Six things firms should do to improve cybersecurity

The recent cyber-attack on UK telecoms firm-TalkTalk has once again brought to the forlight the real importance of cybersecurity.

TalkTalk joins a long list of companies worldwide that have encountered serious data breaches, including Ashley Madison, eBay, AOL, Target, Home Depot, Sony, Anthem ,JPMorgan Chase,the list is endless.

Google and McAfee believes that about 2,000 cyber-attacks takes place every day worldwide,inflinching an enormous cost of  around £300bn ($460bn) on the global economy yearly.
Yet more than two thirds of firms believe they are not sufficiently protected from sophisticated hackers seeking to extract money through blackmail or steal data for-sale in the black market.

Then what should businesses do to up their game on security? Technology of Business canvassed cybersecurity experts for their views.

1. Protect your data, not just the fence

Our ideas of corporate cybersecurity are out-of-sync, many experts warns.
Focusing only on building up the fortress walls is not adequate,though about 87% of security budgets is used for firewall technology, says Tim Grieveson, chief cyber strategist of Hewlett-Packard.

Set aside the gate and drawbridge structures,presently there are numerous possible ways into the fortress since businesses are linked to customers, suppliers, and employees through the internet. In-addition to that,it seems as if everyone who comes in and out of the fortress possess a key to unlock all the doors as well.
Gate crashes are unavoidable,comes the serious warning, guard the most important data.

"The main thing is, CIOs [chief information officers] should accept the idea that their company will be breached and shift their security focus from 'breach prevention' to 'breach acceptance'," says Jason Hart, chief technology officer at digital security specialist, Gemalto.

Tom Patterson, general manager of global security solutions for IT services firm Unisys,labelled this new approach as micro-segmentation - building several small walls around parts of your business containing critical data that should not be compromised.

This involves cryptographically securing each fragment of digital information - the packet data - with a code unique to every segment of the business. So if hackers gate crash, they only gain access to data belonging to that community or segment.
"A minute security breach is easier to contain - they may steal small bits, or disrupt a little bit, but they can not take down the whole corporation," says Mr Patterson.
The problem is, says Mr Grieveson, is "selecting the data to classify as important."

2. Identify your data

Several businesses can't even identify the data they have stored on their systems, let alone say how important it is,that is the complexity of their old computer systems and the recent increase in digital data from mobile and other devices on the internet.
According to a just concluded survey by information management firm Veritas, about 59% of the data in UK IT systems can't be identified let alone unclassified "dark data".

Knowing what you have is central to any security approach, says Mr Grieveson. "Businesses need to know and understand the risk associated with different types of data being lost."
When you have done this,you can use "best practice data protection - associating security directly to the data itself, applying multi-sector authentication and data encryption, as well as securely managing encryption keys," says Mr Hart.
"That way, if the data is stolen, it is useful to the thieves."

3. Keep to abreast of the insider threat

It is quite too simple to focus on attacks originating from outside and ignore the risks posed - knowingly or unknowingly - by people inside your corporation.
Even attacks from inside can be more difficult to reveal and contain. "In real world it takes about 70 days to remedy an insider cyber-attack," says Mr Grieveson.
Employees opening email attachments they think originated from secure sources are the number main threat for organisations", says Gary Steele, boss of Proofpoint, a secure email specialist.

"An organisation can expend millions on investments in security solutions, but all it needs is a click on a link by one employee, and the organisation is exposed," he says.
Hackers are increasingly clever at using personal information gleaned from social media and several other sources - so-called social engineering - to make employees think that emails originate from people they know. Enlightening staff of such threat must be a priority, experts advise.
When it involves employees on the payroll of criminal gangs, predictive analytics tools can try to pin-point abnomalities in their behaviour on a corporate network,such tools can be expensive and time-consuming to use.

4. Increase awareness and vigilance

Organisations can achieve more just by monitoring their systems more effectively, says Gavin Millard, technical director at Tenable Network Security.
This includes the "upgrading of easily exploitable bugs, robust filtering of inbound and outbound communications, updated malware defence, encryption of most sensitive information, and a good  and enhanced password policy," he summarises.


At least, firms should ensure network security certificates and antivirus and firewall software are update frequently.
"Using monitoring controls to reveal when an attack occurs is the most important from technology point of view," says AlienVault's Javvad Malik. " Also from a non-technology perspective, security training for staff can really help.

5. Be mobile compliant 

If staff uses mobile devices for work purposes, firms should restrict access to important data and systems, the IT professionals say.
At most, firms should change to centrally-controlled system enabling IT departments access to wipe devices remotely if stolen or lost.

"Firms need to employ a zero-trust philosophy," says Jason Garbis of security company, Cryptzone.

6. Increase budget and time on cybersecurity

Cybersecurity firms with products and services to sell would emphasize this, wouldn't they?  Even TalkTalk chief executive Dido Harding accepted that they would  "spend more money and more time on cybersecurity because it is the main risk".

