Perhaps
we could look at this short list of “Best Practices” and check
off Sony's failures. Turns out there were a lot of failures.
NSA
Releases Defensive Strategies for Fighting Malware Targeting
Corporate Data
The
NSA's Information Assurance Directorate (IAD) issued a report this
month laying out best practices for combating malware designed to
steal or destroy corporate data.
The
report, entitled 'Defensive
Best Practices for Destructive Malware', seems in part aimed at
dealing with the type of data-wiping malware at the center of the
recent
attack on Sony Pictures Entertainment.
…
"Once
a malicious actor achieves privileged control of an organization's
network, the actor has the ability to steal or destroy all the data
that is on the network," report continues. "While there
may be some tools that can, in limited circumstances, prevent the
wholesale destruction of data at that point, the better defense for
both industry and government networks is to proactively prevent from
gaining that much control over the organization's network."
(Related)
Enterprises
Overly Reliant on Perimeter-based Defenses: Survey
Organizations
are increasing investment in IT security, but even after a string of
high profile data breaches in 2014, they aren't thinking beyond
perimeter-based defenses, according to the latest Ponemon Institute
survey.
The
mega-breach at Target and other retailers served as a “wake up
call” for senior managers at organizations to realize they needed
better security. About 13 percent of senior management expressed
extreme concern about their security posture before the Target breach
was publicized, according to the survey. The number rose to 55
percent after the breach.
…
The
recent attack at Sony where attackers dumped files containing
“millions of instances of Social Security numbers” is an example
of the kind of damage that can result when attackers get on the
network and the information is not properly protected.
“Organizations shouldn't be solely focusing on how to block the
attack and they need to understand how vulnerable they are if the
attackers get past the perimeter defenses,” Feinman said.
Oh,
the horror!
Facebook
was Down, Albeit Briefly
Facebook
suffered an outage of around 40 minutes on Monday night (Jan 26),
and the Internet immediately lost its head. Instagram, Tinder,
Hipchat, Pinterest and others all seemed to be suffering similar
fates at around the same time.
Lizard
Squad (the hackers who took down Xbox
Live and PSN over Christmas, and the
Malaysia Airlines website this past weekend) claimed credit for
the outage. However, Facebook
blamed itself, stating, “This was not the result of
a third-party attack but instead occurred after we introduced a
change that affected our configuration systems.”
Whoever
was ultimately to blame, the panic that ensued online shows just how
important Facebook is to many people. And for those still not
convinced by the
power of Twitter, the alternative social network proved its worth
by allowing people to vent about Facebook’s temporary downtime.
An
interesting question. Where besides Al Jazeera is it being asked?
Nathan
Freed Wessler of the ACLU writes:
Cell site simulators, secret
surveillance gear that tricks cellphones into transmitting their
identifying information and location, have become a preferred method
for law enforcement to track people’s whereabouts. Better known as
stingrays, the devices mimic legitimate cell towers and induce
cellphones in the area to transmit data to the government without
ever alerting users. Even when police are looking for a particular
suspect, the technology captures information about dozens, hundreds
or even thousands of bystanders’ phones. Walls offer no
protection, as the stingray’s signals pierce through the walls of
homes and other private spaces, revealing otherwise private details
about those inside.
Read
more Al
Jazeera America.
Police
privacy – do they see this as being treated as second class
citizens? (i.e. like everyone else?)
AP
reports:
Sheriffs are campaigning to pressure Google Inc. to turn off a
feature on its Waze traffic software that warns drivers when police
are nearby. They say one of the technology industry’s most popular
mobile apps could put officers’ lives in danger from would-be
police killers who can find where their targets are parked.
Read
more on NBC.
Imagine
the security nightmare this creates. It's hard to tackle drones and
you have no idea what their payload might be. Perhaps a giant
plastic bubble?
…
A device, possibly an unmanned aerial drone, was found on the White
House grounds during the middle of the night while President Barack
Obama and the first lady were in India, but his spokesman said Monday
that it posed no threat.
Computer
Security: “Things” are attaching to our networks far faster than
security solutions become available.
Internet
of Things Security Challenging Enterprise Networks: Survey
While
there have increasingly been many predictions about the
impact the Internet of Things (IoT) will have on organizations in
the future, it appears that the number of non-traditional
devices connected to corporate networks
is already
challenging enterprises.
According
to a study by Atomik Research and security firm Tripwire, employed
people working from home have an average of 11 IoT devices on their
home networks, and nearly one in four have connected one of these
devices to their enterprise networks. The devices run the gamut,
with printers (27 percent), routers (22 percent), video equipment (20
percent) and video gaming consoles (14 percent) the most popular.
Twenty-four percent of them admitted to connecting a personal smart
device – other than laptops and cell phones – to a corporate
network, and most said they
are only "somewhat" concerned with the security of these
devices.
I'm
trying to make this point to my Data Management students. The uses
for Big Data are limited only by your imagination. Each use suggests
reasons for gathering more data.
DOJ
spied on millions of cars to build real-time tracking database
The
Justice Department has been secretly building a massive database to
help federal law enforcement track the movements of millions of
vehicles across the U.S. in
real time, [Easy
to do, but no reason to track “millions of vehicles” all the
time. Bob] according to a report Monday in the Wall
Street Journal.
The
program is run by the Drug Enforcement Administration and tracks
license-plate information from cameras placed on highways. The
information gathered includes time, location and directional data.
…
Officials had previously admitted that they track vehicles near the
U.S. border with Mexico but had not disclosed that the program also
tracks vehicles "throughout the United States," according
to an email obtained by the Journal.
