As the cybersecurity industry works to address a shortage of skilled workers, an advertisement backed by the UK government may provide an example of what not to do.

The ad, which encouraged people working in the arts to retrain in cybersecurity, has been abandoned amid backlash online and even within the government, according to reports from The Guardian, The Washington Post and MarketWatch.

Although pulled from the official website, the ad was still easily viewable after going viral on social media with the hashtag “#SavetheArts.” The image displays a ballet dancer tying her shoes. The caption reads, “Fatima’s next job could be in cyber (she just doesn’t know it yet),” followed by the tagline “Rethink. Reskill. Reboot.”

Posted on the website of training firm QA, the ad was part of the UK cybersecurity agency’s Cyber First campaign, which promotes tech training for young people. Oliver Dowden, the British culture secretary, tweeted that the ad was “crass” and did not come from his agency. A spokesperson for the prime minister said, “This particular piece of content was not appropriate and has been removed from the campaign.”

The UK government’s volte-face followed widespread criticism that the ad showed disrespect toward the culture sector, which has been suffering catastrophic job losses. The author Caitlin Moran tweeted: “I don’t know if the government know they appear to have recently created a ‘Hopes & Dreams Crushing Department,’ but for a country already depressed and anxious, I would suggest it’s a bit of a ‘Not now, dudes’ moment?" The shadow health minister, Rosena Allin-Khan, chimed in: “Fatima, you be you. Don’t let anyone else tell you that you aren’t good enough because you don’t conform to their preconceived social norms.”

Meanwhile, a recent survey finds that most people say a career in cybersecurity isn’t for them, despite the sector’s demand for talent. Among 2,500 U.S. and UK workers surveyed by (ISC)2, 69% said that while cybersecurity seems like a good career path, it isn’t the right personal fit.

The world of analytics is changing.  Self-Service Analytical tools like Tableau, Qlik, and Power BI are enabling business users to perform reporting and analytics on their own with little to no support from the IT organization. This trend has evolved due to several factors including:

1)    Organizations are flooded with data and IT organizations are not able to keep up
2)    Easier to use Business Intelligence tools make it more efficient for business users to directly create their reports rather than go through IT for a project
3)    IT organizations analytical projects can take several months when a business needs this information in weeks

This trend has caused the efforts of IT Business Intelligence (BI) teams to spending most of their energy gathering, cleaning, and structuring data for the business to perform their own analytics through a self-service model. In special cases, they provide industrial strength reporting that can scale to thousands of users where trusted verified data is needed.  However, they are still being shown the door when it comes to some of the more interesting work.

What can IT BI teams do to stay relevant and valuable to the business? We have several suggestions that relate to embracing self-service analytics as the new reality and transitioning core competencies of the Business Intelligence team away from purely descriptive reporting and moving to diagnostic & predictive analytics.

Let’s explain that last concept before prescribing several solutions. The current state of most analytics is descriptive in nature and helps answer questions of, “what occurred?” Diagnostic and Predictive Analytics help answer the questions of, “Why did it occur?” and sets the stage to answer, “What can I do about it?”  Diagnostic Analytics helps organizations to not only understand what, but also why and what decisions and actions can be taken to solve for the issue. This type of analytics is more valuable to the business and requires competencies that IT BI teams are uniquely qualified to bring from their years of building analytical solutions.

To enable IT Business Intelligence teams to move up the value chain from providing commodity reports to business driving analytics, we recommend adding these four components:

1. Build out a Data Science capability– Data Scientists are starting to appear in analytical groups within companies. However, they are still not pervasive and the function is understaffed. In addition, most groups within a company cannot justify the cost of a full-time data scientist. By adding data scientists to the IT BI organization, you are creating a centralized team that can provide analytics to underserved parts of the organization.  This team is already focused on creating analytical data structures and reports and adding the ability to derive insights from the data is a natural extension.   
2. Make it about the Decision– In your requirements process, add Decision Architecture Methodology as a capability. Most methodologies for capturing analytical requirements focus on the questions asked of the data to surmise the Dimensions and Facts.  While this gives us great descriptive analytics, but it does not move the company along the analytical maturity curve.  A deeper focus on the decisions that the business makes and thereby centering analytical capabilities around helping to enable actionable insights will move the needle.
3. Add Decision Theory to your analytics– If Data Science helps you turn information into actionable insights, Decision Theory helps you structure the decision process to guide a person to the correct choice. Decision Theory, along with Behavioral Economics, is focused on understanding the components of the decision process to explain why we make the choices we do. It provides a systematic way to consider tradeoffs among attributes that helps us make better decisions. Tools such as thresholds, alerts, decision matrixes, and choice architecture should be considered important capabilities to add to your team’s tool chest.
4. Create a Report Certification process– As report proliferation occurs with self-service analytics, creating a standard for the health and validity of a report is going to be important if the analytics are to be consumed by a broader audience and are to be trusted.  For example, you may have one group create a report with key metrics sourced from uncertified data sources. By putting reports from individual departments through a certification process similar to UL labeling on electrical products, broader consumers will know the level of scrutiny that has been put on the report by Data Governance and IT teams and thereby trust the data and metrics contained within it.

As IT Business Intelligence teams look to move up the value chain in the capabilities they offer to their internal customers, adding addition skillsets, methods, and tools will be a necessity. The capabilities outlined are a great fit for a centralized team to own and this transformation in IT BI teams can speak to the value these enhanced capabilities provide to the business.

Andrew Roman Wells is the CEO of Aspirent, a management-consulting firm focused on analytics. Kathy Williams Chiang is VP, Business Insights, at Wunderman Data Management. They are the co-authors of Monetizing Your Data: A Guide to Turning Data into Profit-Driving Strategies and Solutions. For more information, please visit www.monetizingyourdata.com.

It’s no surprise that big data is on the rise in businesses around the world. Companies routinely use big data to analyze common trends in their practice; enabling them to make sophisticated decisions to ensure their businesses prosper. According to Statista, an online statistics, market research and business intelligence portal; companies routinely use data to drive process and cost efficiency; drive strategy; and to monitor and improve financial performance. When used in these ways, data has the ability to save the company a significant amount of money because they are able to spend their money efficiently.

While data does have the ability to improve a company’s performance; companies just aren’t catching up on the trends as fast as one would assume.  Big Data software company, Quoble along with Dimensional Research; recently published an e-book, “An In-Depth Look at Big Data Trends and Challenges”. As the name suggests, the data looks at global data trends in the workplace and the problems that businesses often face.

Among the issues that the research uncovered was, “the realization of value from big data in on-premises environments has lagged expectations, largely due to complexity, cost overruns, steep demands for specialized talent, and need for powerful computing platforms.” While companies may understand the value that big data brings their company; finding qualified candidates and obtaining funds to purchase the computing platforms needed to manage data sets are among the set backs employers are facing today. Nearly 75% of those surveyed sighted a gap between the necessary resources and tools that are available to them. And while 50% of businesses plan to moderately increase their data headcounts in the next year; 83% find it difficult to find the right candidate.  Not only does it take time to find the money to pay for data headcounts; finding the right candidate can often times be complex and time consuming.

The survey found that big data teams’ lack of experience creates a slow progress to get things done. 42% also sight that it is hard to keep up with big data trends and new data sources.  Big Data is constantly expanding. Five years ago machine learning and AI weren’t as mainstream as they are now. BI tools were available but not widely used and companies didn’t have big data teams. In fact their “team” often consisted of one or two data scientists. Big Data’s continuous growth has lead to expansion that many businesses can’t keep up with.

The intention of Quoble’s “An In-Depth Look at Bid Data Trends and Challenges” is  not to solve these problems, but to bring awareness to the issues that companies are facing when it comes to data.  As big data continues to surge, so will an influx of knowledgeable employees and efficient software that will guide the business to succeed in an age where big data is becoming the norm.

To view the full report, go to Quoble’s website and download the free e-book.

Colleagues think of data analysis much in the same way they think about marketing. Which is everyone thinks they are data analysts. With little to no practice they can put together graphs and visualize data at the drop of a hat. When interviewing Dave from accounting he made sure you knew that he has Tableau reader on his desktop which totally means he’s one step away from Tableau certification. Karen from Sales also discussed her extensive knowledge when it came to Excel. Yes, that same Karen who emailed you a month ago and asked how a pivot table worked.

If you’re interested in a career in big data it shouldn’t be daunting, but you should take the time to research and learn the tools and software needed to excel (pun intended) at the job. Data analysis is so much more than filtering data and pretty graphs. It takes someone who is curious and can think analytically to thrive in the job.

In his 2009 book, Now You See it: Simple Visualization Techniques for Quantitative Analysis; author and information technology innovator Stephen Few lists 13 key traits of a data analyst. Among those traits include, self-motivation; open-mindedness; and the ability to spot patterns. An average data analyst can access a data set; scrub the data; and visualize it using one of numerous data visualization platforms available. She then comes to conclusions based on those visualizations and calls it a day. An exceptional data analyst can use that same data set and visualization tools and come to the same conclusions. The difference is that he will ask different questions and hypothesize about why conclusions are what they are. An exceptional data analyst asks why 9 out of 10 dentists prefer Colgate or why Rugby is becoming a more popular youth sport in the United States while lacrosse youth teams are declining.  For them, it isn’t enough that the data shows an increase in Rugby youth teams. They have to know why. Which will ultimately bring them to more questions which will lead to more data sets and more visualizations. In essence, is a data analyst’s job ever really done?

