Daily Tech Digest - April 19, 2018

5G Security Challenges and Ways to Overcome Them


5G is on its way to serve vertical industries, not just individual customers who are more bothered about experiencing a faster mobile network or richer smart phone functionalities. When it comes to serving vertical industries, security requirements may vary from one service to the other. As the Internet of Things (IoT) continues to gain momentum, more people will be able to remotely operate networked devices and this will surely call for the deployment of a stricter user-authentication method to prevent unauthorized access to IoT devices. For example, biometric identification systems can be installed in smart homes. ... 5G networks are believed to be enhanced by the deployment of new cost-effective IT technologies such as virtualization and Software Defined Network (SDN)/Network Functions Virtualization (NFV). However, 5G services can be equipped with appropriate security mechanisms only if the network infrastructure is robust enough to support the security features. The security of function network elements, in legacy networks, depends, to a large extent, on how well their physical entities could be separated from each other.


Broadband
As IoT devices grow in popularity, it creates a greater security vulnerability for consumers. Service providers and consumer electronics manufacturers can now leverage the USP standard to perform lifecycle management of connected devices and carry out upgrades to address critical security updates. Newly installed or purchased devices and virtual services can also be easily added, while customer support is improved by remote monitoring and troubleshooting of connected devices, services and home network links. Additionally, the specification enables secure control of IoT, smart home and smart networking functions and helps map the home network to manage service quality and monitor threats. Work on the USP specification was carried out by the Broadband User Services (BUS) Work Area, which is led by Co-Directors John Blackford of Arris, who is also a Broadband Forum board member, and Jason Walls of QA Cafe. AT&T, Axiros, Google, Greenwave Systems, Huawei, NEC, Nokia, and Orange also participated in developing USP.



Notes from the AI frontier: Applications and value of deep learning

Notes from the AI frontier: Applications and value of deep learning
Neural networks are a subset of machine learning techniques. Essentially, they are AI systems based on simulating connected “neural units,” loosely modeling the way that neurons interact in the brain. Computational models inspired by neural connections have been studied since the 1940s and have returned to prominence as computer processing power has increased and large training data sets have been used to successfully analyze input data such as images, video, and speech. AI practitioners refer to these techniques as “deep learning,” since neural networks have many (“deep”) layers of simulated interconnected neurons. ... Deep learning’s capacity to analyze very large amounts of high dimensional data can take existing preventive maintenance systems to a new level. Layering in additional data, such as audio and image data, from other sensors—including relatively cheap ones such as microphones and cameras—neural networks can enhance and possibly replace more traditional methods. AI’s ability to predict failures and allow planned interventions can be used to reduce downtime and operating costs while improving production yield.


From BDD to TDD, the pros and cons of various agile techniques

citizen developers
Distributed agile makes it possible to escape any constraints of space or skills and experience in your immediate location. Modern collaboration tools like Slack, Skype, Teams, and Hangouts have made this possible. You can actually work together on stories without being in the same place and ask questions without disturbing your coworkers’ flow. Trust, rapport and communication are still essential. That’s why distributed agile works best when you have at least two teammates in any given location, they meet face to face periodically, and understand each other’s language and culture well. It’s helpful to have the whole team within a short flight and similar time zones so you can easily collaborate physically as well as virtually when needed. That team solidarity makes all the difference when you’re trying to crack a tough problem, get business or user feedback, or just onboard new team members. Agile works best when there is fast, frequent communication through standups and other formal and informal collaboration.


The evolution of forensic investigations


Protecting data, intellectual property (IP), and finances has become an increasing priority at the board room level as fraudsters proliferate and constantly adapt to more sophisticated controls and monitoring. While most organizations are susceptible to seemingly boundless criminal ingenuity, those lacking antifraud controls are predictably worse off, suffering twice the median fraud losses of those with controls in place. However, even organizations with antifraud controls can have their investigative efforts impeded by several factors. Reliance on rules-based testing is a primary culprit. Rules-based tests typically assess and monitor fraud risks across a single data set, giving only a yes or no answer. Information silos further impede analytics-aided investigative efforts. Organizations often struggle to balance the need for locally-tailored processes with the potential benefits of integrated data sharing, unintentionally creating barriers to investigative exploration as a result. The vast and growing volumes of unstructured data amassing in organizations, such as videos, images, emails, and text files.


City & Guilds Group deploys SD-WAN to improve Office 365 performance

City & Guilds Group deploys SD-WAN to improve Office 365 performance
It’s a different story, though, for workers located remotely like in the Asia-Pacific region. For those individuals, the experience can be very frustrating. I have first-hand experience with this. Prior to being an analyst, I spent some time as a consultant, and I remember trying open PowerPoint and Word documents out of region and it would often take minutes. Sometimes the process would go “not responding,” necessitating the need to shut down the application and start over. The most frustrating part was that there was no way of telling whether the file was still being downloaded or if the process died. I would often “open” the files and then go do something else for a while and come back and hope they finished opening. Bandwidth speeds have increased, but so have the size of Office documents. This is the situation that remote City & Guilds workers were facing. For example, users in Wellington, New Zealand, saw extremely slow response times when accessing files from the corporate Share Point drive, leading to a number of user complaints and a loss of productivity.


Google Cloud speech-to-text service gets revamp


In the future, enterprises will be able to feed automatically generated transcripts of business conversations into virtual assistants like IBM Watson or Google Assistant, helping those machines learn how to assist workers or customers better. "If you have your VP of marketing provide an overview of what a particular product does, that video is captured, that audio is converted into text, that text becomes searchable, and, ultimately, that text can be fed into machine intelligence systems," Vonder Haar said. Vendors are continually improving their speech-to-text tools, but enterprises shouldn't wait until those platforms are perfect before experimenting with them, said Jon Arnold, principal of Toronto-based research and analysis firm J Arnold & Associates. "To me, the big takeaway is these platforms definitely provide a lot of exciting possibilities," Arnold said. "Do some harmless in-house trials, get a feel for it, because the use cases will come out of the woodwork once you start getting comfortable with it."


15 Ways To Build Security Into Your Development Process


Knowing where to focus your likely very limited resources is key, and can be tackled by performing application risk assessments and threat modeling. By better understanding where your product or service may have unacceptable risk exposure, you can focus your time and resources appropriately. - Vijay Bolina, Blackhawk Network  As with any collaborative endeavor that brings together people from different backgrounds, experiences and outlooks, it’s important to acknowledge the possibility of conflict up front and deal with it head-on. Senior leaders should be involved to explain why the DevSecOps ethos is so vital to the company’s future, and hold everyone accountable for advancing its success. - Todd DeLaughter, Automic Software, owned by CA Technologies (NASDAQ: CA) One of the most effective ways to embed security into software is to initiate the security on boot-up. When a user restarts their device or software, the manufacturer should run a series of boot tests to determine any changes in the software and that the software is entirely authentic.


