Cyber Threat Intelligence Across the Enterprise
December 28, 2015
A blog series from iSightPartners aims to help organizations make the most of Cyber Threat Intelligence. The series is introduced in, “How CTI Helps Six Groups Do Their Jobs Better: A New Blog Series!” Writer Christina Jasinski explains:
“The importance of Cyber Threat Intelligence (CTI) has become more widely recognized in the past year. But not many people realize how many different ways threat intelligence can be utilized across an enterprise. That’s why now is a good time to drill down and describe the wide range of use cases for employing threat intelligence for many different functions within an IT organization.
“Are you a CISO, SOC Analyst or an Incident Responder? Stay tuned….
“This is the first post in an iSIGHT Partners blog series that will delve into how IT security professionals in each of six distinct roles within an organization’s information security program can (and should) apply threat intelligence to their function. Each post will include 3-4 use cases, how CTI can be used by professionals in that role, and the type of threat intelligence that is required to achieve their objectives.”
Jasinski goes on to describe what her series has to offer professionals in each of those roles, and concludes by promising to reveal practical solutions to CTI quandaries. Follow her blog posts to learn those answers.
Cynthia Murrell, December 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Top Trends for Cyber Security and Analytics in 2016
December 23, 2015
With the end of the year approaching, people try to predict what will happen in the New Year. The New Year brings on a sort of fortunetelling, because if companies are able to correctly predict what will happen in 2016 then it serves for positive profit margins and a healthier customer base. The IT industry has its own share of New Year soothsayers and the Executive Biz blog shares that “Booz Allen Cites Top Cyber, Analytics Trends In 2016; Bill Stewart Comments” with possible trends in cyber security and data analytics for the coming year.
Booz Allen Hamilton says that companies will want to merge analytical programs with security programs to receive data sets that show network vulnerabilities; they have been dubbed “fusion centers.”
“ ‘As cyber risk and advanced analytics demand increasing attention from the C-suite, we are about to enter a fundamentally different period,’ said Bill Stewart, executive vice president and leader of commercial cyber business at Booz Allen. ‘The dynamics will change… Skilled leaders will factor these changing dynamics into their planning, investments and operations.’”
The will also be increased risks coming from the Dark Web and risks that are associated with connected systems, such as cloud storage. Booz Allen also hints that companies will need skilled professionals who know how to harness cyber security risks and analytics. That suggestion is not new, as it has been discussed since 2014. While the threat from the Internet and vulnerabilities within systems has increased, the need for experts in these areas as well as better programs to handle them has always been needed. Booz Allen is restating the obvious, the biggest problem is that companies are not aware of these risks and they usually lack the budget to implement preemptive measures.
Whitney Grace, December 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
New Years Resolutions in Personal Data Security
December 22, 2015
The article on ITProPortal titled What Did We Learn in Records Management in 2016 and What Lies Ahead for 2016? delves into the unlearnt lessons in data security. The article begins with a look back over major data breaches, including Ashley Madison, JP Morgan et al, and Vtech and gathers from them the trend of personal information being targeted by hackers. The article reports,
“A Crown Records Management Survey earlier in 2015 revealed two-thirds of people interviewed – all of them IT decision makers at UK companies with more than 200 employees – admitted losing important data… human error is continuing to put that information at risk as businesses fail to protect it properly…but there is legislation on the horizon that could prompt change – and a greater public awareness of data protection issues could also drive the agenda.”
The article also makes a few predictions about the upcoming developments in our approach to data protection. Among them includes the passage of the European Union General Data Protection Regulation (EU GDPR) and the resulting affect on businesses. In terms of apps, the article suggests that more people might start asking questions about the information required to use certain apps (especially when the data they request is completely irrelevant to the functions of the app.) Generally optimistic, these developments will only occur of people and businesses and governments take data breaches and privacy more seriously.
Chelsea Kerwin, December 22, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Bye-Bye Paid Reviews
December 22, 2015
One has to admit that this sounds like a sweet way to make a few quick dollars: write a fake online review about a product or service highlighting good points and sellable features, post it on your social media accounts, Amazon, your blog, Yelp, TripAdvisor, and then collect a few bucks. While Twitter might slowly be losing the social media race against Facebook and Instagram, the UK Telegraph says that the social network has another useful purpose: “Has Twitter Finally Killed The Mess Of The False Online Review?”
Fake reviews cost consumers millions of dollars each year, because they believe that first hand accounts from regular people trump a corporate advertising account. However, it spawned a big market for people to spend a few dollars to pay someone write a fake review and give a product/service a positive spin. The consumer is getting tired of fake reviews, as are online retailers like Amazon and the US government, which has even drafted the Consumer Review Freedom Act.
