Author: The New Economy

Protecting your data assets from insider security threats with UEBA

Posted on by The New Economy

When Tesla employee Martin Tripp got passed over for promotion recently he sought revenge by writing code that exported gigabytes of Tesla’s sensitive data, including dozens of confidential photographs and a video of Tesla’s manufacturing systems. If Tesla CEO Elon Musk was under any illusion that the insider threat was not something to be concerned about before, no doubt he’ll have changed his mind by now.

This is a classic example of an employee abusing their position to cause problems for his or her employer. And it’s much more common than you might think: according to Crowd Research Partners’ 2018 Insider Threat Report, 53 percent of organisations will suffer from an insider threat. This is an attack vector that businesses cannot afford to ignore.

UEBA defined
To help minimise the risk of falling victim to the insider threat, many organisations are now deploying user entity and behaviour analytics (UEBA). UEBA utilises machine learning to study the typical behaviour of each employee, creating a baseline of ‘normal’ user behaviour. This baseline is grounded on criteria such as the files typically accessed by a user, the frequency and time of that access, and the actions they take with the files, among others.

An additional benefit that UEBA brings is the ability to track how the data is accessed and used by employees over a specific period of time – flagging any suspicious activity in the process. For example, in a non-UEBA scenario, if a systems engineer copied a portion of code to work with independently, this would unlikely be flagged as suspicious.

UEBA utilises machine learning to study the typical behaviour of each employee, creating a baseline of ‘normal’ user behaviour

However, with UEBA, it is possible to track activity around this file more closely. Has the user accessed that particular file before? Is the access request from a different location than usual? Has the user accessed the file on a device that has recently copied other sensitive files?

This ability to compare activity against a user’s individual baseline helps the security team focus their time and resources on threats that are more likely to be ‘real’, significantly reducing the number of false positives.

Tackling the insider threat
There are two insider threat attack vectors that UEBA helps prevent. The first concerns ‘the malicious insider’. This is an employee who wilfully breaches their duty and exploits the technology, assets and intellectual property of their employer. This can be to harm the company, steal data to take to their next employer or to sell data to competitors – all the while remaining a ‘trusted’ employee.

The other kind of attack involves ‘the reluctant insider’. Unlike the malicious insider, the reluctant insider accidently grants criminals access to the network. More often than not, this is a result of an employee’s credentials being phished or compromised in a data breach. With access to an employee’s username and password, hackers can bypass most security measures.

Fortunately, UEBA is extremely proficient at identifying the reluctant insider threat. Criminals may be able to access privileged accounts, but behaving in the same manner as the compromised employee is difficult to achieve. This makes it relatively simple for UEBA to identify imposters on the network.

In a world of time-poor, resource-stretched IT security teams, having a tool that minimises the number of false alerts, yet quickly identifies areas of real concern, is a must. And when it comes to the insider threat, time is of the essence, as it is likely the perpetrator will already have access to your sensitive data or be in a position to write and deploy code that could cause significant damage.

We all know there is no cybersecurity silver bullet, but UEBA is an important tool in a security team’s armoury, producing real-time, priority alerts that analysts know must be addressed immediately.

Top 10 Millennial business concerns organisations can’t afford to ignore

Posted on by The New Economy

Millennials – a generation defined by Pew Research Centre as those born between 1981 and 1996 – have been the source of fascination for businesses and academics in recent years, presenting enormous commercial opportunities in almost every market.

But getting into the mindset of an entire generation can be tricky, with only a few organisations having cracked the code. Luckily, market research company Morning Consult has composed a report that sheds light on Millennials and their business concerns. Here, we examine the top 10 insights provided by the report:

Labour practices
When compared with previous generations, Millennials can be considered among the world’s most ethical consumers; just 25 percent of the participants in Market Consult’s survey said they would purchase goods or services from a company if they knew it adopted labour practices they didn’t support.

Employee wellness
The way companies treat their employees is also a key consideration for Millennials. In fact, 51 percent of participants said they would like a company more if it paid employees a good wage, while 40 percent said their estimation of a company would go up if it was generally considered a nice place to work.

