BLOGSPOT atas

Friday, December 29, 2017

What Marketers Need to Know About LinkedIn


What Marketers Need to Know About LinkedIn


What if I told you that LinkedIn, a social media platform that is now 14 years old, is the next big opportunity for marketers and brands?

While much of the focus over the last few years has been on perfecting our Facebook and Instagram marketing strategies, LinkedIn has been silently growing their user base to more than 500 million users.

The reason for this sudden growth?..

http://entm.ag/i8h

===

by Idham Azhari




Virus-free. www.avg.com

Thursday, December 28, 2017

Need a Business Idea? Here are 55


Need a Business Idea? Here are 55

Today, tens of thousands of people are considering starting a home based business, and for good reasons. On average, people can expect to have two and three careers during their work life. Those leaving one career often think about their second or third career move being to their own home. People who have been part of the traditional nine-to-five work force and are on the verge of retiring from that life are thinking of what to do next. The good news: Starting a homebased business is within the reach of almost anyone who wants to take a risk and work hard...


===


Virus-free. www.avg.com

Wednesday, December 27, 2017

5 Signs an Initial Coin Offering Is a Scam

5 Signs an Initial Coin Offering Is a Scam


If you have been paying attention to the fintech space over the past few months, then you have likely heard the term "ICO" thrown around time and again. To date, blockchain startups have raised over $3.5 billion via this emerging fundraising channel. But what are they? And why should we care about them?

At a high level, an Initial Coin Offering ("ICO") is a "fundraising mechanism in which new projects sell their underlying crypto tokens in exchange for early capital." Often compared to the more mainstream Initial Public Offering (IPO), ICOs democratize the fundraising process, serving as a crowdfunding instrument that can be levered at scale. While a relatively new phenomenon, these token sales are quickly gaining momentum, empowering a global pool of investors to fund the next generation of companies.

The biggest problem with ICOs, as they gain public attention, is that they are unregulated. There are few barriers to entry for anyone wishing to create a white paper, design a simple landing page and start collecting funds via a digital wallet. There are a number of fraudulent "entrepreneurs" who are abusing the system. As a result, it can be extremely challenging, as an investor, to pick the needles out of the looming haystack.

There is, however, tons of opportunity for ICOs to fund ambitious projects that will foundationally change our evolving economy. Here are five signals to look for before you invest in any ICO...

https://www.entrepreneur.com/article/306563

===

by Idham Azhari


Virus-free. www.avg.com

Validating IoT

Validating IoT


Most practitioners by now are familiar with the concept of the "Internet of Things" (IoT). As it has become more practical and economical to incorporate computing, network, and storage elements into everyday artifacts and objects, there has been a proliferation of devices that have these elements built in. An unintended byproduct of this trend has been the steady incorporation of these devices into the corporate environment.

This incorporation can happen directly, as organizations embrace these devices to better foster business outcomes; for example, an agriculture-based business (such as a vineyard) might incorporate environment sensors to monitor items like humidity, temperature and other growing conditions. It can also happen indirectly and "under the radar" – for example a smart television in a conference room or a network-connected fire alarm or thermostat.

Whether inadvertent or deliberate, incorporation of these technologies into the business landscape has an impact on the risk equation. Some organizations are leveraging these devices to gain competitive advantage. Others are discovering that these technologies can represent a source of potential risk under the wrong circumstances.

As with any technology, there are both potential risks as well as potential business value benefits that use of the technology (intentional or otherwise) can bring about. The equation is complex, though: businesses can gain potential value from their use (enabling competitiveness), there are risks in their use, and there also is a risk of not adopting – for example, should an organization's competitors gain advantages through their adoption.

The need for evaluation
From an organizational point of view, then, these complicated risk dynamics increase the importance of systematic validation of the devices, including a risk-aware examination of both the potential risks as well as potential business value. This is, of course, part and parcel of a workmanlike and systematic approach to risk management; however, it becomes increasingly important when the technologies being considered are ones that can easily be adopted "under the radar" or without full visibility by assurance and security personnel.

