Go to Source
In the first part of our overall look at 2018 predictions, we determined six of the top 11 trends that were predicted for this year. In this second installment we will look at the remaining five overall topics that are expected to shake cybersecurity in 2018.
The Internet of Things (IoT) may be the most affected sector by the Meltdown and Spectre bugs, but it’s the legislation that many determine will be the biggest game changer. Gary Hayslip, chief information security officer of Webroot, said: “Legislation will require IoT manufacturers to be responsible for producing products without known defects.”
It is also predicted that the power of IoT will be felt by businesses in a repeat of the Mirai botnet activity. Paul Barnes, senior director product strategy at Webroot, predicted a mass IoT breach spanning consumers and businesses, but this time with little ability to remediate based on the attack disabling hardware and demanding a ransom payment.
Also, the growing commercial utilization of IoT systems will mean that the value of breaching and controlling these types of systems is increasing for attackers, says Greg Day from Palo Alto Networks.
Criminals Become More Sophisticated
The advancement of cyber-criminal skills has been predicted year on year, and apart from the unsophisticated nature of WannaCry, this has proved to be true. According to ZeroFox: “Artificial intelligence will lead to more sophisticated cyber-attacks and render basic protection methods obsolete” while Lastline said that in 2018, we can expect to see a dramatic increase in sophistication among cyber-criminals as they leverage AI and ML-powered hacking kits built from tools that criminals leaked or stole from state-sponsored intelligence agencies.
Adam Hunt, chief data scientist at RiskIQ, said: “Threat actors will increase their adoption of adversarial machine learning to evade detection by infrequently trained machine learning models. Machine learning models will need to evolve quickly to keep up with these threats by incorporating instance-based approaches.”
Social Media Takeovers
Following on from the advancement of cyber-criminals, in 2018 there will be an easier ‘way in’ for attackers thanks to social media. According to Airbus CyberSecurity, social media can be used for sophisticated social engineering and reconnaissance activities which form the basis of many attacks on the enterprise.
Markus Braendle, head of the Airbus CyberSecurity business, said that from an attacker’s perspective, social media has become an easy target because of the number of non-cybersecurity savvy users, and the fact that these platforms are both easy and cost effective to use.
Melbourne-based smart car software app developer and IoT services provider, Connexion Media (ASX: CXZ), has spent about $5 million on acquiring an IT services company called the Security Shift Group (SSG).
The acquisition will be funded through internal cash reserves, vendor scrip, debt finance and future earnings involving an upfront $1.8 million investment from Connexion in SSG shares; payment of $1.19 million via the issue of new shares in Connexion to SSG shareholders and a payment of up to $2 million via new Connexion shares, subject to earn out conditions.
SSG shareholders, Chris Wright and Mark Culhane will stay on, with Wright joining Connexion’s board and Culhane taking charge of the CIO post.
SSG dabbles in a range of services including cyber security; cloud; IT governance, risk and compliance; and end-to-end design, development, deployment and operations services. Some of the large scale and complex web facing systems it has worked on includes The Numbering Registry on behalf of the Australian Communications and Media Authority; The Renewable Energy Certificate Registry on behalf of the Australian Government’s Clean Energy Regulator and various domain name registry systems for countries including Australia, UAE, Qatar and Oman.
According to a statement on the ASX, SSG has a current run rate EBIT of $972,300 per annum with about $400,000 cash on hand and will be acquired with no debts.
The acquisition sees Connexion achieve a few strategic objectives, including balancing the revenue portfolio with its General Motors contract; refurbishing the executive team with skills in delivering large technology projects; and it adds two cloud platforms that are designed to meet Defense Signals Directorate Protected requirements.
Connexion executive director, David Connolly, said the company had undergone a remarkable 12 months of transformation in its ability to reduce cash burn to sustainable levels; extinguish substantial debts and support the team to achieve revenues.
“With the inclusion of SSG, we now have put together a financially stable and proven team,” he said.
The acquisition is set to be finalised on 31 March.