Sharing is caring
Millennials greatly favour organisations that engage in charitable activities. Indeed, 38 percent of those surveyed said they would engage with a company more if it gave a small share of its profits to a good cause.

The term Millennials most associated with their favourite brands was ‘well priced given the quality’, followed by ‘reliable’, ‘high quality’ and ‘trustworthy’

Diversity matters
According to the report, 36 percent of respondents said they would judge a company on how diverse it was, with 32 percent saying they preferred companies that made efforts to promote women into leadership positions.

Politically minded
The politics of an organisation can make or break its relationship with Millennials. This was emphasised by the fact 29 percent of respondents said they would not buy goods or services from an organisation that adopted a different political stance to their own.

Meanwhile, 24 percent revealed they had boycotted a company in the last year, with 26 percent of this contingent citing political reasons.

Brand association
The term Millennials most associated with their favourite brands was ‘well priced given the quality’, followed by ‘reliable’, ‘high quality’ and ‘trustworthy’.

Brand loyalty
When asked what factors had increased their loyalty to a brand, Millennials earmarked reliability and/or durability as being the most important influence, with quality of products and customer service ranking closely behind.

The customer is always right
At the other end of the spectrum, 74 percent of Millennials cited poor customer service as a key factor in reducing brand loyalty, while 70 percent singled out brands not paying employees well enough.

Popularity contest
Technological organisations were by far the most favoured brands among young adults, with YouTube, Google and Netflix topping the list.

Honesty is the best policy
When asked to choose the value that mattered most from a list of 22, Millennials opted for ‘honesty’. ‘Reliability’ and ‘helping family’ came second and third, respectively.

Harley-Davidson seeks to recharge sales with its first ever electric motorcycle

Posted on by The New Economy

Harley-Davidson has unveiled plans to launch its first ever electric motorcycle, LiveWire, in 2019. According to a statement made by the company on July 30, LiveWire will be followed by as many as five additional electric models through 2022 to “broaden the [firm’s] portfolio with lighter, smaller and even more accessible product options”.

Although the 115-year-old company invested in California-based electric motorcycle firm Alta Motors in May this year, the LiveWire project has been in the works since 2014.

The iconic brand hopes its new lightweight, urban bikes will help attract younger generations to motorcycles while keeping old fans happy. In an interview with CNBC, Harley-Davidson CEO Matt Levatich said: “We’re going to be doubling down on existing products.

Harley-Davidson hopes its new lightweight, urban bikes will help attract younger generations to motorcycles while keeping old fans happy

“We’re going to invest in an all-new middleweight platform, which is a modular chassis and a very core engine technology to go in three dramatically different spaces: adventure touring, custom and street fighter.”

Harley-Davidson also hopes to boost sales in China and India by partnering with local companies. However, the company has drawn ire from US President Donald Trump for developing production operations in international markets. Due to an ongoing trade war between the US and the EU, the firm announced in June that it would be moving its European market production out of the US.

Motorcycles exported to European customers used to be subject to a six percent tax but, due to the trade war, that has increased to 31 percent. Harley-Davidson said the EU’s tariffs would add, on average, $2,200 to each exported bike.

Levatich believes Trump’s statements have brought the company “unfortunate attention”, and told CNBC: “We’ve worked very hard to be apolitical in how we approach our business and our consumers everywhere in the world.”

Harley-Davidson’s stock has dropped by around 15 percent this year as the motorcycle industry in the US continues to decline. While electric motorcycles are still a niche market, the introduction of LiveWire and other smaller, electric models into new markets could be the bold shake-up the company needs to reverse its fortunes.

IBM and CLS test blockchain app store for financial institutions

Posted on by The New Economy

On July 30, IBM and foreign exchange service settlement provider CLS announced they had begun testing a digital platform that will enable finance firms to access blockchain-based applications. It is not clear when the proof of concept (PoC) for LedgerConnect will be formally launched, but nine financial institutions have already agreed to test the platform, including Barclays and Citigroup.

Although there has been much talk about the potential uses of distributed ledger technology (DLT) – the most famous example of which is blockchain – the number of commercial applications remains limited. It is hoped LedgerConnect will create a network similar to consumer-facing app stores, allowing financial organisations to find and implement DLT-based programs more easily. The software vendors committed to the PoC include OpenRisk, Mphasis, Baton Systems and IBM.

