Daily Tech Digest - September 20, 2018

Smarter analytics for banks

Smarter analytics for banks
Banks currently concentrate most of their analytics use cases in sales management (for example, next product to buy, digital marketing, and transactional analytics), financial risk management (collections), and nonfinancial risks (cybersecurity and fraud detection). These are logical first choices, but banks also need an analytics road map for the entire organization to ensure transparency and clarity on their aspiration for advanced analytics. Before launching efforts on specific use cases, banks should identify those areas where analytics will do the most to enhance their value propositions, in line with their business strategies. Over time, banks should extend analytics to other functions and set their ambitions for how analytics will help the organization in the years ahead. Across industries, analytics leaders integrate analytics not only into a few crucial business units but also across all operations. This is true for analytics leaders among banks as well: more than half have introduced use cases to three or more functional areas.

The new face of Financial Services

With universal consumer adoption of digital communication, and technologies such as Blockchain removing the need for a trusted intermediary, the role of the financial institution is in flux. An example is Bitcoin, and similar technologies launched in recent years. These new currencies seem to herald the shape of things to come, but their levels of volatility hamper their development as reliable forms of payment or stores of value. The risk is that they are becoming nothing more than instruments of pure speculation. Barely a week goes by without a new crypto currency launching, but most disappear without trace leaving early adopters out of pocket and further tarnishing the perceived reliability of such means of exchange. A lack of transparency into the workings of the system exposes it to fraud and manipulation; and the very decentralisation that gives crypto currencies their advantage over traditional counterparts also signals a disadvantage, which is the anonymity of the counter-party in a transaction.

Credential stuffing attacks cause heartache for the financial sector

Often utilized by botnets, credential stuffing describes the use of stolen or leaked credentials in automatic injection attacks. Automated scripts hammer online services with credentials in the hopes of a password and username or email address being accepted as legitimate -- which, in turn, permits account hijacking and takeovers. One of the core problems in today's consumer and employee security practices is the use of password and email combinations for multiple online services. When a data breach occurs, such as the LinkedIn 2012 security incident in which 112 million credentials were exposed, the story doesn't end there. These credentials may end up online and public or for sale in the Dark Web. Massive data dumps full of stolen credentials can be found in the Web's underbelly, all of which can be added to batch scripts which will automatically attempt to login to services. ... If a financial account is compromised in such a way, this may lead to the theft of funds or stock portfolio tampering. If the account belongs to an employee of the organization, the damage could be deeper, with the compromise of internal banking systems.

Investing wisely in the healthcare IT ecosystem

Investing wisely in the healthcare IT ecosystem
Through technology, healthcare is becoming a different kind of industry, which is not lost on the technology provider market. Healthcare CIOs have much greater choices in technology solutions, but they need to be careful. The vendor community is willing to sell a whole range of tools, but some of these tools are more mature than others. There is likely to be a long shake out and adoption period for these technologies. CIOs in healthcare have to think through how to architect these solutions as a part of their ecosystems as opposed to buying 10-point solutions that solve narrowly defined needs.  The data architecture in a healthcare system is very complex, since data comes into the system from so many places — patients, referring physicians, payers. The future includes wearables, home monitoring and other sensors that are beyond the hospital and physician office. And data comes in so many forms — diagnostic test results can be images, paper, and lab results, structured and unstructured — all of which have to be brought into the record and integrated into a set of processes.

How Non-IT Employees Can Bridge the Security Skills Shortage

How Non-IT Employees Can Bridge the Security Skills Shortage
The security skills shortage can equally apply to dedicated IT professionals and to ordinary, non-IT employees. While the worries about the potentially 3.5 million unfilled cybersecurity jobs by 2021 are certainly pressing, even the most dedicated expert will need to work with other employees. Without some knowledge of cybersecurity best practices, your security team will be fighting an uphill battle. This adds additional stress and responsibilities to their workloads, possibly increasing the burnout rate. Instead, you need to get employees involved in bridging the security skills shortage. Your enterprise can start by building awareness of how their actions can influence your enterprise’s security posture. You can and should provide engaging, work-integrated training programs at regular intervals to instruct your employees on best practices. The security skills shortage is already a struggle. Don’t compound it by keeping your other employees in the dark.

