Category Archives: Big Data

Pokémon GO: The One Serious Problem Everyone Should Worry About

Posted on August 9, 2016 | Leave a comment

Pokemon_Play

Unless you’ve been living under a Snorlax, you’ve probably heard about the wildly popular new augmented reality game, Pokémon Go.

The game uses your smartphone’s camera, GPS, and position sensors to tell the game what to display and where, creating the illusion that cute little cartoon “pocket monsters” are standing in your living room, on the sidewalk outside, or in the park nearby. You grab free Pokéballs (to catch the critters, naturally) at local sites of historical interest. And businesses can purchase Pokémon “lures” as advertising to draw imaginary monsters and real fans to their physical location.

It’s a digital world overlayed over the real world, and it’s insanely popular. As of the writing of this article, reports said it had already been downloaded 7.5 million times.

But the way the phone works requires data — and lots of it — and problems have arisen with what the app collects, and what the company is doing with it.

News began to percolate that the game required full access to your Google account when you sign in.  Full access allows the app — and the company — to “see and modify nearly all information in your Google Account,” according to Google’s My Account privacy controls. It doesn’t have access to passwords or payment information, but it can read your emails, see what you’ve been searching, and more.

The company, Niantic, said the request was a mistake and has reportedly changed the access requirement in updates to the game. But the question remains: Why did so many users give a game designed for 10-year-olds full access to everything Google knows about them?

It’s just one example of a systemic problem: We give away our data far too easily.

Especially with apps, where we download something for free and want to start using it quickly, people never read the lengthy terms of service agreements they’re happily agreeing to, and don’t understand the full extent of the information they’re voluntarily giving away.

Pokémon Go, for example uses your phone’s location, your IP address, and the webpage you most recently visited before playing, all connected with your real name and account information, according to the game’s privacy policy.

It uses a Google map and your real-world GPS location to direct you to Pokémon you can catch. But that information can be misused. Already, stories are circulating of criminals targeting Pokémon players for robberies, and a man who claims he was dumped after his girlfriend discovered he was cheating by looking at his game history — and these are just people exploiting the nature of the game, not hacking anyone’s data.

Last year, music service Spotify got into trouble with an overreaching data policy that wanted to access users’ photos, contact lists, and media files. The company clarified soon after that users would have to opt-in to these features, but the damage was done.

By default, Windows 10 also came with a Big Brother-esque so-called “privacy” policy that granted Microsoft the right to read your emails, “other private communications or files in private folders,” use your bandwidth for their own purposes, and profile your computer usage. Users can opt-out of many of these Orwellian surveillance schemes, but the question is how many people will go to the trouble of doing so?

The problems I see exemplified by this most recent outrage over the Pokémon Go app — and others like it — are twofold:

First, companies are in a land-grab to collect as much data as possible about their customers against current and potential future use scenarios when it will become valuable. Most are taking the road of forcing savvy users to opt-out of this data collection, rather than allowing them to opt-in as program features require the information.

Second, and perhaps more importantly, users are blissfully ignorant about the privacy they’re giving up every time they click the “accept” button on a new app or program. As a whole, we do not educate ourselves, nor even concern ourselves with the information we’re giving away. Not until some interested computer scientist, journalist, or hacker discovers the distasteful truth is there any kind of outcry.

We need to be more educated and more cautious with our privacy unless and until companies come around to more common-sense policies and best practices when it comes to what they collect of our data and how they use it.
Know who has access to your data !!

Leave a comment

Posted in Big Data, Cyber Security, Security

Tagged ,

Closing Your IT Fire Station

Posted on August 2, 2016 | Leave a comment

How to shift your team of overloaded fire fighters to relevant business contributors

We’ve already discussed the reasons that most IT teams are overworked. But there has to be a solution, right? Not just
Fire_Businessa solution that is case-by-case, but a way to create an overall strategy to get your team out of break-fix mode and into a position as a relevant department that contributes to your organization’s business objectives.  And it’s not just about landing a bigger budget.  If you don’t know how to effectively use the money you get (however much it may be), then your organization will continue to see you as a black-hole cost center, and you’re only adding fuel to the fire. What you need is a plan – a comprehensive strategy built for making the shift from tactical to relevant.


