Monday, June 26, 2017

Most UK People Trust AI Says Research

New research from US CRM and strategic applications company Pegasystems has found that 60% of UK people would use more Artificial Intelligence (AI) if it saved them time and money.

Real World Value

The UK results are drawn out of a larger survey which involved 6,000 people from 6 countries. The survey results show that British people accept and feel most comfortable using AI for specific, practical, real-world, time saving, benefit-delivering and value-adding purposes. These include personalising their online retail presence, getting a better diagnosis from the doctor using AI, and using AI for better financial services.

Supports Other Survey

The positive UK view of AI shown in the Pegasystems survey results appear to support the results of an Accenture survey carried out with 32,715 people (3,007 of them from the UK). This showed that 68% of UK consumers would use software robots for banking services. Many consumers found that the ‘artificial’ aspect was, in fact, a positive because it meant that there was impartiality.

Suspicion

Not all UK consumers are used to / comfortable with the idea of AI in their working lives, and many are clearly suspicious that they will lose their jobs to AI automation. In a YouGov survey for Konica Minolta involving 11,362 people from nine countries for example, 20% of respondents thought that their daily tasks could be automated through AI and robots, and 10% believed up to 60% of their role could be taken over completely by AI robots.

This is consistent with the findings of a report by PwC back in March this year which claimed that over 30% of UK jobs could be lost to automation by the year 2030, and that 44% of jobs in manufacturing (where there are already many robots e.g. car manufacturing), especially those involving manual work, look likely to go to AI-led software or robots.

The same report singled out Transportation jobs as being at particularly high risk for robot replacements where 56% of jobs could be lost to autonomous vehicles. The report also highlighted jobs in the UK’s largest sectors, wholesale and retail as looking vulnerable to (AI) automation.

Already Used

Most of us already come into contact with AI as it is already used in many different ways. For example, the London Borough of Enfield uses a software AI robot to provide customer services so it can redirect resources, and Transport for London (TfL) has developed an intelligent agent-based chatbot on Facebook’s AI application programming interface (API) to be used as a digital travel assistant through Facebook’s Messenger app.

Google also introduced its AI Neural Machine Translation system (GNMT) to automatically display business reviews in the language that your phone / device is set to (for overseas travel), and Microsoft has added the new AI ‘Microsoft Team’ toolkit to Office 365 to help improve workplace communications and collaboration.

A Step Further

Developments that have taken AI a step further again to show even more of its potential include the Watch, Listen and Spell (WLAS) system that can read human lips better and interpret more words than a trained lip reading professional. Also, the Libratus (updated from Lengpudashi) AI poker program made the news by winning more than $1.5m (£1.2m) worth of chips when it defeated 4 human poker experts at the Rivers Casino in Pittsburgh in a 20-day tournament back in January.

What Does This Mean For Your Business?

Much of the popular use of AI up until now has benefitted business aspects such as customer service. Most businesses are likely to be affected by some aspect of automation e.g. software or mechanical, in the near future, either themselves of through suppliers and stakeholders. There is an inevitability that AI and robotics will alter what jobs look like in the future, and will take some jobs away from humans, but it is also important to remember that they could provide huge advantages and opportunities for businesses and their customers.

Workers can try to insulate themselves from the worst effects of automation by seeking more education / lifelong learning, and by trying to remain positive towards and adapting to changes. How much AI automation and what kind of AI automation individual businesses adopt will, of course, depend upon a cost / benefit analysis compared to human workers, and whether automation is appropriate and is acceptable to their customers.

EU Roaming Charges Finally Finished

After a decade of campaigning by EU citizens and after 2 years of preparing the mobile networks for the change, The European Commission has announced that there will be no more EU roaming charges.

What Does This Mean?

The abolition of roaming charges applies to calls, texts and browsing the internet, and this means that citizens who travel within the 28 countries of the EU will be able to call, text and connect on their mobile devices at the same price as they pay at home.

Balance

Statements from the EU have focused on what a valuable achievement the agreement between mobile network operators and EU countries is in terms of its contribution to the idea of the EU's Digital Single Market and accessibility for all citizens.

Other statements have focused on the balance that has been needed to strike the deal with the mobile phone networks. This means offering customers a better deal and maintaining profitability of mobile networks, and many people have taken this to mean the mobile networks could make up the charges lost in roaming fees in other ways e.g. increasing domestic phone tariffs and charges.

Are There Any Caveats And Exceptions?

Yes. Although, as the EU statements say that roaming charges have been abolished for travellers in the EU, there are some important caveats, exceptions and anomalies. These are:
  • Exceeding your agreed minutes, texts and data allowances are still chargeable in the in the EU, just as they are in the UK.
    The fair use clause still applies to data roaming. This means that even though you can make as many calls and send as many texts as you like at domestic prices, if your roaming data use exceeds “a reasonably high volume” at domestic rates, you may have to pay a surcharge of approximately £8.30 per gigabyte (inc VAT).
  • If you spend more time abroad than at home and consequently use your mobile more abroad than at home, you may still receive roaming charges. This is a result of a clause that was designed to dissuade people from taking out a contract in a low-cost country e.g. Romania.
  • Different providers include different countries in their roaming territories. Also, some countries are not automatically covered by the new rules e.g. Switzerland, Monaco, Andorra, some Eastern European nations, the Channel Islands and the Isle of Man.
    Roaming charges will still apply when you are on board European ferries or cruise ships in the Mediterranean, the Baltic and across the English Channel. This is because you are between EU ports and are using a satellite link to the ship.
  • Calling another EU country from the UK will still incur extra charges.
  • Calls to any EU country are now cheaper as long as you make them from any EU country that isn’t the UK.
  • Three non-EU countries in the European economic area have not yet introduced ‘Roam Like at Home’ charges, but have said that they may do so a short time after 15th June. These are Iceland, Norway and Liechtenstein.

What Does This Mean For Your Business?

For business people who are frequent overseas travellers, and for UK citizens who plan to use their mobile while on holiday abroad, this announcement is good news. There is still a rational suspicion that the mobile operators will make their lost roaming charges back somehow e.g. with higher tariffs and extra charges.

Brexit could, however, mean that the UK may lose its right to freedom from roaming charges. Some commentators believe that the UK could avoid this by negotiating equivalent measures, and / or that the mobile networks will introduce some lesser charges.

Legally, the UK government could decide whether EU price restrictions on roaming apply after Brexit because EU price restrictions on roaming or not after the UK leaves the EU are part of a regulation (not a directive), and, therefore, are not technically part of UK law. At this stage, it is unknown exactly how Brexit will affect the roaming charges issue going forward.

SAP Driven Change At Greggs

The baking and retail high-street chain Greggs is reported to have undergone a £25m change programme for its 1,500 outlets, using a range of SAP software to simplify and better integrate its business processes, and make it more competitive in the lucrative ‘food-to-go’ market.

What Is SAP?

Started in 1972 by IBM employees in Germany, SAP is a software and programming company that was on Forbes 2016 list of "The World's Biggest Public Companies” in third place, just behind Microsoft and Oracle. According to SAP, 75% of all global business transactions come in contact with an SAP system, and the company now focuses mainly upon cloud computing options.

SAP’s Business Suite On Hana

One of the main elements of the transformation of Greggs is reported has been the use of Business Suite on Hana for its enterprise resource planning (ERP) since 2014, and now the use of the updated, (in-memory) S/4 Hana ERP system.

The introduction by Greggs of SAP’s Ariba for procurement and San Francisco-based SAP SuccessFactors cloud-based, software as a services learning management system for HR and training are reported to have helped Greggs to integrate, centralise and consolidate compatible systems right across the company, rather than relying on lots of different software suppliers and systems.

The combination of SAP elements is reported to be needed to help manage future growth as part of an ambitious five-year transformation project because of the increasing scale of the company, and because Greggs is a manufacturer, as well as a retail front-end distributor of its food. The ‘Sunrise’ programme from Greggs, therefore, aims to use SAP to centralise the business and make it more responsive to customers' needs.