Twitter is jumping into action using big data moves like real time data sentimental analysis, location-based apps that search social media content for content, and algorithms to analyze tweets
“Chief executive Giles Palmer believes that apps such as Twizoo are only the start of how products and businesses are evaluated, especially as social media continues to evolve. ‘Until recently, social media monitoring has been a listening business where companies and brands have kept an eye on what their customers are doing, but not doing too much about it…But with mobile customers are after products and goods where they want to make an instant decision based on instant data. What’s more they want that data to be reliable and to be truthful; Twitter provides that.’”
Consumers are being more discerning about the products and services they purchase, but they also trust reviews to help them evaluate them so they will not be duped. High praise for Twitter for proving how social media is valuable as a learning tool and also for proving it is still a worthwhile network.
Whitney Grace, December22, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google Executives Have a Look but No Touch Rule
December 11, 2015
Have you ever been to a museum and the curator told you to “look, but don’t touch the exhibits?” The phrase comes into play, because museums want to protect the integrity of the exhibits and to keep them preserved for the ages. One of the draws about these new, modern companies is that all employees are allowed to engage with each other in different departments and the higher-ups are available without a hassle. Or at least that is the image they want to project to the public, especially Google. Business Pundit exposes bow Google CEOs interact with their employees in “Google’ s Top Execs Are Always Visible But Almost Never Approachable” like a museum exhibit.
Larry Page, Sergey Brin, and Sundar Pichai make themselves seen at their Mountain View headquarters, but do not even think about going near them. They are walled off to small talk and random interactions because all of their time is booked.
Company developer advocate Don Dodge wrote on a Quora Q&A that Larry Page, Sergey Brin, and Sundar Pichai are in the no approach zone, Dodge explains:
“However, that doesn’t mean they are easy to approach and engage in discussion. They are very private and don’t engage in small talk. They are usually very focused on their priorities, and their schedule is always fully booked. Larry is a notoriously fast walker and avoids eye contact with anyone so he can get to his destination without disruption.”
Get Larry a Segway or one of those new “hoverboard” toys, then he will be able to zoom right past everyone or run them over. Add a little horn to warn people to get out of the way.
Whitney Grace, December 11, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Big Data Myths Debunked
December 4, 2015
An abundance of data is not particularly valuable without the ability to draw conclusions from it. Forbes recognizes the value of data analysis in, “Text Analytics Gurus Debunk Four Big Data Myths.” Contributor Barbara Thau observes:
“And while retailers have hailed big data as the key to everything from delivering shoppers personalized merchandise offers to real-time metrics on product performance, the industry is mostly scratching its head on how to monetize all the data that’s being generated in the digital era. One point of departure: Over 80% of all information comes in text format, Tom H.C. Anderson, CEO of, which markets its text analytics software to clients such as Coca-Cola KO +0.00% told Forbes. So if retailers, for one, ‘aren’t using text analytics in their customer listening, whether they know it or not, they’re not doing too much listening at all,’ he said.”
Anderson and his CTO Chris Lehew went on to outline four data myths they’ve identified; mistakes, really: a misplaced trust in survey scores; putting more weight on social media data than direct contact from customers; valuing data from new sources over the customer-service department’s records, and refusing to keep an eye on what the competition is doing. See the article for the reasons these pros disagree with each of these myths.
Text analytics firm OdinText promises to draw a more accurate understanding from their clients’ data collections, whatever industry they are in. The company received their OdenText patent in 2013, and was incorporated earlier this year.
Cynthia Murrell, December 4, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
EHR Promises Yet to Be Realized
December 1, 2015
Electronic health records (EHRs) were to bring us reductions in cost and, just as importantly, seamless record-sharing between health-care providers. “Epic Fail” at Mother Jones explains why that has yet to happen. The short answer: despite government’s intentions, federation is simply not part of the Epic plan; vendor lock-in is too profitable to relinquish so easily.
Reporter Patrick Caldwell spends a lot of pixels discussing Epic Systems, the leading EHR vendor whose CEO sat on the Obama administration’s 2009 Health IT Policy Committee, where many EHR-related decisions were made. Epic, along with other EHR vendors, has received billions from the federal government to expand EHR systems. Caldwell writes:
“But instead of ushering in a new age of secure and easily accessible medical files, Epic has helped create a fragmented system that leaves doctors unable to trade information across practices or hospitals. That hurts patients who can’t be assured that their records—drug allergies, test results, X-rays—will be available to the doctors who need to see them. This is especially important for patients with lengthy and complicated health histories. But it also means we’re all missing out on the kind of system-wide savings that President Barack Obama predicted nearly seven years ago, when the federal government poured billions of dollars into digitizing the country’s medical records. ‘Within five years, all of America’s medical records are computerized,’ he announced in January 2009, when visiting Virginia’s George Mason University to unveil his stimulus plan. ‘This will cut waste, eliminate red tape, and reduce the need to repeat expensive medical tests.’ Unfortunately, in some ways, our medical records aren’t in any better shape today than they were before.”
