Daily Tech Digest - March 17, 2021

Using Artificial Intelligence to Generate 3D Holograms in Real-Time on a Smartphone

By learning from each image pair, the tensor network tweaked the parameters of its own calculations, successively enhancing its ability to create holograms. The fully optimized network operated orders of magnitude faster than physics-based calculations. That efficiency surprised the team themselves. “We are amazed at how well it performs,” says Matusik. In mere milliseconds, tensor holography can craft holograms from images with depth information — which is provided by typical computer-generated images and can be calculated from a multicamera setup or LiDAR sensor (both are standard on some new smartphones). This advance paves the way for real-time 3D holography. What’s more, the compact tensor network requires less than 1 MB of memory. “It’s negligible, considering the tens and hundreds of gigabytes available on the latest cell phone,” he says. The research “shows that true 3D holographic displays are practical with only moderate computational requirements,” says Joel Kollin, a principal optical architect at Microsoft who was not involved with the research. He adds that “this paper shows marked improvement in image quality over previous work,” which will “add realism and comfort for the viewer.” 


Why 'Data Scientist' Will Continue To Be 'the Sexiest Job Of the 21st Century'

While demand for data science talent is through the roof, there are not enough skilled professionals available to take on those roles. One primary reason for this is the lack of clarity on the skills required for different roles within the field of data science. Most companies look for individuals possessing certain specialized skill sets rather than the ‘jacks-of-all-trades’. In order to prepare for the best opportunities and avoid getting tagged as a ‘generalist’, one needs to first appreciate the nuances that make these different roles unique. For instance, how is a data scientist different from a data engineer or a data analyst? Contrary to popular perception, these roles are not interchangeable. For instance, a data scientist is one who employs advanced data techniques such as clustering, neural networks, decision trees to help derive business insights. Apart from the requisite coding skills, data scientists typically need to be adept at programming languages such as Java, Python, SQL, R, and SAS. In addition, they require working knowledge of Big Data frameworks such as Hadoop, Spark, and Pig. Data scientists also need to be familiar with new technologies such as deep learning, machine learning, etc.


Containers need standard operating environments too

Even in the world of cloud native and containers, a standard operating environment matters. The set of criteria that should be used to evaluate container base images is quite similar to what we’ve always used for Linux distributions. Evaluate things like security, performance, how long the life cycle is (you need a longer life cycle than you think), how large the ecosystem is, and what organization backs the Linux distribution used. (See also: A Comparison of Linux Container Images.) Start with a consistent base image across your environment. It will make your life easier. Standardizing early in the journey lowers the cost of containerizing applications across an organization. Also, don’t forget about the container host. Choose a host and standardize on it. Preferably, choose the host that matches the standard container image. It will be binary compatible, designed and compiled identically. This will lower cognitive load, complexity of configuration management, and interactions between the application administrators and operations teams responsible for managing the fleet of servers underlying your containers.


Open Source Blockchain Microservices To Help You Build Your Own Blockchain

Like any microservice, the block store and p2p are simple (and easy to understand) programs. What makes these microservices special is that they are the first blockchain-specific microservices ever to be open-sourced. As you can see, we love open-source software development and decentralization but we’ve been saddened to see how many projects that claim to share these values pursue subtle (and not so subtle) ways of ensuring that they maintain control while developing most of their software behind closed doors. As one of the most experienced dApp and blockchain developers in the world, we understand better than most how difficult it can be to develop in the open, especially when you don’t have the right tools. So we’ve been delighted to find that by launching and designing Koinos the right way, we’ve found ourselves in a position where it makes perfect sense to continue developing it in the right way too; out in the open. The modularity of Koinos means that the more chefs that are in the kitchen, the better. We want developers to begin digging into the code as soon as possible and helping to make it into the protocol they truly need, instead of the protocol we believe they need.


Legacy tech integration issues impede telcos’ digitisation ambitions

While only a third of operators worldwide said finding the right talent was hindering their plans for digital development, the majority of such businesses were located in emerging markets such as Latin America, Africa and the Middle East. This, according to the survey, highlighted a pronounced skills gap between developed and emerging markets, with the latter still struggling to find the skills needed to facilitate digitisation. Just under half (46%) stated that cost was the biggest issue to realising transformation ambitions, suggesting that the path to digitisation was desirable and investment is ready. A surprisingly low number of telcos viewed return on investment (ROI) as a barrier, with only two-fifths of respondents expressing concerns that a return might not be easily established. Given that the telecommunications industry is traditionally very ROI-focused, the report authors said this suggested there was a great deal of confidence in the path towards digitisation if the aforementioned barriers could be overcome. In conclusion, the report said the findings implied a phased approach towards digitisation was in the best interests of telcos worldwide to ensure interoperability between technology and services and maintain what was described as a “seamless” customer experience.


The dangers of misusing instant messaging and business collaboration tools

The research shows this challenge is compounded by the amount of time employees spend using messaging and collaboration apps: time spent on tools such as Zoom and Teams has increased by 13% in the US since the start of the pandemic. This means employees are spending, on average, two and a half hours every day on these applications, with 27% of US employees spending more than half the working week on these tools. A significant amount of business is now routinely conducted on these channels and employees are taking agreements as binding. For example, as a result of receiving information over messaging and collaboration tools, almost 24% of US employees have accepted and processed an order, 25% have accepted a reference for a job candidate, and 20% have accepted a signed version of a contract. Sensitive data is being shared on these tools even though 39% of US employees have been reprimanded by bosses. These admonishments may have been in vain, however, as 75% of all US workers say they would continue to share this type of information in the future.


The Rise of the Chief Data Scientist

Right now, organizations are investing heavily in the chief data scientist role. This individual manages a range of data-driven functions, including overseeing data management, creating data strategy, and improving data quality. They also help their organizations extract the most valuable and relevant insights from their data, leveraging data analytics and business intelligence (BI). In this capacity, the chief data scientist has a far deeper understanding of how AI and machine learning (ML) can improve data management than the CTO, who has a broader knowledge base but not the deeper expertise. This is critical as ML has emerged as a key driver in improving data quality and access as navigating the journey from big data ideas to real-world machine learning implementation is a challenging endeavor. In this scenario, the chief data scientist serves as the trusted navigator, understanding that data is the fuel for key initiatives, knowing the non-deterministic risk of developing those capabilities. Moreover, this individual can manage the expectations of C-suite executives, helping them better understand the reality of what ML can accomplish while mitigating the risks associated with data-driven initiatives.


Enterprises Wrestle With Executive Social Media Risk Management

Companies know that their executives are targets. In our digital risk survey, we found that 25% of enterprises cite executives' personal social media as a major risk factor to the company's overall security. And they know that the consequences of an executive cyberattack would be severe. In our poll, 70% of respondents said their company would suffer brand or reputational damage. Half of the respondents predicted potential risk to shareholder value. One in three enterprises are most fearful of impersonation or fake accounts. One in four are most worried about the possibility of an account takeover. However, despite awareness of the threats, the sophistication of executive social media risk management is lagging. ... The new generation of cloud channels is very different. Tools like Twitter and LinkedIn live across multiple devices. They cross between professional and personal spheres. They generate interactions at unprecedented volume and velocity — and out of the box, security teams have no visibility. Today, all executives leverage social media, and they are bombarded by social media cybersecurity threats. Security teams know that banning these tools isn't an option. Why? Because people will use them anyway. 


