Feed aggregator

High performance computing increasingly benefitting UK businesses

IT Portal from UK - Wed, 07/03/2019 - 07:30

IT professionals in the UK perceive high-performance computing (HPC) as increasingly benefitting, with the vast majority considering it a ‘key technology’ for innovation.

This is according to a new report by SUSE, which claims HPC is now a driving force for positive change in the enterprise, and not just science and research.

Government organisations, academia and other industries, can all benefit greatly from HPC. It is also seen as a major ‘competitive differentiator’ for businesses, with most IT staff saying that not implementing a practical HPC application can ‘severely impact’ their competitive advantage within half a decade.  

When it comes to enterprises leading the charge with HPC uptake, Germany stands out as the country with most large organisations on board. In the UK, 43 per cent of the IT pros surveyed confirmed their business is already using a practical application of HPC, with almost half (48 per cent) considering it, as well.

Many organisations are currently in the process of educating and training their staff, to be able to implement HPC solutions.

 “HPC may have its roots in academia or government institutions but a broader spectrum of organisations – from banking and healthcare to retail and utilities – are increasingly turning to HPC to deliver massive computing power. While the historic cost of HPC or “supercomputers” had limited its use to certain market segments, the evolution of both lower cost hardware and Linux has dramatically reduced the price of these systems. With compute power increasing on a scale of one thousand in just a few years, many commercial companies are now able to tap into the power of supercomputers in the form of an HPC Linux cluster – and reap the rewards.” said Matt Eckersall, Regional Director, EMEA West at SUSE. 

Better security means access is not a simple yes/no question

IT Portal from UK - Wed, 07/03/2019 - 07:00

It seems simple: to keep data secure, you need to make sure that the person requesting access is who they say they are, and they have the right to access the data they are requesting.

But, as with everything else, it shouldn’t be so simple—not if you want to get security right. Not all data is equal. Some data should be protected with the strongest security, while other documents are far less critical. And proving identity is also not quite so straightforward—it’s far easier to trust an employee using a company-owned device in the office than one working remotely using an unsecured device.

So as an IT service provider or managed service provider (MSP), how do you strike a balance?

One approach is to make everything highly secure and ensure that every employee requesting access proves who they are without room for doubt. But not only is this time consuming and inefficient, this is how employees end up circumventing security—posing an even bigger danger. Instead, a new approach is needed—one that assesses the risk of each request and demands the appropriate response.

The risk presented

With the lines between work and play blurring, and employees using their work devices for personal use—and vice versa—attempting to protect a business by declaring that particular devices are safe is no longer sufficient.

The level of access that is granted to each individual needs to be based on the level of confidence, or risk, they present to a business, and the level of resource access they require. So, if an employee is accessing the company network using a corporate device that is trusted, we know that that individual is secure—this person presents less risk.

But if this same person was accessing the network from a different device, say a personal one, that the network had never seen before, and from an unfamiliar place—then this person’s level of risk would go up.

The material that an individual is also trying to access needs to be considered. If the material is particularly sensitive, or is outside the regular level of access, then again, the risk increases.

When we think of risk, it’s about assessing whether the individual is who they say they are, and how likely it is that a compromised device is trying to gain access to the network.

Adding pressure

This does mean that when increased risk is present, there is some extra work for the user. Instead of granting automatic access, and potentially allowing an infected machine or unauthorised user to come onto the network, the user could be asked for additional authentication, to prove they are who they say they are.

This approach is something most people see on a day-to-day basis. When you collect a parcel or a package, although you may have an order number, you will be asked to prove your identity with photo ID or a bank card.

It’s an approach that’s widely embraced in the world of mobile banking. While minimal security is needed to look at a bank balance—usually a four or a six-digit code—if a person wants to transfer funds, then an added level of authentication is needed, to ensure protection against fraudulent behaviour.

But while adding pressure may seem like an added inconvenience, it doesn’t need to be if MSPs and IT service providers follow the 80/20 rule—treating 80 per cent of their employees in a similar fashion and treating the ‘risky’ 20 per cent with higher levels of security.

Most employees and users (the 80 per cent) will have the same needs—they will require regular access to certain materials, and restricted access to more sensitive information. The ‘risky’ characters (the 20 per cent) can also be easily identified, as they will be employees that require access to more sensitive information—such as IT administrators, HR and finance staff, and C-level executives.

Applying the 80/20 rule

With this in mind, how do MSPs and IT service providers apply the 80/20 rule, and in which scenarios is more pressure needed? How does an MSP know where their responsibilities end?

Ultimately, there will be certain users where an MSP will need to go further than it has done before, to ensure that they are fully secure. If there is a person within the organisation that can access the crown jewels, then it’s the MSPs responsibility to ensure that anyone trying to get their hands on the jewels isn’t doing it from a device that is dirty, from a network that is compromised, and that a close eye is being kept on their activity.

Let’s put this into practice. The head of HR for an organisation will be able to access data on every single employee within their organisation—and accessing this information from an untrusted, insecure device presents a huge risk. In this instance, an MSP will want to ensure that the device is controlled and that it hasn’t been compromised. It may be that security trumps convenience here, and that the user needs to use a trusted device to access the most sensitive information.

