Cybersecurity: How Well Protected Is Your Company Against the Rising Tide of Malicious Disruption?

My theme in this continuing blog is that business disruption – the kind that results from a continuous strategic embrace of cutting-edge technology – is not just a good thing, but a requirement. Call it creative destruction. But there’s another kind of technology-powered disruption that is simply destructive: the hacking of an organization’s digital infrastructure.

How pervasive is the threat? Consider the following:

• Computer Ventures, a researcher and publisher covering the global cyber economy, estimates that cyberattacks cost the global economy $3 trillion in 2015, a figure is likely to double to $6 trillion a year by 2021.
• PWC, the accounting and consulting firm, says that 32 percent of U.S. organizations were victims of cybercrime in 2016, and projects that 34 percent will have become victims by the end of 2018.
• Microsoft estimates that average cost of a data breach to a business is $3.8 million, and that the average attacker resides in a network for 146 days before being detected.
• A University of Maryland study found that hackers were attacking computers and networks “at near-constant rate”, with an average of one attack every 39 seconds.

U.S. consumers and businesses of all sizes are being targeted, by individuals, organized crime and even state-sponsored agencies. What they’re after is consumer personal data, credit card numbers, login credentials, access to funds, technology and intellectual property, ways to cripple operating systems and – in a recent and rapidly growing trend – ransom to restore them.

The lure of rich bounty from cybercrime has attracted some of the brightest rogue minds and hostile regimes, and they’re widely believed to be working on the cutting edge of digital technology. In addition to the fact that hundreds of thousands of new viruses and other kinds of computer malware are created every day, a concern is that some hostiles are working on quantum computers that could hack the most sophisticated encryption systems while being invulnerable to hacking themselves.

As bad as 2017 and 2018 were, 2019 is likely to even worse, as the following evolving and emerging threats are gaining momentum (my thanks here to the Lazarus Alliance):

Phishing Schemes. Nearly all successful cyber-attacks begin with a phishing scheme. Business email compromises, a highly targeted spear phishing attack, are responsible for more than $12 billion in losses globally.

Cloud Cyber Security Threats. Cloud computing has transformed the ways in which we live and conduct business, but it has also given hackers a broader attack surface and created a host of brand-new cyber security threats and vulnerabilities, from cloud malware to misconfigured Amazon Web Service (AWS) buckets. Cloud security must be addressed differently than on-premises security, and solid cloud security starts with a secure cloud migration.

Use of Shadow IT Apps. More than 80 percent of employees admit to using unauthorized IT apps at work, which are known as shadow IT. Most of the time, their motivations aren’t malicious or negligent; they’re just trying to do their jobs better. However, shadow IT usage can be a serious compliance and cyber security threat. The best course of action is to open a dialogue with your employees to determine why they believe these shadow applications are better than your existing, vetted applications.

Cryptojacking. Cryptojacking malware, which allows hackers to hijack enterprise computer equipment for the purpose of “mining” cryptocurrencies, has become more common than ransomware. These attacks can be hard to detect, but they can be snuffed out by upping endpoint security and monitoring network traffic for unexplained spikes at odd times.

Ransomware. Cryptojacking malware may be more common today, but that doesn’t mean ransomware has fully gone away. While cryptojacking can waste energy and slow productivity of your systems, ransomware can stop you dead in your tracks.

Unsecured Internet of Things (IoT) Devices. A recent Mozilla report shows that there may be up to 30 billion IoT devices by 2020. Both the public and private sector are scrambling to secure the Internet of Things. In recent weeks, the National Institute of Standards and Technology released guidelines for securing medical IoT devices, and Microsoft launched a public review of its new solution for developing secure smart devices. Ask your IT team how many things really need to be connected and automated before adopting them, and always look to secure these devices with regular updates and passwords.

What business leaders must do

Cyber defense is critical to every business, and it’s too important for senior executives not to be familiar and up-to-date on cyber threats and counter-measures, especially those in charge of companies that may not have invested enough in computer security in recent years. A sound approach to cyber security rests on two key practices: an ongoing review and dialog between CEOs and their Chief Information Officers about the organization’s security technology, and a continuing program to educate all employees about cyber threats and the organization’s computer security policy.