To help practitioners fully and systematically unpack and evaluate these risk elements, ISACA has released Assessing IoT: IoT Upsides, Downsides and Why We Should Care About Them. This publication examines the rise of IoT: its use, how it can assist businesses, potential risk areas that can arise, potential privacy issues that might arise based on usage, and the need for evaluation and validation of IoT by those with a stake in organizational risk and value for organizations.

The upshot is that organizations absolutely need to systematically evaluate these devices the same way that they would evaluate other technology that supports the business. It is important to recognize that this is not always the "default state" for organizations when usage grows organically; meaning, unless there is an active effort – and an internal champion – to ensure this type of analysis is performed, it is not a given that it will occur. This is particularly true in light of shadow adoption and/or direct adoption within business teams.

The document itself provides an objective viewpoint, highlighting potential risk scenarios that organizations may encounter. There are, of course, almost as many ways to perform risk management as there are organizations themselves; however, a systematic approach to evaluating that risk, including a candid and objective discussion of potential risks, value, as well as competitive impact, is warranted and critical.

https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=919

===

https://idhamazhari.com/


Virus-free. www.avg.com

Thursday, December 21, 2017

Digital ad spend grew 23 percent in the first six months of 2017, according to IAB

Digital ad spend grew 23 percent in the first six months of 2017, according to IAB


Digital ad spending continued to grow during the first six months of 2017, according to the latest Internet Advertising Revenue Report.

The report was prepared by PricewaterhouseCoopers for the Interactive Advertising Bureau, a trade group of online advertisers and publishers. It shows that digital ad revenue in the United States reached $40.1 billion in the first half of this year. That's both a 23 percent year-over-year increase and an all-time high.

The previous report highlighted the fact that in 2016, mobile accounted for the majority of ad spending for the first time. That trend continued into 2017, with mobile ad revenue growing to $21.7 billion, accounting for 54 percent of the total.

And in a year where publishers seemed eager to "pivot to video," it does seem that they were following advertiser dollars, with video ad revenue growing 36 percent to $5.2 billion. Mobile video advertising accounted for $2.6 billion of that total.

Meanwhile, social media advertising grew 37 percent to $9.5 billion, while digital audio advertising grew 42 percent to $603 million.

One of the ongoing industry questions is the extent to which Facebook and Google dominate the landscape. The IAB report doesn't break out revenue for individual businesses, but it does look at "revenue concentration," namely the percentage of revenue that went to the top 10 companies.

In the first six months of 2017, that concentration stood at 75 percent — the IAB says that over the past decade, the number fluctuates between 69 and 75 percent, so this is on the high end, but still within the historical range.

Outside the main report, the IAB has also been doing research into small and medium businesses, finding that of the 9 million SMBs in the U.S., 75 percent or more have spent money on advertising, with 80 percent using self-service platforms and 15 percent using programmatic advertising.

How does that fit into the bigger picture? IAB's senior vice president of research and impact Chris Kuist said that while the team still needs to "dimensionalize" the data and find a systematic way to incorporate it into the report, the initial analysis suggests that much of the growth in digital ad spending is coming from small and local businesses, rather than the big Fortune 500 companies.

He also argued that this means that the growth isn't just a "reshuffling" of ad spending, where money moves from offline ads to online ads. Instead, small businesses are serving as a "novel" source of ad revenue, taking advantage of the fact that the "barriers to entry have dropped' with digital advertising.

This may also point to why many digital media businesses have been consolidating and cutting staff in the past year, despite the increased ad spending — if much of the growth is coming from small businesses using self-service tools from big platforms like Facebook and Google, it's going to be tough for individual publishers to benefit.

Kuist said he can't comment on the dynamics of any specific business, but he tried to paint the situation as one of opportunity.