Another factor that separates a mediocre from an excellent analyst is the ability to tell a story. Unless you are speaking to a fellow analyst, chances are spewing out data isn’t going to capture the attention or the comprehension of what the statistics show. In fact, if you go that route, you may be met with a lot of blank stares. It’s important to tailor a narrative to the audience you are speaking to. Crafting a story beforehand makes it easy for your audience to follow and will help you answer any follow up questions that you might receive.

While you may have the skills that make an excellent data analyst, without practice you’ll never truly be outstanding at your job. And with data analysts and scientists being critical to the success of a company, it’s important that you push past mediocrity and aim for excellent. So tomorrow when you go into work remember that not everyone can be an analyst but by methodically thinking, crafting a perfect story from your data sets and asking questions, you’ll be on the road to greatness.

The Federal Communications Commission has proposed rules that would eliminate the current mandatory waiting period of seven business days before telecommunications companies can notify customers about cybersecurity incidents. So reports Engadget.

The FCC says existing rules, which are 15 years old, are “out of step” as it has often become essential to inform customers and authorities of data breaches without delay.

The FCC is seeking public feedback on the proposed rules, which would also clarify that carriers must notify customers of even accidental breaches, such as personal information being left exposed.

Read the full article from Engadget. 

The head of the FBI has sounded the alarm about national security risks from TikTok. So reports the Associated Press.

Speaking at the University of Michigan’s Gerald R. Ford School of Public Policy, FBI Director Chris Wray warned that a Chinese government “that doesn’t share our values” has control over the popular video sharing app.

Wray cited worries about the Chinese’s government’s sway over TikTok’s recommendation algorithm, as well as data collection that could be used for spying.

Read the full article from Associated Press.

The Irish Data Protection Commission has fined Meta €265 million ($275 million) after a breach that led to more than 530 million Facebook users’ email addresses, mobile phone numbers and other personal data surfacing online. So reports TechCrunch.

Ireland’s data watchdog, which is Meta’s lead regulator for the European Union’s General Data Protection Regulation, said that the breach infringed the EU’s data protection law.

With the penalty, fines imposed on Meta by the DPC since late 2021 total almost €1 billion.

Read the full article from TechCrunch. 

Manufacturers would be required to adhere to cybersecurity standards for Internet-connected devices under new legislation that has been proposed by the European Union’s executive body. So reports Claims Journal.

The Cyber Resilience Act, as the law proposed by the European Commission is known, seeks to block products from the EU’s single market if they are not bolstered enough against cyber threats.

The 27-nation bloc said that Europe alone loses 180 billion to 290 billion euros (about $185 billion to $298 billion) annually to cyberattacks.

Read the full article from Claims Journal.

Recent rounds of layoffs at cybersecurity firms mean more industry veterans seeking new jobs, which could have a range of impacts on the sector’s long-bustling employment market.

As Security Week reports, the layoffs involving not just tech giants but also smaller firms from One Trust to Sophos could reduce the “skills gap,”:which is the difference between the evolving skills required by employers and the skills available. But it probably won’t reduce the cybersecurity “talent gap,” which demands a deeper knowledge of how computers actually work, likely reflected in degrees and certifications.

Mark Sasson, managing partner and executive recruiter with the Pinpoint Search Group, told the publication that “people are going to get scooped up and we’re still going to have the same situation with the talent gap.” Michael Piacente, managing partner and co-founder at recruiting firm Hitch Partners, added that employers can reduce the talent gap by refocusing on “human character elements” rather than resumes. Dave Gerry, CEO of IT security company Bugcrowd, calls for more “internships, apprenticeships, and on-the-job training.”

As Axios reports, cybersecurity talent has still been highly sought-after lately despite Layoffs.com data showing that more than 57,000 people at tech companies lost their jobs in January. Will Markow, vice president of applied research at labor market analytics firm Lightcast, told Axios that cybersecurity hiring demand “definitely still remains as strong as it has ever been.” Markow notes, however, that a recession might lead toward more focus on filling entry-level cybersecurity jobs.

Citing data from cybersecurity workforce analytics site Cyberseek, total online job postings in cybersecurity fell year-over-year from 769,736 in 2021 to 755,743 in 2022, as CNBC reports. But a reported supply-demand ratio of 68 workers for every 100 openings suggests that the amount of cybersecurity pros needed in America rose by 530,000 in 2022.

Ever since the web-based chatbot ChatGPT was launched in November by artificial intelligence research and development company OpenAI, the cybersecurity community has been debating the tool’s pros and cons.

As TechCrunch reports, Israeli cybersecurity company Check Point showed early on that the natural language processing tool could be used alongside OpenAI’s code-writing platform Codex to draft up malware-capable phishing emails. Check Point threat intelligence group manager Sergey Shykevich told the news site that ChatGPT has the “potential to significantly alter the cyber threat landscape.”