Training

It has been reported by the 70 strong IT team at Greggs that, so far, the SuccessFactors learning management system has delivered training to 16,000 staff, and that 1,500 shops (at the rate of 100 shops a week) have converted to the new SAP technology.

Keytree

Greggs is reported to be have been using international award winning design and technology consultancy Keytree to help with improving its production and warehousing in its supply chain. This will be the next phase of its change programme, but Keytree was first selected to work with Greggs back in 2015 as the SAP Systems Integrator for the first of two phases of the retailer’s business transformation programme.

Keytree also helped with the delivery of cloud-based Learning and Development solutions through SuccessFactors, and with the implementation of Source to Contract requirements using Ariba solutions, which wil have enabled Greggs to better manage 4,500 suppliers across its operations.

Keytree has worked with many large clients including Dyson, Mercedes-Benz, National Grid, and News International.

What Does This Mean For Your Business?

This story is an example of how many businesses are switching to cloud-based technology and systems to improve management and collaboration, and to ensure that important functions can be homogenised, product availability and waste can be improved, consistency and quality can be maintained, and companies can keep pace with rapid growth while still allowing room for innovation.

Cloud-based systems such as these also help businesses to save costs (e.g. in training large numbers of employees) and adapt quickly to changes in the marketplace, both of which will be needed by Greggs to compete effectively in the future of the evolving and competitive food-to-go’ market.

Amazon’s Acquisition Of Whole Foods Disrupts US Grocery Retail Market

Amazon’s $14 billion acquisition of struggling grocery chain Whole Foods Market Inc, announced last Friday, will now see Amazon take on bricks-and-mortar grocery giants such Wal-Mart.

Amazon In The Grocery Market

Last month, Amazon expanded upon its existing Amazon Fresh grocery service, which already operates in 16 cities worldwide, with a trial of the ‘Amazon Fresh Pickup’ service from two ‘bricks-and-mortar’ locations in its home city of Seattle.

Amazon Fresh offers attended delivery (hand-to-hand drop-off) or doorstep delivery of groceries, and the new Amazon Fresh Pickup service invites customers to come and pick their shopping up themselves from Amazon’s stores, rather than having it delivered to their door.

Why Buy Whole Foods?

US store Whole Foods, which has notoriously high prices, and has been struggling in recent years is believed to have been purchased by Amazon:
  • In order to fight back against traditional bricks-and-mortar retailer Wal-Mart who acquired retailer Jet.com for $3 billion last year in order to compete seriously with Amazon in the e-commerce world. Wal-Mart is also reported to have been going after Amazon’s higher-income customers with other online brand acquisitions including Moosejaw, Modcloth, and menswear e-tailer Bonobos. Wal-Mart is offering curbside pickup of online grocery purchases at 700 locations (with hundreds more planned), and is testing same-day fresh and frozen home delivery from 10 of its stores.
  • To compete directly with (and to take customers from) Wal-Mart at the heart of its business i.e. groceries, which accounted for 56% of its $486 billion revenue last year. It has been reported that Amazon intends to do so by reducing the Whole Foods prices and changing its assortment of products to attract a larger customer base i.e. Wal-Mart customers. Like Wal-Mart, Amazon is also large and resourceful enough to wage a price war.
  • To use the 460 Whole Foods stores which are within 10 miles of the main population centres in the US to test how Amazon can learn how to compete with Wal-Mart in the bricks-and-mortar grocery world.
  • To compete with Instacart which works with a network of 160 grocery chains and retailers across the US, and to pull Instacart’s customers into Amazon Fresh.
Concerns

Some of the concerns raised about the acquisition of Whole Foods Market Inc by Amazon (which have been denied by Amazon) are that it may cut jobs and / or use technology to automate jobs of cashiers.

Concerns have also been raised by some commentators about how the acquisition will affect Instacart with whom Whole Foods has a five-year contract. Whole Foods, however, only represents less than 10% of Instacart’s revenue, and Whole Foods has less than 1% equity in the company. Instacart is also confident that it has many more years experience in the grocery market than Amazon, and that it has spread its interests across a wide range of retailers, and that the move by Amazon may prompt other big grocery chains and retailers to seek Instacart as a partner

What Does This Mean For Your Business?

Amazon has grown and diversified at an incredible rate in recent years, and this move (in response to Wal-Mart’s moves) has meant that the traditional retail dividing lines between e-commerce and brick-and-mortar hasve now been blurred even more. This has led some leading retail commentators to say that dominance in this sector will now depend upon who is better at both e-commerce and brick-and-mortar retailing rather than just being best at one (as Morrisons discovered in the UK when its e-commerce lagged behind competitors).

The move by Amazon does look set to disrupt the U.S. grocery sector, and as we have seen with Amazon in the past, it frequently tests strategies in its home country before exporting them to others. This could mean that Amazon has the power and resources to set itself up as a serious competitor in many different sectors in the UK, just as it has recently done with its Amazon Business online trade-counter.

In the case of Amazon’s acquisition of Whole Foods Market Inc, some grocery retail commentators have, however, noted that it may not be as easy as Amazon thinks to start taking Wal-Mart’s customers because as things stand now, the two stores appeal to two very different types of customer. In the UK however, we have seen discounters (Lidl, Aldi) take customers from all of the other main supermarkets.

WannaCry Came From North Korea Say Experts

The UK’s National Cyber Security Centre (NCSC) led investigation into the origins of the WannaCry ransomware attack that crippled NHS systems last month has concluded that it came from a hacking group in North Korea.

What Happened?

The WannaCry global cyber attack back in May spread worldwide, claiming victims in 150 countries and leading to around 130,000 ransomware infections of computers. The attack also made the headlines in the UK because it temporarily crippled NHS computer systems.

WannaCry was made to exploit a vulnerability on an NSA-developed hacking tool called ‘Eternal Blue’. The rapid, global spread of WannaCry was eventually thwarted when UK security researcher Marcus Hutchins registered and took over the domain that was written into the ransomware’s core code.

Lazarus

The recent NCSC investigation has concluded that WannaCry was made and distributed by the North Korea-based hacking group known as Lazarus. This is believed to be the same group that targeted Sony Pictures with a hack in 2014 over the release of the film ‘The Interview’ that satirised the North Korean leadership. The Lazarus group is also believed to have targeted a South Korean supermarket chain.

Indiscriminate

It is believed that the WannaCry ransomware attack was indiscriminate, and the fact that the (old) NHS systems were particularly badly affected may have made it appear that it was targeted.

Traced

Initial reports from cyber security experts ruled out Russian-based hackers and focused on the fact that the code showed that it may have been created on a machine in a +9 GMT timezone.

A study and reverse-engineering of the WannaCry code, combined with some overlaps with previous code developed by the Lazarus group, plus taking into account wider evidence gathered by GCHQ’s NCSC, have led experts to confirm that WannaCry was the product of the North Korean Lazarus group. It is believed that America's NSA did not contribute heavily to the investigation because the U.S. was not hit as badly as the UK by the attack.

Was It Worth It?

The motivation of the group has been called into question since the amount of ransom paid by victims is thought to only have been around £40,000, and none of the money has been collected by the group. Also, unlike many other hacking groups, Lazarus doesn't claim responsibility for its attacks, does not release communiqu├ęs, and does not tweet about its exploits.
IT security commentators have, therefore, concluded that WannaCry is likely to have been an attack that was far more successful and widespread than the group had intended or expected.

What Does This Mean For Your Business?

In the wake of WannaCry’s rapid and extensive spread, Internet and data security, particularly with GDPR due to come into force next year, must surely now be given high priority by businesses and must be championed at board level. The danger and false economy of staying with old operating systems as long as possible was painfully exposed in this attack. For businesses, where an attack comes from is not as relevant and important as knowing that protection is in place.

Businesses need to take a range of measures to ensure that they are well defended against known cyber threats, and prepared for the aftermath, should defences be breached. Preparations could include making sure that all the latest updates and patches are installed on systems and that anti-virus software is up to date, all important data is regularly and securely backed-up, all staff are trained to spot and deal correctly with potential threats, and workable Disaster Recovery and Business Continuity Plans are in place.