"There is an engine of growth for the industry as a whole," he said. "I think any individual company's trajectory will help shape how successful they are at tapping into that. This is not me saying that every company needs to run out and become a self-service platform for SMBs. But as the broader economy evolves, there are opportunities for marketing to evolve and still play a very, very important role."

https://techcrunch.com/2017/12/20/iab-ad-revenue-report-2017/

===

by Idham Azhari






Virus-free. www.avg.com

Faces of ISACA: Dr. Nancy Asiko Onyango, CISA, CGEIT, CRISC


Faces of ISACA: Dr. Nancy Asiko Onyango, CISA, CGEIT, CRISC


Editor's note: The ISACA Now series titled "Faces of ISACA" highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Kenya resident Dr. Nancy Asiko Onyango, who recently was appointed as director of the International Monetary Fund's Office of Internal Audit and Inspection. Interested in joining ISACA and networking with colleagues like Dr. Onyango? Learn more here.

Nancy Asiko Onyango recalls being encouraged to wear blue jeans during her early days in the audit profession to be more comfortable when sifting through paper files, which would then be marked up with different colored pencils to highlight various findings.

Just as audit has made huge strides during her three decades in the profession, so has Dr. Onyango's career. Dr. Onyango recently was appointed as director of the International Monetary Fund's Office of Internal Audit and Inspection.

"What excites me most about this incredible opportunity is working for an institution that is respected, admired and inspires awe in equal measure across the globe, and strives to set a good institutional example for others," said Dr. Onyango, a longtime ISACA member. "I think there is room for me to learn and grow, and at the same time there is the opportunity to make a contribution and leave a legacy."

Dr. Onyango, of Nairobi, Kenya, emerged from a rigorous recruitment for the position with the IMF, an organization spanning 189 countries that works to foster global monetary cooperation, secure financial stability and reduce poverty around the world. Dr. Onyango's background bringing structure to organizations' governance programs and internal controls, combined with her international experience across both governmental and private sector organizations, made her a logical fit for the position.

"While I love the structure and consistency in governmental organizations, the rigidity can be challenging if one is accustomed to working in a fast-changing environment commonly associated with listed companies and the private sector," Dr. Onyango said. "I have over the years learned to appreciate the differences, and the need to adapt our audit approaches and working style to accommodate both private and public sectors."

Dr. Onyango's past roles include CEO at Reliance Risk Advisory Solutions and partner at PricewaterhouseCoopers in Kenya. She also spent part of her 10 years working in London as senior manager for PwC UK.

While Dr. Onyango retains an affinity for London, in her view, there is no place like Nairobi.

"It's my favorite city in the world, since it's the city I know best and can find all sorts of places and things to do," Dr. Onyango said. "It's also the only city in the world situated right next to a national park where you can find lions, giraffes and zebras, amongst many other animals in the wild."..

https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=918

===

by Idham Azhari


Virus-free. www.avg.com

Wednesday, December 20, 2017

5 Red Flags to Watch Out for When Applying to a Company

5 Red Flags to Watch Out for When Applying to a Company


Think about it: have you ever landed a coveted job only to feel miserable mere weeks later, lamenting at your cubicle that if only you had listened to your gut -- to have seen your boss' disheveled desk for the warning sign it was -- you could have saved yourself a lot of trouble.

In other words, you ignored a red flag. "A work-related red flag is basically a warning sign, either overt or even a gut feeling you have, that the job won't be a good fit for you," explains career coach Hallie Crawford. "It can also be a possible issue you sense with the company, why the job is available, your prospective boss, or a team member you'd be working with."..

https://www.fool.com/careers/2017/12/19/5-red-flags-to-watch-out-for-when-applying-to-a-co.aspx

===

by Idham Azhari





Virus-free. www.avg.com

Cyber Risk List Has a New No. 1 for 2018


Cyber Risk List Has a New No. 1 for 2018


I recently presented the predictions for the Top 10 2018 Cyber Risks at the Whitehall Media, Enterprise Security and Risk Management conference in London.

So, what had changed since the 2017 list of Top 10 Cyber Risks that I presented at ISACA's EuroCACS event back in May?

At number 5 in the chart, digital transformation makes an appearance. When we apply technology to activities where it was not traditionally used, we get all kinds of great innovations, but it also opens up a wealth of new vulnerabilities.

At number 4, malware (including ransomware) is still riding high in the charts. This is still a significant and widely used component in many breaches and cyberattacks. Notably, since the start of 2017, there has also been a substantial increase in the use of fileless malware (malicious software that exists only in memory or as appended functions to existing files).

