Daily Tech Digest - June 08, 2017

Did someone cancel the fintech revolution?

The Accenture report says that these promises have yet to come to pass; old fashioned banks are still standing, and perhaps standing still, while startups have yet to gain real traction in customer acquisition and seen their VC investment decline by more than a third in the last year.  Nevertheless, Accenture suggests that the revolution is more likely to be stalled than dead. The firm argues that the UK can establish itself as a leading exporter of fintech R&D, helping individual firms monetise their expertise and 'UK plc' build the county's digital reputation. To do this, the report argues that government and regulators must compete with rivals such as Singapore to attract investment and talent. This is particularly important at the moment because of Brexit, which may result in limiting of free movement and see banks shift operations overseas.

Is a chief AI officer needed to drive an artificial intelligence strategy?

This role provides strategic, and in many cases tactical, guidance and support for exploring and transforming the business using realistic AI approaches. This role would also serve as the pragmatic evangelist for the process, people and tools that can help achieve real business results with AI or human intelligence augmentation. It is important for this role to guide the appropriate and reasonable expectations of AI and to push for the proper applications so the business value is demonstrated. The ability to simplify complex topics and to influence others is also essential to the role since there can be a confusing array of approaches, vendor products and internal tensions around strategic directions. This role needs to provide a clear, actionable path forward for the chosen artificial intelligence strategy that allows flexibility but focuses on realistic delivery along the way.

Which Machine Learning Algorithm Should I Use?

The machine learning algorithm cheat sheet helps you to choose from a variety of machine learning algorithms to find the appropriate algorithm for your specific problems. This article walks you through the process of how to use the sheet. Since the cheat sheet is designed for beginner data scientists and analysts, we will make some simplified assumptions when talking about the algorithms. The algorithms recommended here result from compiled feedback and tips from several data scientists and machine learning experts and developers. There are several issues on which we have not reached an agreement and for these issues we try to highlight the commonality and reconcile the difference. Additional algorithms will be added in later as our library grows to encompass a more complete set of available methods.

jhsdb: A New Tool for JDK 9

The jhsdb tool is described on its Oracle JDK 9 Documentation Early Access page, "You use the jhsdb tool to attach to a Java process or to launch a postmortem debugger to analyze the content of a core-dump from a crashed Java Virtual Machine (JVM)." The tool comes with several "modes" and several of these modes correspond in name and function with individual command-line tools available in previous JDK distributions. The jhsdb tool not only provides a single tool that encompasses functionality of multiple other tools, but it also provides a single, consistent approach to applying these different functions. For example, the jhsdb command-line syntax for getting help for each of the "modes" is identical. The jhsdb tool can be attached and applied to a running JVM via its process identifier (PID) similar to how several other tools (including jcmd) work.

10 critical skills that every DevOps engineer needs for success

People skills are key, but tend to be underappreciated, said Alan Zucker, founding principal of Project Management Essentials. As software engineers, DevOps professionals tend to look to tools rather than people and processes. "Great DevOps engineers start by understanding the people, the culture, and how the organization runs," Zucker said. "They then build a strategy that focuses on simplifying the overall operating environment to achieve the goal of continuous delivery." For a DevOps team to be successful, it needs to include individuals who possess strong communication skills, said Alex Robbio, president and cofounder of Belatrix Software. "Similar to Agile development teams, soft skills are incredibly important—not just for the individual engineer, but also in making the organizational cultural shift to implementing and then standardizing DevOps," Robbio said.

We need to talk about how artificial intelligence can manipulate humans

Unfortunately, the commercial forces driving technology development are not always benevolent. The giant companies at the forefront of AI—across social media, search, and e-commerce—drive the value of their shares by increasing traffic, consumption, and addiction to their technology. They do not have bad intentions, but the nature of capital markets may push us toward AI hell-bent on influencing our behavior toward these goals. If you can get a user to think, “I want pizza delivered,” rather than asking the AI to buy vegetables to cook a cheaper, healthier meal, you will win. If you can get users addicted to spending 30 hours a week with a “perfect” AI companion that doesn’t resist abuse, rather than a real, complicated human, you will win.

