Daily Tech Digest - January 21, 2021

15 SLA mistakes IT leaders still make

SLAs have often been a point of contention ­— not only between providers and customers, but within organizations themselves. “It often boils down to IT leaders hating to read legal agreements while procurement and legal teams can be focused on business and financial risk rather than IT dependencies or the impact of system outages to delivering services,” says Joel Martin, cloud strategies research vice president at HFS Research. And as companies move more solutions to the cloud, understanding the service levels agreed to is important to developing trusted and dependable relationships. Moreover, SLA development and management has evolved significantly in recent years, with an eye toward driving business value. “Service recipients have become far more sophisticated in how they manage SLAs,” says Marc Tanowitz, managing director with West Monroe, adding that they “are looking for end-to-end outcomes that drive business success and recognize that the true value of SLAs is to drive business insights and performance — rather than to reduce the cost of service by capturing performance credits.” Nonetheless, there remain some common — and potentially costly — SLA mistakes IT leaders can make. Following are some of the most detrimental to the IT organization and the business at large.


Ransomware provides the perfect cover

Attackers are constantly creating new variants that evade detection by traditional signature-based approaches. To counteract these attacks, firms need to have defence in depth. This starts with preventing threat actors from infiltrating the network by defending against tactics such as phishing and malware campaigns through staff training, the use of strong passwords, 2FA, and patch management. If a threat actor makes it onto the system, their potential for lateral movement is limited when organizations have deployed a least-privilege approach, where access to files and folders is limited based on job role or seniority. Behavioral anomalies are a prime indicator that a threat actor could be on the network. This includes encrypting or downloading large amounts of data or user accounts trying to access restricted data. Successfully spotting such behaviour requires correlating data from many sources, including endpoint and network detection and response solutions. Finally, to ensure they can recover quickly in the event of a ransomware attack, organizations must also have robust backups that they can rely on if their network does go down.


Cisco tags critical security holes in SD-WAN software

The first critical problem–with a Common Vulnerability Scoring System rating of 9.9 out of 10–is vulnerability in the web-based management interface of Cisco SD-WAN vManage Software.  “This vulnerability is due to improper input validation of user-supplied input to the device template configuration,” Cisco stated. “An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to gain root-level access to the affected system.” This vulnerability affects only the Cisco SD-WAN vManage product, the company stated. The second critical Cisco SD-WAN Software issue–with a CVSS rating of 9.8—could let an unauthenticated, remote attacker to cause a buffer overflow. “The vulnerability is due to incorrect handling of IP traffic,” Cisco stated. “An attacker could exploit this vulnerability by sending crafted IP traffic through an affected device, which may cause a buffer overflow when the traffic is processed. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges.”


Microsoft Releases New Info on SolarWinds Attack Chain

According to Microsoft, the attackers achieved this by using a known MITRE attack method called event triggered execution, where malicious code is executed on a host system when a specific process is launched. In this case, the threat actors used the SolarWinds process to create a so-called Image File Execution Options (IEFO) registry value for running the malicious VBScript file when the dllhost dot exe process is executed on the infected system. The dllhost dot exe process is a legitimate Windows process for launching other applications and systems. When triggered, the VBScript then runs another executable that activates the Cobalt Strike DLL in a process that is completely disconnected and separate from the SolarWinds process. The VBScript then also deletes the IEFO registry value and other traces of the sequence of events that happened, according to Microsoft. The full motives behind the operation and its victims remain unclear — or at least publicly undisclosed — though some believe it may have been for corporate espionage or spying. FireEye, Microsoft, the US Cybersecurity and Infrastructure Security Agency (CISA), and numerous others have described the operation as being the work of a highly sophisticated state-backed actor. 


Accessible 5G: Making it a reality

To make 5G truly accessible to businesses, customers and consumers, we need to improve connectivity for all by eventually converging cellular and satellite networks to provide coverage both on land and via geo-satellite. While 3G and 4G were primarily created to improve mobile services for mobile device users, 5G is expected to support a much wider scope of IoT applications. With more intelligence being packed into smart, connected devices – we’ll need seamless connectivity and coverage. The hybrid network will enable all types of industries, from education and healthcare to construction and manufacturing, to not only use IoT technology to improve services and efficiencies but remove operational complexities, such as in-building coverage for more remote locations and black spots in connectivity when laying foundations – think basement renovations and housing developments in remote landscapes. As 5G-enabled smart devices and IoT applications increase, so too will the volume of data transactions between devices in the home: Smartphones, tablets, TVs, voice-assistance, and white goods like refrigerators and smart ovens. The sheer volume of applications transferring data to communicate with each other, for example, using voice assistance to dim the lights and select a film to watch for a night in, will require robust and seamless connectivity for the perfect experience.


Fueled by Record Profits, Ransomware Persists in New Year

In 2020, exfiltrating data from victims before crypto-locking their systems and naming and shaming victims via leaks sites became common. Pioneered by the now-defunct Maze group in late 2019, many other groups followed suit. Those include Clop, DoppelPaymer, Nefilim, Sekhmet and, more recently, Avaddon. DoppelPaymer was also tied to an attack against a hospital in Germany, which led to a seriously ill patient having to be rerouted to another hospital. "This individual later died, though German authorities ultimately did not hold the ransomware actors responsible because the German authorities felt the individual's health was poor and the patient likely would have died even if they had not been re-routed," the FBI notes in a private industry alert issued last month. For exfiltrating data, "size doesn't matter" for attackers, Sophos says. "They don't seem to care about the amount of data targeted for exfiltration. Directory structures are unique to each business, and some file types can be compressed better than others. We have seen as little as 5GB, and as much as 400GB, of compressed data being stolen from a victim prior to deployment of the ransomware." 


The state of the dark web: Insights from the underground

According to Raveed Laeb, product manager at KELA, the dark web of today represents a wide variety of goods and services. Although traditionally concentrated in forums, dark web communications and transactions have moved to different mediums including IM platforms, automated shops, and closed communities. Threat actors are sharing covert intelligence on compromised networks, stolen data, leaked databases and other monetizable cybercrime products through these mediums. “The market shifts are focused on automation and servitization [subscription models], aimed at aiding the cybercrime business to grow at scale,” says Laeb. “As can be witnessed by the exponential rise of ransomware attacks leveraging the underground financial ecosystem, the cybercriminal-to-cybercriminal markets allow actors to seamlessly create a supply chain that supports decentralized and effective cybercrime intrusions—giving attackers an inherent edge.” ... “Defenders can exploit these robust and dynamic ecosystems by gaining visibility into the inner workings of the underground ecosystem—allowing them to trace the same vulnerabilities, exposures, and compromises that would be leveraged by threat actors and remediate them before they get exploited,” says Laeb.


New MIT Social Intelligence Algorithm Helps Build Machines That Better Understand Human Goals

While there’s been considerable work on inferring the goals and desires of agents, much of this work has assumed that agents act optimally to achieve their goals. However, the team was particularly inspired by a common way of human planning that’s largely sub-optimal: not to plan everything out in advance, but rather to form only partial plans, execute them, and then plan again from there. While this can lead to mistakes from not thinking enough “ahead of time,” it also reduces the cognitive load.  For example, imagine you’re watching your friend prepare food, and you would like to help by figuring out what they’re cooking. You guess the next few steps your friend might take: maybe preheating the oven, then making dough for an apple pie. You then “keep” only the partial plans that remain consistent with what your friend actually does, and then you repeat the process by planning ahead just a few steps from there.  Once you’ve seen your friend make the dough, you can restrict the possibilities only to baked goods, and guess that they might slice apples next, or get some pecans for a pie mix. Eventually, you’ll have eliminated all the plans for dishes that your friend couldn’t possibly be making, keeping only the possible plans (i.e., pie recipes). Once you’re sure enough which dish it is, you can offer to help.