Although phishing and web application attacks are also up in the top five, there is a surprise new entry straight in at number one. The number one spot is occupied by the new EU General Data Protection Regulation (GDPR) that carries with it a maximum potential fine of up to 4% of global revenue for non-compliance.

So, why is this at number one?

For most enterprises, the consequences for non-compliance with this regulation have made GDPR a boardroom priority. Although cybersecurity is only one component within the regulation, it is expected that the first investigations and fines will probably be driven by the really large personal data breaches that emerge after the regulation becomes effective in May 2018.

If you think about recent incidents, such as the Uber data breach, if they happen once GDPR is active, the consequences will be much greater than in the past.

That fact can also be used by hackers. If a hacker stole personal information from a company before GDPR, they could only ransom the data for the potential brand damage or inherent data value, but after GDPR is in place, if you don't pay the hackers, you will likely be facing a GDPR investigation by a supervisory authority – with a potentially massive fine attached.

GDPR has made personal information a lot more valuable than before, so cybersecurity departments will face challenges not only assisting and consulting on the process changes required by GDPR but also with increased targeting of personal information because the ransom value will have risen substantially...

https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=917

===

by Idham Azhari




Virus-free. www.avg.com

Tuesday, December 19, 2017

What You Wanted to Know About in 2017, According to Google

What You Wanted to Know About in 2017, According to Google

With the holidays upon us, now is prime time to take stock of 2017. With Google's annual release of its most searched-for terms, we can see how the year took shape based on our biggest questions.

On the consumer front in the U.S., the most searched-for car brand was Ford and the tech that people wanted to know most about was Apple's iPhone 8. The most searched for food item was Starbucks' viral Unicorn Frappuccino and how many calories it contained.

From an entrepreneurial standpoint, it would seem that the makers of any and all things related to August's solar eclipse and companies who sell fidget spinners had a pretty good year.

The top 10 searches of the year in the United States were as follows..

https://www.entrepreneur.com/article/306194

===

by Idham Azhari


Virus-free. www.avg.com

Friday, December 15, 2017

Fortune Favors the Tech-Savvy: A Portrait of Tomorrow’s Digital Transformation Enterprise Leaders



Fortune Favors the Tech-Savvy: A Portrait of Tomorrow's Digital Transformation Enterprise Leaders



Today's digital economy sees established enterprises competing against start-ups, all enterprises worried about risk, and smart enterprises deploying digital technologies capable of transforming their enterprise, and enabling better business-to-customer interactions and relationships.

Opportunity abounds; our global digital economy presents new possibilities almost daily. The problem is, not every enterprise is taking advantage of those opportunities. ISACA's recently released Digital Transformation Barometer research shows that slightly less than a third of enterprises are making it a priority to evaluate the opportunities emerging digital technologies might bring on a frequent basis. That means more than two-thirds of enterprises aren't realizing their full potential in the digital economy.

Some of that may be due to a lack of familiarity; it is difficult for some who serve on boards and as C-suite leaders to have confidence in technologies with which they lack background. Absent that confidence, it is difficult to put forth a vision for an enterprise rooted in digitally transformative technologies. For many enterprises, this means passing up opportunities to explore tools such as artificial intelligence, big data and analytics, sensor-defined networks and Internet of Things devices, and distributed ledger technologies like blockchain. This, too, was borne out by ISACA's research; enterprises without tech-savvy leadership don't explore opportunities as often as enterprises with tech-savvy boards and C-suite leaders.

Unexplored opportunities mean unexplored new revenue streams or customer bases, and new revenues and customers are the lifeblood of nearly all enterprises. Years ago, it might have been acceptable for the head of the IT department to be the only leader who truly grasped the significance of a transformative emerging technology, digital or otherwise. Today, such an approach is not only antiquated, but unacceptable. Risk is an enterprise-level concern; evaluating that risk is every leader's concern, from the boardroom to every corner of the C-suite.