It is hoped LedgerConnect will create a network similar to consumer-facing app stores, allowing financial organisations to find and implement DLT-based programs more easily

“LedgerConnect is part of CLS’ strategy to explore how we can provide safe and robust solutions that create efficiencies and reduce risk for a diverse range of firms operating in the financial markets,” explained Alan Marquard, Chief Strategy and Development Officer at CLS. “We expect LedgerConnect to deliver enhanced efficiencies and economies of scale over single-purpose distributed ledger networks.”

As well as making it easier for banks to find the applications they need, the platform will also help create shared security and technical standards that should make the development and deployment of applications more efficient. With LedgerConnect, fintech companies and banks won’t have to waste resources building their own ledger networks and can instead focus on their core business goals.

Among a host of potential applications, financial institutions could use blockchain to develop Know Your Customer processes and derivatives post-trade processing. If the LedgerConnect PoC is deemed a success, IBM and CLS have confirmed the platform will receive a wider industry launch.

BP to snap up BHP Billiton’s US shale assets

Posted on by The New Economy

BP has agreed to buy the US shale oil and gas assets of mining giant BHP Billiton for $10.5bn in a move the company said will upgrade and reposition its US onshore business.

The deal, which is BP’s biggest in nearly 20 years, will secure the UK-based company a position in the Permian basin in Texas, one of the top oil fields in the world and the centre of the US shale boom.

BP will also pick up assets in the Eagle Ford and Haynesville basins in Texas and Louisiana. In total, the assets have a combined production output of 190,000 barrels of oil equivalent per day, as well as 4.6 billion barrels of oil equivalent resources.

In a statement made on July 27, BP CEO Bob Dudley said: “This is a transformational acquisition for our Lower 48 business, a major step in delivering our upstream strategy and a world-class addition to BP’s distinctive portfolio.”

BHP Billiton’s shale assets have a combined production output of 190,000 barrels of oil equivalent per day, as well as 4.6 billion barrels of oil equivalent resources

The company also announced it would hike its quarterly dividend for the first time in almost four years, as well as action a $6bn share buyback.

“The financial repositioning we have delivered in recent years and the confidence we have in our outlook for free cash flow allow us to take this extremely attractive opportunity now without any adjustment to our financial frame,” said Brian Gilvary, BP’s Chief Financial Officer. With the company’s planned divestments and buybacks, Gilvary said the “major step forward” is expected to be delivered for a net investment of around $5bn.

BHP put its shale assets up for sale in August 2017 after investors – led by US activist hedge fund Elliott Management – pressured the company to sell its onshore business, which had been hampered by enormous writedowns. The firm’s share price rose as much as three percent following the announcement.

BHP paid more than $20bn for the assets in 2011, spending a further $20bn developing the fields. However, when oil prices collapsed at the end of 2014, BHP began to struggle. The company will take a final one-off charge of $2.8bn in its 2018 financial year results.

The acquisition signals a big shift for BP – which has spent the years since the 2010 Deepwater Horizon rig disaster paying off over $65bn in penalties and other costs – as well as the broader oil and gas industry. With oil prices sitting at multi-year highs, the industry looks ready to get back into growth mode.

Qualcomm’s NXP takeover fails as US-China trade tensions extend to M&A market

Posted on by The New Economy

Trade tensions between the US and China have claimed another casualty. President Donald Trump has already been forced to set aside $12bn in aid for the US farmers that will be negatively affected by retaliatory tariffs, while bankruptcies are being predicted for many Chinese companies. Now, a proposed $44bn takeover bid by American chipmaker Qualcomm has fallen by the wayside after the company’s planned acquisition of Dutch semiconductor firm NXP did not receive approval from regulators in Beijing.

The takeover had been in the works since 2016 and eight other regulators from around the world approved the bid months ago. Chinese regulatory approval was also expected, particularly as Qualcomm and NXP have little overlap in terms of the two companies’ product portfolios. However, the increasing likelihood of an all-out trade war appears to have caused Chinese regulators to have a change of heart.