Bluehost.com Web Hosting $3.95

So here are four steps to getting out of the IT fire business:

1. Objectively Analyze Your Internal Team
Before you decide what changes to make or what additional resources to bring in, you need to honestly determine if your team is efficient as it is.  There is likely a work overload, but in addition to that you may be exacerbating the issue with unnecessary redundancies and gaps in your internal structure.  Starting from the inside will help you with a couple of things—it might help you to get more out of the resources you currently have, and it will definitely help you discover where you actually do need more resources, which is the next step in the process.
2. Evaluate Your Needs
Once you’ve tightened the ship, so to speak, you can determine what adjustments you can make in order to help your team be more strategic in their operations.  Do you need more manpower?  Should you outsource and move to the cloud?  Is there a tool you’re missing that would automate tasks or make your processes faster?  Make a prioritized list of resources that would help you achieve departmental goals more quickly and effectively.  Put those goals into a report that you can discuss with decision makers and (this is key): tie them all back to business objectives.  Make sure that everything you’re asking for will enable your team to contribute to the overarching strategic goals of the organization.
3. Present Your Report to Decision Makers
Start by reminding them of how many tasks, projects, and activities your team actually has a hand in.  Then share the steps you’ve taken and your analysis of opportunities you would have to contribute to the organization if granted the additional resources you’re requesting.  And don’t use terms like Gig, POE, or 802.11 to explain what you need.  This is proving to your organization that you only think in a technical, tactical way.  In order to be seen as a relevant member of the overall business, you will need to speak in terms of strategy and business goals.

4. Start with One Project at a Time
Start with the next initiative your organization establishes/requests.  Instead of talking about the tactical aspects like equipment and labor, talk about why they’re making that request and how it will contribute to the objectives they’re trying to achieve.  Keep those objectives and projected outcomes handy and review them during every single solitary step of the process.  By achieving those objectives and continually discussing them (instead of just the inner workings of the technology), you are proving to the rest of the organization that you have the ability to contribute to objectives that matter to the business.

Good luck and remember be pro-active not re-active “stay out of the fire fighting business”.

Leave a comment

Posted in Big Data, Technology

Tagged

3 Challenges Overworked IT Teams Face Every Day

Posted on August 1, 2016 | Leave a comment

Over_WorkedIT teams have a lot of responsibility today— especially considering that every modern organization is so dependent on technology. For example, Gartner recommends a ratio of 250 devices to every one IT staffer, but most IT teams are working with a ratio of 2,700 to one. And that doesn’t begin to include responsibilities such as network hardware, storage, applications, or information databases. There is a way to offer relief to overworked IT teams, though. First we identify, then eradicate the issues that keep your IT team too busy to contribute to your overall strategy.

Here are 3 challenges that contribute to the overload most IT teams face and how you can prevent them:

1: The Problem: Inadequate Systems

Break-fix IT departments will never have the time they need to strategize or contribute to organizational goals. This model is really draining on IT staff. It’s impossible to create and implement a working IT strategy when your team is constantly walking in the door to broken equipment. Fixing hardware will always be the priority; but, as long as it keeps breaking, your team will never have the time it takes to become a strategic contributor to your organization.

The Fix: It’s Time to Invest in Equipment That Works

Hardware and IT equipment are real investments. A trusted technology advisor can help you build a solution based on the actual business outcomes you are trying to achieve while complementing the equipment you already have in place. While it may seem like a good idea to cut costs on the solution and equipment, it’s really not (trust us on this one). With the right hardware and properly functioning solution, your team will have the time they need to contribute to the needs of your organization.

