#Gartner: Artificial intelligence, algorithms and smart software at the heart of big network changes

Gartner says CIOs will participate in the building of a new digital platform with intelligence at the center.

Artificial intelligence, machine learning and advanced algorithms are at the heart of an emerging digital world.

That was one of the chiefs components of Gartner’s Peter Sondergaard, senior vice president and global head of Research opening remarks at today’s Gartner Symposium/ITxpo show in Orlando.


“CIOs will participate in the building of a new digital platform with intelligence at the center,” Sondergaard said told a crowd of more than 8,000 CIOs and IT leaders. “The new competitive differentiator is understanding the customer’s intent through advanced algorithms and artificial intelligence. Creating new experiences that solve problems customers didn’t realize they had.”

Gartner says “advanced machine learning algorithms are composed of many technologies (such as deep learning, neural networks and natural-language processing), used in unsupervised and supervised learning, that operate guided by lessons from existing information.”

Advanced machine learning not only enables a smart machine to understand concepts in the environment, but enables it to learn. Through machine learning, a smart machine can change its future behavior. For example, by analyzing vast databases of medical case histories, "learning" machines can reveal previously unknown insights in treatment effectiveness. This area is evolving quickly, and organizations must assess how they can apply these technologies to gain competitive advantage, Gartner said last Fall in presenting trends for 2016.

Gartner says artificial intelligence “is technology that appears to emulate human performance typically by learning, coming to its own conclusions, appearing to understand complex content, engaging in natural dialogs with people, enhancing human cognitive performance (also known as cognitive computing) or replacing people on execution of nonroutine tasks. Applications include autonomous vehicles, automatic speech recognition and generation and detecting novel concepts and abstractions (useful for detecting potential new risks and aiding humans quickly understand very large bodies of ever changing information).”


“We are building machines that learn from experience and produce outcomes their designers did not explicitly envision. Systems that can experience and adapt to the world via the data they collect,” Sondergaard said. “Machine learning and artificial intelligence move at the speed of data, not at the speed of code releases. Information is the new code base.”

A few other salient points from Gartner’s opening session:
Gartner forecasts worldwide IT spending to total $3.4 trillion in 2016, a 0.3% decline from last year. In 2017, global IT spending is projected to grow 2.9% and reach $3.5 trillion. Analysts said this growth will be driven by the software and IT services segments. Worldwide spending on software is projected to grow 7.2%, and IT services 4.8%. Software and IT services will be key to the development of the civilization infrastructure.
Real-time analytics will outpace traditional analytics by a factor of three by 2020 to become 30% of the market.
“Machine learning and artificial intelligence move at the speed of data, not at the speed of code releases. Information is the new code base.”

Networkworld.com

Genesis mining promo code: get your 3% with: CZL5k6 

Firms Are in Denial About the #EU 's Coming Privacy Law, Survey Suggests. #GDPR

Survey says: what privacy law?

The world’s toughest privacy law will go into force in Europe 18 months from now, and so far, the strategy of many IT professionals appears to be “pretend it’s not happening.” That’s the takeaway from a survey published today by Dell that suggests most firms are unprepared for the EU’s General Data Protection Regulations.

This collection of laws (known as #GDPR) passed earlier this year, and will introduce a spate of stiff compliance measures and eye-watering penalties for companies that don’t take a series of steps to manage data. For instance, firms will have to:

• Hire a data protection officer
• Introduce “privacy by design” to their workflow
• Get explicit consent to use a wide variety of data
• Increase opt-out and data portability options

If they don’t comply, companies face a maximum fine of 20 million euros or 4% of total revenue—whichever is greater.

According to the Dell survey, which polled 821 IT professionals across the globe, 80% said they knew little or nothing about the GDPR, while 97% said their companies didn’t have a plan in place to implement the new law.

According to Michael Tweddle, a Dell executive, the survey also suggested that the IT crowd felt most confident about being able to comply with impending rules related to email security, but much less so when it came to those related to document access. (Under the GDPR, companies will have to create procedures that limit who can access shared files hosted on platforms like Dropbox or SharePoint.)