Millennials Are Disrupting Business…In a Positive Way!

For the past decade or so, the press has been filled with stories about how difficult millennials are to manage. We’re talking about people born approximately between 1980 and 1996, and the complaints about them are legion: They lack a work ethic, question and disrespect authority, are needy, and want to be pampered.

The description sounds like a nightmare. But as a business leader for a number of years, that negative portrayal doesn’t fit. That’s not to say I haven’t come across individual employees with those traits, but I don’t think they are any more prevalent among people between the ages of 22 and 38 than they are among any other age group.

The reason I don’t share the negative perception of millennials is because I’ve seen a very different type of millennial.

First, let’s cite some statistics. Today, millennials constitute the single largest block of employees, accounting for 36 to 38 percent of the total U.S. workforce. By 2025, some estimate they’ll account for as much as 75 percent of it.

Yes, millennials are different from previous generations, but in ways that should excite businesses. For one thing, they’re the most highly educated generation in U.S. history: a higher percentage of them have graduated from high school, as well as attended and graduated from college, than any generation before them. They’re also the most tech-savvy generation, many having never known a time when the Internet didn’t exist. Put these two facts together, and it’s no wonder that they want full information and expect the companies they work for to be more transparent, responsive and forward-thinking.

Gallup offered some clues as to how companies could make them more dedicated and engaged, finding:

• 72 percent of millennials who strongly agree that their managers help them set their performance goals are engaged.

• Nearly 70 percent are also engaged when their direct managers help them prioritize their tasks and responsibilities.

I have to cite my current company, CEI, as an example. CEI has been named as one of the best places to work in the Philadelphia area or the state three times, and twice cited as a “psychologically healthy workplace”.

When I read lists of what millennials want and need, I asked myself if they seemed unrealistic. Here are some of their biggest concerns:

• Open and frequent face-to-face communications with their managers.
• A workplace culture that emphasizes and rewards teamwork and creativity, not just output statistics and results.
• Thorough training that demonstrates how their role supports the company’s strategy and goals.
• Mentoring and coaching that prepares them for advancement in their careers.
• Flexibility for employees to achieve work-life balance, including the ability to work on a “flex-time,” job-sharing and remote access basis.

These are all values that add to work-life balance and a feeling of fulfillment in the workplace – something we all want, regardless of age. I believe the best companies already do these things, which is extremely valuable when considering how expensive it can be to train new employees. A new hire costs 1.25 to 1.4 times the base salary for the position, all while their productivity takes time to ramp up. Simply put, businesses cannot afford to continue with the status quo, or this highly educated and skilled sector of the workforce will move on to other companies that have adapted to these needs.

When we think of disruptive leadership, it can be easy to think only in terms of how technology can disrupt, but disruption can also mean changing the business culture. I urge any leader holding on to a negative view of millennials to embrace these change agents who are more likely to question accepted practices, to disrupt the status quo, and to help take the company to the next level.

The 21st Century’s Mega Disruptor: Machine Learning

Of all the technological advances mankind has achieved over the millennia that have changed the way we live and work, Machine Learning (ML) may well prove to be the one with the most powerful and disruptive effects. And while one application – autonomous vehicles – is still in its infancy, ML applications in many other business applications are already here and more are on the way.

ML grew out of the computer science of artificial intelligence (AI). Broadly speaking, AI refers to computers programmed to perform tasks that normally require human intelligence, like recognizing images and speech and making decisions. As remarkable as that is, ML goes one step further: it creates computers that can learn from experience and actually improve their performance.

Another way of putting this has to do with the way ML tames Big Data. We’re all familiar with the Big Data challenge: the Internet and a proliferating number of sensors in everyday items are generating massive amounts of data that exceed our ability to extract actionable information. ML programs enable computers to sort through immense data streams at lightning speed and find meaningful patterns that they weren’t pre-programmed to recognize. In turn, ML programs can use those patterns to make predictions of future events.