Monday, June 19, 2017

Death Penalty For Facebook Blasphemer

A 30-year-old man has been sentenced to death in Pakistan after being convicted of the crime of blasphemy over his Facebook and WhatsApp posts.

Unpardonable

Under current laws in Pakistan, blasphemy ranks alongside the most serious offences, and has been described by Pakistan's Prime Minister Nawaz Sharif as being ‘unpardonable’. However, although people have been attacked and killed by vigilantes after being accused of blasphemy in Pakistan, this is the first time that anyone has been given the death penalty for blasphemy on social media there.

Blasphemy / blasphemous libel laws (against Christianity), for example, still existed in England and Wales until they were abolished by the Criminal Justice and Immigration Act 2008, and the last successful prosecution for blasphemy in the UK was Scotland was in 1843

What Happened?

In the recent case in Pakistan, it has been reported that Taimoor Raza, a Shiite Muslim (who is also, allegedly, a member of a banned Shiite group namely Sipah-e-Muhammad) got into an online argument on Facebook and WhatsApp with someone who turned out to be a counter-terrorism official.

It has been reported that Raza made 3,000 posts that could be considered blasphemous under Pakistan law, many of which related to the Prophet Muhammad, his wives and companions.

Much of the evidence is reported to have been gathered when Raza was arrested at a bus station in April 2016, where it has also been reported that he had showed the blasphemous content to others.

The Court

The case was heard in an anti-terrorism court in Bahawalpur (Punjab), some 309 miles from the capital Islamabad, where Judge Bashir Ahmed delivered the death penalty.

Climate Of Fear And Intimidation

It was reported earlier this year that Pakistan’s interior minister asked Facebook to identify people suspected of committing blasphemy so that they could be prosecuted. It has also been reported that the government in Pakistan has been making threats through TV and newspaper adverts about the consequences of blasphemous social media posts. The result is a climate of fear and intimidation, which has only been fuelled by this court case.

What Now?

Free speech campaigners have said that Raza’s conviction and sentencing are a violation of international human rights law, and it is believed that Raza will be able to appeal the sentence.

What Does This Mean For Your Business?

This is an example of how different cultures and governments can respond to media that enables free speech. It can sometimes be challenging and inconvenient for institutions and also for corporations and businesses to know that comments or criticism of their actions, beliefs, ideology etc can be expressed and widely distributed beyond their control.

Even in the UK, for example, in the light of terrorist attacks, Prime Minister Theresa May and Home Secretary Amber Rudd have expressed a desire for greater online regulation in the form of less use of encryption, the disabling of automatic encryption on popular apps, and more ‘back doors’ for the authorities to use in popular apps. Critics have pointed out that, although the idea of protecting public safety sounds reasonable, too much / the wrong kind of regulation could restrict the freedoms enjoyed by the vast majority of social media users that have made the platforms so popular in the first place.

Also, although stopping or limiting encryption of messages, and building ‘back doors’ in popular devices and systems, for example, may sound helpful for governments trying to tackle extremists, this could mean more security and cyber crime risks for the rest of us, and could lead to more cyber attacks on businesses.

May To Move Forward With Plans For Internet Regulation

Teresa May’s speech outside 10 Downing Street following the Conservative loss of parliamentary majority included an assurance that she would be pressing forward with changes to improve the UK’s security, including more Internet regulation and backdoors to encryption.

What Plans?

Prior to the UK general election (and in the wake of the London and Manchester terror attacks and the reported role that the Internet has played in enabling terrorists), Prime Minister Theresa May and Home Secretary Amber Rudd called for measures to regulate Internet use in the UK more tightly. The suggestion that a lack of regulation, social media platforms not doing enough, and the fact that encryption means that there are some messages that law enforcement are unable to read have lead to Conservative plans to:
  1. Operate an automated system of censorship for Internet use where algorithms decide what people can access.
  2. Restrict the use of encryption, and to disable automatic encryption on popular apps, thereby allowing the government / government agencies to view a person’s communications and data without permission from service providers, or the need for third party decryption skills.
  3. Continue with and broaden existing online surveillance activities.
The Investigatory Powers Act 2016 (IPA), dubbed the Snoopers' Charter, already grants the authorities a range of powers including retention of data, the interception of communications, the request for communications data, equipment interference, bulk warrants for communications data and technical capability notices. The legislation can apply to businesses globally that provide a platform for communications to persons in the UK.

Criticism

The most public criticism of Mrs May’s plans to push ahead with more Internet regulation and censorship has come from Internet freedom advocates the Open Rights Group (ORG). They have suggested that:
  • Mrs May is attempting to restore her damaged projected image as a strong leader, and that she is attempting to divert attention away from the failings of her election campaign, the controversy over having to deal with the DUP, and the upcoming Brexit negotiations.
  • Automated Internet censorship could mean that what UK citizens are allowed to see could be decided by private companies rather than the courts.
  • The government already has more than enough surveillance powers.
  • Enforcing encryption bans, and backdoors being built in tech tools could mean that all of us will then be at a greater risk of becoming victims of cyber crime.
  • These proposed measures could be the result of reactionary rather than considered policy making.
  • The changes are unrealistic and /or will be too difficult for our law enforcement and intelligence agencies to monitor.

What Does This Mean For Your Business?

The big social media platforms that have been the focus of the government’s plans have at the very least an interest in protecting their reputations. At the same time, they are likely to be cautious about kneejerk reactions to situations, and to be resistant to measures that could restrict freedoms enjoyed by the vast majority of law-abiding users that have made the platforms so popular in the first place. There may also be some truth in the fact that it may be convenient for governments to blame tech companies and social media platforms for security failings.

Stopping or limiting encryption of messages, and building ‘back doors’ in popular devices and systems may sound helpful for governments trying to tackle extremists, but this could mean more security and cyber crime risks for the rest of us, and could lead to more cyber attacks on businesses.

First Arrest Made Via Facial Recognition Technology

The first arrest made using facial recognition technology took place in Cardiff two weeks ago, just days after trialling of the technology at the Champions League final at the Millennium Stadium in Cardiff.

Local Man

Despite police using the technology at the match, reports indicate that the person who was arrested (who was identified by a van-mounted camera days after the match) is actually a local man whose arrest was unconnected to the Champions League.

What Trial?

Back in May, a report on the Contacts Finder section of the gov.uk website indicated that South Wales and Gwent Police forces would be running a trial of the latest ‘real time’ facial recognition technology on Champions League final day in Cardiff. The technology was reported to have been deployed in order to try to match 500,000 custody images from the Police Record Management system to any of the attendees of the match, or persons at the train station that day.

The intelligent cameras (created by security firm NEC) link to a real time automated facial recognition (AFR) system that was used on the day (and to make the arrest days after). This system incorporates facial recognition, uses slow time static face search, and links to specialist software that can compare a camera image data to data stored in a database to find a potential match.

The trial of the system in Wales has been scheduled to last a month, and (if successful) could be extended, and could even be deployed across the country within a couple of years.

Could Have Helped To Identify Terrorists

Some security commentators have suggested that the system is so sophisticated that had it been deployed in the London Bridge area, it could have been able to identify the third London Bridge attacker more quickly.

Used For Public Safety & Security

The use of the camera system in Wales is reported to have been for public safety and security, and to fit in with policing aims of early intervention and prompt, positive action.

Criticism

Although the Police have stated that their primary reason for planning to use the system at the final in June is crowd safety, critics and privacy advocates have commented that the use of facial recognition systems in events (and at train stations) is intrusive, and there are public data and privacy security concerns about happens to the data collected, and where, and how securely everyone's biometric data is stored.

What Does This Mean For Your Business?

The value of the contract for the AFR system used in Cardiff is £177,000. If this has only resulted in one arrest, and assuming that the appearance of the cameras didn’t act as a significant crime deterrent in themselves, you could be forgiven for thinking that the system hasn’t delivered much value so far.

Also, although the system could provide the police with valuable information e.g. if it was used with body cams, it is unlikely to act as any kind of replacement for human officers.

