As the cybersecurity industry works to address a shortage of skilled workers, an advertisement backed by the UK government may provide an example of what not to do.

The ad, which encouraged people working in the arts to retrain in cybersecurity, has been abandoned amid backlash online and even within the government, according to reports from The Guardian, The Washington Post and MarketWatch.

Although pulled from the official website, the ad was still easily viewable after going viral on social media with the hashtag “#SavetheArts.” The image displays a ballet dancer tying her shoes. The caption reads, “Fatima’s next job could be in cyber (she just doesn’t know it yet),” followed by the tagline “Rethink. Reskill. Reboot.”

Posted on the website of training firm QA, the ad was part of the UK cybersecurity agency’s Cyber First campaign, which promotes tech training for young people. Oliver Dowden, the British culture secretary, tweeted that the ad was “crass” and did not come from his agency. A spokesperson for the prime minister said, “This particular piece of content was not appropriate and has been removed from the campaign.”

The UK government’s volte-face followed widespread criticism that the ad showed disrespect toward the culture sector, which has been suffering catastrophic job losses. The author Caitlin Moran tweeted: “I don’t know if the government know they appear to have recently created a ‘Hopes & Dreams Crushing Department,’ but for a country already depressed and anxious, I would suggest it’s a bit of a ‘Not now, dudes’ moment?" The shadow health minister, Rosena Allin-Khan, chimed in: “Fatima, you be you. Don’t let anyone else tell you that you aren’t good enough because you don’t conform to their preconceived social norms.”

Meanwhile, a recent survey finds that most people say a career in cybersecurity isn’t for them, despite the sector’s demand for talent. Among 2,500 U.S. and UK workers surveyed by (ISC)2, 69% said that while cybersecurity seems like a good career path, it isn’t the right personal fit.

The world of analytics is changing.  Self-Service Analytical tools like Tableau, Qlik, and Power BI are enabling business users to perform reporting and analytics on their own with little to no support from the IT organization. This trend has evolved due to several factors including:

1)    Organizations are flooded with data and IT organizations are not able to keep up
2)    Easier to use Business Intelligence tools make it more efficient for business users to directly create their reports rather than go through IT for a project
3)    IT organizations analytical projects can take several months when a business needs this information in weeks

This trend has caused the efforts of IT Business Intelligence (BI) teams to spending most of their energy gathering, cleaning, and structuring data for the business to perform their own analytics through a self-service model. In special cases, they provide industrial strength reporting that can scale to thousands of users where trusted verified data is needed.  However, they are still being shown the door when it comes to some of the more interesting work.

What can IT BI teams do to stay relevant and valuable to the business? We have several suggestions that relate to embracing self-service analytics as the new reality and transitioning core competencies of the Business Intelligence team away from purely descriptive reporting and moving to diagnostic & predictive analytics.

Let’s explain that last concept before prescribing several solutions. The current state of most analytics is descriptive in nature and helps answer questions of, “what occurred?” Diagnostic and Predictive Analytics help answer the questions of, “Why did it occur?” and sets the stage to answer, “What can I do about it?”  Diagnostic Analytics helps organizations to not only understand what, but also why and what decisions and actions can be taken to solve for the issue. This type of analytics is more valuable to the business and requires competencies that IT BI teams are uniquely qualified to bring from their years of building analytical solutions.

To enable IT Business Intelligence teams to move up the value chain from providing commodity reports to business driving analytics, we recommend adding these four components:

1. Build out a Data Science capability– Data Scientists are starting to appear in analytical groups within companies. However, they are still not pervasive and the function is understaffed. In addition, most groups within a company cannot justify the cost of a full-time data scientist. By adding data scientists to the IT BI organization, you are creating a centralized team that can provide analytics to underserved parts of the organization.  This team is already focused on creating analytical data structures and reports and adding the ability to derive insights from the data is a natural extension.   
2. Make it about the Decision– In your requirements process, add Decision Architecture Methodology as a capability. Most methodologies for capturing analytical requirements focus on the questions asked of the data to surmise the Dimensions and Facts.  While this gives us great descriptive analytics, but it does not move the company along the analytical maturity curve.  A deeper focus on the decisions that the business makes and thereby centering analytical capabilities around helping to enable actionable insights will move the needle.
3. Add Decision Theory to your analytics– If Data Science helps you turn information into actionable insights, Decision Theory helps you structure the decision process to guide a person to the correct choice. Decision Theory, along with Behavioral Economics, is focused on understanding the components of the decision process to explain why we make the choices we do. It provides a systematic way to consider tradeoffs among attributes that helps us make better decisions. Tools such as thresholds, alerts, decision matrixes, and choice architecture should be considered important capabilities to add to your team’s tool chest.
4. Create a Report Certification process– As report proliferation occurs with self-service analytics, creating a standard for the health and validity of a report is going to be important if the analytics are to be consumed by a broader audience and are to be trusted.  For example, you may have one group create a report with key metrics sourced from uncertified data sources. By putting reports from individual departments through a certification process similar to UL labeling on electrical products, broader consumers will know the level of scrutiny that has been put on the report by Data Governance and IT teams and thereby trust the data and metrics contained within it.