Beyond Java: Programming languages on the JVM

Beyond Java: Programming languages on the JVM
If there is any language that is a known and proven quantity for developers, it’s Java. Enterprise developers, web developers, mobile developers, and plenty of others besides, have made Java ubiquitous and contributed to the massive culture of support around Java. What’s more, the Java runtime, or Java Virtual Machine (JVM), has become a software ecosystem all its own. In addition to Java, a great many other languages have leveraged the Java Virtual Machine to become powerful and valuable software development tools in their own right. Using the JVM as a runtime brings with it several benefits. The JVM has been refined over multiple decades, and can yield high performance when used well. Applications written in different languages on the JVM can share libraries and operate on the same data structures, while programmers take advantage of different language features. Below we profile several of the most significant programming languages created for the JVM. 


Microservices Communication and Governance Using Service Mesh


A service mesh is an infrastructure layer for service-to-service communication. It ensures reliable delivery of your messages across the entire system and is separate from the business logic of your services. Service meshes are often referred to as sidecars or proxies. As software fragments into microservices, service meshes go from being nice-to-have to essential. With a service mesh, not only will you ensure resilient network communications, you can also instrument for observability and control, without changing the application run-time. ... In the direct interpretation it could be used to describe both the network of microservices that make up distributed applications and the interactions between them. However, recently the term has been mostly applied to a dedicated infrastructure layer for handling service-to-service communication, usually implemented as lightweight network proxies (sidecars) that are deployed alongside application code. The application code can treat any other service in the architecture as a single logical component running on a local port on the same host.



Quote for the day:


"You never will be the person you can be if pressure, tension and discipline are taken out of your life." -- Dr James G Bilkey


Daily Tech Digest - April 18, 2018

Study Suggests Lack of Analytical Capability is Slowing IoT Adoption


IoT data is of no use if it isn’t analyzed appropriately, and descriptive analysis is essential for gaining a more granular view of specific processes. Prescriptive analysis matters as well; creating a strong feedback loop to optimize and even automate data analysis can create a much more powerful system. Artificial intelligence can be a cornerstone technology. Predictive capabilities are key to maximizing IoT resources, and effective IoT management involves recognizing patterns and responding accordingly. The power of IoT devices comes with a risk: Security. Capgemini stresses the importance of ground-up security investment, as a flawed architecture will always present certain risks even if it’s patched and monitored. ... Other components of a company’s resources need to be secured as well, but it’s important to recognize the unique nature of IoT devices and implement appropriate solutions instead of trying to fold IoT devices underneath a broader, but incompatible, security umbrella.


Using intelligence to advance security from the edge to the cloud

Security increasingly is a team sport not only within an enterprise but across the customer network. Intelligence data, in particular, gets better with additional signals coming in, and so we’re increasing the ability for customers and partners to collaborate with us, with one another and with their own customers. Today we’re announcing the preview of a new Microsoft Graph security API for connecting to Microsoft products powered by the Microsoft Intelligent Security Graph. The new security API provides an integration point that allows technology partners and customers to greatly enhance the intelligence of their products to speed up threat investigation and remediation. Already, leading companies like Palo Alto Networks, PwC and Anomali are exploring the security API for their own solutions. And because we’re committed to collaborating with customers and partners to enable integration between Microsoft’s security technology and the broader ecosystem, we are also announcing the new Microsoft Intelligent Security Association.


Security budgets up, but talent scarce, says Isaca


The data also shows that gender disparity can be mitigated through effective diversity programs. In organisations with a diversity program, men and women are much more likely to agree that men and women have the same career advancement opportunities. Some 87% of men said they have the same opportunities, compared with 77% of women. Another positive finding is that security managers are seeing a slight improvement in the number of qualified candidates. Last year, 37% said fewer than 25% of candidates for security positions were sufficiently qualified. This year, that number dropped to 30%. Budgets are also increasing, with 64% of respondents indicating that security budgets will increase this year, compared with 50% last year. “This research suggests that the persistent cyber security staffing problem is not a financial one. Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organisations critically need,” said Isaca CEO Matt Loeb.


Cryptographers spank blockchain, social media

Marlinspike said blockchain's distributed nature can show value, but he said the problem is that there are not many apps where distributed is valued. "The consumer space sees zero value," he added, noting that blockchain reminds him of the peer-to-peer crazy in the early 2000s. "There were a lot of people with a lot of enthusiasm and ideas about a lot of great things, but it was not very sound." Marlinspike had similar feelings on social media, which he said has suffered a substantial perception hit in the past year. "The utopian narratives of connecting the world and organizing information is coming to an end.," he said. "Across all contexts and political spectrums, people are seeing social technology less as a hopeful tool for a brighter, better tomorrow and more like weapons everyone simultaneously thinks are in the wrong hands." He said this has direct consequences on society and things people are doing [at RSA] and what people and thinking in the worlds of privacy and cryptography."


Technology doesn’t mean you can forget the basics of customer service


Whether you step into a store, or order your shopping online, you expect a level of personalisation. No individual, or customer, is the same and should not be treated with the same manner, temperament and style of service. 66% of all consumers say they’re extremely or somewhat likely to switch brands if they feel like they’re treated like a number rather than an individual. With the explosion of data and digital interactions, customers now expect a more tailored service. One example of a company that aims to deliver this highly personal experience is Atom Bank, which lets customers design their own user interface when signing up to an account – whether that’s a brand logo, colour scheme or name. Speaking of this strategy, the bank has stated that “no one should have exactly the same experience of Atom”. This example, combined with plans to let customers access accounts through biometrics, perfectly showcases how some brands are making completely digital interactions as personal as if you were dealing with them face to face.


Stresspaint Malware Campaign Targeting Facebook Credentials

On April 12, 2018, Radware’s threat research group detected malicious activity via internal feeds of a group collecting user credentials and payment methods from Facebook users across the globe. The group manipulates victims via phishing emails to download a painting application called ‘Relieve Stress Paint.’ While benign in appearance, it runs a malware dubbed ‘Stresspaint’ in the background. Within a few days, the group had infected over 40,000 users, stealing tens of thousands Facebook user credentials/cookies. This rapid distribution and high infection rate indicates this malware was developed professionally. The group is specifically interested in users who own Facebook pages and that contain stored payment methods. We suspect that the group’s next target is Amazon as they have a dedicated section for it in the attack control panel. Radware will continue to analyze the campaign and monitor the group’s activity. Prior to publication of this alert, Radware has detected another variant of the malware and saw indication of this new version in the control panel.