5G: Opportunities and Challenges for Electric Distribution Companies

While the primary focus for this new technology from a common carrier’s perspective seems to center around broadband services, the most likely areas that will be important to electric utilities will be the increased capacity to support field area network needs for connected grid devices. The "Grid of Things" will greatly benefit from the connectedness afforded by the larger IoT. "We plan to leverage our AMI network for connectivity needs, but that may change as we deploy more 'grid-edge' devices," said an executive of a mid-sized mid-Atlantic utility. Low-latency services potentially offer the opportunity to leverage this technology to support mission critical applications, such as protective relay management, SCADA, and substation communications. "Use of 5G can potentially provide SCADA and other system data over a cellular network versus a hard-wired solution through fiber or copper," said a general manager of a Connecticut public utility. The high data rate mmWave wireless broadband services may be applied to augmented/virtual reality (AR/VR), an area where some utilities like Duke Energy and EPRI are actively leveraging, and unmanned aerial vehicles (UAVs) that will improve asset management and visualization.


Financial institutions can strengthen cybersecurity with SWIFT’s CSCF v2021

SWIFT created the CSP to support financial institutions in protecting their own environments against cybercrime. The CSP established a common set of security controls, the Customer Security Controls Framework (CSCF), designed to help users secure their systems with a list of mandatory controls, community-wide information sharing initiatives, and security features on their payment infrastructure. The CSCF is designed to evolve based on threats observed across the transaction landscape. The CSCF’s controls are centered around three overarching objectives: Secure your environment; Know and limit access; and Detect and respond. The updated CSCF v2021 includes changes to existing controls and additional guidance and clarification on implementation guidelines. The newest version includes 31 security controls, 22 mandatory controls, and 9 advisory controls. Mandatory controls must be implemented by all users on the user’s local SWIFT infrastructure. Advisory controls are based on recommended best practices advised by SWIFT.



Quote for the day:

"Education is what survives when what has been learned has been forgotten." -- B. F. Skinner

Daily Tech Digest - January 20, 2021

New Intel CPU-level threat detection capabilities target ransomware

Detecting ransomware programs has never been easy, and attackers have always found ways to evade security products. The sophisticated groups that use manual hacking and perform months-long reconnaissance and lateral movement inside corporate networks will know very well what malware detection software their victims are using and can test in advance to make sure their payload will not be detected. This is part of the reason why ransomware campaigns are so effective and devastating to organizations. Aside from signature-based detection, security products attempt to detect ransomware-like behavior by monitoring for unusual patterns in file activity. For example, the reading and writing of a large number of files in certain directories or with certain file types in rapid succession can indicate suspicious activity. Significant differences in the contents of overwritten files is another example since an encrypted file will look totally different than the original file. Attempts to delete Volume Shadow Copy Service (VSS) backups can also be indicative of ransomware. All these signals together can be used to detect ransomware, but attackers can still try to hide, for example, by slowing down file encryption and executing it in batches.


Streaming Data From Files Into Multi-Broker Kafka Clusters

Kafka Connect is a tool for streaming data between Apache Kafka and other external systems and the FileSource Connector is one of the connectors to stream data from files and FileSink connector to sink the data from the topic to another file. Similarly, numerous types of connector are available like Kafka Connect JDBC Source connector that imports data from any relational database with a JDBC driver into an Apache Kafka topic. Confluent.io developed numerous connectors for import and export data into Kafka from various sources like HDFS, Amazon S3, Google cloud storage, etc. Connectors belong to commercial as well as Confluent Community License. Please click here to know more about the Confluent Kafka connector. File Source connector to stream or export data into Kafka topic and File Sink connector to import or sink data from the Kafka topic to another file. The file that receives the data continuously from the topic can be considered as a consumer. These two connectors are part of the Open Source Apache Kafka ecosystem and do not require any separate installation.


Legacy security architectures threaten to disrupt remote working

Connecting users often came at the expense of other factors, such as security, performance and management. As most respondents (81%) expect to continue working from home (WFH), 2021 will see enterprises address those other areas, evolving their remote access architectures to protect the remote workforce without compromising on the user experience. Yet securing the remote workforce has proved challenging for IT professionals. Enforcing corporate security policies on remote users was the second most common security challenge (58% of respondents) while 57% indicated they lacked the time and resources to implement recognised security best practices. Boosting remote access performance was found to be the most popular use case for 2021, by 47% of respondents. SASE was also an increasing focus for enterprises in post-pandemic 2021, with as many as 91% of respondents expecting SASE to simplify management and security. Half of respondents (52%) said SASE would be very or extremely important to their businesses post-Covid-19 and 91% of respondents expected SASE to simplify management and security. Providing evidence of how SASE is benefiting organisations, Cato found that of those firms that had already adopted SASE, 86% experienced increased security, 70% indicated time savings in management and maintenance...


Companies turning to MSPs as attack vectors get more sophisticated

Security is not the only top driver. Finance leaders chose reduced costs (57%) as their top reason, noting that an MSP is less expensive than hiring talent internally. For e-commerce retailers, increased security (46%) and reduced costs (46%) tied for the top spot. “It’s never been more critical to have an encrypted backup and disaster recovery solution to ensure your business is always up and running. The increased threats to companies and MSPs have never been this severe, and it’s going to continue to get worse,” said Infrascale CEO Russell P. Reeder. “In this ever more challenging landscape, data protection and data recovery are top priorities for MSPs serving clients, especially as attack surfaces expand and attack vectors get more sophisticated,” he continued. The survey further revealed which MSP services are most prominent for each industry. Finance (53%), education (51%), and healthcare (53%) executives all noted that the top service they leverage most with their MSPs is data protection, while manufacturing executives specified a subset of that category, cybersecurity services (58%) — focusing on computer network environments as their top MSP service.


Why CIOs Must Set the Rules for No-Code, Low-Code, Full-Code

A no-code application uses point-and-click visual tools that users drag and drop in order to create an application. No knowledge of coding is needed. This is strictly point-and-click development on a visual user interface that gives access to data, basic logic and data display choices. Best fit: No-code development works when the data and queries the user needs are basic and the tool can integrate with the data sources that have predefined APIs. No-code tools are ideal for rapid turnaround applications that use and report basic information -- like, what are the sales numbers for our air conditioning products this month? The tools are used with transactional data, not with unstructured, big data. Low-code development tools have point-and-click, graphical user interfaces that are similar to those found in no-code tools, only low code also allows developers to add pieces of custom code that embellish functions not handled by the low-code platform. Best fit: For applications that must be integrated with other systems and databases, as well as delivering rapid time to market, low-code tools make excellent platforms. Low code also enables non-programming users to collaborate in developing apps with more technical IT programmers.