Qualcomm’s failed NXP bid comes as a major blow to the M&A landscape, as there will now be concerns that China could block other planned acquisitions

By withholding approval beyond the agreed takeover deadline, Beijing effectively killed the deal. Qualcomm officials confirmed as much in a statement issued early on July 25.

“We intend to terminate our purchase agreement to acquire NXP when the agreement expires at the end of the day today, pending any new material developments,” explained Qualcomm CEO Steve Mollenkopf. “In addition, as previously indicated, upon termination of the agreement we intend to pursue a stock repurchase programme of up to $30bn to deliver significant value to our stockholders.”

The failed takeover comes as a setback to both companies – Qualcomm will have to pay a $2bn break-up fee to NXP, while the Dutch firm will now have to convince investors it has a long-term future – but could also have wider ramifications. It will certainly come as a major blow to the M&A landscape, as there will now be concerns that China could block other planned acquisitions.

The refusal to approve Qualcomm’s NXP bid also further damages US-China relations. Trump has recently threatened to impose new tariffs on the US’ trading partners, but as China imports relatively few products from the US, it gives the country limited ability to respond in kind. Perhaps scuppering business mergers and other investment opportunities will provide China with another way of retaliating.

EDF reveals further cost overruns and delays to its Flamanville nuclear reactor

Posted on by The New Economy

The cost of EDF’s new Flamanville nuclear reactor has swelled to more than three times the French state-owned utility’s original budget after further issues were revealed in the construction process.

EDF said target construction costs had risen by €400m ($468m) to €10.9bn ($12.7bn). Already seven years behind schedule, the project will now be delayed by another year, with the loading of nuclear fuel not expected until the fourth quarter of 2019.

In April, EDF revealed that problems with the weldings at its flagship nuclear site could impact the project’s costs and timetable following an assessment by the French Nuclear Safety Authority.

With Europe’s EPR projects all facing cost overruns and delays, questions have been raised about their commercial viability

On July 25, EDF said 33 of 148 inspected welds were found to have “quality deficiencies” and would be repaired: “EDF teams and their industrial partners are fully mobilised and are continuing all other assembly and testing activities at the Flamanville [European Pressurised Reactor (EPR)], including the system performance tests.”

France’s Flamanville project is one of three EPRs currently being built across Europe. The third-generation technology has taken decades to develop and aims to improve safety, as well as reduce costs. EDF is also building the Olkiluoto 3 project in Finland and Hinkley Point C in the UK, both of which are also behind schedule.

Earlier in July, China’s Taishan 1 became the first EPR in the world to be successfully connected to the power grid in a landmark moment for the new reactor design. Built by EDF’s subsidiary, Framatome, the reactor is expected to go into full operation later this year.

With Europe’s EPR projects all facing cost overruns and delays, questions have been raised about their commercial viability. While costs for sources of power such as renewable energy continue to fall at a rapid rate, nuclear power is moving in the wrong direction as construction projects get even more expensive.

Impossible Burger: vegetarian patty that ‘bleeds’ finally gets FDA approval

Posted on by The New Economy

On July 23, Impossible Foods, the West Coast firm that makes “meat using plants”, received official confirmation from US food regulators that one of its key ingredients was safe for human consumption. In a letter to the company, the Food and Drug Administration (FDA) said it had “no questions at this time” regarding soy leghemoglobin and whether it was “generally recognised as safe”.

The San Francisco-based company is best known for its Impossible Burger, which uses a patty made from wheat and potato proteins, coconut oil and xanthum. The most important ingredient, however, is soy leghemoglobin and the iron-rich protein it carries, heme.

Eating just one Impossible Burger saves the equivalent of 75sq ft of land when compared to eating a burger made from beef

Heme is found in all animal tissue but also occurs naturally in soy plants, albeit in smaller quantities. Impossible Foods uses genetically modified yeast to produce heme, which is then incorporated into its burgers, meatballs and other products to give them the colour and flavour of real meat.

Although the Impossible Burger has been available for some time, last summer the FDA said it had not received sufficient information to establish whether consuming heme was safe. However, following the submission of a 1,066-page document, which included data from years of research, the FDA has issued its formal approval.