Numerous security experts said that cybercriminals will adopt ChatGPT because it can create phishing emails that seem genuine. Phishing remains the No. 1 attack vector for ransomware. Threat actors who aren’t native English speakers could especially see a benefit. Suleyman Ozarslan, a security researcher and the co-founder of Picus Security, told TechCrunch that ChatGPT will “democratize cybercrime.”

However, Laura Kankaala, F-Secure’s threat intelligence lead, is quoted as saying that cybersecurity pros can find uses for ChatGPT, too. The tool could help simulate cyberattacks or automate certain attacks, she said. ESET’s Jake Moore even told TechCrunch that “if ChatGPT learns enough from its input, it may soon be able to analyze potential attacks on the fly and create positive suggestions to enhance security.”

Indeed, as HelpNetSecurity reports, information security teams can look to ChatGPT as “an all-around assistant.” Security operation teams may particularly find the chatbot useful in​​ scripting, malware analysis and forensics.

Still, as Dark Reading reports, ChatGPT’s ability to reply realistically to content queries could be useful for threat actors using the attack method known as business email compromise. The tool could potentially make it more difficult for organizations to detect BEC attacks, where cybercriminals send a deceptive email that fools a recipient into giving them the data they seek.

In the end, as Computer Weekly reports, threat actors will use AI in their attacks, and organizations must be prepared to defend against it. That could include using tools like ChatGPT in protecting code, educating users or learning more about a threat.

Themes at the recent Consumer Electronics Show in Las Vegas included sustainability, artificial intelligence and foldable devices, but information security also hovered over the discussion.

For all the companies pitching snazzy new products at the trade show, now in its 56th year, hardly any explicitly say how they handle consumer data and keep it safe, as The Washington Post reports.

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, warned of the mounting cost of cybercrime in her CES address, the first by a cybersecurity official of her level. The White House has supported a “software bill of materials,” similar to food nutrition labels, that would inform customers about a product’s software components.

CrowdStrike CEO George Kurtz, who spoke alongside Easterly at CES, told Barron’s that a slowing economy historically leads to a rise in cybercrime. The broader economy also has implications for security spending, he notes. According to Kurtz, CrowdStrike is finding it takes longer and requires more layers of approval to seal deals.

Camille Stewart Gloster, deputy national cyber director for technology and ecosystem for the White House, in a CES speech, called for policymakers to think about better educating consumers on data security risks, as Broadband Breakfast reports. Stewart Gloster said her team is plotting a national strategy for building a stronger cyber workforce, “digital safety awareness” and more.

Sen. Mark Warner (D-Va.), spoke on a panel with a couple of fellow U.S. senators. In an interview with TechCrunch, he warned of national security risks from China-based companies such as Huawei and backed tougher antitrust regulation of the tech sector. “It’s crazy to me that we’ve still never had a data privacy law in this country,” Warner told the website.

As MarketWatch reports, tech legislation tends to be shifting from antitrust issues to broadband and cybersecurity, based on CES remarks from Warner and other lawmakers.

As Reuters reports, for the first time ever, CES had an official theme this year: “human security for all.” A number of panels focused on addressing global challenges such as food sustainability.

Federal government funding for cybersecurity ramped up substantially as a result of the $1.7 trillion omnibus government spending package signed December 29 by President Joe Biden.

As FedScoop reports, the Cybersecurity and Infrastructure Security Agency is due to receive $2.9 billion under the bipartisan fiscal 2023 omnibus spending deal. That’s up $313 million from the previous CISA budget. The agreement also includes $1.6 billion for the National Institute of Standards and Technology, a $397 million boost.

For CISA in particular, the omnibus package designates $1.3 billion for the agency’s cybersecurity initiatives. That’s up $230 million. But CISA would be fined $50,000 for each day of delay on quarterly congressional briefings. This unusual provision in the spending bill arrives as the agency is a year late in filing its key organizational document to Congress.

Elsewhere, the Department of Energy’s Cybersecurity, Energy Security, and Emergency Response receives $200 million under the omnibus. The Treasury Department’s Cybersecurity Enhancement Account is set for $100 million.

What’s more, the omnibus allocates $50 million for cybersecurity threats from foreign actors such as Russia. The Office of Personnel Management’s cybersecurity and hiring programs are due $422 million. The new White House Office of the National Cyber Director will also draw funding from an appropriations bill for the first time, to the tune of $22 million.

As NextGov reports, the 4,155-page bill also stipulates that the U.S. Department of Agriculture’s Office of the Chief Information Officer spend at least $77.4 million of its $92.3 million funding allocation on cybersecurity. And the bill includes $35 million for technology modernization and cybersecurity mitigation by the Department of Commerce’s Office of the Chief Information Officer.

As Roll Call reports, Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) says further legislation updating the federal government’s cybersecurity efforts is at the top of his agenda for the new year.