Here’s how Josefin Rosén, an ML and AI expert, describes it:

Machine learning enables computers to find hidden insights without being explicitly programmed where to look. They can change their behavior and improve their algorithms by themselves, and every time an error is made and recognized, the algorithm corrects itself and begins another iteration of learning.

The first ML application was created in 1952 by a pioneer in AI and computer gaming at IBM named Arthur Samuel. But as an independent discipline, machine learning didn’t begin to flourish until the 1990s, when the field changed its goal from achieving artificial intelligence to creating computers than can independently solve problems of a practical nature.

Now, businesses are rushing into the field with billions of dollars being invested. A recent survey of 500 chief information officers across 11 countries found that 89 percent said their organizations are using, piloting or developing strategies to machine learning. And it’s no wonder: just as AI has been used to automate thousands of manual tasks, ML has the potential to automate far more sophisticated functions that rely on data analysis used by business, government, medicine and more. The benefit is expected to be counted in trillions of dollars of increased productivity, improved customer service, creation of new products and marketing strategies, and millions of lives saved and made more enjoyable.

Machine learning applications have already started to seep into our daily lives. We have smart appliances and smart homes, voice-interactive digital assistants that can operate other devices and look up information for us, like restaurants with food we like or where our kinds of movies are playing. More and more service companies are using “chatbots” to interact with customers online, ML-powered digital assistants that respond to keyboard messages.

Behind the scenes, Uber and Lyft rely on ML applications to match drivers and riders and support dynamic pricing, rates that change based on supply and demand for rides by location and time of day. Google and other search engines use ML to improve each user’s search results employing back-end algorithms that watch how far down in the results users click on search items.

ML is also making headway in two industries with which I’m familiar: insurance and fleet.

  • User-based insurance. Drivers shopping for car insurance with Progressive can opt to install a company-provided telematics device that measures how much risk for an accident they pose, based on how often they speed and engage in harsh braking (a sign of distraction or tailgating). Safe drivers are offered premium discounts of up to $150.
  • Real-time repair estimates. Many insurance carriers are experimenting with ML-based technologies to help drivers who’ve had an accident receive real-time repair estimates by taking photos of their vehicle damage with a smartphone camera. The app is being built based on thousands of images of damaged vehicles and their repair costs.
  • Accident reduction. Fleets are beginning to turn an ML-assisted way of identifying high-risk drivers called predictive or prescriptive analytics. These algorithms use records of driver behavior and various demographic and industry data to predict the probability that they’ll be involved in a collision over the following 12 months. Once those that pose the greatest risk are identified, fleets can remediate their poor driving behavior with additional training and coaching.
  • Predictive maintenance. Based on historical data, Programs have been developed that can predict when auto parts or systems are likely to fail, and recommend replacements before those failures occur.

There’s more coming, in every industry. It’s part of what historians are calling the Fourth Industrial Revolution, in which disruptive technologies and trends such as the Internet of Things, robotics, virtual reality and artificial intelligence are changing the way we live and work. As with the previous three revolutions, many jobs will become obsolete and disappear, but – and I’m confident of this – many more will be created, and mankind will be much better off.

Competition in the business world will depend more and more on the extent to which companies harness machine learning and the related digital tools of the Fourth Industrial Revolution. The survivors will be those who master them strategically and master them first.

Edge Computing: The Next Step in the Evolution of Digital Computing

Pardon the pun, but companies in many different industries that want to get an edge on their competitors — or avoid being left behind by them — need to embrace the next step in the evolution of digital technology: edge computing. So, what is edge computing?

To put it simply, edge computing refers to digital data processing that is done in the same place or very near to where the data is collected. It gets its name from the fact that an “edge” computer is located at a great distance from a central computer (or the cloud) and handles data only for one or a limited number of devices or systems generating that data. This is in contrast to a centralized computer that collects and processes data from many sources, all of which are connected to the system by two-way wireless connections in a hub-and-spoke array.

To understand this difference, think of a typical telematics system. Sensors on a vehicle transmit data to a central computer, where it’s processed for information that is transmitted back to the vehicle. In this arrangement, the vehicle is somewhat like our earlier “dumb” desk top terminals from the ‘60s and ‘70s, which had no computing power of their own but enabled users to tap into one central, shared computer.