False positive reduction in credit card fraud detection

MIT researchers have employed a new machine-learning technique to substantially reduce false positives in fraud-detecting technologies. Image: Chelsea Turner
The backbone of the model consists of creatively stacked “primitives,” simple functions that take two inputs and give an output. For example, calculating an average of two numbers is one primitive. That can be combined with a primitive that looks at the time stamp of two transactions to get an average time between transactions. Stacking another primitive that calculates the distance between two addresses from those transactions gives an average time between two purchases at two specific locations. Another primitive could determine if the purchase was made on a weekday or weekend, and so on. Veeramachaneni said, “Once we have those primitives, there is no stopping us for stacking them … and you start to see these interesting variables you didn’t think of before. If you dig deep into the algorithm, primitives are the secret sauce.” “One important feature that the model generates, is calculating the distance between those two locations and whether they happened in person or remotely.

Meet the women who are making sure blockchain is inclusive

The way Indilo sees it, it’s similar to the promise of the internet where everyone with access had the chance to be a participant. However, that democratization wasn’t totally realized as areas with limited access prohibited participation and the growth of large tech companies. The data created on the internet is a “huge asset essentially owned by few companies use for their own benefit,” she says. “We don’t even understand why they are doing certain things, and in many cases they hugely undermine privacy.” But blockchain can deliver on that promise. Simply being able to send and receive money in a secure, transparent way has huge implications for both the banked and unbanked populations of the world. And it’s not just about money, Indilo contends. Opu Labs is a skincare web application built on the blockchain. It allows users to scan their faces and get analysis on skin conditions. Not only is this very personal information secure and unable to be tampered with, Indilo points out that people are getting paid to get something valuable.

What’s the Secret to Success as a Data Scientist?

What’s the Secret to Success as a Data Scientist?
In essence, data scientists are tasked with making discoveries out of large quantities of data. They’re explorers who interpret the world around them. “At ease in the digital realm, they are able to bring structure to large quantities of formless data and make analysis possible,” Thomas H. Davenport writes for Harvard Business Review. “They identify rich data sources, join them with other, potentially incomplete data sources, and clean the resulting set. In a competitive landscape where challenges keep changing and data never stop flowing, data scientists help decision makers shift from ad hoc analysis to an ongoing conversation with data.” By 2020, IBM is predicting that demand for data scientists will increase by 28 percent. More than half of these jobs (59 percent) will be in the finance, insurance, professional services, and IT industries. Within two years, there will be an estimated 2.7 million data professional jobs in the United States alone. The average annual pay for advertised data scientist jobs is currently somewhere around $105,000.

Your biggest cyber security threat is inside your organisation

It shouldn’t come as a surprise that staff awareness training can be difficult. That doesn’t mean you can’t put in place an effective training regime; you just need to understand the problems and find a solution. The way you do this will depend on the resources at your disposal. One of the most common solutions, particularly for organisations that are short on time, is to get help from a third party. This takes the hassle out of staff awareness training, freeing you from the worries of creating a course from scratch, making sure it’s delivered in a way that everyone will understand and checking that all the necessary information is included. You can make the process even easier by using our Information Security Staff Awareness E-Learning Course. Because it’s an online course, your employees can study at a time and place that’s convenient for them. All you need to do is send a notification to your employees, and then check that everybody’s completed the course.

Artificial Intelligence, Ratings, and the Small Print

Relying on either the wisdom of crowds or the wisdom of computers, however, might not be enough. Acquisti, who is part of the Carnegie Mellon team, believes that the onus shouldn’t be on consumers to continually track the way their data is used. “We cannot expect, or pretend, individuals to be constantly aware of and engaged with all the myriad of ways tools and services continuously collect and track their information,” he wrote in an email. “The effort needed to consciously manage such unending flows of data would be nearly superhuman.” Instead, because privacy management is a societal issue that requires societal solutions, Acquisti argues that it is necessary to set clear privacy standards that companies can adhere to. “If, as a society, we were to set a goal of handling the issue of privacy better, then a combination of smart regulation and technology would be needed,” he noted. Smart regulation should encourage technologies that allow organizations to collect and use consumer data while doing more to protect privacy.

