We’ve Been Hacked by the Frigidaire?

frigidare

The cause of the latest cyber-attack may not be attributed to some lonely, isolated hacker sitting in a darkened room in the basement level of his parents’ house.  The somewhat stereotypical cyber villain portrayed in Hollywood cinema and described in fanciful spy novels is taking on a new persona just as cyber-detectives thought they had a handle on their prays physiological make-up. And with your cyber-security team busily focused on preparing defenses against all the new techno-threats like BYOD and wearable technology, the last thing any of us needed to encounter breaking into our company’s cyber-system and causing havoc is a menacing refrigerator.

The first evidence that the emerging, “Internet of Things” is also the Internet of Things That Can Deliver Spam. A security firm has uncovered a global cyber-attack that harnessed connected household devices, including a refrigerator. Proofpoint Inc., based in Sunnyvale, California, said the attack Relevant Products/Services utilized 100,000 consumer devices, employing them as other attacks have used captured computers, to secretly deliver spamming e-mails numbering in the hundreds of thousands. The attack took place recently, between Dec. 23, 2013 and Jan. 6, 2014 and included in its botnet at least one smart refrigerator, as well as home-networking routers, connected multimedia centers and smart TVs.  Who could have seen this one coming and from all places, your mothers toaster?

The security company told news media that the attack “may be the first proven Internet of Things-based cyber-attack involving conventional household ‘smart’ appliances.” The attack, Proofpoint said, was sent in bursts of 100,000 e-mails three times daily, directed at companies and individuals around the globe, and over one-quarter of the spam was sent by compromised, non-computing devices.  No single IP address was used to send more than 10 e-mails, which made the attack’s origin more difficult to locate, and the commandeering of the devices involved the relatively simple tasks of taking advantage of misconfigurations and default passwords. David Knight, general manager of the Information Security Division at Proofpoint, said in a statement that devices in the Internet of Things “are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur.” Businesses, he said, may find distributed attacks “increasing as more and more of these devices come on-line and attackers find additional ways to exploit them.”

While not surprising, this new turn in malware raises a variety of questions about the addition of intelligence Relevant Products/Services and connectivity Relevant Products/Services to appliances and other non-computing products. If they can become “thingbots” and commandeered for nefarious purposes, will they also need the kind of anti-virus software, updates and continual vigilance that users are now required to do for their computers and mobile Relevant Products/Services devices?

And how much additional effort and expense will it take to build and monitor a security fence around intelligent TVs, refrigerators, stoves, lighting devices in homes, connected coffee pots, smart thermostats and the like? According to some estimates, the Internet of Things already includes more than 2 billion devices, and industry research firm IDC has predicted there will be more than 200 billion connected things by 2020.

Perhaps manufacturers of all things utilitarian in today’s modern, electronic packed kitchens need to take a page from the color copier era of the past when developers of the new color, digital imaging machines took a pause in rushing the newest copier to corporate mail rooms.  Apparently it occurred to someone that some creative employees may be able to run off a batch of crisp $100 bills in the company printer room to pay the mortgage payment while on their lunch break.  Manufacturers need to wise-up about making all of these devices attack-proof, by utilizing “application control, not anti-virus software,” so that a connected device is built to run only specified applications.

It all seems a bit comical that such potentially damaging intrusions could be attributed to the normally benign appliances within our own homes and offices, but there is nothing laughable about trying to explain to 50,000 of your customers that all their personal credit card data was stolen out from under your extensive and very expensive security infrastructure by your neighbors juicer, three hand mixers and their accomplice, the microwave oven.

Coming Soon to a Workplace Near You: “2014 A Tech Odyssey”

Infinite-2

Intel CEO Brian Krzanich  is demonstrating  a major push into wearable technology by the world’s largest semiconductor company by showing off several new wearable devices developed by the company, including a smart watch, smart ear buds, a smart earphone headset called Jarvis and a charging “bowl” to put all the gadgets in when they need powering back up. In addition, he announced a new system-on-a-chip called Edison aimed at wearable gadgets and a competition to create the best wearable devices with $1.3 million in prize money.  Meanwhile, Sony has filed a patent application for “SmartWig”, which can be worn “in addition to natural hair”, and will be able to process data and communicate wirelessly with other external devices. Sony predicts that the SmartWig will have practical uses in business. For example, it could be used in presentations where a wearer can ‘move to the next presentation slide or back to the preceding presentation slide by simply raising his/her eyebrows’.

As leading technology companies continue the battle for the leadership position in wearable technology, it is apparent that 2014 will be the year that wearable technology goes from fantasy, science fiction to common place utilization in the homes and workplaces of millions of eager wearer/users.  Research firm Berg Insight estimated earlier this year that wearable computer shipments will reach 64 million in 2017, almost eight times the number that shipped in 2012 and while tech-fanatic, cinematic buffs are envisioning the coming onslaught of new gadgets as a “007” flick, the IT professionals responsible for securing their companies data systems are more likely to envision a storyline more attuned to the cinematic epic “Apocalypse Now.”