2: The Problem: Service Escalations

An overworked and understaffed IT support center often means a lot of escalations. The constant state of feeling overwhelmed means they’re much more likely to escalate an issue at the slightest hint that it will take more than a Band-Aid. And escalations that don’t have an efficiency plan to back them up just compound the IT team’s workload. In short, they occur because of the problem and worsen the problem, making them a painful catch-22 for your team.

The Fix: Have an Escalation Plan

You have to start with a very clear definition of a trouble ticket that requires an escalation. In addition, it’s really important to have a clear escalation plan that correlates to a customer service model and is governed by your organization’s business objectives. Less experienced staff and techs should strive to handle as many tickets as possible without involving the more experienced team members. This will free them up to contribute to strategy and business decisions.


Bluehost.com Web Hosting $3.95

3: The Problem: Lack of Business Principals

Technology teams (even those in the K-12 space) are contributing to huge businesses that spend millions of dollars each year. No other faction of that “business” would run without a plan. No other department would be satisfied with employees who show up to work every day prepared to wait around for things to break. Those departments have strategies in place that align with the business outcomes the organization is looking to achieve. Why should IT be any different?
The Fix: Start Contributing to Strategy

It’s time to get out of the basement and into the boardroom. If you have key players get in on the ground floor and align all projects with the objectives of the organization, you will eliminate a lot of the work mentioned above. Your equipment and services will not only align with the overall business objectives of your organization, but you’ll have a holistic solution and quality hardware, which means it won’t break all of the time. That means fewer trouble tickets leading to fewer escalations. The best news is that you just have to start with one project. Get in on the strategy once and see how it makes your life (and the lives of your IT team) so much easier.

Leave a comment

Posted in Big Data, Technology

Tagged ,

AWS and Microsoft get FedRAMP approval for sensitive cloud data

Posted on June 27, 2016 | Leave a comment

iStock_usgovernmentcapitol25346_jpg_800x600_q96

Another day, another piece of good news for both Microsoft Azure and Amazon Web Services (AWS); the vendors are two of three companies which have been given authority by the US government for federal agencies to use them for sensitive cloud data.

Azure and AWS, alongside CSRA’s ARC-P IaaS, have been given the green light under the new FedRAMP High Baseline requirements. The full, mammoth spreadsheet documenting each guideline can be found on the FedRAMP website (XLS), but at a general level the requirements enable government bodies to put ‘high impact’ data – including data which involves the protection of life and financial ruin – in the cloud.

Chanelle Sirmons, communications lead for FedRAMP, explained in an official post: “While 80% of federal information is categorised at low and moderate impact levels, this only represents about 50% of federal IT spend. Now that FedRAMP has set the requirements for high impact levels, that breaks open the remaining 50% of the $80 billion a year the US government spends on IT that could potentially move to the cloud securely.”

“We are pleased to have achieved the FedRAMP high baseline, giving agencies a simplified path to moving their highly sensitive workloads to AWS so they can immediately begin taking advantage of the cloud’s agility and cost savings,” said Teresa Carlson, AWS VP worldwide public sector in a statement. A statement from Microsoft read: “Microsoft remains committed to delivering the most complete, trusted cloud platform to customers. This accreditation helps demonstrate our differentiated ability to support the unique needs of government agencies as they transition to the cloud.”

Amazon and Microsoft have had their clouds FedRAMP accredited since June and October 2013 respectively – back when the latter was still known as Windows Azure – while ARC-P was the first vendor to receive the federal stamp of approval in 2012. Three years on, this represents a major step forward for government use of cloud technologies.

Leave a comment

Posted in Big Data, Public Cloud, Security

Tagged ,

The IT Checklist to Prevent Data Breach

Posted on June 21, 2016 | Leave a comment

A big part of data security is the proactive prevention of data loss, theft, and security breach, and it is always better to prevent these from happening instead of mitigating attacks.