Despite the findings of a study from YouGov / GMX of August 2016 that showed that UK people still have a number of trust concerns about the use of biometrics for security, biometrics represents a good opportunity for businesses to stay one step ahead of cyber criminals. Biometric authentication / verification systems are thought to be far more secure than password-based systems, which is the reason why banks and credit companies have already started using them.

All this said, facial recognition systems are widely believed to have value-adding, real-life business applications. For example, last month a ride-hailing service called Careem (similar to Uber but operating in more than fifty cities in the Middle East and North Africa) announced that it was adding facial recognition software to its driver app to help with customer safety.

Virgin Patches Wireless Security Flaw

Virgin Media have developed and distributed a security patch for their Super Hub home routers after a potentially serious security flaw was uncovered by cyber security consultancy ‘Context Information Security’.

What Security Flaw?

The flaw was found to be an encryption key in a feature that was designed to allow users to make encrypted back-ups of their custom configurations e.g. port forwarding and DNS settings. The problem was that all Virgin Super Hubs were found to have exactly the same private encryption key.

What’s The Big Deal?

The Super Hub Routers ‘Super Hub 2’ and ‘Super Hub 2 AC’ (made by Netgear) are the standard home routers that are used by one of the UK’s largest ISPs, and they are, therefore, used in millions of homes (and small businesses) across the UK. Having a common security flaw in all of them, which (it is believed) could be exploited by cyber criminals using a relatively low-tech approach and low cost method could represent a major security risk for millions of people.

What Could Happen?

In an un-patched router, and with access to the administrative interface, a cyber criminal could potentially be able to download the router’s config file (the file containing the parameters and settings for the device), add their own instructions to that file, and upload it to the router again. The type of instructions they could write-in could be allowing them remote access to the router. This could, therefore, mean that all traffic to and from a person / household’s / business’s devices (PC, phone and tablet) could be monitored, and personal data / details could be stolen e.g. payment details and passwords.

How Was The Flaw Discovered?

It is not uncommon for researchers from cyber security companies to test popular devices and programs for possible flaws, and then to report the flaws to the developers / distributors of the products. The discoveries made can often benefit the cyber security company in terms of good PR as well as benefitting the developers and the users of the products.

In this case, researchers from cyber security consultancy managed to gain administrative access to the Virgin routers by reverse engineering the software for them.

Reported & Patch Produced

After discovering the security flaw, Context shared its findings with Virgin Media who were then able to produce a patch for the routers.

What Does This Mean For Your Business?

If you already have a Virgin Super Hub router, it will have been patched automatically as part of scheduled firmware update at the end of May this year. If you are about to get / have just got a new Virgin Super Hub router, you will be pleased to know that the patch / update is included with it.

This story confirms that, even with popular IT / connectivity products / technologies, there are still security flaws that could put your valuable personal data at risk. This has long been a fear, for example, with many household IoT devices too, where the advice has been to make sure that the default password is changed. Devices with common keys / passwords make it much easier for criminals to launch large scale attacks.

The only thing we can really do is to make sure that our basic online / data security measures, practices and policies are kept up to scratch, are adhered to, and that we remain vigilant.

Renewables Beat Coal & Gas For The First Time

National Grid figures show that renewable sources of energy such as wind farms, solar panels, hydro and the burning of renewable biomass / wood pellets have, for the first time, produced a greater energy output than coal and gas in the UK.

Record Breaking

It is believed that the blustery start to the summer may have been partly responsible for the UK’s renewable energy output breaking all previous records as the 19.3GW output of renewable energy (produced last Wednesday) was enough to meet more than 50% of the midday power demand which reached 35.4GW.

The record-breaking 19.3GW renewable power output was achieved thanks to solar panels producing around 7.6GW, wind farms generating 9.5GW, the burning of biomass generating 2 GW, and hydro electric power making up the rest.

Current levels show that around 10% of the UK’s power is now a generated by off-shore wind farms and renewable means and nuclear power together are now producing more power than gas and coal plants combined.

Mostly Low Carbon Now

Renewable industry trade body RenewableUK have confirmed National Grid figures which show that, with the inclusion of nuclear, low carbon sources now account for just over 70% of the UK’s energy generating output.

Prices Fall

Even though the news of record-breaking renewable output is much better news for the environment, it has caused quite a stir on the money markets. Last week’s renewable surge resulted in market prices falling into negative numbers. This meant that the National Grid paid big energy users to use more power in order to avoid the grid having too much supply, and to avoid paying energy companies to stop generating electricity.

The payments were made as part of the demand turn-up scheme and 6 businesses were chosen (through auction) to use the National Grid’s excess energy.

What Does This Mean For Your Business?

The UK is amongst the world’s wealthier countries and has an established grid, so switching more to renewables is a real option. Improvements in technology, bigger investments in renewables, and increasing support from the government have all helped to drive the costs of producing renewable energy down, and it is becoming cheaper to add a new renewable power source to the grid than a fossil fuel source.

Renewables have provided new business opportunities in the UK (solar panels and wind turbine technology), but most businesses will only really benefit financially if the cost savings of producing the power are passed along in lower energy bills.

In environmental terms, more renewables means good news in terms of lower carbon emissions but in many large countries with less well-developed grids, fossil fuel power is still needed. Also, environmental gains made by renewables here may be cancelled out by the actions of the U.S. (a large polluter) pulling out of the Paris Climate Agreement.

UK Attracting Non-EU IT Talent

One of the biggest challenges to the IT sector over many years has been a skills gap but new research from IT contractor services provider SJD Accountancy into Home Office figures appears to show that the skills gap has been a magnet for the UK attracting non-EU talent for the last 5 years.

What’s The Problem In The UK?

It has long been known that the UK has an IT skills gap, and the UK has been in competition with other countries for wages offered to IT professionals e.g. the U.S. paying more in order to attract / keep the necessary talent. The Brexit vote appears to have compounded this problem for the UK. A ‘Hired’ report, for example, showed that the Brexit vote means that the UK will not be able to attract in tech talent from other European countries, and that, as a result, the UK faces a skills gap in areas of data, security, Python, Ruby, UI and UX, and investment in up-skilling in these areas is therefore necessary. The report also found that:
  • Brexit could mean that the UK’s position as digital a powerhouse is threatened because we are unable to attract high-skilled workers from across the globe to supplement the home grown talent. The result could, therefore, be a general tech skills gap.
  • Lower average salaries for London tech jobs compared to places like San Francisco and New York could lead to a brain drain.
  • The number of UK students graduating with computer science degrees is falling which could make the formal skills gap even worse.

Non-EU IT Talent Attracted

This latest research has more in common with the Empirica research from December 2015 which showed that predictions of a large shortage of trained candidates for digital jobs in 2020 may not be as large as had previously been thought.

The new SJD Accountancy research into Home Figures has revealed that 36,015 non-EU IT professionals came to work in the country in 2016. This figure is up 50% compared to 2012.

The research also showed that, despite the uncertainty of Brexit, the number of work permits issued to non-EU IT professionals rose for the fifth consecutive year in 2016 to a record high.

Most In-Demand

One other area of value in this latest research was to uncover the most in-demand skills. These were shown to be IT business analysts, architects and systems designers, web design and development specialists.

What Does This Mean For Your Business?

Despite the findings of this research (which used Home Office figures) most businesses looking for specialist IT skills are likely to have found first-hand evidence of the IT skills gap through the difficulty of filling positions with UK talent. Brexit has undoubtedly made attracting and keeping IT talent from the EU, more difficult.

Although these Home Office figures show that some businesses are plugging their skills gaps with non-EU workers, many businesses may think that the uncertainty of future demand and Brexit-related uncertainties mean they’d rather hold back from doing so, and perhaps fill their skills gaps with contractors. The fact that competition has driven up pay levels over the last year may mean that this is also not the most attractive option, but for now, may be the most sensible one.

Sunday, June 11, 2017

Turn Off Your Ad Blockers ... Or Pay Google

Google’s new “Finding Choices” initiative will directly ask web users who encounter sites where content is funded by adverts to turn off their ad blocker or pay a subscription to view the content without adverts.