The MSP’s responsibility is to understand the most important and sensitive data about the businesses it serves: the data it holds, the data that needs protecting, the systems that are used to access this data, and the individuals that have access to it. The MSP also needs to create a division between the 80 per cent and 20 per cent staff, as well as identify the crown jewels that need special protection.

Better security, better access

With the rise of remote working, and the increase in cybersecurity threats, businesses today can’t afford to simply grant broad access to every employee in the same way. They need to use the 80/20 rule to appropriately balance risk and security.

MSPs and IT service providers have an important role to play as a trusted partner to businesses, ensuring they are keeping data secure, and giving users the access they need to be able to do their jobs. In order to do this, MSPs need to ensure they fully understand their customers’ businesses and their most precious data. They also need to put processes in place to ensure that trusted employees can access this data and apply pressure in circumstances that could be considered risky.

An MSP ultimately needs to ensure that only royalty can have access to the crown jewels.

Tim Brown, VP Security, SolarWinds MSP

US government staff told to treat Huawei as blacklisted

IT Portal from UK - Wed, 07/03/2019 - 07:00

Even though US president Donald Trump recently vowed to ease the ban on sales to Huawei, the company still needs to be treated as blacklisted by US government institutions, new reports have said.

According to Reuters, , a senior US official has told the enforcement staff over at the Commerce Department that Huawei should still be considered as blacklisted. This was done, allegedly, to clear any confusion employees might have, following Trump’s latest move.

A few days back, Trump met with Chinese president Xi Jinping during the G20 summit in Japan, after which he promised to allow US companies to sell their products to Huawei.

Soon after, John Sonderman, Deputy Director of the Office of Export Enforcement, in the Commerce Department’s Bureau of Industry and Security (BIS), sent an email to make sure agents know how to act.

All such applications should be considered on merit and flagged with language noting that “This party is on the Entity List. Evaluate the associated license review policy under part 744,” he wrote, citing regulations that include the Entity List and the “presumption of denial” licensing policy that is applied to blacklisted companies.

When evaluating any Huawei-related license applications, any further guidance from BIS should be considered, he added.

Huawei was blacklisted by the US president after being deemed a threat to national security. Trump’s latest move is perceived as an olive branch, to continue trade talks with China and potentially even ease up on the ongoing trade war between the two countries.

US tech companies, who see Huawei as an important partner, have mostly praised Trump’s latest move.

Microsoft goes back to the future with Windows 1.0

IT Portal from UK - Wed, 07/03/2019 - 06:30

Microsoft has raised eyebrows across social media with a new nostalgia-tinged teaser.

The company recently published a short clip on Twitter, which basically rolls back the years by showcasing how the Windows logo transformed over time – starting with the Windows 10 logo, all the way back to Windows 1.0.

While cyberpunk-styled grid visuals rolled in the background, synth music straight out of the original Tron movie was playing. The company's Instagram page was also completely wiped, leaving nothing but an ancient photograph showing boxes of Microsoft Word, Excel, Flight Simulator and other Jurassic stuff.  

People on Twitter were quick to jump onto the bandwagon, with comments like “Windows 1.0? Amazing, I can finally upgrade from my Windows 10” or “Looks like it’s time to upgrade”.

However others have speculated that the teaser could be linked to an upcoming release, most likely an open-source version of Windows 1.0 made available online.

Windows 1.0 was Microsoft’s very first version of the operating system. It was a 16-bit platform, which allowed graphical programs to be run over MS-DOS. It was the company’s first foray into a more visual experience, leaving command lines behind them. 

IoT: How bright is the future, really?

IT Portal from UK - Wed, 07/03/2019 - 06:30

Jonathan Luse, General Manager of the IoT Group at Intel, discusses the company’s Internet of Things (IoT) projects, the challenges facing the IoT industry, as well as the overall possibilities of this new and exciting technology.

What are some of the most interesting IoT projects Intel is working on at the moment?

Here are a few examples of partners using Intel technology in IoT:   Agent Vi is a global video analytics software provider whose technology is used to improve security, safety and incident response time in cities using AI.

Intel’s software toolkit OpenVINO, has helped Agent Vi scale its AI solutions across a wide range of applications including public safety and city surveillance, traffic management, waste collection and many more. Specifically, the software has allowed the company to deploy a neural network, using existing cameras, that knows when city street bins are full and alerts someone to empty them.

Another example is RESOLVE’s TrailGuard AI anti-poaching camera. RESOLVE is a non-profit organisation using cameras with Intel-powered AI technology to detect poachers entering Africa’s wildlife reserves and alert park rangers in near real-time to stop poachers.

TrailGuard AI uses Intel Movidius Vision Processing Units (VPUs) for image processing, running deep neural network algorithms for object detection and image classification inside the camera. If humans are detected among any of the motion-activated images captured by the camera, it triggers electronic alerts so the park can mobilise rangers before poachers can do harm.

The technology has been deployed in around 100 reserves in Africa including the Serengeti, with plans to expand to South East Asia and South America as well.

What steps need to be taken to ensure the world's network infrastructure is able to cope with the increasing width of IoT?

The volume of data being generated is enormous, so the first thing we need to do is manage the bandwidth economically. We have to make sure we have the ability to tag and compress that data with relevant information and not send meaningless data up to the cloud for analytics. The first order of business is making sure that we use the network infrastructure properly, and process the right data in the right locations.

