Today's Tech Digest - Sep 28, 2019

5G and IoT: How to Approach the Security Implications

The first thing is an IoT bot. The botnet nodes, they actually spend most of their time scanning the network looking for other victims. That’s their primary, the primary thing that they do. And because of that these botnets naturally increase in size over time. Eventually once they’ve covered all the devices available, again, the botnet sizes are sort of self-limiting. And that’s a thing to bear in mind when we start talking about the 5G thing. Because in the future with 5G, the number of IoT devices is going to increase exponentially and so the size of these potential botnets is going to be quite, quite incredible. That’s one thing to bear in mind. When an IoT bot finds a new victim, it responds back to its command-and-control server. And then they go ahead and infect that new device that’s been detected. And that device will then become a member of the bot. And the botnet gets larger and it continues to scan. One of the key things here is that in order to be infected, the device has to be visible from the internet, visible from the existing botnet members.

Can Blockchain Become More Accessible?

Much like any disruptive technology, blockchain has a diversity problem which further limits accessibility. For the most part, blockchain expertise is confined to the financial and technological industries and the affluent white men that dominate them. Services from Amazon, IBM, Microsoft and Oracle may bolster blockchain use, but they don’t solve this fundamental issue. Tech education startup Maiden aims to make blockchain more accessible by teaching members of traditionally underrepresented groups about transactions, smart contracts, and other applications of the technology. Ultimately, if blockchain products are created by groups that genuinely represent society, they will impact more people and break down educational barriers. Big businesses with tech expertise are making it possible for more organisations to benefit from blockchain with hosted platforms and BaaS. However, without more effort given to education and understanding, companies will continue to shy away from distributed ledger technology.

More Data Doesn’t Guarantee That Analytics Will Deliver Digital Transformation

We often overlook the presence of disconnected and fragmented data silos – making it impossible to paint a complete picture of the business because different segments linger in detached states or isolated buckets. Left disintegrated, these data buckets rust in data warehouses and lakes – unless they evolve into cohesive and compatible building blocks that form the foundation of an intelligent enterprise. ... Having more data doesn’t do much good if we aren’t asking the right business questions or don’t understand the assumptions behind them. Through critical thinking, we need to carefully examine evidence based on what’s relevant to the question before reaching any conclusions or making any decisions. That starts by asking questions, which is a prerequisite for asking the right questions. The process of creating value with data begins and ends with business leaders who promote a culture of data-driven decision-making. When it’s absent, we lose direction and guidance and cannot make a significant impact.

GDPR: Only one in three businesses are compliant – here's what is holding them back

"For many organisations, the true size of the GDPR challenge only became apparent as they began the initial projects to identify the applicable data that they held. As a result, only the most focused organisations had completed their GDPR readiness by the time the legislation came into force," Chris Cooper, head of cybersecurity practice at Capgemini, told ZDNet. Businesses that aren't yet compliant with privacy legislation point to a number of obstacles that prevent them from being so. Chief among those is legacy IT systems, with 38% of those surveyed suggesting that their current IT landscape isn't aligned to the complexities of GDPR. Meanwhile, 36% believe the requirements of GDPR are too complex and require a lot of general effort to implement, while one third of respondents say that the financial costs of achieving alignment with GDPR are too prohibitive. Not only are businesses that remain non-compliant putting themselves at risk of falling victim to a data breach and the financial and reputational damage that could create – alongside the financial cost of a regulator fine – they're also holding themselves back from the benefits that compliance can bring.

New SIM card attack disclosed, similar to Simjacker

This new attack, named WIBattack, is identical to Simjacker, an attack disclosed at the start of the month by mobile security firm AdaptiveMobile. Both attacks work in the same way, and they grant access to similar commands, with the exception that they target different apps running on the SIM cards. Mainly, Simjacker runs commands against the S@T Browser app, while WIBattack sends commands to the Wireless Internet Browser (WIB) app. Both are Java applets that mobile telcos install on SIM cards they provide to their customers. The purpose of these apps is to allow remote management for customer devices and their mobile subscriptions. In a report released earlier this month, AdaptiveMobile said it discovered that a "private company that works with governments" was using rogue commands sent to S@T Browser apps running on SIM cards to track individuals. In a report published last weekend, security researchers from Ginno Security Labs said that the WIB app was also vulnerable to similar attacks, although they were not aware of any attacks.

Read more here ...