The lack of readiness described in the survey could be an ominous sign for companies, especially those outside the EU that do business with European citizens, given the recent assertiveness of privacy regulators on the continent.

Firms will, presumably, start paying more attention as the GDPR implementation date of May 2018 draws closer. And it’s a safe bet corporate legal departments are tuning into the rules, even if the operation crowd is not (law firm Allen & Overy has a good briefing here).

Finally, it will be curious to see if politicians in Europe, where the economy is still limping, will decide to flinch and water down or defer the regulations if compliance costs prove too high.

Fortune.com

#G7 FUNDAMENTAL ELEMENTS OF #CYBERSECURITY FOR THE FINANCIAL SECTOR

 Increasing in sophistication, frequency, and persistence, cyber risks are growing more dangerous and diverse, threatening to disrupt our interconnected global financial systems and the institutions that operate and support those systems. To address these risks, the below nonbinding, high-level fundamental elements are designed for financial sector private and public entities to tailor to their specific operational and threat landscape, role in the sector, and legal and regulatory requirements.

The elements serve as the building blocks upon which an entity can design and implement its cybersecurity strategy and operating framework, informed by its approach to risk management and culture. The elements also provide steps in a dynamic process through which the entity can systematically re-evaluate its cybersecurity strategy and framework as the operational and threat environment evolves. Public authorities within and across jurisdictions can use the elements as well to guide their public policy, regulatory, and supervisory efforts. Working together, informed by these elements, private and public entities and public authorities can help bolster the overall cybersecurity and resiliency of the international financial system.

Element 1: Cybersecurity Strategy and Framework.

 Establish and maintain a cybersecurity strategy and framework tailored to specific cyber risks and appropriately informed by international, national, and industry standards and guidelines.The purpose of a cybersecurity strategy and framework is to specify how to identify, manage,and reduce cyber risks effectively in an integrated and comprehensive manner. Entities in the financial sector should establish cybersecurity strategies and frameworks tailored to their nature, size, complexity, risk profile, and culture. Informed by the cyber threat and vulnerability landscape, a jurisdiction can also establish sector-wide cybersecurity strategies and frameworks that outline how cooperation occurs between entities and public authorities in the financial sector, with sectors upon which the financial sector depends, and with other relevant jurisdictions.

Element 2: Governance.

 Define and facilitate performance of roles and responsibilities for personnel implementing,
managing, and overseeing the effectiveness of the cybersecurity strategy and framework to
ensure accountability; and provide adequate resources, appropriate authority, and access to the governing authority (e.g., board of directors or senior officials at public authorities).Effective governance structures reinforce accountability by articulating clear responsibilities and lines of reporting and escalation. Effective governance also mediates competing objectives and fosters communication among operating units, information technology, risk, and controlrelated activities. Consistent with their missions and strategies, boards of directors (or similar oversight bodies for public entities or authorities) should establish the cyber risk tolerance for their entities and oversee the design, implementation, and effectiveness of related cybersecurity programs.

Element 3: Risk and Control Assessment.

 Identify functions, activities, products, and services—including interconnections, dependencies,and third parties—prioritize their relative importance, and assess their respective cyber risks.
Identify and implement controls—including systems, policies, procedures, and training—to
protect against and manage those risks within the tolerance set by the governing authority.Ideally as part of an enterprise risk management program, entities should evaluate the inherentcyber risk (or the risk absent any compensating controls) presented by the people, processes,technology, and underlying data that support each identified function, activity, product, and service. Entities should then identify and assess the existence and effectiveness of controls to protect against the identified risk to arrive at the residual cyber risk. Protection mechanisms can include avoiding or eliminating risk by not engaging in an identified activity. They can also include mitigating the risk through controls or sharing or transferring the risk. In addition to evaluating an entity’s own cyber risks from its functions, activities, products, and services, risk and control assessments should consider as appropriate any cyber risks the entity presents to others and the financial sector as a whole. Public authorities should map critical economic functions in their financial systems as part of their risk and control assessments to identify single points of failure and concentration risk. The sector’s critical economic functions range from deposit taking, lending, and payments to trading, clearing, settlement, and custody.