The Behavioral Economics of Why Executives Underinvest in Cybersecurity

In the case of cybersecurity, some decision makers use the wrong mental models to help them determine how much investment is necessary and where to invest. For example, they may think about cyber defense as a fortification process — if you build strong firewalls, with well-manned turrets, you’ll be able to see the attacker from a mile away. Or they may assume that complying with a security framework like NIST or FISMA is sufficient security —just check all the boxes and you can keep pesky attackers at bay. They may also fail to consider the counterfactual thinking — We didn’t have a breach this year, so we don’t need to ramp up investment — when in reality they probably either got lucky this year or are unaware that a bad actor is lurking in their system, waiting to strike. The problem with these mental models is that they treat cybersecurity as a finite problem that can be solved, rather than as the ongoing process that it is.

Public-private partnership critical to thwarting cyber threats

It’s a serious problem for healthcare organizations, which have a responsibility to secure their systems, medical devices and patient data from these kinds of cyber attacks with razor-thin operating margins, and, as a result, “cannot afford to retain in-house information security personnel, or designate an information technology staff member with cybersecurity as a collateral duty,” according to the task force. Meadows acknowledges that security is a “harder sell” for C-level healthcare executives “because it’s really an insurance policy and there’s no perceived ROI to having good security posture and hygiene,” particularly in smaller organizations facing resource constraints. However, organizations making the decision to “prioritize cybersecurity within the healthcare industry requires culture shifts and increased communication to and from leadership, as well as changes in the way providers perform their duties in the clinical environment,”

Did Bitcoin Enable an Explosion in Ransomware Attacks?

Now with Bitcoin, money can be collected automatically and without being tied to a bank account. While you can look at the Bitcoin blockchain and see where money goes, it becomes difficult to track it once it is passed through multiple wallets. Many use Bitcoin mixing services that split up Bitcoin and mix it with other money to confuse the tracking process. If you pass it through multiple Bitcoin wallets and mix it in with other Bitcoin, it becomes very difficult to trace.  Bitcoin also makes it easier and faster for criminals to gain access to the money they steal. In the past, they might have to wait for it to transfer between bank accounts or to be physically transferred in cash. Now, they can move it around to multiple Bitcoin wallets quickly and start using it with a new email address. This allows the money to be spent before it can even be located.

Don’t like Mondays? Neither do attackers

Monday may be our least favorite day of the week, but Thursday is when security professionals should watch out for cybercriminals, researchers say. Timing is everything. Attackers pay as close attention to when they send out their booby-trapped emails as they do in crafting how these emails look. Malicious email attachment message volumes spike more than 38 percent on Thursdays over the average weekday volume, Proofpoint said in its Human Factor Report, which analyzed malicious email traffic in 2016. Wednesdays were the second highest days for malicious emails, followed by Mondays, Tuesdays and Fridays. Weekends tend to be low-volume days for email-borne threats, but that doesn’t mean there aren’t any. “Attackers do their best to make sure messages reach users when they are most likely to click: at the start of the business day in time for them to see and click on malicious messages during working hours,” Proofpoint researchers wrote in the report.

Threat Intelligence: A New Frontier in Cybersecurity

The art of bringing a high-value threat intelligence capability to market consists of the application of data science and human intervention to the raw threat feeds. It is this filtering and curation which enables the vast amount of threat data to be ignored or else responded to very quickly. It is then the same filtering and curation function that allows for the most suspicious data to be extracted from the main body of the threat data. The SecOps team's resources can then be concentrated on applying greater forensic effort around that data subset in an effort to understand the modus operandi of the most threatening adversaries -- and stay ahead of them. This is a primary area where threat intelligence providers differentiate themselves. Machine-learning algorithms leveraging standard and advanced statistical models -- and customized to cybersecurity goals -- have to be used to automatically process the many billions of security events that threat intelligence providers see.

Quote for the day:

"Failing organizations are usually over-managed and under-led." -- Warren G. Bennis