The second task is evolving the network infrastructure itself to take advantage of emerging technologies.   Integrating technology such as 5G network infrastructure will give us the ability to expand the network performance, bandwidth all while keeping critical data moving in low latency environments. 

How is Intel planning on encouraging its partners and customers to integrate more IoT hardware?

The first thing we do is ensure it’s easy to activate the technologies. We’ve been investing in a lot of IoT centric technologies in our processors including real time systems, time sensitive networks with deterministic performance, manageability engines and functionally safe devices. 

It’s important for us to work with our ecosystem and our partners to make sure that they can easily activate that technology and enable it for their customers. If we have all these powerful technologies inside the processor and the system, but developers have a hard time activating it, then it just doesn’t get deployed on a large scale. Part of the approach that we’ve taken is to produce tools, software toolkits such as OpenVINO and the Intel Developer Zone to make it easy to receive, activate and deploy the technology not just to a few set of large customers, but making those technologies scale to hundreds and thousands of customers worldwide.

Customers and partners also have access to pre-created Intel Market Ready Solutions for their developers. It’s important for us to use our ecosystem to give our customers to have different levels of integration ready to go.

Are there any particular sectors that the IoT could especially help push forward?

Each market sector we work with presents its own challenges and whilst there are common elements, some require bespoke solutions.

The sectors we work with include visual retail and transactional retail devices, industrial systems and control systems helping in manufacturing, robotics, smart cities activities, transportation logistics, digital learning classrooms, healthcare devices, financial services and automotive.

Given the wide range of areas that we cover, it’s important for us to pull together all those different tools, RFP Ready Kits and Market Ready Solutions to give customers choice and flexibility depending on their specific application needs.  

How big can the IoT really be? Are the possibilities really endless?

The opportunity is Massive, and growing fast.  According to some of the market reports that we’ve seen AI just by itself is going to stimulate the economy by $13 trillion worldwide by 2030. Studies have shown that this will impact jobs in a good way with around 58 million new jobs being created in the next five years because of these deep learning and AI technologies. It’s an exciting time for us and the sheer amount of data being generated is creating plenty of opportunities for Intel as well as the wider ecosystem that we partner with and our customers.   I’m excited about the future of IoT and Intel’s participation in the market segments.

Jonathan Luse, General Manager of the Internet of Things Group, Intel

Intel and Baidu team up on AI training

IT Portal from UK - Wed, 07/03/2019 - 06:00

Intel and Baidu are teaming up to work on a new chip, designed for training deep learning models at ‘lightning speed’.

This was confirmed by the two companies during the Baidu Create AI developer conference, which was recently held in Beijing. Intel Corporate VP Naveen Rao said his company is teaming up with Baidu to work on the new Intel Nervana Neural Network Processor for Training, or NNP-T for short.

The joint effort includes both hardware and software designs with the purpose of training deep learning models at high speeds.

“The next few years will see an explosion in the complexity of AI models and the need for massive deep learning compute at scale. Intel and Baidu are focusing their decade-long collaboration on building radical new hardware, co-designed with enabling software, that will evolve with this new reality – something we call ‘AI 2.0,’” said Naveen Rao.

Intel and Baidu have been partners for years now. Since 2016, Intel has been optimising Baidu’s PaddlePaddle deep learning framework for its Xeon Scalable processors. Now, they’re optimising NNP-T for PaddlePaddle.

The two companies are also working on MesaTEE, a memory-safe function-as-a-service (FaaS) computing framework, based on the Intel Software Guard Extensions (SGX) technology.

VentureBeat believes Intel sees its future in AI. “The Santa Clara company’s AI chip segments notched $1 billion in revenue last year, and Intel expects the market opportunity to grow 30% annually from $2.5 billion in 2017 to $10 billion by 2022.”

The frictionless enterprise – what is it and what does it mean for IT?

IT Portal from UK - Wed, 07/03/2019 - 06:00

The word “frictionless” has emerged as a term used to describe when an action is achieved with or involving little difficulty; it is about effortlessness. This term is most commonly associated with customer experience and payments.

Consumers are already familiar with this term without realising it. Retail is the perfect illustration of what being frictionless means. Driven by tech-native companies like Amazon or eBay, the purchasing journey has completely changed for customers. In today’s digital society, consumers are more likely to be actively engaged with their favourite brands (via social media and specially designed apps), whilst also keeping a level of autonomy. According to a report from McKinsey about “Digitising the Consumer Decision Journey”, creating frictionless experiences support the optimisation of digital channels.

In our new “zero touch” world, consumers in the UK do not need to have their credit cards at all times. Now they can purchase or access almost anything in one-click via their smartphones – clothes, cars, entertainment, you name it. The idea behind this practice which is now second nature to millions all stems from being able to do things in a way that presents no problem for the do-er. Our world is becoming frictionless and almost every single action is now as easy as ABC. Of course, there is still work to be done when it comes to delivering an omni-channel experience online and off-line and according to published reports, “48 per cent of US consumers believe companies need to do a better job of integrating their online and off-line experiences.” That said, retailers are getting close to making this a reality.

