10 Predictions How AI Will Improve Cybersecurity In 2020 By Louis Columbus

10 Predictions How AI Will Improve Cybersecurity In 2020

Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.

Cybersecurity is at an inflection point entering 2020. Advances in AI and machine learning are accelerating its technological progress. Real-time data and analytics are making it possible to build stronger business cases, driving higher adoption. Cybersecurity spending has rarely been linked to increasing revenues or reducing costs, but that’s about to change in 2020.

What Leading Cybersecurity Experts Are Predicting For 2020

Interested in what the leading cybersecurity experts are thinking will happen in 2020, I contacted five of them. Experts I spoke with include Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software; Dr. Torsten George, Cybersecurity Evangelist at Centrify; Craig Sanderson, Vice President of Security Products at Infoblox; Josh Johnston, Director of AI, Kount; and Brian Foster, Senior Vice President Product Management at MobileIron. Each of them brings a knowledgeable, insightful, and unique perspective to how AI and machine learning will improve cybersecurity in 2020. The following are their ten predictions:

  1. AI and machine learning will continue to enable asset management improvements that also deliver exponential gains in IT security by providing greater endpoint resiliency in 2020. Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, observes that “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space, accelerating in 2020 as more enterprises choose greater resiliency to secure endpoints.”
  2. AI tools will continue to improve at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams. Nicko van Someren, Ph.D., and CTO at Absolute Software also predict that“Enterprise executives will be concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase.”
  3. Threat actors will increase the use of AI to analyze defense mechanisms and simulate behavioral patterns to bypass security controls, leveraging analytics to and machine learning to hack into organizations. Dr. Torsten George, Cybersecurity Evangelist at Centrify, predicts that “threat actors, many of them state-sponsored, will increase their use and sophistication of AI algorithms to analyze organizations’’ defense mechanisms and tailor attacks to specific weak areas. He also sees the threat of bad actors being able to plug into the data streams of organizations and use the data to further orchestrate sophisticated attacks.”
  4. Given the severe shortage of experienced security operations resources and the sheer volume of data that most organizations are trying to work through, we are likely to see organizations seeking out AI/ML capabilities to automate their security operations processes. Craig Sanderson, Vice President of Security Products at Infoblox also predicts that “while AI and machine learning will increasingly be used to detect new threats it still leaves organizations with the task of understanding the scope, severity, and veracity of that threat to inform an effective response. As security operations becomes a big data problem it necessitates big data solutions.”
  5. There’s going to be a greater need for adversarial machine learning to combat supply chain corruption in 2020. Sean Tierney, Director of Threat Intelligence at Infoblox, predicts that “the need for adversarial machine learning to combat supply chain corruption is going to increase in 2020. Sean predicts that the big problem with remote coworking spaces is determining who has access to what data. As a result, AI will become more prevalent in traditional business processes and be used to identify if a supply chain has been corrupted.”
  6. Artificial intelligence will become more prevalent in account takeover—both the proliferation and prevention of it. Josh Johnston, Director of AI at Kount, predicts that “the average consumer will realize that passwords are not providing enough account protection and that every account they have is vulnerable. Captcha won’t be reliable either, because while it can tell if someone is a bot, it can’t confirm that the person attempting to log in is the account holder. AI can recognize a returning user. AI will be key in protecting the entire customer journey, from account creation to account takeover, to a payment transaction. And, AI will allow businesses to establish a relationship with their account holders that are protected by more than just a password.”
  7. Consumers will take greater control of their data sharing and privacy in 2020. Brian Foster, Senior Vice President Product Management at MobileIron, observes that over the past few years, we’ve witnessed some of the biggest privacy and data breaches. As a result of the backlash, tech giants such as Apple, Google, Facebook and Amazon beefed up their privacy controls to gain back trust from customers. Now, the tables have turned in favor of consumers and companies will have to put privacy first to stay in business. Moving forward, consumers will own their data, which means they will be able to selectively share it with third parties, but most importantly, they will get their data back after sharing, unlike in years past.
  8. As cybersecurity threats evolve, we’ll fight AI with AI. Brian Foster, Senior Vice President Product Management at MobileIron, notes that the most successful cyberattacks are executed by highly professional criminal networks that leverage AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. All of this makes it extremely hard for IT security organizations to keep up — much less stay ahead of these threats. While an attacker only needs to find one open door in an enterprise’s security, the enterprise must race to lock all of the doors. AI conducts this at a pace and thoroughness human ability can no longer compete with, and businesses will finally take notice in 2020.
  9. AI and machine learning will thwart compromised hardware finding its way into organizations’ supply chains. Rising demand for electronic components will expand the market for counterfeit components and cloned products, increasing the threat of compromised hardware finding its way into organizations’ supply chains. The vectors for hardware supply-chain attacks are expanding as market demand for more and cheaper chips, and components drive a booming business for hardware counterfeiters and cloners. This expansion is likely to create greater opportunities for compromise by both nation-state and cybercriminal threat actors. Source: 2020 Cybersecurity Threats Trends Outlook; Booz, Allen, Hamilton, 2019.
  10. Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security. Capgemini found that nearly one in five organizations were using AI to improve cybersecurity before 2019. In addition to network security, data security, endpoint security, and identity and access management are the highest priority use cases for improving cybersecurity with AI in enterprises today. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.