Why Ad-Blockers?

Ad-blockers are programs that work through browsers / as browser extensions (or on the network for some mobile operators). The industry narrative says that ad-blockers are used because they filter out the kinds of adverts that are intrusive (videos playing automatically, adverts between the content, multiple sponsored links etc) , slow the page load time down, and even extract personal data, and that the ad-blockers can, therefore, deliver a better experience to the user.

Ad-Blockers are now thought to be used by 22% of UK adults (IAB figures), and globally the number of ad-blocker users is thought to be as much as 100 million.

A report by AdBlock Plus and Global Web Index in the US has, however, shown that consumers use ad-blockers not just to filter out certain adverts / adverts of a certain quality, but because they don’t want to see any adverts at all on any of their devices.

Adverts Fund Content


The big problem with ad-blockers is that many content creators, content publishers, (and to an extent platforms) rely upon advertising revenue for their funding i.e. without the revenue generated by the advertising on their web pages, it would not be commercially viable for them to produce and show the content on their website.

Adverts Fund Google

The Filtering out of adverts is also bad news for Google which makes a large part of its revenue through advertising e.g. AdWords. This year for example, Google is expected to account for 78% of U.S. search ad revenue and 12.5% of display revenue.

Google is, therefore, tackling ad-blockers in 2 new ways. One way is “Finding Choices”, and one is creating its own version of an ad-blocker (with its own rules for what adverts get through) for Google Chrome.

Funding Choices

The Google “Funding Choices” idea (now in beta testing) is reminiscent of some online news sites where visitors can see a bit of the content and must sign-up or pay to see the full content. With Funding Choices a visitor to a web page who is using an ad-blocker is shown a message by the publisher that asks the visitor to either enable ads on their site (whitelist them), or pay a subscription to allow the visitor to view the website with all the adverts removed.

Google’s Own ‘Ad-Blocker’ For Chrome

Google’s other idea to protect its revenue streams by tackling the ad-blocker problem is to create its own ad-blocker which will be added to the Chrome Browser. This will reportedly block ads that don't meet with Google’s own quality standards. Google is part of the Coalition for Better Ads (along with News Corp, Facebook and Unilever), and this coalition essentially decides what kinds of adverts will be blocked by Chrome.

Google is helping publishers get ready for the change to Chrome by giving them an Ad Experience Report tool. This gives them videos and screenshots of unacceptable ad experiences, thereby making it easier for them to find and fix issues in advance of the Chrome ad-blocker’s introduction next year.

What Does This Mean For Your Business?

Businesses need advertising, and TV channel, radio stations, and websites also fund themselves, and therefore their ability to advertise businesses, by serving adverts to consumers. There is clearly a need for advertising, but as Internet users, we are often frustrated by the kind of advertising that wastes time and disrupts. It is clearly in Google’s interests to make sure that some advertising gets through, and making its own ad-blocker that encourages advertisers to improve the advertising standards and the user experience does, therefore, seem like a move that would be approved of by many consumers.

If you enjoy and value the content from a certain website, then the “Funding Choices” model is likely to be acceptable, but many of us have been too used for too long to getting content for free. In reality, many content creators have already turned to systems like Patreon where they can get funding directly from their viewers without worrying about ad-blockers.

Although these are two interesting initiatives, the battle against ad-blockers is not over yet and it remains to be seen how the ad industry tackles the issue next.

Calls For Tighter Online Regulation To Tackle Terrorism

The recent terror attacks in Manchester and London have led to renewed calls by the UK government for more to be done to beat terror online including ending end-to-end encryption of messages and tech companies doing more to find and remove extremist content.

Tighter Regulation Says Government


Prime Minister Theresa May and Home Secretary Amber Rudd have suggested that a lack of regulation, social media platforms not doing enough, and the fact that encryption means that there are some messages that law enforcement are unable to read have created what amount to creating a safe place on the Internet for terrorists to spread their ideology, recruit, communicate and plan attacks.

The Encryption Argument

Devices and some apps such WhatsApp allow users to encrypt (scramble) messages when they are sent and allow only the intended recipient’s device / app to un-encrypt them.

Although, in a time when there are very high levels of cyber crime, encryption provides a valuable layer of security e.g. personal data and bank details, politicians now appear to be arguing that there should be less use of encryption, disabling of automatic encryption on popular apps, and more ‘back doors’ for the authorities to use in popular apps.

Tech and online security commentators argue, however, that although this may close some of the current avenues for terrorists, it would leave ordinary Internet users more open to attack by cyber criminals. It would also not stop terrorists from encrypting messages manually, encrypting them in code, or finding alternative, more underground methods of communication.

Could Social Media Giants Do More?

Government criticism has also focused on social media and video sharing platforms such as Facebook and YouTube allowing hate / terrorist / extremist content to be displayed, not finding and removing that content quickly enough and, therefore, not policing and censoring their own platforms.

The global popularity of sites like Google, YouTube (owned by Google), Facebook and Twitter means that they have large amounts content uploaded to them daily (400 hours of videos are uploaded to YouTube every minute, and 200,000 reports of inappropriate content a day).

Despite the significant challenge of identifying and removing suspect content, all sites report that terrorist content has no place on their platforms, and that they are investing and making significant efforts to stop it e.g. Facebook by a combination of technology and human review, and Google’s development of an international forum to fight abuse on its platform.

What More?

It has been suggested that the big tech companies may be erring on the side of privacy and not security, and that they could be spurred on to greater efforts to deal more effectively with problems like extremist content with the help of more pressure from shareholders and advertisers.

Online Freedom Campaigners

Online freedom campaigners such as The Open Rights Group have pointed out that in reality, attempts to control and censor the Internet could be very challenging and difficult to enforce. The ORG have also warned that governments should seek sensible solutions as more regulations could simply push terrorists into more difficult to reach areas of the Internet.

What Does This Mean For Your Business?

As commercial organisations, the big social media platforms clearly have at the very least an interest in protecting their reputations. At the same time, they are likely to be cautious about kneejerk reactions to situations, and resistant to measures that could restrict freedoms enjoyed by the vast majority of law-abiding users that have made the platforms so popular in the first place. There may also be some truth in the fact that it may be convenient for governments to blame tech companies and social media platforms for security failings.

Stopping or limiting encryption of messages, and building ‘back doors’ in popular devices and systems may sound helpful for governments trying to tackle extremists, but this could mean more security and cyber crime risks for the rest of us, and could lead to more cyber attacks on businesses.

Uber Refunds Terror Escapees

After a barrage of bad publicity over surge pricing, ride-hailing company Uber has announced that it has refunded those affected by inflated prices while trying to escape from the London terror attack.

Surge Pricing

The ‘surge pricing’ which can be turned on or off when needed via Uber’s app system means that Uber customers are charged higher prices in the area of a city town where demand has suddenly increased, and where not enough Uber drivers are available to meet that demand.

According to Uber, the higher prices that can be charged at these times are designed to encourage more Uber drivers to go to that area and respond to the requests from customers.

The kinds of events that would trigger surge pricing by Uber under normal circumstances in a certain area of a city are reported to be rush hour traffic, bad weather or special events.

On Saturday Night


Unfortunately, a terrorist attack in the London Bridge area of the capital at around 10pm on Saturday night meant that many more people than normal contacted Uber to get transport home or just away from the area as quickly as possible. This surge in demand reportedly meant that surge pricing was switched on.

The criticism of Uber that followed, most of it online e.g. Twitter, was broadly made up of people accusing Uber of profiting from people who were trying to get of out an area where their lives were under threat (and were instructed to by the police) .

Since Uber can also choose when to switch surge pricing on and off some people have also criticised Uber for not turning it off quickly enough.

Didn’t Realise At First

Uber’s general manager in London Tom Elvidge, has been reported as saying that as soon as it was apparent (from the news reports) what was actually happening around the London Bridge area on Saturday night, dynamic pricing was turned off all around that area at 10:50pm. Surge pricing was also then cancelled for the whole of central London by 11:40pm.