Big firms having critical consumer data to secure are increasingly employing chief security officers, more to  vacant board positions, in a move that cybersecurity has to be incorporated in all business processes.
Cybersecurity is everybody's challenge, not only the responsibility of IT departments.

Google Buys Bebop And Names Diane Greene To Lead Enterprise Cloud Effort

In an astonishing move, Google said it was acquiring enterprise development platform startup bebop and employing founder, Diane Greene as head of Google’s enterprise cloud services.

Greene with an impressive background as one of the co-founders and a former CEO of VMware. Her company had been operating in silently until today’s acquisition.

Google made the move public in a blog post by CEO Sundar Pichai. He said Greene will operate an integrated enterprise cloud business,which combines Google for Work, Cloud Platform, and Google Apps with a consolidated product, engineering, marketing and sales team that was not available before now, Pichai said in the blog post.

While he mentioned a 60 percent Google cloud penetration in the Fortune 500, the company seemed not to have a single enterprise cloud front until now.

R Ray Wang, founder of Constellation Research says Greene brings real enterprise experience to the team with her foray into VMware. “Google needed someone who could deliver world class consumer-grade experiences with enterprise-class scale and platform thinking,” Wang told TechCrunch.

Steve Herrod, managing partner with venture capitalist General Catalyst and a former CTO at VMware agreed. “She is up to the task and ultimately changes the game for Google’s cloud front,” Herrod wrote in an email. “The engineering team at bebop were outstanding as well and will add a lot of enterprise DNA to Google,” he added.

Google is one of the earliest cloud companies, and has made great strides with consumers, it is trying to match up with Amazon Web Services, Microsoft and IBM in the enterprise.

This is a clear indication that Google wants to put all of them on notice that they are prepared take on platform, infrastructure and software services in the enterprise.

When you mention cloud services, Google is a firm that relishes the word.Google Docs, Google Drive, GMail or Google Calendar; are some of core cloud services that many consumers (including myself) use on a daily basis.

The Chromebook personal computer is a cloud-driven, designed to power all your apps from Google and others in the Chrome browser in-addition to running certain Android apps outside the browser.

Google is already trying to raise the bar in the enterprise with different versions of those tools merged together as Google Apps for Work, the company suffered a set back in July when early Google Apps user GE chose Microsoft Office 365 for its massive 300,000 employee deployment.

Perhaps feeling the effect the loss, Google started a promotion last month where it allows companies having enterprise agreement with a competetor's  product, try Google Apps for Work for free.

Google evidently has the cloud infrastructure to compete effectively with Microsoft, Amazon and others, what it lacks up today is leadership with a clear experience of the enterprise that Greene gives them.

Google Streams Apps to Android Phones

Google begins streaming apps to Android phones so people can make use of them without   installing on their phones.

The firm said it introduced this technology to assist people get better results when searching.

It said in a blogpost, the best answers to a search query were discovered in an app several times than a web page.

For a start nine apps were selected to work with the streaming system as it is been tested.

Not so good experience

Jennifer Lin, Google engineering manager, said the firm began indexing data found in apps two years ago to strengthen its larger piles of search data.

Around 40% of searches done via Google now bring up content found in apps like Facebook, Instagram, Airbnb or Pinterest.

Until recently, Google only answers queries with information available from on the web and in apps. Now,  it is began showing results found only in apps.

A GOOD example of these results would come up when someone is looking for hotels during a trip to an unknown place or city, wrote Ms Lin in the blog.

Google said it was using an in-house made streaming system to allow people access to results in apps which is not installed on their Android phones.

This makes people try the app and use it as if it were installed, said Ms Lin. An experimental cloud-based virtualisation technology Google developed powers this streaming system.

Apps from HotelTonight, Useful Knots, Daily Horoscope and Gormey were among the first made available via streaming.

Danny Sullivan, founding editor of the Search Engine Land news site, said the streaming system made a lot of information that was hard to get easily visible.

"It's no a good experience to bring up links to an app,nobody can view unless they install the app," he said.

In-addition, he said, this means that data found in apps were now more easily available and could be used for other purposes.

"Alternatively, this system can make certain apps that may appear to lack linkable content, such as games, to revert to app-only links," he wrote.

Streamed versions of apps can be found through Google's own app and its Chrome browser. Users must also use a fast internet connection and  use a handset running Android Lollipop or a later version. Lollipop was launched in November 2014.

The test drive of the app streaming and search service is now taking place in the US. Google has not mention when  it will be launched  in other parts of the world.

Xiaomi Rolls out Redmi Note 3, Its First Phone With A Fingerprint Scanner

Widening the focus of its young payment platform, China’s Xiaomi has introduced fingerprint scanners on its range of affordable smartphones for the first time after it rolled-out the third-generation Redmi Note in Beijing.

The sensor is located on the backside of the Redmi Note 3, is the most prominent feature of the new 5.5-inch phablet, which will be sold for 899 RMB ($140) and will first debut in China. Also, the phone comes in a metallic casing while Xiaomi has increased the device’s battery to a larger capacity of 4000mAh.