10 Predictions How AI Will Improve Cybersecurity In 2020

Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2YsQnOo

Data, Data Everywhere…. By Dave Brock

“Water water everywhere, Nor a drop to drink…” is a famous line from Coleridge’s “The Rime Of The Ancient Mariner.”

At a recent lunch, my friend, Tim Ohai, and I were talking about problems we see with too many managers. Today’s tools provide sales people and leaders more data than we have ever had before.

We can measure about every activity we undertake, every engagement with our customers. We have endless pipeline, performance, customer activity, competitive and other data. We have data going back years, enabling us to understand shifts or changes over time. Analytics and AI enable new ways to look at data, and provide, potentially, new insights.

Yet despite all this data, we are often unable to figure out what going on or what corrective actions to take.

What happens, why are we unable to “see” despite the abundance of data and information?

There are several factors contributing to this.

First, we tend to look at too much data. The data that’s really useful is hidden in plain sight. It’s there, but we miss it in all the other data that’s available. Because we can collect so much, we do so, at the same time masking that which is most important.

The second is a bit of a corollary to the first point. If we don’t know what we should be looking at, that information that’s most useful; we collect everything. We look at all the data, hoping the answers will emerge. If some data is good, more data must be better. In reality, it may just be distracting, confusing, or misleading.

This leads us to the third point. The data, even the right data points don’t tell us what’s causing the results we are measuring. We have to dig below the numbers to understand what, why, how things are happening. So the data is just the starting point. Too often, managers look at is at the end.

Bad win rates, improve your deal strategies. Weak pipelines, prospect. Not enough new opportunities, prospect more. Doing more always seems to be the answer to any numbers problem. Yet doing more seldom focuses on the root issues or causal factors.

Leveraging data effectively means you have to be curious about the data, what it means, why we get the numbers we get, and what we can do about shifting the results.

The corollary to this is that once we dig under the data, understanding what’s really happening and why, then we have to do something about it. We must act, we must change, we must determine what we must do to shift the numbers in the desired direction, and how to do it most effectively. Then we have to have the courage to stick with those decisions.

And now we come to a fifth point in our journey to understand how to effectively leverage data. No data point is forever. Sometimes, we need to shift our focus and look at different things. For example, activity metrics have limitations. Just focusing on them, may be useful for some time, but when we’ve leveraged them as much as possible, continuing to focus on them won’t improve things–and may cause us to miss other things.

Periodically, we should shift those data points we key on, extracting what we can for as long as we can, then moving on to focus on something different.

Then we have to understand the difference in data types and how we leverage them. There are process indicators, output indicators, leading, and trailing indicators. Each tell us different things, we leverage each differently.

In my experience, there are only a small number of data points critical to understanding and driving performance. The trick is understanding those that are most useful for the situations we must address. The human mind–both our own and our people can’t deal with more than a few things. We best use the data available to us when we determine the few metrics most critical to success right now, focusing viciously on those, then moving on.

