicators of compromise These were difficult to operationalize due to taxonomy and formatting differences, lack of integration, and the time-sensitive nature of the data. Also, it is difficult to describe and share a more complex behavioral indicator such as a threat actor tactic in a standardized format. The cyber community has tried — and failed — to institute an effective culture of sharing. Taxonomies and standards have been created but none have caught on at scale, leaving accessibility to CTI fragmented. As a result, most sharing doesn't go beyond domains. And even though security analysts across industries share common goals, often the organization does not see it that way and sharing and collaborating is hidden from management.
Grilling the answers: How businesses need to show how AI decides
“It became very obvious that if you are going to be using these machine learning algorithms to inform, or guide some really important decisions in our lives, then you really need to have this confidence or trust,” she says. But explaining machine learning decision-making to a data scientist is one thing; explaining it to consumers or the public will require a great deal more creative thinking, says Mojsilovic. “Fairness may be a complex ethical issue, but in a way, explainability is even more difficult,” she says. “Think about how humans explain things, how we navigate the world around us and how we communicate. We do it in so many different ways. We look for examples and counterexamples and summarise things, and so on. We thought about how to take that expressiveness of human interaction and create the methods to communicate [the way AI reaches conclusions].
The vulnerabilities, as per the cybersecurity firm, could allow people with malicious intent to have access to user accounts and do a lot of things, such as steal their confidential information, delete their videos, make their private videos public, and so on. The vulnerabilities can also allow attackers to upload unauthorized videos to compromised accounts. The firm found that the app's subdomain was vulnerable to a type of attack where seemingly benign or “innocent” websites can be used to hack accounts and steal information. These, called XSS attacks, allow hackers to insert malicious scripts into trusted websites. Attackers can leverage this vulnerability to send TikTok users spoofed messages that contained links. These messages are made to look like they are legitimate and are from TikTok. If a person clicks or taps on the links, the attacker can then gain access to his or her TikTok account for whatever purpose he may have in mind. Check Point looked into TikTok's vulnerability to XSS attacks and successfully retrieved confidential user information, which included private email addresses and birthdates. The cybersecurity firm informed TikTok of the vulnerabilities on Nov. 20 last year, and by December, the app company was able to fix them.
CES 2020 car show features liquid crystal sun visors, EyeLocks, and smart LiDAR
At CES 2020, Cerence showed how voice recognition and head tracking can be used together to open windows and doors. These button-free controls use voice recognition, gaze detection, touch, and gesture to create a natural, human-like in-car experience. The demo also included intelligent voice traffic notifications that leverage natural language generation to assist drivers with route selection. Bosch has made the sun visor smart with a camera and a transparent liquid crystal display. The Bosch Virtual Visor blocks only the portion of the visor where the sun would strike the driver's eyes while leaving the rest of the visor transparent. This improves visibility for the driver and automates adjustments to the visor, allowing the driver to focus on the road. Also at CES 2020, EyeLock announced that SiriusXM will use the company's iris authentication tech to safeguard its new mobile e-wallet. The in-car platform lets drivers pay tolls, purchase gas, or stop at the drive-through without reaching for a wallet. Drivers use voice commands or a touch screen to start an e-wallet transaction and then an iris scan verifies the request. The custom EyeLock prototype will be placed in the visor of the car, allowing for the authentication of the driver, and other passengers that are enrolled in the system.
New Iranian data wiper malware hits Bapco, Bahrain's national oil company
At the time of writing, Bapco appears to be the only victim of an attack with the Dustman malware, although this doesn't mean the malware was not deployed on the network of other targets. According to the CNA report, attackers don't seem to have planned to deploy Dustman at the time they did, but appear to have triggered the data-wiping process as a last-ditch effort to hide forensic evidence after they made a series of mistakes that would have revealed their presence on the hacked network. Sources who spoke with ZDNet on the condition of anonymity claimed the Bahrain company was compromised over the summer. Saudi CNA officials, along with our sources, confirmed the point of entry was the company's VPN servers. The CNA report cites "remote execution vulnerabilities in a VPN appliance that was disclosed in July 2019" as the attackers' point of entry into Bapco's network While officials didn't blame any specific appliance, they are most likely referring to a Devcore report published over the summer that disclosed remote execution bugs in a wealth of enterprise-grade VPN servers, such as those from Fortinet, Pulse Secure, and Palo Alto Networks.