Ways to Break Gender Gridlock in Cybersecurity Careers

In many ways, cybersecurity roles should be fair game for hiring and promotion because of the importance of code versus gender but that is not always the case in practice. “Behind the screen, in theory, everyone is equal,” she says. “Clearly that is not what is happening.” Guerrieri would like to see more networking among women in cybersecurity to facilitate the creation of support systems to encourage them to remain and thrive in this career path. Some women have seen opportunities in cybersecurity emerge in response to the pandemic, says Sabrina Castiglione, CFO at Tessian, an enterprise email security software provider. Her company recently conducted a survey that included responses from 200 female cybersecurity professionals, 100 in Britain and 100 in the United States. Castiglione says some of the responses showed an increased sense of job surety among women in cybersecurity as the world coped with the COVID-19 pandemic. “In cybersecurity, women are saying they feel more secure or that with the impact of the pandemic, their job security has actually increased,” she says. Of the women respondents to the survey, 49% felt more secure in their jobs, Castiglione says.


Cloud-Native Is about Culture, Not Containers

“What are we actually trying to achieve?” is an incredibly important question. When we're thinking about technology choices and technology styles, we want to be stepping back just from “I'm doing Cloud-native because that's what everybody else is doing” to thinking “what problem am I actually trying to solve?” To be fair to the CNCF, they had this “why” right on the front of their definition of Cloud-native. They said, "Cloud-native is about using microservices to build great products faster." We're not just using microservices because we want to; we're using microservices because they help us build great products faster. ... Cost savings, elasticity, and delivery speed are great, but we get all of that just by being on the Cloud. Why do we need Cloud-native? The reason we need Cloud-native is that a lot of companies found they tried to go to the Cloud and they got electrocuted. It turns out things need to be written differently and managed differently on the cloud. Articulating these differences led to the 12 factors. The 12 factors were a set of mandates for how you should write your Cloud application so that you didn't get electrocuted.



Quote for the day:

"Leadership involves finding a parade and getting in front of it." -- John Naisbitt

Daily Tech Digest - March 16, 2021

Lockdown one year on: what did we learn about remote working?

Securing millions of newly remote workers almost overnight was a huge undertaking. Against the need to keep businesses and essential services running (including public sector bodies like councils), security may not have been the primary considerations. Most organisations have now spent time going back to “plug the gaps”, but there’s no doubt that a proliferation of devices and the increased use of cloud services has left companies more vulnerable. McAfee found a 630% increase in attacks on cloud infrastructure since the start of the pandemic, and in just one month between March and April 2020, IBM recorded a 6,000% increase in phishing attempts. As well as ensuring remote/flexible working policies are up to date, there are a host of tactics companies can employ to address security. This includes mobile device management and endpoint security, strict patch management and complete backing up of the Microsoft 365 environment, which many assume is done automatically by Microsoft, but isn’t, which can result in a catastrophic loss of data. Another security approach is to focus on identity and access management (IAM) to enable single sign-on and smart identity management.


How Financial Institutions Can Deal with Unstructured Data Overload

Emerging big data analytics solutions which leverage machine learning (ML) can parse through data to identify important information. These tools allow financial institutions, particularly investment management firms uncover the crucial business insights that lie within the unstructured data, giving them an immediate competitive advantage over their peers that are not leveraging AI in this way. These analytics tools can uncover new market insights, allowing teams at investment management firms to get a deeper understanding of businesses and industries, allowing them to make better investment and trading decisions. For example, even after an investment management firm has holistically narrowed down the number of news articles necessary to review, there still might be thousands of texts to read through over the course of a month. Adding in an ML solution here would help the portfolio manager identify which stories are most relevant based on the language and nuanced phrasing within the text. It would give each article a relevant scoring, and save the PM the countless hours that they’d have otherwise spent reading through the articles.


Proving who you are online is still a mess. And it's not getting better

For the past two decades, the UK government has looked at ways to enable people to easily and reliably identify themselves, with little success. Unlike in other countries, a national ID card to carry around in your pocket now seems to be firmly off the table; but instead, the concept of creating a "digital identity" is gathering pace. Rather than digging through piles of archived paper-based documents, a digital identity would let people instantly prove certified information about themselves, flashing their credentials, for instance, through an app on their phone. Although the concept is not new, the idea is gaining renewed attention. The Department for Digital, Culture, Media and Sports (DCMS), in fact, recently unveiled plans to create what it called a digital identity "trust framework". The idea? To lay down the ground rules surrounding the development of new technologies that will allow people to prove something about themselves digitally. This could take the form of a digital "wallet", which individuals could keep on their devices and fill with any piece of information, or attributes about themselves that they deem useful. The wallet could includes basic information like name, address or age, but also data from other sources, at the user's own convenience.


UK Set to Boost Cybersecurity Operations

Johnson has said in Parliament that the creation of the NCF is designed to strengthen Britain's cybersecurity posture and give the country new defensive and offensive capabilities. "Our enemies are also operating in increasingly sophisticated ways, including in cyberspace," Johnson says. "Rather than being confined to some distant battlefield, those that seek to do harm to our people can reach them through the mobile phones in their pockets or the computers in their homes. To protect our citizens, U.K. defense therefore needs to operate at all times with leading, cutting-edge technology." Currently, the NCF carries out operations such as interfering with a mobile phone to prevent a terrorist being able to communicate with their contacts; helping to prevent cyberspace from being used as a global platform for serious crimes, including the sexual abuse of children; and keeping U.K. military aircraft safe from targeting by weapons systems. In addition to the NCF, last year the Ministry of Defense created the 13th Signals Regiment, the U.K.'s first dedicated cyber regiment, and expanded the Defence Cyber School. While he acknowledged the benefits of a more cyber-capable military, Cracknell pointed out that, "We don’t have a solid security foundation, and until all businesses and CNI entities are at that level, we are wasting resources by going on the offensive."


DDoS's Evolution Doesn't Require a Security Evolution

The idea of monetizing DDoS attacks dates back to the 1990s. But the rise of DDoS-for-hire services and cryptocurrencies has radically changed things. "It's never been easier for non-specialists to become DDoS extortionists," Dobbins explains. This has led to a sharp uptick in well-organized, prolific, and high-profile DDoS extortion campaigns. Today, cybercrime groups deliver ransom demands in emails that threaten targets with DDoS attacks. Most of these are large attacks above 500 gigabytes per second, and a few top out at 2 terabytes per second. Ransom demands may hit 20 Bitcoin (approximately $1 million). Attacks that revolve around ideological conflicts, geopolitical disputes, personal revenge, and other factors haven't disappeared. But the focus on monetization has led attackers to increasingly target Internet service providers, software-as-a-service firms and hosting/virtual private server/infrastructure providers. This includes wireless and broadband companies. "We've seen the DDoS attacker base both broaden and shift toward an even younger demographic," Dobbins says. According to Neustar's Morales, reflection and amplification attacks continue to be the most prominent because of their inherent anonymity and ability to reach very high bandwidth without requiring a lot of attacking hosts.