We are both blessed and cursed by data. Used well, it is a blessing.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/38geZ11

7 Ways AI Reduces Mobile Fraud Just in Time For the Holidays By Louis Columbus

7 Ways AI Reduces Mobile Fraud Just In Time For The Holidays

  • There has been a 680% increase in global fraud transactions from mobile apps from October 2015 to December 2018, according to RSA.
  • 70% of fraudulent transactions originated in the mobile channel in 2018.
  • RSA’s Anti-Fraud Command Center saw phishing attacks increase 178% after leading banks in Spain launched instant transfer services.
  • Rogue mobile apps are proliferating with, 20% of all reported cyberattacks originating from mobile apps in 2018 alone.

On average, there are 82 new rogue applications submitted per day to any given AppExchange or application platform, all designed to defraud consumers. Mobile and digital commerce are cybercriminals’ favorite attack surfaces because they are succeeding with a broad base of strategies for defrauding people and businesses.

Phishing, malware, smishing, or the use of SMS texts rather than email to launch phishing attempts are succeeding in gaining access to victims’ account credentials, credit card numbers, and personal information to launch identity theft breaches. The RSA is seeing an arms race between cybercriminals and mobile OS providers with criminals improving their malware to stay at parity or leapfrog new versions and security patches of mobile operating systems.

Improving Mobile Fraud Prevention With AI And Machine Learning

Creating a series of rogue applications and successfully uploading them into an AppExchange or application store gives cybercriminals immediate access to global markets. Hacking mobile apps and devices is one of the fastest-growing cybercriminal markets, one with 6.8B mobile users worldwide this year, projected to increase to 7.3B in 2023, according to The Radicati Group. The total number of mobile devices, including both phones and tablets, will be over 13B by the end of 2019, according to the research firm. And a small percentage of mobile fraud transactions get reported, with mobile fraud losses reported totaling just over $40M across 14,392 breaches according to the U.S. Federal Trade Commission. Mobile fraud is an epidemic that needs to be fought with state-of-the-art approaches based on AI and machine learning’s innate strengths.

Traditional approaches to thwarting digital fraud rely on rules engines that thrive on detecting and taking action based on established, known patterns, and are often hard-coded into a merchant’s system. Fraud analyst teams further customize rules engines to reflect the unique requirements of the merchants’ selling strategies across each channel. Fine-tuning rules engines makes them effective at recognizing and taking action on known threat patterns. The challenge for every merchant relying on a fraud rules engine is that they often don’t catch the latest patterns in cybercriminal activity. Where rules-based approaches to digital fraud don’t scale, AI, and machine learning do.

Exploring The 7 Ways AI Is Reducing Mobile Fraud

Where rules engines are best suited for spotting existing trends in fraud activity, machine learning excels at classifying observations (called supervised machine learning) and finding anomalies in data by finding entirely new patterns and associations (called unsupervised machine learning). Combining supervised and unsupervised machine learning algorithms are proving to be very effective at reducing mobile fraud. The following are the seven ways AI and machine learning are reducing mobile fraud today:

  1. AI and machine learning reduce false positives by interpreting the nuances of specific behaviors and accurately predicting if a transaction is fraudulent or not. Merchants are relying on AI and machine learning to reduce false positives, saving their customers from having to re-authenticate who they are and their payment method. A false positive at that first interaction with a customer is going to reduce the amount of money that they spend with a merchant, so it’s very important to interpret each transaction accurately.
  2. Identifying and thwarting merchant fraud based on anomalous activity from a compromised mobile device. Cybercriminals are relying on SIM swapping to gain control of mobile devices and commit fraud, as the recent hack of Twitter’s founder Jack Dorsey illustrates. Hackers were able to transfer his telephone number using SIM swapping and by talking Dorsey’s mobile service provider to bypass the account passcode. Fortunately, only his Twitter account was hacked. Any app or account accessible on his phone could have been breached, leading to fraudulent bank transfers or purchases. The attack could have been thwarted if Jack Dorsey’s mobile service provider was using AI-based risk scoring to detect and act on anomalous activity.
  3. AI and machine learning-based techniques scale across a wider breadth of merchants than any rules-based approach to mobile fraud prevention can. Machine learning-based models scale and learn across different industries in real-time, accumulating valuable data that improves payment fraud prediction accuracy. Kount’s Universal Data Network is noteworthy, as it includes billions of transactions over 12 years, 6,500 customers, 180+ countries and territories, and multiple payment networks. That rich data feeds Kount’s machine learning models to detect anomalies more accurately and reduce false positives and chargebacks.
  4. Combining supervised and unsupervised machine learning algorithms translates into a formidable speed advantage, with fraudulent transactions identified on average in 250 milliseconds. Merchants’ digital business models’ scale and speed are increasing, and with the holidays coming up, there’s a high probability many will set mobile commerce sales records. The merchants who will gain the most sales are focusing on how security and customer experience can complement each other. Being able to approve or reject a transaction within a second or less is the cornerstone of an excellent customer buying experience.
  5. Knowing when to use two-factor authentication via SMS or Voice PIN to reduce false negatives or not, preserving customer relationships in the process. Rules engines will often take a brute-force approach to authentication if any of the factors they’re tracking show a given transaction is potentially fraudulent. Requesting customers authenticate themselves after they’re logged into a merchant’s site when they attempt to buy an item is a sure way to lose a customer for life. By being able to spot anomalies quickly, fewer customers are forced to re-authenticate themselves, and customer relationships are preserved. And when transactions are indeed fraudulent, losses have been averted in less than a second.
  6. Provide a real-time transaction risk score that combines the strengths of supervised and unsupervised machine learning into a single fraud prevention payment score. Merchants need a real-time transaction risk score that applies to every channel they sell, though. Fraud rules engines had to be tailored to each specific selling channel with specific rules for each type of transaction. That’s no longer the case due to machine learnings’ ability to scale across all channels and provide a transaction risk score in milliseconds. Leaders in this area include Kount’s Omniscore, the actionable transaction safety rating that is a result of their AI, which combines patented, proprietary supervised and unsupervised machine learning algorithms and technologies.
  7. Combining insights from supervised and unsupervised machine learning with contextual intelligence of transactions frees up fraud analysts to do more investigations and fewer transaction reviews. AI and machine learning-based fraud prevention systems’ first contribution is often reducing the time fraud analysts take for manual reviews. Digitally-based businesses I’ve talked with say having supervised machine learning categorize and then predict fraudulent attempts is invaluable from a time-saving standpoint alone. Merchants are finding AI, and machine learning-based approaches enable to score to approve more orders automatically, reject more orders automatically, and focus on those gray area orders, freeing up fraud analysts to do more strategic, rewarding work. They’re able to find more sophisticated, nuanced abuse attacks like refer a friend abuse or a promotion abuse or seller collusion in a marketplace. Letting the model do the work of true payment fraud prevention frees up those fraud analysts to do other worth that add value.

Conclusion

With the holiday season rapidly approaching, it’s time for merchants to look at how they can protect mobile transactions at scale across all selling channels. AI and machine learning are proving themselves as viable replacements to traditional rules engines that rely on predictable, known fraud patterns. With 70% of fraudulent transactions originating in the mobile channel in 2018 and the influx of orders coming in the next three months, now would be a good time for merchants to increase their ability to thwart mobile fraud while reducing false positives that alienate customers.

Sources:

RSA 2019 Current State of Cybercrime Report (11 pp., PDF, opt-in)

The Radicati Group, Mobile Statistics Report, 2019 – 2023 (3 pp., PDF, no opt-in)

U.S. Federal Trade Commission, Consumer Sentinel Network, Data Book 2018 (90 pp., PDF, no opt-in)

via Technology & Innovation Articles on Business 2 Community http://bit.ly/33RJQ0J

How to Excel at Secured Cloud Migrations With a Shared Responsibility Model By Louis Columbus

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • 60% of security and IT professionals state that security is the leading challenge with cloud migrations, despite not being clear about who is responsible for securing cloud environments.
  • 71% understand that controlling privileged access to cloud service administrative accounts is a critical concern, yet only 53% cite secure access to cloud workloads as a key objective of their cloud Privileged Access Management (PAM) strategies.

