Daily Tech Digest - January 05, 2018

Banks of Future Will Face Digitally-Empowered Customers

Banks of Future Will Face Digitally-Empowered Customers: Expert Blog
One of the biggest impacts of using Internet-based distribution networks to access your consumer base is that it will reduce the number of intermediaries that need to participate in a transaction. This is not to say that middlemen will entirely disappear, but in a world where any two entities can communicate P2P on public internet rails, the concept of correspondent banking will be transformed. We already see the power of such networks in places like Kenya, where it took a branchless banking service called M-Pesa only three years to become the most successful mobile banking service in the developing world. They did this simply by connecting millions of consumers with their bank through SMS. Another impact will be a reduction in the friction inherent in switching banks. Think about how easy it is for a cab driver to switch his or her entire personal business from Uber to Lyft on a daily basis.

Should financial experts fear the rise of artificial intelligence?

Artificial Intelligence Finance
Natural language processing, a sub-field of AI is a good example of augmented intelligence. NLP is the development of systems capable of reading and understanding the languages that humans speak. At the heart of this technology is the effort of interpreting a large amount of ‘unstructured data’ (i.e. data that cannot be read by machines yet, such as PDF files, images and audio material). This level of automation is already having significant practical implications. ... 5,000 FinTech start-ups were identified by a 2016 report by Ernst & Young, and the vast majority of them have a mission statement to innovate the banking and financial services sector in some way. Notably, AI is able to vastly improve upon client servicing, trading, post-trade operations such as reconciliations, transaction reporting, tax operation and enterprise risk management, just to name a few.

The Internet of (Secure) Things Checklist

As the AT&T IoT Cybersecurity Alliance highlighted in a recent white paper, Mirai was a prime example of the type of risk posed by unsecured IoT devices. The obvious threat is exposure of personal data to an attacker who compromises a device. However, according to the report, if the connected devices within your organization are used as part of a widespread attack, your organization could suffer reputational damage or, worse, your organization could be victimized by a compromised IoT device from a business partner. Just like any type of cyberattack, the implications of an IoT attack are far-reaching. This is why it is important for security professionals to approach IoT security just as they would network, endpoint, and cloud security. A comprehensive cyber hygiene strategy is a necessary component of securing your organization and preventing cyber attacks.

While benefits may include more convenient crime reporting and saving public resources, privacy concerns abound, as noted by our sister site ZDNet. If sent out or received through the Echo, crime reports both in and out of the police department would be stored on Amazon servers. This could especially be an issue when it comes to reporting crimes anonymously, ZDNet noted, and will be an issue the police force has to address. This isn't the first time Alexa has been implicated in law enforcement. In January 2017, police investigating a murder in Bentonville, AR, filed a search warrant asking Amazon to provide "electronic data in the form of audio recordings, transcribed words, text records and other data" from the Echo. Amazon refused to provide the information from its servers, but the case highlighted the privacy issues associated with always-on devices, Joel Reidenberg, founding academic director of the Center on Law and Information Policy at Fordham University, told TechRepublic at the time.

The shifting sands of finance and technology

With new technologies in place, finance teams will see their role begin to overlap and connect more with their commercial and IT colleagues, with deeper business insights that give people the capacity to become more forward-looking and predictive. Others will be called on to work more closely with computing professionals to develop and implement complex technology systems. It’s time to recognize that just implementing AI or trying out data analytics is no longer enough without the integration and the wholesale processes change to back up the initiatives. The only way the finance organization will realize the full-range and long-term benefits of these technologies is by rethinking finance processes and how the entire ecosystem works together. From our experience at EY, and working with our clients on their own innovations, I truly believe that the finance, IT and other teams can and should all learn from one another.

8 Chrome extensions that supercharge Google Drive

Google Chrome and Drive logos
Want to show your sales video to clients without having to hook up your laptop to a projector or large display? Tibor Vukovic's DriveCast extension lets you cast media files you have stored in your Google Drive to a Google Chromecast device plugged into the projector, display or TV. No need to download the file first; just “cast” it from your Google Drive. (DriveCast casts the media file formats that Chromecast officially supports, like JPG, MP3, and MP4.) Once DriveCast is installed and your computer is linked to your Chromecast device, click the DriveCast icon on the Chrome toolbar. It will open a new tab that lists alphabetically the folders in your Google Drive. Click to open the folder where the media file you want to cast is stored in; find the file and click it. In the small panel that opens below the URL address box, be sure to select “DriveCast” as the casting source (not “tab” or “desktop”).

Four misconceptions around compensating controls

Compensating controls are not a shortcut to compliance or a free pass on compliance. Instead companies are finding that most compensating controls are actually more expensive in the long run. Worse still, they can often prove harder to implement than actually addressing the original vulnerability in the first place. Although they can be legally used for almost every requirement of the PCI DSS, brands should calculate the cost to implement the compliant solution before automatically jumping to compensating controls and also consider future potential costs. If companies are not compliant and a hack occurs, they can face compensation and remediation costs, legal fees, federal audits and of course lost revenue. For example, Target’s profits dropped $440 million in the fiscal fourth quarter following the news of the security breach.

Meltdown and Spectre exploits: Cutting through the FUD

What are the Meltdown and Spectre exploits?
Meltdown and Spectre are not exactly the same, but they are related and use a similar exploit mechanism to gain access to computer data. Nearly all modern chip architectures from the major suppliers (Intel, AMD, ARM) are affected, and this includes nearly all modern computer systems from data center to PC to smartphones. The problem affects nearly all operating systems, such as Windows, Linux, macOS and even Android, as well as virtualized environments such as VMware and Citrix. But it doesn’t affect lower-level or real-time operating systems (like QNX) that don’t use this particular feature, nor in lower-level controller chips used for the Internet of Things (IoT). Basically, the exploit involves reading memory locations that are supposed to be protected and reserved for use by the computer kernel. It exploits an architectural technique known as “speculative execution” which is a key feature of things such as look-ahead instructions and data, which significantly improves computer performance.

In the World of Cryptocurrencies, Something’s Gotta Give in 2018

So you thought Bitcoin was anonymous? Hope you weren’t buying anything naughty with it, because—surprise—it really isn’t. But privacy is still of major interest to the cryptocurrency community, which is why you should expect to hear more in the coming year about a cryptographic protocol called a zero-knowledge proof. The mind-bending math of zero-knowledge proofs makes it possible to prove something (say, that you are older than 18) without revealing anything else (like your precise age). A currency called Zcash already uses this to make truly anonymous transactions possible. JPMorgan Chase has even adopted it for its “enterprise blockchain” system. And thanks to its latest software update, Ethereum’s developers can now implement zero-knowledge capability too. It would not be surprising if the next year were to yield applications of zero-knowledge proofs that we haven’t yet imagined.

IT departments have no idea how much they spend on AWS and Azure

Unless an IT department closely scrutinises its cloud usage, it can end up paying far more than it needs to. Public cloud servcies generally offer tools to help IT admins keep track of which cloud instances are being used and how much storage, network, memory and central processing unit (CPU) workloads consume. But it is often hard for an individual user to find these metrics given the way cloud services tend to be procurerd. According to Densify, many businesses have multiple AWS or other public cloud accounts, that roll up into a master corporate account. This means the people who pay the cloud bills rarely understand the reasoning behind the expense, Densify said. Internal users who then take chunks of cloud service from the main account are only aware of the demands their own cloud instances require. Their applications may need different usage patterns in terms of storage, CPU and memory, compared to other parts of the business.

Quote for the day:

"Your job gives you authority. Your behavior gives you respect." -- Irwin Federman