Securing a hybrid workforce with log management

When companies shifted to a remote workforce in response to the COVID-19 pandemic, cybercriminals continued to launch attacks. However, they did not target distantly managed corporate networks. Instead, they looked to exploit organizations where workforce members did their jobs on home networks and devices. Because home networks often lack the robust security controls that the enterprise uses, they become attractive gateways for malicious actors. During the COVID-19 lockdowns, cybercriminals increasingly leveraged the Windows Remote Desktop Protocol (RDP) as an attack vector. RDP allows users to connect remotely to servers and workstations via port 3389. However, misconfigured remote access often creates a security risk. There has been a massive increase in RDP attack attempts in 2020. Windows computers with unpatched RDP can be used by malicious actors to move within the network and deposit malicious code (e.g., ransomware). Devices getting infected with malware is a common occurrence when users work outside the corporate network. Since IT departments cannot push software updates through to the devices, security teams need to monitor for potential malware infections. Event logs can detect potentially malicious activity when used correctly.


Cryptophone Service Crackdown: Feds Indict Sky Global CEO

Sky Global's CEO has disputed those allegations and said he has received no direct notice of any charges being filed against him or any extradition request. "Sky Global’s technology works for the good of all. It was not created to prevent the police from monitoring criminal organizations; it exists to prevent anyone from monitoring and spying on the global community," Eap says in a statement released Sunday and posted to the company's website. ... "The unfounded allegations of involvement in criminal activity by me and our company are entirely false. I do not condone illegal activity in any way, shape or form, and nor does our company." Eap has also disputed claims by police that they cracked Sky Global's encryption. Previously, Sky Global had offered a $5 million reward to anyone able to demonstrate that they had cracked the encryption. Following a two-year investigation into Sky Global and its customers, last week, police in Belgium, France and the Netherlands launched numerous house searches, leading to hundreds of arrests of alleged users - including three attorneys in Antwerp, Belgium - as well as the seizure of thousands of kilograms of cocaine and methamphetamine, hundreds of firearms, millions of euros in cash as well as diamonds, jewelry, luxury vehicles and police uniforms, officials say.


Optimize your CloudOps: 8 tricks CSPs don't want you to know

Leveraging security managers that span all your traditional systems and public clouds is three times more effective than following a cloud-native approach. Similar to tip No. 1 above, cloud-native security systems operate best on their native cloud. Eventually you'll have silos of security systems, each solving tactical security problems for their native clouds. What you need is an overarching security ops platform that can manage security from cloud to cloud as well as for traditional systems, and perhaps with emerging technologies such as edge computing. Again, this is about finding something "cross-cloud" that exists today, and to do that you'll have to look for third-party providers. If you don't choose cross-cloud security now, the move from cloud-native to cross-cloud security will happen when your security silos become too complex to maintain and the first breach occurs. At that point, the transformation from cloud-native to cross-cloud security is difficult and costly. While this trick causes some debate from time to time, most experts agree: Abstracting public clouds for performance monitoring is a much better approach than just monitoring a single cloud using its cloud-native system.


AI One Year Later: How the Pandemic Impacted the Future of Technology

Those changing consumer behaviors created an abrupt reality for data science teams: predictive AI and machine learning (ML) models and the data they are derived from were almost instantly outdated, and in many cases reduced to irrelevance. In the past, these models were based on historical data from several years of behavioral patterns. But in a world of tightened spending, limited purchasing options, changing demand patterns, and restricted engagement with customers, that historical data no longer applied. To combat this problem -- at a time when companies could not afford inaccurate predictions or lost revenue -- AI teams turned to such solutions as real-time, ever-changing forecasting. By constantly updating and tuning their predictive models to include incoming data from the new pandemic-driven patterns, organizations were able to reduce data drift and more effectively chart their paths through the crisis and recovery period. With their hand forced, companies needed to make difficult choices during the spring of 2020. Do they put their projects and initiatives on pause and wait for the pandemic to subside, or push forward in applying AI as a competitive differentiator during these challenging times?


What is Agile leadership? How this flexible management style is changing how teams work

As Agile development took hold in IT departments, so tech chiefs started thinking about how the approach could be used – not just to create software products – but to lead teams and projects more generally. As this happened, CIOs started talking about the importance of Agile leadership. Over the past decade, the use of Agile as a technique for leading and completing projects has moved beyond the IT department and across all lines of business. The increased level of collaboration between tech organisations and other functions, particularly marketing and digital, has helped to feed the spread of Agile management. ... Although Agile leadership leans heavily on the principles and techniques of Agile software development, such as iteration, standups and retrospectives, it's probably fair to say that it's a management style that involves a general stance rather than a hard-and-fast set of rules. Mark Evans, managing director of marketing and digital at Direct Line, says the key to effective Agile management is what's known as servant leadership, a leadership philosophy in which the main goal of the leader is to serve.



Quote for the day:

"Integrity is the soul of leadership! Trust is the engine of leadership!" -- Amine A. Ayad

Daily Tech Digest - March 15, 2021

How to scale AI with a high degree of customization

Scaling machine learning programs is very different to scaling traditional software because they have to be adapted to fit any new problem you approach. As the data you’re using changes (whether because you’re attacking a new problem or simply because time has passed), you will likely need to build and train new models. This takes human input and supervision. The degree of supervision varies, and that is critical to understanding the scalability challenge. A second issue is that the humans involved in training the machine learning model and interpreting the output require domain-specific knowledge that may be unique. So someone who trained a successful model for one business unit of your company can’t necessarily do the same for a different business unit where they lack domain knowledge. Moreover, the way an ML system needs to be integrated into the workflow in one business unit could be very different from how it needs to be integrated in another, so you can’t simply replicate a successful ML deployment elsewhere. Finally, an AI system’s alignment to business objectives may be specific to the group developing it. For example, consider an AI system designed to predict customer churn.


The snags holding back DevOps: culture, delivery and security

Cultural issues create this disjointed relationship between Dev and Ops. "Culture is the number one missing component, but there is also a failure to truly connect and automate across functional silos," Dawson says. "This results in lack of shared visibility, consistent feedback to drive improvement and, potentially, a negative experience which inhibits adoption." There are too many tools competing for Dev and Ops teams' mindshare as well. "A single team may have anywhere between 20 to 50 tools," says Kakran. "Separating signal-from-noise when you are bombarded by hundreds of alerts per hour is quite challenging." The continuous delivery piece is also a snag in the continuous integration / continuous delivery (CI/CD) that should flow effortless through DevOps. "Enterprises are lagging in test automation and are increasing efforts to automate continuous testing, which is a core component of CD," says Venky Chennapragada, DevOps architect with Capgemini North America.. "Some enterprises are unable to adopt a high level of CI/CD because their application portfolio mostly consists of packaged software, legacy software or ERP systems."