As IT Business Intelligence teams look to move up the value chain in the capabilities they offer to their internal customers, adding addition skillsets, methods, and tools will be a necessity. The capabilities outlined are a great fit for a centralized team to own and this transformation in IT BI teams can speak to the value these enhanced capabilities provide to the business.

Andrew Roman Wells is the CEO of Aspirent, a management-consulting firm focused on analytics. Kathy Williams Chiang is VP, Business Insights, at Wunderman Data Management. They are the co-authors of Monetizing Your Data: A Guide to Turning Data into Profit-Driving Strategies and Solutions. For more information, please visit www.monetizingyourdata.com.

It’s no surprise that big data is on the rise in businesses around the world. Companies routinely use big data to analyze common trends in their practice; enabling them to make sophisticated decisions to ensure their businesses prosper. According to Statista, an online statistics, market research and business intelligence portal; companies routinely use data to drive process and cost efficiency; drive strategy; and to monitor and improve financial performance. When used in these ways, data has the ability to save the company a significant amount of money because they are able to spend their money efficiently.

While data does have the ability to improve a company’s performance; companies just aren’t catching up on the trends as fast as one would assume.  Big Data software company, Quoble along with Dimensional Research; recently published an e-book, “An In-Depth Look at Big Data Trends and Challenges”. As the name suggests, the data looks at global data trends in the workplace and the problems that businesses often face.

Among the issues that the research uncovered was, “the realization of value from big data in on-premises environments has lagged expectations, largely due to complexity, cost overruns, steep demands for specialized talent, and need for powerful computing platforms.” While companies may understand the value that big data brings their company; finding qualified candidates and obtaining funds to purchase the computing platforms needed to manage data sets are among the set backs employers are facing today. Nearly 75% of those surveyed sighted a gap between the necessary resources and tools that are available to them. And while 50% of businesses plan to moderately increase their data headcounts in the next year; 83% find it difficult to find the right candidate.  Not only does it take time to find the money to pay for data headcounts; finding the right candidate can often times be complex and time consuming.

The survey found that big data teams’ lack of experience creates a slow progress to get things done. 42% also sight that it is hard to keep up with big data trends and new data sources.  Big Data is constantly expanding. Five years ago machine learning and AI weren’t as mainstream as they are now. BI tools were available but not widely used and companies didn’t have big data teams. In fact their “team” often consisted of one or two data scientists. Big Data’s continuous growth has lead to expansion that many businesses can’t keep up with.

The intention of Quoble’s “An In-Depth Look at Bid Data Trends and Challenges” is  not to solve these problems, but to bring awareness to the issues that companies are facing when it comes to data.  As big data continues to surge, so will an influx of knowledgeable employees and efficient software that will guide the business to succeed in an age where big data is becoming the norm.

To view the full report, go to Quoble’s website and download the free e-book.

Colleagues think of data analysis much in the same way they think about marketing. Which is everyone thinks they are data analysts. With little to no practice they can put together graphs and visualize data at the drop of a hat. When interviewing Dave from accounting he made sure you knew that he has Tableau reader on his desktop which totally means he’s one step away from Tableau certification. Karen from Sales also discussed her extensive knowledge when it came to Excel. Yes, that same Karen who emailed you a month ago and asked how a pivot table worked.

If you’re interested in a career in big data it shouldn’t be daunting, but you should take the time to research and learn the tools and software needed to excel (pun intended) at the job. Data analysis is so much more than filtering data and pretty graphs. It takes someone who is curious and can think analytically to thrive in the job.

In his 2009 book, Now You See it: Simple Visualization Techniques for Quantitative Analysis; author and information technology innovator Stephen Few lists 13 key traits of a data analyst. Among those traits include, self-motivation; open-mindedness; and the ability to spot patterns. An average data analyst can access a data set; scrub the data; and visualize it using one of numerous data visualization platforms available. She then comes to conclusions based on those visualizations and calls it a day. An exceptional data analyst can use that same data set and visualization tools and come to the same conclusions. The difference is that he will ask different questions and hypothesize about why conclusions are what they are. An exceptional data analyst asks why 9 out of 10 dentists prefer Colgate or why Rugby is becoming a more popular youth sport in the United States while lacrosse youth teams are declining.  For them, it isn’t enough that the data shows an increase in Rugby youth teams. They have to know why. Which will ultimately bring them to more questions which will lead to more data sets and more visualizations. In essence, is a data analyst’s job ever really done?

Another factor that separates a mediocre from an excellent analyst is the ability to tell a story. Unless you are speaking to a fellow analyst, chances are spewing out data isn’t going to capture the attention or the comprehension of what the statistics show. In fact, if you go that route, you may be met with a lot of blank stares. It’s important to tailor a narrative to the audience you are speaking to. Crafting a story beforehand makes it easy for your audience to follow and will help you answer any follow up questions that you might receive.

While you may have the skills that make an excellent data analyst, without practice you’ll never truly be outstanding at your job. And with data analysts and scientists being critical to the success of a company, it’s important that you push past mediocrity and aim for excellent. So tomorrow when you go into work remember that not everyone can be an analyst but by methodically thinking, crafting a perfect story from your data sets and asking questions, you’ll be on the road to greatness.