Quote for the day:

"There comes a time when you have to choose between turning the page and closing the book." -- Unknown

Daily Tech Digest - September 19, 2018

AI and robotics will create almost 60 million more jobs than they destroy

A robotic arm at an industrial manufacturing factory. 
Developments in automation technologies and artificial intelligence could see 75 million jobs displaced, according to the WEF report "The Future of Jobs 2018." However, another 133 million new roles may emerge as companies shake up their division of labor between humans and machines, translating to 58 million net new jobs being created by 2022, it said. At the same time, there would be "significant shifts" in the quality, location and format of new roles, according to the WEF report, which suggested that full-time, permanent employment may potentially fall. Some companies could choose to use temporary workers, freelancers and specialist contractors, while others may automate many of the tasks. New skill sets for employees will be needed as labor between machines and humans continue to evolve, the report pointed out. Machines are expected to perform about 42 percent of all current tasks in the workplace by 2022, compared to only 29 percent now, according to firms surveyed by WEF. Humans are expected to work an average of 58 percent of task hours by 2022, up from the current task hours of 71 percent.

The Digital Boardroom: Industrial Boards Are Looking for More Tech-Savvy Directors

It is not enough to be fluent in Industry 4.0; directors have to be able to connect technology to the business in meaningful and tangible ways that will boost shareholder performance. If they are to be seen as respected contributors to the board, directors need to help educate other directors on the implications of technology and bring the leadership skills and business knowledge to advance the broader board’s understanding of the issues at play for the business. Without this broader business perspective, they may lack the influence with other directors and limit their effectiveness in board-level debates about strategy and capital spending. In addition, having a quantifiable way to measure digital transformation and its connection to financial outcomes will be key to their success. Ideas that were too futuristic ten years ago are now a reality, thanks to digital transformation. For example, who knew cars could drive themselves or drones could deliver packages.

All your Windows 10 devices, managed by Microsoft

The complexity of managing previous versions of Windows has meant that handing over PC management to managed service providers and outsourced IT was rarely economic. Microsoft is betting that its new versions of Windows and Office — as well as its cloud analysis and management tools — make it cost effective to take over desktops at scale, whether that management is done by Microsoft; OEMs such as Dell and HP, which already offer on-demand device replacement; or partners such as Avanade/Accenture and Computacenter. Microsoft has “tens of customers” for MMD in the UK and US, including large, regulated organizations like Lloyds Banking Group as well as SMBs like Seattle Reign. Karagounis says the MMD baseline caters for large regulated companies but “we give the smaller organizations a choice with things they don’t want to light up because they’re too heavy-duty.” The program will expand to Canada, Australia and New Zealand in early 2019 and other geographies later in the year.

This Windows file may be secretly hoarding your passwords and emails

Since the Windows Search Indexer service powers the system-wide Windows Search functionality, this means data from all text-based files found on a computer, such as emails or Office documents, is gathered inside the WaitList.dat file. This doesn't include only metadata, but the actual document's text. "The user doesn't even have to open the file/email, so long as there is a copy of the file on disk, and the file's format is supported by the Microsoft Search Indexer service," Skeggs told ZDNet. "On my PC, and in my many test cases, WaitList.dat contained a text extract of every document or email file on the system, even if the source file had since been deleted," the researcher added. Furthermore, Skeggs says WaitList.dat can be used to recover text from deleted documents. "If the source file is deleted, the index remains in WaitList.dat, preserving a text index of the file," he says. This provides crucial forensic evidence for analysts like Skeggs that a file and its content had once existed on a PC.

3 first steps to explore blockchain in the enterprise

Blockchain and digital assets can take a while to fully understand and you really need to be willing to read, listen and experiment. When tackling any complex topic, I begin with reviewing and discussing the topic with credible sources I really trust. We expanded several of our existing collaboration relationships with forward-thinkers, such as the Ideo CoLab and the Institute for the Future, and we joined working groups across industry and academia, with organisations including Harvard University, University College London, the MIT Media Lab and IC3. We paired this outside knowledge with our own analysis. We also conduct user research with Fidelity clients and customers to gain an understanding of their interest and activity in this area, which has helped inform our pilots. ... When we started to explore the possibilities for capital markets, we started with the obvious pain points – specifically, money movement, transactions and payments. This really caught my interest as there was a lot of speculation about the day-to-day usefulness of digital assets.