These and many other fascinating insights are from the recent Centrify survey, Reducing Risk in Cloud Migrations: Controlling Privileged Access to Hybrid and Multi-Cloud Environments, downloadable here. The survey is based on a survey of over 700 respondents from the United States, Canada, and the UK from over 50 vertical markets, with technology (21%), finance (14%), education (10%), government (10%) and healthcare (9%) being the top five. For additional details on the methodology, please see page 14 of the study.

What makes this study noteworthy is how it provides a candid, honest assessment of how enterprises can make cloud migrations more secure by a better understanding of who is responsible for securing privileged access to cloud administrative accounts and workloads.

Key insights from the study include the following:

  • Improved speed of IT services delivery (65%) and lowered total cost of ownership (54%) are the two top factors driving cloud migrations today. Additional factors include greater flexibility in responding to market changes (40%), outsourcing IT functions that don’t create competitive differentiation (22%), and increased competitiveness (17%). Reducing time-to-market for new systems and applications is one of the primary catalysts driving cloud migrations today, making it imperative for every organization to build security policies and systems into their cloud initiatives.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • Security is the greatest challenge to cloud migration by a wide margin. 60% of organizations define security as the most significant challenge they face with cloud migrations today. One in three sees the cost of migration (35%) and lack of expertise (30%) being the second and third greatest impediments to cloud migration project succeeding. Organizations are facing constant financial and time constraints to achieve cloud migrations on schedule to support time-to-market initiatives. No organization can afford the lost time and expense of an attempted or successful breach impeding cloud migration progress.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • 71% of organizations are implementing privileged access controls to manage their cloud services. However, as the privilege becomes more task-, role-, or access-specific, there is a diminishing interest of securing these levels of privileged access as a goal, evidenced by only 53% of organizations securing access to the workloads and containers they have moved to the cloud. The following graphic reflects the results.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • An alarmingly high 60% of organizations incorrectly view the cloud provider as being responsible for securing privileged access to cloud workloads. It’s shocking how many customers of AWS and other public cloud providers are falling for the myth that cloud service providers can completely protect their customized, highly individualized cloud instances. The native Identity and Access Management (IAM) capabilities offered by AWS, Microsoft Azure, Google Cloud, and others provide enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to adequately address the more challenging, complex areas of IAM and Privileged Access Management (PAM) in hybrid or multi-cloud environments, however. For an expanded discussion of the Shared Responsibility Model, please see The Truth About Privileged Access Security On AWS and Other Public Clouds. The following is a graphic from the survey and Amazon Web Services’ interpretation of the Shared Responsibility Model.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • Implementing a common security model in the cloud, on-premises, and in hybrid environments is the most proven approach to making cloud migrations more secure. Migrating cloud instances securely needs to start with Multi-Factor Authentication (MFA), deploying a common privileged access security model equivalent to on-premises and cloud systems, and utilizing enterprise directory accounts for privileged access. These three initial steps set the foundation for implementing least privilege access. It’s been a major challenge for organizations to do this, particularly in cloud environments, as 68% are not eliminating local privilege accounts in favor of federated access controls and are still using root accounts outside of “break glass” scenarios. Even more concerning, 57% are not implementing least privilege access to limit lateral movement and enforce just-enough, just-in-time-access.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • When it comes to securing access to cloud environments, organizations don’t have to re-invent the wheel. Best practices from securing on-premises data centers and workloads can often be successful in securing privileged access in cloud and hybrid environments as well.

Conclusion

The study provides four key takeaways for anyone working to make cloud migrations more secure. First, all organizations need to understand that privileged access to cloud environments is your responsibility, not your cloud providers’. Second, adopt a modern approach to Privileged Access Management that enforces least privilege, prioritizing “just enough, just-in-time” access. Third, employ a common security model across on-premises, cloud, and hybrid environments. Fourth and most important, modernize your security approach by considering how cloud-based PAM systems can help to make cloud migrations more secure.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/385TCiW

7 Signs It’s Time To Get Focused On Zero Trust By Louis Columbus

7 Signs It’s Time To Get Focused On Zero Trust

When an experienced hacker can gain access to a company’s accounting and financial systems in 7 minutes or less after obtaining privileged access credentials, according to Ponemon, it’s time to get focused on Zero Trust Security. 2019 is on its way to being a record year for ransomware attacks, which grew 118% in Q1 of this year alone, according to McAfee Labs Threat Report. Data breaches on healthcare providers reached an all-time high in July of this year driven by the demand for healthcare records that range in price from $250 to over $1,000 becoming best-sellers on the Dark Web. Cybercriminals are using AI, bots, machine learning, and social engineering techniques as part of sophisticated, well-orchestrated strategies to gain access to banking, financial services, healthcare systems, and many other industries’ systems today.