Using the same analogy, an edge computer is a bit like a laptop computer that can also be linked into a computer network. The edge computer can do some of its own processing for the user, while it can also send data and processed information to a central computer. In this way, an edge computer achieves a measure of independence from the master computer.

Minimizes processing time

Edge computing solves two growing and inter-related problems with this feedback loop. One is lag time, which IT professionals call “latency”. It takes time to complete the circular flow of data from a sensor to a central computer and back again, which brings us to the second problem: data volume. So much data can be generated that it taxes the capacity of the transmission conduit – its bandwidth — to send it quickly.

It’s a problem that video gamers experience from time to time, with the massive volume of graphics data occasionally causing games to stutter like a PowerPoint presentation momentarily freezing or even overloading the game to the point that it crashes. When it comes to games, that kind of system failure is annoying, but when it comes to an autonomous vehicle (AV for short) – the biggest projected use for edge computing – the lag can be fatal.

To avoid accidents, AVs will have to make nearly instantaneous decisions based on huge amounts of data, including the speed of the vehicle, the location and speed of other vehicles, the presence of obstacles and pedestrians, the configuration of the road, the road surface, and weather conditions, just to name a few. An on-board computer, powered by artificial intelligence (AI), will be needed to bring down the data processing time to crash-avoiding intervals.

Five uses for AVs

Blair Felter is the director of marketing at vXchange, a data-as-a-service provider based in Philadelphia. She writes that edge computing will be critical to the expected transition to fully self-driving cars and trucks in five different ways:

Data management. AVs will generate a staggering amount of data. In a single day of driving, an AV is estimated to generate 30 terabytes of data, much of it unstructured. Multiply that by tens of millions of vehicles (there are 250 million on U.S. roads alone) and it’s clear that wireless bandwidth will be severely challenged to avoid critical latency. Edge computing, Felter explains, will provide the extra computing power necessary for split-second analysis and vehicle response.

Vehicle to vehicle communication. To achieve maximum safety, each AV will need to respond not only to its own sensors, but data and information generated by other vehicles on the road. Examples include real-time weather, road construction, and traffic conditions during rush hour. Edge computers will enable AVs to send and receive that information without having to be connected to distant cloud servers. This will also be achieved via vehicle to vehicle communication.

Processing speed. On the road, extra milliseconds in data processing can make all the difference between a safe journey and a collision. Self-driving cars need to react immediately to changes in conditions, and the stakes are too high to allow a vehicle’s control system to suffer from computational lag. Edge computers, located in vehicles or in edge computing facilities in high-traffic areas and places with limited bandwdith, can minimize computer latency.

Smart city integration. For AVs to reach their full potential, Felter writes, high-traffic urban areas will need to provide vehicles with a wealth of information, including everything from road conditions to real-time reports on traffic congestion. The information will come from sensors installed throughout those urban centers linked to an edge computing network.

The expansion of fog computing. To provide further data processing power, between the cloud and edge computing a new intermediate realm has arisen called “fog” computing. This level involves the creation of micro data centers at the base of cellular towers to store and process data closer to where it’s collected. These centers decide which data needs to be relayed back to the network’s central cloud server and which can be processed locally. Serving gatekeepers for data traffic, fog data centers can communicate faster with local devices and improve overall network performance.

Widespread applications
I’m in the automotive fleet service industry, so AVs are of special interest to people like me. But edge computing has potential application in a wide number of industries, like manufacturing, healthcare, finance, retailing, and security.

Investment in edge computing is exploding, testimony to the fact that businesses understand what it means for future competitiveness. Here’s the outlook from one market research firm, Grand View Research:

The global edge computing market size is projected to reach USD 3.24 billion by 2025, …expanding at a phenomenal [compound annual growth rate] of 41.0% …. [The] need for advanced technologies is stimulating the volume of IoT [Internet of Things] data. Vast amounts of data created by IoT devices may cause delays and latency. Edge computing solutions help enhance the data processing power, which further aid in avoiding delays.

Business leaders need to start asking themselves and their senior staff now whether and how edge computing could benefit their organizations. It’s a race you don’t want to lose.