Uber is reported to have offered free rides around the London bridge area after the surge pricing was turned off (as it did for customers in Manchester after the attack at the Manchester Arena on 22 May), as well as working with the Metropolitan Police to help them get any footage from drivers who were in the area at the time of the London attack.

Refunded

Uber has said that people who used the app in the surrounding area of London Bridge on Saturday night should have already been automatically refunded, and if they have not been refunded yet, they are advised to contact customer services.

What Does This Mean For Your Business?

Uber has come in for quite a bit of criticism over the last year, mostly relating to its app e.g. tracking people long after they have left the vehicle or turned the app off. This has led to some suspicion and mistrust in the marketplace, which can’t have helped in the light of this recent incident. Uber’s reasons for the normal operation of surge pricing sound reasonable enough, and many would say that Uber were unlucky in this case in that the incident was out of the ordinary and unforeseen.

Police response to the attack is reported to have been within 8 minutes, and TV news reports would have followed not long after that, and with the connected nature of all of us these days e.g. via smart-phones, it is likely that someone from Uber could have known about the attack relatively early on, although it may be a little harsh to suggest that those with authority at Uber didn’t turn the surge pricing off quickly enough. In incidents that are particularly terrible and shocking, feelings run high anyway, and this also appears to have gone against Uber.

Uber’s announcements of its willingness to refund, help the authorities, give free rides, and switch off surge pricing in a wide area are examples of how a good, and fast response (and PR response) from businesses to unforeseen disasters can limit damage to a company’s reputation and share price, and can even show a company in a more positive light.

Apple HomePod "Different", Says Apple

Apple is reported to be launching its “HomePod” Siri-controlled smart speaker in December this year, and although it’s in the same market as Amazon’s Echo and Sonos, the marketing message is that it’s more about music and sound quality.

What Is Siri?

Apple’s Siri is like Amazon’s Alexa. It is the intelligent, talking personal assistant voice control system that you can give commands to in natural language, and thereby operate and interact with your Apple iPhone, iPad, iPod Touch and now your HomePod.

The Focus = Music & Sound


The ‘Pod’ part of the name HomePod, and the fact that it is an intelligent speaker (with a focus on a special speaker arrangement) mean that it is very much focused on music and creating a good sound experience, rather than focusing too much on Siri and Siri’s ‘intelligence’.

The Hardware


The HomePod is a circular pill-shaped device that is slightly wider and shorter than the Amazon Echo, and the outside is covered in a minimal-style mesh white or black material. This houses 7 tweeter and 1 custom woofer speakers, microphones, and an Apple 8 chip.

What’s So Good About It?

Although it may be tempting to assume that the HomePod is a slightly late to market ‘me-too’ version of other intelligent speakers, Apple is positioning it as a new and better way of experiencing home music.

The beam-forming array of speakers and microphones are reported to be able to intelligently adjust and tune themselves to the individual shape of a room by bouncing sounds off the walls. The result is reported to be the sensation that the sound fills the room, rather than obviously coming from an isolated speaker in the corner.

The sound from the HomePod is also reported to be bassier and beefier than the Amazon Echo. All this, combined with its multi-channel echo cancellation and real-time acoustic modelling mean that the HomePod can provide a better audio experience than other ‘smart speakers’.

The HomePod is optimised to be completely compatible with a user’s entire Apple music library, and one way in which the ‘intelligent’ aspect of the device interacts with this is in enabling you to ask it to play more songs of a certain type, or by telling it (and it learning) what songs you like.

With Apple’s AirPlay 2, multiple speakers can be also used around the home.

What About The ‘Smart’ Questions?

Although the device is very much focused on the music, you can ask the intelligent assistant Siri questions in a similar way to Amazon’s Alexa e.g. the news headlines and the weather. As critics have pointed out, however, this aspect of the device is not as good as Echo, and this may be the reason why Apple have chosen to position the device with a music and sound quality focus.

What Does This Mean For Your Business?


This story shows how the market for devices with an intelligent AI aspect to them is growing and how some highly sophisticated technology is now being incorporated into what are essentially household entertainment systems. Companies are now able to produce products and services that provide highly customised experiences that adapt intelligently and relate more closely than ever to our personal likes and needs. Rather than us having to take time to learn about complicated devices and how to work the many aspects of them to get what we want out of them, we are now being offered complicated devices that learn about and adapt to us.

‘Machine Learning’ Can Protect You From Phishing Attacks Says Google

According to a recent blog post by Google’s Senior Product Manager of Counter Abuse Technology Andy Wen, AI machine learning technology was recently used successfully on the Google’s Gmail service, and reportedly blocked 99.9% of all phishing attempts that it detected.

What Is Phishing?

Phishing emails are a well-known and widely used fraudulent practice, which relies upon human error by sending emails, purporting to be from reputable companies, in order to induce individuals to reveal personal information, or to take other action such as wiring money to the apparent sender.

KPMG figures show that the value of (reported) fraud committed in the UK last year exceeded £1.1bn, which is part of a 55% year-on-year rise, and can be attributed to the huge growth of cybercrime, with phishing being one of the most popular methods.

Helping Business Fight Security Threats


In the blog post by Wen, he outlined how machine learning Early Phishing Detection is one of several new features being added to Gmail to help businesses stay ahead of potential cyber threats. Other features that Google is adding to its flagship web-based email system reportedly include click-time warnings for malicious links, unintended external reply warnings and built-in defences against new threats

Machine Learning Early Phishing Detection

The Early Phishing Detection service that Google has added to Gmail works by using a dedicated machine learning model that selectively delays messages to allow it enough time to carry out a rigorous analysis for any signs of phishing.

This works in conjunction with more machine learning technologies such Google Safe Browsing which finds and flags phishy and suspicious URLs.

These machine learning models are reported to be more than 99% accurate in detecting spam and phishing messages in Gmail inboxes. This is particularly important when you consider that that 50-70% of messages that Gmail receives are spam anyway.

Ransomware Protection Too

Google is also reported to be equipping Gmail with built-in defences against ransomware and polymorphic malware. This could be particularly relevant and important in the light of the recent WannaCry ransomware attack in the UK, which was the biggest in history, and was so devastating to the NHS.

What Does This Mean For Your Business?

Online fraud techniques such as phishing use social engineering and rely upon human error, gaps in human knowledge, and bad human decisions made under work pressures to be successful. Developing tools that can very accurately detect, flag and / or filter out potential cyber / data security threats could dramatically reduce the chances of successful attacks by cutting out the chance for human error. The introduction of machine learning / AI also means that these tools can keep themselves up to date, thereby offering better levels of protection than other methods that have to wait for updates to be delivered or activated by humans.

Empowering staff to make the right decisions to protect data can, therefore, involve the right software protection tools, as well as training in how to spot all popular, known cyber / data attack methods, and agreed processes for dealing with them.

Monday, June 05, 2017

BA Says ‘Never Again’ After Weekend Meltdown

BA has moved to try and mitigate some of the damage caused to its reputation as a result of an IT systems meltdown that left 75,000 passengers stranded at airports and separated from their luggage over the busy Bank Holiday weekend, by announcing that it will never allow it to happen again.

Power Surge

BA has stated that its flights from Heathrow and Gatwick airports on Saturday were cancelled, and flights into Britain were severely affected because a power surge shut down BA’s baggage and communication systems.

The failure of the IT systems really became less of an incident and more of a disaster because they were out of action for a day, so not only did this mean flight cancellations, but also that the airline struggled to locate and contact its staff.

Costs

In financial terms, the immediate, foreseeable costs of the IT meltdown to BA are estimated to be in the region of £170m on the market value of BA owner’s IAG share value (a 4% fall). In addition to this, compensation claims from passengers could reach as much as £150m as many had to pay for overnight accommodation, pay extra for spare seats in premium economy cabins to get to their destinations, or incur the costs of travelling with other airlines.

The cost to BA’s reputation, and damage caused to customer loyalty and the BA brand are much harder to calculate, but look likely to be significant.