AI for Crime Prevention and Detection – Current Applications

AI for Crime Prevention and Detection - 5 Current Applications
Companies and cities all over world are experimenting with using artificial intelligence to reduce and prevent crime, and to more quickly respond to crimes in progress. The ideas behind many of these projects is that crimes are relatively predictable; it just requires being able to sort through a massive volume of data to find patterns that are useful to law enforcement. This kind of data analysis was technologically impossible a few decades ago, but the hope is that recent developments in machine learning are up to the task. There is good reason why companies and government are both interested in trying to use AI in this manner. As of 2010, the United States spent over $80 billion a year on incarations at the state, local, and federal levels. Estimates put the United States’ total spending on law enforcement at over $100 billion a year. Law enforcement and prisons make up a substantial percentage of local government budgets. Direct government spending is only a small fraction of how crime economically impacts cities and individuals.

Blockchain And Token Asset “Phenomena” Still Raging

Citing a report from PWC, as relayed by a recent Bloomberg article, the host went on to note that although 86% of the respondents in a 600-firm survey have begun tinkering with blockchain, that 54% of the aforementioned figure claimed that deploying systems based on this nascent technology “wasn’t justified.” Explaining why this is the case, Mcnamara noted that while blockchain is evidently a viable technology, firms are finding it difficult to deploy blockchain-based commercial solutions in a manner that will become profitable over time. The PWC executive then drew attention to the fact that there are still trust issues between firms and decentralized technologies, which ironically enough are arguably the most secure systems out there, so what’s not to trust? Lastly, Mcnamara brought up the perpetually controversial topic of regulation, adding that firms are wary that governments, specifically US’ regulatory bodies, will eventually lash out at this budding industry. ...”

DevOps security takes on the dark side of digital transformation

DevOps security is the only viable approach as digital assets become crucial to the enterprise bottom line, Pullen said. Ideally, IT employees should access enterprise production environments only with developers' version-controlled code, checked in to an automated delivery system -- a setup that limits internal security threats, he said. The DevOps practice of small, iterative changes to modular infrastructure also reduces the attack surface of IT systems for outside threats. However, DevOps proponents are mistaken to emphasize the gatekeeper mentality that relies on human approvals or manual work to deploy production application changes, Pullen said. "Automated changes to production scares IT folks, but version control should be the gatekeeper," he said. "Version-control systems are fully auditable, reproducible and traceable." 

Ajey Gore on Small Teams Making a Big Difference and Effective Outsourcing

There is a fundamental difference in how you look at “outsourcing”. The old school way of looking at this was to outsource for a pure labor arbitrage reason. It was implied cheaper to get work done in India. For us, it’s exactly the opposite. It’s significantly more expensive to set shop in India, but we’re in it for the talent. There is also the added benefit of India being in the top 5 countries with the largest English speaking population. Quality of talent has always been the main focus for us and there is no dearth of the type of talent we’re looking for in India. The quality of talent outweighs the higher price point because we believe in the long run the talent will prove to be more valuable than the savings. In Indonesia, especially with tech-focused companies, I feel the trend of ‘outsourcing to India’ will start to grow slowly as more companies will start to understand the value of experienced and talented developers and their contribution to the long-term goals of a company.

IBM launches tools to detect AI fairness, bias and open sources some code

Strategically, IBM's move makes sense. IBM is hoping to provide Watson AI, but also manage AI and machine learning deployments overall. It's just a matter of time before AI Management becomes an acronym among technology vendors. IBM said it is planning to provide explanations that show how factors were weighted, confidence in recommendations, accuracy, performance, fairness and lineage of AI systems. There is little transparency in the models being sold, inherent bias, or fine print. IBM Research recently proposed an effort to add the equivalent of a UL rating to AI services. IBM said it will also offer services for enterprises looking to better manage AI and avoid black box thinking. Big Blue's research unit recently penned a white paper outlining its take on AI bias and how to prevent it. IBM's Institute for Business Value found that 82 percent of enterprises are considering AI deployments, but 60 percent fear liability issues.