PyTorch Code for Self-Attention Computer Vision

Self-Attention is gradually gaining prominent place from sequence modeling in natural language processing to Medical Image Segmentation. It replaces conventional recurrent neural networks and convolutional neural networks in many applications to achieve new state-of-the-art in respective fields. Transformers, its variants and extensions are well-utilizing self-attention mechanisms. Self-Attention Computer Vision, known technically as self_attention_cv, is a PyTorch based library providing a one-stop solution for all of the self-attention based requirements. It includes varieties of self-attention based layers and pre-trained models that can be simply employed in any custom architecture. Rather than building the self-attention layers or blocks from scratch, this library helps its users perform model building in no-time. On the other hand, the pre-trained heavy models such as TransUNet, ViT can be incorporated into custom models and can finish training in minimal time even in a CPU environment! According to its contributors Adaloglou Nicolas and Sergios Karagiannakos, the library is still under development by updating the latest models and architectures.


How to Choose the Right Cybersecurity Framework

Start by setting goals for your cybersecurity program that align with the business's needs. Stakeholders from across the organization — from the C-suite and upper management to support teams and IT — should be involved in the initial risk-assessment process and setting a risk-tolerance level. While deciding where to start your implementation can feel like trying to boil the ocean, one way to make it less intimidating is to run a pilot program focused on a single department. This can help uncover lessons about what does and doesn't work, what tools will help you succeed, and best practices for a wider rollout. From there, identify the type of data the organization processes and map out its life cycle. A simple model will help lay a foundation for understanding the organization's cybersecurity risk and identify points along the supply chain to invest more time and resources. Business tools and software are often important sources and collectors of data, so ask vendors about their data privacy policies to ensure they reflect your goals. ... A good cybersecurity framework will help you identify risks, protect company assets (including customer data), and put steps in place to detect, respond, and recover from a cybersecurity event.


Is Data Science a science?

Before we tackle the idea of whether Data Science is a science or not, something that doesn’t seem to have a definitive answer, let’s step back and look at the idea of proof. This is a word that is overused quite frequently as there are many different kinds of proof: for example, there are scientific proofs, legal proofs, and mathematical proofs. In mathematics, a proof is an inferential argument that shows a statement is true as supported by axioms, definitions, theorems, and postulates. Mathematicians normally use deductive reasoning to show that the premises, also called statements, in a proof are true. A direct proof is one that shows a given statement is always true and the proof is usually written in a symbolic language. In an indirect proof, mathematicians usually employ proof by contradiction, where they assume the opposite statement is true and eventually reach a contradiction showing the assumption is false. In science, an inherently inductive enterprise,² we cannot prove any hypothesis to be true as that would require an infinite number of observations so the best we can hope to do is use inductive reasoning as the basis of our generalization and hold it to be provisionally true.


Seven lessons on how technology transformations can deliver value

Not only do the transformations focused on talent strategy stand out in their value potential, but they are also much more commonplace at top-performing companies. Top-quartile respondents are more than three times likelier than their bottom-quartile peers (41 percent, compared with 12 percent) to say they’ve pursued a transformation of their talent strategy in recent years. Yet the need to address talent is universal and urgent. Respondents believe that more than 40 percent of their workforce will need to be either replaced or fundamentally retrained to make up for their organizations’ skills gaps. But only 15 percent of respondents say their companies plan to pursue a talent-strategy transformation in the next two years, even though the talent challenge remains considerable. At companies that have pursued recent transformations, the top challenges to doing so continue to revolve around talent as well as culture: namely, skill gaps and cultural differences, the difficulty of changing cultures and ways of working, and difficulty finding talent to fill new roles—which is as challenging for top performers as it is for everyone else. Talent also appears to impede progress at the companies that haven’t pursued technology transformations;


More Intelligent Medicine

The combination of human and machine intelligence could optimize the practice of clinical medicine and streamline health care operations. Machine learning-based AI tools could be especially valuable because they rely on adaptive learning. This means that with each exposure to new data, the algorithm gets better at detecting telltale patterns. Such tools have the capacity to transcend the knowledge-absorption and information-retention limits of the human brain because they can be “trained” to consider millions of medical records and billions of data points. Such tools could boost individual physicians’ decision-making by offering doctors accumulated knowledge from billions of medical decisions, billions of patient cases, and billions of outcomes to inform the diagnosis and treatment of an individual patient. AI-based tools could alert clinicians to a suboptimal medication choice, or they could triage patient cases with rare, confounding symptoms to rare-disease experts for remote consults. AI can help optimize both diagnostic and prognostic clinical decisions, it can help individualize treatment and it can identify patients at high risk for progressing to serious disease or for developing a condition, allowing physicians to intervene preemptively.


Surviving Zombie Scrum

There’s not one specific cause of Zombie Scrum, but in relation to the symptoms we described earlier, we can share some common causes. Generally speaking, Zombie Scrum systems occur in organizations that optimize for something else than actual agility. This creates problems that the teams can usually not solve on their own. For example, Scrum Teams that operate in environments with Zombie Scrum rarely have a clear answer as to what makes their product valuable. Much like zombies that stumble around without a sense of direction, many Zombie Scrum Teams work hard on getting nowhere in particular. While they still produce something the question remains whether they are actually effective. ... Another cause is the struggle many organizations face with shipping fast. Often heard excuses are that the product is too complex, technology doesn’t support it, or customers aren’t asking for it. Shipping fast is perceived as a “nice to have”, instead of a necessary activity to manage risk and deliver value sooner. Without shipping fast, Scrum’s loop of Empirical Process Control collapses. In Zombie Scrum, organizations don’t create safety to fail. Teams can’t improve when they experience no room for uncertainty, doubt, or criticism. They often develop all kinds of defensive strategies to prevent uncertainty.


AI Must Play a Role in Data Cloud Management

Data intelligence, or the use of data to glean useful information, allows a business to both increase revenue and their position in the market. But the continual multiplication of data and its sources are making an already substantial challenge even more laborious. This emphasis on data is where artificial intelligence (AI) can play an especially useful role. By leveraging the cloud and AI for the storage, collection, and analysis of data, a business can monetize information in a fast, effective manner. Indeed, mastering data management through the use of the cloud will continue to be top of mind for many IT groups as they are asked more and more to improve business agility through the fostering of better business intelligence. Thus, data science -- the large umbrella under which AI, machine learning, automation, data storage, and more all fall within -- will see huge leaps in growth both this year and in the years ahead. The cloud is perfectly positioned to assist organizations in AI because of its unique ability to provide business with flexibility, agility, scalability, and speed that other models of infrastructure simply can’t achieve at the same level. If the core of a business isn’t managing a datacenter, then the cloud is all the more appealing, since it allows IT teams to focus on the value-driving projects that will truly make a difference for employees and customers.


Why data privacy will be the catalyst for digital identity adoption

Firstly, the story around digital identities needs to change. What they won’t be is a one-stop-shop to access every piece of personal information about you at the touch of a button, shareable and stealable. What digital identities could be, if we put data privacy at their core, is selective. We have the opportunity to create a technology, which means people only need to share the specific data they need at any one time, withholding as much data as they can to get the job done. This doesn’t seem too big of an ask, either. Mastercard recently partnered with Deakin University and Australia Post to test out a digital ID solution enabling students to register for their exams digitally. This removed the need for tiresome paperwork and trips to campus, but also reduced the amount of data shared about each student. Students created a digital identity with Australia Post, using this to gain access to their university exam portal. With each registration, only specific personal information was required to allow students’ entry to the exam portal – nothing was shared than didn’t need to be. Now imagine this in our banks, shops, and workplaces. Rather than revealing most of your ‘identity’ with every purchase of alcohol, you only show your ID documents when you first create the identity – to verify that you are who you say you are.



