Today's Tech Digest
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Functional Risks: Adapt or Die
The security function within an organization is one of the most misunderstood parts of an organization and I tip my hat those that recognize the benefits of a finely tuned security function. For those in a security function, the following is not something new, but rather an affirmation that a competent, proactive security leader(s) can wear many hats in an organization in support of their objective of preventing threats to organizational assets, and moreover responding to events with the goal of minimizing the recovery time and impacts to the organizations brand and image. Beyond the multi-disciplinary responsibilities that a security leader has, they will be the person that everyone in the organization will seek guidance and direction from during a crisis.
More artificial intelligence, fewer screens: the future of computing unfolds
In the survey, 79% of executives agree that AI will help accelerate technology adoption throughout their organizations. ... The Accenture authors cite a prime example of where AI is making its first inroads into enterprise UI and UX: voice-activated systems. "Advances in natural language processing and machine learning make technology more intuitive to use, like telling virtual assistants to schedule a meeting instead of accessing scheduling software to find a time, create an event,and type the details," they state. "AI already plays a variety of roles throughout the user experience. At the simplest level, it curates content for people, like the mobile app Spotify suggesting new music based on previous listening choices. In a more significant role, AI applies machine learning to guide actions toward the best outcome."
Evolving Threat from Botnets, IoT Zombies
Today there are vibrant online marketplaces where just about anyone—even those with very limited technical knowhow—can buy tools to execute an attack. Cryptographic currencies enable untraceable digital payments, while old-fashioned economics is driving the growth of these marketplaces. Demand for services now outpaces supply, and DDoS-as-a-Service providers can bring in more than $100,000 annually. Purchasing an attack can be surprisingly inexpensive. On the Clearnet, for as little as $19.99 a month, an attacker can run 20-minute bursts for 30 days utilizing a number of attack vectors like DNS, SNMP, SYN and slow GET/POST application-layer DoS attacks. All an attacker has to do is create an account, select a plan, pay in Bitcoin and access the attack hub to target the victim by port, time and method.
A damaging spring of internet worms and poor performance
In what threatens to become an unpleasant trend, uninsured disruptions and other business fallout from these attacks are increasingly cited as key factors in disappointing earnings reports. Cybersecurity is becoming a ratings boon for CNBC and other media outlets that report on stock markets and financials. More than a few security professionals are feeling the heat, however, as the industry is forced to take a closer look at the up-leveling of age-old deployment methods, like spear-phishing emails and internet worms, which don't require human interaction to spread. What else could go wrong? Plenty. With HTTPS deployments on the rise, researchers from top universities and technology companies like Google have joined forces to document growing concerns about the risks associated with traditional man-in-the-middle defenses using Transport Layer Security (TLS) interception.
Disinformation as a service? DaaS not good!
The computer-enhanced disinformation campaigns launched by Russia and others are fairly crude, and the effort to cover their tracks limited. The future of disinformation is likely to be much more sophisticated and harder to defend against. Disinformation is rapidly going multimedia, for example. Advances in A.I. and CGI will enable convincing audio and video that can make it appear that anyone is saying or doing anything. University of Washington researchers used A.I. to create a fake videoshowing former president Barack Obama saying things he never actually said. And Stanford researchers developed something they call Face2Face, which creates real-time faked video, so basically anybody can be shown to say anything in a live video chat. These techniques aren't perfect. But given time and better technology, they will be.