(Related)
Know your baseline to know when things change.
Startup
Uses Changes in Power Consumption to Detect Industrial Cyber Threats
Forget
signatures, heuristics and sandbox analysis. PFP
Cybersecurity, a Washington, D.C.-based cybersecurity startup, is
taking a unique approach to detecting malware and threats within the
IT supply chain as well as critical infrastructure such as industrial
control systems.
According
to the company, its anomaly-based detection technology uses changes
in the pattern of power consumption or RF radiation, in order to
detect a potential a security breach. By first creating a baseline
by reading power fluctuations of a system under normal usage, and
then through continuous
monitoring, the startup claims that it can detect threats
in milliseconds.
Does
the RIAA know about this? Should they be offering incentives to
achieve the same thing here?
Norway
Has Figured Out How To Solve The Problem Of Music Piracy
New
data from Norway reveals that music piracy has completely collapsed
in the country. Music
Business Worldwide is reporting that the country has hit upon a way
to rely on streaming to encourage residents to enjoy music legally.
…
In five years, the number of people admitting to illegally
downloading files online has gone from 80% of survey respondents to
just 4%. The survey also revealed that less than 1% of young people
in Norway said that illegal downloads were their main source of
music.
…
The
IFPI says that income from streaming sites in Norway increased
60% from 2012 to 2013, and streaming accounts for 65% of Norway's
music market. That's a big difference from other countries. The
IFPI estimates that 27% of global digital music revenue comes
from streaming services.
Streaming
services like Spotify, Tidal and WiMP are big business in Norway, and
it's these companies that the IFPI credits with reducing piracy. "We
are now offering services that are both better and more user-friendly
than illegal platforms," Thorge said.
Eventually,
Putin's approval rating will fall. Won't it?
One-Fifth
Of Russian Banks Could Collapse In 2015
The
Russian banking sector is facing an annus horribilis with as many as
20% at risk of folding as the country's economic crisis takes its
toll.
The
Center for Macroeconomic Analysis and Short-Term Forecasting
estimates that as many as 200 banks face collapse this year as a
combination of bad loans and falls in the value of the ruble punish
small- and mid-sized firms, Russian
business daily Vedomosti reports.
…
Yesterday Russia's
sovereign debt rating was downgraded to junk in a move
that is likely to raise the cost of refinancing for these companies.
To compound the problem, the move sent the ruble tumbling again to
below 67 rubles to the dollar.
(Related)
The joys of a managed economy? I thought that had been totally
debunked years ago. An article well worth reading.
When
Do Regulators Become More Important than Customers?
For
my Big Data collection. A perfect dataset for my students to run
through Gapminder?
IMF
Offers Free Access to Its Online Economic Data
“The
International Monetary Fund has launched a new platform to support
its move to free data and to improve online global statistical
dissemination. The new portal enables bulk data downloads and
introduces dynamic visualization to showcase datasets that became
available free-of-charge on January 1, 2015. The platform will help
users better query, visualize, download, and share data. The
databases include International Financial Statistics,
Balance of Payment Statistics, Government Finance
Statistics, and Direction of Trade Statistics. These
will complement other free datasets available on the new platform.
The data platform provides greater flexibility to perform dynamic
data visualizations, including across time series and countries. The
platform strengthens the narrative and analysis of any data and
allows users to customize their data experience. The IMF will run
its existing data portal located at www.elibrary-data.imf.org
alongside the new portal located at data.imf.org
in parallel for three months to help transition existing users to the
new platform. Users will be guided through the change via self-help
tools, including training materials and a new self-service online
knowledge repository with data and methodology, frequently asked
questions, and technical details.”
For
my Risk management students, but some interesting Data Visualization
too.
Global
Risks 2015 – World Economic Forum
“The
2015
edition of the Global Risks report completes a decade of
highlighting the most significant long-term risks worldwide, drawing
on the perspectives of experts and global decision-makers. Over that
time, analysis has moved from risk identification to thinking through
risk interconnections and the potentially cascading effects that
result. Taking this effort one step further, this year’s report
underscores potential causes as well as solutions to global risks.
Not only do we set out a view on 28 global risks in the report’s
traditional categories (economic, environmental, societal,
geopolitical and technological) but also we consider the drivers of
those risks in the form of 13 trends. In addition, we have selected
initiatives for addressing significant challenges, which we hope will
inspire collaboration among business, government and civil society
communities.”
For
my next Spreadsheet class. Things my students should not waste their
time replicating!
7
Fun & Weird Things You Can Create With Microsoft Excel
For
my students. Imagine what could happen if you could learn how this
worked?
How
to Become an Online Celebrity---and Get Paid for It
Some
top bloggers can rake in an income of $100,000 a year from
advertising that appears on their blog. On Twitter, an influential
name can command $100 for writing a tweet mentioning a sponsor’s
product, while a YouTube sensation can get $25,000 for making a video
that talks about an advertiser.
(Related)
Maybe my students will get rich this way...
The
App Economy Is Now 'Bigger Than Hollywood'
…
While reading a self-laudatory
Apple press release, the technology business analyst Horace
Deidu found something remarkable: The iOS App Store distributed
$10 billion to developers in 2014, which, Deidu points out, is just
about as much as Hollywood earned
off U.S. box office revenues the same year.
Working
from that data, Deidu makes a startling provocation:
Although the totals for Domestic (U.S.) Box Office are not the
complete Hollywood revenues picture, Apple’s App Store billings is
not the complete App revenue picture either. The Apps economy
includes Android and ads and service businesses and custom
development. Including
all revenues, apps are still likely to be bigger than Hollywood.
No comments:
Post a Comment