Beneath, the phone is powered by a Helio X10 chip from MediaTek. With dimension of 8.65mm thick and,mass 164g,which is 4g heavier than previous Redmi Note 2,unveiled just three months earlier. The Redmi Note 3 includes a similar 13-megapixel front camera and 5-megapixel rear camera like its predecessor.


This phone may be the first among many from Xiaomi to have a fingerprint scanner, but its unveiling signals Xiaomi’s trip into the payments space in a very big way.The sensor can also be used to unlock the phone without using a passcode,just like similar devices from other companies, that’s just the beginning.

Way back in July, Xiaomi released Mi Wallet, a new platform that exceed  services like Apple Wallet or Apple Pay with additional features to allow payments, bank account management and other financial services for Xiaomi phone owners. Presently, Xiaomi is increasing the base for the mobile payment service,which could be a vital component  of Mi Wallet.

Skeletal Mi Wallet service is available worldwide,some specific components such as mobile payment is restricted to China presently. Since Xaiomi sold 60 million devices in 2014, and it is aims to attain 80 million this year, its entry into mobile payments sector could help it achieve this target.

The firm also rolled-out its second generation tablet, the Mi Pad 2. Now with metallic body, like the Redmi Note 3, Xiaomi said the new Mi Pad is 18 percent slimmer and 38g lighter than the previous model.It also comes in a new “Champagne Gold” color option.

In details, the Mi Pad has improved over its previous Nvidia internals, with the gen-two model powered by Intel Atom X5-Z8500 processor having an Intel Atom 64-bit CPU. It comes with a 7.9-inch display, 8 and 5-megapixel cameras at the back and front, and a 6190mAh battery. It supports USB Type-C port.

                                                          Mi Pad 2

The Mi Pad 2 is retailed at 999 RMB (about $155) or 1,299 RMB (about $200) for 16GB and 64GB models, respectively. Interestingly, the  64GB version may be available as a Windows 10 device from next month — making it a quite inexpensive entry  into Microsoft’s latest operating system.

Asus to develop its own version of Microsoft’s HoloLens

Microsoft’s HoloLens was the company’s first step towards developing augmented reality hardware. The wearable device projects 3D images in front of your eyes and layers the images over what you see in the real world. Now, it seems Asus is mulling whether to market its own version of HoloLens. Asus CEO Jonney Shih and Microsoft’s vice president of Windows and devices Terry Myerson affirmed to CNET they’re in talks about working on a HoloLens project together, though Asus has said that it is “still evaluating” the potential of HoloLens.

If true, Asus will be the first third-party company to build a version of HoloLens. The Microsoft HoloLens is currently restricted to select audiences and cannot be purchased at retail yet — although reports suggest that Microsoft might unveil a version of HoloLens forsoftware developers at a price tag of $3,000 by the end of this year. As is often the case, the agenda behind releasing it only to software developers is to inspire them to create applications for the HoloLens platform in advance, so that the general public will have a reason to buy in when it becomes widely available.

As the world’s sixth largest PC maker, Asus might come up with a lower-cost variant of the HoloLens. The Taiwan-based manufacturer is well known for its affordable range of products, and if the deal with Microsoft is sealed, then the company will be able to focus on improving and reducing the cost of the hardware while Microsoft handles any software-related shortcomings. If all goes well, then in the future we might see larger audiences going for the HoloLens and incorporating it into their daily routines. Microsoft is hopeful that in taking a cue from Asus, other manufacturers may also chime in with their own versions of HoloLens.

All being said, this won’t be a cakewalk for Asus, as it will be expected to adhere to certain guidelines laid down by Microsoft. It might involve a waiting period of up to five years before making the technology accessible to the general public. Microsoft once mentioned HoloLens as a “five-year journey,” so we assume that Asus might have to wait until the completion of the said period. Myerson mentioned that the HoloLens is a preview of what Microsoft has in store for future, just like the Surface Book and Surface Pro 4.

“Everything we’re doing in hardware, we do with the mind of how do we grow the Windows ecosystem,” Myerson said. “That is why we’re investing in creating a category. It’s ultimately up to Shih whether Asus makes its own version of HoloLens.”

Microsoft has yet to reveal whether it might start selling its own less-expensive version of the HoloLens. Early testers praised the original for its version of Minecraft, with many referring to it as a “killer app” for the platform.

Ever since it unveiled the HoloLens, Microsoft has been working hard to develop the technology further. For example, it’s focusing on creating 3D images that are better able to interact with the outside ecosystem. The company also showed a glimpse of such images with its Project X-ray at a recently held hardware event. In an earlier report, it was revealed that Microsoft has collaborated with NASA to test HoloLens on astronauts at the International Space Station (ISS). The company has partnered with AutoDesk to create applications for the device. Moreover, as Microsoft CEO Satya Nadella has said, the company is also planning to try out the technology in fields as diverse as healthcare and construction.

EXTREMETECH