Perhaps the biggest question being asked by IT professionals in 2014 is how workplace networks will cope with consumer-driven wearable gadgets. If smart wigs, watches, glasses and gloves become as commonplace as an iPhone or HTC are today, the impact on corporate IT cannot be underestimated. These devices need to pair with an “original” device. They don’t replace phones, tablets and computers; they are in addition. Smart wigs, shoes, handbags and many other accessories will multiply the number of devices accessing the network resulting in a BYOD environment on steroids. Today many organizations find that per employee they have one to three devices accessing the network, in a matter of years this could rocket to 15 to 20 per employee.

Being prepared will greatly help an organization avoid BYOD chaos. Organizations that tackle the challenges of BYOD in terms of policies, security, network management and monitoring will find themselves at a huge advantage when this technology enters the workplace. There are three simple steps that can be embraced in the New Year that will ensure that an organization is not on the back foot:

Prepare for an increased data flow: The flow of data through networks will become more complex. While many of the gadgets will access networks via Wi-Fi or Bluetooth, they will typically require connection to a laptop, computer or tablet for the purposes of syncing data, which could further slow down the network.

Create policies for usage: If a business is going to embrace wearable technology, and many would argue it is only a matter of time until businesses are forced to, it will require clear policies determining who is allowed to bring the equipment into the workplace and connect to the network.

Review security: The two main ways wearables will impact the IT network are in the areas of access and endpoint security. Whereas many organizations find that per employee they have one to three devices accessing the network, in a matter of years this could rocket to 15 to 20 per employee.

From a security standpoint, gaining oversight and managing the data that goes through the network will be the biggest challenge. Firstly, determining that devices accessing the network or the information being transmitted are legitimate. Secondly, the wave of different devices seeking access will leave networks vulnerable to malicious attacks in the form of viruses and other cyber threats.

A Need For A More Creative Approach In Recruiting IT Talent

IT Talent

Fewer CIOs are planning to boost their IT departments in the fourth quarter of 2013 than were three months ago, according to new research. But on the positive side, fewer CIOs have plans to freeze hiring or reduce their staffs in the coming quarter.  Finding the right talent is still a priority for technical skills that are difficult to find such as, networking, data/database management, and helpdesk/technical support. When asked which skills are most often in demand, desktop support topped the list. “IT hiring managers remain selective when hiring, but know they need to move fast to acquire top talent in hot specialty areas such as networking and help desk support,” said John Reed, senior executive director of Robert Half Technology (RHT), “Many firms are increasing their focus on retention because candidates in these areas of IT can be hard to find.”

Banks and financial institutions are facing difficulties in finding critical talent as they digitize their businesses.  To court elusive tech talent, large financial institutions have made moves in recent months to enhance their career websites, add video to their job descriptions, host coding competitions and use social networks and startup services to seek out some of the most coveted talent: mobile developers and programmers.  In their promotional messages, banks say they’re international, they have endless software problems to solve, they have employees who smile, and they have openings for the sexiest job of the 21st century.  In the face of such stiff competition it’s telling that being sexy is relevant to the recruiting process.  “Banks have to be aggressive about competing,” says Sheeroy Desai, chief executive of Gild, a company that helps companies find technology talent. “They need to be a little more open about the projects they work on.”

Corporations are finding that job applicants want to search for opportunities via their smartphones so Wells Fargo launched a mobile optimized careers site that allows prospects to troll for job leads. Soon, it will let them apply for positions at the San Francisco bank through their pocket devices.  Bank of America is also making updates to its career website that will allow job applicants to directly apply to open roles using their mobile devices. By yearend, the site will include responsive web design that B of A says will adjust the content display for multiple platforms. The site’s redesign will also include new search tools, revised content and a better interface.  To catch a technologist, banks also host innovation jams and hackathon-esque contests to show their hipper side, say consultants. That way, “their names are associated with forums where technology savvy folks are likely to come together,” says John Plansky, a partner at Booz & Co.

Perhaps the most obvious need for qualified IT talent is not in business, but in the business of government.  The ongoing HealthCare.gov fiasco is a sign that our government desperately needs more and better qualified software developers and engineers. The shortage of top technical talent is keeping our country on a path of continued technology mediocrity at an astronomical price for U.S. taxpayers. The sputtering health-care Web site alone has cost $196 million, and billions more have been wasted on other projects over the years.  To avoid this kind of crisis in the future, we need a system to bring technologists into public service long before a technology crisis strikes.

With the demand for technology talent far outstripping the supply, leading companies like Facebook have resorted to offering salaries up to $150,000, plus $120,000 in stock, to entry-level developers at a time when government is burdened with a static and irrelevant pay scale for similar technology employees.   The salary for an entry-level GS-7 position in the Washington metro area is $42,209.  To achieve the Facebook equivalent a federal employee would have to achieve the top-tier GS-15 level, usually only reached after 20 years of upwardly mobile public service.  With the compensation imbalance between the private and public sector, our government will never be able to recruit the number of developers needed to support a 21st century digital government based on salaries alone.