To evaluate that risk, however, the digital fluency of all enterprise leaders needs to increase, even among enterprises that have already successfully begun—or completed—digital transformations. The reason for this is simple: things change, and they always will. New technologies will arise, old ones will fade away. Advances in technology will bring with them risks and expansion of the threat landscape. It is not enough to create tech-savvy leaders now; a pipeline of such leaders must be cultivated within an enterprise to ensure that the digital fluency of leadership does not wane.

So, who will lead tomorrow's digital transformations? When we speak of digital fluency, and C-suite and boardroom leaders who are tech-savvy, a specific cohort comes to mind: digital natives. The Millennials and Gen Zers of today will be in the C-suites and boardrooms of tomorrow, and the level of digital fluency and tech-savviness of those leaders will be far more widespread than in the current global digital economy. The problem is, today's enterprises can't wait that long.  They need to innovate now, to ensure Millennials' roles as future enterprise leaders.

To do so, risk from new and emerging technologies must be mitigated to levels an enterprise finds acceptable, and this requires resources. Specifically, adequate resources, focused in key areas. Innovation, customer interactions and overall business performance all benefit from robust, effective governance programs for technology and information. Likewise, a hardened information and cyber security workforce—well-trained, and up-to-date on the latest developments in their respective fields—is an asset of vital importance as enterprises seek to maximize their returns on investments in digital and other technologies. For enterprises producing products, services, or solutions, implementing strong innovation governance, and 'baking in' security during the design and development stages of a new offering, should be considered mandatory.

However, even with these safeguards in place—strong governance of information and technology, coupled with an exceptional workforce of professionals—things may not always go as planned. It is possible to mitigate risk when embarking upon a digital transformation, but it is not possible to eradicate risk. Tech-savvy leaders will realize this, and empower their operational units to take calculated risks, knowing that failure isn't truly failure if something is learned from it.

If an enterprise seeks a prosperous near-term future, it lies in digital transformation. Enterprises with tech-savvy leadership already know this, and are making such transformations cornerstones for their respective envisioned futures. The most forward-focused of those enterprises are already building the pipelines of future leaders to ensure that enterprise leadership maintains its digital fluency for years to come.

https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=915

===

by Idham Azhari


Virus-free. www.avg.com

Wednesday, December 13, 2017

8 Standout Traits Every Interviewer Wants You to Demonstrate


8 Standout Traits Every Interviewer Wants You to Demonstrate

What are some green flags in a job interview?

  • A learning mindset. All jobs require some sort of training and onboarding contingent on an open mindset and willingness to learn and adapt to a new environment.
  • Familiarity with the company. Instead of applying the "shotgun approach" by pitching your CV to 50 companies, pick 2-3 and apply carefully. Study the companies and understand their purpose, business model, and the types of activities you'd likely be engaged with.
  • Strategic questions. No job description or interview reveals the full scope of a job and the long-term opportunities. Through genuine curiosity you can ask several relevant questions regarding your day-to-day, the intrinsic motivation of the existing team, the company policy or anything else relevant to your skills and how you can apply them in practice.
  • Skills match. The closer your profile is to the job description, the more likely it is to receive an offer. Onboarding may take a couple weeks or span across 6-9 months depending on your familiarity with the industry and the job. Former experience (or extensive study) within that area would help alleviate the initial friction and become more productive.
  • A reason to stay. A sense of purposefulness and commitment to the company and the job. An indirect reason which would keep you around for a few years without necessarily browsing around for alternative jobs.
  • Clear communication. Communication is an important factor during interviews as it's a requirement for any type of job. Being able to clearly articulate your goals and showcase your skills is a key factor during the interview.
  • Team spirit. You will also interact with various colleagues and managers within the organization - which is why a team spirit is important. While it's not something that you can state in your CV (even though many try to), make sure that you explicitly mention the importance of a healthy working culture and a strong bond between team members.
  • Salary expectations. Reasonable payment expectations within the market norms are important for smaller and medium-sized businesses. Not every business can afford a top-paid talent or are willing to commit to those expectations right away during an interview...