Element 4: Monitoring.

 Establish systematic monitoring processes to rapidly detect cyber incidents and periodically
evaluate the effectiveness of identified controls, including through network monitoring, testing, audits, and exercises.Effective monitoring helps entities adhere to established risk tolerances and timely enhance or remediate weaknesses in existing controls. Testing and auditing protocols provide essential assurance mechanisms for entities and public authorities alike. Depending on the nature of an entity and its cyber risk profile and control environment, the testing and auditing functions should be appropriately independent from the personnel responsible for implementing and managing the cybersecurity program. Through examinations, on-site and other supervisory mechanisms, comparative analysis of entities’ testing results, and joint public-private exercises, public authorities can better understand sector-wide cyber threats and vulnerabilities, as well as individual entities’ relative risk profiles and capabilities.

Element 5: Response.

Timely (a) assess the nature, scope, and impact of a cyber incident; (b) contain the incident and mitigate its impact; (c) notify internal and external stakeholders (such as law enforcement, regulators, and other public authorities, as well as shareholders, third-party service providers, and customers as appropriate); and (d) coordinate joint response activities as needed.As part of their risk and control assessments, entities should implement incident response policies and other controls to facilitate effective incident response. Among other things, these controls should clearly address decision-making responsibilities, define escalation procedures,and establish processes for communicating with internal and external stakeholders. Exercising protocols within and among entities and public authorities contributes to more effective responses. Exercising also enables entities and public authorities to identify how potential 3decisions could affect each other’s ability to maintain critical and other functions, services, and activities.

Element 6: Recovery. 

 Resume operations responsibly, while allowing for continued remediation, including by (a)
eliminating harmful remnants of the incident; (b) restoring systems and data to normal and
confirming normal state; (c) identifying and mitigating all vulnerabilities that were exploited;
(d) remediating vulnerabilities to prevent similar incidents; and (e) communicating appropriately internally and externally.Once operational stability and integrity are assured, prompt and effective recovery of operations should be based on prioritization of critical economic and other functions and in accordance with objectives set by the relevant public authorities. Maintaining trust and confidence in the financial sector significantly improves when entities and public authorities have the ability to mutually assist each other in the resumption and recovery of critical functions, processes, and activities. Therefore, before an incident occurs, establishing and testing contingency plans for essential activities and key processes, such as funding, can contribute to a faster and more effective recovery.

Element 7: Information Sharing. 

 Engage in the timely sharing of reliable, actionable cybersecurity information with internal and external stakeholders (including entities and public authorities within and outside the financial sector) on threats, vulnerabilities, incidents, and responses to enhance defenses, limit damage,increase situational awareness, and broaden learning.Sharing technical information, such as threat indicators or details on how vulnerabilities were exploited, allows entities to remain up-to-date in their defenses and learn about emerging methods used by attackers. Sharing broader insights among entities, between entities and public authorities, and among public authorities deepens collective understanding of how attackers may
exploit sector-wide vulnerabilities that could potentially disrupt critical economic functions and endanger financial stability. Given its importance, entities and public authorities should identify and address impediments to information sharing.Element 8: Continuous Learning.Review the cybersecurity strategy and framework regularly and when events warrant—including its governance, risk and control assessment, monitoring, response, recovery, and information sharing components—to address changes in cyber risks, allocate resources, identify and remediate gaps, and incorporate lessons learned.Cyber threats and vulnerabilities evolve rapidly, as do best practices and technical standards to address them. The composition of the financial sector also changes over time, as new types of entities, products, and services emerge, and third-party service providers are increasingly relied
upon. Entity-specific, as well as sector-wide, cybersecurity strategies and frameworks need
periodic review and update to adapt to changes in the threat and control environment, enhance user awareness, and to effectively deploy resources. Other sectors, such as energy and telecommunications, present external dependencies; therefore, entities and public authorities should consider developments in these sectors as part of any review process. 

