Today's Tech Digest - Nov 13, 2019

Best Strategies For Data Security And Compliance

Assessing which obligations apply to your organisation can be arduous but it’s a vital process when considering the consequences of non-compliance. On balance, the costs incurred to establish the necessary policies, acquire the relevant applications, and hire the right staff are far outweighed by the huge costs which come from failing to comply. The value of adequate preparation is even higher for those industries held accountable to the most stringent regulation. In particular, financial services, healthcare and public sector organisations are key targets for cybercriminals due to the ‘sensitive’ data they handle. Companies operating in these sectors must be even more focused on boosting collaboration between security, privacy and compliance teams to ensure the appropriate privacy and security policy-setting and monitoring has taken place. Organisations can avoid major fines and hits to their bottom line caused by reputation damage and lack of customer trust if they adhere to the data privacy and security regulations that apply to their data. The costs of proactively protecting an organisation against bad actors will very likely save a lot of money in the long run.

PCI DSS payment security compliance drops again

“After witnessing a gradual increase in compliance from 2010 to 2016, we are now seeing a worrying downward trend and increasing geographical differences,” said Rodolphe Simonetti, global managing director for security consulting at Verizon. “We see an increasing number of organisations unable to obtain and maintain the required compliance for PCI DSS, which has a direct impact on the security of their customers’ payment data. With the latest version of the PCI DSS standard 4.0 launching soon, businesses have an opportunity to turn this trend around by rethinking how they implement and structure their compliance programmes.” Verizon’s report also incorporated data from its in-house Threat Research Advisory Centre (VTRAC), which found that compliance programmes lacking the proper controls to protect data were completely unsustainable and far more likely to be hit by a cyber attack. 

China Said It’s Developing 6G. What Does That Mean?

Though the United States has not launched its own assertive statement about 6G endeavors, critical research on the next generation of wireless technology is already happening at academic institutions across the country. Professor in the Bradley Department of Electrical and Computer Engineering at Virginia Tech Walid Saad and his team are already exploring the future of 6G wireless communication systems—with funding from the United States’ government. â€œFrom my perspective, this announcement doesn’t worry me—it actually corroborates that we are doing the right thing in doing this research. From an academic perspective, it’s also nice to see, whether it’s China or other countries working on similar topics, because we can have collaboration and the exchange of ideas,” Saad said. “So it doesn’t feel threatening at all from an academic perspective, it’s more like ‘that’s nice, let’s see more activity happening.”

7 Ways to Make Test Automation Effective in Agile Development

One of the main reasons behind not achieving desired results in agile testing with automation is that agile development is all about continuous delivery with a number of short iterations in a development and deployment pipeline. Because of which QA teams often get to run short and frequent regression testing sprints as well. Small testing cycles means that it has now become more complicated for the testers to find, fix, and test the products of each iteration. Thus, it is essential to allocate enough time for testing, automation testing as well. The first step in reducing the test times is to start executing parallel testing, i.e., running multiple test threads at the same time. Parallel testing will not only improve the automation process, but it will also improve the team’s productivity. It will even allow your testers to invest time in more exploratory testing and actually debugging the issues there are. Another vital factor to consider is building robust tests. Testers need to develop quality test scripts that can be integrated with regression testing easily.

How much does it cost to launch a cyberattack

The low cost of entry, relative ease with which attacks can be deployed, and the high returns means the potential pool of threat actors isn’t limited by technical skill level. “If we look at the barrier to entry three years ago versus the barriers to entry now, a lot of these very focused services really didn't exist or were just starting to kind of really come into the market,” says Keith Brogan, managed threat services leader at Deloitte Cyber Risk Services. “It really isn't that expensive or hard for cybercriminals to go out and make some money very easily. The barrier to entry is very low; you could very easily get access to these different services and enablers and really turn a profit pretty easily. You are in some cases limited by your own imagination,” Brogan adds. This low cost of doing business and high rate of return means disparity between the profit criminals make versus the cost of repairing the damage is huge, says Oliver Rochford, director of research at Tenable. With ransomware, for example, he says even with a payment rate of 0.05% the ROI is estimated to be over 500%. While estimated global revenue of cybercrime is around $1.5 trillion, Rochford says the cost of damage is thought to be upwards of $6 trillion.

Read more here ...