Tips for a Bulletproof War Room Strategy

In today's environment, especially in larger companies, employee skill sets are getting more technically diverse with stand-alone teams spanning cloud, network, development, automation, and more. As much as these teams may want to work in their own lane, there is no denying that their work directly affects other groups in the organization. When they send updates or find an exploit that threatens their system, it's not just their system that is impacted. It can produce massive consequences across all areas of the business. ... In combat, one of the biggest mistakes that could cause you to lose your position is indecision. In security, when a breach occurs, teams can't afford to disagree. War rooms are built to enable quick decision-making by empowering need-to-know decision-makers with the authority needed to respond rapidly. An effective war room brings together the right people and the right information so that the right decisions can be quickly made. ... In another, you can elevate that war room into an actual live incident or bring together a group of senior management to plan out the risk posture for the foreseeable future, whether that's the next quarter, the next year, or maybe for a large upcoming event where they want to plan for attack possibilities.


Microsoft Taking Additional Steps to Address Zerologon Flaw

Some security experts say Microsoft is taking the right step to ensure that customers' networks remain safe even if they haven't applied the patch. "Microsoft seems to expect that patching all devices out there will take a substantial amount of time, so it takes this backup approach to mitigate the risk for its customers," says Dirk Schrader, global vice president at security firm New Net Technologies. "The difficulty for those customers, given the pandemic situation of working from home, is to find and patch all vulnerable devices. It is time to scan and check all devices, monitor them for unwanted changes, to find and patch as quickly as possible." Jigar Shah, vice president of security firm Valtix, notes that Active Directory remains important to companies that rely on cloud platforms, such as Azure. So, they want to be assured that their infrastructure is secure even if that requires Microsoft to force the issue. "Active Directory domain controllers are still fundamental to enterprise apps in public clouds," Shah says. "And the battle is to continuously and automatically do virtual patching until software vendors roll out patches that can be deployed, something that often takes weeks and months..."


Study: Cloud transformation necessary for digital transformation

Cloud migration is a necessary step for digital transformation, which is proceeding faster than planned at many enterprises because of the COVID-19 pandemic, according to research from Cloud Industry Forum (CIF), a cloud computing organization based in the United Kingdom. The cloud is an important steppingstone for getting off legacy on-prem technologies and outfitting today's more flexible, remote workforce. Supporting a remote workforce requires a digital transformation, and to do that, companies need the cloud – public, private, or hybrid. CIF found that in many sectors, remaining productive during lockdown depended on their cloud-readiness. Migrating to the cloud has delivered results for more than 90% of organizations during the past year, according to the CIF research. In addition, 91% of decision makers said that cloud formed an important part of their digital transformation, with 40% saying the role of the cloud was crucial. COVID-19 has been a significant driver. A majority of organizations (69%) have sped up their as digital transformation plans in some way as a result of the pandemic, according to the research. "On the whole, organizations did a commendable job of adapting in the face of an unprecedented situation; it is safe to say that many have been pleasantly surprised at how successful the shift to remote working has been. 


Digital Transformation: How Leaders Can Stand Out

Enterprise CIOs are contending with the impact of COVID-19 on their IT priorities and tech spending. In order to prioritize what is indispensable, there should be a strong focus on embracing technology that puts the bottom line first. There’s a huge opportunity to streamline repetitive, time-consuming tasks across departments, from marketing to sales and customer service, freeing up time and shortening feedback loops. Traditional digital transformation initiatives often overlook the edges of the business where employees are stuck relying on manual processes, spreadsheet solutions and outdated legacy systems for business workflows. Organizations have to be able to solve for changes quickly, whenever they may come up, from anywhere in the business. Having digital tools in place that allow for automation and enhanced processes are crucial not only for saving time and money, but also for providing real-time insights and opportunities to change to quickly adapt to meet customer demands, employees and overall disruption. The shortage of software developer talent is well-documented, and IT departments are overwhelmed without the support they desperately need.


2021 Trends in Blockchain: Mainstream Adoption at Last

The most emergent Blockchain trend of the year is the motion towards solving its scalability issues via the cloud. There are plentiful cryptocurrency use cases in which the notion of scale—both horizontal and vertical, reflecting mounting numbers of users and data—induces considerable latency, almost derailing this technology’s value. A practical solution to this necessity stemming from blockchain’s decentralized consensus approach to transaction validation is employing serverless computing architecture to resolve the latency resulting from the conventional approach, in which “every machine is doing the same work,” Wagner revealed. “If one runs out of space, memory, compute, or network capacity, game over.” However, by relying on serverless architecture to spin up machines on demand, “that serverless implementation lets us recruit hundreds, thousands, even tens of thousands of machines for every individual node of a blockchain,” Wagner explained. This method enables organizations to devote whatever resources they need to validate transactions with these decentralized ledgers, dramatically reducing the latency and downtime otherwise inherent to scaling up.



Quote for the day:

"Make every detail perfect and limit the number of details to perfect." -- Jack Dorsey

Daily Tech Digest - January 19, 2021

Superintelligent AI May Be Impossible to Control; That's the Good News

The researchers suggested that any algorithm that sought to ensure a superintelligent AI cannot harm people had to first simulate the machine’s behavior to predict the potential consequences of its actions. This containment algorithm then would need to halt the supersmart machine if it might indeed do harm. However, the scientists said it was impossible for any containment algorithm to simulate the AI’s behavior and predict with absolute certainty whether its actions might lead to harm. The algorithm could fail to correctly simulate the AI’s behavior or accurately predict the consequences of the AI’s actions and not recognize such failures. “Asimov’s first law of robotics has been proved to be incomputable,” Alfonseca says, “and therefore unfeasible.” We may not even know if we have created a superintelligent machine, the researchers say. This is a consequence of Rice’s theorem, which essentially states that one cannot in general figure anything out about what a computer program might output just by looking at the program, Alfonseca explains. On the other hand, there’s no need to spruce up the guest room for our future robot overlords quite yet. Three important caveats to the research still leave plenty of uncertainty to the group’s predictions.


Rethinking Active Directory security

A change made within on-premises Active Directory by an attacker can provide access to much more than just local resources. An attacker, can for example, make a compromised on-premises user account a member of a Sales group in Active Directory. This group likely would provide access to on-premises systems, applications, and critical data. But because Active Directory often federates with cloud applications via external IDP (e.g., Azure AD), it’s reasonable to assume that this same change in membership could allow access to a cloud-based CRM environment (like Salesforce), customer data (hopefully contained to the breached account, but more likely to the entire organizational data) and other resources. In many cyberattacks it’s more complex than the example above, where it’s necessary to gain elevated privileges via one account only to compromise a second, third, and so on, each time moving from system to system, or – in the case of a hybrid environment – from on-premises to cloud, leveraging access to on-premises Active Directory to specifically target accounts known to have access in the cloud.


The Great Compromise In AI’s Buy Vs Build Dilemma

Building AI in-house presents a variety of benefits. When done right, a built approach can lead to a stable, production-grade AI solution that is perfectly tailored to the specific needs and requirements of an industry or company. Digital natives have shown the impact of building AI from scratch. IBM is a prominent example of a business that has launched successful in-house AI into production. A recent report found IBM’s Watson Assistant AI paid itself back in just 6 months, with a three-year ROI of 337%. For digital adopters however, successfully building and implementing an AI solution in house is easier said than done without access to sizable capital and infrastructure. “When building an AI solution in-house, companies typically hire a team without significantly investing in the foundational elements that are required to stabilize AI in complex and dynamic environments,” suggests Nurit Cohen Inger, VP of Products at AI company BeyondMinds. “This approach, unfortunately, has typically meant a long and costly process to reach ROI positivity or in the worst case, never achieving production. Before developing AI solutions, businesses must heavily invest in solving the barriers that hold them back from turning proof of concepts into successful solutions in production.”