Criticisms

Passengers and media criticisms have centred around the way the incident was handled e.g. a lack of communication with customers at the time, and the length of time that it took the BA Chief Executive Alex Cruz, to make an apology. Some IT commentators also pointed to the apparent lack of workable Business Continuity and Disaster Recovery Plans.

Despite BA’s claims that the problem was a local one with a local fix (problem at a data centre), the GMB union suggested that the problem was more international in nature since BA had made hundreds of its dedicated UK IT staff redundant in favour of outsourcing the work to India, presumably as a cost-cutting measure.

Scepticism

This week, IT commentators in the media have expressed scepticism about BA’s claims that a power surge was the cause of the problem. Critics of the claim have pointed out that not only is the airline industry notorious for running outdated infrastructure, but that surge protection is usually built into data centres.

A report in the Times even indicated that SSE and UK Power Networks, the two electricity companies that provide the power to the area in which BA has its data centre, have denied there was a power surge.

Some IT commentators have suggested that the real problem may have been more related to what happened when the power was switched back on, such as reboots of crucial databases taking a very long time and not being tested recently.

What Does This Mean For Your Business?

This story is an example of how, where IT systems are so vital to the running of day-to-day business, having a modern infrastructure that is monitored and tested regularly is vital (also from a security perspective).

The story also illustrates how important having current, workable, well thought-out and well-communicated Business Continuity and Disaster Recovery Plans are in modern business, particularly for businesses of this scale.

Reports of the criticisms by affected passengers also illustrates how important communication, a fast response, and a fast, clear apology can go towards mitigating some of the damaging and costly effects of a PR disaster.

Are YOU The Best Defence Against Cyber Attack?

In the wake of the crippling WannaCry ransomware attack, experts at the UK’s National Cyber Security Centre (NCSC) are keen to point out that a technology-led approach to cyber security means that the strengths of staff in the fight against cyber-crime are being overlooked.

Unreasonable Expectations

According to recent reports from the NCSC, too much of a technology-led security culture in an organisation can mean that unreasonable expectations are placed upon people in terms of making them do things that are difficult, impractical, and bordering on unrealistic in the name of security.

A prime example is a password policy that expects people to remember multiple, complex passwords that have to be frequently changed.

The Result

Evidence shows that when people in organisations are forced to use IT security systems that are impractical, incongruent with the flow of work and where people feel that they are unable to reveal that they can’t work within the system (for fear of punishment / sanctions), the results can be:
  • Employees are blamed for password failures and are accused of being incapable or uncooperative.
  • Employees look for other (unauthorised) ways of working and take matters into their own hands so that they can get their work done on time while avoiding punishment e.g. Shadow IT. The term ‘Shadow IT’ refers to apps and services that employees bring into the company systems without going through the approved channels. These are their own ideas to solve their own specific work problems.

New Relationship Needed

Experts at the NCSC now believe that, rather than locking themselves away in a kind of IT ‘bunker’ and issuing orders, there needs to be a change in the nature of the relationship between the IT Security Team in an organisation and the users of the IT systems. IT Security Teams may be able to achieve more effective results for the organisation by adopting a collaborative approach with employees.

Employees As Assets

If IT Security Teams work on the assumption that employees are assets who have information that the security professionals do not have about how the business runs and how it needs to run, through meaningful communication and collaboration, lessons can be learned, and systems and security can be improved in a more realistic way.

This re-framing and new IT security paradigm can mean that old, often ineffective security assumptions are challenged e.g. the idea that long, complex and regularly change passwords provide more than just a little extra protection.

What Does This Mean For Your Business?

Cyber and data security are vital to businesses, but only by collaborating, communicating, and creating a culture where employees are listened to, empowered and supported can businesses build security systems that are practical, effective, and work in harmony with the day-to-day business.

Although there are of course security and compatibility issues based around the idea of people introducing their own unapproved IT methods to the workplace (Shadow IT), some businesses find that allowing it to continue can mean that innovative and up-to-date solutions are found that can ultimately work better than the approved ways of doing things.

It is worth remembering that a large amount of cyber-crime now relies upon social engineering and human error to be successful. Businesses, therefore, need to provide IT and data security education and training to all employees, and understand that a chain is only as strong as its weakest link.

Is GDPR More Opportunity Than Threat?

With UK businesses needing to comply with the European Union’s (EU’s) General Data Protection Regulation (GDPR) by 25 May 2018 (when enforcement begins), should it be seen by businesses as an more of an opportunity to get the data protection house in order, and find new competitive advantages for the future?

Who / What Does GDPR Apply To?

The General Data Protection Regulation (GDPR) will apply to all UK (and worldwide) companies that store, process and use the data of EU citizens. The UK was very involved in the drafting of the regulation which was designed to make companies take the issue of data protection more seriously and to strengthen the rights that EU citizens have over their data.

What About Brexit?

GDPR will still come into force long before Brexit matters are concluded, and since it applies to companies that deal with the data of EU citizens, it (or something very similar) will apply after Brexit. UK Information Commissioner, Elizabeth Denham has said that she supports the UK adopting the EU regulation even post-Brexit because if the UK is to continue doing business with Europe, British businesses will need to share information and provide services for EU customers. It should (according to Ms Denham) therefore follow that the UK data protection law should be equivalent.

Threat

Up until now, the introduction of GDPR has made many businesses view it as more than a threat than an opportunity because:
  • There is perceived complexity in compliance. For example, a Compuware survey has shown that 75% of organisations said the complexity of modern IT services means that it is not always clear where customer data actually resides, and many organisations don’t believe they can locate individual customer data quickly enough (which could lead to penalties). Companies will also need to analyse carefully what data they are collecting and how they are using it
  • There are perceived challenges in ensuring data quality to achieve compliance.
  • Much has been made in the news about the size of the penalties for non-compliance e.g. PCI Security Standards Council threats that that under GDPR, groups of companies could face fines of up to €20m or 4% of annual worldwide turnover, whichever is greatest for data breaches (fines could exceed the current £500,000 mark).
  • There are perceived extra costs e.g. from implementing new systems and procedures, and from potentially having to a hire an in-house data security specialist manger.
  • There is no clear perception of the scale of the effort needed to comply (the effort and planning needed), or how far to go with compliance to satisfy regulators.

Advantages

Security commentators have pointed out that larger companies and those which store and use large amounts of data e.g. companies in the finance, health and retail sectors, are most likely to have started early (out of perceived necessity) in planning for GDPR. It is likely that companies that have been more proactive and have started early in their preparations, and / or have focused on privacy before, and have a framework in place that defines roles and responsibilities, will have an advantage when GDPR comes into force.

Opportunities

Some security experts have highlighted the fact that the preparation for, and the focusing on compliance with GDPR could, in fact, be an opportunity because:
  • It will motivate companies to face and tackle data security challenges that they may have been putting off or ignoring i.e. finally getting their house in order.
  • Using data in a transparent, privacy-friendly way could be seen as a competitive advantage by customers in the future, thus allowing companies to grow their customer base, collect more data and monetise it more, and build their brand through trust.
  • Adopting good data handling practices could help companies to avoid damage to brand reputation through doing something consumers would not want to happen to their data.
  • Spending more on data protection compliance and doing a better job of protecting data in the company could improve the cyber security posture of the company too.

What Does This Mean For Your Business?

Not only is compliance with GDPR (or its very similar successor) necessary, but it could actually make sound commercial sense, through providing competitive advantages (because data security is valued by customers), and could have knock-on effects to the cyber resilience of companies.

Companies that have been proactive and moved quickly on this issue could therefore be the ones most likely to minimise the threat of penalties (the law profession is already geared-up to respond to customer complaints), and gain advantages in a marketplace.

Cash Second To Contactless Payments

Projected figures from payments industry trade body ‘Payments UK’ have shown that by as soon as next year, more payments will be made using debit cards than using cash.

Driven By The Popularity of Contactless Payments

The convenience and effectiveness of contactless payments are the drivers behind a trend that will see cash payments taking a backseat to debit card payments years earlier than expected.

Payments UK figures show that UK contactless payments in 2016 nearly trebled in 2016 compared to 2015 (to £2.9 billion), and they accounted for 7% the total number of payments.