Ec.europa.eu

Think changing your #Yahoo password is enough? Think again…

With the recent announcement of more than 500 million accounts impacted by a security breach, many Yahoo users have been changing their passwords. After all, that’s the official guidance. However, as ZDI’s Simon Zuckerbraun points out, a new password isn’t enough.

If you have a Yahoo account, chances are you’ve seen a notification that your account information has been stolen by attackers. You aren’t alone. According to public reports, more than half a billion accounts were impacted during a security breach in 2014. While it’s not known why it took Yahoo over 18 months to inform people, the notification from Yahoo CISO Bob Lord included the recommendation to change your password. While this is sound advice and a good first step, Zero Day Initiative (ZDI) researcher Simon Zuckerbraun found this step alone isn’t enough to protect your account.

Change your password. This should still be your first step. It should always be your first reaction after an account compromise. If you reused the compromised Yahoo password with other online services, you’ll need to change it there as well. Have trouble remembering different passwords? Try a password manager like the Trend Micro™ Password Manager. Set up two-factor authentication (2FA) or use Yahoo’s Account Key. This will make it more difficult for attackers to access your information even if your password is compromised. Just don’t expect 2FA to reset your iPhone Mail app settings. You still need to go through the website to remove a device. Review your devices and activity. Understanding which devices access your account is key to finding unusual or unauthorized activity. You should specifically look for connected apps listed on the “Recent Activity” tab, as well as check the “Account Security” tab for active application passwords.

Like many others, Simon received a notification that his account was included in the breach. Like many others, Simon logged in to his account and changed his password. He then opened his iPhone Mail application since he had configured the app to use his Yahoo account. He expected to be prompted for his new password and was more than a little surprised when he found it was not necessary. Even though he had changed the password associated with his Yahoo account, the phone was still connected.

Upon investigating, it became clear that Yahoo had issued a permanent credential to the device. This credential does not expire and is not revoked when the password changes. In other words, if someone already obtained access to your account and configured the iOS Mail app to use it, they would still have access to the account even after the password changes. What’s worse is that you would likely not even realize someone still has access to your email.

This presents a couple of different problems. First, steps beyond changing your password are not being clearly communicated from Yahoo. This could lead to a situation where millions believe they are protected even though they aren’t. Additionally, even if you are security conscious like Simon and want to review your activity and devices, it’s not easy to find. Associated devices aren’t listed under the “Account Security” tab at all. As shown in Figure 1 (below), the “Account Security” tab has no mention of associated devices.

Figure 1 – Yahoo Security Tab

 The setting actually exists under the “Recent Activity” tab (Figure 2). Here you are able to see which applications are connected to your account with an option to remove them. It’s also interesting to see the apps and devices are just listed by product name – in this case “iOS” – and the date authorized. It’s up to the user to figure out what is legitimate and what’s not.

Figure 2 – Yahoo Recent Activity Tab

Looking at the phone settings (Figure 3) is of little help. Looking at the setting shows there is no option via the app to change the password. This is likely by design. When you set up your mail account on the device, it gets permanently credentialed until the credential is revoked through the server.

Figure 3 – iPhone Mail Settings

While it’s unfortunate Yahoo’s official advice for securing a hacked Yahoo account makes no mention of checking for or removing associated apps and devices, it definitely should be on your list. In fact, your list should look something like this:

The steps users take after a breach notification often determine whether further account damage occurs. It’s unknown if the attackers will be able to decrypt stolen passwords or how they intend to use other leaked data. Regardless, if you change your password and review the associated devices, you’re less likely to be impacted. By understanding all the actions needed, you can exert some control over your account’s security.











blog.trendmicro.com

Genesis mining promo code: CZL5k6

#FBI Official Explains What To Do In A #Ransomware Attack

Feds say even basic information can advance the agency's investigation.