Training from the Back of the Room and Systems Thinking in Kanban Workshops

It’s very tempting to put everything you know on a training agenda, especially when you, as a trainer, feel that you have to know everything and constantly impress the learners. It’s always hard to chop workshop content into the bare minimum, especially when you have a lot of knowledge, experience, and fun stories to share. But if you are aiming for deep understanding and a lot of practice, less content translates into more value. Overloading groups with new information may lead to chaos during your class. They will struggle to understand which new tool or technique they should use first. In the end, they may just quit before they even start. ... Training From the Back of the Room (TBR) is a fresh approach to learning, training, presenting and facilitating that was developed by Sharon Bowman. It uses cognitive neuroscience and brain-based learning techniques to help learners to retain new information. TBR teaches you how to engage the five senses and keeps your learners active and engaged throughout the class. The concept is recognized internationally as one of the most effective frameworks for accelerated learning. It is a new way of teaching adults.


How COVID-19 accelerated a digital revolution in the insurance industry

The pandemic reminded us that we’re human. This experience has taught us compassion, grace, and the importance of both the health and wellbeing of ourselves and our families. COVID-19 has fundamentally reshaped the way we view protection products. In fact, two thirds (66%) of Americans say they now better understand life insurance’s value, with another quarter buying coverage for the first time. Awareness around the role of employers in providing access to these products has also increased. In a recent LIMRA study, one in four employees said they are more likely to sign up for certain benefits available through their employer. Along with this heightened awareness of our mortality and morbidity comes the realization that we thrive on human interaction. We can’t take a digital-only approach. Bringing emotion—positive emotion and empathy—to the experience and every interaction we have with customers will help us get farther, faster. As we continue to invest in technology across the insurance industry, we need to look for ways to make digital and human experiences work together for customers, employers, and financial professionals. Many of our customers tell us they don’t understand insurance products and they don’t know where to start educating themselves. 


7 Blindspots You Need to Uncover to Achieve Digital Banking Breakthrough

To explain the way that the “experience gap” might cause trouble, I'd like to share a real-life example. Several years ago a quite known and respectable Central European bank embarked on a voluminous digital transformation journey. The bank's application had a rating of 3.5 and was outdated. In order to digitalize, improve the bank's image and the competitive chances in the growing digital market, the management intended to urgently create and launch a modern looking banking application. Therefore, the initial design and development period was 6 months. Nevertheless, the bank spent three times as much time building the new application by themselves: 1 year and 8 months. This was a serious project not only in terms of time but also the budget invested. Judging by the scope of the project, the improvements made and the timeline, the overall costs could be estimated at around half a million. However, the result did not live up to expectations at all. After the new application was released it decreased to 2.4 from the previous 3.5 and has kept dropping even a year after its first release as it did not improve, but significantly worsened the customer experience.


Riding out the wave of disruption

Disruption is not necessarily the crisis it’s frequently considered to be for incumbents, the researchers stress. Two technologies can often coexist in the marketplace for a significant period. Thus, it’s important for incumbent companies not to overreact. They should target dual users and reexamine the factors that have led to the old technology sticking around for so long. Of course, the profit implications of cannibalization of the old technology and leapfrogging depend on which type of firm is trumpeting the new technology. New entrants will always stand to gain when they introduce a technology that takes off. But incumbents rolling out a successive technology will also gain if their competitors would have introduced it anyway or if the 2.0 version has a higher profit margin than the original. The authors write, “Leapfroggers are an opportunity loss for incumbents, but switchers are a real loss.” Regardless of the predictive model they use, marketers should strive to understand how the various consumer segments identified in this study will grow or shrink over time and use that information in their forecasts of early sales or market penetration of successive technologies.


Understanding the AI alignment problem

What’s worse is that machine learning models can’t tell right from wrong and make moral decisions. Whatever problem exists in a machine learning model’s training data will be reflected in the model’s behavior, often in nuanced and inconspicuous ways. For instance, in 2018, Amazon shut down a machine learning tool used in making hiring decisions because its decisions were biased against women. Obviously, none of the AI’s creators wanted the model to select candidates based on their gender. In this case, the model, which was trained on the company’s historical hiring data, reflected problems within Amazon itself. This is just one of the several cases where a machine learning model has picked up biases that existed in its training data and amplified them in its own unique ways. It is also a warning against trusting machine learning models that are trained on data we blindly collect from our own past behavior. “Modeling the world as it is is one thing. But as soon as you begin using that model, you are changing the world, in ways large and small. There is a broad assumption underlying many machine-learning models that the model itself will not change the reality it’s modeling. In almost all cases, this is false,” Christian writes.


Fixing the cracks in public sector digital infrastructure

First, there needs to be a government-wide, comprehensive digital skills strategy. One survey of industry professionals found that 40% of public sector organisations did not have the right skills to carry out digital transformation. Every member of the workforce needs to be able to perform basic tasks online. But to press forward with digital transformation, the government needs to champion digital leadership in the public sector – and that includes paying properly for those skills. The Government Digital Service recently advertised for a head of technology and architecture with a maximum salary of £70,887 a year. According to Google Jobs, typical pay for this type of work ranges from £65,000 to £180,000 in the private sector. This puts the public sector at a unique disadvantage and pay scales should be reviewed. ... Second, the Cabinet Office needs to address the gap between guidance and action on the ground. Out-of-date technology is widespread in some areas of the public sector, despite there being a large volume of information from central government on maintaining and updating digital infrastructure. Legacy IT has been holding digital public services back for years and will continue to do so unless there is a cross-government push to drive this forward.


Emotion Detection in Tech: It’s Complicated

Emotion detection would be a lot easier if humans expressed themselves in homogenous ways. However, cultural backgrounds and unique life experiences influence personal expression. Michelle Niedziela, VP of research and innovation at market research firm HCD Research, said advertisers and their agencies can get overly excited about the "happy" responses an ad drives when the response may have been a natural reflex. "If I smile at you, you innately smile back. So, one thing is are they really feeling happy or just projecting happy?" said Niedziela. "But also, how big does a smile have to be in order to be interpreted as happy?" Even cheap camera sensors are improving, but some of them may not be able to detect subtle nuances in facial geometry or provide the same degree of reliability among individuals who represent different races. Also, things that change an individual's appearance like hats, bangs or facial hair can negatively impact the accuracy of emotion sensing. "In my mind, the two biggest challenges are hardware quality and the models," said Capgemini's Simion. "You need to be very careful when you're talking about emotionality is the dataset you're going to use because if you're just going to call normal APIs from the cloud providers, that's not going to help much."



