Day: August 1, 2019

Reviewing endpoint protection products (and picking the Top 10)

Source: CSO Magazine On:

Read On

With a saturated market of endpoint protection products, where do you start your research to know which one is the right solution for your company? To help in your buying process, this guide is based on recommendations from security professionals with real-world endpoint protection experience. 

Endpoint security is growing in importance as companies add more smartphones, laptops, tablets or other wireless devices that need to connect to enterprise networks remotely. However, once they are connected, are they secure?

This is where a good endpoint protection software can save your company. It should include a suite of the latest cybersecurity applications (e.g., antivirus, intrusion detection and anti-malware tools). Proactive protection is a clear indication of superior quality in endpoint products, because the days of reactive protection are gone. Companies can’t afford to suffer from attacks due to the cost of downtime, loss of reputation and potential damage to data.

What differentiates endpoint protection products?

Once you realize that your company needs endpoint protection, evaluation is the next step in the purchasing process. What are the requirements that you need to meet, and which product will best meet them? Before you start demoing every product on the market — and there are a lot — it’s helpful to hear what other users have to say. For example, does your company need reporting for management, are detection and notifications the most important features for you, or do you just need a reliable endpoint protection solution for your business?

While there are key features that separate the top vendors in endpoint protection, which can be read about in the Buyer’s Guide, it’s important to determine your company’s requirements for endpoint protection, then look for the right solution for your company using those requirements as a reference to what your company needs.

Keeping endpoint protection decisions real

For real-world answers, turn to real users for your needs. That is the goal of IT Central Station. It collects real user reviews from a community of enterprise technology professionals. You’ll find comparisons based on pricing, performance, features, stability, and more. Download the PDF report to see how security pros ranked the top endpoint protection solutions, and why.

endpoint security IT Central Station

Subscribe to Insider Pro to download this guide to endpoint security products. 

With a saturated market of endpoint protection products, where do you start your research to know which one is the right solution for you? This guide is based on recommendations from security professionals with real-world endpoint protection experience and see how the top 10 companies in the endpoint protection industry rank.

Endpoint security is growing in importance as companies add more smartphones, laptops, tablets or other wireless devices that need to connect to enterprise networks remotely. However, once they are connected, are they secure?

This is where a good endpoint protection software will save your company. It should include a suite of the latest cybersecurity applications (e.g., antivirus, intrusion detection and anti-malware tools). Proactive protection is a clear indication of superior quality in endpoint products, because the days of reactive protection are gone. Companies can’t afford to suffer from attacks due to the cost of downtime, loss of reputation and potential damage to data.

What differentiates endpoint protection products?

Once you realize that your company either needs endpoint protection, what’s the next step in the purchasing process? Evaluation. What are the requirements that you need, and which product will best meet them? Before you start demoing every product on the market, because there are a lot, it is usually good to hear what other real users have to say. For example, does your company need reporting for management, are detection and notifications the most important features for you, or do you just need a reliable endpoint protection solution for your business?

While there are key features that separate the top vendors in endpoint protection, which can be read about in the Buyer’s Guide, it’s important to determine your company’s requirements for endpoint protection, then look for the right solution for your company using those requirements as a reference to what your company needs.

Keeping endpoint protection decisions real

For real-world answers, turn to real users for your needs. That is the goal of IT Central Station. It collects real user reviews from a community of enterprise technology professionals. You’ll find comparisons based on pricing, performance, features, stability, and more. Download the PDF report to see how security pros ranked the top endpoint protection solutions, and why.

 “Endpoint Protection for Business Buyer’s Guide and Reviews” report identifies 51 enterprise-level endpoint protection vendors, many of whom offer multiple solutions. Its goal is to arm you with both knowledge of each solution and first-hand experiences on how each performs in real-world environments based on the hundreds of reviews collected from a community of enterprise technology professionals.