“Getting a no-questions letter goes above and beyond our strict compliance to all federal food-safety regulations,” explained Impossible Foods founder and CEO Dr Patrick O Brown. “We have prioritised safety and transparency from day one, and they will always be core elements of our company culture.”

Although both vegetarianism and veganism are on the rise globally, getting people to cut meat out of their diet completely can still prove a difficult task. Creating good meat substitutes like the Impossible Burger, therefore, is hugely important.

Not only does it boost animal welfare, but it also delivers wider environmental benefits: eating just one Impossible Burger, for example, saves the equivalent of 75sq ft of land or 18 miles worth of vehicle emissions when compared to eating a burger made from beef.

Google to make $550m investment in Chinese e-commerce giant JD.com

Posted on by The New Economy

On June 18, Alphabet’s Google and China’s largest e-retailer by revenue, JD.com, announced they had entered into a strategic partnership. The half-billion-dollar investment is the latest move by Google to enlarge its footprint in e-commerce, as well as in Asian markets.

With Google’s new stake – worth $550m in shares – the Silicon Valley behemoth looks set to expand its presence in the fast-growing Asian market, where increasing purchasing power and access to the internet is causing online retail activity to explode. Asia is also the stage for increasing competition with other global e-commerce rivals, such as Amazon.

The deal will allow JD.com to showcase its products on Google’s shopping service (which has a global reach), while Google will be able to leverage JD.com’s supply chain and logistics. The companies have said that, by merging their capabilities, they aim to explore new solutions in retail infrastructure, as well as offer “helpful, personalised and frictionless shopping experiences”.

The deal aims to explore new solutions in retail infrastructure, as well as offer “helpful, personalised and frictionless shopping experiences”

“The Asia-Pacific [APAC] region is one of the largest and fastest growing e-commerce marketplaces in the world,” said Google’s APAC head, Karim Temsamani, in a company blog post. “People in South-East Asia alone are expected to spend $88.1bn online by 2025.

“These consumers… are ready to buy, but hard to please. The growth of access to the internet and online retail has led to rising expectations for top-notch experiences at every step of the shopper’s journey.”

The move continues a recent pattern of Google investment, which has seen the company expand its online retail channels in international markets, as well as increase its foothold in the burgeoning APAC region.

The partnership with JD.com comes just a week after Google announced a strategic agreement with French supermarket chain Carrefour, which seeks to develop the French company’s retail distribution channels in Europe to include smartphones, tablets and other smart devices.

In Asia, meanwhile, Google recently signed a patent-sharing agreement with Tencent, which allows the US company to access the Chinese market without its own technology being blocked by the government, and invested in Go-Jek, one of the most popular ride-hailing apps on the continent.

Elon Musk’s Boring Company to build high-speed rail underneath Chicago

Posted on by The New Economy

On June 13, Elon Musk’s tunnelling enterprise, the Boring Company, announced it had been chosen to design and build an express rail system connecting Chicago’s O’Hare International Airport with the city centre. This is the first major contract the company, which had been dismissed by some as a mere side project to Tesla and SpaceX, has managed to secure.

The project, called the Chicago Express Loop, will be a high-speed underground transportation system that travels between 125 and 150mph on “electric skates”. According to the Boring Company, the aim of the Chicago Express Loop is to “alleviate soul-destroying traffic” by travelling through tunnels rather than above ground.

The Chicago Express Loop promises to cut the travel time between O’Hare International Airport and downtown Chicago to 12 minutes

The loop will be privately funded by the Boring Company and, under the proposal, will have the capacity to transport close to 2,000 passengers each way every hour. The Chicago Express Loop also promises to cut the travel time between O’Hare International Airport and downtown Chicago to 12 minutes – approximately three to four times faster than existing over-ground rail links and congested roads.

“If you look at the history of Chicago… every time we’ve been an innovator in transportation, we have seized the future,” said Chicago Mayor Rahm Emanuel in an interview with the Chicago Tribune.

“The risk – with no financial risk – is I’m betting on a guy who has proven in space, auto and now a tunnel, that he can innovate and create something of the future. Given [Elon Musk’s] track record, we are taking his reputation and saying ‘this is a guy in two other transportation modes who has not failed’. That’s what we’re doing.”