Chatbots are dead. A lack of AI killed them.

chatbot.jpg
While Bloch is right to say that "No one can point to a chatbot that 'all your friends were using'" as "Such a thing simply never existed," once upon a time many pundits pointed to chatbots as the future of commerce, social, and just about everything else. Chatbots were one of the big themes of Mobile World Congress 2017, with the conference organizers summarizing the buzz from main stage and hallway conversations thus: "There was overwhelming acceptance at the event of the inevitable shift of focus for brands and corporates to chatbots (often referred to as 'conversational commerce'), reflecting the need for brands to go where consumers are, even if many companies remain uncertain at this stage of the eventual outcome." While they went on to acknowledge that "the true potential of chatbots will require further advances in AI and machine learning," the people behind the industry's biggest mobile event felt the only significant question around chatbots had to do with who would dominate, and not whether chatbots would take off: "Will a single platform emerge to dominate the chatbot and personal assistant ecosystem?"


Five Surprising Reasons to Invest in Better Security Training

A businesswoman training colleagues in a meeting room.
Seventy-one percent of attacks against healthcare companies fall into this category, while 58 percent of incidents in financial services, the most-attacked sector, originate from insiders. The majority of these insiders are inadvertent actors — mostly employees who were tricked into initiating the attacks. These numbers expose the inadequacy of today’s normal training programs. They’re not frequent, memorable or thorough enough. In other words, they’re not working. The bottom line is that training has not kept up with the evolution of cyberthreats or their remedies. That’s why it’s more important than ever to implement the best possible tools to protect sensitive data. But decision-makers must remember that even the best software cannot stop all threats. For example, any employee with access to any phone anywhere at any time is potentially vulnerable to social engineering. The reality of bring-your-own-device (BYOD) environments is that employees may be connecting to company resources at all hours and exposing their devices to threats in arbitrary locations and over insecure networks. 


IoT devices could be next customer data frontier


Finally we, have sensors like iBeacons sitting in stores, providing retailers with a world of information about a customer’s journey through the store — what they like or don’t like, what they pick up, what they try on and so forth. There are very likely a host of other categories too, and all of this information is data that needs to be processed and understood just like any other signals coming from customers, but it also has unique characteristics around the volume and velocity of this data — it is truly big data with all of the issues inherent in processing that amount of data. The means it needs to be ingested, digested and incorporated into that central customer record-keeping system to drive the content and experiences you need to create to keep your customers happy — or so the marketing software companies tell us, at least. ... Regardless of the vendor, all of this is about understanding the customer better to provide a central data gathering system with the hope of giving people exactly what they want. We are no longer a generic mass of consumers.


DDoS attacks cost up to £35,000


The research also highlights the growing complexity of DDoS attacks, and their capacity to act as a distraction for more serious network incursions. The majority of those surveyed (85%) believe that DDoS attacks are used by attackers as a precursor or smokescreen for data breach activity. In addition, 71% reported that their organisation has experienced a ransom-driven DDoS attack. “A DDoS attack can often be a sign that an organisation’s data is also being targeted by cyber criminals. As demonstrated by the infamous Carphone Warehouse attack, DDoS attacks can be used as a smokescreen for non-DDoS hacking attempts on the network,” said Stephenson. “Hackers will gladly take advantage of distracted IT teams and degraded network security defences to exploit other vulnerabilities for financial gain. Considering the huge liability that organisations can face in the event of a data breach, IT teams must be proactive in defending against the DDoS threat, and monitor closely for malicious activity on their networks,” he said.



Quote for the day:


"To have long term success as a coach or in any position of leadership, you have to be obsessed in some way." -- Pat Riley


Daily Tech Digest - April 17, 2018

Why router-based attacks could be the next big trend in cybersecurity

wifihack.jpg
The joint report indicates that once attackers have exploited SMI commands, "for the most part, cyber actors are able to easily obtain legitimate credentials, which they then use to access routers," which allows the attacker to act as a man-in-the-middle, further enabling them to exfiltrate additional network configuration data, modify device configurations, copy OS data to an external server, create GRE tunnels, and mirror or redirect network traffic. In order to avoid risks to your organization, the report advises blocking Telnet use entirely as well as SNMPv1 and v2c, and analyzing logs for any SNMP traffic, noting that "Any correlation of inbound or spoofed SNMP closely followed by outbound TFTP should be cause for alarm and further inspection." Additional mitigations include standard precautions such as not duplicating passwords between devices, not using default device passwords, and not allowing internet access to the management interface of devices.



DataStax Enterprise 6: Faster, fit and finish

Cassandra offers a "masterless" architecture, which means no single node is indispensable to the cluster. This enhances fault tolerance, availability and resiliency, but it has also created a burden: node repair operations, necessary to support the architecture, have been manual and arduous. In DSE 6, a new "NodeSync" feature makes node repair a completely automatic and implicit operation. Effectively, with the version 6 release, DSE becomes self-repairing. And while OpsCenter will still provide an interface to monitor the operation, such monitoring is purely optional, as the operation is now autonomous. Features like this one make it crystal-clear that DataStax understands Enterprise pain points and wants to address them head-on. Another proactive and automated feature in the care and feeding of DSE nodes is "TrafficControl." This feature will address Java Virtual Machine stress and other overload effects when too many concurrent requests are routed to a particular node in the cluster. The feature orchestrates the requests by queuing them, thus allowing the node to process them in an orderly fashion.


Machine learning is the new normal: AWS


Speaking at the AWS Summit in Sydney this week, Olivier Klein, head of emerging technologies at AWS in the Asia-Pacific region, said that the cloud service provider wants to push such capabilities into the hands of more people – from data scientists and developers to IT professionals. “Machine learning is now the new normal,” he said, adding that organisations that know how to harness machine learning will be successful, because they can get better, faster and more accurate predictions of their customer needs. This will help to improve customer experiences, starting with the ability to understand user interactions with sensors, internet of things devices and websites, through machine learning techniques. Take New Zealand-based Magic Memories, for instance. The supplier of guest photography services at theme parks has been using wristbands and AWS’s Rekognition artificial intelligence (AI) service to identify guests who may appear in different images, according to its head of engineering CJ Little.