Here is an IT checklist for organizations to go over to prevent breaches from happening. This checklist does not only cover the roles and responsibilities of IT personnel but more importantly, should be known by all employees or team members that have access to critical and confidential data of the company.

Examples of these data include intellectual property such as source codes, product design documents, internal price lists, corporate data such as financial and strategic planning documents, research for mergers and acquisitions, employee information, and customer data—social security numbers, credit card information or financial statements.

Best Practices to Prevent A Data Breach

1. Ensure strict documentation on changes.

Seventy percent of companies undermine the importance of documenting changes, putting most critical IT systems at risk of security violations and downtime according to the 2015 State of IT Changes survey.

This practice ensures that visibility across the entire IT infrastructure is kept and provides a complete audit trail of system activities and changes made.

The human factor is always the most vulnerable area in security and considering thorough documentation of user activity as a solution, reduces the risk of employees’ inadvertence or negligence.

2. Identify threats.

A part of your data security’s responsibility is to be updated with the latest threats to security. This can be done by correlating application security quality with global security intelligence.

Ensure that your users are alerted for potential breach methods along with updating your software and infrastructure accordingly.

The gateway to your data is through your applications. Attackers know these are a weak link, making them look for vulnerabilities in applications that provide access to sensitive data. Testing applications for security vulnerabilities reduces the risk of a data breach.

3. Be proactive when it comes to information protection.

The main point of data security is to protect company information while the main component of data security is knowing your data and who has access to it.

Privilege abuse is hard to detect, so restricting access to the company’s most confidential and sensitive data to those who need it and monitoring those with privileges will greatly help in ensuring that data stays protected.

Data minimization and access control is also a powerful element. Users shouldn’t collect or have information that they don’t need. IT security, as part of database management, should also reduce the number of places users can retain data in the network.

Access to sensitive data can also be on an “as needed” basis, with strict documentation of access control.

4. Implement security policies strictly and consistently.

Continuous auditing of data changes, user activities, system configurations, and security policies helps ensure critical mistakes don’t happen and areas don’t become vulnerable for breaches.

5. Audit and evaluate your environment and network security policies continuously.

Analytics that is generated from audits help detect security incidents and find the cause of each violation. It also provides proof when a company needs to pass compliance audits.

Look Beyond Your IT Security Department

To help ensure breaches are prevented, one must look beyond the IT security department by going beyond and evaluating other departments.

Evaluate employee exit strategies (HR department), remote project protocol (Operations), on and off-site data storage practices such as BYOB devices, among other things. Once you have evaluated policies, establish new or better policies and procedures and set up safeguards.

You should also hold vendors and partners to the same standards. Third-party service providers need to maintain the same level of security standards and deploy the same measures in compliance with your federal regulations.

As hackers get more and more sophisticated, the best thing that companies – no matter the size – can do is mitigate risks and set-up control measures. In a virtual world where it’s possible to be untraceable, the best protection is preparation.

 

Leave a comment

Posted in Big Data, Data Breach, Hacking, Security

Tagged , ,

Microsoft sues U.S. government over data requests

Posted on April 15, 2016 | Leave a comment

Microsoft

An important case to pay attention to:

SAN FRANCISCO (Reuters) – Microsoft Corp (MSFT.O) has sued the U.S. government for the right to tell its customers when a federal agency is looking at their emails, the latest in a series of clashes over privacy between the technology industry and Washington.

The lawsuit, filed on Thursday in federal court in Seattle, argues that the government is violating the U.S. Constitution by preventing Microsoft from notifying thousands of customers about government requests for their emails and other documents.

The government’s actions contravene the Fourth Amendment, which establishes the right for people and businesses to know if the government searches or seizes their property, the suit argues, and Microsoft’s First Amendment right to free speech.

The Department of Justice is reviewing the filing, spokeswoman Emily Pierce said.

Microsoft’s suit focuses on the storage of data on remote servers, rather than locally on people’s computers, which Microsoft says has provided a new opening for the government to access electronic data.