Enterprises Need Greater Urgency Around Zero Trust

The escalating severity of cyberattacks and their success rates are proving that traditional approaches to cybersecurity based on “trust but verify” aren’t working anymore. What’s needed is more of a Zero Trust-based approach to managing every aspect of cybersecurity. By definition, Zero Trust is predicated on a “never trust, always verify” approach to access, from inside or outside the network. Enterprises need to begin with a Zero Trust Privilege-based strategy that verifies who is requesting access, the context of the request, and the risk of the access environment.

How urgent is it for enterprises to adopt Zero Trust? A recent survey of 2,000 full-time UK workers, completed by Censuswide in collaboration with Centrify, provides seven signs it’s time for enterprises to get a greater sense of urgency regarding their Zero Trust frameworks and initiatives. The seven signs are as follows:

  1. 77% of organizations’ workers admit that they have never received any form of cybersecurity skills training from their employer. In this day and age, it’s mind-blowing that three of every four organizations aren’t providing at least basic cybersecurity training, whether they intend to adopt Zero Trust or not. It’s like freely handing out driver’s licenses to anyone who wants one so they can drive the freeways of Los Angeles or San Francisco. The greater the training, the safer the driver. Likewise, the greater the cybersecurity training, the safer the worker, company and customers they serve.
  2. 69% of employees doubt the cybersecurity processes in place in their organizations today. When the majority of employees don’t trust the security processes in place in an organization, they invent their own, often bringing their favorite security solutions into an enterprise. Shadow IT proliferates, productivity often slows down, and enterprise is more at risk of a breach than ever before. When there’s no governance or structure to managing data, cybercriminals flourish.
  3. 63% of British workers interviewed do not realize that unauthorized access to an email account without the owner’s permission is a criminal offense. It’s astounding that nearly two-thirds of the workers in an organization aren’t aware that unauthorized access to another person’s email account without their permission is a crime. The UK passed into law 30 years ago the Computer Misuse Act. The law was created to protect individuals’ and organizations’ electronic data. The Act makes it a crime to access or modify data stored on a computer without authorization to do so. The penalties are steep for anyone found guilty of gaining access to a computer without permission, starting with up to two years in prison and a £5,000 fine. It’s alarming how high the lack of awareness is of this law, and an urgent call to action to prioritize organization-wide cybersecurity training.
  4. 27% of workers use the same password for multiple accounts. The Consensus survey finds that workers are using identical passwords for their work systems, social media accounts, and both personal and professional e-mail accounts. Cybersecurity training can help reduce this practice, but Zero Trust is badly needed to protect privileged access credentials that may have identical passwords to someone’s Facebook account, for example.
  5. 14% of employees admitted to keeping their passwords recorded in an unsecured handwritten notebook or on their desk in the office. Organizations need to make it as difficult as possible for bad actors and cybercriminals to gain access to passwords instead of sharing them in handwritten notebooks and on Post-It notes. Any organization with this problem needs to immediately adopt Multi-Factor Authentication (MFA) as an additional security measure to ensure compromised passwords don’t lead to unauthorized access. For privileged accounts, use a password vault, which can make handwritten password notes (and shared passwords altogether) obsolete.
  6. 14% do not use multi-factor authentication for apps or services unless forced to do so. Centrify also found that 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure unsecured. Not securing privileged access credentials with MFA or, at the very least, vaulting them is like handing the keys to the kingdom to cybercriminals going after privileged account access. Securing privileged credentials needs to begin with a Zero Trust-based approach that verifies who is requesting access, the context of the request, and the risk of the access environment.
  7. 1 out of every 25 employees hacks into a colleague’s email account without permission. In the UK, this would be considered a violation of the Computer Misuse Act, which has some unfortunate outcomes for those found guilty of violating it. The Censuswide survey also found that one in 20 workers have logged into friend’s Facebook accounts without permission. If you work in an organization of over 1,000 people, for example, 40 people in your company have most likely hacked into a colleague’s email account, opening up your entire company to legal liability.