Quote for the day:

"Don't dare to be different, dare to be yourself - if that doesn't make you different then something is wrong." -- Laura Baker

Daily Tech Digest - March 14, 2021

The Agile Manifesto 20 years on: agility in software delivery is still a work in progress

What's missing from many agile initiatives is "ways to manage what you do based on value and outcomes, rather than on measuring effort and tasks," says Morris. "We've seen the rise of formulaic 'enterprise agile' frameworks that try to help you to manage teams in a top-down way, in ways that are based on everything on the right of the values of the Agile Manifesto. The manifesto says we value 'responding to change over following a plan,' but these frameworks give you a formula for managing plans that don't really encourage you to respond to change once you get going." ... Ritchie agrees that there's too much of a tendency to pigeonhole agile into rigid processes. "The first and most-common mistake is the interpretation of agile as simply a process, or something you can just buy and do to immediately call yourself agile," says Ritchie. "This more often than not results in process for the sake of process, frustration, and - contradictory to the intent of agile - an even further disconnect between business outcomes and the IT professionals chartered to deliver them." Related to this, he says, is there often can be a "dogmatic agile zealot approach, where everything a particular framework says must be taken as gospel...'"


Combining edge computing and IoT to unlock autonomous and intelligent applications

Edge computing isn’t limited to just sensors and other IoT; it can also involve traditional IT devices, such as laptops, servers, and handheld systems. Enterprise applications such as enterprise resource planning (ERP), financial software, and data management systems typically don’t need the level of real-time instantaneous data processing most commonly associated with autonomous applications. Edge computing has the most relevance in the world of enterprise software in the context of application delivery. Employees don’t need access to the whole application suite or all of the company’s data. Providing them just what they need with limited data generally results in better performance and user experience. Edge computing also makes it possible to harness AI in enterprise applications, such as voice recognition. Voice recognition applications need to work locally for fast response, even if the algorithm is trained in the cloud. “For the first time in history, computing is moving out of the realm of abstract stuff like spreadsheets, web browsers, video games, et cetera, and into the real world,” Thomason said. Devices are sensing things in the real world and acting based on that information.


From The Vault: Top Statistical Ideas Behind The Data Science Boom

Improved data collection strategies (think sensors, Internet) have resulted in enormous datasets. But, data collection and curation consumes nearly 80% of a data engineer’s typical day. Data is still a problem. More so a couple of decades ago. The idea behind bootstrap distribution is to use it as an approximation to the data’s sampling distribution. According to researchers, parametric bootstrapping, prior and posterior predictive checking, and simulation-based calibration allow replication of datasets from a model instead of directly resampling from the data. Calibrated simulation in the face of uncertain data volumes is a standard procedure rooted in statistics and helps in analysing complex models or algorithms. Gelman and Vehtari believe the future research will lean more towards inferential methods, taking ideas such as unit testing from software engineering and applying them to problems of learning from noisy data. “As our statistical methods become more advanced, there will be a continuing need to understand the links between data, models, and substantive theory,” concluded the authors. The ideas mentioned above have laid the foundation for modern-day deep learning and other such tools.


Driving innovation with emotional intelligence

EQ is increasingly recognized as a competitive advantage, according to a survey by Harvard Business Review Analytic Services. It found that emotionally intelligent organizations get an innovation premium. These organizations reported more creativity, higher levels of productivity and employee engagement, significantly stronger customer experiences, and higher levels of customer loyalty, advocacy, and profitability. Organizations that did not focus on emotional intelligence had “significant consequences, including low productivity, lukewarm innovation, and an uninspired workforce,” said the report. ... Verizon surveyed senior business leaders both before and after covid-19. Before the pandemic, less than 20% of respondents said EQ would be an important skill for the future. But since covid, EI increased in significance for 69% of respondents. ... “A sure way to stifle innovation is to not have the emotional maturity to recognize that innovation and creativity can come from many sources,” says Steele. “I think that our agency has hugely benefited from research institutes, large businesses, small businesses, and individual contributors.” She continues, “The capacity to recognize untapped sources of innovation, then bringing them together in a system, is a great ability to have.”


Three flaws that sat in Linux kernel since 2006 could deliver root privileges to attackers

While the vulnerabilities “are in code that is not remotely accessible, so this isn’t like a remote exploit,” said Nichols, they are still troublesome. They take “any existing threat that might be there. It just makes it that much worse,” he explained. “And if you have users on the system that you don’t really trust with root access it, it breaks them as well.” Referring to the theory that ‘many eyes make all bugs shallow,’ Linux code “is not getting many eyes or the eyes are looking at it and saying that seems fine,” said Nichols. “But, [the bugs] have been in there since the code was first written, and they haven’t really changed over the last 15 years.” As a matter of course, GRIMM researchers try “to dig in” and see how long vulnerabilities have existed when they can – a more feasible proposition with open source. That the flaws slipped detection for so long has a lot to do with the sprawl of the the Linux kernel. It “has gotten so big” and “there’s so much code there,” said Nichols. “The real strategy is make sure you’re loading as little code as possible.”


Master Data Management Much More Than Technology

Industry experts define data governance as the “authority over the management of data assets” and assigning “accountability for the quality of your organization’s data.” Having authority over data assets is the function of data ownership. Being accountable for the quality of these data assets is the function of data stewardship. Data is a business asset, and business assets are controlled by business people. Therefore, data owners and data stewards should be business people. They must be careful not to manage their data within the narrow focus of their own business unit (department or division); instead, they must ensure that their data is managed from an enterprise perspective so that it can be used and shared by all business units. Enterprise information management (EIM) is about the administration of data. One industry expert describes EIM as “a function, typically dedicated to an organization in IT, for maintaining, cataloging, and standardizing corporate data.” This is done with the help of data stewards under the umbrella of a data strategy, and by establishing data-related standards, policies, and procedures.


Can Photonic Computing Solve The Rising Cost & Energy Issues Of AI?

Lights travel faster than electrons. The concept of using light as a substitute for carrying out heavy tasks (aka photonics computing/optical computing) dates back to the 1980s, when Nokia Bell Labs, an American industrial research and scientific development company, tried to develop a light-based processor. However, due to the impracticality of creating a working optical transistor, the concept didn’t take off. We experience optical technology in cameras, CDs, and even in Blue-Ray discs. But these photons are usually converted into electrons to deploy in chips. Four decades later, photonic computing gained momentum when IBM and researchers from the University of Oxford Muenster developed the system that uses light instead of electricity to perform several AI model-based computations. Alongside, Lightmatter’s new AI chip has created a buzz in the industry. According to the company website, Envise can run the largest neural networks three times higher inferences/second than the Nvidia DGX-A100, with seven times the inferences/second/Watt on BERT-Base with the SQuAD dataset.


