Daily Tech Digest - May 24, 2021

How can banks mitigate the risks of consumers’ poor cyber hygiene practices?

To successfully implement adaptive authentication, banks and financial institutions must implement robust risk analytics – a sphere in which AI is playing an increasingly large role. This is no surprise, given that the threats to banks are becoming more sophisticated, with the emergence of attacks-as-a-service, automated attack tools, and close collaboration amongst bad actors enabling fraud at an unprecedented scale. An AI-powered decision engine and machine learning model can continuously analyse a broad range of data, events and context. Rather than simply detecting login and transaction data, they look at a whole variety of indicators of compromise and learn from them. These include malicious headers, referrers from a phishing site, malicious cookies, a malicious device or IP, inhuman speed, keyboard overlay, a debugger running and many more. Based on the risk level of each user action, a smart risk analytics solution can generate a score and provide a recommended next step in real time – enabling banks to remain proactive, rather than reactive. So, with the complexity of attacks growing and fraudsters’ sophistication evolving on an almost a daily basis, it’s clear that users cannot and should not be expected to keep up.

The Future State of the Cloud

If findings from a decade’s worth of research are predictive, these technologies and tools are the ones that may experience increased adoption: Configuration management tools: Growth of configuration management tools is on the rise, though this varies among tools; many organizations now use more than one. Back in the early days of this research, Chef and Puppet ruled the roost, each peaking as high as the 50% adoption mark among enterprises in the 2019 report. It was at this point that we started to see increased experimentation with Ansible and Terraform, each of now adopted by more than one-third of all enterprise respondents. This coincides with Puppet and Chef experiencing significant decreases in adoption, with even fewer organizations planning on using and/or experimenting with these tools;  Platform-as-a-Service (PaaS): Recently, there is continued experimentation and increased adoption of public cloud PaaS services. These include data analytics, artificial intelligence and machine learning (AI/ML), and the internet of things (IoT). ... Increasingly, today’s industry relies on services such as these that are becoming standard parts of operations.

The RPA world desperately needs standards

The absence of RPA design standards capable of detailing process automations in a universally understood manner is also a major contributor to stalled automation pipelines. Look, for example, at process discovery tools, a key component of any automation toolchain. Without RPA standards that would assure compatibility and interoperability, process discovery tools detail discovered processes in different ways. This leaves RPA users with little choice but to transcribe processes manually before they can ever start to be developed and deployed in target automation platforms. As a result, automations stall, more money has to be spent, and more time is wasted. Growing awareness of these standardization issues, coupled with the inability of RPA to scale or deliver on anticipated ROI, is causing many companies to rethink additional automation investments. ... To better understand the kind of incredible impact industry standards can have, look at the example provided by the Portable Document Format, or PDF. After the PDF was released as an open standard by Adobe, the ability not only to save a PDF in any word processor, but also to open it in another tool suddenly unlocked a level of portability that previously had been impossible to attain.

5 Strategies to Infuse D&I into Your Organization

The CEO needs to take a public stance, embed D&I in the organization’s purpose, exemplify the culture, and take responsibility for progress toward goals. They need to be out front, even if a CDO is part of the team. PwC’s U.S. chairman, Tim Ryan, has been an exemplar for at least five years. He co-founded CEO Action for Diversity and Inclusion after police shootings in the summer of 2016 to spur business executives to collective action on D&I. The publication of PwC’s workforce diversity data in 2020 revealed that women and people of color are underrepresented, especially at senior levels, showing that even the most dedicated companies still have a lot of D&I work to do. Nielsen’s CEO, David Kenny, added the CDO title to his leadership portfolio in 2018 so he could “set hard targets for ourselves and make those transparent to our board and measure them like we measure other outcomes like financial results.” He relinquished that title to a new CDO in March 2020, noting the D&I progress his team had already made. If you’re a board member, you have an essential role to play in D&I governance.

Explainable AI (XAI) with SHAP - regression problem

Model explainability becomes a basic part of the machine learning pipeline. Keeping a machine learning model as a “black box” is not an option anymore. Luckily there are tools that are evolving rapidly and becoming more popular. This guide is a practical guide for XAI analysis of SHAP open source Python package for a regression problem. SHAP (Shapley Additive Explanations) by Lundberg and Lee  is a method to explain individual predictions, based on the game theoretically optimal Shapley values. Shapley values are a widely used approach from cooperative game theory that come with desirable properties. The feature values of a data instance act as players in a coalition. The Shapley value is the average marginal contribution of a feature value across all possible coalitions. In this guide we will use the Boston house prices dataset example from sklearn datasets. It is a simple regression problem. ... The SHAP framework has proved to be an important advancement in the field of machine learning model interpretation. SHAP combines several existing methods to create an intuitive, theoretically sound approach to explain predictions for any model.