Today, our frictionless world has developed to such an extent that it would be hard to think of a world without such convenience and the possibilities for its future expansion are exciting.

The key to frictionless is data

Frictionless has exploded with the emergence of new technologies – smartphones, the cloud, machine learning and virtual assistants to name a few. All of these technologies either produce, store or analyses vast quantities of data – to provide seamless experiences in the 21st century. The impact of this is industries such as travel, finance, retail and many more have been touched by the frictionless effect which enables people to have a seamless experience whether they are purchasing goods, travelling or interacting with their bank or insurance company. Even governments and the public sector are embracing frictionless experiences – online tax returns, “no paper” programmes and online procedures are now commonplace and encouraged across the board.

This has had a knock-on effect on the generations that have grown up with these technologies. The “data-driven” generations, Millennials and Generation Z, are happy to embrace the idea of a fully connected society and are expecting a seamless experience from the start. They purchase the latest technology, use services that take advantage of digital concepts and technology, have multiple social media accounts and understand that data is a powerful tool – especially concerning their experiences. Expectations are high. Consumers are more engaged and more autonomous.

While the term is appearing across industries it is hardly new. The European Union Schengen Agreement which was signed in 1985, sought to abolish borders between European nations. The purpose: make the movement of people and goods as frictionless as possible. While Brexit will, of course, threaten to cause friction once again, it will be the job of the UK parliament to ensure that this does not happen. The potential result: major disruptions to the UK’s trade agreements and mass outrage from British sun-seekers.

But what does this mean for IT teams within enterprise organisations?

What’s become accepted and expected in the consumer world is making its way to the enterprise – both internally and externally. No matter if it’s a customer or supplier, engagement with a customer must be seamless – the level of frictionless is linked to reputation in a digital world. IT teams want to use software that’s as easy as streaming a video on YouTube or listening to music on Spotify. They want to be able to start data loading projects easily, they want to be able to connect cloud sources into data warehouses or data lakes in minutes. And they need it to be simple as they purchase on Amazon.

Digital-native generations are pushing new ways of consuming data within an organisation. One of the major trends driven by this generation is the “pay-as-you-go” model enabled by the explosion of cloud applications. According to IDC, the millennial-led companies have adopted cloud applications such as travel, invoice, expense management and human capital management — as well as desktop as a service — at a more than 20 per cent higher rate than the average midmarket firm.

Cloud has been revolutionising the way the organisations work with data integration. These new data workers now want to consume technology as a service and not just as products anymore, which reduces costs – the installation and administration are no longer managed internally, but by the provider. Data workers can thus focus on the real benefits of their job – data ingestion and integration in the cloud, providing analysis to improve the business in real-time. Cloud integration is not an option for this generation, it is a no-brainer and they are leading the way to cloud and self-service adoption within their organisations. Making use of platforms offered by data integration and cloud management platforms is pivotal in the success of your business. Platforms and services that allow you to seamlessly and instantly move large amounts of data to their final destination must be taken advantage of in a society where frictionless is the new norm.

The impact on GDPR

The more frictionless an interaction between customer and vendor becomes, there are legitimate questions about data privacy and protection. Indeed, data is at the heart of an organisation’s frictionless strategy. Data volumes and flows are exploding, as well as the number of companies dealing with individuals’ data. And, in the event of a data breach, integrity of individuals is compromised, which is one of the major concerns when going frictionless.

However, just like frictionless experiences empower people by giving them more autonomy, new data protection regulations now empower them with data privacy.

The EU General Data Protection Regulation (GDPR) has set up new foundations for data protection, especially with Article 15 which gives EU citizens the right to access their personal data. Now, individuals own their data and can decide whether it can be used by organisations. The European data protection regulation has also increased data consciousness among people who now pay more attention to their data, how it is used and by who.

Regulations like GDPR thus play a role of “frictionless enablers”; companies respecting the regulations’ principles are more trusted by individuals and so are able to use data to make individuals’ lives and business users’ daily jobs easier.

The reality is, no matter what audience we are talking about – be it customers, IT teams, suppliers, or a desk-residing employees – enterprise organisations must fully embrace being frictionless in every part of their business in order to be a truly transformative business in 2019.

Ciaran Dynes, Senior Vice President of Products, Talend

Running on empty: why security teams are facing cyber-fatigue

IT Portal from UK - Wed, 07/03/2019 - 05:30

Usually, competition between products works to the benefit of an industry. Each competing vendor is spurred on to innovate, ultimately driving the market forward and, in theory at least, delivering the best overall output to customers. However, the security industry is at the point of saturation, and currently struggling to cope with the sheer volume of point products at its disposal. There are more than 1,800 security vendors in the US alone, with an average of nine new vendors emerging each month. When you take into account the vendors in Europe, Israel and other parts of the world, this total rises to nearer to 3,000.

Yet, despite the vast number of products to choose from, almost all address only a limited subset of security issues. The cybersecurity market has become swamped with products, which just aren’t doing enough to individually cover the spectrum of potential threats.

As a result of this, even highly experienced security professionals are baffled by what many vendors’ solutions actually do, which ones they need, and how to differentiate between them. All of these problems come before they even begin to approach implementation and management of the products they decide to use, highlighting just how complicated the process has become.