Why Data Management Needs An Aggregator Model

The traditional approach to managing unstructured data has been storage-centric; you move data to a storage system, and the storage system manages your data and gives you some tools to search it and report on it. This approach worked and made things easier when data volumes were small and all of an enterprise's data could fit in a single storage solution. As enterprises shift to a hybrid multicloud architecture, they can no longer manage data within each storage silo, search for data within each storage silo and pay a heavy cost to move data from one silo to another. As GigaOm analyst Enrico Signoretti pointed out: "The trend is clear: The future of IT infrastructures is hybrid ... [and] it requires a different and modern approach to data management." Another key reason an aggregator model for data management is needed is that customers want to extract value from their data. To analyze and search unstructured data, vital information is stored in what is called "metadata" — information about the data itself. Metadata is like an electronic fingerprint of the data. For example, a photo on your phone might have information about the time and location when it was taken as well as who was in it. Metadata is very valuable, as it is used to search, find and index different types of unstructured data.


3 Ways To Improve Board-Level Focus on Third-Party Risk Management

Assessing the risks that third parties bring to your business shouldn’t begin once you have signed the contract. Instead, security and procurement teams should be reviewing known risks in potential vendors during the sourcing and selection stage of the vendor lifecycle. Unfortunately, though, only 31% of companies conduct thorough pre-contract due diligence, indicating there is a long way to go to overcome this obstacle. ... Third-party risk management can’t be a one-and-done task. It needs to be a continuous process built into the risk DNA of the enterprise. However, most organizations can get easily tripped up with performing vendor risk assessments, since half are still using manual spreadsheets to manage their vendors, and a further 34% say it takes over a month to complete an assessment of a top-tier vendor. This traditional static annual assessment approach must give way to a more dynamic process that incorporates real-time risk metrics. Agility should be the order of the day in assessing third parties. ... Effectively reducing vendor risk requires an understanding of how vendors are performing against expectations – both security and performance-related.


Compromised devices and data protection: Be prepared or else

While encryption alone isn’t fully sufficient to secure data, it’s also the case that multiple layers of encryption are often necessary to ensure that any exposed data is rendered unreadable and unusable. For example, an encryption tool like Bitlocker, if used on its own, can leave data vulnerable in certain scenarios such as if a power failure interrupts the encryption process, or if a system administrator’s credentials are compromised. In the wrong hands, a system administrator account will be able to view all files as decrypted and in clear text. However, deploying a solution like Encrypted File System (EFS) as a secondary encryption layer on top of Bitlocker will provide additional file-level encryption. In this way, EFS makes it possible to ensure the encryption of sensitive data, even if an attacker has gained access to device hardware and has powerful credentials in hand. This approach provides the added benefit of making it possible to service devices without it being necessary to allow data access or present any risk of exposure. By implementing a layered encryption strategy with protection at both the full drive and file levels, organizations can take peace of mind that the loss of a particular device is hardly a loss at all.



Quote for the day:

"Becoming a leader is synonymous with becoming yourself. It is precisely that simple, and it is also that difficult." -- Warren G. Bennis

Daily Tech Digest - March 13, 2021

4 ways to keep the cybersecurity conversation going after the crisis has passed

The report recommends adding a business information security officer (BISO) to improve business security alignment, building a top-down measurable program, and changing reporting structures so the CISO reports directly to the CEO. Ultimately, analysts say it’s the CISO’s responsibility to build relationships with executives and the board and have regular conversations with them. “It’s not just the board ignoring things or executives minimizing things, but cybersecurity people staying in their lane,” says Jon Oltsik, senior principal analyst at Enterprise Strategy Group and author of the report. “We need progressive and proactive CISOs to kind of shake the world up.” To maintain momentum, CISOs must keep the board’s attention with a steady stream of relevant information delivered in business terms and presented in the form of risk and strategy for cybersecurity, not just tech solutions. Security leaders and analysts offer some tips, tools, and frameworks to help translate security into strategy and keep the conversation going. If CISOs want to speak in board terms, “you have to speak strategically, and there are strategic business tools to do that,” says Lance Spitzner, director of SANS security awareness. 


The concept of justifiable healthcare and how big data can help us to achieve it

As a first necessary but not sufficient step, the evaluation requires consideration of any evidence on the efficacy of the intervention. AI and big data can be of help to mine and digest existing literature and evidence, at a much higher speed and in a more exhaustive manner than is currently possible using human skills. It is crucial that for this evaluation of efficacy, standardized core outcome sets are applied. These are sets including only outcomes that are: relevant to patients; measurable in an accurate and reliable manner; and discriminative. At the micro-level of the healthcare professional and the patient, justifiable healthcare is in fact an essential element to allow for genuine shared decision making. Indeed, justifiable healthcare provides all stakeholders involved with the argumentation and information necessary to decide which intervention has the highest probability to lead to the desired outcome given this specific condition affecting this specific patient and taking into account other available interventions. Big data and AI can be of help to present alternative options in a way that both patients and healthcare workers can easily understand, and finetuned for the specific case of the patient.


Quantum computing: Quantum annealing versus gate-based quantum computers

All is not lost for gate-based methods – quite the contrary, in fact. GSK's researchers foresee that the expected increase in qubit count in computers like these will allow quantum devices to show a significant performance advantage over classical hardware, for pharmaceutically-relevant life science problems, but also many other types of application. The results of the scientists experiments are still in pre-print, and are yet to be certified by peer review; in addition, the trials only focus on a specific problem – the use of quantum computing to assist drug discovery. Nevertheless, the research offers a valuable overview of the capabilities of quantum devices as they stand, and of the limitations of different approaches to quantum computing. The problem addressed by the scientists is well-established in classical computing. Called codon optimization, it consists of finding sequences of genetic code, called codons, that will ultimately lead to the expression of a particular gene. Up to six codons can be required to represent an amino acid, which in turn form the proteins that determine the gene.


Could No-Code Enable Everything Ops?

“The story of B2B software is largely about automation,” said Chou. If we consider classic examples of corporate applications, we see one common thread — B2B software has always sought to automate traditional office work. And so, it came to pass that computing and software devoured all these office tasks, from accounting to time-tracking, communications and many other areas. Though computer-based office work delivered huge efficiency boosts, these interfaces often introduced new hurdles; bad UI design, difficult navigation and a hundred open tabs, just to name a few. From there, robotic process automation (RPA) aimed to operationalize a growing number of tedious digital workflows across Excel spreadsheets, web apps and desktop apps. In Chou’s words, “RPA took the concepts of test automation software, and then pointed it toward production systems.” Though RPA’s process of recording screen interactions gathered much interest and attention (and funding), screen scraping is ultimately too fragile to be effective. It adds technical debt over legacy systems. It can be expensive to implement. Lastly, it’s not processes-centric and doesn’t implement reusable software-defined APIs.