Quote for the day:

"To do great things is difficult; but to command great things is more difficult." -- Friedrich Nietzsche

Daily Tech Digest - January 18, 2021

Go back to the office? Some employees would rather quit

It's been difficult to get a good read on what the prevailing attitude is towards working from home since traditional workplaces shut in the early months of 2020. While the consensus largely appears to be that employees relish the flexibility and (subjective) comfort that working from home provides, this is at odds with the mental health spectre that has loomed over the COVID-19 crisis, with countless reports and statistics highlighting the toll that working in insolation has on wellbeing. This is captured in LiveCareer's survey. Despite 81% of employees saying they enjoyed working remotely, and 61% expressing a desire to continue working in a remote capacity after the pandemic is over, only 45% of those polled said that telecommuting had not taken a toll on their mental wellbeing. Clearly, the ideal situation is about balance: employees want the option to work remotely, while also having a shared workspace that they can use when needed. One major factor employers need to address to make the return to office life more appealing is safety. With many companies still trying to figure out how they can reconfigure or otherwise re-think their real estate investments to suit a new hybrid workforce, ensuring workplaces are safe should top the agenda.


AVIF Image Format: The Next-Gen Compression Codec

AVIF, or AV Image Format, is an open-source and royalty-free image format based on the AV1 codec, and ,similar to AV1, AVIF provides a very high compression rate. The fact that it's royalty-free makes it stand out from the competition. Leveraging the power of AV1 has proven beneficial for AVIF, in both processing time and its ability to handle hardware issues. Before we further discuss the advantages of AVIF, be advised that AVIF saves pictures in AVIF image format, which is relatively new and still not widely adopted. On top of this, it's using a reasonably new algorithm. So there may be a possibility that it’s not best for all use cases right now. ... The idea behind designing AV1 was to transmit video over the internet. With a better compression rate for video, AVI reduced the number of overall bits. This allows the AV1 codec to provide multiple coding techniques that gives developers some freedom when writing their code. If you wonder why we brought this concept of video compression technique into an image compression post, its because videos and image codecs share similarities in the nature of their data. The AV1 codec has proved very advantageous for the internet by saving bandwidth, which MPEG could not do, although JPEG XR was still in the race but not as effective as AV1.


Love in the time of algorithms: would you let your artificial intelligence choose your partner?

Another problematic consequence may be rising numbers of socially reclusive people who substitute technology for real human interaction. In Japan, this phenomenon (called “hikikomori”) is quite prevalent. At the same time, Japan has also experienced a severe decline in birth rates for decades. The National Institute of Population and Social Security Research predicts the population will fall from 127 million to about 88 million by 2065. Concerned by the declining birth rate, the Japanese government last month announced it would pour two billion yen (about A$25,000,000) into an AI-based matchmaking system. The debate on digital and robotic “love” is highly polarised, much like most major debates in the history of technology. Usually, consensus is reached somewhere in the middle. But in this debate, it seems the technology is advancing faster than we are approaching a consensus. Generally, the most constructive relationship a person can have with technology is one in which the person is in control, and the technology helps enhance their experiences. For technology to be in control is dehumanising.


How Teams Can Overcome the Security Challenges of Agile Web App Development

Managing company secrets in an agile environment means CISOs need to rethink the scalability of their current security solutions. With rapidly changing codebases, it’s essential that enterprises use security tools that support agile development and also extend to other platforms that devops teams might use. Akeyless is a versatile security tool that fragments encryption keys and provides a high degree of data security. It supports agile release environments and can be scaled to different platforms as needed. One of the reasons I like implementing this solution when consulting for app companies is how easily I can integrate it with all the major development platforms through plugins, ensuring that in-house departments and subcontractors alike can securely manage access to sandbox servers and databases, without interrupting their workflows. Beyond governance concerns, in my experience, compliance and audit teams generally stand to gain a great deal by learning about how automation can help them achieve their goals, along with how their protocols can improve with automation. On the other hand, complete automation might not be possible in every area. 


Multiple backdoors and vulnerabilities discovered in FiberHome routers

FTTH ONT stands for Fiber-to-the-Home Optical Network Terminal. These are special devices fitted at the end of optical fiber cables. Their role is to convert optical signals sent via fiber optics cables into classic Ethernet or wireless (WiFi) connections. FTTH ONT routers are usually installed in apartment buildings or inside the homes or businesses that opt for gigabit-type subscriptions. In a report published last week, security researcher Pierre Kim said he identified a large collection of security issues with FiberHome HG6245D and FiberHome RP2602, two FTTH ONT router models developed by Chinese company FiberHome Networks. The report describes both positive and negative issues with the two router models and their firmware. ... Furthermore, the Telnet management feature, which is often abused by botnets, is also disabled by default. However, Kim says that FiberHome engineers have apparently failed to activate these same protections for the routers' IPv6 interface. Kim notes that the device firewall is only active on the IPv4 interface and not on IPv6, allowing threat actors direct access to all of the router's internal services, as long as they know the IPv6 address to access the device.


How do I select a fraud detection solution for my business?

From strictly rules based to fully black box. The former gives you complete control but can be cumbersome and relies on a knowledgeable in house fraud team. The other end is perfect for extreme transaction volumes but offers little explanability. Fortunately, there is a middle ground with whitebox, supervised machine learning- you get the best of both worlds- granular rule based with machine learning making connections between disparate and complex data points. Fraud detection technologies should fit your business, not the other way around. Fraudsters evolve and find ingenious workarounds to most point solutions. Modern fraud detection is a “net” approach where the latest cutting edge tools are used in combination to make it very, very hard for a fraudster to fool them all. Results are very hard to predict. Try and select fraud technologies that allow you to test and show proof of value with no commitment, free trial periods. Modern, effective fraud tech should follow the best SAAS products where you see actual pricing, monthly contracts and free trials. Product value and risk should rest solely on the fraud detection partner.


The AI Incident Database wants to improve the safety of machine learning

“The goal of the AIID is to prevent intelligent systems from causing harm, or at least reduce their likelihood and severity,” McGregor says. McGregor points out that the behavior of traditional software is usually well understood, but modern machine learning systems cannot be completely described or exhaustively tested. Machine learning derives its behavior from its training data, and therefore, its behavior has the capacity to change in unintended ways as the underlying data changes over time. “These factors, combined with deep learning systems capability to enter into the unstructured world we inhabit means malfunctions are more likely, more complicated, and more dangerous,” McGregor says. Today, we have deep learning systems that can recognize objects and people in images, process audio data, and extract information from millions of text documents, in ways that were impossible with traditional, rule-based software, which expect data to be neatly structured in tabular format. This has enabled applying AI to the physical world, such as self-driving cars, security cameras, hospitals, and voice-enabled assistants. And all these new areas create new vectors for failure.


Chatbot Gone Awry Starts Conversations About AI Ethics in South Korea

Luda came under the national spotlight when it was reported that users were training Luda to spew hate speech against women, sexual minorities, foreigners, and people with disabilities. Screengrabs show Luda saying, “they give me the creeps, and it’s repulsive” or “they look disgusting,” when asked about “lesbians” and “black people,” respectively. Further, it was discovered that groups of users in certain online communities were training Luda to respond to sexual commands, which provoked intense discussions about sexual harassment in a society that already grapples with gender issues. Accusations of personal data mishandling by ScatterLab emerged as Luda continued to draw nationwide attention. Users of Science of Love have complained that they were not aware that their private conversations would be used in this manner, and it was also shown that Luda was responding with random names, addresses, and bank account numbers from the dataset. ScatterLab had even uploaded a training model of Luda on GitHub, which included data that exposed personal information. Users of Science of Love are preparing for a class-action lawsuit against ScatterLab, and the Personal Information Protection Commission, a government watchdog, opened an investigation on ScatterLab to determine whether it violated the Personal Information Protection Act.