The total number of data records lost or stolen since 2013 is 9.19 billion and counting. Drilling deeper, we experience approximately five million records lost every day, or 59 records every second.
These incredibly threatening statistics have been on an upward trend year after year. They serve as validation of the worrisome threat landscape organizations endure. While these numbers alone act as a strong driver to improve cybersecurity posture, compliance requirements compound this by presenting looming consequences for entities with poor cybersecuritypractices.
As organizations and government entities across the globe struggle to maintain confidentiality, integrity and availability of their systems and data, they are now facing a continuous flow of new and updated regulations and standards designed to enforce the implementation of appropriate levels of privacy and security controls by entities of all sizes, across industries.
With major breaches like Equifax (143 million records) and major regulatory changes like those presented by the European General Data Protection Regulation (GDPR), organizations across the globe must prepare and enforce cybersecurity diligence as 2018 is upon us. These are the factors:
Over the course of December and into the New Year, my inbox fills up with predictions for what 2018 will bring cybersecurity.
At the end of 2016 we assessed a whole host of industry predictions and determined 12 topicsthat would dictate 2017: skills gap, ransomware, poor routine IT practices, political disruption, CIO activities, social media attacks, AI, advanced cyber-criminals, GDPR, a cloud vendor compromise and better security collaboration.
Most of that came true, although the predictions on ransomware came nowhere close to the impact that WannaCry and NotPetya would come to have. So with an inbox bursting with predictions for 2018, I triaged all of the comments into 11 themes. In no particular order, here are the first six:
It is no surprise that this features so highly after 2017’s headlines. In terms of evolution, it was predicted that after the mass distribution we would see more targeted attempts, with Eric Klonowski, senior advanced threat research analyst at Webroot, predicting the first health-related ransomware targeting devices like pacemakers. “Instead of ransom to get your data back, it will be ransom to save your life.”
As well as being more targeted, predictions from Trend Micro were that attackers “will run digital extortion campaigns and use ransomware to threaten non-GDPR compliant companies”, while Imperva predicted that extortion-enabled disruption will intensify this year, “manifesting in disabled networks, internal network denials of service, and crashing email services”.
Breaches Get Worse
Instances of data loss at Uber, Equifax and other companies will not end in 2017, and Tyler Moffitt, senior threat research analyst at Webroot, predicted at least three separate breaches of at least 100 million accounts, while Imperva said that with the take-up of cloud computing, we’ll see massive cloud data breaches.
Viktors Engelbrehts, director of threat intelligence at eSentire, added: “Politically motivated and espionage cyber-attacks against the critical infrastructure industry will continue to increase. There is also the potential for loss of human life as a result of targeted cyber-attacks, especially in the healthcare sector.”
Apple’s Siri is still sassy, smart and periodically helpful.
However, the hell does it truly do the job?
“voice-recognition” is exactly what Siri does, however, those phrases do not disclose the method by which the device actually captures your voice words directly once you state, “send out an email into John: Proceed for yourself a shave, ” Linux Lover.”
The noises of one’s address proved instantly encoded to some streamlined digital variant that keeps its own information.
The sign by the connected mobile had been uninstalled wirelessly via a closeby mobile tower and also by way of a streak of property lines right back into a websites Provider at which it subsequently hauled having a waiter at the cloud, even filled using a succession of variations hardwired to understand speech.
Concurrently, your address has been assessed everywhere, in your own apparatus. Even a recognizer put in onto your own mobile communicates together with this machine at the cloud to automatically judge if the control could be managed everywhere — including like you’d questioned it to engage in with a song in your own cellphone — even whether it has to join into this system for additional aid. (When the neighborhood recognizer deems its version adequate to procedure the address, it informs the waiter at the cloud it’s no longer desired: “Thanks greatly, we are okay.”)
The host contrasts your address contrary to a statistical design to quote, depending on the noises that you talked and also the sequence in that you talked them everything characters could reflect. (In an identical period, the neighborhood recognizer contrasts your address to an abridged edition of this statistical version.) For equally, the highest-probability quotes receive the go-ahead.
