Sunday, October 23, 2016
Wednesday, October 19, 2016
Check out the thrilling and action packed official trailer for "Assassin's Creed" based on the highly popular game of the same name starring Michael Fassbender, Marion Cotillard and Michael K Williams.
Check out this great and chilling extended promo trailer building up to the long awaited TWD season 7 premier this Sunday.
Monday, October 10, 2016
(The Big Disrupt) Cybersecurity: The fine rewards for failure –Why the Cybersecurity industry is set to explode and why that's bad thing
All companies, much like the people who own and work for them, don't like failing and for good reason. Failure means bad earnings, job losses and lawsuits but failure in cybersecurity is currently driving a growth market.
You might be wondering how this is possible but the answer is simple; bad timing. With the advent of IoT, the internet is expanding into the physical world at a rate CIO's and CISO's can't handle which is why a growing number of the devices we own from fitness trackers, smartphones and even household appliances are vulnerable and at the mercy of hackers looking to steal valuable data to sell on the black market. What makes this worse is that CIO's and CISO's can't hire this problem away as the cybersecurity market has been thin.
The upshot of all this has made cybersecurity the safest career path in corporate history despite organizations across the board reporting large data breaches. However, careers are made and lost at a blink of the eye as CIO's and CISO's are often the fall guys when things fall apart. While CIO's and CISO's are naturally targets for blame when an organization experiences a breach, CIO's and CISO's are fighting a losing battle where they're asked to play an expensive game of whack-a-mole where the moles are getting smarter and the holes are expanding.
Oorganisations, now realising that suffering a breach is question of if rather than when, are coming to grips with the fact that they need contingency plan beyond a hokey and unassuring press release and sharp spike in their legal firm's monthly retainer. In searching for that contingency, a number of organisations have taken out a cyber insurance policy which has turned cyber insurance from a relatively dormant sideshow insurers used to upsell customers to one of the hottest markets in insurance. Some commentators see cyber insurance as a way to encourage organisations to improve their security posture but with the cover of an cyber insurance policy, organisations also have an incentive to lean on their insurance should the worst happen.
What all this means is that the expansion of the internet into the real world via IoT couldn't have come at worst time when corporations and governments cannot guarantee the safety of their large computer networks and yet spent billions expanding them creating booming markets in securing devices that predicted to be at least three times number of humans on earth. Insanity is doing the same thing and expecting different results and by that measure just about every major corporation embracing the vast expansion of the internet into the real world are certifiable.
In sum, cybersecurity is a fine industry if you like job security but if you like to avoid record breaking failure on a yearly basis, cybersecurity is not for you.
Tuesday, October 4, 2016
We at the Carnage Report have been writing piece after piece about the sorry state of IoT security and cybersecurity in general and as things stand, the features on this topic are set to continue and even increase in scale.
When the Nobel prize winning economist Ronald Coase asked "why do firms exist?", he answered his own question citing that firms exist to lower transaction costs entrepreneurs would have negotiate and pay for and in the open market without one 1. While Coase's observation may seem obvious and unrelated to the sorry state of IoT security, it's quite difficult to understand why is so vulnerable to attacks without his simple but profound answer.
In the age of the internet, transaction costs have sunk dramatically making everything from watching movies and starting a business easier and cheaper than ever before. While the great fall in transaction costs has been one of the great drivers of change and innovation in the last few years, it's also the reason why Yahoo's recent record 500 million data breach will almost certainly be beaten. Record low transaction costs have been good for everybody from startups to behemoths like Google and Facebook however, low transaction costs have also been good for another group: hackers.
Low transaction costs are why hackers can launch attacks at scale for a pittance and breach large but vulnerable corporate networks and steal data to sell on online black markets for huge payouts. The most unfortunate group in the low transaction cost environment are ironically companies like Yahoo and LinkedIn who have thrived because of it and helped shape it. Large companies from Target to Anthem have fell victim to data breaches compromising their network and have paid a heavy price in reputational damage and lawyer fees dealing with the fallout of a hack.
Hackers on the other hand however have made bank selling data in bulk either ransoming companies for their data or selling it on black markets if they don't pay up. Where IoT security comes in to this low transaction cost environment is that it takes the advantage hackers have over large companies expands it tenfold.
The transaction cost for hackers are significantly lower than most companies which allows hackers to hack IoT devices at scale and use those devices to record breaking DDoS attacks. Despite all the advantages large organizations have in staff, budget, and expertise, these advantages are rendered obsolete by the fact that hackers have low transaction costs and thus a much wider margin of error as they only have to find one entry point while organizations have secure an ever increasing number of them thanks to the increasing use of IoT enabled devices.
What makes this worse is that hackers collaborate in increasingly innovative new ways to hack into devices while organizations are less than willing to reveal data breaches never mind sharing and collaborating with other organizations making it harder for hackers to hit companies with the same exploits again and again. However, while hackers have the upper hand over large organizations, their advantage is enhanced by the outright irresponsible mindset most executives have towards security.
This blasé mindset is rampant in the IoT marketplace as company after company from Intel to AT&T rush to market and sell poorly patched or unpatchable IoT enabled devices to consumers knowing full well how vulnerable their devices are. Well respected CIO's with a straight face have come out in public and lauded the "ship first, patch later" approach to selling IoT enabled devices from smart TV's to smart fridges as if they're not aware that the scale on which IoT devices operates won't leave their customers at the mercy of hackers who openly brag about how easy it is to compromise IoT devices.
In no other industry can executives get away with this level of carelessness and be heavily compensated for it but in IT, it's the norm. We've seen similar levels of neglect when PC's and laptops were introduced into the market and customers we're more or less left to deal with the fallout when their device was hacked. We've seen similar neglect of the security question with the increased use of smartphones and now where seeing it with IoT enabled devices but this time the price of the neglect will be hard to ignore.
In sum, the state of security and cybersecurity in general has been in a sorry state for a long time and all time lows in transaction costs have made the glaring security vulnerabilities and incredibly relaxed mindset about security among executives clear for all to see and if neither are addressed, the exploding market for stolen data, ransomware and malware will be the least of our problems.
- R.H.Coase,1937, The Nature of the Firm , http://www.colorado.edu/ibs/es/alston/econ4504/readings/The%20Nature%20of%20the%20Firm%20by%20Coase.pdf