Using the Electronic Communications Privacy Act (ECPA), the government is increasingly directing investigations at the parties that store data in the so-called cloud, Microsoft says in the lawsuit. The 30-year-old law has long drawn scrutiny from technology companies and privacy advocates who say it was written before the rise of the commercial Internet and is therefore outdated.

“People do not give up their rights when they move their private information from physical storage to the cloud,” Microsoft says in the lawsuit. It adds that the government “has exploited the transition to cloud computing as a means of expanding its power to conduct secret investigations.”

SURVEILLANCE BATTLE

The lawsuit represents the newest front in the battle between technology companies and the U.S. government over how much private businesses should assist government surveillance.

By filing the suit, Microsoft is taking a more prominent role in that battle, dominated by Apple Inc (AAPL.O) in recent months due to the government’s efforts to get the company to write software to unlock an iPhone used by one of the shooters in a December massacre in San Bernardino, California.

Apple, backed by big technology companies including Microsoft, had complained that cooperating would turn businesses into arms of the state.

“Just as Apple was the company in the last case and we stood with Apple, we expect other tech companies to stand with us,” Microsoft’s Chief Legal Officer Brad Smith said in a phone interview after the suit was filed.

One security expert questioned Microsoft’s motivation and timing. Its lawsuit was “one hundred percent motivated by business interests” and timed to capitalize on new interest in customer privacy issues spurred in part by Apple’s dispute, said D.J. Rosenthal, a former White House cyber security official in the Obama administration.

As Microsoft’s Windows and other legacy software products are losing some traction in an increasingly mobile and Internet-centric computing environment, the company’s cloud-based business is taking on more importance. Chief Executive Satya Nadella’s describes Microsoft’s efforts as “mobile first, cloud first.”

Its customers have been asking the company about government surveillance, Smith said, suggesting that the issue could hurt Microsoft’s ability to win or keep cloud customers.

In its complaint, Microsoft says over the past 18 months it has received 5,624 legal orders under the ECPA, of which 2,576 prevented Microsoft from disclosing that the government is seeking customer data through warrants, subpoenas and other requests. Most of the ECPA requests apply to individuals, not companies, and provide no fixed end date to the secrecy provision, Microsoft said.

Microsoft and other companies won the right two years ago to disclose the number of government demands for data they receive. This case goes farther, requesting that it be allowed to notify individual businesses and people that the government is seeking information about them.

Increasingly, U.S. companies are under pressure to prove they are helping protect consumer privacy. The campaign gained momentum in the wake of revelations by former government contractor Edward Snowden in 2013 that the government routinely conducted extensive phone and Internet surveillance to a much greater degree than believed.

Late last year, after Reuters reported that Microsoft had not alerted customers, including leaders of China’s Tibetan and Uigher minorities, that their email was compromised by hackers operating from China, Microsoft said publicly it would adopt a policy of telling email customers when it believed their email had been hacked by a government.

The company’s lawsuit on Thursday comes a day after a U.S. congressional panel voted unanimously to advance a package of reforms to the ECPA.

Last-minute changes to the legislation removed an obligation for the government to notify a targeted user whose communications are being sought. Instead, the bill would require disclosure of a warrant only to a service provider, which retains the right to voluntarily notify users, unless a court grants a gag order.

It is unclear if the bill will advance through the Senate and become law this year.

Separately, Microsoft is fighting a U.S. government warrant to turn over data held in a server in Ireland, which the government argues is lawful under another part of the ECPA. Microsoft argues the government needs to go through a procedure outlined in a legal-assistance treaty between the U.S. and Ireland.

Twitter Inc (TWTR.N) is fighting a separate battle in federal court in Northern California over public disclosure of government requests for information on users.

The case is Microsoft Corp v United States Department of Justice et al in the United States District Court, Western District of Washington, No. 2:16-cv-00537.