Businesses or consumers hit by ransomware should refuse to pay the ransom and immediately contact the FBI or file a complaint on www.ic3.gov, the federal government’s website for filing and sharing information about cybercrime, an FBI official said today.

Will Bales, supervisory special agent for the FBI’s Cyber Division, said any information, whether it’s a Bitcoin wallet address, transaction data, the hashtag of the malware, or any email correspondence, can help advance an FBI ransomware investigation.

“People have to remember that ransomware does not affect just one person or one business,” Bales said. “It will more than likely move on and affect somebody else. And for those who pay the ransom, it only encourages them to extort the next person.”

Bales was part of a panel discussion on ransomware today at the kickoff of the Federal Trade Commission’s Fall Technology Series held at the Constitution Center in Washington, DC.

FTC Chairwoman Edith Ramirez started the afternoon conference by underscoring how the threat of ransomware has increased in the past year.

Ramirez cited Justice Department data that said there have been 4,000 ransomware attacks daily since January 1, 2016 alone – a quadrupling of such attacks in just a year. In addition, PhishMe research found that 93% of phishing emails now contain some variant of ransomware.

“Ransomware attackers can access extremely sensitive personal information such as medical data, financial account numbers, and the contents of private communications, some of which may be sold on the dark web,” Ramirez said. “We are eager to expand our understanding of this growing threat … and for nearly a decade we’ve worked with other agencies and have provided guidance to consumers and businesses on how to best protect their computers and networks.”

The FTC Chairwoman also said the agency will be active in pressing cases against the attackers, pointing out that the agency has made at least 60 enforcement actions around companies not protecting consumer data. She said not protecting against ransomware may violate federal law.

The FBI’s Bales said the government has been making progress on prosecuting ransomware cases, but would give no real specifics other than to say they have been successful in working with other law enforcement agencies around the world in taking down the infrastructure of some of the ransomware criminals.

Bales indicated that there would be more news of success stories in the upcoming months.

Darkreading.com

Genesis mining promo code: get your 3% with: CZL5k6 

'Auction' of NSA Tools Sends #Security Companies Scrambling

 The leak of what purports to be a National Security Agency hacking tool kit has set the information security world atwitter — and sent major companies rushing to update their defenses.

 Experts across the world are still examining what amount to electronic lock picks. Here's what they've found so far.

WHAT'S IN THE RELEASE?

 The tool kit consists of a suite of malicious software intended to tamper with firewalls, the electronic defenses protecting computer networks. The rogue programs appear to date back to 2013 and have whimsical names like EXTRABACON or POLARSNEEZE. Three of them — JETPLOW, FEEDTROUGH and BANANAGLEE — have previously appeared in an NSA compendium of top secret cyber surveillance tools .

 The auctioneers claim the tools were stolen from the Equation Group, the name given to a powerful collective of hackers exposed by antivirus firm Kaspersky Lab in 2015. Others have linked the Equation Group to the NSA's hacking arm, although such claims are extraordinarily hard to settle with any certainty.
 The leaked tools "share a strong connection" with the Equation Group, Kaspersky said in a blog post late Tuesday. The Moscow-based company said the two used "functionally identical" encryption techniques.
 The leaked tools also appear to be powerful, according to a running analysis maintained by Richmond, Virginia-headquartered Risk Based Security. The group said several of the vulnerabilities targeted by the malware — including one affecting Cisco firewalls — were previously unknown, a sign of a sophisticated actor.
Security and networking companies scrambled to investigate the flaws exposed by the auction. Cisco Systems, Inc. issued an urgent update to its software late Wednesday. Fortinet, Inc., a Sunnyvale, California-based security company, also said it was investigating.
 Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, California, said that the news was terrible for the NSA no matter the circumstances behind the leak because companies like Cisco guard critical U.S. infrastructure.
"If the NSA discovered breach in 2013 and never told Cisco/Fortinet, this is VERY BAD," he said in a message posted to Twitter . "If they didn't know, this is VERY BAD."
The NSA has not returned repeated messages seeking comment.