More products, more problems

The increasing volume of security products has not only increased the cost and complexity of the security ecosystem, it has simultaneously degraded overall security, agility and – ultimately – efficiency.

Every security product generates multiple alerts every day. The average enterprise uses between 25 and 30 security products, due to the previously mentioned issue of each product only addressing part of the threat spectrum. This range of products can produce a total of more than 500 SOC alerts in one day. Considering that a single analyst can only handle around 10 of these, there is a glaringly obvious imbalance which needs to be addressed. In fact, research has revealed that analysts are only able to investigate four per cent of the alerts that they receive. These figures make it clear that dealing with all of these alerts is not just overwhelming, but simply unmanageable. Security teams are being left with no time for proactive threat-hunting, or searching for indicators of compromise. Therefore, it is unsurprising that genuine threats are slipping through the net every single day.

Even larger enterprises - which may use up to 100 security products - can’t cope with the endless stream of alerts they are being bombarded with, despite having more resources. Due to the rapidly escalating skills gap in the cybersecurity industry, it isn’t a viable option for these organisations to fund exponential growth of their security teams. Recent figures suggest that there could be as many as 3.5 million vacant positions in the industry by 2021, meaning that this problem is only going to intensify. With larger businesses struggling to stem the flow of alerts, the situation is looking increasingly bleak for smaller enterprises.

Unsurprisingly, the security industry’s response to this problem was to introduce even more point products in the form of SIM/SEM - or SIEM - solutions. Instead of handing control back to security operations staff by generating meaningful actionable alerts, this additional layer has actually plunged organisations into deeper cybersecurity chaos. Many face a constant struggle to extract value from their SIM/SEM deployment, creating - you guessed it - more alerts for security professionals to sift through and analyse. 

Thinking outside the black box

Integrating a company’s security products seems like the most logical solution but, unfortunately, with point products this is problematic, because each one is essentially a security black box. Security teams are, therefore being forced to observe multiple admin interfaces and dashboards in order to attempt to keep their organisations secure, which is creating a huge drain on efficiency. Understandably perhaps, there’s a deep-rooted reluctance for individual vendors to open up their products to enable a fully automated response. Some argue this makes them less secure or more susceptible to attack but, whatever the reason, the vendors’ black boxes remain firmly closed.

Yet, it’s clear that security vendors need to alter their methods, as this current black box approach is consistently failing security teams. New products should be interoperable, protecting different threat vectors, such as email, web, cloud and multi-factor authentication, simultaneously.

Integration and autonomy is the answer

It is now evident that papering over the cracks left by point products with more management layers is creating more problems rather than solutions. Simply put, a properly integrated, autonomous security response is needed - one that prevents attacks before they even occur. Once all security products are integrated within a single platform, there will no longer be a barrier to sharing and exchanging short term security data on users, user actions, devices and content.

Theoretically, this would mean any single product could intervene autonomously based on information collected by other products. If integrated security products become proactive rather than reactive, cyberattacks will be prevented automatically.

As a result, organisations could be lead from the current overwhelming sea of alerts, to the greener grass of low risk, low cost and limited liability.

Richard Walters, CTO, Censornet

Entering the third age of digital identity

IT Portal from UK - Wed, 07/03/2019 - 05:00

It isn’t just the Facebooks and Googles of the world that are hoovering up the data we leave about ourselves online and using it for their own gain. After all, monetising user data has been the dominant business model in the digital economy for nearly two decades.

Don’t let lobbying and marketing campaigns fool you – this business model is fundamentally incongruent with privacy. These services were never designed to be security- or privacy-first. And so, consumers are given a false sense of trust when it comes to how they think, or want, companies to protect their data.

Instead, consumers shouldn’t be bound to the services and social media platforms they use. Yes, data is a currency with which to negotiate with brands (i.e. your preferences in return for a discount), but to take control of who has access to our data, we need to adopt a new mindset. 

Digital independence must be at the forefront of our minds. And to understand what digital independence is all about, we need to delve deeper into the concept of digital identity. More specifically, we need to understand how digital identity has become integral to our society.

What is identity?

Our identity comes down to how we are perceived. This can be through face to face interactions, and the information we voluntarily share with those we meet. In this respect, we control the information we want to share, when we share it, and thus how we are perceived.

A digital identity changes that paradigm completely. While we are still able, in some respects, to choose what information we want to share online, we’re often forced to part with data in order to sign up for new services. Along the way, we might also thoughtlessly or unknowingly share information or insights about ourselves. As brands connect the dots between the information we’ve volunteered and the information we might not know we’ve shared, our digital identity becomes much more complex.

As a result, digital identity a confusing, fragmented, unavoidable part of our lives. Digital identity is a pre-requisite for many critical services and has much higher value than before, as the companies and institutions we entrust our data to look to leverage it for their own gain.

Entering the third age of digital identity

It wasn’t always like this. As the internet has grown in both influence and reach, digital identity has gone through its own distinct changes, or Ages.

The First Age of digital identity was about management and containment. At the dawn of the internet, people slowly began to trust a small number of favourite service providers with volunteered information. E-commerce came into existence, and people had an easy to manage relationship with the limited digital service providers they chose to use.