Leave a comment

Posted in Big Data, Cyber Security, eDiscovery, Forensic, Law Enforcement, Public Cloud, Security

Tagged , ,

Ponemon Institute Reports Healthcare Data Under Attack by Criminals.

Posted on April 11, 2016 | Leave a comment

Linux
Results from the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data have confirmed what many in the healthcare industry had suspected and even feared: 65% of the healthcare organizations participating in the study had experienced electronic information-based security incidents over the past two years. In addition, some 87% of third-party vendors, identified by HIPAA as Business Associates (BAs), reported a data breach in the last two years.

More disturbing is the revelation that for the first time in the history of the study, criminal attacks are the number one cause of data breaches in healthcare. The number of criminal attacks on healthcare organizations and business associates has increased 125% compared to five years ago. According to the study, more than 90% of the healthcare organizations taking part had experienced a data breach, and 40% of the respondents had experienced more than five data breaches over the past two years.

No healthcare organization, no matter its size, is impervious to these attacks. And they are certainly not immune to the side effects of a breach.

The rapid growth of data breaches in the healthcare industry is putting health information at risk at an alarming rate. Moreover, it’s expensive—for all concerned. According to the Ponemon Institute study, “…the average cost of a data breach for healthcare organizations is estimated to be more than $2.1 million…the average cost of a data breach to BAs represented in this research is more than $1 million.”

The study’s findings also reveal that 45% of the healthcare organizations surveyed reported the occurrence of a Cyberattack indicated the source of the attack was criminal, while 12% cited the work of malicious insiders. 39% of the BAs reported breaches caused by criminal attackers while 10% attributed the attacks to malicious insiders.

The study described an increase in Web-borne malware attacks, citing 78% of the healthcare organizations surveyed as having experienced security incidents caused by malware; 82% of BAs had suffered security incidents attributed to malware.

Perhaps one of the most shocking data points reported is that in spite of the increased criminal activity and the rapidly evolving threat environment, the majority of healthcare organizations indicated implementing no changes to what they’re doing or how they’re doing it. Only 40% of healthcare organizations and 39% of BAs surveyed expressed concern about cyberattacks.

Other Findings Giving Cause for Increased Cyber security Measures

Policies and Procedures in Place

The survey results clearly illustrate the reality that healthcare organizations and the BAs with whom they work need to invest more in technologies that allow them to respond quickly to data breaches. While 58% of healthcare organizations responding agreed that they have policies and procedures in place that allow them to detect a data breach quickly and efficiently, fewer than half believe they have sufficient technologies in place to do so — and only 33% were confident they have the resources needed to prevent or quickly detect a data breach. Responses of BAs participating in the survey fell along similar lines. 50% of business associates responding stated that they have the policies and procedures in place to prevent or detect a security incident, while fewer than half believe they have sufficient technologies. Lastly, only 41% of BAs stated that they have adequate resources to be able to identify and repair data breaches.

Top Concerns of Respondents

The research also revealed interesting insights relating to the top concerns of survey respondents. While the number of criminal attacks on healthcare organizations and business associates has increased 125% compared to five years ago (and 45% of the organizations surveyed traced data breaches to criminal activity) only 40% of the respondents were most concerned about Cyberattacks as a security threat. BAs were even less immediately worried with only 35% citing Cyberattacks as a top concern. Here’s an overview of what they reported being most concerned about:

Source: The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data

The security threats BAs worry about most:

Source: The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data

How Attacks Are Discovered

Among other key findings detailed in the Poneman report are the statistics relating to how health organizations have uncovered the security attacks. 69% learned of a data breach through an audit or assessment, while 44 % were discovered by an employee. 30% of data breaches were reported by patients, 23% were uncovered accidentally, and 18%came from a legal complaint. Law enforcement was responsible for 6 % of the discoveries and loss prevention teams for 5%.

Source: The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data  

Business associates reported different statistics, with 60% of data breaches reported as being uncovered by employees and 49% discovered as a result of audit or assessment. BAs said 33% were found accidentally, 21% through a legal complaint, 17% from a patient complaint, 13% from loss prevention teams, and 12% by law enforcement.