===


Virus-free. www.avg.com

Monday, December 11, 2017

Risk Analysis Inputs Critical in Assessing Vulnerabilities

Risk Analysis Inputs Critical in Assessing Vulnerabilities


The fact is, new vulnerabilities come to light every day. Unfortunately, staying ahead of these new vulnerabilities, or otherwise addressing them promptly, has proven to be incredibly difficult (not to mention costly). The good news is, not all vulnerabilities impact every organization. But, for vulnerabilities that do apply, it often is difficult to make risk-based decisions to address them – do we mitigate, avoid, transfer, or accept them?

These decisions become a great deal easier when organizations include the likelihood of an exploit along with a vulnerability's impact as risk analysis inputs. In these cases, impact is often relatively straightforward. For example, we might consider legal, strategic, financial, operational, or reputational impacts or, as Common Vulnerability Scoring System (CVSS) does, we might consider impact to classic objectives like confidentiality, integrity and availability.

Likelihood seems softer than impact and, as a result, we might think it is harder to determine. To get there, we have to think about the threats that could take advantage of a vulnerability. To exploit a vulnerability, there first must be a related threat. As it turns out, CVSS has sorted out quantifying likelihood by prompting for easier-to-answer questions like the origin of a threat, the difficulty of an exploit and the need for a victim's involvement. One of the common shortcomings with vulnerability management processes is in their often-limited understanding of applicable threats.

So, what is a threat?

We think of a threat scenario as a threat agent acting against a target to accomplish an objective. For example, a hacker targeting an e-commerce website to steal credit card data. A vulnerability creates a point of entry through which the attacker can reach the target. In a more complex attack, a hacker might work through a series of layers, exploiting various vulnerabilities along the way.

We worry about threats from thieves, hackers, malware and ransomware, social engineers and phishers, and natural disaster. However, the definition of a threat can encompass more than just these common actors. For example, an organization might view regulatory compliance as a threat. After all, an audit can have a significant impact – fines and penalties.

Why does understanding threats matter?

Regardless of your organization, addressing vulnerabilities is a business decision. As with any other business decision, risk and cost are a factor. Understanding a vulnerability in the context of the threats that might exploit it makes it easier to plan a course of action and prioritize your response.

https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=913

===

by Idham Azhari


Virus-free. www.avg.com

Friday, December 8, 2017

2018 Predictions for Cyber Security

2018 Predictions for Cyber Security

With rapid digitization and the inter-networked world leading to a huge data explosion combined with the relentless growth of transformative technologies, the importance of cyber security – now and in the future – is unquestionable.

As 2018 approaches, here are my top five predictions for cyber security in the coming year:

  • Huge demand for security professionals with evolving and grounded expertise
  • Stringent global regulations
  • Ransomware, DDoS attacks and cyber warfare
  • Explosion of threats, vulnerabilities and IoT
  • Privacy and ethics concerns for big data, and back to basics

Huge demand for security professionals with evolving and grounded expertise
Industry requires skilled cyber security professionals who can not only meet the current challenges, but also evolve continuously with the changing technology landscape and with the associated threats and vulnerabilities. Some of the top skills needed in the context of the evolving threat scenario are as follows:

  • Data analysis, data Governance and enterprise IT governance
  • Data analytics, data science and big data management
  • Cognitive computing and artificial intelligence
  • Strong knowledge to address ransomware and evolving IoT connectivity issues and mobile access
  • Application security and knowledge of defensive software engineering
  • Strong knowledge on regulatory guidelines

Stringent global regulations 
General Data Protection Regulation (GDPR), an EU regulation, will become applicable to every country in the world in May 2018. Organizations that fail to comply can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements, such as not having sufficient customer consent to process data or violating the core of privacy by design concepts. Given the serious implications, GDPR will be a priority for boards of directors around the globe.

Ransomware, DDoS attacks and cyber warfare
Ransomware, or categorized as crypto-ransomware, encrypts certain important files on the infected systems and forces users to pay ransom through online payment methods to get the decrypt key.  Normally payments are demanded in crypto-currencies like that of bitcoin; however, payment does not guarantee that files will be decrypted.

Ransomware has spread across the world and become a profitable business model. This trend will escalate, provided users don't follow best practices and systems remain unpatched.