How CIOs partner with CMOs to transform customer experience

How CIOs partner with CMOs to transform customer experience
Customer experience is the responsibility of every employee in the enterprise. But CIOs and CMOs, in particular, share a variety of corresponding and complementary objectives when it comes to customer experience strategy. This makes partnership not only desirable, but necessary. “When CMOs lead customer experience, they need a lot of cooperation across the enterprise, but typically the CIO is the most vital partner they can have,” says Augie Ray, a Gartner research director who covers customer experience (CX) for marketing leaders. “The reason for this is that information and insight are the lifeblood of customer experience. You cannot be customer-centric and make outside-in decisions unless you have the data, analysis and, understanding about what customers perceive, want, expect, feel, and do. Technology budgets worldwide reflect the criticality of tight alignment between marketing and IT. According to IDG’s 2018 State of the CIO Survey, 42 percent of global marketing teams have budgets specifically earmarked for investments in technology products and services.


Research finds that Open Banking has a Consumer Perception Problem

The research strongly suggests that banks are doing little to communicate with the consumer as 85 per cent of consumers have either never heard of, or are unsure what the Open Banking initiative is and how it will affect them. This is despite the Financial Conduct Authority (FCA) ordering nine of the country’s biggest banks – several of which missed the 13 January launch – to open up the information they hold so that it can be used to create new banking products and services. In addition to only one-in-six (14.3 per cent) being aware of the Open Banking initiative, less than a quarter (22.8 per cent) of respondents had heard about it directly from their own bank or building society. CREALOGIX is a fintech top 100 firm and a global market leader in digital banking. Its fintech solutions offer bank clients a better customer experience, greater security and effortless online money management. The CREALOGIX product and service range spans the areas of Digital Banking, Digital Payment and Digital Learning.


Successful Hybrid IT Deployment by Accident? Nope, It Takes Planning

61e76495-73c7-4ce5-9350-04542e8519fd
Businesses that design their hybrid IT strategy by implementing two key technologies are more successful. These technologies include the use of continuous delivery automation and composable infrastructure. Continuous delivery is important because it promotes a constant, iterative development environment that is essential for keeping up with the changing needs of users. Composable infrastructure is also vital because it allows infrastructure to be treated as software code. IT operators can quickly and easily construct new infrastructure from a collection of building blocks, using software-defined, policy-based templates. Businesses that adopt continuous delivery combined with composable infrastructure report greater control over their workloads— 61% say they have extremely high levels of control, compared to 24% of those without these two technologies. Both technologies used together allow organization to better overcome challenges, realize innovation faster, and gain greater control over workloads.


How to Achieve #DigitalTransformation

The digital transformation starts by understanding the organization's business initiatives, and then prioritizing which initiatives are top candidates for enhancement through digital transformation. "Begin with an end in mind" to quote Stephen Covey. Organizations can then create a digital transformation roadmap that dictates how the organization leverages data, analytics (data science) and application development capabilities to deliver cloud-native "intelligent" applications (applications embedded with machine learning and artificial intelligence to optimize key processes and business decisions) and "smart" entities (that leverage the edge, fog and core IoT analytics to support the creation of "learning" business entities such as cities, cars, airports, hospitals, utilities and schools. In the end, digital transformation helps organizations become more effective in leveraging data and analytics to power their business models by optimizing key business processes, reducing security risks, uncovering new revenue opportunities and create a more compelling customer engagement and creating a more compelling, more prescriptive customer engagement


AI & Jobs: Retraining will become a 'lifelong necessity', warns report

istock-908436188.jpg
"As AI decreases demand for some jobs but creates demand for others, retraining will become a lifelong necessity and pilot initiatives, like the Government's National Retraining Scheme, could become a vital part of our economy," the report states. "This will need to be developed in partnership with industry, and lessons must be learned from the apprenticeships scheme." Childhood education will also need to be reformed, according to the report, with schools teaching both the skills needed to work alongside AI and to take full advantage of the technology available. "For a proportion, this will mean a thorough education in AI-related subjects, requiring adequate resourcing of the computing curriculum and support for teachers," it states. "For all children, the basic knowledge and understanding necessary to navigate an AI-driven world will be essential. In particular, we recommend that the ethical design and use of technology becomes an integral part of the curriculum."


Blockchain Implementation With Java Code


Another significant technical point of blockchain technology is that it is distributed. The fact that they are append-only helps in duplicating the blockchain across nodes participating in the blockchain network. Nodes typically communicate in a peer-to-peer fashion, as is the case with Bitcoin, but it does not have to be this way. Other blockchain implementations use a decentralized approach, like using APIs via HTTP. However, that is a topic for another blog. Transactions can represent just about anything. A transaction could contain code to execute (i.e Smart Contract) or store and append information about some kind of business transaction. Smart Contract: computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract. In the case of Bitcoin, a transaction contains an amount from an owner’s account and amount(s) to other accounts. The transaction also includes public keys and account IDs within it, so transferring is done securely. But that’s Bitcoin-specific. Transactions are added to a network and pooled; they are not in a block or the chain itself.


An Elaborate Hack Shows How Much Damage IoT Bugs Can Do


The Senrio attack starts by targeting a security camera that is still vulnerable to an inveterate IoT bug the researchers disclosed in July, know as Devil’s Ivy. Using an unpatched Axis M3004-V network camera as an example, an attacker would find a target exposed on the public internet to start the attack, and then use the Devil’s Ivy exploit to factory reset the camera and take over root access, giving them full control over it. Once the attacker has taken over the camera, they can view the feed. In the scenario the Senrio researchers imagine, this IP camera has been rightly cordoned off from the rest of the network, able to communicate only with a router. Even with that well-intentioned stab at segmentation, the attacker can simply springboard from the camera to attack the router next. With a compromised camera, the attacker can find out the router’s IP address and its model number tohelp determine whether it has any vulnerabilities. In Senrio’s attack, the router is a TP-Link TL-WR841N that's still vulnerable to a custom code-execution vulnerability



Quote for the day:


"Authority without wisdom is like a heavy axe without an edge, fitter to bruise than polish." -- Anne Bradstreet


Daily Tech Digest - April 16, 2018

Busted! Cops use fingerprint pulled from a WhatsApp photo to ID drug dealer

Cops use fingerprint pulled from a WhatsApp photo to ID drug dealer
A bust resulted in the police getting hold of a phone that had a WhatsApp message and image of ecstasy pills in a person’s palm. The message read: “For sale – Skype and Ikea-branded ecstasy pills…are you interested?” The phone was sent to South Wales Police where the photo showing the middle and bottom portion of a pinky was enhanced. As for fingerprint identification, the BBC reported that “a search of the national database did not bring a match” as “when offenders give fingerprints, it is just the top part taken — with the middle and bottom part only occasionally left.” Here’s where it gets a bit confusing, as a different BBC article stated that “other evidence meant officers had an idea who they believed was behind the drugs operation.” Although that makes it sound like tips from locals about “a large number of visitors to one address” was the real way cops found the guy whose partial pinky was in the photo, Dave Thomas of the South Wales Police’s scientific support unit told the BBC, “While the scale and quality of the photograph proved a challenge, the small bits were enough to prove he was the dealer.”



Overclock puts your idle servers to work for other people

Overclock puts your idle servers to work for other people
Once you set up the Akash agent, you are done. Workloads are sent to your servers, they're executed, the results are sent back, and shut down. No intervention is needed on your part. That said, Overclock does provide the necessary tools to configure, deploy, monitor, and manage the workloads. A developer who needs the resources specifies their deployment criteria, such as resources needed, topology, and the price they are willing to pay, in a posting to the Akash blockchain. Providers with server cycles to offer automatically detect the new bid request and programmatically bid to host it. The lowest bid wins the auction, a lease is created, and the parties exchange keys. All of this is done with no human intervention. The Akash agent then begins picking up workloads in Docker containers, orchestrated by Kubernetes and distributed over Akash’s peer-to-peer file sharing protocol. Your applications can be run as is because they run in Docker containers. Payment via the Akash token is also done via the blockchain, allowing for a full audit of transactions by lessors and lessees.



Is Hybrid Cloud Right For Your Organization?

Hybrid cloud is less about using private and public cloud in concert for the same applications — and more about using the right mix of these separate and distinct computing resources to accomplish your organization’s overall IT objectives. As the name suggests, private cloud is a secure, private computing environment in which only a single organization operates. The pubic cloud, meanwhile, includes Amazon Web Services (AWS), Microsoft Azure and the Google Cloud Platform. And common SaaS subscription providers include Salesforce, Office365, Google Apps, Workday and Cisco WebEx. According to IDG, all eyes have been on the public cloud over the last few years, but private and hybrid clouds are set for big growth in 2018. Each of the major IaaS public cloud vendors spent 2017 clarifying their hybrid cloud strategy, setting 2018 to be the year of adoption. The biggest effort has come from Microsoft who finally released Azure Stack, a private cloud IaaS platform that is meant to mirror the Azure public cloud. Deployments of Azure Stack have been hitting the market this year.


Get an AI Head Start: Buy It

(Image: maxuser/Shutterstock)
If you are buying your AI from SAP or Oracle, and your competitor is buying the same thing from SAP or Oracle, how do you get a competitive edge? Isn't that a pretty level playing field? What's the point? Your data itself will be the real competitive edge going forward. AI solutions will become commoditized. But your data remains proprietary and valuable. Flannagan told me that in almost every meeting he has with customers, executives are recognizing that their data has value, either for internal purposes or for selling to a data partner. That's what the third-party experts are saying, too. "Enterprises that are leveraging the AI investments built into enterprise platform software need to look beyond algorithms for competitive differentiation," Purcell told me. "At the end of the day, the machine learning algorithms at the brain of AI are commoditized and widely available in open source as well as vendor technologies. Data will be the key source of competitive differentiation in the world of AI -- emerging data sources, innovative data transformations, and business-infused data understanding will lead to better models and ultimately better results from AI."


Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust

Survey results show once it's in the cloud, this information is at risk. One in four organizations using infrastructure-as-a-service (IaaS) or software-as-a-service (SaaS) has had their data stolen. One in five has been hit with an advanced attack against their public cloud infrastructure. McAfee researchers discovered an overall decline in the "cloud-first" mentality, with only 65% of respondents reporting a cloud-first strategy compared with 82% one year ago. This drop can be attributed to two factors, says Vittorio Viarengo, vice president of marketing for McAfee's Cloud Business Unit. The first is a growing awareness of the responsibility that comes with storing data in the public cloud. "Customers are realizing they're still on the hook to provide security for some of the things that happen in the cloud," he explains. They're learning, for example, service providers don't ensure their logins are properly set up, or the security risks of remote employees using cloud services. They're learning what they're responsible for when they use IaaS platforms versus SaaS.


It's time to rebuild the web

Stone wall
We'd also need to avoid many of the privacy and security flaws that were rampant in the early internet, and for which we're still paying. That technical debt came due a long time ago. Paying off that debt may require some complex technology, and some significant UI engineering. All too often, solutions to security problems make things more difficult for both users and attackers. Crowdflare's new 1.1.1.1 service addresses some basic problems with our DNS infrastructure and privacy, and their CEO proposes some more basic changes, like DNS over HTTPS. But even simple changes like this require non-technical users to change configuration settings that they don't understand. This is where we really need the help of UX designers. We can't afford to make "safe" difficult. And we'd have to admit that our current web, with all its flaws, evolved from these simple building blocks. To some extent, then, it's what we wanted—or, perhaps, what we deserved. It's certainly what we accepted, and begs the question: "why wouldn't we accept the same thing again?"


CrowdStrike tools help businesses recover quickly after cyberattack

By leveraging contextual data and technologies like machine learning, security advances like those from CrowdStrike could help cyber professionals more effectively protect their organizations and respond to attacks. The cornerstone of this approach is CrowdStrike's Falcon X. Built on the existing Falcon platform from Crowdstrike, Falcon X is an endpoint solution that combines "malware sandboxing, malware search and threat intelligence into an integrated solution that can perform comprehensive threat analysis in seconds instead of hours or days," according to a press release. According to the Falcon X release, the tool offers indicators of compromise (IOCs) for the threat it comes across in your organization, along with all of its known variants. Additionally, integrated threat intelligence makes it easier for human cybersecurity pros to research and defend against threats. Falcon X is known for five core capabilities: Automated threat analysis of quarantined files, malware search on the CrowdStrike Falcon Search Engine, malware analysis, threat intelligence, and custom-tailored intelligence for your organization, the release said.


The Quirky Secrets of the World’s Greatest Innovators

Innovators are also typically blessed (or cursed) with a deep sense of what psychologists call self-efficacy, which is a nice word for what, in other contexts, might be called hubris: the conviction that one can accomplish whatever one sets one’s mind to. This is crucial because the very nature of breakthrough innovations means that most people will be skeptical of their value. Indeed, most of the people Schilling writes about were, in one sense or another, outsiders in the fields they helped revolutionize. They were also idealists, convinced that they could change the world. As Schilling puts it, “They are willing to pursue an idea even when everybody else says it’s crazy precisely because they don’t need the affirmation of others — they believe they are right even if you don’t agree.” It was that sense of self-efficacy that allowed Elon Musk to believe he could become the first civilian to put rockets into space, and that allowed Dean Kamen to build a wheelchair that could climb stairs, even though everyone told him it was impossible.


Managing Data in Microservices


High-performing organizations with these kinds of requirements have some things to do. The DevOps Handbook features research from Gene Kim, Nicole Forsgren, and others into the difference between high-performing organizations and lower-performing ones. Higher-performing organizations both move faster and are more stable. You don't have to make a choice between speed and stability — you can have both. The higher-performing organizations are doing multiple deploys a day, versus maybe one per month, and have a latency of less than an hour between committing code to the source control and to deployment, while in other organizations that might take a week. That's the speed side. On the stability side, high-performing organizations recover from failure in an hour, versus maybe a day in a lower-performing organization. And the rate of failures is lower. The frequency of a high-performing organization deploying, having it not go well, and having to roll back the deployment approaches zero, but slower organizations might have to do this half the time. This is a big difference.


Can the Law Stop Ransomware?

Cybersecurity experts and legal scholars contend that the best approach is preparation: following best practices such as regularly backing up data, educating employees about threats and risks and maintaining robust firewalls. That approach, however, has continued to lag, with cash-strapped cities and states often still unable to afford or simply unwilling to make the costly systems upgrades frequently needed to seal off vulnerabilities. Atlanta Mayor Keisha Lance Bottoms, for example, acknowledged to The New York Times that cybersecurity had not been a priority until the city was attacked. "Cybersecurity, it's something that is abstract, it's invisible, so in politics it's difficult to say, 'OK, we're going to spend $10 million on cybersecurity,'" says Cesar Cerrudo, chief technology officer of IOActive Labs. ... That's created the surreal scenario of city councils, state governments and even police departments agreeing to pay ransoms simply to get their stuff back. Indeed attackers deliberately set the ransoms low enough that the risk of losing the files altogether – or the expense of hiring a security firm to try to recover them – simply isn't worth it.



Quote for the day:


"Behind every beautiful thing, there's been some kind of pain." -- Bob Dylan


Daily Tech Digest - April 15, 2018

AI and machine learning are forcing CIOs to rethink IT strategies
Machine learning can be the IT pro’s best friend; they just need to realize how it can be used to make their jobs easier." This makes sense because the use of machine learning will be a “crawl-walk-run” for most organizations, as they will apply it in phases. The first phase will be using it to describe something. It analyzes the data and helps interpret it. The next phase is more cognitive where the AI can start to solve problems. The third phase will see the technology start to predict things. For example, it could perhaps predict that a security breach is going to occur based on other data.  The last phase, and we are years away from this, is prescriptive where the AI is able to predict things and then take action to remediate the action. In the previous example, it could not only predict a breach, but it could then take the necessary steps to ensure it doesn’t happen. For this to occur, the AI would use itself in an iterative manner.


Machine learning & language complexity: why chatbots can’t talk… yet

Most of the value of deep learning today is in narrow domains where you can get a lot of data. Here’s one example of something it cannot do: have a meaningful conversation. There are demos, and if you cherry-pick the conversation, it looks like it’s having a meaningful conversation, but if you actually try it yourself, it quickly goes off the rails. In fact, anything that’s a bit too much open domain is beyond what we can currently do. Instead, in the meantime, we can use these systems to assist human workers who then offer and correct their responses. That’s much more feasible. When they interact with others, people tend to express the same intent with different words, potentially over several sentences with different word orders. Talking to chatbots can sometimes be challenging — current chatbot solutions don’t allow diversity. Therefore, you’d better format your dialogue in order to be understood. This is frustrating.


The Cold Start Problem with AI


Any company either startup or enterprise, who wants to take advantage of AI, needs to ensure that they have actual useful data to start with. Where some companies might suffice with simple log data that is generated by their application or website, a company that wants to be able to use AI to enhance their business/products/services, should ensure that the data that they are collecting is the right type of data. Dependent on the industry and business you are in, the right type of data can be log data, transactional data, either numerical or categorical, it is up to the person working with the data to decide what that needs to be. Besides collecting the right data, another big step is ensuring that the data that you work with is correct. Meaning that the data is an actual representative of what happened. If I want a count of all the Payment Transactions, I need to know what is the definition of a Transaction, is it an Initiated Transaction or a Processed Transaction? Once I have answered that question and ensured that the organization agrees on it, can I use it to work with.


How Blockchain Will Change the Sharing Economy

Think of how the sharing economy has exploded in the past decade. If you’ve taken an Uber to the airport or rented an Airbnb, you’ve been a part of it. We’re even at a point where renting out personal items is a viable business model. For example, Omni Storage stores items you’re not using — just like a normal storage company — but they also rent your items out to people. Skis, guitar, winter jacket. It’s all available for rent (with the owner’s permission) via an app. We all hold onto certain possessions, because we plan to use them eventually. Or so we tell ourselves. Why not make some money off of our stuff instead of letting it go unused? That question is at the heart of the sharing economy, and we’re going to be hearing a lot more about businesses like Omni in the next few years. This is what it can look like if blockchain is involved. Futuristic sharing concepts will only work if many other considerations are taken care of. Each item has to be documented, proven authentic, assigned a current value, and even insured. And blockchain can be extremely useful here.


Will artificial intelligence make you a better leader?

Leading with inner agility
In our experience, AI can be a huge help to the leader who’s trying to become more inwardly agile and foster creative approaches to transformation. When a CEO puts AI to work on the toughest and most complex strategic challenges, he or she must rely on the same set of practices that build personal inner agility. Sending AI out into the mass of complexity, without knowing in advance what it will come back with, the CEO is embracing the discovery of original, unexpected, and breakthrough ideas. This is a way to test and finally move on from long-held beliefs and prejudices about their organization, and to radically reframe the questions in order to find entirely new kinds of solutions. And the best thing about AI solutions is that they can be tested. AI creates its own empirical feedback loop that allows you to think of your company as an experimental science lab for transformation and performance improvement. In other words, the hard science of AI can be just what you need to ask the kind of broad questions that lay the foundation for meaningful progress.


200,000 Cisco Network Switches Reportedly Hacked

In its blog post, Kaspersky Lab states: "It seems that there's a bot that is searching for vulnerable Cisco switches via the IoT search engine Shodan and exploiting the vulnerability in them (or, perhaps, it might be using Cisco's own utility that is designed to search for vulnerable switches). Once it finds a vulnerable switch, it exploits the Smart Install Client, rewrites the configuration and thus takes another segment of the Internet down. That results in some data centers being unavailable, and that, in turn, results in some popular sites being down." In an advisory on Cisco switch vulnerability issued Monday, the Indian Computer Emergency Response Team stated multiple vulnerabilities have been reported in Cisco IOS XE ,which could be exploited by a remote attacker to send a crafted packet to an affected device and gain full control also conduct denial of service condition.


Cyber Accountability: The Next Boardroom Struggle

Cyber Accountability: The Next Boardroom Struggle
The data protection officer will also need the right tools in place to monitor irregularities and work with the CISO network team. Real-time analysis at the network level will give businesses an indication of the files or data that have been transferred or viewed from the network environment. This will support any breach reporting and give an organisation the means to handle the reputational aspect of a breach fallout, and rapidly understand what data has been accessed and how to respond. The next key part of the puzzle is for a business to have a slick process for reporting and communicating breaches to the regulator, customers and any other affected parties. Practice is the only way to prepare: define a process, rehearse it in simulations with the required decision makers, refine it, and repeat as the business and regulatory environment shifts, year on year. Complement this with a clear and defined internal procedure so all staff know what to do should and who they need to speak to if they notice something awry.


Graph databases and machine learning will revolutionize MDM strategies

Traditional MDM has been around since the early 2000’s. As data volume has grown and the potential value of analytics has exploded, enterprises seeking to compete on analytics struggle to scale mastering efforts with the surfeit of available data sources. Clearly, creating robust data engineering pipelines to unify this data at scale is more important -- and harder -- than ever. An “agile” approach, utilizing machine learning can cut time required for unification or analytics projects (around 90%) while scaling to more sources than other traditional approaches. Moreover, given the scale of enterprise data, automation is the key to agility and scale. Such enterprise data automation can only be achieved with some human oversight to make sure the results are fast and accurate. Not just raw data scalability, but also human process scalability is enabled by machine learning.


Managing vulnerabilities in the cloud . . . and everywhere else

Managing vulnerabilities in the cloud . . . and everywhere else
The public and, more importantly, governmental leaders are loosing patience with companies that fall victim to attacks because they didn’t address known vulnerabilities with available patches and highly publicized exploits. Aside from how dangerous the leaked NSA–developed exploits can be in the hands of cybercriminals, attacks like WannaCry showed us how connected we are. The “ransomworm” spread like wildfire through networks and jumped into new areas through third–party connections. Where there was a path, there was a way. This should be of concern, especially amid the move to the cloud where complexity and visibility challenges only become more daunting.  To stay safe in the era of distributed attacks and cloud–first strategies, organisations need to rethink how they view their attack surface. Attackers don’t see your network with distinct boundaries, and neither can you. No matter if it’s your physical, virtual or cloud network — you need to approach security holistically and centralize management.


IT’s worst addictions (and how to cure them)

IT’s worst addictions (and how to cure them)
While technology addiction is a real thing, especially for teenagers, IT pros have their own monkeys on their backs. Whether you're an infrastructure junkie or a Slack head, chasing the data dragon or mesmerized by the blinking lights on your network operations center dashboard, your tech addictions can kill productivity, sap budgets and stall innovation. An inability to relinquish control can lead to technology silos and turf wars. Overdependence on artificial intelligence can actually hurt, not help, your company. And while everyone loves shiny new toys, they may not be the most cost-effective solutions for your organization. The first step on the road to recovery is admitting you have a problem. The next step is reading our prescriptions for how to kick your bad habits and get clean again. "Organizations are caught in analysis paralysis," says Sarah Kampman, vice president of product at Square Root, whose CoEfficient SaaS platform helps retailers and automotive brands make sense of their data. "The information isn't translating into behavioral changes that drive success."



Quote for the day:


"Don’t be so quick to label something as “bad.” It may be the thing that takes you to success." -- Tim Fargo


Daily Tech Digest - April 14, 2018

10 best practices for bolstering security and increasing ROI

business meeting (marvent/Shutterstock.com)
There is nothing easy about government security operations. Most chief information security officers struggle with countless manual processes, numerous disconnected tools and a shortage of properly trained talent. However, the increasing number of widely publicized breaches, the growing complexity of regulations pertaining to the protection of personal data and the uptick in ransomware attacks have made agencies' top executives acutely aware of the dangers posed by inadequate security. As a result, those executives have become more willing to approve spending on security operations -- but the increased spending has often not provided the type of returns that agency leaders and financial officers expected. So now CISOs are being asked to provide proof that the money spent -- or that they are asking to be spent -- will lead to greater effectiveness, more efficient operations or better results when the agency is attacked.  If calculating the return on security investments could mirror predicted ROI for return on a new piece of equipment, the task would be simpler.


Use case categories for IoT and blockchain or distributed ledger convergence according to Kaleido Insights' report “The Internet of Trusted Things: Blockchain as the Foundation for Autonomous Products & Ecosystem Services” - via Jessica Groopman - source and more info
In an age where consumers (also part of the ecosystem) want their goods faster than ever and the pressure for digital supply chains to be more interconnected and efficient is high. With interconnected we don’t mean supply chains as such (they are of course interconnected) but the data flows, processes, control mechanisms, myriad stakeholders, processes, actions and interactions (as mentioned in a blockchain smart port case there are over 30 different parties with on average 200 interactions between them just to get a container from one point or the other in shipping). No wonder that global logistics and transportation are among the fastest movers in testing and adopting blockchain technology. It is no different in the intersections of IoT and distributed ledgers from the ecosystem perspective as the Kaleido Insights report depicts it: supply chain is one of five blockchain IoT use case or rather industries/activities where blockchain is seen as the foundation for autonomous products and ecosystem services.



Five Reasons B2B Companies Should Not Ignore Social Media

One of the first things you may hear when you talk to B2B sales managers is that this is a purely rational market -- decisions are pragmatic and solely based on numbers, cash flow and revenue projection. This is just not true. While considerable weight is put into the rational part of the purchase, decision-makers are often filled with emotions when it comes to selecting a provider. The result of these selections could affect their jobs, their careers and their overall stability. Nobody wants to be the person who bought that customer relationship management (CRM) software that was a complete headache and generated huge losses. These emotions need to be addressed with a more humane approach, and social media gives us the ability to have a closer connection to the buyer, not the entity. Examples of this are using videos of client testimonials that feel real and not scripted and introducing your employees to your social audience to start the conversation in the digital environment, thereby creating closer relationships offline.


Understanding Virtual Private Networks [and why VPNs are important to SD-WAN]

istock 501503746
Another type of site-to-site VPN is connecting to a carrier-provided MPLS cloudinstead of the public internet, offloading establishment of the VPN connections to the provider. The service provider creates virtual connections between sites across its MPLS network. The primary advantages of this type of VPN are network agility and the ability to mesh the network. In a typical site-to-site network, each branch is connected to the data center, and any branch to branch traffic flows through that central hub. With meshing, branches connect to each other directly without going through the hub. This direct connectivity may be necessary for video conferencing and other bandwidth-intensive and delay sensitive applications, and MPLS VPNs are ideally suited for this use case. The negative to MPLS VPNs has always been cost. Private IP services, like MPLS are very expensive, particularly for international connections. SD-WANs have been red hot of late with network professionals because they provide the cost benefits of Internet based VPNs with the performance and agility of MPLS VPNs.


Think of a Number: Why Humans and Machines Are Bad at Being Random

Choosing truly random numbers is a challenge for people just as much as it is for machines. It also largely outside the control of the lottery organizers and has some potentially dangerous financial ramifications. For example, in the 1990s, the UK lottery paid a guaranteed £10 for picking three correct numbers. If enough people played the same correct numbers and won, would this bankrupt the lottery? That idea almost became reality with an experiment on the 1997 UK television series The Paranormal World of Paul McKenna. In an experiment in so-called psychokinesis — the power of mind over matter — McKenna asked the nation to concentrate on a particular set of six numbers in the hope of making them come up in the Saturday draw. It quickly became apparent that if millions of viewers bet on them, and even if only three of those numbers came up for the minimum £10 prize, the National Lottery would have to make a huge and unprecedented payout. Luckily for the organizers, the numbers didn’t win, but it led to Camelot changing the rules shortly after the McKenna program, so that four, not three, matching numbers were now required to win the minimum prize.


22 European countries sign up to blockchain partnership


The document said that by cooperating closely, creating a “European ecosystem for blockchain services and applications”, fragmented approaches can be avoided. “It can enable the development of interoperable frameworks for blockchain in Europe based on standardised solutions and governance models,” the declaration said. “Such cooperation can also strengthen compliance with regulations and regulatory convergence, which is essential to support scalability of such solutions across borders.” Earlier this year, the EC set up the Blockchain Observatory and Forum, which will monitor blockchain developments and ensure EU organisations are engaged in the industry.  ... “Such services will create opportunities to enhance services in both public and private sectors, notably making better use of public sector information while preserving data integrity, and providing better control of data by citizens and organisations interacting with public administrations, reducing fraud, improving recordkeeping, access, transparency and auditability, within and across borders.”


Hackers Found Using A New Code Injection Technique to Evade Detection

While performing in-depth analysis of various malware samples, security researchers at Cyberbit found a new code injection technique, dubbed Early Bird, being used by at least three different sophisticated malware that helped attackers evade detection. As its name suggests, Early Bird is a "simple yet powerful" technique that allows attackers to inject malicious code into a legitimate process before its main thread starts, and thereby avoids detection by Windows hook engines used by most anti-malware products. The Early Bird code injection technique "loads the malicious code in a very early stage of thread initialization, before many security products place their hooks—which allows the malware to perform its malicious actions without being detected," the researchers said. The technique is similar to the AtomBombing code injection technique that does not rely on easy-to-detect API calls, allowing malware to inject code into processes in a manner that no anti-malware tools can detect.


Transform HR with Intelligent Automation

Intelligent Automation
Automation is everywhere. As the “new norm,” intelligent automation plays a key role in our everyday lives. From Lyft providing instant access to a ride and Alexa keeping track of the grocery list, intelligent automation is behind the scenes enhancing services and making our lives easier. With less and less effort required on our part, intelligent automation is quickly becoming the preferred way of doing things. While the world moves towards increased automation, many companies and HR organizations in particular are striving to follow. However, many HR organizations still rely on manual and unstructured work processes. In a recent study of more than 1,850 business leaders, HR was named the department “most in need of a reboot” with only 37 percent of services being automated. This makes it not only difficult for HR teams to do their jobs effectively, but also reflects on the department overall and what employees experience when interacting with HR. The lack of automation in HR organizations is especially challenging given the dramatic rise in work loads in recent years.


Artificial Intelligence - The Next Digital Frontier?

In this independent discussion paper, we examine investment in artificial intelligence (AI), describe how it is being deployed by companies that have started to use these technologies across sectors, and aim to explore its potential to become a major business disrupter. To do this, we looked at AI through several lenses. We analyzed the total investment landscape bringing together both investment of large corporations and funding from venture capital and private equity funds. We also reviewed the portfolio plays of major internet companies, the dynamics in AI ecosystems from Shenzhen to New York, and a wide range of case studies. As part of our primary research, we surveyed more than 3,000 senior executives on the use of AI technologies, their companies’ prospects for further deployment, and AI’s impact on markets, governments, and individuals. This report also leverages the resources of McKinsey Analytics, a global practice that helps clients achieve better performance through data. The research was conducted jointly with Digital McKinsey, a global practice that designs and implements digital transformations.


Technology Must Make Digital Banking More Human

There needs to be an extreme sense of urgency within the organization to accept and implement change, otherwise the organization will see the ‘doomsday’ industry scenario that we’ve been warned about. As a result, it is important to find deeply transformational levers – changes that will fundamentally make a collective difference faster than a general employee engagement program or a sheer reorganization exercise. That’s why every Emotional Banking workshop and program designed corresponds to one of four key levers … Knowledge, Passion, Courage and Language. Because the connection to brands differ from bank to bank, the process of building a successful emotional connection between the organization and the customer must be flexible. Emotional Banking is an evolutionary process, that will change over time and will be customized for each organization. I have enlisted a global deployment partner as well as Dr. Julia Furedi to build learnings around what works best and fastest, and to help demonstrate the synergy between the four levers and the technology now available at leading banks.



Quote for the day:



"The most important thing in communication is to hear what isn't being said." -- Peter Drucker