Primarily based on these sorts of remarks, your address — currently known being a succession of vowels and consonants — will be subsequently explained to you a speech version, that quotes that the language your address is included of. Granted a decent amount of self-confidence, the pc then makes an applicant listing of requirements to get that which precisely the succession of phrases on your address could mean.
When there’s sufficient confidence in this outcome, also there’s clearly was that the pc determines your goal will be always to send out an SMS, ” Erica Olssen can be your own addressee (and her get hold of information needs to be hauled away from the cell phone’s contact record) along with the others would be your own real note for her along with your text-message looks onscreen, zero hands-free essential. If an address is overly ambiguous at any position throughout the method, the personal computers will probably increase for you personally, an individual: Does one believe Erica Olssen or Erica Schmidt?
Cyber Security Challenge UK today announced the appointment of a new chief executive following the death of former CEO Stephanie Daman, who passed away in June last year after a long battle with cancer.
Colin Lobley, who came through a thorough selection process of over 70 candidates, will now take up the role, joining from DXC Technology’s (formerly Hewlett Packard Enterprise), Security Services division where he was general manager, UK, Ireland, Middle East. Lobley will bring with him expertise in working with both public and private sector organizations.
“There are lots of exciting possibilities to diversify and expand this national initiative, so we can enhance the positive impact we have on the UK’s cyber resilience,” he said. “It would be fantastic if we could achieve such a utopian vision as having eradicated all security weaknesses in the cyber world…but realistically, if I go home every day knowing I have done something, directly or indirectly, to encourage people into the field of cyber, to enhance the knowledge of those in or entering the field, or to educate someone about cybersecurity and start to close those gaps; I’ll be happy.”
That’s exactly why I am delighted to be joining the fantastic, passionate team at Cyber Security Challenge UK, Lobley added, helping to make a real difference and building upon the wonderful efforts of the late Stephanie Daman.
“I fully believe that the UK cyber industry can go from strength to strength to become ever more prominent on the world stage,” he continued. “But to achieve this, it is essential that we nurture new talent, so we can meet the evolving market demands.”
Dr Robert Nowill, chairman of Cyber Security Challenge UK, said: “With his background, Colin fits the role very well as we forge the way ahead for our organization; developing our offering further whilst scaling up what we do to seek out as much new talent and staying as inclusive as possible. The Board and I also are extremely grateful for the work Nigel Harrison has done as Acting CEO for much of last year. We are pleased that Nigel continues as an Executive Director of The Challenge to help drive this exciting future.”
Any sufficiently advanced technology is equivalent to magic. – Arthur C. Clarke (Author)
Here’s my selection of ‘TED Talks on technology you shouldn’t miss’. Be stirred, inspired and tech-ready for the future.
1) The future is here. In this talk, Jordan Duffy, a serial entrepreneur and technology innovation expert, explores how the internet of things is changing our lives in ways we don’t even recognise.
Jordan Duffy is a serial entrepreneur, technology innovation expert and, at the age of 21, co-owns Buckham & Duffy, an innovation and rapid development firm with 18 employees. Jordan’s passion for technology and business started at home assembling computers, and his entrepreneurial journey started at age 14 with business partner Alex Buckham. Alex and Jordan have been growing businesses for eight years. Business aside, Jordan is an avid self-educator and driven change maker. He has seen 15 countries, battled cancer and chronic pain, and played drums on the Great Wall of China in the 2008 Olympic Orchestra.
2) A handful of people working at a handful of tech companies steer the thoughts of billions of people every day, says design thinker Tristan Harris.
From Facebook notifications to Snapstreaks to YouTube autoplays, they’re all competing for one thing: your attention. Harris shares how these companies prey on our psychology for their own profit and calls for a design renaissance in which our tech instead encourages us to live out the timeline we want.
3) When you hear the word “drone,” you probably think of something either very useful or very scary. But could they have aesthetic value?
Autonomous systems expert Raffaello D’Andrea develops flying machines, and his latest projects are pushing the boundaries of autonomous flight — from a flying wing that can hover and recover from disturbance to an eight-propeller craft that’s ambivalent to orientation … to a swarm of tiny coordinated micro-quadcopters. Prepare to be dazzled by a dreamy, swirling array of flying machines as they dance like fireflies above the TED stage.