Source: The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data

Conclusion

The findings of the Ponemon Institute survey paint an alarming picture: the healthcare industry, which manages vast amounts of personal data, is under attack by criminal elements and jeopardized by employee negligence, as well as the actions of malicious insiders. The number of data breaches is growing exponentially, and both healthcare organizations, and the business associates who serve them lack sufficient technologies, resources, and processes to ensure data is kept secure.

The report details a slow but steady increase in technologies used by both healthcare organizations and their business associates to detect and mitigate the impact of cybersecurity threats, but concludes that the pace of the investments in both technologies and security expertise is not sufficient at this time.

In conclusion, the Ponemon Institute calls for intensive employee training and awareness programs, ramped up investments in technologies and security expertise, and a broad application of innovative solutions to the industry to improve the current status of the privacy and security of the nation’s healthcare data.

 

Leave a comment

Posted in Big Data, Cyber Security, Data Breach, Encryption, Healthcare

Tagged , ,

3 Easy Techniques to Protect Your Data

Posted on March 11, 2016 | Leave a comment

Data_LockSome of the best firms use very simple techniques to protect their companies’ information. These techniques can be very efficient with not only securing company data but also your employee’s personal information as well. These may take some time and resources to set up initially, but you will thank yourself down the road.

First you want to implement some sort of yearly or bi-yearly security training program. Something interactive that will keep them involved and teach them the basics of security in the office. Using game-ology or animation in this training will insure that the information sticks with the employees. Not only will you remain compliant with a yearly security training program but you can insure awareness around the main cause of information leaks and breaches; humans.

Once this program is in place, you want to put it to the test. One of the best ways is to create a phishing campaign. This entails you sending out a fake email from a fake address with a false, clickable link that will record the number of users that click on this link. You can set up this campaign to log information like, clicks, openings of emails and even going as far as viewing the users that clicked the link then filled out an informational form about themselves. A phishing campaign is not to be used as a form of punishment but a teaching point about what “exactly” to look for in a phishing email.

Lastly is a step you should take into your own hands as a security professional. Utilize a tool like bit locker and/or Digital Guardian to monitoring what your employees are doing on the internet and help prepare for the worse situations. Having timely backups on all saved information is a plus incase you need to roll back changes on someone’s machine due to a malicious link that was accidently clicked.

Overall the best options, no matter how you do it, is to educate the people that handle sensitive information on best practices and then create assurances around them to protect in case of an accident. Remember in this industry it is not “if” but “when” a security event will take place.

Leave a comment

Posted in Big Data, Cyber Security, Data Breach, Encryption, Hacking, Security

Tagged ,

U.S. military spending millions to make cyborgs a reality

Posted on March 8, 2016 | Leave a comment

Washington (CNN) – The U.S. military is spending millions on an advanced implant that would allow a human brain to communicate directly with computers.

If it succeeds, cyborgs will be a reality.

The Pentagon’s research arm, the Defense Advanced Research Projects Agency (DARPA), hopes the implant will allow humans to directly interface with computers, which could benefit people with aural and visual disabilities, such as veterans injured in combat.

The goal of the proposed implant is to “open the channel between the human brain and modern electronics” according to DARPA’s program manager, Phillip Alvelda.

In January, DARPA announced it plans to spend up to $62 million on the project, which is part of its Neural Engineering System Design program.

The implant would be small — no larger than one cubic centimeter, or roughly the size of two stacked nickels — according to DARPA.

The implantable device aims to convert neurons in the brain into electronic signals and provide unprecedented “data-transfer bandwidth between the human brain and the digital world,” according to a DARPA statement announcing the new project.

DARPA sees the implant as providing a foundation for new therapies that could help people with deficits in sight or hearing by “feeding digital auditory or visual information into the brain.”

A spokesman for DARPA told CNN that the program is not intended for military applications.

