As the cybersecurity industry works to address a shortage of skilled workers, an advertisement backed by the UK government may provide an example of what not to do.

The ad, which encouraged people working in the arts to retrain in cybersecurity, has been abandoned amid backlash online and even within the government, according to reports from The Guardian, The Washington Post and MarketWatch.

Although pulled from the official website, the ad was still easily viewable after going viral on social media with the hashtag “#SavetheArts.” The image displays a ballet dancer tying her shoes. The caption reads, “Fatima’s next job could be in cyber (she just doesn’t know it yet),” followed by the tagline “Rethink. Reskill. Reboot.”

Posted on the website of training firm QA, the ad was part of the UK cybersecurity agency’s Cyber First campaign, which promotes tech training for young people. Oliver Dowden, the British culture secretary, tweeted that the ad was “crass” and did not come from his agency. A spokesperson for the prime minister said, “This particular piece of content was not appropriate and has been removed from the campaign.”

The UK government’s volte-face followed widespread criticism that the ad showed disrespect toward the culture sector, which has been suffering catastrophic job losses. The author Caitlin Moran tweeted: “I don’t know if the government know they appear to have recently created a ‘Hopes & Dreams Crushing Department,’ but for a country already depressed and anxious, I would suggest it’s a bit of a ‘Not now, dudes’ moment?" The shadow health minister, Rosena Allin-Khan, chimed in: “Fatima, you be you. Don’t let anyone else tell you that you aren’t good enough because you don’t conform to their preconceived social norms.”

Meanwhile, a recent survey finds that most people say a career in cybersecurity isn’t for them, despite the sector’s demand for talent. Among 2,500 U.S. and UK workers surveyed by (ISC)2, 69% said that while cybersecurity seems like a good career path, it isn’t the right personal fit.

The world of analytics is changing.  Self-Service Analytical tools like Tableau, Qlik, and Power BI are enabling business users to perform reporting and analytics on their own with little to no support from the IT organization. This trend has evolved due to several factors including:

1)    Organizations are flooded with data and IT organizations are not able to keep up
2)    Easier to use Business Intelligence tools make it more efficient for business users to directly create their reports rather than go through IT for a project
3)    IT organizations analytical projects can take several months when a business needs this information in weeks

This trend has caused the efforts of IT Business Intelligence (BI) teams to spending most of their energy gathering, cleaning, and structuring data for the business to perform their own analytics through a self-service model. In special cases, they provide industrial strength reporting that can scale to thousands of users where trusted verified data is needed.  However, they are still being shown the door when it comes to some of the more interesting work.

What can IT BI teams do to stay relevant and valuable to the business? We have several suggestions that relate to embracing self-service analytics as the new reality and transitioning core competencies of the Business Intelligence team away from purely descriptive reporting and moving to diagnostic & predictive analytics.

Let’s explain that last concept before prescribing several solutions. The current state of most analytics is descriptive in nature and helps answer questions of, “what occurred?” Diagnostic and Predictive Analytics help answer the questions of, “Why did it occur?” and sets the stage to answer, “What can I do about it?”  Diagnostic Analytics helps organizations to not only understand what, but also why and what decisions and actions can be taken to solve for the issue. This type of analytics is more valuable to the business and requires competencies that IT BI teams are uniquely qualified to bring from their years of building analytical solutions.

To enable IT Business Intelligence teams to move up the value chain from providing commodity reports to business driving analytics, we recommend adding these four components:

1. Build out a Data Science capability– Data Scientists are starting to appear in analytical groups within companies. However, they are still not pervasive and the function is understaffed. In addition, most groups within a company cannot justify the cost of a full-time data scientist. By adding data scientists to the IT BI organization, you are creating a centralized team that can provide analytics to underserved parts of the organization.  This team is already focused on creating analytical data structures and reports and adding the ability to derive insights from the data is a natural extension.   
2. Make it about the Decision– In your requirements process, add Decision Architecture Methodology as a capability. Most methodologies for capturing analytical requirements focus on the questions asked of the data to surmise the Dimensions and Facts.  While this gives us great descriptive analytics, but it does not move the company along the analytical maturity curve.  A deeper focus on the decisions that the business makes and thereby centering analytical capabilities around helping to enable actionable insights will move the needle.
3. Add Decision Theory to your analytics– If Data Science helps you turn information into actionable insights, Decision Theory helps you structure the decision process to guide a person to the correct choice. Decision Theory, along with Behavioral Economics, is focused on understanding the components of the decision process to explain why we make the choices we do. It provides a systematic way to consider tradeoffs among attributes that helps us make better decisions. Tools such as thresholds, alerts, decision matrixes, and choice architecture should be considered important capabilities to add to your team’s tool chest.
4. Create a Report Certification process– As report proliferation occurs with self-service analytics, creating a standard for the health and validity of a report is going to be important if the analytics are to be consumed by a broader audience and are to be trusted.  For example, you may have one group create a report with key metrics sourced from uncertified data sources. By putting reports from individual departments through a certification process similar to UL labeling on electrical products, broader consumers will know the level of scrutiny that has been put on the report by Data Governance and IT teams and thereby trust the data and metrics contained within it.

As IT Business Intelligence teams look to move up the value chain in the capabilities they offer to their internal customers, adding addition skillsets, methods, and tools will be a necessity. The capabilities outlined are a great fit for a centralized team to own and this transformation in IT BI teams can speak to the value these enhanced capabilities provide to the business.

Andrew Roman Wells is the CEO of Aspirent, a management-consulting firm focused on analytics. Kathy Williams Chiang is VP, Business Insights, at Wunderman Data Management. They are the co-authors of Monetizing Your Data: A Guide to Turning Data into Profit-Driving Strategies and Solutions. For more information, please visit www.monetizingyourdata.com.

It’s no surprise that big data is on the rise in businesses around the world. Companies routinely use big data to analyze common trends in their practice; enabling them to make sophisticated decisions to ensure their businesses prosper. According to Statista, an online statistics, market research and business intelligence portal; companies routinely use data to drive process and cost efficiency; drive strategy; and to monitor and improve financial performance. When used in these ways, data has the ability to save the company a significant amount of money because they are able to spend their money efficiently.

While data does have the ability to improve a company’s performance; companies just aren’t catching up on the trends as fast as one would assume.  Big Data software company, Quoble along with Dimensional Research; recently published an e-book, “An In-Depth Look at Big Data Trends and Challenges”. As the name suggests, the data looks at global data trends in the workplace and the problems that businesses often face.

Among the issues that the research uncovered was, “the realization of value from big data in on-premises environments has lagged expectations, largely due to complexity, cost overruns, steep demands for specialized talent, and need for powerful computing platforms.” While companies may understand the value that big data brings their company; finding qualified candidates and obtaining funds to purchase the computing platforms needed to manage data sets are among the set backs employers are facing today. Nearly 75% of those surveyed sighted a gap between the necessary resources and tools that are available to them. And while 50% of businesses plan to moderately increase their data headcounts in the next year; 83% find it difficult to find the right candidate.  Not only does it take time to find the money to pay for data headcounts; finding the right candidate can often times be complex and time consuming.

The survey found that big data teams’ lack of experience creates a slow progress to get things done. 42% also sight that it is hard to keep up with big data trends and new data sources.  Big Data is constantly expanding. Five years ago machine learning and AI weren’t as mainstream as they are now. BI tools were available but not widely used and companies didn’t have big data teams. In fact their “team” often consisted of one or two data scientists. Big Data’s continuous growth has lead to expansion that many businesses can’t keep up with.