DDoS poses a serious threat to organizations worldwide, especially when they lack the resources and the bandwidth to handle the large network traffic. The threat of DDoS will be accentuated with the increased usage of Internet of Things (IoT) connected devices in the enterprise, which when left unsecured, can become pathways as well as slave nodes, and add to the DDoS traffic stream.

As a consequence, cybercrimes will flourish, which could be used by powerful nations to initiate and develop highly refined and targeted attacks against targets of national value belonging to other countries.

Explosion of threats, vulnerabilities and IoT
Due to exponential growth of innovative technologies, lots of new vulnerabilities will be introduced.  However, the highest risks will still come from well-known and well-understood vulnerabilities. SANS estimates that over 80 percent of cyber security incidents exploit known vulnerabilities. Gartner comes in much higher, estimating that "through 2020, 99 percent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year."

As if this is not sufficient, Cisco estimates that IoT will account for nearly half of connected devices by 2020, as cars, refrigerators, medical devices and gadgets not yet imagined or invented will link in, which will lead to the tremendous growth of threats and vulnerabilities in 2018 and the years to follow.

Privacy and ethics concerns for big data, and back to basics
Too much data is entering enterprises, and with the advent of big data, organizations now come across new types and formats of data, many of which are not structured like that of traditional data. Various types of sensors generate data in various formats and in huge numbers to be monitored. Hopefully, GDPR will serve as a guide post for exercising compliance while leveraging big data.

More often than not, cyber security issues are due to internal processes and people. In 2018, organizations the world over must spend more on security awareness and training for their employees so that preventive measures are exercised by them and incidents are raised when required. Basic security hygiene such as the patching of servers and updating software versions will rightfully gain greater prominence.

https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=912

===

by Idham Azhari


Virus-free. www.avg.com

Thursday, December 7, 2017

The Shadow Brokers: Hacking Tool Proliferation

The Shadow Brokers: Hacking Tool Proliferation

The case of The Shadow Brokers, the group responsible for the disclosure of hacking tools created by "The Equation Group," impacts the enterprise through the disclosure of hacking tools. These tools were repurposed by other hackers and resulted in several other cyberattacks, including WannaCry. The disclosed tool set includes exploits, windows, Linux and router/firewall tools. In essence, the tools are a hacking how-to for wannabe hackers, making even less sophisticated hackers more sophisticated.

Hacking tool proliferation
The Shadow Brokers series of disclosures has started a fascinating conversation around the concept of hacking tool proliferation. However, hackings tool proliferation is nothing new. In fact, it dates all the way back to @stake and Foundstone. Each of these companies produced some of the earliest and most widely available penetration testing tools of their time. Security professionals and hackers alike quickly adopted their use into their everyday operations.

Since the early 2000s and through as late as 2012, the Poison Ivy Remote Access Tool (RAT) was the most prolific and arguably successful hacking tool around. In 2013, FireEye named Poison Ivy the AK-47 of RATs. Since 2013, the Poison Ivy RAT began to cede popularity to a newer, more advanced RAT known as PlugX. Frighteningly, more than 50 different hacking groups were at one point using PlugX in their cyber operations. Following the US government's Office of Personnel Management (OPM) breach, PlugX became a major target for security vendors and enterprises alike. As a direct result, its use waned and a new contender, Cobalt Strike, began to proliferate. Today, Cobalt Strike, an offensive pen testing tool, is used not only by pen testers, but also by countless hacking groups to cause irreparable damage to enterprises.

But what about zero-day exploits? Most hacking operations do not even use zero-day exploits. Why would they when they aren't even required to succeed in attacking an organization? For instance, zero-day exploits are expensive to purchase and take significant time to develop and prepare for usage. The fact is, most organizations struggle to patch their hosts properly. As IDT Corporation can attest, patching systems is challenging, even when running so called "next-generation" detection and management solutions to do exactly that.