Super-Secure Processor Thwarts Hackers by Turning a Computer Into a Puzzle

To stop attacks, Morpheus randomizes these implementation details to turn the system into a puzzle that hackers must solve before conducting security exploits. From one Morpheus machine to another, details like the commands the processor executes or the format of program data change in random ways. Because this happens at the microarchitecture level, software running on the processor is unaffected. A skilled hacker could reverse-engineer a Morpheus machine in as little as a few hours, if given the chance. To counter this, Morpheus also changes the microarchitecture every few hundred milliseconds. Thus, not only do attackers have to reverse-engineer the microachitecture, but they have to do it very fast. With Morpheus, a hacker is confronted with a computer that has never been seen before and will never be seen again. To conduct a security exploit, hackers use vulnerabilities in software to get inside a device. Once inside, they graft their malware onto the device. Malware is designed to infect the host device to steal sensitive data or spy on users. The typical approach to computer security is to fix individual software vulnerabilities to keep hackers out. 

Cybersecurity is Now Essential to Corporate Strategy. Here's How to Bring the Two Together.

Compliance is not security. This is an essential difference to understand. Compliance is about checking the same processes to meet some pre-established requirements and procedures. Security is about continually monitoring for new and unexpected vulnerabilities. The best way to think of this important difference is as though there is an (ideally) impenetrable net covering every component of your business. Compliance checks the state of that net at a moment in time and from an established list of criteria, but it isn’t checking for a continually growing set of new threats that are not yet on the list. Security requires ongoing vigilance for unexpected vulnerabilities. It’s very much a real time and continuous effort. When it comes to cybersecurity planning, the lesson for businesses is that following established processes is not enough. It’s about anticipating what could happen or what could possibly go wrong. Security is like an ongoing and engaged state of being — it needs active and ongoing vigilance and maintenance to remain operational and be ready to pivot when the expected happens.

Can Your Enterprise Benefit from No-Code AI?

There are many ways no-code AI can be used in businesses, including small businesses looking to find ways to embrace the power of automation. Here are just a few examples of how no-code AI is impacting different industries. Several financial services firms have started incorporating no-code AI into their workflows to improve security and provide an enhanced customer experience. By using no-code AI, the entire customer experience can be streamlined. Let’s take an example of a loan application. Using no-code AI, financial services teams can build an ML model to quickly scan loan applications and determine which ones meet the required criteria. The underwriting team now has more time to focus on approved applicants instead of spending all their time sifting through applications. As different teams need new ML models to improve their processes, they can use a no-code AI platform to create them. This makes their operations more efficient because they no longer need to wait for their IT team or data scientists to develop a new model every time a need arises.

Blockchain, when and why to use it in business processes

The feature of intrinsic disintermediation and crystallization of traceability of the transferred asset are among the most innovative requirements of blockchain technology, which has and will have increasing impacts on the evolution of social and organizational models, as well as positive impacts in terms of technological process innovation. Service providers can interface with the blockchain to offer advanced functionality to users, for example API integrations services. ... Blockchain makes it possible to track when and by whom a given change was made, which is why blockchain technology is spreading in all scenarios where it is required to ensure traceability and authenticity for a product or service, such as the agri-food supply chain. In addition, another widespread application is that of notarization or crystallization of data on blockchain, which ensures the association of a certain date. Another application on which various projects and concrete initiatives have focused is that of smart contracts, i.e. the automatic activation, based on distributed ledger software technologies, of contracts between private individuals upon the occurrence of certain events or conditions predefined by two or more parties.

AI is no villain: six steps to build your AI strategy

During AI transformation projects, companies often make the mistake of separating the vision from the execution, resulting in disjointed and complicated AI programs that can take years to consolidate. This can be easily avoided by choosing AI solutions based on concrete business objectives that have been established at the project’s outset. It’s important to align your corporate strategy with measurable goals and objectives to guide your AI deployment. Once complete, the strategy can be easily escalated down into divisional- or even product-level strategies. ... Identify the real problem; don’t assume it is AI. This might seem like common sense, but the problems you’re looking to overcome have a large impact on your success. Some problems are not AI problems at all, and for the ones that are, the business should advocate the delivery through small lighthouse projects that act as a beacon for their capabilities. In identifying ‘lighthouse’ projects, your business will need to assess the overall goal and importance of the project, its size, likely duration and data quality. Lighthouse projects tend to be able to be delivered in under eight weeks, instead of eight months, and will provide an immediate and tangible benefit for the business and your customers.

Quote for the day:

"Time is neutral and does not change things. With courage and initiative, leaders change things." -- Jesse Jackson

No comments:

Post a Comment