While autonomous cars, virtual supercomputers in our pockets and public computing platforms that put unprecedented information and services at our fingertips in near ubiquitous fashion are very impressive, the first year of the second half of the second decade of the twenty-first century still has not yielded such wonders as consumer-level personal flying technology, hoverboards that actually hover (without using super-cooled exotic materials) or reusable interplanetary, let alone interstellar, modes of transport. While those of us who were children, and sci-fi fans, in the 80s deal with these disappointments, there are yet wonders of technology to appreciate.
While the scryers of books and film may have been off somewhat, the panel of contributors to this article have been far less ambitious, but perhaps as a result, far closer to the mark in describing how this year will pan out for information and communication technologies (ICT).
Prepared for the advent of the half-baked attacker
TechPro editor Paul Hearns
While the macro trends for this year are likely to remain the same, there have been many developments along the way that will change the way they impact on ICT.
As cloud, mobility, big data, software defined everything and security dominate still, the ability for organisations to take advantage of them has increased dramatically. That is to say, the vendors behind the tools in these areas have stepped up to make their adoption and use vastly easier than was previously the case. However, as we have pointed out in these pages before, the black hat community has long since mirrored the legitimate business world in the way they operate and so that trend, for increased usability and ease of adoption, has taken deep root in the world of hackers, hactivists, malcontents and of course, the state sponsored actor.
What that means is that the creators of the tools to launch distributed denial of service attacks, create spear phishing campaigns, penetration probes or anything at all for nefarious purposes, have focused on usability, accessibility and lowering the bar for entry.
It used to be the case that a script kiddie had to have some sort of grounding in the code, mechanisms and environments to play, even if it was just to show off or gain kudos. Now, through the development of interfaces and workflows, the hacking tool creators have brought their wares within reach of almost anyone who can point and click.
There have already been examples of web sites where one can go, and for a small registration fee, simply and effectively, configure a DDoS attack. Other such configurators exist for almost any attack one can think of, and unless you have been involved in the dark world of information security, hopefully, some you cannot.
“Many attack vectors are now within the dangerous realm of those who know what they are but have very little grasp of their true import”
Unfortunately, what this means is that many of these attack vectors are now within the dangerous realm of those who know what they are but have very little grasp of their true import. These include the likes of the disgruntled employee, hacked-off dismissal, what one recent security professional so eloquently termed “the disenchanted”. But let us not sugar-coat this — these are people with more bile than sense and with a few dollars can now orchestrate attacks that are ill-thought out, ill-conceived and consequently, poorly executed at best. But the effectiveness of the tools at their disposal means that these efforts can still cause an organisation a world of grief.
The dreaded crypto-attack has struck fear into the hearts of many an organisation, both at home and abroad, with many having to pay a ransom to regain control of critical files. However, alongside the well organised and well executed examples of such skulduggery have been examples of the half-baked.
In August 2015, Engin Kirda of Lastline Labs, released research to show that the basic mechanisms of crypto-attack tools were being poorly implemented by some hackers. This results in crypto-attack malware that left its encryption keys open to allow decryption of affected files. The scare and the expectation that there was nothing could be done was the main thrust of the attack.
Now while that might be good news, it also points to a worrying trend. The good hackers, the really good ones, want a parasitic relationship with the victim. A parasite rarely kills its host, rather it sits where it can extract maximum benefit for the maximum period. A good hacker uses well designed tools that should the need arise, can allow a clean extraction. The half-baked hacker who does not really understand the tools or the mechanisms into which they are inserted, even if they want to release a victim, may find they cannot.
This has led several firms to the point where, even after paying a ransom, they are sent a decryption key or clean up tool only to find it is ineffective and their files are essentially lost.
Many forensic examinations and investigations by security professionals are now turning up cases where attackers have clearly not understood what they were doing and used tools that may have either been poorly designed, or worse still, mere trojans for the makers’ intent, not the buyers’.
Victims then, find themselves in the unenviable position of having to clean up a mess where no one is really sure what happened. This is often to the backdrop of a public outcry, or shareholder discontent, and possibly even data protection office investigation.
This year is unfortunately going to see an increasing incidence of poorly organised and badly executed attacks with nonetheless effective tools or tools that are only superficially acting for the attacker. This will leave an aftermath of devastation that will be harder to deal with than an attack by a more professional actor, who knows what they are doing.
This situation will persist for some time before the it again rebalances because there are already examples of user support, again for a fee, to help attackers more effectively use the tools. However, this extends the interaction cycle, with the potential to leave more traces of evidence and so will probably develop more slowly until security for this channel improves.
2016 will likely see a rise in the incidence of advanced persistent threats (APT), but alas, we may once again have to extend the acronym to APTbI or advanced persistent threats by idiots — the sophisticated attack, with advanced tools perpetrated by numpties leaving behind a worse mess. It will be akin to the difference between finding the card of a cat burglar in your safety deposit box and coming home to find your house has been ram raided by a group of marauders out to steal your bank cards.
So what is to be done? Well, the usual. Take all precautions you can, from patching to network segregation, good password practice and user education. All of these things combined protect against the ‘good’ hackers and the bad ones. Either way, you’ll want to ensure you see them from inside your protective measures, as opposed to without.
Some tech cherries to pick
TechPro contributing editor Leslie Faughnan
For a few years now the international pundits have been citing the main ICT strands of development as Cloud, Big Data, Mobile and Social. Fair enough, up to a point. Some of us are old fashioned enough to point out that all of these depend on electronics engineering and the remarkable longevity of Moore’s Law to drive the continuing acceleration of processing power in all devices. Cloud then gives us the capability to aggregate as much as we want for specific purposes or tasks.
Which leads neatly to the first tech cherry to watch out for in 2016.
Analytics: Big Data stole the headlines on the other side of the Atlantic because it’s all bold and brash, the D Trump of ICT politics, when actually it is all about the analytics. Like Candidate Trump, Big Data is full of truths, half-truths and the other stuff in massive and incoherent volumes — so we need analytics to make whatever sense there is to be made. To change metaphors, the best bet for a long-lived ICT marriage is the one between ever-faster processing and ever-better analytics algorithms. So far most of the general business attention to analytics has been in sectoral applications like insurance and bank fraud, healthcare statistics and so on. But the secret to the viability of our expanding range of autonomous devices is just that combination of chipsets and smarts.
Autonomous devices: Self-driving or at least assisted driving cars will need it, plus the drones that will deliver our parcels and alert us to everything from straying animals to the intrusion of trespassers or floods. Autonomous Underwater Vehicles (AUVs) have applications from deep sea research to military to fisheries management. Incidentally, our fixation with self-driving cars so far assumes the conveyance of humans. But an autonomous delivery van is a perfectly viable concept with rather less safety concerns to hamper adoption.
Miniaturisation: Another thriving aspect of today’s smart ICT and engineering is the progress being made in the miniaturisation of all kinds of devices, from smart phones in wristwatch format to cameras to sensors. In healthcare the possibilities of tiny electronic devices range from diagnostic probes and scopes to advanced pacemaker technology to automatic prevention/cure responses by implanted devices to undesirable phenomena in the patient’s organs. We will eventually all be cyborgs to some degree — just not in 2016 in the public system.
“One easy prediction for 2016 is that attacks on Apple devices are going to step up. While there has been something of a myth about the Walled Garden devices being generally safer than their Windows and later Android peers, the fact is that hackers and other nasty types always aimed for the greater mass”
The entire mobile device market is in perpetual search of lighter, smaller, more powerful units. On the other hand, the screen is the limitation. In TechPro for several years now we use the phrase ‘screen of choice’. Different tasks have appropriate screen display sizes according to the user’s taste or more frequently used applications. We have already reached the stage (as we have with TVs) where the size or form factor is dictated more by the power or networking connections than the smart innards. So ‘screen of choice’ is more appropriate than ever. Obviously, the next step is to transfer the current operation seamlessly to the larger or smaller screen you have just taken out of your pocket or bag.
Internet of Things: Clearly miniaturisation will have a massive contribution to make to the Internet of Things (IoT). Some sensors, tags and other elements are already normal in small form factors but more active or powerful devices will have a place in the applications of IoT. It is already clear that, in most practical uses of IoT technology, there will be hierarchies of devices, from RFID and similar tags to local controllers of various kinds and on up to what one might call Wide Area Controllers or servers.
Mesh networking has already been a standard in industrial automation for nearly two decades, so it seems we really should be talking about LAMs and WAMs in IoT instances, by analogy with LANS and WANs. IoT meshes will be more frequently seen in 2016 in sectors like industrial production, logistics and warehousing, transport systems (especially closed loops like urban transportation), hospitals and many others. It seems obvious that the home will be a rich commercial target, with linked Nest type devices covering everything from heat and light control to fire and smoke alarms to entertainment to security and cameras. The Home Controller or Home LAM concept would seem the obvious line of progression.
Security: One easy prediction for 2016 is that attacks on Apple devices are going to step up. While there has been something of a myth about the Walled Garden devices being generally safer than their Windows and later Android peers, the fact is that hackers and other nasty types always aimed for the greater mass. The iPhone and iPad garnered the headlines but not the majority market share. But that bit of snobbery has its own downside because the Black Hats have become more targeted as well as better armed with smarter software. So the Walled Garden is by now the wealthy enclave with more opportunities per device than the common plob with its Android handhelds and traditional Windows X (or indeed VII or VIII or even more ancient XP).
Seriously, there is nothing electronic that is immune from threat or not a target. We mentioned the Home Controller above: what a target if it controls the security system. Automated systems of all kinds will increasingly be subject to malevolent attacks for vandalism or ransom or competitive advantage. A self-driving car has already been hacked and brought to a controlled stop by white hat experimenters. Military vehicles and cop cars already have enemies. Public transport may offer lower risk potential terrorism opportunities. It’s not just a thriller plot idea to suggest that high net worth individuals (rich guys) could be kidnapped by remote control.
Fun: It has to be acknowledged that digital video has brought a huge and growing range of entertainment within everyone’s reach. The divide now is between those who can consume the stuff online and those who are compelled to stay with DVDs or file copies from more digitally affluent family or friends. But one technology is starting to stand out as an obvious new medium and likely to be a long term staple. Immersive video is just on the cusp of going mass market. Oculus Rift has been the myth leader but with the Samsung Gear VR headset the way is set for rapid commercial production across all of the electronic entertainment brands. The 2016 consumer tech shows in Berlin and Las Vegas will doubtless be full of VR headsets.
This is an interesting technology in many respects. For openers, it renews the concept of listening/viewing with full concentration — almost a lost skill with the obvious exception of classical music and opera buffs. On the development front, we can then advance into 3D, 360 degree experiences and supplementary physical stimuli like movement and vibration. We already have the possibility of movement, albeit somewhat limited, with interactive VR like games or adventure participation — underwater swimming, close encounters with wild animals and so on. The limits appear to be solely in human imagination and the economics and practicalities of VR production. This is going to be fun.
Bandwidth: One thing that will certainly happen in Ireland in 2016 is that the bandwidth rich will get richer (like the content they can access freely) while the deprived digital poor will remain so for some time. In theory, 3G and now 4G can deliver usable bandwidth for ‘normal’ i.e. non-video applications. In practice, the likes of UPC, now in a state of Virginity, has made 4G a toy for the non-urban peasants while mobile network penetration enforces a further class distinction.
Also in theory, the new ESB/Vodafone €450 million joint venture could deliver fibre and hundreds of megs anywhere there is an electricity power line. Now for the 43% of us who cannot get beyond 10mbps even with fixed line broadband, that sounds great. Alas, most of us retain the melancholy suspicion that like the MANs and the several other ‘national’ broadband roll-outs, it will not reach beyond the suburbs of our rural villages. It might, however, light up the smaller villages that have not seen progress beyond ADSL, that 20-year-old technology.
For 2016, we will live in hope.
Unstoppable momentum
TechPro contributor Alex Meehan
What will be the main trends driving technology in 2016? While it may not be possible to predict with 100% accuracy, certainly there are some trends currently developing which would be foolish to overlook — from mobile data security, to new types of wearables to more ubiquitous use of flash memory.
From a security point of view, 2016 is likely to be the year that mobile takes over as the main concern of chief information officers everywhere. The reason is simple — a growing number of business people are using mobile devices as their primary work machines and that trend is not showing any signs of slowing down.
Mobile devices are always on, highly portable, easily lost and do not have the security pedigree that enterprise technology typically has, making them the weak link in the chain. The prominence of Bring Your Own Device (BYOD) schemes amongst enterprise class companies in Ireland also means that many mobile devices continue to hold large amounts of sensitive data rendering them liable to be lost or stolen.
In 2016 however, it is likely that the range of software and malware-based security threats to mobile devices will increase. According to Symantec, this will be particularly true for devices running iOS which have escaped relative scrutiny from attackers to date compared to devices running Windows and Android.
The number of new Mac OS X threats rose by 15% in 2014, while the number of iOS threats discovered in 2015 more than doubled, from three in 2014 to seven at the time of writing, pointing to a serious increase in the number of threats facing Apple’s ecosystem.
“The use of in-memory computing for big data analysis is also a trend that shows no sign of slowing, and as the cost of solid state flash memory continues to fall, it is likely this is something that we are going to see more of”
Symantec also pointed out that the number of Mac OS X systems infected with malware during the first nine months of 2015 is seven times higher than in all of 2014.
“While the total number of threats targeting Apple devices remains quite low compared to Windows in the desktop space and Android in the mobile sector, Apple users cannot be complacent,” said Dick O’Brien, a researcher with Symantec.
“Should Apple platforms continue to increase in popularity, the number of cybersecurity threats facing Apple users will likely grow in parallel.”
The use of in-memory computing for big data analysis is also a trend that shows no sign of slowing, and as the cost of solid state flash memory continues to fall, it is likely this is something that we are going to see more of.
Driven by the boom in data analytics and big data, in-memory computing — the process of carrying out complex tasks using solid state or flash memory — has been around for some time now but cheap memory will continue to make this technology increasingly accessible.
Gigabytes of flash memory are now included as standard in a growing assortment of hardware devices and at the same time, the development of business analytics is putting more tools at the disposal of the enterprise. The end result is more real-time business information in the hands of the business.
SAP’s Hana in-memory database system is a massive enabler of this, delivering real time analytics as well as supporting predictive analytic solutions. The potential of this can perhaps best be seen in the retail sector, where knowing what customers are doing as they’re doing it can offer real market advantages.
From the world of the Internet of Things, Gartner is predicting that by 2018, six billion connected things will be requesting support, prompting a need for a change in thinking amongst enterprise IT departments. In an era of digital business when physical and digital lines are increasingly blurred, enterprises will need to begin viewing things as customers of services — and to treat them accordingly.
“Mechanisms will need to be developed for responding to significantly larger numbers of support requests communicated directly by things,” said Gartner’s 2016 predictions report.
“Strategies will also need to be developed for responding to them that are distinctly different from traditional human-customer communication and problem-solving. Responding to service requests from things will spawn entire service industries, and innovative solutions will emerge to improve the efficiency of many types of enterprise.”
IDC and Forrester Research have also released 2016 prediction reports, with grim forecasts for some groups. In particular IDC states that by 2020, some 30% of current IT vendors will “no longer exist as we know them today.”
The implication is that nearly a third of all vendors doing business today will find themselves merged out of existence or just plain out of business. This can be seen in the movement happening in the enterprise space, with HP dividing in two, Citrix laying off 10 per cent of its workforce and Dell making a play for EMC.
Meanwhile Forrester suggests that while major public cloud providers will gain strength in the short term, with Amazon, IBM SoftLayer and Microsoft capturing a greater share of the business cloud services market, the number of options for general infrastructure-as-a-service cloud services and cloud management software will be much smaller at the end of 2016 than the beginning.
Finally, a nod towards a consumer technology with the potential to impact the enterprise world — virtual reality headsets. While it is mostly associated with gaming, there is also growing anticipation of the technology’s potential application in business and enterprise including uses in architecture, design, education, government and in the military.
Certainly as the technology becomes cheaper and as a result more accessible, and as the traditional limitations to it (notably motion sickness experienced by users after prolonged use) are resolved, virtual reality will become a powerful tool for interacting with virtual worlds.
Probably the most eagerly awaited of the various headsets in development is the Facebook-owned Oculus Rift but competing technologies from Microsoft and Sony are also set to be released in 2016. This will certainly be a technology that will get a lot of attention in 2016, although whether killer enterprise applications appear remains to be seen.
Google’s tardy traffic ticket won’t slow machine learning march
TechPro contributor JJ Worrall
It is a big step, but it is not what we would have hoped for by 2016. Peter Pauzauskie, a chemist at the University of Washington just had to go and rain on everyone’s parade. There is, unfortunately, still no such thing as a freeze ray. Bad news for supervillains everywhere.
Pauzauskie and his colleagues did this year though, for “the first time in history,” create a laser which could be used to cool liquid, reducing a test sample from room temperature to a smidge above 0° Celsius. Results of the experiment, published through the Proceedings of the National Academy of Sciences of the United States of America (PNAS for short) in October, revealed that the laser could prove useful in providing spot cooling on computer chips alongside more common uses in biology.
All very exciting, but no, not the ice-shooting laser anyone with even a cursory interest in comic books has been holding out for all these years.
One other science fiction mainstay though which has become reality, and made plenty of headlines over the past 12 months, in the self-driving car. Though quite a few of those headlines did concern the time one of Google’s fleet of autonomous vehicles got pulled over by a Mountain View traffic officer on a public road near the company’s main campus.
It was driving at a paltry speed of 24 miles-per-hour in a 35 miles-per-hour zone leading to plenty of beeping from fellow drivers and eventually grabbing the attention of local law enforcement. At the time of the November incident, the Mountain View police department released a statement saying: “The officer stopped the car and made contact with the operators to learn more about how the car was choosing speeds along certain roadways and to educate the operators about impeding traffic.”
The key words there though — “how the car was choosing speeds” — could be a turn of phrase that is aped in a variety of forms across enterprises this year as machine learning becomes a more talked about concept. While self-driving cars will hardly be the focus of many companies out there, machines ‘choosing’ their next move is becoming a more common factor in areas like data management, IT security, health, the internet of things (IoT) and more.
“Deep Neural Nets, Gartner explained, will help to automate the litter of tasks that come hand-in-hand with the explosion of data companies must now deal with”
Gartner’s 10 strategic trends to look out for this year was littered with machine learning references, telling for instance how deep neural nets (DNNs) are moving “beyond classic computing and information management to create systems that can autonomously learn to perceive the world, on their own.”
DNNs, Gartner explained, will help to automate the litter of tasks that come hand-in-hand with the explosion of data companies must now deal with. “DNNs enable hardware- or software-based machines to learn for themselves all the features in their environment, from the finest details to broad sweeping abstract classes of content.”
Elsewhere, the document cited “virtual personal assistants” – such as the iPhone’s Siri and Microsoft’s Cortana – which many of us have become familiar with by now, acting in an “at least semiautonomous” manner and bringing machine learning into the mainstream. David Cearley, vice president and Gartner fellow said of this trend that in 2016, “IT leaders should explore how they can use autonomous things and agents to augment human activity and free people for work that only people can do. However,” he added, “they must recognize that smart agents and things are a long-term phenomenon that will continually evolve and expand their uses for the next 20 years.”
Speaking to Tech Republic, Oleg Rogynskyy of another Mountain View company, H2O.ai (which creates “fast scalable machine learning API for smarter applications”), made the point that machine learning can certainly help in freeing-up data scientists’ time as well as simplifying smart applications. “As machine learning tools evolve, they form better platforms for data scientists, developers, and business analysts to work with,” he said in December.
This, the company marketing vice president said, means “data scientists are able to be more efficient in learning new insights or detecting anomalies like fraud. We’re seeing the appearance of more and more smart applications on the market, which let developers skip the data science and quickly put together applications that take advantage of leading machine learning models.”
His point about fraud is borne out by the fact that PayPal — a company which processes more than 1.1 petabytes of data for 169 million customer accounts at any given moment — is already using three types of machine learning algorithms for risk management, which go under the titles linear, neural network, and deep learning.
In August of this year, Hui Wang, senior director of global risk sciences with PayPal explained to the Wall Street Journal that this approach to spotting potential fraud and financial risks is necessary as there is such “little wiggle room for error” as any wrong decision could “cost the company a lot of money.”
Aside from security, many other business processes are being affected by machine learning and should continue to do so as heavy hitters like Microsoft, IBM, Google, IBM, and Amazon offer further cloud-based machine learning services of various kinds. In the case of Amazon, 2015 saw Amazon Machine Learning (AML) arrive on the market to help simplify the process of making real-time predictions from data. While over at IBM, if its example is anything to go by those large names will continue investment in the area in 2016.
In December it was announced that the company was to launch a set of new initiatives designed to bring together the power of its Watson machine learning with IoT “in order to help customers and partners, especially those in industry, to reap the potential benefits from insights derived from collecting and analysing data.” The move was accompanied by the announcement of a global headquarters for its new Watson IoT unit in Munich.
With plenty of investment in the area then, alongside a growing marketplace full of machine learning-based products it’s likely 2016 will see plenty of data-swamped companies investigate just what this area can offer them. Though it is probably best to hold off on asking any autonomous vehicles to get you somewhere in a hurry anytime soon.
Subscribers 0
Fans 0
Followers 0
Followers