Conclusion

Leaving cybersecurity to chance and hoping employees will do the right thing isn’t a strategy; it’s an open invitation to get hacked. The Censuswide survey and many others like it reflect a fundamental truth that cybersecurity needs to become part of the muscle memory of any organization to be effective. As traditional IT network perimeters dissolve, enterprises need to replace “trust but verify” with a Zero Trust-based framework. Zero Trust Privilege mandates a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. Leaders in this area include Centrify, who combines password vaulting with brokering of identities, multi-factor authentication enforcement, and “just enough” privilege, all while securing remote access and monitoring of all privileged sessions.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2ra0QC6

5 Great Free Finance Apps for Android By Barry David Moore

Slowly but surely the world’s internet users are using their smartphones rather than desktop machines or even tablets. The younger generation is nearly exclusively using their phones.

There are thousands of stock market & finance market apps on the Android Play store but the key is to find a company offering a useful service that also has a great App. Usability is the key to a great app because there is so much less screen real-estate in play.

Here are 5 of my favorite free apps for Android users.

  1. TradingView – Best Stock Charts & Social Investing App
  2. Firstrade – Best App To Buy Stocks Free $0 Commissions
  3. M1 Finance – Best App for Automated Robo Investing
  4. TC2000 – Best for U.S.A. & Canada Stock Analysis & Trading
  5. Yahoo Finance – Best App for Free Stocks News & Tickers

TradingView – Best Stock Charts & Social Investing App

The incredible thing about TradingView is that they do not even need an app for smartphones or tablets simply go to TradingView.com and it is up and running, no installation no problems.

TradingView’s platform is at the cutting edge of HTML5 development, which simply means, whatever device you use TradingView on, it will be visually perfect due to the incredible responsive software design. This means you do not need to sync your data across devices it is already there. Tradingview is the software I use every day and because it is geared around social interaction, learning and community ideas, it is a fabulous place to be.

TradingView, of course, does have an app on the Play Store with a 4 Star Rating.

Firstrade – Best App To Buy Stocks Free $0 Commissions

Firstrade is the best broker you have never heard of. They came in second in our broker review in 2017, but the moved to commission-free stock trades in August 2018.

But let’s talk mobile trading apps because that’s why you are here.

The Firstrade stock trading app allows you to manage your portfolio seamlessly, you can trade stocks, options, and ETF’s commission-free directly from your phone.

Firstrade is a large brokerage and you need to open a brokerage account to be able to take advantage of the app.

M1 Finance – Best App for Automated Robo Investing

Uniquely, M1 Finance lets you copy expert portfolios or build your own. Furthermore, M1 offers both automatic and manual investing. Thus, M1 is a great resource for serious investors busy with careers or families.

The great advantage to M1 is that allows automatic investing based on your preferences. Hence, M1 is perfect for serious investors with little spare time. In addition, M1 Finance offers no-fee e.g. Zero Commissions investing. You can also utilize their additional borrowing and current account services

TC2000 – Best for U.S.A. & Canada Stock Analysis & Trading

While the current reviews on the stores suggest some technical issues, TC2000 has recently been updated to run natively on all devices, I have tested it and the new version is great.

I have been a Platinum subscriber with TC2000 for 20 years. Why, because they offer simply the best-integrated charting and real-time fundamental scanning and screening service available.

It is an incredibly powerful yet easy to use stock analysis suite.

TC2000 is ideal for those wanting to trade and invest in the U.S. and Canadian stock market as international exchanges are not supported.

Yahoo Finance – Best App for Free Stocks News & Tickers

If you are looking for easy-to-read market news and data, Yahoo Finance is still one of the best apps around. In addition, Yahoo!! Finance offers access to a wide variety of market-oriented videos.