Digital transformation: it has never been more relevant for businesses

As it’s not necessarily a tangible metric, it can be hard to measure the return on investment (ROI) of the transformation journey and its success. However, numerous considerations can help determine what the ROI is. Firstly, setting out objectives for transformation – it could be to improve the customer experience, the company’s infrastructure or staff productivity, for example. Secondly, outlining the costs of implementing the transformation strategy is essential – as is knowing what the outcomes of that financial outlay are. This will provide a reference point and clear performance indicators when measuring ROI. Of course, setting realistic goals is important in the first place; stage one of the journey, discovering and assessing, should provide guidance on setting achievable targets. And when implementing new systems, there are different metrics that can be detailed in order to measure their success. For instance, if trying to improve end user experience, tackling common pain points experienced by external parties such as slow load times and application response will help reach the overall goal. If IT systems offer a rapid response, end users won’t feel frustrated by the operating system.


Do you really want a CEO to be a role model?

It’s likely that the effectiveness of role models is rooted in mirror neurons, specialized cells that are located in several areas of the human brain. They were first identified about 30 years ago when neuroscientists who had implanted electrodes in monkeys to study how their brains generated hand movements suddenly realized that the same neurons were firing when the monkeys ate and when the monkeys watched the scientists eat. Since then, some researchers have come to see mirror neurons as the biological mechanism through which humans unconsciously copy the behaviors of others. That conclusion would lend scientific credence to the advice that Sutton got from his dad: Being a jerk can be contagious. The work of sociologist Robert K. Merton offers a clue to avoiding an infection of negative behaviors. Merton made a distinction between role models (a term he coined in the 1950s) and reference individuals. He said that when a person emulates a reference individual, he or she copies that person’s good and bad behavioral traits and values without discrimination. But when a person emulates a role model, the focus is on a more limited segment of behaviors and values. This suggests that you can act like Elon Musk, the entrepreneurial innovator, without becoming Musk, the blurting tweeter.



Quote for the day:

"If one oversteps the bounds of moderation, the greatest pleasures cease to please." -- Epictetus

Daily Tech Digest - January 17, 2021

‘Augmented creativity’: How AI can accelerate human invention

What we’re witnessing is the emergence of something called “augmented creativity,” in which humans use AI to help them understand the deluge of data. Early prototypes highlight the important role humans can, and should, play in making sense of the suggestions proposed by the AI. OpenAI attempted to replicate this approach with the release of a music-making tool called Jukebox. While the achievement is significant from a technological perspective, the results are unlikely to threaten the livelihoods of human musicians. Various projects have also attempted to produce new and enticing recipes by using AI to mine food composition databases and concoct interesting combinations. For instance, Google researcher Sara Robinson recently showcased her system that produced a cake-cookie hybrid. Accenture researchers prototyped a similar recipe creation tool at their Dock facility in Dublin, but with stomach-churning results. Most of these approaches utilize huge datasets that AI mines to look for well-established yet previously untapped connections. By using general adversarial networks (GANs), the next-generation models are capable of coming up with ideas without requiring access to the underlying logic.


Enterprise Architecture and Risk Management for banks: Aligned?

What does enterprise architecture mean for RMiT? Chief Architect of of ATD Solution, Aaron Tan Dani, opined that enterprise architecture is important to respond fast and to understand the impact of any action taken. One of the outcomes of enterprise architecture is a digital enterprise map, a visual of all the applications in the organisation’s IT environment and how they map back to hardware, network, data, and ultimately to the objectives of the business. There is proper and thorough traceability between each architecture domains (Business, Data, Application and Technology), and troubleshooting of the entire enterprise can be made, allowing strategic business decisions to be made in an agile way. This Digital Enterprise Map is constructed collaboratively with effort from every department and business unit across the enterprise, enabling a single view of the connected organisation.  In a way, this map can also help organisations to address these questions: Are you able to define your technology initiatives from a business perspective? Are you able to model the strategy and provide the traceability on its execution? Are you able to map the business strategies, objectives and goals to the different capabilities/elements in the enterprise?


UK government needs a digital reboot

Over the last six months, the Commission on Smart Government has undertaken extensive work in this domain to identify the major barriers to better digital government. We have identified a number of areas in which action should be taken to reduce barriers and build capability in this area. Many of the 60 recommendations the Commission makes in this area focus on reforms around governance and leadership, without which we will never see digital and technology matters viewed consistently alongside other top-tier issues. Creating more effective, cross-departmental digital oversight, while allowing for greater autonomy outside of Whitehall, forms the basis of many of our recommendations – and that is why the latest organisational announcements are so welcome. It will be vital, however, that the CDO role is empowered so far as is possible – and should serve as the prime minister’s chief technology adviser – and that chief digital roles exist in every department to ensure no policy area is left behind and that each has a vision for a digitally enabled future. This will see a requirement both for more dedicated technologists in government as well as better digital skills among those responsible for overseeing larger digital projects or local services.


Banks need to strike the right balance for digital transformation

Banks have increasingly understood they need outside help to execute their digital transformation agenda. “Banks usually have very rigid systems and procedures,” says Fei. “For instance, if you want to launch a new product you have to follow the process, and it takes at least six months. In the age of digitalization, this doesn’t work, as customers want things immediately. This has put huge pressure on these financial institutions to build agile operations and systems to be able to respond to the needs of their customers.” But the number of tech companies pushing into financial services can be overwhelming and not all of them have domain expertise, which can lead to misguided attempts to apply new technologies everywhere. Without experience of financial services, tech companies may also underestimate the trade-offs involved in deploying certain digital tools. OneConnect combines expertise in digital technology with deep knowledge of banking. Fei, who has past experience working at HSBC China and Bank of Langfang, a Chinese commercial bank, describes one partnership with a Chinese national bank to reimagine its customer service center as an illustration of why banking experience matters in digital reform.


Deep learning sharpens near-infrared images for cancer diagnostics

Fluorescence imaging is a valuable method for examining biological systems. To achieve the maximum tissue penetration depth and minimum light scattering, detecting near-infrared (NIR) fluorescence in the long-wavelength end of the second NIR window (1500–1700 nm), known as NIR-IIb, provides the best results. Unfortunately, NIR-IIb imaging relies on nanoparticle fluorescent probes that often contain toxic elements, hindering its clinical translation. Biocompatible small-molecule NIR fluorescent probes do exist. Indocyanine green (ICG), for example, is approved by the US Food and Drug Administration and has already been used for clinical applications. Such small-molecule fluorophores, however, emit in the shorter-wavelength NIR-I and NIR-IIa windows (700–1000 and 1000–1300 nm). And light scattering at these wavelengths limits the imaging depth and causes low contrast images. To achieve high image contrast and clarity while using biocompatible probes, Zhuoran Ma, his PhD adviser Hongjie Dai, and colleagues at Stanford University turned to deep learning. Using roughly 2800 in vivo images of mice taken in the NIR-IIa and NIR-IIb windows, they trained artificial neural networks to transform blurred NIR-IIa fluorescence images into higher-resolution images previously only achievable using NIR-IIb.