By 2018 it is predicted that contactless payments will account for one-third of all debit card payments and that there will be more debit card payments (13.4 billion) than cash payments (13.3 billion).

If the trend continues, payment commentators predict that contactless debit card payments could account for more than 25% of payments by 2026.

Contactless Technology

Contactless technology enables users to ‘tap and pay’ without entering a PIN for items up to £30 at a time. This is achieved using a special chip in the customer’s credit / debit card / key fob, smart card (also a smartphone or other mobile device) that emits radio waves in the form of radio-frequency identification (RFID), near field communication (NFC), or Samsung Pay (MST). The shop terminal picks up the radio signal and then processes the transaction.

Contactless Cash Machines Trial

Back in November 2016, Barclays conducted a trial of a new system which allowed customers to use their normal PIN in combination with leaving their smart-phone handset near to the bank machine, thereby enabling "contactless" near-field communication (NFC) transmission for cash withdrawal.

Concerns

Despite the obvious popularity of contactless and the bold predictions by Payment UK, not all customers trust the system. A Which? survey in August 2016 for example, showed that although 73% of people think that contactless cards make it quicker to pay for things, 69% are concerned about their contactless card being stolen and used to make purchases.

These concerns may not be completely unfounded because a recent Which? investigation into the contactless card security of 12 leading credit and debit cards found that they did have some security flaws.
Research has also shown that, even though ba
nks pledge to refund any fraudulent purchases, this can often take some time, and refunds can be wrongly refused.

What Does This Mean For Your Business?

The decline in the use of cash is a worldwide trend and card issuers have essentially been driving the change in customer behaviour by introducing innovations like contactless payments. For retail businesses this has meant the need to invest heavily in new payments technology in order to make it easier and quicker for customers to securely complete transactions in-store. Retailers have, however, benefited from cost and time savings (and having to deal with less cash).

Although cash is declining in relation to card payments, in the real world (especially with small businesses), cash payments from customers are still very practical and preferable. From a customer’s point of view, although many now find contactless convenient for small purchases, some groups of society need to use cash to manage their finances, and some people prefer the anonymity of cash, as EPOS style systems have long-allowed companies and marketers to gather data about us and to profile us.

Experts predict that cash will not be dying out anytime soon and most businesses realise that they need to take account of the fact that people will always want to choose the payment method that best suits them.

Amazon Grocery-Collect Shopping Launched

Amazon is reported to have extended its business reach into fresh grocery provision and is operating a trial of the ‘Amazon Fresh Pickup’ service from two ‘bricks-and-mortar’ locations in its home city of Seattle.

Order Online and Pickup From Fresh Food Warehouse

The Amazon Fresh Pickup pilot service is now being offered to Amazon Prime members who can shop online for fresh groceries and then drive to pick them up (as quickly as 15 minutes after the order has been placed) from warehouses in the Ballard and Sodo neighbourhoods of Seattle in the US.

The obvious difference to the Amazon Fresh service, which already operates in 16 cities (14 US metropolitan centres, Tokyo, and London) is that customers are invited to come and pick their shopping up themselves, rather than having it delivered to their door.

What?

As the name suggests, the produce offered in this pilot service includes meats, fresh produce, bread, dairy, and other household essentials.

Initial reports indicate that users of the service in Seattle need to select delivery or pickup before browsing on the website, and that customer choice of produce is limited by the region and by which distribution agreements Amazon has in that region at the time i.e. prices and available items vary between their pickup and delivery services.

Advantages

Some of the advantages of the Amazon Fresh Pickup service (apart from the convenience of online ordering, which is not unique to Amazon) are that there is no minimum order, there are no extra shipping, handling, or any store-related fees (other than the cost of your own petrol and a proportion of Prime membership), and Amazon staff will also load the order directly into your car if you choose not to pick it up yourself from the ‘waiting room’.

There is also the fact that rather than having to wait in for the shopping delivery to arrive, you can control when you go and pick it up, and you may decide to combine it with other business that you have along the same route.

Some customers, most likely those who order online anyway and / or don’t want / aren’t able to walk around e.g. a large supermarket and wait in long checkout queues, are likely to see the benefits of the service.

Fingers In A Lot Of Pies

This move into fresh groceries is not unexpected from a company that has extended its brand and its reach into many different markets. For example, there is now a physical Amazon-branded bookstore in New York City (Manhattan), the new digital subscription service ‘Subscribe With Amazon’ opened last month, as did the ‘Amazon Business’ online ‘trade counter’ service in the UK.

Some analysts have also mentioned a possible move into clothing plus there are reports that Amazon may be close to launching an own-brand fashion label. These reports have been fuelled by news of Amazon creating a fashion photography studio in London.

Amazon is also reportedly creating 5,000 new full-time jobs at its new head office in London, its Edinburgh customer service centre, and at three more new warehouses / fulfilment centres in Tilbury, Doncaster and Daventry.

What Does This Mean For Your Business?

Amazon’s global scale (and its economies thereof), the success of its business model and its ability to run pilots in major locations, plus the ability, strength and reach of its delivery network and its distribution and packing expertise, coupled with the power of its brand and the ease of online shopping for customers now make it a serious competitor for many companies in many different markets. Amazon is also at the forefront of innovation for distribution e.g. drone and autonomous robot deliveries, which could also be a source of competitive advantage in the future.

Where fresh groceries are concerned, UK supermarket brands’ experience and expertise, and delivery services will still give Amazon some serious competition, plus, many UK consumers enjoy the physical experience of shopping, and online ordering gives retailers (which could now include Amazon) less control over the shopping environment, and less ability to cause customers to make the unplanned purchases that are vital to bricks-and-mortar grocery retailers’ profits.

Most Microsoft Engineers Now Use ‘Git’ To Help Develop Windows

Microsoft has announced that it has now moved 90% of its engineers over to using the open source ‘Git Version Control System’ (VCS) for developing the Windows Operating system.

What is Git?

Git is a kind of software that is used in source code management to help manage a project by tracking changes to computer files, and helping co-ordinate the work on those files among multiple people. Developed in 2005, its benefits are that it is fast, ensures data integrity, and keeps things organised, even though there may be distributed, non-linear work by many different parties on the same project.

What Was The Problem?

Microsoft engineers had previously been using software called SourceDepot, but Microsoft’s large-scale development needs, the need to combine multiple different repositories (data structures), and the huge size of many of the files that Microsoft developers were dealing with meant that SouceDepot was longer deemed as being up to the job.

It is hoped, therefore, that Git will be the right choice for effectively managing the vast amount of (changing) code that the Windows Operating System uses as its source, as well as minimising any shared performance issues.

The Solution - A Customised Version of Git

Microsoft has, therefore, moved 90% of its engineers (in only a 3 month time period) over to using a customised version of GIT. The customisation involved making changes to algorithms and building-in greater elasticity to accommodate the large file sizes that developers need to work with, and to manage the bandwidth issues that could arise from the distributed nature of Microsoft’s development team.

The resulting customised system has been dubbed the ‘Git Virtual File System’ (GVFS), and its superior ability to differentiate between which files are available to use locally and which ones aren’t means that status commands that would have taken hours can now take seconds.

Location Less Of An Issue

With the new system, the location of an engineer will be much less of an issue thanks to the large amount of bandwidth (provided by Azure), and proxy servers that clone every 25 seconds.

Not All Plain Sailing

Reports from some technical commentators have emerged that focus on the results of an internal survey which showed that 28% of the 251 engineer staff aren’t happy with the change, with reasons reported as being that some development tools don’t support Git, there is a need to learn how the new process works, and performance is not as good as was expected.

Concerns have also been expressed about the wisdom and compatibility of using an open source code for a closed source operating system.

What Does Mean For Your Business?

As many businesses are users of the Microsoft Operating System, the fact that its source code is better organised and allows for faster work and updating by multiple developers should translate in to fewer problems in using the OS, better and faster fixes if there are problems, and more features being more easily developed and introduced. Other developers and third party organisations stand to benefit from the fact that the code for the news GVFS being made available under the MIT license on GitHub and open for community contributions.