The intention of Quoble’s “An In-Depth Look at Bid Data Trends and Challenges” is  not to solve these problems, but to bring awareness to the issues that companies are facing when it comes to data.  As big data continues to surge, so will an influx of knowledgeable employees and efficient software that will guide the business to succeed in an age where big data is becoming the norm.

To view the full report, go to Quoble’s website and download the free e-book.

Colleagues think of data analysis much in the same way they think about marketing. Which is everyone thinks they are data analysts. With little to no practice they can put together graphs and visualize data at the drop of a hat. When interviewing Dave from accounting he made sure you knew that he has Tableau reader on his desktop which totally means he’s one step away from Tableau certification. Karen from Sales also discussed her extensive knowledge when it came to Excel. Yes, that same Karen who emailed you a month ago and asked how a pivot table worked.

If you’re interested in a career in big data it shouldn’t be daunting, but you should take the time to research and learn the tools and software needed to excel (pun intended) at the job. Data analysis is so much more than filtering data and pretty graphs. It takes someone who is curious and can think analytically to thrive in the job.

In his 2009 book, Now You See it: Simple Visualization Techniques for Quantitative Analysis; author and information technology innovator Stephen Few lists 13 key traits of a data analyst. Among those traits include, self-motivation; open-mindedness; and the ability to spot patterns. An average data analyst can access a data set; scrub the data; and visualize it using one of numerous data visualization platforms available. She then comes to conclusions based on those visualizations and calls it a day. An exceptional data analyst can use that same data set and visualization tools and come to the same conclusions. The difference is that he will ask different questions and hypothesize about why conclusions are what they are. An exceptional data analyst asks why 9 out of 10 dentists prefer Colgate or why Rugby is becoming a more popular youth sport in the United States while lacrosse youth teams are declining.  For them, it isn’t enough that the data shows an increase in Rugby youth teams. They have to know why. Which will ultimately bring them to more questions which will lead to more data sets and more visualizations. In essence, is a data analyst’s job ever really done?

Another factor that separates a mediocre from an excellent analyst is the ability to tell a story. Unless you are speaking to a fellow analyst, chances are spewing out data isn’t going to capture the attention or the comprehension of what the statistics show. In fact, if you go that route, you may be met with a lot of blank stares. It’s important to tailor a narrative to the audience you are speaking to. Crafting a story beforehand makes it easy for your audience to follow and will help you answer any follow up questions that you might receive.

While you may have the skills that make an excellent data analyst, without practice you’ll never truly be outstanding at your job. And with data analysts and scientists being critical to the success of a company, it’s important that you push past mediocrity and aim for excellent. So tomorrow when you go into work remember that not everyone can be an analyst but by methodically thinking, crafting a perfect story from your data sets and asking questions, you’ll be on the road to greatness.

Federal regulators have announced that Twitter will pay a $150 million fine to settle allegations that it illegally used people’s phone numbers and email addresses to sell targeted advertising. So reports NPR.

In a complaint filed in federal court, the Federal Trade Commission and the Department of Justice claimed that Twitter broke a 2011 deal with regulators.

The latest settlement still requires a judge’s approval.

Read the full article from NPR. 

The SEC has proposed a data breach disclosure rule that would require chief information security officers to more quickly assess the impact of a cyberattack. So reports GovInfoSecurity.

The proposed rule would force public companies to notify regulators of a breach within four days of determining the breach is “material.”

With the rule, CISOs would have to talk with the board no later than a day or two after finding out about a breach to decide whether it is "material." This would help the company stay in the SEC’s good graces.

Read the full article from GovInfoSecurity.

The State Department has begun operating a new Bureau of Cyberspace and Digital Policy. So reports CNET.

The move restores an agency setup that had been in place before the Trump administration reorganized, folding a standalone cybersecurity office into an economic bureau.

First announced by Secretary of State Anthony Blinken in October, the new bureau will be led by high-ranking diplomat Jennifer Bachus as principal deputy assistant secretary.

Read the full article from CNET.

Congress has approved a $1.5 trillion omnibus spending bill that includes a mandate for critical infrastructure companies to promptly disclose cyberattacks and ransomware payments. So report Insurance Journal and Cybersecurity Dive.

The legislation, which requires incident reports be sent to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, came under criticism from the FBI, which sought a more direct role.

The rules fit into a wider attempt by the White House and lawmakers to bolster U.S. cybersecurity amid prominent hacks.

Read the full article from Insurance Journal and Cybersecurity Dive.

Several months after the Russian invasion of Ukraine, the war holds a range of early implications for cybersecurity, according to reports.

For one, as The Washington Post reports, while the cyber fallout from the invasion has been less than forecast, it’s clear that every future military conflict will have a cyber component.

Viktor Zhora, the deputy head of Ukraine’s cybersecurity agency, recently highlighted the challenge in an awareness campaign by privacy group Digital Peace Now, as Axios reports. “Cyberspace has no borders,” Zhora said as part of the initiative. “Hackers wear no stripes and can hide their origins. ... There is no doubt that the cyberwar will go on even after the conventional hostilities are over.”

If digital conflict is now an inextricable part of warfare, then Ukraine’s defenses have been bolstered by recent improvements in cyber threat intelligence and end-point protection, according to a report by Microsoft. Meanwhile, Russian agencies have boosted their network penetration and cyber-influence efforts targeting the coalition of countries defending Ukraine.

With a foreword by Microsoft vice chair Brad Smith, the report concludes, “The lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage and influence operations.”

The hacktivist collectivist Anonymous has surprised with the depth and breadth of its cyberattacks against Russian targets during the Ukraine war, as ComputerWeekly.com reports. In Anonymous’ first known campaign against the government of a nation-state, the collective has hacked the Central Bank of Russia, breached the Kremlin’s closed-circuit TV system and disclosed personal information on 120,000 Russian troops. Anonymous has also hit Russian infrastructure and has aired videos of the invasion on state media outlets.

To be sure, Glenn Gerstell, a senior advisor at the Center for Strategic and International Studies and former general counsel of the National Security Agency, recently told The Wall Street Journal that cyberattacks rarely have “a strategic or enduring effect.” More often, Gerstell said, digital incursions lead to temporary setbacks, such as the theft of data or the disruption of a server.

Still, the Ukraine war has brought the military role of cyberattacks into public view, as Marianne Bailey, cybersecurity practice leader at consultancy Guidehouse, recently told InformationWeek. “Cyber is now a weapon of war,” Bailey said.

A recent skid in technology stocks and cooldown for public offerings has led to a wave of layoffs across the sector, and cybersecurity companies are no exception.

At least 15,000 tech-related jobs are being cut, as MarketWatch reports, citing data from startup tracker ​​Layoffs.fyi. Cybersecurity startup Aura’s CEO, Harvi Ravichandran, said his company was keeping a close eye on costs and hunkering down “for years” of macroeconomic challenges such as inflation, war, tangled supply lines and post-COVID fallout. “This is impacting the entirety of the business ecosystem,” he told MarketWatch.

The layoffs come as cybersecurity firms are still seeing record growth amid soaring ransomware attacks, as CNBC reports. Demand for data protection remains strong, but with valuations likely to drop and the IPO market scuttled, some cybersecurity players are finding themselves squeezed for capital.

Lacework, Cybereason, Deep Instinct, OneTrust and Automox are among cybersecurity companies announcing job cuts recently, as CRN notes. Cybereason has confirmed that it is terminating about 100 employees, representing 10% of its workforce. “We were not optimized as a business,” CEO Lior Div told CNBC, citing capital constraints.

Research firm Forrester, in a blog post, argued that the “gilded age of cybersecurity unicorns” is ending. “​​The economic downturn is in its early stages, but it certainly appears as if the hypergrowth phase of the cybersecurity vendor party has come to an end—abruptly,” the blog post notes. Forrester suggested the time is now for security leaders to recruit from vendors in an industry notoriously plagued by a talent shortage.

Indeed, corporate headhunters view the layoff wave as an opportunity to fill openings that languished during the tight job market, as The Wall Street Journal reports. Yael Cosset, chief information officer at Kroger Co., said that while “there is still a massive shortage of talent,” including for cybersecurity roles, the supermarket chain is “making good progress” in its recruitment efforts.

The spread of the collaboration and communications platform Slack, particularly as organizations embraced hybrid work during the pandemic, also raises questions about cybersecurity.

For the first time, most workers now say they prefer real-time communications tools like Slack and Microsoft Teams over email, according to a recent survey by Ziff Davis. Slack customers include 77% of the Fortune 100, according to the company. Slack has even become a forum for job searches.

Yet like any other platform, Slack carries the risks of cyberattacks through misuse of its built-in features or risky behavior, notes Ofer Maor, CTO and co-founder of cybersecurity startup Mitiga.

Writing for Dark Reading, Maor points out that while users have learned to be on the lookout for phishing emails, the open culture of Slack means that most people probably aren’t on guard for suspicious messages from their colleagues. “Therefore,” Maor writes, “compromising a single account in Slack can easily be leveraged to deceive other users and gain additional access—not only to other users but to multiple channels.” As Maor observes, many organizations has sensitive information such as passwords available and preserved indefinitely in channels open to large numbers of users.

Slack users also have access to an array of apps. Maor warns that third-party apps are a serious risk for almost all software-as-a-service platforms, and Slack is no exception.

What’s more, Slack doesn’t preserve a record of messages that are erased. According to Maor, ransomware attackers could use the threat of deleting information as effective leverage for their demands.

To be sure, Maor notes, Slack is a “great platform” with significant investment in security. Still, one example of Slack being used in a cyberattack occurred last year, when scammers stole a trove of data from video game publisher Electronic Arts by duping an employee using the tool, as Motherboard reports.

For improving the security of an organization’s Slack workspace, Maor recommends setting clear policies around private versus public channels, minimizing permissions for third-party apps, backing up Slack content, enabling multi-factor authentication and other advanced security features and keeping Slack logs.

A new report warns organizations that using scripts from third parties and beyond could expose them to malicious “shadow code.”

Researchers from Israeli cybersecurity firm Source Defense analyzed 4,300 major websites. According to their report, websites in the sample averaged 12 third-party scripts and three fourth-party scripts.

Source Defense defined a third-party script as “a JavaScript resource loaded into a webpage to provide functionality beyond the core functionality of the website.”

As CPO Magazine explains, Magecart attacks—the collective term for various groups using malicious scripts to steal payment card information—have surged in prevalence in recent years. In 2018, a Magecart attack on British Airways ended up exposing the personal information of about 500,000 people and leading to a fine of more than $200 million.

“While retail and credit card breaches grab the most headlines, this is a pervasive and relatively unchecked risk to both security and privacy across all verticals,” Source Defense CEO Dan Dinnar said in a statement. “It’s also a fast-growing and extremely volatile issue with regard to sensitive data.”

The financial services industry was the most affected, according to the Source Defense report, with an average of 16 third-party and six fourth-party scripts per site. Healthcare was next, averaging 13 third-party and five fourth-party scripts, along with travel, averaging 13 third-party and four fourth-party scripts.

A survey conducted in fall 2021 by CRA Business Intelligence, part of CyberRisk Alliance, further illuminates the potential threat. Participants included more than 300 IT and cybersecurity decision-makers who use third-parties. Of these, 60% said they experienced an IT security incident in the prior two years due to a security lapse that began with a third party. What’s more, 45% said these exposures cost them $1 million or more.

According to Security Boulevard, shadow code “means the unauthorized use of code derived from internal or external sources to help facilitate software and application development.”