Here's how digital transformation and sustainability can flourish together

The rapid digitalisation catalysed by COVID-19 presents the opportunity to rethink how we make decisions and how we apply technology in new and meaningful ways. Immense opportunity exists for enterprises that can capture the value of data to drive more sustainable solutions. For example, it’s estimated that the value unlocked by artificial intelligence in helping design out waste for food, keeping products and materials in use, and regenerating natural systems, could be up to $127 billion a year in 2030. The digital transformations of today must be purpose-led, delivering for all stakeholders as a requisite for company success. Spearheading that effort is the Forum's CEO Champions group on Accelerating Digital Transformation in a Post-COVID-19 World, which is led by Antonio Neri, the CEO of Hewlett Packard Enterprise (HPE). Today, this group published a playbook, Bridging Digital and Environmental Goals, designed to provide leaders with recommended actions and examples to leverage data-led insights and create products, strategies and business models that minimise their impact on the planet.


Security awareness programs: The difference between window dressing and behavior change

Instead of merely checking the annual compliance security box, good security awareness programs are focused entirely on real-world outcomes and results. To achieve measurable results, companies need to make a real change in educating employees on cybersecurity and their role in protecting their companies. The core issue with “cookie-cutter” security training, in which all employees receive the same phishing simulation, is that they often do not target at-risk users at the critical moment when a potential attack is in progress. Nor are they conducted with enough frequency to remain top of mind for employees. By implementing policies, controls, and technologies that focus on the individual, organizations can more effectively teach employees the right behaviors that will result in a cyber-savvy culture. ... Taking a behavior-based approach to security awareness training is more effective than traditional initiatives, reduces costs, and provides a measurable ROI for organizations. Consider lane assist technology. While the reason why a driver might drift into another lane can range from fatigue to inattention to an inability to see the lines, alerting drivers exactly when they might be dangerously drifting into another lane helps drivers avoid a collision.


AI and you: how confusion about the technology that runs our world threatens democracy

Machine learning occupies an interesting position in the story of scientific progress. On one hand it’s a natural outcome of developments in computer science that began in the 1980s. On the other hand, its total dependence on information — and its ability to make do with all sorts of information, including things like your keystroke and heart rate — marks what could turn out to be a more radical break with previous technologies. Machine learning uses existing information to generate new information. But it also allows that new information to be put to a variety of questionable uses, including surveillance and manipulation. If you’ve ever been recommended products while shopping online, you’ve probably been profiled. Ever been denied an application for a credit card in short order? Again, you’ve probably been profiled. Algorithmic profiling presents a host of ethical and legal challenges, particularly around discrimination and privacy. But profiling is just the tip of an ever-expanding iceberg. Many uses of big tech pose a threat to individuals as individuals, which is bad enough.


The cyber security risks of working from home

The most obvious risk is that most of our tasks are conducted online. After all, if something’s on the Internet, then there’s always the possibility of a cyber criminal compromising it. They might attempt to do this by cracking your password. This could be easier than ever if you’re reusing login credentials for the various online apps you need to stay in touch with your team. Meanwhile, according to CISO’s Benchmark Report 2020, organisations are struggling to manage remote workers’ use of phones and other mobile devices. It found that 52% of respondents said that mobile devices are now challenging to protect from cyber threats. ... Organisations should also be concerned about remote employees using their own devices. This might have been unavoidable given how quickly the pandemic spiralled and the suddenness of the government’s decision to implement lockdown measures. Still, where possible, all work should be done on a corporate laptop subject to remote access security controls. This should include, at the very least, 2FA (two-factor authentication), which will mitigate the risk of a crook gaining access to an employee’s account.


The future of data privacy: confidential computing, quantum safe cryptography take center stage

Quantum safe cryptography aims to tackle the problems that will arrive with the day we have a working quantum machine. While quantum computing is being actively worked on by engineers worldwide, with Honeywell, for example, ramping up the capacity of its own System Model H1 to a quantum volume of 512, it is estimated that a full-capacity quantum computer could exist within the next 10 to 15 years. When that day arrives, however, the high computational power of these machines would render "virtually all electronic communication insecure," according to IBM, as quantum computers are able to factor large numbers -- a core precept of today's cryptography. To resolve this, standards based on lattice cryptography have been proposed. This hides data in complex algebraic structures and is considered to be an attractive option for future-proofing data privacy architectures. According to IBM cryptographer Vadim Lyubashevsky, adopting lattice frameworks is unlikely to impact end-users -- and may actually improve computational performance. But why bother now, when full quantum machines do not exist? 


Enterprise architecture: a tool for business recovery?

From entirely new ways of working, permanent shifts in customer behaviour and operational networks, the world beyond the crisis is set to look drastically different. To emerge from the pandemic in a stronger position, organisations will need to directly address the vulnerabilities the pandemic has exposed. For instance, people may continue to be adverse to gathering in large groups, ecommerce is unlikely to lose the gains it has obtained during multiple lockdowns, and of course, businesses globally have realised the benefits that the work from home model brings. These emerging trends will significantly alter the roadmap ahead, but more importantly, it’ll accelerate the exploration of new digital tools. A recent McKinsey report shows that nearly all organisations, whether traditional companies or startups are re-orienting their business models to be more digital as a direct result of the impact Covid-19 has had on changing consumer behaviours, and many of these changes will outlive the current landscape. As we delve into this virtual world, we must prepare and ask ourselves, could parts of hospitality and tourism be replaced by VR? Will business meetings make use of holographic technology for a blended experience? Will self-driving or delivery drones spearhead the future of retail?



Quote for the day:

"The world is full of obvious things which nobody by any chance ever observes." -- Arthur Conan Doyle

Daily Tech Digest - March 12, 2021

Hiring developers? Here's how to keep them happy and productive

"Whiteboard coding was another thing that was just totally broken in engineering hiring. Asking people to code on a whiteboard is a different skill set. People don't do it for their day-to-day. It was silly for us to ask people to put code on a whiteboard, but we did it for years!" A better strategy for onboarding developers remotely, Pillar says, is a sort of BYOD policy, whereby hiring managers ask candidates to bring their laptops along to the interview with the understanding that they'll be performing some form of on-the-spot coding while they share their screen with the interviewer. "That's a way more productive way to get an excellent signal about the quality of a developer, because it's actually their environment and you can see them using the tools that they're familiar with," he explains. ... "A meeting is an extremely expensive thing for an engineer. It's way easier, unfortunately, to interrupt an engineer's flow in a remote world with a meeting because their calendar is open, you can just throw it in there and you don't even really think about it. Some software providers now provide analytics tools that will measure how workers' time is spent, some of which include the ability to measure interrupted time – also known as 'friction time'. 


How Security Architecture Is Shaping Up for 2021

Access is often referred to as zero-trust network access, which seems incorrect to me since its application access, which is network access, which is the old traditional VPN piece. But that architecture makes no difference if you’re on or off the network. It uses an access proxy to provide a security and control context, it’ll provide identity components for users and devices. So it gives you this application [information] and then contextual information as applied per session. That’s one architecture — one of the problems, obviously, when you have some of these architectures is that you try and build it, and you’ve got five different vendors, you’re trying to build it from code union and endpoint solution, you to proxy, you need security, you need identity, you need these other contextual engineering management [techniques]. So customers have trouble when they try to build it across maybe five or six vendors. That’s why I think it’s a really important architecture, especially when I think people are gonna be more and more often on the network and backward and forwards, it doesn’t really matter whether it’s a zero trust architecture. So that’s one really important component.