The Second Age of digital identity started when the internet became far more widespread and was adopted as a part of daily life. This new Age was more complex and fragmented. We became much more aware of the extent to which our data was being used by web companies and other online giants. Surveillance Capitalism, or the commoditisation of personal data, was born, and we began to realise that we are all part of it. This is where the struggle for control of our digital identities began.

We’re now in the Third Age of digital identity. Connected technology is all around us, and more of our lives are online than ever before. We are also beginning to understand the extent to which our data is collected and commoditised. We’ve realised that, in the digital economy that we live in, a secure and controlled digital identity is essential. However, with the internet playing a role in all aspects of our lives, the control over and access to our digital identities that third parties have is growing – and this is worrying.

Like it or not, our lives are shaped by the digital footprint we leave wherever we go. Every click, every second we spend looking at an article or video is constantly being analysed by the applications that we use daily. This obsession with engagement and personalisation has created echo chambers, amplified misinformation campaigns, and mobilised extremists. These same underlying technologies dictate many other parts of our lives: who we see on dating apps, how much our insurance policies cost, and our fitness for a new job.

Raise the flag

We should not have to worry about trading privacy and control in for access to the technology we want and need. So, what can we do to become digitally independent of all the services that cross-share our data for their own benefit? How can we attain our digital independence, similar to the First Age, where we had the choice of who we shared our data with?

Digital independence is crucial for a safer and more secure Third Age, but it requires taking matters into your own hands. There are some simple but effective steps you can take to do so; a starter could be eschewing single sign-on and using a decentralised password manager to create unique, super tough passwords for each website or service you use. This prevents the sharing of data and cross-advertising. It also makes cross-platform tracking from a single entity like Facebook far less invasive than a Single Sign-On function (as in the instance of the Login with Facebook function), and prevents you from storing all your eggs in one basket.  Password managers should automatically enter account credentials on every site, and on every device, you use, so you don’t have to try and remember each and every password for all of the online accounts you have.

Digital Independence is a state that all netizens should aspire to reach, and only through the full control of our digital footprint will we achieve it. Now that more and more companies such as Mozilla and Apple are positioning themselves as privacy-first brands, there are more resources than ever to help you take control of your digital identity. The Third Age of digital identity is at an inflection point: where companies realise that consumers are caring more and more about their own data, and are realising that the data they had is no longer an asset to them, but a burden to protect.

Emmanuel Schalit, CEO, Dashlane

The brains & brawn of B2B social media marketing

IT Portal from UK - Wed, 07/03/2019 - 04:30

A whopping 56 per cent of companies haven’t formally defined buyer persona(s), which is holding their marketing and sales efforts back. Why? Well, you need these semi-fictional characters, created based on market research, to represent your ideal customer(s) in order to provide streamlined structure and insight to company-wide efforts. In the B2B tech world, buyer personas are primarily used to help reach decision makers where they are and with the messages that are most likely to resonate.

More specifically, buyer personas are more critical to a B2B tech social media marketing strategy than most realise. They define the right mix of channels and messages, which is essential to success. However, defining them is only the first step.

The following tips explain how to utilise personas to ensure your technical buyers not only see your messages, but that the messages resonate with them and actually prove social media marketing works!

The power of personas - identifying channels

Oftentimes technology companies, especially those in the growth stage, are running on all four cylinders perfecting their products and services, focused on getting ahead of the competition. As a result, they sometimes forget one important tactic inherent to scalability – customer research. According to Cintel’s B2B buyers study, 70 per cent of companies that miss revenue and lead goals have not conducted qualitative persona interviews. The moral of this sad tale: taking the time to do the customer research could not only perfect your overarching social media content messaging and ensure you reach the right audience on the most popular social channels of your burs, but also boost your marketing qualified leads (MQLs) and, ultimately, sales

For example, I’m willing to bet my next pay check that an oil and gas executive isn’t signing on to Instagram to look for a cybersecurity solution, and reversely a B2C buyer isn’t shopping for coffee on LinkedIn. Understanding what social network your buyer persona frequently logs on to in order to talk shop, read peer reviews or promote their own business is imperative.

Steering the social media ship

Once you do your persona research, you’ll find that technical buyers, similar to any other consumer, have an expectation of transparency and expertise from a tech company’s leadership. In the era of distrust, 44 per cent of a company’s market value lies in its CEO, (that number jumps to around 80 per cent for a tech startup), and 73 per cent of buyers are willing to pay more for products and services that guarantee total transparency. Therefore, your social media strategy should include setting up and maintaining profiles for your company’s key subject matter experts – not just your brand channels.

A recent study from LinkedIn revealed that companies with a socially active C-suite are 58 per cent more likely to attract top talent, and their employees are 24 per cent more likely to feel innovative. In short, we’re 99.99 per cent sure your through your persona research you’ll find that your customers will connect and trust personal social media channels. After all, they are the most authentic conduit to all your target audiences – media, influencers, partners and buyers – allowing you to create a narrative that showcases your executives’ expertise, opinions and even a sense of humour. The results go far beyond building trust and help the company earn media coverage, website referral traffic and ultimately, qualified leads.