Not yet a public company – and with a new, unproven concept – the Boring Company has had to be creative when raising capital. So far, funds have been bolstered by the sale of hats, fire extinguishers and flamethrowers.

The company’s primary function, as is suggested by its name, is the boring of tunnels, which can be painstakingly slow. The Boring Company has said its goal is dig tunnels as fast as snails can move.

Coinrail hack sends bitcoin price tumbling

Posted on by The New Economy

On June 10, the value of bitcoin fell by roughly 10 percent after Coinrail, a Korean cryptocurrency exchange, was hacked. Hackers were able to take around 30 percent of the exchange’s coins in what is the latest cyberattack on a crypto-exchange platform.

On its website, Coinrail confirmed 70 percent of its coins and tokens are safely stored in a ‘cold wallet’, an offline data storage unit unable to be accessed by hackers via the internet. Coinrail also said the value of stolen coins is still being determined, but confirmed two thirds of the loss is covered through freezing and recalling, while the status of the remaining third is being probed by investigators, relevant exchanges and coin developers.

Being one of the smaller exchanges in the market, Coinrail was not legally required to have information security management systems in place, as the legislation only applies to sites attracting in excess of one million daily visitors.

Although bitcoins were not the only cryptocurrency taken in the breach, investors were rattled by the security of their crypto-assets, causing bitcoin to lose around $500 in value

As a consequence, the platform was perhaps more vulnerable to the data breach than bigger players would have been. Additionally, Coinrail was not a member of the group of South Korean exchanges that jointly implemented stricter self-regulation and security measures in January.

Although bitcoins were not the only cryptocurrency taken in the breach, investors were rattled by the security of their crypto-assets, causing bitcoin to lose around $500 in value.

The hack is the latest in a string of attacks on cryptocurrency exchanges. The most famous hack took place in 2014, when Mt Gox, the largest bitcoin exchange of its time, went bankrupt after $460m worth of bitcoin was stolen in a cyberattack.

A few years later, Bitfinex was also hacked, losing $72m in crypto-coins. Most recently, another South Korean exchange, Youbit, went bankrupt in December after multiple hacks.

Facebook confirms data-sharing relationships with Chinese companies

Posted on by The New Economy

On June 5, Facebook confirmed it had data-sharing arrangements in place with several Chinese companies, with some dating back as far as 2007. The company’s admission comes just two days after The New York Times first revealed the relationships.

According to The New York Times, the agreements grant Chinese companies access to user data, ostensibly to help them build apps that provide “Facebook-like” experiences, such as status updates and ‘like’ buttons. The companies in question include smartphone makers Huawei and OPPO, as well as PC maker Lenovo and electronics company TCL.

Through the agreements, these companies – along with many other Western companies – were allowed access to detailed user data, such as religious and political affiliation, relationship status and work history.

The agreements grant Chinese companies access to Facebook user data, ostensibly to help them build apps that provide “Facebook-like” experiences

“Facebook, along with many other US tech companies, [has] worked with [Huawei] and other Chinese manufacturers to integrate their services onto these phones,” said Facebook’s Vice President of Mobile Partnerships, Francisco Varela, in a statement to The Hill.

“Facebook’s integrations with Huawei, Lenovo, OPPO and TCL were controlled from the get go – and we approved the Facebook experiences these companies built.”

The data-sharing agreement has drawn the attention of Congress and, most notably, Mark Warner, the Vice Chairman of the Senate Select Committee on Intelligence. In a post to his Twitter page, Warner said Facebook needed to provide “the whole story, now, not six months from now”.

“Given the interest from Congress, we wanted to make clear that all the information from these integrations with Huawei was stored on the device, not on Huawei’s servers,” Varela said.

In April, the US Federal Communications Commission voted unanimously to ban federal subsidies from being used to buy equipment from Huawei and fellow Chinese phone company ZTE on national security grounds.

The latest revelation has put another speed bump in Facebook’s recovery from its massive data scandal earlier this year, when it was revealed the data of more than 80 million Facebook users had been utilised by a third-party consulting firm, Cambridge Analytica. Facebook’s stock has, however, made a full recovery from the scandal.