Deep learning doesn’t need to be a black box

Deep learning models are usually trained on a single data set of annotated examples. Concept whitening introduces a second data set that contains examples of the concepts. These concepts are related to the AI model’s main task. For instance, if your deep learning model detects bedrooms, relevant concepts would include bed, fridge, lamp, window, door, etc. “The representative samples can be chosen manually, as they might constitute our definition of interpretability,” Chen says. “Machine learning practitioners may collect these samples by any means to create their own concept datasets suitable for their application. For example, one can ask doctors to select representative X-ray images to define medical concepts.” With concept whitening, the deep learning model goes through two parallel training cycles. While the neural network tunes its overall parameters to represent the classes in the main task, concept whitening adjusts specific neurons in each layer to align them with the classes included in the concept data set. The result is a disentangled latent space, where concepts are neatly separated in each layer and the activation of neurons correspond with their respective concepts.


Blockchain Beyond Bitcoin: Transforming FinTech, Healthcare, And More

One would be hard-pressed to find a use case in financial services that wouldn’t benefit from blockchain, save for in-person payments given the single-digit TPS (transactions per second) vs the modern payment rails that operate in the tens of thousands of TPS. Trade finance, asset management, capital markets, banking and lending, insurance, etc. all would realize increased privacy, accuracy, and security from the distributed, immutable ledger technology. On cross-border settlement transactions alone, a report by Jupiter Research shows that blockchain deployments will enable banks to save up to $27 billion by the end of 2030, reducing costs by more than 11%. Financial institutions acknowledge that Blockchain technology will save billions of dollars for banks and major financial institutions over the next decade. Payments is a category on which blockchain efforts are concentrated. This is an obvious conclusion, being that on the blockchain, AP/AR is easily tracked and verified, duplications are virtually impossible, and smart contracts can automate the process based on agreed-upon terms. However, cryptocurrencies have proven too volatile and slow to be an adequate payment solution in most cases.


Answers to the Most Common Questions about Enterprise Architecture

The importance of enterprise architecture will depend a lot on what the organization does with their EA. Orbus have found as many as 28 different use cases for iServer across our customer base, and even that figure is not likely to encompass every activity. Some enterprises may simply use their enterprise architecture to reduce IT costs, but for others it can have transformative impacts. In fact, the prime use of enterprise architecture is to drive digital transformation. Planning changes over short and long periods, predicting the impacts of changes, gathering stakeholder views, and executing change are all possible through the correct application of EA. In general, EA will make firms more agile, able to react quickly to external events and deal with shocks. Indeed, perhaps the best reason to have enterprise architecture has been revealed through the coronavirus, which has forced huge changes in the ways that organizations do business in rapid time. Those firms that could very quickly pivot to working from home and e-commerce were left in much better shape than others. Within the field of Enterprise Architecture are a host of sub architectures that represent different parts of the organization.


Tech partnership to drive Finland’s quantum computing project

Micronova, a national research and development infrastructure resource operated jointly by VTT and Aalto University, will provide the clean room environment to build the quantum computer and associated components at a dedicated facility at Espoo, southwest of Helsinki. The build will use Micronova’s specialised input and micro- and nanotechnology expertise to guide the project. The project marks the latest phase in cooperation between VTT and Aalto University. The two partners are also involved in a joint venture to develop a new detector for measuring energy quana. As measuring the energy of qubits lies at the core of how quantum computers operate, the detector project has the potential to become a game-changer in quantum technology. IQM’s collaborative role with VTT emerged following an international public tender process. All partners expect to see robust advances in the quantum computing project in 2021, said Jan Goetz, CEO of IQM. “This project is extremely prestigious for us,” said Goetz. “We will be collaborating with leading experts from VTT, so this brings a great opportunity to work together in ways that help build the future of quantum technologies.”


Data Governance for the Multi-Public Cloud: Top 10 AWS Best Practices

Start with building policies and write them into code, or scripts that can be executed. This requires compliance and cloud security experts working together to build a framework for your complex business. You cannot start from scratch as it will be error-prone and will take too long. Try to invest in some Cloud security tools then build your process and policies to run at scale to meet and exceed compliance and governance. ... Visibility means not only understand your inventory of assets which changes by the minute but at the same time understand the risk ratings for each asset and prioritize the remediation accordingly. Again, you will need to invest in some commercial tools that can provide the above. Risk analysis and constantly monitoring security policies to see if they are being enforced is not a simple task with home built scripts. ... Now, either you build all the integrations into all these tools or invest in some third-party tools. At some point, you need to comprehend the “Holistic” view of security or context around specific alert so that you can prioritize things, or else it will be lots of noise. Note none of the cloud vendors offer any holistic risk management tools.



Quote for the day:

"Integrity is the soul of leadership! Trust is the engine of leadership!" -- Amine A. Ayad

Daily Tech Digest - January 16, 2021

How next-gen cloud SIEM tools can offer critical visibility for effective threat hunting

Organizations must adopt a new cloud-centric mentality, supported by a combination of new security solutions ready to handle the high volume and velocity of data flowing across cloud environments. Organizations must focus on tools such as Next-Gen SIEM, cloud-focused tools such as cloud access security broker (CASB) and cloud security posture management (CSPM), and modern consolidated network and security services such as secure access service edge (SASE), which all enable modern security architecture approaches. These scalable tools include license models not based on the volume of data ingested but other variables, such as number of users monitored. CSPM and CASB can help users adopt new policy enforcement practices, helping organizations to navigate complex security settings and services from public cloud providers and cover any gaps in visibility from the multiple IaaS, PaaS and SaaS services adopted. Additionally, where users are operating off of personal devices and accessing cooperate resources, SASE offerings help transition controls such as secure web gateways to a cloud-based model from anywhere in the world. Companies no longer need to debate losing visibility for a better price or improved network resiliency.


Five emerging fraud threats facing businesses in 2021

Synthetic identity fraud – when a fraudster uses a combination of real and fake information to create an entirely new identity – is currently the fastest growing type of financial crime. The progressive uptick in synthetic identity fraud is likely due to multiple factors, including data breaches, dark web data access and the competitive lending landscape. As methods for fraud detection continue to mature, fraudsters are expected to use fake faces for biometric verification. These “Frankenstein faces” will use AI to combine facial characteristics from different people to form a new identity, creating a challenge for businesses relying on facial recognition technology as a significant part of their fraud prevention strategy. ... Once the stimulus fraud attacks run their course, it is predicted that hackers will increasingly turn to automated methods, including script creation (using fraudulent information to automate account creation) and credential stuffing (using stolen data from a breach to take over a user’s other accounts) to make cyberattacks and account takeovers easier and more scalable than ever before.


A guide to being an ethical online investigator

It’s not just legal issues that would-be amateur online investigators need to be aware of. Much of the online activity carried out in the wake of the Capitol riots raises ethical questions, too. Should a person who didn’t storm the Capitol but attended the rallies leading up to the riots be identified and risk punishment at work? Do those who were in and around the Capitol on January 6 automatically lose the right to privacy even if they weren’t involved in riots? It’s worth thinking through how you feel about some of these questions before you continue. Few are clear cut. So, where does the information come from? “Our bread and butter is open source,” Fiorella says. “Open-source media” refers to information that is publicly available for use. Data archivists, or those who collect and preserve information online for historical purposes, accessed such open-source data to save posts before they disappeared as social media companies pushed President Donald Trump and many of his supporters off their platforms. “If you were at the Capitol storming and recorded video and took selfies that anyone can access, and it’s openly available on the internet, it’s fair game,” says Fiorella.