The case for change: New world, new skills
By upskilling, we mean giving people the opportunity to gain the knowledge, tools, and abilities they need to use and understand advanced and ever-changing technologies in the workplace and their daily lives. Not everyone has to learn to code, but many people need to understand and manage artificial intelligence, data analytics, autonomous vehicles, and other technologies that can’t even be predicted — those emerging now and those that will be created in the future. But upskilling is not simply a matter of teaching people how to use a new device. That device may be obsolete by the following year. It involves learning how to think, act, and thrive in a digital world in a way that is sustainable over time. Each nation will need its own approach, and each will need to consider the demographics of its citizens, its level of tech maturity, and the makeup of its economy to develop its own upskilling solution. A territory with a developed economy, an aging population, and a strong service sector will have different priorities than a region with a developing, mostly rural economy and a population in which most people are under 30.
How to create data literacy: 3 keys
A data literacy program creates associate development opportunities. Say you take three classes in Portuguese and you learn the vocabulary and the basic rules of grammar. You gain an appreciation for the language, you can read it, and you can make basic sense out of what others are communicating. To this end, we offer classes to help Red Hat associates develop their data literacy skills in a way that’s appropriate based on their role in the organization. Whether they are just starting their data literacy journey, are data practitioners, or are data leaders/advocates, everyone can grow their skills. Not everyone will have the same end goal but everyone can learn from seeing real data stories of business value gained. For example, we have courses ranging from “The Power of Data Visualization” to “Data Storytelling.” This is a great start, but who hasn’t taken a class and walked out the door (or logged off) with the best of intentions but no real plan for using the new knowledge. What happens? You never really feel confident in speaking the language.
Add Augmented Analytics to Your Business Data Practices
As we've said, the best endorsement of our instructions for adding augmented analytics into your business's data strategy is the independent feedback of our peers. In a survey of G2 Crowd reviewers, 75 percent of those surveyed favored Oracle Analytics for "Predictive Analytics Feature Satisfaction" compared to 68 percent who either favored Microsoft Power BI or Tableau desktop products. Similarly, when asked about services, 78 percent of survey respondents put Oracle at the top of the list of vendors whom they felt satisfied their needs for Big Data Features. Contrast that with Microsoft and Tableau, which scored 76 percent and 73 percent respectively. By connecting with big data sources such as those that leverage Hadoop, users can analyze unstructured data like text, videos, and image data sets, among others. This enables businesses to monitor and dig insights out of nontraditional data sets—like social media posts, emails, or IoT sensors, to name a few—that provide streaming data. Not only do these advanced features provide previously undiscovered insights, they offer relief to organizations that are not able to hire large teams of data analysts through true self-service functionality delivered by natural language.
Improving digital quotient through digital skilling
When building teams for any end-to-end process, skills for any particular role typically look a lot different. A system admin may need to know a lot more about development, a developer may need to know about user experience, and a business executive may need to know about cloud computing. The skills to support a digital enterprise are comprised of these new skills along with foundational literacies and character qualities. Improving a firm’s digital quotient means supporting staff who do not see themselves as living inside of silos. New talent should see themselves as working across departments, continuously stay abreast of latest disruptions in the landscape to engage with their counterparts effectively. ... Fear is the biggest threat to the digital quotient. While the agenda for digital quotient is far too large to be implemented all at once, it is also far too important not to be pursued. When digital quotients rise, so does business performance, in both technology-focused and traditional business firms.
Quote for the day:
"Remember teamwork begins by building trust. And the only way to do that is to overcome our need for invulnerability." -- Patrick Lencioni
