Algorithmic transparency obligations needed in public sector
“The Centre for Data Ethics and Innovation has today set out a range of
measures to help the UK achieve this, with a focus on enhancing transparency
and accountability in decision-making processes that have a significant impact
on individuals. Not only does the report propose a roadmap to tackle the
risks, but it highlights the opportunity that good use of data presents to
address historical unfairness and avoid new biases in key areas of life.” ...
These include historical bias, in which data reflecting previously biased
human decision-making or historical social inequalities is used to build the
model; data selection bias, in which the data collection methods used mean it
is not representative; and algorithmic design bias, in which the design of the
algorithm itself leads to an introduction of bias. Bias can also enter the
algorithmic decision-making process because of human error as, depending on
how humans interpret or use the outputs of an algorithm, there is a risk of
bias re-entering the process as they apply their own conscious or unconscious
biases to the final decision. “There is also risk that bias can be amplified
over time by feedback loops, as models are incrementally retrained on new data
generated, either fully or partly, via use of earlier versions of the model in
decision-making,” says the review.
Kick-off Your Transformation by Imagining It Had Failed
An effective way to get the team into the right mindset – i.e. to think as if
they’re not merely looking into the future but are actually in it – is to have
everyone participate in telling the story of the transformation. What did
happen? What noteworthy events took place? What were the highs and lows of the
transformation? The power of this exercise is that it challenges the team to
‘go deep’ into this prospective hindsight narrative, constructing a plausible
chain of events that must logically lead to the outcome (the failure of the
transformation). This opens a broader spectrum of potential reasons for
failure, further enriching the conversation and providing us with a goldmine
of potential insights. One way to collaboratively write the story of the
transformation is by constructing a timeline. Ask the team to break into small
groups of 3 or 4. Each small group will work to chronologically list
significant events that they believe led to the failure of the transformation.
The timeline should be divided into meaningful time periods (taking into
account how long back we are looking) – e.g. quarterly.
Have attitudes to tech investment changed at board level due to Covid-19?
“There has been a great acceleration of thinking around technology and its
role in business,” says Chapman. “Technology has been a crucial lifeline
through this pandemic, essential to maintaining business efficiency and
productivity.” The adoption of collaborative tools and the use of the cloud
has allowed workforces to continue working effectively in remote environments,
as much of the world went into lockdown. Chapman explains that this has helped
change the attitude of boards of directors towards technology, for two
reasons. First, technology has proved itself by successfully enabling entire
workforces to work from home. “If this pandemic had happened even five years
ago, IT teams would not have succeeded, but they did in 2020 because the
technology was ready, and so was the appetite from users to adopt it,” he
says. The second reason is that the pandemic demonstrated clearly what was
possible – digital modernisation has accelerated across nearly every industry.
According to a recent IFS study, 70% of businesses increased or maintained
digital transformation spend during the pandemic. The survey data indicated
that enterprise plans to increase spending on digital transformation tracks
closely with concerns about economic conditions disrupting business.
Bandook: Signed & Delivered
Check Point Research recently observed a new wave of campaigns against various
targets worldwide that utilizes a strain of a 13-year old backdoor Trojan
named Bandook. Bandook, which had almost disappeared from the threat
landscape, was featured in 2015 and 2017 campaigns, dubbed “Operation Manul”
and “Dark Caracal“, respectively. These campaigns were presumed to be carried
out by the Kazakh and the Lebanese governments, as uncovered by the Electronic
Frontier Foundation (EFF) and Lookout. During this past year, dozens of
digitally signed variants of this once commodity malware started to reappear
in the threat landscape, reigniting interest in this old malware family. In
the latest wave of attacks, we once again identified an unusually large
variety of targeted sectors and locations. ... The full infection chain of the
attack can be broken down into three main stages. The first stage starts, as
in many other infection chains, with a malicious Microsoft Word document
delivered inside a ZIP file. Once the document is opened, malicious macros are
downloaded using the external template feature. The macros’ code in turn drops
and executes the second stage of the attack, a PowerShell script encrypted
inside the original Word document. Finally, the PowerShell script downloads
and executes the last stage of the infection: the Bandook backdoor.
Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks Yes
One of the reasons we’ll see more internal attacks is that password-management
tools and multi-factor authentication (MFA) will become more prevalent. This
will help slow the rate of account-compromise attacks through phishing and
data theft. These tools are very effective at reducing the threat from
compromised accounts, with token-based MFA being the more effective of the
two, but usage has grown slowly over the years. However, inexpensive physical
tokens and software-based equivalents make them accessible. User acceptance
will still be a challenge going into the new year and, probably, for several
years more. We’re also likely to see a growth in risk-based access control
technologies, where security analytics tools are used to help decide what
level of authentication is appropriate on a case-by-case bases. This will
reduce the burden on users by only requiring additional authentication when
needed, while making it more difficult for attackers by tying behavior
analysis techniques into the security stack. This also ties into zero-trust
architectures, which should also see growth moving into 2021 and beyond.
Security analytics as a technology will see more use, being incorporated into
existing security stacks by seamlessly merging into existing solutions.