WHO IS BEHIND THE LEAK?

 The documents have been leaked as part of a surreal online auction by a group calling itself "Shadow Brokers." Their madcap, Borat-like manifesto rails against the "Wealthy Elite" and the group's name appears to be a nod to the "Mass Effect" series of video games, where an elusive Shadow Broker traffics in sensitive information.
Few take the name or the manifesto at face value. Many have floated the possibility of Russian involvement, a theory that received unexpected support when NSA leaker Edward Snowden endorsed it on Twitter.

 In a series of messages , Snowden wondered aloud whether the server the data was stolen from might be linked to a U.S. attempt to influence a foreign election. That would be a politically charged development in the context of recent allegations that Russia is trying to tamper with America's presidential campaign.
The leak looks like a warning that any attempt to point the finger at Moscow over alleged electoral interference "could get messy fast," Snowden tweeted. He did not return messages seeking further comment.
Comae Technologies founder Matt Suiche said the theory of a disgruntled insider couldn't be ruled out.
In a blog post , Suiche said he'd been contacted by a former NSA hacker who pointed out that the tools leaked online normally resided on a segregated network and that the way they were named suggests the data was copied direct from the source. Suiche cautioned it was just a theory.
"We'll never know," he said in a message to AP.
Repeated emails and online messages seeking comment from the Shadow Brokers went unreturned.

HOW DOES THE AUCTION WORK?

 Shadow Brokers have already published much of the data they claim to have. The rest — "the best files" — will be released, they claim, to whoever wins the auction.
The content of the files is secret, the group said in its announcement. So too is the length of the auction, which it said would end, in its signature broken English, "when we feel is time to end."
Many dismiss the auction as a stunt.
Hopeful bidders have been invited to send bitcoins — the borderless electronic currency — but as of late Wednesday the address specified by the group had only gathered 1.72 bitcoins, or $981.
It's more than pocket change. But the group's stated goal is 1,000,000 bitcoins, or $570 million.

Nytimes.com



Genesis mining promo code CZL5k6

Why you should hurry up and preorder the Galaxy #Note7 as soon as possible

We’re nearly there, Android fans. The Galaxy Note 7 is about to be unveiled and word on the street is that Samsung will make it available for preorder right away, as soon as the keynote on Tuesday ends. That’s great news for anyone looking to upgrade to Samsung’s latest flagship phablet, even if it’s supposedly going to be Samsung’s most expensive flagship to date.

If you’re not sure whether you should spend a lot of money on a new Samsung phone, then you should know Samsung is going to bundle the Galaxy Note 7 with a few exciting items during the preorder period.

Preordering the Galaxy Note 7 will get you either a Gear VR headset, likely the new model that accommodates USB-C ports, or a 256GB micro SD card. The phone will supposedly ship with 64GB of onboard memory and microSD card support. Scoring a 256GB card from the start will get you 320GB of total storage, which is an incredible amount of space for the new phone.

It’s unclear at this time whether the Galaxy Note 7 ships with a regular microSD slot or if it’ll have a hybrid slot that would support Samsung’s newest expandable memory cards, which are even faster than the top microSD cards out there.

Unfortunately, nothing is confirmed at this point. The news comes fromSamMobile’s Faryaab Sheikh, who posted about it on Twitter late last week:

 Follow

Faryaab Sheikh @Faryaab

Samsung will be offering a choice between a free Gear VR and a 256GB microSD card to customers who pre-order the Galaxy Note 7.

10:51 PM - 29 Jul 2016

 
•  129129 Retweets
 
•  209209 likes

Famed leaker Evan Blass retweeted that message, adding credence that the rumor might be accurate. Samsung will unveil the Galaxy Note 7 during an August 2nd event in New York.

Bgr.com

Genesis mining promo code CZL5k6