Caldwell taps into his own medical saga to effectively illustrate how important interoperability is to patients with complicated medical histories. Epic seems to be experiencing push-back, both from the government and from the EHR industry. Though the company was widely expected to score the massive contract to modernize the Department of Defense’s health records, that contract went instead to competitor Cerner. Meanwhile, some of Epic’s competitors have formed the nonprofit CommonWell Health Alliance Partnership, tasked with setting standards for records exchange. Epic has not joined that partnership, choosing instead to facilitate interoperability between hospitals that use its own software. For a hefty fee, of course.
Perhaps this will all be straightened out down the line, and we will finally receive both our savings and our medical peace of mind. In the meantime, many patients and providers struggle with changes that appear to have only complicated the issue.
Cynthia Murrell, December 1, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Kmart Australia Faces Security Breach
November 30, 2015
Oracle’s Endeca and IBM’s Coremetrics were both caught up in a customer-data hack at Kmart Australia, we learn from “Customer Data Stolen in Kmart Australia Hack” at iTnews. Fortunately, it appears credit card numbers and other payment information were not compromised; just names, contact information, and purchase histories were snagged. It seems Kmart Australia’s choice to use a third party to process payments was a wise decision. The article states:
“The retailer uses ANZ Bank’s CyberSource payments gateway for credit card processing, and does not store the details internally. iTnews understands Kmart’s online ecommerce platform is built on IBM’s WebSphere Commerce software. The ecommerce solution also includes the Oracle Endeca enterprise data discovery platform and Coremetrics (also owned by IBM) digital marketing platform, iTnews understands.
The article goes on to report that Kmart Australia has created a new executive position, “head of online trading and customer experience.” Perhaps that choice will help the company avoid such problems in the future. It also notes that the retailer reported the breach voluntarily. Though such reporting is not yet mandatory in Australia, legislation to make it so is expected to be introduced before the end of the year.
Cynthia Murrell, November 30, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Interview with Informatica CEO
November 26, 2015
Blogger and Datameer CEO Stefan Groschupf interviews Anil Chakravarthy, acting CEO of Informatica, in a series of posts on his blog, Big Data & Brews. The two executives discuss security in the cloud, data infrastructure, schemas, and the future of data. There are four installments as of this writing, but it was an exchange in the second iteration, “Big Data Brews: Part II on Data Security with Informatica,” that captured our attention. Here’s Chakravarthy’s summary of the challenge now facing his company:
Stefan: From your perspective, where’s the biggest growth opportunity for your company?
Anil: We look at it as the intersection of what’s happening with the cloud and big data. Not only the movement of data between our premise and cloud and within cloud to cloud but also just the sheer growth of data in the cloud. This is a big opportunity. And if you look at the big data world, I think a lot of what happens in the big data world from our perspective, the value, especially for enterprise customers, the value of big data comes from when they can derive insights by combining data that they have from their own systems, etc., with either third-party data, customer-generated data, machine data that they can put together. So, that intersection is good for, and we are a data infrastructure provider, so those are the two big areas where we see opportunity.
It looks like Informatica is poised to make the most of the changes prompted by cloud technology. To check out the interview from the beginning, navigate to the first installment, “Big Data & Brews: Informatica Talks Security.”
Informatica offers a range of data-management and integration tools. Though the company has offices around the world, they maintain their headquarters in Redwood City, California. They are also hiring as of this writing.
Cynthia Murrell, November 26, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
More Bad News for Traditional TV
November 17, 2015
Traditional TV is in a slow decline towards obsoleteness. With streaming options offering more enticing viewing options with less out of pocket expenses and no contracts, why would a person sign on for cable or dish packages that have notoriously bad customer service, commercials, and insane prices? Digital Trends has the most recent information from Nielsen about TV viewing habits, “New Nielsen Study On Streaming Points To More Bad News For Traditional TV.”
Pay-for-TV services have been on the decline for years, but the numbers are huge for the latest Nielsen Total Audience report:
“According to the data, broadband-only homes are up by 52 percent to 3.3 million from 2.2 million year over year. Meanwhile, pay-TV subscriptions are down 1.2 percent to 100.4 million, from 101.6 million at this time last year. And while 1.2 percent may not seem like much, that million plus decline has caused all sorts of havoc on the stock market, with big media companies like Viacom, Nickelodeon, Disney, and many others seeing tumbling stock prices in recent weeks.”
While one might suggest that pay-for-TV services should start the bankruptcy paperwork, there has been a 45% rise in video-on-demand services. Nielsen does not tabulate streaming services, viewership on mobile devices, and if people are watching more TV due to all the options?
While Nielsen is a trusted organization for TV data, information is still collected view paper submission forms. Nielsen is like traditional TV and need to update its offerings to maintain relevancy.
Whitney Grace, November 17, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph