As the cybersecurity industry works to address a shortage of skilled workers, an advertisement backed by the UK government may provide an example of what not to do.

The ad, which encouraged people working in the arts to retrain in cybersecurity, has been abandoned amid backlash online and even within the government, according to reports from The Guardian, The Washington Post and MarketWatch.

Although pulled from the official website, the ad was still easily viewable after going viral on social media with the hashtag “#SavetheArts.” The image displays a ballet dancer tying her shoes. The caption reads, “Fatima’s next job could be in cyber (she just doesn’t know it yet),” followed by the tagline “Rethink. Reskill. Reboot.”

Posted on the website of training firm QA, the ad was part of the UK cybersecurity agency’s Cyber First campaign, which promotes tech training for young people. Oliver Dowden, the British culture secretary, tweeted that the ad was “crass” and did not come from his agency. A spokesperson for the prime minister said, “This particular piece of content was not appropriate and has been removed from the campaign.”

The UK government’s volte-face followed widespread criticism that the ad showed disrespect toward the culture sector, which has been suffering catastrophic job losses. The author Caitlin Moran tweeted: “I don’t know if the government know they appear to have recently created a ‘Hopes & Dreams Crushing Department,’ but for a country already depressed and anxious, I would suggest it’s a bit of a ‘Not now, dudes’ moment?" The shadow health minister, Rosena Allin-Khan, chimed in: “Fatima, you be you. Don’t let anyone else tell you that you aren’t good enough because you don’t conform to their preconceived social norms.”

Meanwhile, a recent survey finds that most people say a career in cybersecurity isn’t for them, despite the sector’s demand for talent. Among 2,500 U.S. and UK workers surveyed by (ISC)2, 69% said that while cybersecurity seems like a good career path, it isn’t the right personal fit.

The world of analytics is changing.  Self-Service Analytical tools like Tableau, Qlik, and Power BI are enabling business users to perform reporting and analytics on their own with little to no support from the IT organization. This trend has evolved due to several factors including:

1)    Organizations are flooded with data and IT organizations are not able to keep up
2)    Easier to use Business Intelligence tools make it more efficient for business users to directly create their reports rather than go through IT for a project
3)    IT organizations analytical projects can take several months when a business needs this information in weeks

This trend has caused the efforts of IT Business Intelligence (BI) teams to spending most of their energy gathering, cleaning, and structuring data for the business to perform their own analytics through a self-service model. In special cases, they provide industrial strength reporting that can scale to thousands of users where trusted verified data is needed.  However, they are still being shown the door when it comes to some of the more interesting work.

What can IT BI teams do to stay relevant and valuable to the business? We have several suggestions that relate to embracing self-service analytics as the new reality and transitioning core competencies of the Business Intelligence team away from purely descriptive reporting and moving to diagnostic & predictive analytics.

Let’s explain that last concept before prescribing several solutions. The current state of most analytics is descriptive in nature and helps answer questions of, “what occurred?” Diagnostic and Predictive Analytics help answer the questions of, “Why did it occur?” and sets the stage to answer, “What can I do about it?”  Diagnostic Analytics helps organizations to not only understand what, but also why and what decisions and actions can be taken to solve for the issue. This type of analytics is more valuable to the business and requires competencies that IT BI teams are uniquely qualified to bring from their years of building analytical solutions.

To enable IT Business Intelligence teams to move up the value chain from providing commodity reports to business driving analytics, we recommend adding these four components:

1. Build out a Data Science capability– Data Scientists are starting to appear in analytical groups within companies. However, they are still not pervasive and the function is understaffed. In addition, most groups within a company cannot justify the cost of a full-time data scientist. By adding data scientists to the IT BI organization, you are creating a centralized team that can provide analytics to underserved parts of the organization.  This team is already focused on creating analytical data structures and reports and adding the ability to derive insights from the data is a natural extension.   
2. Make it about the Decision– In your requirements process, add Decision Architecture Methodology as a capability. Most methodologies for capturing analytical requirements focus on the questions asked of the data to surmise the Dimensions and Facts.  While this gives us great descriptive analytics, but it does not move the company along the analytical maturity curve.  A deeper focus on the decisions that the business makes and thereby centering analytical capabilities around helping to enable actionable insights will move the needle.
3. Add Decision Theory to your analytics– If Data Science helps you turn information into actionable insights, Decision Theory helps you structure the decision process to guide a person to the correct choice. Decision Theory, along with Behavioral Economics, is focused on understanding the components of the decision process to explain why we make the choices we do. It provides a systematic way to consider tradeoffs among attributes that helps us make better decisions. Tools such as thresholds, alerts, decision matrixes, and choice architecture should be considered important capabilities to add to your team’s tool chest.
4. Create a Report Certification process– As report proliferation occurs with self-service analytics, creating a standard for the health and validity of a report is going to be important if the analytics are to be consumed by a broader audience and are to be trusted.  For example, you may have one group create a report with key metrics sourced from uncertified data sources. By putting reports from individual departments through a certification process similar to UL labeling on electrical products, broader consumers will know the level of scrutiny that has been put on the report by Data Governance and IT teams and thereby trust the data and metrics contained within it.

As IT Business Intelligence teams look to move up the value chain in the capabilities they offer to their internal customers, adding addition skillsets, methods, and tools will be a necessity. The capabilities outlined are a great fit for a centralized team to own and this transformation in IT BI teams can speak to the value these enhanced capabilities provide to the business.

Andrew Roman Wells is the CEO of Aspirent, a management-consulting firm focused on analytics. Kathy Williams Chiang is VP, Business Insights, at Wunderman Data Management. They are the co-authors of Monetizing Your Data: A Guide to Turning Data into Profit-Driving Strategies and Solutions. For more information, please visit www.monetizingyourdata.com.

It’s no surprise that big data is on the rise in businesses around the world. Companies routinely use big data to analyze common trends in their practice; enabling them to make sophisticated decisions to ensure their businesses prosper. According to Statista, an online statistics, market research and business intelligence portal; companies routinely use data to drive process and cost efficiency; drive strategy; and to monitor and improve financial performance. When used in these ways, data has the ability to save the company a significant amount of money because they are able to spend their money efficiently.

While data does have the ability to improve a company’s performance; companies just aren’t catching up on the trends as fast as one would assume.  Big Data software company, Quoble along with Dimensional Research; recently published an e-book, “An In-Depth Look at Big Data Trends and Challenges”. As the name suggests, the data looks at global data trends in the workplace and the problems that businesses often face.

Among the issues that the research uncovered was, “the realization of value from big data in on-premises environments has lagged expectations, largely due to complexity, cost overruns, steep demands for specialized talent, and need for powerful computing platforms.” While companies may understand the value that big data brings their company; finding qualified candidates and obtaining funds to purchase the computing platforms needed to manage data sets are among the set backs employers are facing today. Nearly 75% of those surveyed sighted a gap between the necessary resources and tools that are available to them. And while 50% of businesses plan to moderately increase their data headcounts in the next year; 83% find it difficult to find the right candidate.  Not only does it take time to find the money to pay for data headcounts; finding the right candidate can often times be complex and time consuming.

The survey found that big data teams’ lack of experience creates a slow progress to get things done. 42% also sight that it is hard to keep up with big data trends and new data sources.  Big Data is constantly expanding. Five years ago machine learning and AI weren’t as mainstream as they are now. BI tools were available but not widely used and companies didn’t have big data teams. In fact their “team” often consisted of one or two data scientists. Big Data’s continuous growth has lead to expansion that many businesses can’t keep up with.

The intention of Quoble’s “An In-Depth Look at Bid Data Trends and Challenges” is  not to solve these problems, but to bring awareness to the issues that companies are facing when it comes to data.  As big data continues to surge, so will an influx of knowledgeable employees and efficient software that will guide the business to succeed in an age where big data is becoming the norm.

To view the full report, go to Quoble’s website and download the free e-book.

Colleagues think of data analysis much in the same way they think about marketing. Which is everyone thinks they are data analysts. With little to no practice they can put together graphs and visualize data at the drop of a hat. When interviewing Dave from accounting he made sure you knew that he has Tableau reader on his desktop which totally means he’s one step away from Tableau certification. Karen from Sales also discussed her extensive knowledge when it came to Excel. Yes, that same Karen who emailed you a month ago and asked how a pivot table worked.

If you’re interested in a career in big data it shouldn’t be daunting, but you should take the time to research and learn the tools and software needed to excel (pun intended) at the job. Data analysis is so much more than filtering data and pretty graphs. It takes someone who is curious and can think analytically to thrive in the job.

In his 2009 book, Now You See it: Simple Visualization Techniques for Quantitative Analysis; author and information technology innovator Stephen Few lists 13 key traits of a data analyst. Among those traits include, self-motivation; open-mindedness; and the ability to spot patterns. An average data analyst can access a data set; scrub the data; and visualize it using one of numerous data visualization platforms available. She then comes to conclusions based on those visualizations and calls it a day. An exceptional data analyst can use that same data set and visualization tools and come to the same conclusions. The difference is that he will ask different questions and hypothesize about why conclusions are what they are. An exceptional data analyst asks why 9 out of 10 dentists prefer Colgate or why Rugby is becoming a more popular youth sport in the United States while lacrosse youth teams are declining.  For them, it isn’t enough that the data shows an increase in Rugby youth teams. They have to know why. Which will ultimately bring them to more questions which will lead to more data sets and more visualizations. In essence, is a data analyst’s job ever really done?

Another factor that separates a mediocre from an excellent analyst is the ability to tell a story. Unless you are speaking to a fellow analyst, chances are spewing out data isn’t going to capture the attention or the comprehension of what the statistics show. In fact, if you go that route, you may be met with a lot of blank stares. It’s important to tailor a narrative to the audience you are speaking to. Crafting a story beforehand makes it easy for your audience to follow and will help you answer any follow up questions that you might receive.

While you may have the skills that make an excellent data analyst, without practice you’ll never truly be outstanding at your job. And with data analysts and scientists being critical to the success of a company, it’s important that you push past mediocrity and aim for excellent. So tomorrow when you go into work remember that not everyone can be an analyst but by methodically thinking, crafting a perfect story from your data sets and asking questions, you’ll be on the road to greatness.

Although Montana’s new law banning TikTok in the state will be all but impossible to adequately enforce, it could prompt more widespread restrictions of the popular video-sharing app. That’s according to cybersecurity experts cited in various media reports.

As Newsweek reports, the legislation signed by Montana Gov. Greg Gianforte prohibits new downloads of the TikTok app by imposing fines on app stores or the app maker itself. The first-ever total ban on the app by a state government is set to go into effect on January 1.

Cybersecurity industry sources told the newsmagazine that users could easily get around the ban by disguising their device’s location. Another cybersecurity source, who called the ban essentially “saber-rattling,” added that the precedent of a state-level ban could have federal implications: “It just takes a number of dominos to fall, and you’ll have a de facto ban.”

Other than a $10,000 daily fine, the companies involved lack incentives to follow the law, cybersecurity experts told the Associated Press. David Choffnes of Northeastern University’s Cybersecurity and Privacy Institute noted that efforts to block users could accidentally affect people outside of Montana.

​​Doug Jacobson, a computer engineering professor at Iowa State University, writes in The Conversation that a theoretical nationwide TikTok ban would also be tremendously difficult to implement. Jacobson concludes that at this point, perhaps the most urgent priority is for families to talk with younger people about the mental-health risks from social media platforms like TikTok.

The federal government previously banned TikTok on work-provided phones, and many state and foreign governments have done the same. Supporters of the Montana law, along with federal intelligence officials and a bipartisan group of U.S. Senators, have warned that the app might threaten national security through the potential for data-harvesting or misinformation.

TikTok’s Beijing-based parent company, ByteDance, operates under Chinese law, which requires companies to cooperate with government intelligence services. The company has claimed that if asked to give up data, it would not do so.

As CNBC reports, TikTok has filed a lawsuit trying to reverse Montana’s ban, arguing that the prohibition is unconstitutional. Five TikTok users made similar contentions in a separate lawsuit challenging the law. As Politico reports, TikTok CEO Shou Chew has vowed to “prevail” against the ban.

The European Union’s data privacy watchdog has fined Meta €1.2 billion ($1.3 billion), the largest-ever penalty under Europe’s General Data Protection Regulation. So reports CNN.

The Irish Data Protection Commission said that Meta violated the GDPR by moving Facebook users’ personal data to systems in the United States.

Meta said it would appeal the ruling by European’s chief data regulator. Amazon was hit with the previous biggest fine under the EU’s signature data law, €746 million ($805.7 million), two years ago.

Read the full article from CNN.

Italy has become the first Western nation to block ChatGPT, OpenAI’s widely used chatbot based on generative artificial intelligence. So reports CNBC.

Italy’s data protection watchdog cited privacy concerns as it directed OpenAI to pause the processing of Italian users’ data.

Other countries’ regulators have also been considering steps to address both ChatGPT in particular and generative AI more broadly.

Read the full article from CNBC.

The Federal Communications Commission has proposed rules that would eliminate the current mandatory waiting period of seven business days before telecommunications companies can notify customers about cybersecurity incidents. So reports Engadget.

The FCC says existing rules, which are 15 years old, are “out of step” as it has often become essential to inform customers and authorities of data breaches without delay.

The FCC is seeking public feedback on the proposed rules, which would also clarify that carriers must notify customers of even accidental breaches, such as personal information being left exposed.

Read the full article from Engadget. 

Fancy Bear Goes Phishing, a new book by Scott Shapiro, examines the history of hacking and suggests approaches for fighting it, according to multiple published reviews and reports.

Shapiro is a professor of law and philosophy at Yale Law School, and he also leads Yale’s Cybersecurity Lab, which does research into security and information technology. He previously co-authored the 2017 book The Internationalists, a history of the laws of war that looks ahead to whether the same rules will govern cyber conflicts.

As City AM’s reviewer writes, this is “an impressive range in expertise, and one that leaves Shapiro in a unique position to skillfully guide the reader through the history of hacking, with all the tech nitty gritty included.”

Shapiro concludes that the cybersecurity problem can’t be solved, only managed by considering human behavior. “Cybersecurity is not a primarily technological problem that requires a primarily engineering solution,” he writes, as quoted by Ars Technica. “It is a human problem that requires an understanding of human behavior.” His go-to adage in the text: “Hacking is about humans.”

As The Economist and The Guardian explain, the book walks through five major hacks:

• The Internet’s first worm, known as the Morris worm, created in 1988 in an experiment gone wrong by a Cornell University student
• The Dark Avenger, a pseudonymous Bulgarian virus writer who wiped out computer data in the 1990s
• The 2005 hack of celebrity Paris Hilton’s mobile phone data, which exposed nude photographs
• The 2016 hack of Hillary Clinton’s presidential campaign, which led to the damaging release of emails
• The 2016 “Mirai botnet,” in which three young men amassed an army of computers that could be used to take down websites

Shapiro distinguishes between what he calls “downcode,” the actual software used in cyberattacks, and “upcode,” the human cognition and norms that allow the attacks to occur.

The Guardian identifies four takeaways from Shapiro’s book. First, as he writes, “Hacking is not a dark art, and those who practice it are not 400lb wizards or idiot savants.” Second, hacking is a business, perpetrated by rational actors who want money. Third, to reduce the threat of cyberattacks, governments will have to criminalize the failure to safeguard information. And fourth, as the newspaper puts it: “Mass media plays a really malignant role by providing an endless loop of scare stories and zero understanding of the problem.”

For hackers, 2022 was no time to dwell. That’s according to Mandiant’s M-Trends 2023 report.

The global median dwell time—the median time an attacker is in a target’s systems undetected—was 16 days last year, according to Mandiant. That’s down from 21 days in 2022, and it’s the lowest since Mandiant has been keeping track. “When we first started tracking this metric back in 2011, the dwell time was actually really high… 416 days,” Mandiant’s chief technology officer, Charles Carmakal, said in a video interview with Dark Reading. “So it’s getting a lot better.”

Carmakal noted that threat actors are moving more quickly, either causing disruption that organizations discover or notifying the organizations themselves that they have been hacked. But he also credited organizations with improvement in detecting attacks, in part by hiring more securities professionals and buying more technology products.

As Securities Boulevard points out, a surprising conclusion from the report was a decline in the prevalence of ransomware. Last year, 18% of global intrusions involved ransomware, down from 23% in 2021, according to Mandiant.