Quote for the day:

"Never stir up litigation. A worse man can scarcely be found than one who does this." -- Abraham Lincoln

Daily Tech Digest - September - 18, 2018

Note to CIOs: It’s time to change the network
The network is something that not enough CIOs pay attention to. It’s often the IT resource that’s last on the priority list with the majority of focus given to applications.  That might have been fine 20 years ago when most applications and data lived on the user’s computers. Also, IT had extremely tight control of the endpoints and applications so user experience was easy to manage. Since then, the world has blown up (at least from an IT perspective) with applications moving to the cloud and being procured by lines of business and workers bringing their own endpoints in. What was once a tightly controlled, end to end ecosystem, is now totally chaotic. Because we live in this highly interconnected world, the network plays an important role in how applications perform, which has a direct result on every businesses top and bottom line. With SD-WANs, there are numerous decisions to be made, such as should broadband be used? If so, where? Should services remain on premises or be moved to the cloud?Should traffic be routed directly to the cloud from a branch or be routed to the company headquarter? Each time an option is provided, it adds to the complexity of deployment.

Break Through Your Learning Blockers

One of the most important leadership skills you can develop is the capacity to objectively diagnose your counterproductive preferences and tendencies — especially the ones that insulate you from the learning that helps you stay relevant. Pay attention to the people you work with and you’ll quickly notice which ones are habitually prone to slow down their learning — or block it altogether. They’re the ones who go through the motions at meetings, failing to find relevant and interesting things to learn and contribute. They remain content with what they already know, avoiding reading or exploring new subjects. ... If you are honest with yourself, you gain a higher perspective, one that allows you to observe your actions and see how they create real patterns (instead of the patterns you wish would exist). To make sure you aren’t hindering your own learning agility with a few bad habits, take an honest look at how these three common blockers may apply to you. Then you can apply the suggestions for pushing past them.

Overhauling the 3 Pillars of Security Operations

Many security operation centers are already at the breaking point with growing backlogs of investigations and reactive triage. An often-quoted statistic is that less than 10% of investigations are completed in a typical security operation. Cloud and modern application transitions multiply the threat surface many times over, generating staggering volumes of data that need to be rapidly assimilated for insights. Further, cross-enterprise collaboration is requiring new models of distributed knowledge transfer because investigation workflows need to be shared across both security and operations. Industry hype suggests artificial intelligence, machine learning, and improved automation will rapidly replace humans in every workflow in the next few years, but the reality is that there will be a long transition in which optimizing human and machine collaboration is essential to scale the defense. Although much can be automated, human context is still essential in many security workflows.

Artificial intelligence: The king of disruptors

AI has been around for decades. The science isn’t new. So why all the hubbub now? The answer is convergence. Computing power is up, while computing costs are down. In the early 1960's, for example, a gigaflop cost approximately $153 billion in today’s money. But now, a gigaflop of computing power costs about 3 cents. Plus, the increasing popularity of GPUs provide affordable, energy-efficient computational speed on top of it. Add to that affordable data storage. Storing a gigabyte of data in the 1960's cost more than $1 billion by today’s standards. Now a gigabyte of storage costs around 2 cents. That’s good news because the advent of the Internet of Things and streaming data means we’re rapidly heading into the land of zettabytes. That massive amount of data can lead to building deep neural networks to train and retrain algorithms, essential for data-hungry AI.  Decades ago, we fantasized about making AI part of everyday life, but we couldn’t afford the technology underpinning it. Now we can. Let the disruption begin.

The Digital Transformation of the Construction Industry

Moving the communication of the design intent to onsite construction has been an issue since the time of the Egyptian Pyramids. For thousands of years, the design intent was communicated in the form of a 2-dimensional document (a sketch in the sand or papyrus, an artist’s sketch on paper, blueprints). Today’s projects use a 3-dimensional tool called BIM, to communicate design intent in a form of data. This allows all stakeholders on a construction project to share and pass along work performed in a disciplined and organized manner, providing fewer mistakes and increasing profits. ... The VR/AR/MR solutions that are being used by the Sub-Contractors in the United States are breathtaking. Mostly being utilized and educated by the Sub-Trade Unions, VR/AR/MR technologies are enabling the fabrication, construction, and delivery of numerous trades work without the use of traditional tools (no blueprints, no measuring tape, no levels) and in most instances, with less workers in up to 40% less time.