Forget followers and focus

With only ~2 per cent of your followers actually seeing each piece of your company’s content on Facebook, you’ve got to be sure there’s ROI on the 30+ minutes it took your social media manager to strategically craft and optimise a post. It’s also why using your buyer personas to deploy content on the right-fit channels, then setting realistic goals on said channels, is essential to proving social’s impact. Forget follower counts and focus on what really matters by looking at social through an integrated lens. For example, instead of looking at impressions (let’s be real, that is a fluffed-up number that doesn’t mean much at all), find the correlation between the social syndication of thought leadership content and earned media for the quarter. Or, compare your company’s share of voice with social media influence it has on its channel.

Aligning KPIs between social media efforts and overarching business goals will also help brands steer clear of basing their success on vanity metrics, like followers, page views, subscribers and other flashy analytics that are satisfying on paper, but don't move the needle. Remember, what really matters isn’t the count, it’s the quality of the follower – the one that fits your buyer persona(s). Even Jack Dorsey, co-founder of Twitter regrets creating habits and tools that put too much focus on vanity metrics. During a recent TED2019 interview, Dorsey revealed a few big changes he’d make if he were starting it today, like not emphasising the follower count as much or creating the “like” feature. Similarly, at this year’s F8 developer conference, Instagram announced it would start to experiment with publicly hiding like counts. There’s finally a shift in the air that will hopefully continue to dim vanity metrics’ power.

In 2019, there has never been more truth to Marshall McLuhan’s prophetic musing that the medium is the message than when referring to social media marketing. As algorithms continue to shift and distrust continues to grow, observing the behaviour of your target buyer personas will help you assess your entire social media strategy and pivot when needed, so that you never have to take another sales call about the hottest social media network, filter or fad – your personas will have already told you where you need to be, who needs to be there and what you should be measuring to prove true business impact.

Blair Broussard, chief operations & people officer, ARPR

Business email compromise phishing scams on the rise

IT Portal from UK - Wed, 07/03/2019 - 04:00

Having been in the computer security field for over 32 years, never in my career have I heard more complaints about big money lost due to business email compromise (BEC) phishing scams than this year. A BEC phish is a malicious email which attempts to get the receiver to send or do something of value against their own organisation’s interests by purporting to be from a boss, co-worker, or vendor claiming to have an existing working relationship.

A multitude of businesses have lost hundreds of thousands to millions of dollars, and it’s been going on for years. Google and Facebook lost $100M, an Australian aerospace parts maker lost $47M, and California network equipment maker, Ubiquiti lost $46.7M. Businesses, cities, hospitals, along with tens of thousands of normal businesses have lost significant parts of their income due to BEC phishing scams.

Every governmental regulator body tracking BEC scams is reporting not only an increasing number of BEC attempts and fraudulent successes, but also growing rates of attack. In 2018, the rate of BEC scams doubled from the previous year, with the United States’ Federal Bureau of Investigation stating that BEC scams have stolen over $12B since 2005. In the UK, Lloyds Bank reported that BEC scams have risen over 58 per cent in the last year. An alarming 53 per cent of BEC victims reported that scammers had impersonated their bosses and 52 per cent reported receiving emails from suppliers that had been impersonated.

Signs of a BEC

There are many signs that an incoming email request may be a BEC. All the normal phishing “red flags” apply. For instance, if the email’s display “From” and “Reply To” email addresses are different (see the figure below), it’s good to be very cautious.

If the email is unexpected, has a strange, unexpected subject, or contains unusual grammar or typos for the sender, it should also be considered suspicious. But BEC scam emails have attributes which are particular to BEC scams. These include:

Fake look-alike email addresses

BEC emails often originate from a fake email address which is created to look like it could be the legitimate sender’s personal email address, or it can come from real sender’s email account that has been previously compromise by an attacker. In most cases, the originating email address is one which appears as if it could be from the legitimate sender, but is from one of the most popular public, free email services, such as Gmail, Yahoo, or Outlook.com.

In the example BEC excerpt figure below, the email was created by someone who created two fake Gmail email accounts in the name of KnowBe4’s CEO, Stu Sjouwerman (i.e. stusjouwerman@gmail.com and stujouwerman@gmail.com). Stu has a personal email account, but it isn’t one of those email account names. 

It’s really quite easy for get a fake, look-alike email address. All the scammer needs to do is go to any popular public email provider and create a new account, then input all the various combinations of the originator victim’s real name. Oftentimes, using the full name within the email address will readily work because “real” people create and use email addresses shorter than their real full name to save typing and time.  The scammers are hoping that employees will automatically assume the sender accidentally sent the email from a personal email account or did it on purpose, so they don’t question its use.

Stressor events

BECs almost always include one or more “stressor events” to help push the receiver past any little concerns they may have. A stressor event is anything included description which is intended to make the receiver’s emotions override their normal sceptical attitude. Common stressors include text similar to the following:

  • “I need you to do this ASAP! There is a huge business deal depending on this.”
  • “If this bill is not paid immediately it will be turned over to collections!”
  • “I need the gift cards by the time my flight sets down!”
  • “Don’t let me down, this is what I pay you for.”
  • “If we do not get the W-2 list today payroll will be late!”
  • “If you have not made your escrow payment at least 10 days before the closing meeting, you will not be able to close on your house.”

You get it. The sender will say something to emotionally stress the receiver. 