There is no way to put the genie back in the bottle. Legislation that prohibits vulnerability sharing or attempts to block the sharing of any security information not only is a free speech issue, but also simply won't stop knowledge transfer effectively. In the early 1990s, the US Department of State embarked on an effort through the International Traffic in Arms Regulations (ITAR) to block the exportation of encryption technology from the United States. The result? Twenty years later, most websites are encrypted anyway. In the age of global knowledge sharing, it is simply no longer possible to stop the flow of information.

Proliferation defense
So, how should the enterprise respond to these disclosures? While vulnerabilities can be patched, the majority of the disclosed tools cannot be patched out. In fact, many are "features" of the operating systems in which they run.

However, mitigation can be performed through effective defense-in-depth. The key areas are patch management, proper network segmentation (DMZ, Internal and Management), centralized logging, multi-factor authentication, password security policy, web proxy (inbound and outbound), endpoint detection and response, and anti-phishing technology.

As technology continues to evolve, so do attacks. Over the last five years, remotely exploitable zero-day vulnerabilities continue to fall while credential harvesting, password weakness and ineffective patch management continue to rise. Only a thorough and comprehensive strategy can stop highly targeted and damaging cyber attacks.

https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=911

===

by Idham Azhari


Virus-free. www.avg.com

Wednesday, December 6, 2017

In 2018, Get Ready to (Finally) Embrace Virtual and Augmented Reality

In 2018, Get Ready to (Finally) Embrace Virtual and Augmented Reality

For 2018 trends, we asked an expert on what entrepreneurs can expect this coming year in storytelling. 

Understanding your audience matters. It always has, and it always will. In that way, storytelling never changes. But technology and consumer behavior are changing faster than most existing models can keep up with, and 2018 will be an extremely interesting time for entrepreneurs who are in the business of storytelling -- or, frankly, who are just looking to tell stories about their business...

https://www.entrepreneur.com/article/304478

===

by Idham Azhari


Virus-free. www.avg.com

Tuesday, December 5, 2017

Delivering Disruptive Innovation Using the COBIT 5 Framework

Delivering Disruptive Innovation Using the COBIT 5 Framework


In today's competitive and dynamic business environment, it is mandatory to have disruptive innovation capability or capabilities both for growing a business and protecting existing markets. Yet delivering disruptive innovation needs new mindsets and behaviors for organization leaders and the organizations they lead. This article describes how to use the COBIT 5 framework to deliver disruptive innovation.


"Those who disrupt their industries change consumer behavior, alter economics, and transform lives."1


What Is Disruptive Innovation?

Disruptive innovation2 describes a process whereby a smaller organization (entrant) with fewer resources is able to successfully challenge an established, successful competitor (incumbent) (figure 1). Specifically, as the large organization focuses on improving its products/services for its most demanding (and, usually, most profitable) customers, it exceeds the needs of some segments and ignores the needs of others. The entrant begins by successfully targeting those overlooked segments, gaining a foothold by delivering more suitable functionality, frequently at a lower price. For example, with Google Apps, Google challenged conventional word processing, calendaring and spreadsheet programs. By focusing on simplicity, effectiveness, collaboration and the cloud, it has created an industry for online integrated document sharing...


http://www.isaca.org/COBIT/focus/Pages/delivering-disruptive-innovation-using-the-cobit-5-framework.aspx


===


by Idham Azhari




Virus-free. www.avg.com

Monday, December 4, 2017

10 Things You Should Remove From Your Resume

10 Things You Should Remove From Your Resume

The world of work is unpredictable. You could be happily employed one day, and then shown the door the next. You never know what will happen from day to day. If you were let go from your job or if you're not being challenged or paid well enough at your current job, you're likely preparing to look for a new job.  You've got your interview suit ready, you have a list of practice questions, and you've perfected your pre-interview chit-chat skills. But is your resume up to the challenge?

Remember that the resume that got you your current job isn't necessarily going to help you get your next job. Each career move will require you to update your resume in some way. This is especially true if you haven't interviewed for a job in several years. You may be devoting most of your energy to adding new skills and work experience, but removing experience can be just as important. Here are 10 things you must remove from your resume right now...

https://www.cheatsheet.com/money-career/things-you-should-remove-from-your-resume.html/?a=viewall

===

by Idham Azhari


Virus-free. www.avg.com