IT Central Station also identifies and rates the top 10 products based on these five metrics:

  1. Average rating
  2. The number of reviews
  3. The number of words in a review
  4. The number of times the product’s reviews have been viewed
  5. The number of times the product has been compared to other products in its category

Listed in alphabetical order, here are the Top 10 Endpoint Protection solutions identified by IT Central Station:

  • BigFix (by HCL)
  • CrowdStrike
  • Carbon Black CB Defense
  • Cylance
  • ESET Endpoint Security
  • Kaspersky Endpoint Security
  • McAfee Complete Endpoint Protection
  • Microsoft Windows Defender
  • Palo Alto Networks Traps
  • Symantec Endpoint Protection (SEP)
endpoint security IT Central Station

Insider Pro subscribers download this guide to endpoint security products. 

download

Endpoint Protection for Business: Buyer’s Guide and Reviews

From Carnaval to Cinco de Mayo – The journey of Amavaldo

Source: We Live Security Magazine On:

Read On

The first in an occasional series demystifying Latin American banking trojans

At the end of 2017, a group of malware researchers from ESET’s Prague lab decided to take a deeper look at the infamous Delphi-written banking trojans that are known to target Brazil. We extended our focus to other parts of Latin America (such as Mexico and Chile) soon after as we noticed many of these banking trojans target those countries as well. Our main goal was to discover whether there is a way to classify these banking trojans and to learn more about their behav in general.

We have learned a lot – we have identified more than 10 new malware families, studied the distribution chains and linked them to the new families accordingly, and dissected the internal behavior of the banking trojans. In this initial blog post, we will start by describing this type of banking trojan in general and then move to the first newly identified malware family we’ll discuss – Amavaldo.

Before moving further, let’s define the characteristics of this type of banking trojan:

  • It is written in the Delphi programming language
  • It contains backdoor functionality
  • It uses long distribution chains
  • It may divide its functionality into multiple components
  • It usually abuses legitimate tools and software
  • It targets Spanish- or Portuguese-speaking countries

We have encountered other common characteristics during our research. Most Latin American banking trojans we have analyzed connect to the C&C server and stay connected, waiting for whatever commands the server sends. After receiving a command, they execute it and wait for the next one. The commands are probably pushed manually by the attacker. You can think of this approach as a chat room where all the members react to what the admin writes.

The C&C server address seems to be the resource these malware authors protect the most. We have encountered many different approaches to hiding the actual address, which we will discuss in this series of blog posts. Besides the C&C server, a unique URL is used by the malware to submit victim identification information. This helps the attackers to keep track of their victims.

Banking trojans from Latin America usually use little-known cryptographic algorithms and it is common that different families use the same ones. We have identified a book and a Delphi freeware library the authors were apparently inspired by.

The fact that this malware is written in Delphi indicates the executable files are at least a few megabytes in size because the Delphi core is present in every binary. Additionally, most Latin American banking trojans contain a large number of resources, which further increases the file size. We have even encountered samples with file sizes reaching several hundred megabytes. In those cases, the file size has been deliberately increased in order to avoid detection.

When analyzing such an executable, it is usually not very hard to decide quickly that it is a malicious banking trojan. Besides the aforementioned characteristics, the authors tend to copy each other’s work or to derive their malware from a common source. As a result of that, most of the Latin American banking trojans look alike. This is the main reason why we mostly see only generic detections.

Our research started with identifying strong characteristics that would allow us to establish malware families. Over time, we were able to do so and identified more than 10 new ones. The characteristics we used were mainly how strings are stored, how the C&C server address is obtained and other code similarities.

The simplest way that these malware families are delivered is by utilizing a single downloader (a Windows executable file) specific to that family. This downloader sometimes masquerades as a legitimate software installer. This method is simple, but also the less common one.

Much more common is to use a multistage distribution chain that typically employs several layers of downloaders written in scripting languages such as JavaScript, PowerShell and Visual Basic Script (VBS). Such a chain typically consists of at least three stages. The final payload is typically delivered in a zip archive that contains either only the banking trojan or additional components along with it. The main advantage, to the malware authors, of this method is that it is quite complicated for malware researchers to reach the very end of the chain and thereby analyze the final payload. However, it is also much easier for a security product to stop the threat because it only needs to break one link in the chain.

Unlike most banking trojans, those from Latin America do not utilize web-injection – instead they use a form of social engineering. They continuously detect active windows on the victim’s computer and if they find one related to a bank, they launch their attack.

The purpose of the attack is almost always to persuade the user that some special, urgent and necessary action is required. This can be an update of the banking application used by the victim, or verification of credit card information or bank account credentials. A fake popup window then steals the data after the victim enters it (an example is seen in Figure 1) or a virtual keyboard acts as a keylogger as seen in Figure 2. The sensitive information is then sent to the attackers who can abuse it in any way they see fit.

Figure 1. Fake popup window that tries to steal an authorization code (Translation: Anti-intrusion tool. Your security is the first priority. Enter your signature)

Figure 2. Virtual keyboard with a keylogger (Translation: Card Password. Enter your card password by clicking on the buttons)

We named the malware family described in the rest of this blog post Amavaldo. This family is still in active development – the latest version we have observed (10.7) has a compilation timestamp of June 10th, 2019.

This is an example of modular malware whose final payload ZIP archive contains three components:

  1. A copy of a legitimate application (EXE)
  2. An injector (DLL)
  3. An encrypted banking trojan (decrypts to DLL)

Figure 3 displays the contents of an example Amavaldo final payload ZIP archive.

Figure 3. Amavaldo components extracted in a folder. The components are: ctfmon.exe (legitimate application), MsCtfMonitor (encrypted banking trojan), MsCtfMonitor.dll (injector).

The downloader stores all the ZIP archive contents to the hard drive in the same folder. The injector has a name chosen to match that of a DLL used by the bundled, legitimate application. Before the downloader exits, it executes the legitimate application. Then:

  • The injector is executed via DLL Side-Loading
  • The injector injects itself into wmplayer.exe or iexplore.exe
  • The injector searches for the encrypted banking trojan (an extensionless file whose name matches that of the injector DLL)
  • If such a file is found, the injector decrypts and executes the banking trojan

Characteristics

Besides the modular structure, the strongest identifying characteristic is the custom encryption scheme used for string obfuscation (Figure 4). As you can see, aside from the key (green) and encrypted data (blue), the code is also filled with garbage strings (red) that are never used. We provide simplified pseudocode in Figure 5 to emphasize the algorithm’s logic. This string handling routine is used by the banking trojan itself, the injector and even the downloader that we will describe later. Unlike many other Latin American banking trojans, this routine does not appear to be inspired by the book mentioned earlier.

Figure 4. String obfuscation in Amavaldo

Figure 5. Amavaldo string decryption pseudocode. This algorithm does not seem to be inspired by the book mentioned earlier.

Additionally, the latest versions of this family can be identified by a mutex that seems to have the constant name {D7F8FEDF-D9A0-4335-A619-D3BB3EEAEDDB}.

Amavaldo first collects information about the victim that consists of:

  • Computer and OS identification
  • What kind of banking protection the victim has installed. The information is gathered from searching the following filesystem paths:
    • %ProgramFiles%DieboldWarsaw
    • %ProgramFiles%GbPlugin
    • %ProgramFiles%scpbrad
    • %ProgramFiles%Trusteer
    • %ProgramFiles%AppBrad
    • %LocalAppData%Aplicativo Itau

The newer versions communicate via SecureBridge, a Delphi library that provides SSH/SSL connections.

As with many other such banking trojans, Amavaldo supports several backdoor commands. The capabilities of these commands include:

  • Obtaining screenshots
  • Capturing photos of the victim via webcam
  • Logging keystrokes
  • Downloading and executing further programs
  • Restricting access to various banking websites
  • Mouse and keyboard simulation
  • Self-updating

Amavaldo uses a clever technique when launching the attack on its victim that is similar to what Windows UAC does. After detecting a bank-related window, it takes a screenshot of the desktop and makes it look like the new wallpaper. Then it displays a fake popup window chosen based on the active window’s text while disabling multiple hotkeys and preventing the victim from interacting with anything else but the popup window.

Only Brazilian banks had been targeted when we have first encountered this malware family, but it has extended its range since April 2019 to Mexican banks as well. Even though the previously used Brazilian targets are still present in the malware, based on our analysis the authors focus only on Mexico now.

Distribution

We were able to observe two distribution chains – one early this year and a second one since April.

Distribution chain 1: Targeting Brazil

We first observed this chain in January 2019 targeting victims in Brazil. The authors decided to use an MSI installer, VBS, XSL (Extensible Stylesheet Language) and PowerShell for distribution.

The whole chain starts with an MSI installer that the victim expects will install Adobe Acrobat Reader DC. It utilizes two legitimate executables: AICustAct.dll (to check for an available internet connection) and VmDetect.exe (to detect virtual environments).

Figure 6. Error message when the downloader runs inside a virtual machine (left) or without an internet connection (right)

Once the fake installer is executed, it makes use of an embedded file that, besides strings, contains a packed VBS downloader (Figure 7). After unpacking (Figure 8), it downloads yet another VBS downloader (Figure 9). Notice that the second VBS downloader abuses the Microsoft Windows WMIC.exe to download the next stage – an XSL script (Figure 10) with embedded, encoded PowerShell. Finally, the PowerShell script (Figure 11) is responsible for downloading the final payload – a zip archive with multiple files, as listed in Table 1. It also ensures persistence by creating a scheduled task named GoogleBol.

Figure 7. The first stage. A packed VBS downloader (highlighted in red) embedded inside the MSI installer.

Figure 8. The unpacked first stage

Figure 9. The unpacked second stage. WMIC.exe is abused to execute the next stage.

Figure 10. The third stage. A large XSL script that contains embedded, encoded PowerShell script (highlighted in red).

Figure 11. The fourth (final) stage. An obfuscated PowerShell script that downloads the final payload and executes it.

In Table 1 you can see two sets of payloads and injectors, both using the execution method described earlier. The NvSmartMax[.dll] has been used to execute Amavaldo. The libcurl[.dll] is not directly related to Amavaldo, since it executes a tool that is used to automatically register a large number of new email accounts using the Brasil Online (BOL) email platform. These created email logins and passwords are sent back to the attacker. We believe it to be a setup for a new spam campaign.

Table 1. Contents of the final payload archive and their descriptions

nvsmartmaxapp.exeLegitimate application 1
NvSmartMax.dllInjector 1
NvSmartMaxPayload 1
Gup.exeLegitimate application 2
libcurl.dllInjector 2
LibcurlPayload 2
gup.xmlConfiguration file for gup.exe

Distribution chain 2: Targeting Mexico

The most recent distribution chain we have observed starts with a very similar MSI installer. The difference is that this time, it contains an embedded Windows executable file that serves as the downloader. The installer ends with a fake error message (Figure 12). Right after, the downloader is executed. Persistence is ensured the by creating a scheduled task (as in the first chain), this time named Adobe Acrobat TaskB (Figure 13). Then it downloads all the Amavaldo components (no email tool has been observed this time) and executes the banking trojan.

Figure 12. The fake error message displayed by the installer

Figure 13. The scheduled task created by the downloader

We believe that companies are being targeted via a spam campaign by this method. The initial files are named CurriculumVitae[…].msi or FotosPost[…].msi. We think that the victims are deceived into clicking on a link in an email message that leads them to downloading what they believe is a CV. Since it should be a PDF, running an apparent installation of Adobe Acrobat Reader DC may seem legitimate as well.

Since the authors decided to use the bit.ly URL shortener, we can observe additional information about their campaigns (Figures 14 and 15). As we can see, the vast majority of the clicks on those URLs were geolocated in Mexico. The fact that email is the most frequent referrer supports our assumption about spam being the distribution vector.

Figure 14. Statistics for a recent Amavaldo campaign targeting Mexico (1)

Figure 15. Statistics for a recent Amavaldo campaign targeting Mexico (2)

In this blog post, we have introduced our research into the banking trojans of Latin America. We have described what is typical for such malware and how it operates. We have also presented what key features we have used to establish malware families.

We have described the first malware family – Amavaldo – its most typical features and targets, and analyzed recent distribution chains in detail. Amavaldo shares many typical characteristics of Latin America banking trojans. It splits its functionality into several components, so that having only one component is not enough for analysis. It abuses legitimate applications to execute itself and to detect virtual environments. It tries to steal banking information from Brazilian and Mexican banks and contains backdoor functionality as well.

For any inquiries, contact us as [email protected] Indicators of Compromise can also be found on our GitHub.

Hashes

First distribution chain (Brazil) hashes

SHA-1DescriptionESET detection name
E0C8E11F8B271C1E40F5C184AFA427FFE99444F8Downloader (MSI installer)Trojan.VBS/TrojanDownloader.Agent.QSL
12C93BB262696314123562F8A4B158074C9F6B95Abuse legitimate application (NvSmartMaxApp.exe)Clean file
6D80A959E7F52150FDA2241A4073A29085C9386BInjector for Amavaldo (NvSmartMax.dll)Win32/Spy.Amavaldo.P trojan
B855D8B1BAD07D578013BDB472122E405D49ACC1Amavaldo (decrypted NvSmartMax)Win32/Spy.Amavaldo.N trojan
FC37AC7523CF3B4020EC46D6A47BC26957E3C054Abused legitimate application (gup.exe)Clean file
4DBA5FE842B01B641A7228A4C8F805E4627C0012Injector for email tool (libcurl.dll)Win32/Spy.Amavaldo.P trojan
9A968341C65AB47BF5C7290F3B36FCF70E9C574BEmail tool (decrypted libcurl)Win32/Spy.Banker.AEGH trojan

Second distribution chain (Mexico) hashes

SHA-1DescriptionESET detection name
AD1FCE0C62B532D097DACFCE149C452154D51EB0Downloader (MSI installer)Win32/TrojanDownloader.Delf.CSG trojan
6C04499F7406E270B590374EF813C4012530273EAbused legitimate application (ctfmon.exe)Clean file
1D56BAB28793E3AB96E390F09F02425E52E28FFCInjector for Amavaldo (MsCtfMonitor.dll)Win32/Spy.Amavaldo.U trojan
B761D9216C00F5E2871DE16AE157DE13C6283B5DAmavaldo (decrypted MsCtfMonitor)Win32/Spy.Amavaldo.N trojan

Other

SHA-1DescriptionESET detection name
B191810094DD2EE6B13C0D33458FAFCD459681AEVmDetect.exe – a tool for detecting virtual environmentClean file
B80294261C8A1635E16E14F55A3D76889FF2C857AICustAct.dll – a tool for checking internet connectivityClean file

Mutex

  • {D7F8FEDF-D9A0-4335-A619-D3BB3EEAEDDB}

Filenames

  • %LocalAppData%%RAND%NvSmartMax[.dll]
  • %LocalAppData%%RAND%MsCtfMonitor[.dll]
  • %LocalAppData%%RAND%libcurl[.dll]

Scheduled task

  • GoogleBol
  • Adobe Acrobat TaskB

C&C servers

  • clausdomain.homeunix[.]com:3928
  • balacimed.mine[.]nu:3579
  • fbclinica.game-server[.]cc:3351
  • newcharlesxl.scrapping[.]cc:3844
TacticIDNameDescription
Initial AccessT1192Spearphishing LinkThe initial attack vector is a malicious link in an email that leads the victim to a web page the downloader is obtained from.
ExecutionT1073DLL Side-LoadingThe injector component is executed by abusing a legitimate application with this technique.
T1086PowerShellThe first distribution chain uses PowerShell in its last stage.
T1047Windows Management InstrumentationThe first distribution chain abuses WMIC.exe to execute the third stage.
PersistenceT1053Scheduled TaskPersistence is ensured by a scheduled task.
Defense EvasionT1140Deobfuscate/Decode Files or InformationThe actual banking trojan needs to be decrypted by the injector component.
T1036MasqueradingThe injector masks itself as a DLL imported by the abused legitimate application. The downloader masks itself as an installer for Adobe Acrobat Reader DC.
T1055Process InjectionThe injector injects itself into wmplayer.exe or iexplore.exe.
T1064ScriptingVBS, PowerShell and XSL are used in the first distribution chain.
T1220XSL Script ProcessingThe first distribution chain uses XSL processing in its third stage.
T1497Virtualization/Sandbox EvasionDownloader of Amavaldo uses third-party tools to detect virtual environment.
Credential AccessT1056Input CaptureAmavaldo contains a command to execute a keylogger. It also steals contents from fake windows it displays.
DiscoveryT1083File and Directory DiscoveryAmavaldo searches for various filesystem paths in order to determine what banking protection applications are installed on the victim machine.
T1082System Information DiscoveryAmavaldo extracts information about the operating system.
CollectionT1113Screen CaptureAmavaldo contains a command to take screenshots.
T1125Video CaptureAmavaldo contains a command to capture photos of the victim via webcam.
Command and ControlT1024Custom Cryptographic ProtocolAmavaldo uses a unique cryptographic protocol.
T1071Standard Application Layer ProtocolAmavaldo uses the SecureBridge Delphi library to perform SSH connections.
ExfiltrationT1041Exfiltration Over Command and Control ChannelAmavaldo sends the data it collects to its C&C server.

1 Aug 2019 – 05:00PM

IDG Contributor Network: What are the security implications of Elon Musk's Neuralink?

Source: CSO Magazine On:

Read On

In every project he starts, Elon Musk looks to push the technology world in ways other people thought were only possible in science fiction. Take his car company, Tesla, which has made electric vehicle manufacturing a reality. The same is true for SpaceX, his rocket company that aims to bring space travel to the masses.

Then you have Neuralink, a conceptual product that operates on a smaller scale than Tesla or SpaceX but could have just as much of an impact. Musk believes that in the near future, a computer chip could be installed in a human brain and then communicate with other devices over a wireless frequency.

Before you run screaming away from your computer, read on about how Neuralink would theoretically work and think about the various security implications that must be overcome by developers before mind-controlled technology can be rolled out.

Use case for Neuralink

The Neuralink project is still very much in the conceptual stage, although Musk believes that technology won’t be a blocker for long. With his system, a specially-trained sewing robot would actually drill a hole into a person’s head and implant the Neuralink chip into their skull, connecting to the brain with a thousand small wires.

This type of advancement in brain-computer interfaces would mean that people could interact directly with devices using their thoughts instead of a keyboard, mouse, or touchscreen. The average person might find this creepy or unnecessary, but for those afflicted with brain disorders or illnesses, adaptive technology like this could mean a chance at a more normal life.

For example, consider a stroke victim who has lost the ability to formulate words in a coherent pattern. In theory they could undergo the Neuralink surgery and then be able to speak via thoughts as they are transmitted over a wireless connection to a computer or smartphone.

Data storage in the cloud

Musk’s business case for the Neuralink project is that it will launch with compatibility included for popular smartphone platforms, such as Apple iOS or Google Android. The question then becomes: what applications or websites will be authorized to use your Neuralink data?

This question of data sharing will surely complicate the cybersecurity situation for the Neuralink project. If a third-party application is granted access to back-end brain data, it may become tricky to track exactly what information is staying on your device and what information is being transmitted to the app’s vendor.

Before long the conversation will shift to cybersecurity in the cloud. Once your data interfaces with online services and sites hosted by common providers, then it will be vulnerable to any common form of cyberattack currently in use by hackers. If you don’t have drop dead trust in your web host provider now, you better get that way before allowing Elon’s robot to implant anything in your head. 

Data breaches that you hear about on the news often take place at the cloud layer, with hackers finding ways to infiltrate virtualized servers and extract information from a back-end database. If one of these types of attacks were to hit the Neuralink project, it could represent a major step backwards for brain-based technology.

Vulnerabilities in wireless technology

Whenever a new piece of technology hits the market, whether it’s software or hardware, hackers see it as an opportunity for destruction. They will seek out ways to exploit vulnerabilities in the product in hopes of either making money from it or just causing frustration for the company behind it.

The same scenario should be expected for Elon Musk and Neuralink. The potential for brain-controlled technology is incredibly vast but it relies on existing forms of wireless communication. All signs point to Neuralink using Bluetooth to interface between the implanted chip and outside devices, just like wireless keyboards and headphones.

In general, Bluetooth is considered to be a secure protocol because of its pairing system and short-range receivers. However, there are known trojan viruses that can be spread via Bluetooth and used to steal data from Android devices. This suggests a potential risk with Neuralink being susceptible to malware that could be spread through Bluetooth.

It’s also important to keep in mind that Bluetooth-capable devices will transmit a signal to any receiver they can find in the area. Though virtual private network (VPN) technology has proven effective as a privacy tool that encrypts traditional internet connections, the Neuralink is uncharted territory. With it, wireless transmissions could theoretically be captured to track your geographical movements during the day. Some cybersecurity experts are concerned with how companies or governments would use brain interface technology for surveillance programs.

Regulation on the horizon

Every computerized device on the market today, from laptops to tablets to smartphones, has to pass through a regulation process with various government agencies to ensure it is safe to use before it can be sold to the general public. The same will be true for the Neuralink brain chip, and in fact the regulatory checks are expected to be more in depth than for a traditional device.

Because of the fact that a Neuralink installation will require a form of medical surgery, Musk’s project will need approval from the United States Food and Drug Administration (FDA) before it can begin trials of the implants. If medical experts see any risk with the robotic phase of the surgery, then it could put the entire project on hold.

In addition, governments around the globe will likely want to run independent studies to determine the impact of having wireless signals transmitted to and from a person’s brain. Part of this analysis will pull in cybersecurity experts to gauge the potential flaws in the Neuralink software framework.

The bottom line

A lot of futuristic movies, books, and TV shows theorize about a future where you can interact with technology through hologram screens. Inventor and business leader Elon Musk thinks he can take things one major step further with his Neuralink project, which will attempt to link the human brain with electronic devices. Like with any new piece of technology, Neuralink will surely come up against security threats, with hackers looking for ways to compromise the technology.

This article is published as part of the IDG Contributor Network. Want to Join?

Study Finally Reveals How Many Cooks It Takes to Spoil the Broth 

Source: Yale Insights On:

Read On

Chefs cooking together

By Dylan Walsh

Ed Sheeran, the 28-year-old British pop star, released his fourth studio album in July. No.6 Collaboration Project, true to its name, boasts a lot of collaborators: Khalid, Cardi B, Justin Bieber, 50 Cent, Eminem, Bruno Mars, Ella Mai, and on and on—a total of 22 guest artists are featured on the 15 tracks.

As No.6 debuted at the top of the Billboard charts, reviewers were wondering about the expansive cast of characters: “There’s something gratuitous about the guest list, no?” wrote Jon Caramanica in the New York Times. “It smacks of dilettantism. Flashiness.” Pitchfork described the album as “guest-laden,” while Rolling Stone went with “guest-heavy.” For Sheeran, the album was a chance to demonstrate his fluency in a variety of pop styles, but the reviewers were skeptical before they heard a note.

If there can be too many cooks in the kitchen, can there be too many artists on an album? How much collaboration feels like too much of a good thing? It’s a question that is increasingly relevant to businesses, since many companies are marketing their products by raising the curtain on the creative process that spawned them.

“More and more frequently, companies are looking to talk about the creation story of their products,” says Taly Reich, an associate professor of marketing at Yale SOM. “This forces consideration of what exactly you should communicate to your consumers.” 

A recent article, itself the product of collaboration between eight scholars—Reich, Sam Maglio, Odelia Wong, Cristina Rabaglia, Evan Polman, Julie Huang, Hal Hershfield, and Sean Lane—begins to tease apart this question by studying how people perceive collaborative efforts of different sizes. Published in Social Psychological and Personality Science, the article reveals empirical support for the notion of “too much of a good thing.”

Read the study: “Perceptions of Collaborations: How Many Cooks Seem to Spoil the Broth?”

In one of the studies, participants were randomized into one of three groups and asked how likely they were to purchase a new athletic shoe. One group was told that a single designer created the shoe. The other groups learned that either three or nine designers were involved. Ultimately, participants who were told that three designers collaborated on the shoe were more likely to consider a purchase than participants in either of the other groups. (There was no difference in purchase likelihood between the one- and nine-designer conditions.)

While the aforementioned study looked at purchase intent, a second probed actual consumer experience. Told they were part of a taste test for a new product at a local bakery, participants were given a cookie ostensibly baked by one person, four people, or eight people. The cookie baked by four people, participants said, tasted better than the cookie baked by one person, and marginally better than the cookie baked by eight. Some collaboration proved beneficial, but, as the authors put it, past a certain threshold “increasing collaboration did not make for an increasingly tasty cookie.” 

“To me, what’s interesting is that there is a kind of sweet middle spot when it comes to collaboration,” Reich says. “Sure, there are instances where one creator is better, but in other instances it’s not a simple truth that more is merrier.” Related experiments show that this “sweet spot” is, at least in part, tied to task complexity. When people think something is complex, they believe that more collaborators lead to better outcomes, at least up to a certain point. Beyond that point, impressions tilt the other way and more partners can detract from the quality of results.

For companies, the first lesson is that it’s important to know whether consumers hold different ideas than they do about how many people should be involved in creating a product.

“This is an important question,” Reich says, “as it not only affects the perceived quality of a product, but whether or not consumers want to buy something in the first place.”

How JustEat finds and trains in-house security talent

Source: CSO Magazine On:

Read On

It’s a good time to be cybersecurity professional. The unemployment rate is essentially zero and you can almost pick and choose the roles that suit you.

Things are less rosy if you’re tasked with hiring those cyber pros. (ISC)² estimates the shortfall of talent within the field has reached 3 million globally, while ESG says that half of organizations have a “problematic shortage” of cybersecurity skills. 

While companies increasingly look to broaden the security talent pool through STEM and apprenticeship initiatives, hackathon-style events, or diversity campaigns, a wealth of talent might already be sitting within the business. “I’m one of those people that’s on the fence about whether there is a legitimate skill shortage or if it’s just kind of something of our own making in terms of how we look for people,” says Kevin Fielder, CISO of food delivery startup, Just Eat. “There is, of course, a need for highly skilled technical people, but we can do a much better job at looking both internally and externally for people with skills that you might not normally think about.”

Look outside your own bubble for security skills

Fielder says there is plenty of space, especially within junior-level positions, to bring people with a different skillset into the team to learn security on the job while sharing their own talents. As an example, he says he recently had someone at an event working in brand marketing ask how they could get into security. His response: “One of my hardest jobs is selling security – taking a complex idea and boiling it down to deliver the crux of the issue. It’s about hearts and minds when it comes to security – being a great communicator – and delivering meaningful information to the right people. Say your job is doing amazing presentations and selling stuff.  If you came to me and offered to make me the best presentations I’d ever given to the board and the rest of business, I’d be biting your hand off,” says Fielder. 

Top cyber security certifications: Who they're for, what they cost, and which you need

Source: CSO Magazine On:

Read On

Two of the most common questions I’m asked are, “Is having a computer security certification is helpful in getting a job or starting a career in computer security?, and if so, “Which certification should someone get?.” The answer to the first question is a definite yes. Getting a certification, while not a cumulative showing of your entire experience and knowledge in a particular area, can only help you. That’s true not only in getting a new job, but in improving your knowledge and experience overall, even in your current job.

Critics often say a certification means nothing, and that acumen and experience are the only true differentiators. As a holder of dozens of IT certifications, I beg to differ. More importantly, most employers agree with me. While a computer certification doesn’t tell the whole story, to say it doesn’t say anything about a person is an error in the opposite direction.

Every certification I’ve gained took focused, goal-oriented study, which employers view favorably, as they do with college degrees. More important, I picked up many new skills and insights into IT security while studying for each certification test. I learned about new things, and I also gained new perspectives on subjects I thought I had already mastered. I became a better employee and thinker because of all the certifications I have studied for and obtained. You will too.

Sometimes, a particular certification is the minimum hurdle to getting an in-person job interview. If you don’t have the cert, you don’t get invited. Other times, having a particular certification can give you a leg up on competing job candidates who have similar skill sets and experience, but don’t have the desired certification.

Security is more important to computing and the internet than ever before, and the following, well-respected security certs will not only help you stand out from the crowd, but also make you a more valuable member of the IT security community.

IT Security Certifications

Here is a summary of some of the most desired IT security certifications.

China’s herd of unicorns

Source: Strategy & On:

Read On

More than 200 Chinese companies are unicorns — privately held startups valued at more than US$1 billion — and most of them are less than a decade old. They are relatively unknown outside China, where they primarily operate today. Sooner or later, however, many of them will grow into global industry giants.

Bartleby, the office enigma

Source: Strategy & On:

Read On

Columnist Daniel Akst argues that Bartleby, the Scrivener, Herman Melville’s famous 1853 short story about a troubled clerk, provides important lessons for contemporary leaders on how to deal with managing difficult people.