Remarkably, external entities notified organizations of breaches in 63% of incidents. That’s up from 47% in 2021 and near 2014 levels.

Another notable finding was how threat actors leverage data obtained through social engineering, underground markets and bribery.  “These adversaries demonstrated a willingness to get personal with their targets, bullying and threatening many of them," according to the report.

In a speech at RSA Conference, Mandiant CEO Kevin Mandia outlined steps that organizations can take to avoid becoming victims, as Cybersecurity Dive reports. Institutional knowledge, multi-factor authentication and honeypots are just a few of his recommendations. He also suggested studying module logging, reporting risk to boards in a consistent way and identifying critical assets.

Artificial intelligence was the watchword as RSA Conference kicked off in San Francisco for the first time since the sudden rise in recent months of the generative-AI chatbot ChatGPT.

As Bloomberg reports, Cisco sounded the alarm that tools such as OpenAI’s ChatGPT will force companies to take up new defenses as phishing attacks grow more convincing.

Jeetu Patel, head of Cisco’s security and collaboration divisions, told the news service in a briefing at the conference that AI software can customize phishing emails, making it harder for humans to notice that the messages are phony. According to Patel, Cisco’s access to internet traffic data should help it detect anomalies and protect users.

Some tech companies are banking on “good AI” to defeat the bad actors. Also at the RSA Conference 2023, as TechCrunch reports, Google unveiled Cloud Security AI Workbench, a cybersecurity offering powered by generative AI. Cloud Security AI Workbench will rely on Sec-PaLM, security-oriented AI language model. An offshoot of Google’s PaLM model, Sec-PaLM is “fine-tuned for security use cases,” Google says, incorporating security intelligence such as research on software vulnerabilities, malware, threat indicators and behavioral threat actor profiles.

“While generative AI has recently captured the imagination, Sec-PaLM is based on years of foundational AI research by Google and DeepMind, and the deep expertise of our security teams,” Google wrote in a blog post. “We have only just begun to realize the power of applying generative AI to security, and we look forward to continuing to leverage this expertise for our customers and drive advancements across the security community.”

What’s more, as CRN reports, SentinelOne introduced “Purple AI,” a new generative AI-based threat hunting tool that users can query using natural language. Ric Smith, SentinelOne’s chief product and technology officer, said the tool will save analysts huge amounts of time and help them be more productive.

As SC Magazine reports, RSA Security CEO Rohit Ghai addressed the promise and the perils of AI in his opening remarks. “Every new technology wave is bigger, faster and more disruptive than all previous ones,” Ghai is quoted as saying. “This time is no different.”

Despite a cybersecurity talent shortfall, estimated at more than 3.4 million jobs, a new study shows how the industry continues to fail to make women feel welcome in its ranks.

According to multiple reports, the State of Inclusion of Women in Cybersecurity (WiCys) study by the nonprofit Women in CyberSecurity finds that many women in cybersecurity experience a lack of respect and career opportunities. The study is based on anonymous responses from more than 300 women in workshops WiCys conducted in February. In all, 83% of participants reported at least one experience of exclusion. The leading categories for exclusion were career and growth, cited by 57% of respondents, and respect, cited by 56%.

Leadership was the most commonly reported source of exclusion experiences, cited by 68% of participants. That’s followed by managers at 61% and peers at 52%, compared with just 12% of participants pointing to workplace policies as a source of exclusion.

The share of women working in cybersecurity has hovered around 24%, according to WiCys.

Lynn Dohm, executive director of WiCys, notes that increasing diversity in the industry has to start with hiring managers acknowledging the issue. “If you say that no underrepresented populations… are applying for your positions this comes with assumptions that they do not exist, and this is not the case,” Dohm told Cyber Security Hub. “If CISOs are concerned about building a diverse workforce… then they should pay attention.”

Jessie Jamieson, senior security engineer at cybersecurity company Tenable, recently shared insights on how women can break into the industry. As People Matters reports, Jamieson said that being able to clearly communicate their work can help, along with networking.

As Dark Reading reports, women in cybersecurity also face underrepresentation in the media and a lack of role models, while the reality that cybersecurity is a male-dominated industry also serves to drive women away.

As SC Media reports, remote work and education opportunities could help give women a foothold in cybersecurity.