RELATED: U.S. military is on its way to getting its Iron Man

But some experts see such an implant as having the potential for numerous applications, including military ones, in the field of wearable robotics — which aims to augment and restore human performance.

Conor Walsh, a professor of mechanical and biomedical engineering at Harvard University, told CNN that the implant would “change the game,” adding that “in the future, wearable robotic devices will be controlled by implants.”

Walsh sees the potential for wearable robotic devices or exoskeletons in everything from helping a medical patient recover from a stroke to enhancing soldiers’ capabilities in combat.

The U.S. military is currently developing a battery-powered exoskeleton, the Tactical Assault Light Operator Suit, to provide superior protection from enemy fire and in-helmet technologies that boost the user’s communications ability and vision.

The suits’ development is being overseen by U.S. Special Operations Command.

In theory, the proposed neural implant would allow the military member operating the suit to more effectively control the armored exoskeleton while deployed in combat.

However, Steven Pinker, a cognitive scientist and professor of psychology at Harvard, was skeptical of the proposed innovation, calling the idea a “bunch of hype with no results.”

He told CNN, “We have little to no idea how exactly the brain codes complex information” and cited the problems from foreign objects triggering brain inflammation that can cause serious neurological issues.

Pinker described “neural enhancement” for healthy brains as being a “boondoggle,” but he suggested that there could be some benefit for people suffering from brain-related diseases such as amyotrophic lateral sclerosis (ALS), also known as Lou Gehrig’s disease.

In its announcement, DARPA acknowledged that an implant is still a long ways away, with breakthroughs in neuroscience, synthetic biology, low-power electronics, photonics and medical-device manufacturing needed before the device could be used.

DARPA plans to recruit a diverse set of experts in an attempt to accelerate the project’s development, according to its statement announcing the project.

Pinker remained skeptical, however, telling CNN: “My guess is that it’s a waste of taxpayer dollars.”

Leave a comment

Posted in Big Data, Cyber Security, Security, Technology

Tagged , ,

Rackspace Shifts 90 Employees Away from Public Cloud Department

Posted on March 3, 2016 | 1 comment

This is a strategic move to get out of “Public” cloud offering and move to a Hybrid model.

GettyImages-492377798-e1450715277250Rackspace is in the process of re-assigning 90 of its employees who work in its public cloud department to faster growing areas of the company, like private and hybrid cloud.

According to a report by the San Antonio Business Journal on Tuesday, it is undetermined whether these employees will be laid off, but Rackspace said that the company regularly shuffles employees, which it calls Rackers, to “fast-growing areas” of its business “and may from time to time eliminate some roles in areas” it chooses to reduce investment. The company has more than 6,000 employees.

Rackspace said it is placing employees in public cloud marketing and engineering into private and hybrid cloud computing departments in preparation for a slow-down of new signups for its OpenStack public cloud service as more new public cloud workloads head towards AWS and Azure.

In an email to The WHIR, a Rackspace spokesperson said: “At Rackspace, we regularly align Rackers to fast-growing areas of our business and may from time to time eliminate some roles in areas where we choose to reduce our investment. We help Rackers, whose roles are eliminated, try and find new roles within the company and many do so. We anticipate that our 6,000-plus Racker workforce will continue to grow this year.”

The public cloud market has been unkind to companies that challenge AWS and Azure, with Verizon being the latest firm to duck out of the running by shuttering its public cloud service. In the last year, Rackspace has shifted its focus to partnerships, such as its recent partnership with Red Hat, which help it offer clients a hybrid cloud solution. In October, Rackspace began offering support for AWS, noting increased customer demand for such a service.

Rackspace CEO Taylor Rhodes told investors on a recent earnings call that its OpenStack private cloud is growing in the “high double digits.”

Despite the restructuring, Rackspace told investors that it expects its workforce to grow this year.

1 Comment

Posted in Big Data, Public Cloud, Security

Tagged ,