Archive for October 26, 2018

Guest Post: How Much Is Your Company’s Data Worth?

Posted in Commentary on October 26, 2018 by itnerd

By: Kim Del Fierro, VP of Marketing for Area 1 Security

In the age of digital technology, the biggest asset any company has is its data. But despite hearing that fact repeated over and over, organizations often haven’t a clue what their data is worth. That’s no surprise, considering how difficult it is to measure the value of enterprise data without generally accepted accounting principles.

However, knowing the value of your data is extremely important for determining your cybersecurity measures. Insurance policy estimates also rely on value, so operating in a vacuum where we know only that data is “valuable” can be problematic. How can you calculate how much your company’s data is worth?

Finding the True Value of Your Data 

There are actually several ways to determine the value of your data in practical terms. For example, you can estimate the costs of replacing all the data that you have; you could try measuring how much data contributes to your organization’s revenue; or you could figure the income made by selling or renting your data if you were to turn it into Data-as-a-Service. However, calculating data value in these ways can be complex if your organization lacks deep analytic capabilities.

Figuring Data Value by the Costs of a Breach 

One valid and intelligent way to measure the worth of data is by examining the costs of a data breach. According to the Ponemon 2018 Cost of a Data Breach report, the average loss to the company caused by an attack is $148 per compromised record.

That means for breaches in which more than 50,000 records are compromised, damages could reach $6.9 million. Even that is nowhere near the scale of a truly massive, headline-grabbing  breach: one million compromised records could cost a company up to $39 million!

Securing Data and Its Value to the Company

The root cause of all this high risk and potentially massive damage is the phishing attack. When you place a quantifiable value on the data that your organization collects and processes, it’s easy to see why cybersecurity must become a top priority.

Once a phishing attack succeeds in installing malware on your system, your data is threatened by ransomware, theft of vital banking information and corporate credentials, and other crimes.

This is why Gartner names anti-phishing defense as essential to an overall protection architecture.

Data breaches are common occurrences, especially when hackers target humans as the weakest link in any cybersecurity system. Gartner notes Verizon’s statistic that phishing and pretexting encompass 98 percent of social incidents and 93 percent of breaches.

Through a phishing attack, a criminal needs for you to make only one miscalculation and click on a malicious link to enable breach of your organization and considerable financial damage. Because of this vulnerability, anti-phishing protection that preempts attacks before they become a threat should be the first course of action and best practice for protecting your organization—far more reliable than trying to train employees.

Area 1 Security offers the technology-based anti-phishing protection that Gartner recommends as a necessary element of an overall security infrastructure. A dedicated anti-phishing strategy can detect threats in advance and disable them before they reach the inbox. Don’t let a data breach force you to put a costly price tag on your organization’s data—protect that data from phishing and retain its value intact.

Microsoft’s Software Quality Has Become An #EpicFail

Posted in Commentary with tags on October 26, 2018 by itnerd

Almost a year ago, I called out Apple because their ability to QA their software was so horrific, that macOS shipped with an extremely dangerous flaw that somehow was never caught by their QA department. Apple has yet to fully recover from that as many other embarrassing issues cropped up after that. But fortunately for them the spotlight has been moved away from them and onto Microsoft because of their incredibly buggy October 2018 update which deleted your data. It was so bad that Microsoft had to stop the rollout of the update. But that wasn’t the only screw up by Microsoft. The April 2018 Update was a disaster as many of my clients got hit by the numerous bugs in that update.

Clearly Microsoft’s ability to QA their products is in trouble. But to be truthful it’s been in trouble for a while. To illustrate that, let me take you back to 2014. Microsoft decided that dedicated QA testers were obsolete. And thus many of them were laid off. Crowdsourcing testing efforts were thought to be much better approach according to the brain trust in Redmond because you could just give pre-release versions of the software to thousands of people, they’d test it in the real world and trip over stuff that QA types never could, and the world would be perfect. Which led to the birth of the Microsoft Insider Program.

Except that it isn’t perfect.

Windows 10 which has thousands of people who don’t work for Microsoft testing it is a complete and utter mess. It’s so much of a mess that since the gong show of an update that the April 2018 Update was, I’ve actively recommended to my clients to sit and wait until the dust settles on any feature update before installing. That could easily be two or three months after it is released. Which I bet isn’t what Microsoft envisioned when they came up with Windows 10 and the concept of “feature updates” that come out with two or three times a year with shiny new features to make you think that Windows 10 is cool.

Clearly outsourcing software testing via crowdsourcing isn’t working for Microsoft. So, how do you fix it? Here’s my suggestions:

  1. Reintroduce dedicated testers who work for Microsoft: Live humans working for Microsoft who fully understand the product are what is needed right now as they have background to look for and find issues. If properly managed, they will help to address this issue.
  2. Kill the Insider Program: What is not needed is a bunch of fanboys who are going to get the latest pre-release version of Windows 10, install it and only report something to Microsoft that interferes with their ability to play Call Of Duty. That’s because unlike dedicated QA testes they don’t have the background to actually find issues and report them. Thus this program serves no useful purpose and needs to die as soon as possible.
  3. Rethink the concept of feature updates: What’s also not helping is this whole concept of “feature updates” that come out twice a year. Instead, they should focus on issuing updates that actually work and when they are ready to be released. Maybe that is one update a year. Maybe that six smaller updates. Who knows? But this two or three update cadence isn’t working for them at the moment.

Here’s what is going to happen if Microsoft doesn’t change course on this front. It will be a similar situation as the early 2000’s where Microsoft became such a joke that people were just stampeding towards Apple stores buying Macs right left and center. That’s something that Microsoft cannot afford right now. Thus they need to admit that they have a serious QA problem and take steps to address it before it is too late for them to recover. Because right now, their software quality is a not only a #EpicFail, it’s a joke.

 

Bragi Files For Preliminary Injunction Against OnePlus

Posted in Commentary with tags on October 26, 2018 by itnerd

A while ago I wrote about about Bragi’s lawsuit against OnePlus over the latter’s apparent infringement of the former’s IP. Today Bragi have filed for a preliminary injunction because according to them, OnePlus continues to violate their IP. Here’s a statement from Bragi:

Bragi has filed for a preliminary injunction against OnePlus in the USA to enjoin OnePlus from continued use of the “Dash Charge” mark. This was due to the failure of OnePlus to cease their continuing violation of Bragi’s trademark rights, despite assertions by OnePlus to the contrary.  Trademark offices in the USA and European Union have both rejected OnePlus’ application for the “DASH CHARGE” mark and agreed that OnePlus’ continued use of this mark is likely to cause confusion among consumers in view of Bragi’s preexisting “The Dash” mark.

Stay tuned for more from this legal battle as things are clearly heating up.