Some BEC emails carry “sweeteners” which promise a reward if the receiver follows the instructions. For example, the receiver can keep one of the requested gift cards for themselves or the company will soon celebrate a big deal closing because of the receiver’s help. The combination of a stressor event followed by a sweetener seems to be the key to success for many BEC scam emails.

Out of normal communications

Another common BEC attribute is that the sender will always claim that they cannot use normal communications for some reason. Either their normal email account is down, they are getting ready to get on an airplane, or their cell phone is acting up. The scammer’s idea is to get all communication between themselves and the victim to the newly trusted email account. If the scammer knows the normal approval process, the email might even include a warning not to let the approval person know, with an example text similar to this: “Don’t contact accounting about this request as one of the gift cards is being given to them tomorrow as a surprise.”

You would think that every person receiving an email with these common traits would be overly suspicious and never respond to them or carry out the action. You would be wrong to the tune of over $12B and counting. Humans are naturally helpful and want to avoid the promised negative outcomes for hesitating to do something now.

Common BEC Scams

Here are some common types of BEC scams:

Online Gift Cards

Many BEC scams encourage the receiver to get thousands of dollars in online gift cards (e.g. Amazon, Green Dot, etc.) and to forward the serial numbers and activation codes to the sender after they are purchased. Be suspicious anytime a boss asks you to purchase gift cards when they haven’t talked to you in person about it before.

Fraud Invoices

Many of the biggest BEC scams have involved elaborate fraud invoices. Most people have received fake invoices requesting payment for things like new computers and printer ink arriving out of nowhere. But BEC scammers are becoming more brazen. For example, the Google and Facebook BEC scammer learned the amount that companies Google and Facebook routinely paid for computer equipment and created new (legal) companies with very similar sounding names and with real bank accounts. That way, when the scammer got paid by corporate check, he could cash them in his new company’s bank accounts, wait for them to clear, and then pocket the money using a withdraw. He got away with the scam for years.

Tax Scams

Around tax time, BEC scammers love requesting confidential information which will allow them to file fraudulent tax returns. In the United States, W2 scammers will pose as Human Resources or Payroll departments and ask employees for their W2 tax information so they can be sent their W2 for tax preparation. Or they will pose as an external corporate payroll entity and ask a company’s human resources for all employee “updated” W2 information, so they can get all employees’ tax information at once.

Wire Transfers

Perhaps one of the most common types of BEC scams is one where the sender tries to trick the receiver into wiring money electronically using information needed to wire money. The sender usually claims that an existing invoice must be immediately paid or sends “updated instructions” from the email account of someone the victim already does business with.

Mortgage Fraud

Mortgage fraud is a subset of wiring transfer BEC scams. With this type of fraud, the attacker breaks into the computer or email account of someone involved in the mortgage industry, often a bank loan officer, mortgage agent, or escrow agent. They will then sift through the officer’s current case load and figure out the best opportunities of attack. Then they will send out a forged email to the person or representative of the entity attempting to get a mortgage telling them that the down payment for the mortgage loan must be sent to “escrow”, so they can get their mortgage on the property they are wishing to acquire.

The email will come from the person the victim was expecting it to come from and will contain all the real details the victim was expecting, except that the money wiring transfer instructions are fraudulent. The victim ends up sending money to the scammer, which they often never get back. The victim is out of the money, plus the property they were hoping to acquire - unless they just happen to have a second escrow amount available to them and ready to spend - and all the other financial people that were inline hoping to make money off of the transaction when it closed are out of their monies as well. It’s a dastardly crime, gaining in popularity, and hard to stop.

Although these are common representative types of BEC scams, there are hundreds of variations on the meme, each of which attempts to trick victims into committing an act against their own interests and their organisation’s interests.

Defending Against BEC Scams

This is not to say that BEC scams cannot be successfully fought within organisations. Education is key. Start with making sure that the security awareness programme covers BEC scams, especially if the business is particularly at risk from BEC crimes because its processes a lot of invoices or the boss frequently works remotely. Potential victims must know about BEC scams, what they look like, how to spot them, and what to do once they suspect someone is trying to BEC scam them.

Another important defence is to make official organisational policy changes which make it harder for BEC scams to be successful. Make a policy that says employees can never accept a request for money or information from a co-worker if it doesn’t come from their legitimate organisational account. Any requests from a co-worker coming from a non-organisational account must be ignored, discussed with the purported user, and sent to IT security if fraudulently sent.

Another important policy change is to make it a requirement that all unexpected requests for money or information be verbally confirmed by the purported sender before it can be accomplished. If the sender can’t be contacted outside of email and the request verified, then the transaction should not be conducted. Even expected requests for money or information should be verified verbally if the request meets a minimum value threshold (say £500 and above).

The only way to help mitigate the risk of BEC scams is to educate end-users about their existence, give lots of examples, test them with simulated phishing campaigns, and create policy that makes it more difficult for BEC scammers to be effective.

Now go out there and put down some BEC scams!

Roger A. Grimes, Data-Driven Defense Evangelist, KnowBe4

The Controversial History of United Fruit

Harvard Business School Working Knowledge - Wed, 07/03/2019 - 00:00
Re: Geoffrey G. Jones9257Geoffrey G. Jones24276Cold Call Podcast