Daily Tech Digest - November 27, 2020

Algorithmic transparency obligations needed in public sector

“The Centre for Data Ethics and Innovation has today set out a range of measures to help the UK achieve this, with a focus on enhancing transparency and accountability in decision-making processes that have a significant impact on individuals. Not only does the report propose a roadmap to tackle the risks, but it highlights the opportunity that good use of data presents to address historical unfairness and avoid new biases in key areas of life.” ... These include historical bias, in which data reflecting previously biased human decision-making or historical social inequalities is used to build the model; data selection bias, in which the data collection methods used mean it is not representative; and algorithmic design bias, in which the design of the algorithm itself leads to an introduction of bias. Bias can also enter the algorithmic decision-making process because of human error as, depending on how humans interpret or use the outputs of an algorithm, there is a risk of bias re-entering the process as they apply their own conscious or unconscious biases to the final decision. “There is also risk that bias can be amplified over time by feedback loops, as models are incrementally retrained on new data generated, either fully or partly, via use of earlier versions of the model in decision-making,” says the review.

Kick-off Your Transformation by Imagining It Had Failed

An effective way to get the team into the right mindset – i.e. to think as if they’re not merely looking into the future but are actually in it – is to have everyone participate in telling the story of the transformation. What did happen? What noteworthy events took place? What were the highs and lows of the transformation? The power of this exercise is that it challenges the team to ‘go deep’ into this prospective hindsight narrative, constructing a plausible chain of events that must logically lead to the outcome (the failure of the transformation). This opens a broader spectrum of potential reasons for failure, further enriching the conversation and providing us with a goldmine of potential insights.  One way to collaboratively write the story of the transformation is by constructing a timeline. Ask the team to break into small groups of 3 or 4. Each small group will work to chronologically list significant events that they believe led to the failure of the transformation. The timeline should be divided into meaningful time periods (taking into account how long back we are looking) – e.g. quarterly.

Have attitudes to tech investment changed at board level due to Covid-19?

“There has been a great acceleration of thinking around technology and its role in business,” says Chapman. “Technology has been a crucial lifeline through this pandemic, essential to maintaining business efficiency and productivity.” The adoption of collaborative tools and the use of the cloud has allowed workforces to continue working effectively in remote environments, as much of the world went into lockdown. Chapman explains that this has helped change the attitude of boards of directors towards technology, for two reasons. First, technology has proved itself by successfully enabling entire workforces to work from home. “If this pandemic had happened even five years ago, IT teams would not have succeeded, but they did in 2020 because the technology was ready, and so was the appetite from users to adopt it,” he says. The second reason is that the pandemic demonstrated clearly what was possible – digital modernisation has accelerated across nearly every industry. According to a recent IFS study, 70% of businesses increased or maintained digital transformation spend during the pandemic. The survey data indicated that enterprise plans to increase spending on digital transformation tracks closely with concerns about economic conditions disrupting business.

Bandook: Signed & Delivered

Check Point Research recently observed a new wave of campaigns against various targets worldwide that utilizes a strain of a 13-year old backdoor Trojan named Bandook. Bandook, which had almost disappeared from the threat landscape, was featured in 2015 and 2017 campaigns, dubbed “Operation Manul” and “Dark Caracal“, respectively. These campaigns were presumed to be carried out by the Kazakh and the Lebanese governments, as uncovered by the Electronic Frontier Foundation (EFF) and Lookout. During this past year, dozens of digitally signed variants of this once commodity malware started to reappear in the threat landscape, reigniting interest in this old malware family. In the latest wave of attacks, we once again identified an unusually large variety of targeted sectors and locations. ... The full infection chain of the attack can be broken down into three main stages. The first stage starts, as in many other infection chains, with a malicious Microsoft Word document delivered inside a ZIP file. Once the document is opened, malicious macros are downloaded using the external template feature. The macros’ code in turn drops and executes the second stage of the attack, a PowerShell script encrypted inside the original Word document. Finally, the PowerShell script downloads and executes the last stage of the infection: the Bandook backdoor.

Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks Yes

One of the reasons we’ll see more internal attacks is that password-management tools and multi-factor authentication (MFA) will become more prevalent. This will help slow the rate of account-compromise attacks through phishing and data theft. These tools are very effective at reducing the threat from compromised accounts, with token-based MFA being the more effective of the two, but usage has grown slowly over the years. However, inexpensive physical tokens and software-based equivalents make them accessible. User acceptance will still be a challenge going into the new year and, probably, for several years more. We’re also likely to see a growth in risk-based access control technologies, where security analytics tools are used to help decide what level of authentication is appropriate on a case-by-case bases. This will reduce the burden on users by only requiring additional authentication when needed, while making it more difficult for attackers by tying behavior analysis techniques into the security stack. This also ties into zero-trust architectures, which should also see growth moving into 2021 and beyond. Security analytics as a technology will see more use, being incorporated into existing security stacks by seamlessly merging into existing solutions.

Enterprises addressing data security and e-waste issues generated by remote work

“The flood of technology investment which followed the beginning of the pandemic has created clear issues for both e-waste and secure data management,” said Alan Bentley, President of Global Strategy at Blancco. “The switch to remote work spurred on a wave of new device purchases, but these new, widely distributed devices have left enterprises feeling vulnerable. It’s fascinating that so many businesses have implemented roles to manage the e-waste issue resulting from COVID-19, demonstrating corporate social responsibility (CSR), but also their concern around how these devices will be dealt with when they reach end-of-life. “It’s crucial that this issue is not overlooked and that these devices are appropriately disposed of. But it’s just as crucial to ensure the safeguarding of sensitive data during that process. “Appropriate data sanitization might at times be overlooked as an element of e-waste policies, but it is the perfect opportunity to engage data management best practices. Because not only will this reduce environmental impact, it will also remove the risk of a data breach when disposing of devices at end-of-life.” The report concludes that enterprises must rethink their device management practices.

Fix bottlenecks before tackling business process automation

Describing the approach the company took to optimise the process, Novais says: “We started with pen and paper to define the process, then modelled it using Tibco, to identify gaps in how it was working and to describe what we wanted to achieve.” The overall objective of the employee onboarding process was to ensure new employees get all the applications they need for their job at Cosentino. Putting in place new and improved business processes is most successful if someone from the business can champion the change. Novais adds: “It is not easy to show someone they are not efficient.” Cosentino identified key users who could help others to understand how the business process improves the way they work. Novais says dashboards are used to help the company assess business processes to understand bottlenecks. “We can review processes on a regular basis,” he adds. The company has a cloud strategy based on Microsoft Azure and the Tibco cloud and is actively building applications that extend its legacy SAP enterprise resource planning (ERP) system. For instance, Novais says Cosentino is extracting data from the ERP for a new purchase-to-pay business process that is being run outside the ERP.

Use social design to help your distributed team self-organize

An alternative to the top-down approach is to let function drive form, supporting those most directly connected to creating value for customers. Think of it as bottom-up or outside-in. One discipline useful in such efforts is social design, a subspecialty of design that aspires to solve complex human issues by supporting, facilitating, and empowering cultures and communities. Its practitioners design systems, not simply beautiful things. I spoke with one of the pioneers in this area, Cheryl Heller, author of The Intergalactic Design Guide: Harnessing the Creative Potential of Social Design. Her current work at Arizona State University centers on integrating design thinking and practice into functions that don't typically utilize design principles. “People’s work is often their only source of stability right now,” she told me. “You have to be careful, because people are brittle.” Beware the fear-inducing “burning platform” metaphor frequently used in change management (the idea being, essentially, that people must be forced to overcome resistance to change). Heller explained that people using traditional business thinking are often in a hurry to “get to outcomes” and that haste is counterproductive when dealing with human relationships because it can lead to disengagement and ultimately failure.

Overcoming the pandemic era with a solid business continuity plan

IT leaders also felt that the pandemic had exposed their lack of preparedness for different working arrangements (28%). Nearly six months after the coronavirus upended our traditional working practices, businesses across the world are grappling to turn their temporary fixes into more sustainable processes that will support many employees that expect to work from home for the foreseeable future. This means employing the right technology solutions to ensure workers can be as productive and efficient at home as they are in the office. Whether that means migrating to the cloud to ensure easy access to tools and documents from remote locations, or implementing collaboration tools that enable quicker, easier, and simpler communication between employees but at the same time remaining secure. But it’s important that this challenge isn’t just viewed in the context of a technical fix. Businesses will also need to reassess processes and ensure employee benefits packages reflect a remote working structure. For example, this may involve providing the right physical set-up to ensure people can work comfortably, or launching wellness programmes to support the emotional and mental health of their employees.

Failing Toward Zero: Why Your Security Needs to Fail to Get Better

Cybercriminals need to succeed only once, but organizations need to succeed every time. While it's more than likely that your organization will be the target of a successful cyberattack, a successful cyberattack doesn't necessarily make a catastrophic data breach. If you know your security is going to fail at some point, you can prepare for this eventuality and mitigate its impact on operations. It's at this intersection of antifragility and cybersecurity that we get a model I'm calling "failing toward zero." Failing toward zero is a state in which each security incident leads to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes. Our data suggests that smart companies are already starting to do this. The Data Science and Engineering team at Malwarebytes examined all detection data on business endpoints for the past three years. It's no surprise that malware detections on business endpoints went up every single year, from 7,553,354 in 2017 to around 49 million in 2020 — and the year isn't even over yet. However, the detections we're facing today are different from those we saw just a few years ago.

Quote for the day:

"If you want staff to give great service, give great service to staff." -- Ari Weinzweig

No comments:

Post a Comment