Enterprises addressing data security and e-waste issues generated by remote work
“The flood of technology investment which followed the beginning of the
pandemic has created clear issues for both e-waste and secure data
management,” said Alan Bentley, President of Global Strategy at Blancco.
“The switch to remote work spurred on a wave of new device purchases, but
these new, widely distributed devices have left enterprises feeling
vulnerable. It’s fascinating that so many businesses have implemented roles
to manage the e-waste issue resulting from COVID-19, demonstrating corporate
social responsibility (CSR), but also their concern around how these devices
will be dealt with when they reach end-of-life. “It’s crucial that this
issue is not overlooked and that these devices are appropriately disposed
of. But it’s just as crucial to ensure the safeguarding of sensitive data
during that process. “Appropriate data sanitization might at times be
overlooked as an element of e-waste policies, but it is the perfect
opportunity to engage data management best practices. Because not only will
this reduce environmental impact, it will also remove the risk of a data
breach when disposing of devices at end-of-life.” The report concludes that
enterprises must rethink their device management practices.
Fix bottlenecks before tackling business process automation
Describing the approach the company took to optimise the process, Novais
says: “We started with pen and paper to define the process, then modelled it
using Tibco, to identify gaps in how it was working and to describe what we
wanted to achieve.” The overall objective of the employee onboarding process
was to ensure new employees get all the applications they need for their job
at Cosentino. Putting in place new and improved business processes is most
successful if someone from the business can champion the change. Novais
adds: “It is not easy to show someone they are not efficient.” Cosentino
identified key users who could help others to understand how the business
process improves the way they work. Novais says dashboards are used to help
the company assess business processes to understand bottlenecks. “We can
review processes on a regular basis,” he adds. The company has a cloud
strategy based on Microsoft Azure and the Tibco cloud and is actively
building applications that extend its legacy SAP enterprise resource
planning (ERP) system. For instance, Novais says Cosentino is extracting
data from the ERP for a new purchase-to-pay business process that is being
run outside the ERP.
Use social design to help your distributed team self-organize
An alternative to the top-down approach is to let function drive form,
supporting those most directly connected to creating value for customers.
Think of it as bottom-up or outside-in. One discipline useful in such
efforts is social design, a subspecialty of design that aspires to solve
complex human issues by supporting, facilitating, and empowering cultures
and communities. Its practitioners design systems, not simply beautiful
things. I spoke with one of the pioneers in this area, Cheryl Heller, author
of The Intergalactic Design Guide: Harnessing the Creative Potential of
Social Design. Her current work at Arizona State University centers on
integrating design thinking and practice into functions that don't typically
utilize design principles. “People’s work is often their only source of
stability right now,” she told me. “You have to be careful, because people
are brittle.” Beware the fear-inducing “burning platform” metaphor
frequently used in change management (the idea being, essentially, that
people must be forced to overcome resistance to change). Heller explained
that people using traditional business thinking are often in a hurry to “get
to outcomes” and that haste is counterproductive when dealing with human
relationships because it can lead to disengagement and ultimately failure.
Overcoming the pandemic era with a solid business continuity plan
IT leaders also felt that the pandemic had exposed their lack of
preparedness for different working arrangements (28%). Nearly six months
after the coronavirus upended our traditional working practices, businesses
across the world are grappling to turn their temporary fixes into more
sustainable processes that will support many employees that expect to work
from home for the foreseeable future. This means employing the right
technology solutions to ensure workers can be as productive and efficient at
home as they are in the office. Whether that means migrating to the cloud to
ensure easy access to tools and documents from remote locations, or
implementing collaboration tools that enable quicker, easier, and simpler
communication between employees but at the same time remaining secure. But
it’s important that this challenge isn’t just viewed in the context of a
technical fix. Businesses will also need to reassess processes and ensure
employee benefits packages reflect a remote working structure. For example,
this may involve providing the right physical set-up to ensure people can
work comfortably, or launching wellness programmes to support the emotional
and mental health of their employees.
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Cybercriminals need to succeed only once, but organizations need to succeed
every time. While it's more than likely that your organization will be the
target of a successful cyberattack, a successful cyberattack doesn't
necessarily make a catastrophic data breach. If you know your security is
going to fail at some point, you can prepare for this eventuality and mitigate
its impact on operations. It's at this intersection of antifragility and
cybersecurity that we get a model I'm calling "failing toward zero." Failing
toward zero is a state in which each security incident leads to a successive
reduction in future incidences of the same type. Organizations that fail
toward zero embrace failure and learn from their mistakes. Our data suggests
that smart companies are already starting to do this. The Data Science and
Engineering team at Malwarebytes examined all detection data on business
endpoints for the past three years. It's no surprise that malware detections
on business endpoints went up every single year, from 7,553,354 in 2017 to
around 49 million in 2020 — and the year isn't even over yet. However, the
detections we're facing today are different from those we saw just a few years
ago.
Quote for the day:
"If you want staff to give great service, give great service to staff." -- Ari Weinzweig
No comments:
Post a Comment