Including clips from popular news shows and interviews with business leaders.

There are features that allow you to trade stocks and follow over 100 cryptocurrencies in the Yahoo! Finance App. The Yahoo! Finance App is available for Android in Google Play.

Yes, you heard correctly you can trade directly from Yahoo Finance.

In fact, surprisingly Yahoo Finance has a huge selection of broker integrations. So as opposed to going through the hassle of signing up with a specific broker you can use Yahoo to integrate with your broker

Original article published here: Top 10 Best Stock Market Apps for Android

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2qqBqzJ

G Suite Vs Office 365: How Do You Pick the Right One? By Dave Wallen

No matter which side of the G Suite Vs Office 365 fence you’re on, one fact is certain – a majority of enterprise workloads are either on the cloud or will be. The cloud, with its inherent scalability and collaboration mechanisms, is ideally suited for the modern organization. With a host of top-of-the-line SaaS options available, how does one pick the “right” SaaS platform for email and collaboration? One that will bring in maximum ROI and optimal benefits.

Cloud adoption can be an expensive exercise, in terms of cost and effort. Additionally, for the platform to be used effectively, training and adoption timelines can run into months. Hence it’s best to thoroughly examine the feature sets and capabilities of the SaaS solutions before selecting one. In this blog, we examine two of the most popular – G Suite and Office 365.

G Suite’s Advantages

Built for Mobile Usage
G Suite was built with a mobile-first design ethos. It works OOTB on a browser with a seamless device-agnostic UX from desktop to mobile devices. Owing to its leanness, it works at a high speed even with slow connectivity and low device processing power.

Designed for Distributed Workforces
G Suite pioneered cloud-based document collaboration — view comments and edits made by your distributed team in real-time. Documents, spreadsheets, and presentations can be viewed directly from your email, without opening separate apps.

Rapid Adoption
G Suite’s star quality would be usability. It’s intuitive enough for employees to use from the get-go with minimal training. Moreover, as personal GMail has such ubiquitous adoption, there will be existing familiarity with the UI and workings of G Suite. This is particularly helpful for SMBs, educational institutions and non-profits with non-technical users and stretched IT teams.

Office 365’s Advantages

Built for Occasionally Connected Users
The “origin” of Office 365 is Microsoft Office, a set of desktop tools that remains the gold standard for personal productivity. Consequently, Office 365 has robust desktop clients for both Windows and Mac, providing powerful productivity tools that allow users to work anywhere. This combined with the offline capabilities of OneDrive for Business helps employees to easily work offline on documents.

Seamless Transition to the Cloud
On-premises versions of Exchange and SharePoint have been the enterprise’s de-facto email and collaboration platform for decades, and employees who have been using it will be familiar with its cloud-based counterpart’s solutions. When using the desktop office applications or their web-based counterparts, users will be able to work the same way they always did,.

Support for Scalability
Office 365 comes with in-built integration with Azure and a centralized Admin Center with powerful management and compliance tools. It can thus effortlessly scale as your organization grows. Office 365 for business and enterprise options also have a spectrum of pricing options and provisions such as mixing licenses, suitable for a growing organization.

Picking the One That Fits

As with any org-wide platform, for it to be successfully adopted, what matters most is picking the solution that fits best in the organization, as opposed to picking the solution with maximum perceived features.

  • Start with a detailed analysis of your current landscape — software stack, data requirements, business workflows and goals, nature of workforce (remote/co-located, mobile/desktop users), etc.
  • Then understand the reasons why your organization is migrating. This will help you accurately gauge the ROI that the SaaS platform will bring to your organization by.
  • Map the business benefits you expect with the features in the SaaS platform that will accelerate/deliver them.
  • Reality-check their feasibility with the detailed analysis of your organization.

This will also help with planning the type of migration (phased rollout, email only, etc.), drawing accurate timelines and prioritizing the various phases of the migration.

Don’t Forget to Secure your Move to the Cloud

After you select the SaaS platform that’s right for your organization and move to it, don’t forget to secure it. SaaS data requires protection too. The best-in-class platforms cannot protect you from data loss at your end due to human/malicious errors, sync errors or malware.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2qnxHCR