As in private sector companies, such as banks and financial institutions, government will need to take more creative approach if they are to meet the day to day technology challenges experienced in running the world’s largest bureaucracy.

 

Managing Your BYOD Policy Risks

BYODPolicy-1-2

Bring Your Own Device (BYOD) policies are becoming increasingly popular in corporate environments. The policy can give freedom to a workforce in choosing preferred devices in accomplishing their tasks.  An effective BYOD strategy may boost productivity by providing employees “anytime and anywhere access” to the company’s server.  However, it may also present significant security issues and risks of exposing confidential company files to unauthorized distribution.  Restrictions and precautions need to be established before moving forward with a BYOD policy.

Lost or Stolen Devices

Workforce mobility may result in devices and gadgets getting lost or stolen. Companies planning to implement a BYOD strategy need to have rigorous security procedures for each employee’s digital usage. A remotely activated “lockdown” procedure “can be put in place to instantly secure and delete classified data.

Unlicensed Software

Personally owned devices are often found to use counterfeit or unlicensed applications and software, one of the most common security concerns. This makes the device prone to malware as well as viruses. Moreover, it can compromise the integrity of your company by violating a couple of enterprise license agreements.

Unsecured third-party Wi-Fi Networks

Earlier versions of tablets and smartphones depend on WIFI connections. Employees taking their work elsewhere need to be thoroughly briefed with potential threats when accessing unsecured public connections. Many problems may arise with the network’s unmonitored use even hacking is possible when connected to free public hotspots.

Risk of Having Third-Party Applications

Running third-party applications for leisure, social networking, and open public cloud services also presents security threats, so provide tools to ensure security.  While this can be costly, failing to respond to the threat can be even more costly in the end.

Mixture of Personal and Professional Use of Their Mobile Devices

Employees using their devices for both work and personal purposes are the biggest concerns associated with the implementation of BYOD policy. This activity interferes with productivity but the main concern is the possibility of human error. Easily defined rules and regulations for responsible mobile device usage should be established and enforced.

Utilizing new technologies and venturing into unfamiliar workplace cultures may offer benefits to enhancing fundamental business operations and can yield significant cost savings and productivity gains.  But as with all new, promising opportunities comes risks.  Managing those risks is essential to avoiding calamity while in the pursuit of operational improvement.

Trends in Professional Services

Trends-1

The year 2013 began with the same persistent and pervasive uncertainty that has plagued the business sector for nearly 5 years.  Predictions of modest increases in private business sector hiring activity and job opening increases have been realized then unrealized.  Combined with the approaching roll-out of the Affordable Care Act and its much anticipated effects on business hiring, the overall economy and jobless rate seems to have reached its comfort level at an historic anemic level.

The employment and professional services industry, which includes employment placement agencies, temporary help services, executive search services and professional employer organizations experienced an uptick in the year-over-year growth rate beginning mid-year and the projected rate of increase of 5 percent for 2013 expects to be realized.  While making predictable sense of sluggish job growth continues to be a significant challenge to the industry, the arrival of increased digital, online competition, big data metrics and new tools for improving operational efficiencies have combined to make 2013 an interesting year, and looking ahead, the landscape for challenge and change in the industry appears to remain dynamic.

The economic indicators are showing that the negative effects of the recession are slowly receding and the gains in workforce productivity are showing signs of being fully realized.  “The huge productivity gains we were seeing a year or two ago have pretty much evaporated,” said Bernard Weinstein, an economist at Southern Methodist University’s Cox School of Business in Dallas, “If we can’t squeeze much more productivity out of current workers, then we have to hire more workers.”  And changes in the marketplace are expected to have a positive impact on the economy in the future and a vast majority of North American employees plan to actively pursue new job opportunities in 2014.   A recent Right Management Survey has found that 83 percent of the workers surveyed said they intend to actively seek a new position in 2014.

“The economy was depressed for a long time, so the potential is there for hiring,” said Farrokh Hormozi, an economist and chair of the Public Administration Department at Pace University in New York City.   Temporary and contract positions are being offered at increased rates, which is leading many staffing professionals scrambling to implement new procedures to deal with the workflow. The trend is expected to continue in the next few years.  According to one report, 77 percent of the jobs created in 2013 were part-time positions, as reported by The Boston Globe.

The changing face of the industry is resulting in a number of trends that professionals will have to learn to adapt to in order to remain current. The creation and implementation of the Affordable Care Act (ACA) is just one way that staffing professionals can remain current and a vital part of the employment process for clients.  While some people are against the implementation of the ACA, and the increasing presence of federal regulations in business, the continued implementation of the ACA could boost the desirability of hiring a staffing firm for many organizations.  The ACA might just be a blessing in disguise for some staffing agencies if they can become experts in the act and market a consultation service as part of their brand.

Another trend impacting the industry is the widespread adoption of managed services and vendor management services as businesses look for new and creative solutions to manage rising labor costs.   As employers continue to reign-in their structured costs, it’s important for staffing agencies to perfect sales and operations tactics to gain clients and prove to customers the value of their service.  Staffing firms will need to package their value propositions and take the company message to market in a way that resonates with employers.