IT security strategy: A CISO's 5 essentials

One of the most common cyberattack vectors remains exploiting known vulnerabilities in OS software and applications. To combat these attacks, stay on top of the maintenance level of your hardware and software. Unsupported components should be upgraded or replaced as soon as possible. Conduct vulnerability scans for the full infrastructure monthly, and correct issues as soon as possible. Ensure your scans include third-party products and applications. ... A famous baseball coach once said, “You can observe a lot by just looking.” Make better use of the logs and reports provided by the systems and applications running your business. Delineate baselines and metrics defining security health. A change in activity patterns or metrics may be an early indicator of trouble brewing. Develop, maintain, and test a practical security incident management plan so you will know what to do if faced with a real incident. Composing a secure foundation isn’t easy in the best of times. While these five tips may not be as exciting as hunting for hackers or implementing a sophisticated security incident event management (SIEM) system, they are the building blocks of a strong foundation and offer the best way to move organizations forward safely.


Power Equipment: A New Cybersecurity Frontier

While IoT has been the catalyst for many positive developments, there are challenges with these expanding interconnections. For power management, the ability to connect backup equipment like an uninterruptible power supply (UPS) can prove helpful in enabling IT teams to monitor and maintain essential infrastructure more efficiently. However, like any other network-connected devices, they become assets that need to be secured from potential cyber breaches. Though UPS doesn't traditionally come to mind when envisioning ways cybercriminals infiltrate a network, the same could also be said for other inconspicuous devices like HVAC units. Yet, that's exactly what hackers pursued when they were able to gain access to Target's system and steal data on over 40 million credit and debit cards. And consider how hackers were able to penetrate the network of a North American casino utilizing an Internet-connected thermometer inside an aquarium. Finding the vulnerability in a fish tank, of all places, allowed hackers to access the casino's database and ultimately steal private customer data.


How do I select a SOAR solution for my business?

A SOAR solution should enable teams to automate the identification and response process across significant volumes of disparate data streams, so that the prioritisation of threats and vulnerabilities becomes almost seamless, not least far more operationally efficient. If implemented correctly, Security Operations Centres (SOC) can benefit from using SOAR solutions helping them to deal with threats faster and more efficiently. Integrating SOAR with other security tools, such as Security Information and Event Management (SIEM), can transform SOC teams business and technology outcomes through automation, while also increasing efficiency. Combining forces, organisations can use SOAR to augment the capabilities of SIEM, offering an all-comprehensive solution. SIEMs collect and store data in a useful manner which SOAR can use to automatically investigate and respond to incidents and reduce the need for manual operations. What’s more, in tackling one of the biggest challenges for SOC teams to date, SOAR solutions can help to ingest information, sort, prioritise and combine duplicate alerts to reduce the number of false positives.


Fintech Innovation Done Right: Be A Creator

Fintech can also create entirely new product categories. One mechanism I’ve explored previously are embedded fintech strategies. A financial product can be embedded into other products to change the nature of, availability and engagement model with customers. Companies like Opendoor give customers the ability to make cash offers for homes to make them more competitive. Boost allows companies to launch insurance products and bundle them into a broader offering. Zola bundles loans and mobile repayments with Pay-As-You-Go financing to unlock demand for home solar systems in Africa. Without the built-in financing, the systems would be unaffordable making the loan a core piece of the business model, rather than a feature. Similarly, many boot camps engage in income sharing agreements – rather than charging tuition, the program is repaid through a percentage of future earnings for a set period of time. Finally, players like ZhongAn have created fully automated insurance built into products. For instance, in a partnership with a telephone provider, they can automatically detect a broken screen.


Untangl CEO discusses how Insurtech startups are disrupting finance markets

“There’s no doubt that technology is going to disrupt the insurance sector like it has any other industry,” said Stewart. “But I think insurance has been particularly slow when it comes to modernising, and that’s been highlighted by the rapid shift to the cloud. “The pandemic has been another catalyst in a rethink of operations going forward, but a cultural problem has been present around an industry that’s underinvested in technology, while finding it difficult to innovate in such a risk-averse, high margin landscape.” Stewart went on to explain that companies in the space can often spend up to 18 months making decisions to solve inquiries in response to potential problems, a reflection that he described as “a reflection of how not to do it”. However, while the insurance sector has found innovating quickly with short term projects more difficult than other sectors, the past year has seen areas such as personal lines become more agile and intuitive. “It’s not easy because the industry has experts in their complex fields, who are representing stakeholders with billions in capital behind them, and any mistakes can be financially disastrous,” Stewart added.


The Brain of Security

In fairness security analysts are seeking to make risk-informed decisions, as the human brain does this instinctively. However, they can only do that based on the information they are provided. There are not many security programmes where business context was provided to the analyst to aid in decision making. Recognising this reality, organisations are seeking to quantify their cyber risk to better align security to the business, drive remediation and response activities, support investment decisions and demonstrate return on security investment. Many have already embraced the move to a quantified understanding of risk – only to be let down as current approaches require too much manual data collection, too much training and professional services support, don’t connect this newfound understanding with the ability to take action and fail to meet the need to efficiently and cost-effectively mitigate risk. Organisations need to acknowledge that understanding and quantifying risk is critical to building an effective security programme in this day and age. Solely orchestrating and automating security actions with an intelligence-led approach is not enough.


CIO Agenda for Right Now: Priorities a Year Into the Pandemic

First, the COVID-19 pandemic brought a period of rapid change and challenges for organizations, and that has accelerated technological change. Future conditions will be significantly different from the past and even from the present, according to White. Second, operating models have had to change. Now that the dust has settled, organizations will be using the rest of 2021 to review and consolidate all of the changes that have happened in organizations, White said. Third, the pandemic has raised new business priorities. Work from home has been one of them. But deeper in that trend, the pandemic has disrupted traditional research conducted by business and has raised different priorities for innovators, according to White. Plus, the work-from-home trend will drive significant organizational changes. Remote leadership poses challenges for presence and influence, according to White. Leaders and managers will need to adapt their styles to encompass non-line-of-sight supervision and performance management. Fourth, the CIO role has changed and will continue to change. Technology and the CIO's response to the pandemic, lockdown, and economic downturn, meant that many organizations were able to survive the initial crisis.


OpenAI’s state-of-the-art machine vision AI is fooled by handwritten notes

Researchers from machine learning lab OpenAI have discovered that their state-of-the-art computer vision system can be deceived by tools no more sophisticated than a pen and a pad. As illustrated in the image above, simply writing down the name of an object and sticking it on another can be enough to trick the software into misidentifying what it sees. “We refer to these attacks as typographic attacks,” write OpenAI’s researchers in a blog post. “By exploiting the model’s ability to read text robustly, we find that even photographs of hand-written text can often fool the model.” They note that such attacks are similar to “adversarial images” that can fool commercial machine vision systems, but far simpler to produce. Adversarial images present a real danger for systems that rely on machine vision. Researchers have shown, for example, that they can trick the software in Tesla’s self-driving cars to change lanes without warning simply by placing certain stickers on the road. Such attacks are a serious threat for a variety of AI applications, from the medical to the military.



Quote for the day:

"The most difficult thing is the decision to act, the rest is merely tenacity." -- Amelia Earhart