Top Five Artificial Intelligence Predictions For 2021

Though regulation hasn’t reached a boiling point yet, AI governance will continue to be a hot topic in 2021. As AI becomes more pervasive, more and more stakeholders are waking up to the potential problems it introduces to the public. In response, organizations everywhere — from the most cutting-edge to the laggards — will be expected to deliver AI systems that are responsible, transparent, and unbiased. But whose responsibility is it to make sure this happens and regulates AI – the government, businesses, industry groups, or some combination? If businesses want to regulate themselves before the government does, they will have to take steps to ensure the data that feeds their AI is fair and unbiased, and that their models are empathetic, transparent, and robust. ... With several big consumer brands in the hot seat around questionable AI ethics, most people still don’t trust AI. For many, it’s because they don’t understand it or even realize they’re using it daily. Consumers are getting so many AI-powered services for free — Facebook, Google, TikTok, etc. — that they don’t understand what they’re personally giving up in return — namely their personal data. As long as the general public continues to be naïve, they won’t be able to anticipate the dangers AI can introduce or how to protect themselves — unless the market better educates customers or implements regulations to protect them.


Amid WhatsApp privacy concerns, the draft Data Protection Bill comes to mind

Is data property? No, because then it would fall under The Sale of Goods Act. Only if something can be physically sold, rented out or gifted, then it becomes a property. Data is an intimate connection bet­ween the human being and the thing in question. It has tremendous value, hence, there are always people waiting to take it. This was a concern in Puttaswamy vs Union of India where the Supreme Court said: “Aadhaar is a serious invasion into the right to privacy of persons and it has the tendency to lead to a surveillance state where each individual can be kept under surveillance by creating his/her life profile and movement as well on his/her use of Aadhaar.” ... Not everything is clear yet. The consent conundrum remains. With the age of majority being 18, all contracts under this age are said to have no value. Yet, when a child clicks “I agree”, it technically becomes a contract. Children often lie and say they are 18 and/or claim to have parental consent. Of course, it can have positive outcomes too. The Justice gave an anecdote of his grandson being aware of advanced mathematical concepts thanks to one Khan Academy. Consent should be given in a manner which is understood.


Can Cloud Revolutionize Business and Software Architecture?

The physics behind software development changed completely in the past two to five years, Ahlawat said, with the growth of hybrid, multicloud, and edge. “Eighty percent of enterprises today have workloads that span multiple clouds and two out of three of them are using multiple clouds for many strategic reasons,” he said. That means applications in today’s environment can span data centers and clouds as well as go to the edge. Tied to this trend is the evolution of connected devices and the Internet of Things, Ahlawat said. “Up until a few years ago, there was still a question whether IoT was hype,” he said. “Today we have 20 billion connected devices generating about 50 zettabytes of data a year.” Use cases on this front, Ahlawat said, include connected homes and smart cities, which still have room to grow to become mainstream. The further development of data and AI also affects software development, he said. “Of all the data generated ever, 90% of that was generated in the last two years,” Ahlawat said. “When we talk with large software companies and enterprises, data and AI are central to their strategies.” This is unlocking transformative use cases such as autonomous cars and medical imaging, he said.


'Scam-as-a-Service' Scheme Spreads

The fraudsters are posting fake online classified advertisements for products to dupe interested buyers into visiting phishing pages, where their personal and payment data is harvested, according to Group-IB. Although the operation started in Russia two years ago, by early 2020, it had expanded to include 40 subgroups that have focused on targets in the U.S. and Europe, the new research report says. Brands spoofed by the cybercriminal gang include French marketplace Leboncoin, the Polish online brand Allegro, the Czech website Sbazar and Romania's FAN Courier site. The report also notes the group has expanded its operations in the U.S. and Bulgaria by mimicking FedEx and DHL Express. ... The hackers have set up several Telegram chatbots for automated management and expansion of the scheme, the report notes. These bots are designed to provide scammers with ready-to-use pages mimicking popular classified advertising, marketplace and phishing URLs. "Classiscam chatbots, where fake pages are generated and profits are reported, are not completely autonomous. They require ongoing technical support and moderation," says Dmitriy Tiunkin, head of the digital risk protection department at Group-IB Europe.  


Successful Malware Incidents Rise as Attackers Shift Tactics

"That shift is really interesting because it starts to show the new reality of the work device truly morphing into a work-and-personal device," Covington says. "When you don't leave the house anymore, the phishing events and social engineering events — the ways that attackers get into organizations — are not just happening in the context of business email anymore." Others have noted the impact of the move to remote work on security. In September, a survey of CIOs found that 76% of the executives were worried that content sprawl put company data at risk. An earlier survey found that about six in 10 workers were using personal devices to work from home, and most of them considered the devices to be secure. Wandera found a similar set of impacts from the move to remote work, with many employees behaving differently. Because workers traveled less, they were about half as likely to use a risky Wi-Fi connection for work. And because personal time and work time blended together, a single device had a greater blend of business and personal applications, says Covington. "Honestly, they were looking to kill time," he says. "The types of apps that we installed on work devices this year, we would not have typically seen installed. A lot of games and a lot of productivity tools."


Drone Technology Extends Reach of Mobile IoT

Drones are typically equipped with two types of software. The software that’s closely coupled with the drone hardware manipulates the drone and the gear to keep it aloft while connecting it back to an operator who controls the drone’s flight path. The second type of software is the application—the programs that enables the drone to complete its specific task and to gather relevant information. Currently, there are no standards for the control or the application software, so a potential purchaser must be aware that the application software usually has to be customized to work with a specific manufacturer’s drone and its basic operating system. As a result, you have to ensure that the software you need can actually run on the drone hardware you intended to acquire. Skydio, for example, markets some applications software, such as Skydio 3D Scan and Skydio House Scan, with its drones, and also partners with third-party drone software makers for other applications. And, of course, a potential user has to confirm that the format of the data that the drone collects and disseminates is consistent with other formats currently used by the data analysis programs already in place. Some integration work may be required.


What analytics can unveil about bot mitigation tactics

Shortcomings have recently come to light about even the most common and accepted bot mitigation technologies. For example, solutions offering CAPTCHA challenges are not only ineffective at detecting and stopping automated attacks, but they often lead to a friction-filled experience, frustrating customers and leading to lower conversion rates. Many online retailers and e-commerce providers will actually forgo implementing security due to fear that this friction will have a negative impact on sales. Bot mitigation approaches that are based on observations from historical and contextual data (e.g., IP addresses and analysis of known behaviors) and then rely on taking steps to block similar behavior can often block IP addresses or stop specific user behavior that might not actually indicate an attack (e.g., late night banking or shopping). These methods trigger poor experiences and have been shown through analysis to not produce the desired mitigation or prevention results. More recently, use of a rules-based architecture to prevent attacks has grown in popularity. Unfortunately, a rules-based solution falls short when faced with advanced AI- and ML- equipped bots that can morph on the spot to evade an organization’s cyber defenses.



Quote for the day:

"When building a team, I always search first for people who love to win. If I can't find any of those, I look for people who hate to lose." -- H. Ross Perot