4) As we expect more from technology, do we expect less from each other?
Sherry Turkle studies how our devices and online personas are redefining human connection and communication — and asks us to think deeply about the new kinds of connection we want to have.
Facebook took 3.5 years to acquire 50 million customers, Whatsapp took 15 months, Angry Birds took 15 days.
By 2025, 2 billion people will have their first banking experience on their smart phone. 80% of these people will never walk in a bank branch.
Disruption across various industries and in different ways and as an island nation could this be an opportunity?
VIDIA MOONEEGAN is considered a pioneer of the Mauritius IT-BPO industry. He is the Senior Vice President and Managing Director of Ceridian, a cloud Human Capital Management software and services company. He is responsible for the Mauritius operations which employs some 800 associates. Vidia’s experience includes engaging partners globally to provide sourcing solutions. He has served as President of the outsourcing association of Mauritius and is a council member of Business Mauritius. His has worked for TNT Business Solutions, Schlumberger Oilfield Services and Arthur Andersen, UK.
The U.S. Department of Homeland Security (DHS) describes biometrics as being “unique physical characteristics” that can be utilized for “automated recognition.” Think fingerprints, iris scans and voice recognition.
The applications of biometrics are diverse and wide ranging. Today, we can unlock our smartphones with our fingerprints and use our voices to gain access to sensitive information, such as our banking details.
For its part, the DHS says it uses biometrics to, among other things, “detect and prevent illegal entry into the U.S.” and enforce federal laws.
In the European Union, the General Data Protection Regulation will apply from May this year. It will update the 1995 Data Protection Directive, which was introduced at a time when the digital age was in its infancy, and will impact both citizens and businesses.
Among other things, the GDPR will boost people’s right to be forgotten and guarantee free, easy access to their personal data. Organizations and businesses will also have to inform people about data breaches that could negatively impact them, and do this “without undue delay.” Relevant data protection supervisory authorities will also need to be told of any breaches.
At this point, we’ve heard over and over about how big the Internet of Things (IoT) will be – estimates range up to 200 billion devices by 2020 (Source: Intel). That’s a lot of things we need to connect. Many of these devices will be in an enterprise setting with McKinsey estimating 70 percent of value to be captured by business-to-business applications like monitoring a gas pipeline, tracking building energy use, or measuring soil moisture on a farm – not the cool smart home gadgets like thermostats and refrigerators.
To reach these heady forecasts, there are a variety of challenges to overcome – one of which is how to provision and bring online all these new devices. The process of provisioning involves getting each device configured to send data to the right place and authenticate it on the network. This establishes a trusted identity for each device, be it a laptop, database, tiny sensor, or any other data producing or receiving node.
Provisioning is difficult and time consuming at large scale. We can all agree that typing in security tokens, configuring connectivity and installing firmware for tens of thousands of sensors on farms owned by a commercial grower will cost a lot and take a long time! Let’s look at how devices are configured and brought online now, and how we might be able to simplify and speed up this process in the future.
Embedded hardware for makers
For the makers community that works with raw embedded hardware like Raspberry Pis, Arduinos and BeagleBones, there’s a bit of manual work involved in getting data from a sensor to the cloud using an IoT platform. At a high level, the process includes:
Of course, this list is very simplified and inevitable troubleshooting will be required as each step has myriad possibilities – choose from many platforms, OSs, network protocols, etc. It’s easy to see why these do-it-yourself projects take a lot of tinkering, but this process isn’t meant to be scalable.
Most of us are more familiar with the process of getting a consumer product up and running. This generally involves downloading an app and going through a setup wizard. Setting up an Amazon Echo, for example, requires this process and is fairly painless as long as you’re only doing it once. Consumer products have actually done a really good job simplifying this process and making it as easy and fail-proof as possible, but a single uniform product connecting over WiFi only and not interacting with devices from other vendors is a bit simpler than what most IoT implementations will be looking for.