Hire the Right Machine Learning Talent

Image: Pixabay
"We end up training people to make more microwaves," Kozyrkov said. "Then when you hire them into your kitchen, they end up wanting to build you a microwave. But there's already warehouses upon warehouses of microwave appliances already there." What you need is someone to innovate with new recipes. What you need is someone to apply the technology that has already been built. What you need is someone who knows how to use machine learning to achieve business outcomes. Google is trying to change this with a new approach, according to Kozyrkov"We have started training our personnel in applied data science and applied machine learning, and we are calling that decision intelligence engineering," she said. "This is about taking all those applied machine learning principles and augmenting them with insights on how to make this useful for this business. It focuses on using data to solve business problems," Kozyrkov said. A very public example of how Google has applied machine learning is in cooling its own data centers.

Will There Be Enough Power With 100 Billion Connected Things?

Now that cyberattacks are not necessarily human bad actors, but machine learning algorithms, it's a necessary knowing glance we must cast to the dark side. Where there is light, there is also dark, and I think it naive of us to only want to discuss the rose colored glasses version of the future. I am a realist. I like to prepare in advance for what can happen, and anyone involved in cybersecurity will tell you that it's never a question of "if" but rather, "when." Wouldn't you like to know what your energy and utilities companies have in-mind to make it much more complicated for a human or artificially intelligent bad actor to hack the grid? You knew I couldn't post a blog post on LinkedIn without talking about Artificial Intelligence, right? Impossible. I'm keen to learn, absorb, and enter into the discussions around our future with AI, machine learning, the Internet of Things, (IoT), and of course, my favorite, e-mobility. As I am typing this I just drove my Tesla Model X from Denver, Colorado to Boston...the infrastructure Tesla has set-up for us here in the United States is unbelievably incredible.

This Chilling Attacks Lets Hackers Steal Data From Almost Any Laptop

As long your laptop is set to go to sleep when you close the lid or after a certain amount of idle time, it's likely vulnerable. Here's how their attack plays out. Instead of sticking the entire laptop into the icebox, F-Secure used a more selective chilling process. The laptop's bottom cover was removed and the system's RAM was rapidly cooled using a can of compressed air. Not simply by blasting it with air, mind you -- by turning it upside down and directing the liquid fluorocarbons inside at the chip. Once the chip has been sufficiently cooled phase two of the attack can begin. A specialized (but fairly common) device allows them to manipulate the system's non-volatile memory. Once the tool does its thing, the attacker instructs the computer to boot to a USB flash drive. Any data that was stored in memory as the computer went to sleep can now be accessed. In this case, the hacker is able to dump a "secret password." After the hacker in the video logs in to the laptop the very same password is shown inside a WordPad document as proof the attack worked.

Why banks didn’t ‘rip and replace’ their mainframes

Why banks didn’t ‘rip and replace’ their mainframes
The hidden costs and iffy returns were what kept the stability-focused financial institutions loyal to the mainframe, which offers something no other server has: immense processing speed coupled with the ability to encrypt data from end to end, making the mainframe the superhero workhorse for finance. The processing speed of the mainframe means it can detect real-time banking irregularities before the hackers realize they’ve been spotted. The mainframe also contains layers of security, depending on the location of the data, to eliminate a data thief from being able to access personal financial information in one cache. All these benefits — encryption and security for data at rest and in transit, processing speed for crunching up to 12 billion worldwide banking transactions per day, processing power to enable analytics of enterprise-wide data, and even eliminating platform-dependent skills to develop modern applications — prove that the mainframe still remains at the hub of our financial industry’s network.

Why Cybercrime Remains Impossible to Eradicate

Cybercrime continues to be cheap and easy, especially when compared to its real-world analogs. "Effectively, criminals are simply swapping conventional crime for cybercrime," University of Surrey computer science professor Alan Woodward told me back in 2016. "Why walk into a bank with a sawed-off shotgun when you can phish for money?" These dynamics haven't changed; the tools at criminals' fingertips have become easier to procure and use. Levashov, for example, admitted to using bulletproof hosting services as part of his attacks. Such services charge a premium for hosting while promising to look the other way, for example, when said services might be used to store exfiltrated personally identifiable information or payment card details from malware victims. ... Part of the problem with stopping cybercrime is that it tends to be transnational. In addition, law enforcement experts say many cybercrime gangs continue to operate from within Russia or its former Soviet satellites, including Ukraine, with which extradition treaties are complicated or nonexistent

Quote for the day:

"Leadership happens at every level of the organization and no one can shirk from this responsibility." -- Jerry Junkins