Virginia has become the second state with a consumer data privacy law, following California. Governor Ralph Northam has signed the Consumer Data Protection Act, as The Hill reports.

The Virginia bill would take effect on January 1, 2023. It would allow consumers to opt out of letting companies use their online data for various purposes, including marketing, as Virginia Business explains. Consumers would also be able to get copies of their online data and change or erase that information. The bill applies only to two groups of corporations: those that hold personal data for 100,000 or more consumers in Virginia and those that earn more than 50% of their income from selling the personal data of 25,000 or more consumers in Virginia.

Virginia’s Consumer Data Protection Act arrives more than two years after California passed its sweeping California Consumer Privacy Act (CCPA).

Cillian Kieran, CEO and founder of privacy compliance startup Ethyca, told AdExchanger that the Virginia law would probably apply to fewer businesses than its California predecessor. As other states and Congress mull their own privacy laws, one development to note is that Virginia’s law moved fast through the General Assembly, with broad-based bipartisan support. That’s according to WilmerHale attorneys Kirk Nahra and Ali Jessani, writing in Bloomberg.

The law isn’t ironclad. Indeed, it “includes an extraordinary number of exemptions,” write Nahra and Jessani. Banks, hospitals or even data analyst firms working for such institutions may be exempt under the law as written, according to the attorneys.

The Virginia measure’s definition of “sensitive data,” substantially borrowed from Europe’s General Data Protection Regulation, includes data revealing ethnic origin, sexual orientation, health and other sensitive facts, as well as genetic data, biometric data, and exact geolocation data. Nahra and Jessani write that many data elements treated as sensitive under the law are not currently treated that way in America. The law’s requirement of “consent” for processing “any” of this data, the attorneys add, “likely creates an untenable situation.”

As Ars Technica points out, Virginia would also not allow private citizens to sue for alleged violations of the law—only the attorney general would be able to advance claims.

Alabama, Arizona, Connecticut, Florida, and Kentucky have all begun moving forward on data privacy bills, notes Mintz attorney Cynthia Larose, writing in JD Supra. Plus, Consumer Reports has drafted a “Model State Privacy Act,” which is like CPRA, except with tougher restrictions on data sharing.

A protracted European Union probe into the transparency of data sharing between WhatsApp and parent company Facebook has made its first big leap toward completion. So reports TechCrunch.

Ireland’s data protection watchdog recently confirmed that in late 2020 it shared a draft decision with fellow EU data regulators.

The draft is only the second such measure from Ireland’s Data Protection Commission, following an investigation into a Twitter data breach that resulted in December in a $550,000 penalty.

Read the full article from TechCrunch. 

Ireland’s Data Protection Commissioner is investigating complaints about how Instagram processes the personal data of children. So reports Yahoo Finance.

The IDPC is the European Union’s regulator for the sweeping data privacy measure known as the General Data Protection Regulation.

A spokesperson for Instagram owner Facebook, which could face a steep penalty if it is found in breach of the GDPR, disputed the underlying complaints, adding they're "in close contact with the IDPC and we’re cooperating with their inquiries.”

Read the full article from Yahoo Finance.

If Facebook, Twitter and other key social media companies can’t lock down their cybersecurity, a regulator should be set up to help them do the job.

That’s according to a report by New York State Department of Financial Services following an investigation into this summer’s hack of more than 100 high-profile Twitter accounts, as TechCrunch and The Hill report.

The NYSDFS criticized Twitter for allowing itself to be compromised so easily by the “simple” technique of hackers calling Twitter employees and claiming to be from the company’s IT department. By comparison, the agency noted that cryptocurrency companies, which it regulates, “responded quickly to block” the spread of the scam.

“The report recommends that the largest social media companies, whose platforms reach millions of people around the world, should be designated as systemically important institutions with prudent regulation to manage heightened cybersecurity risk," according to a press release. Twitter also comes under fire in the report for not having a CISO when the hack took place. Mike Convertino departed last December, and the company announced in September that it had filled the post by hiring Rinki Sethi.

“Despite being a global social media platform boasting over 330 million average monthly users in 2019, Twitter lacked adequate cybersecurity protection,” the NYSDFS wrote. “At the time of the attack, Twitter did not have a chief information security officer, adequate access controls and identity management, and adequate security monitoring—some of the core measures required by the Department’s first-in-the-nation cybersecurity regulation.”

In a statement to Cyberscoop, a Twitter spokesperson said: “Protecting people’s privacy and security is a top priority for Twitter, and it is not a responsibility we take lightly. As we shared on September 24, 2020, we will continue to prioritize and accelerate our efforts to increase the security of our platform and how our teams work. We have been continuously investing in improvements to our teams and our technology that enable people to use Twitter securely.”

Separately, Twitter sustained a global outage on October 15, as Bloomberg reports. Service was out for about an hour and a half. The company said it was investigating the issue and that it saw no evidence of a breach.

Twitter is also awaiting the results of a European probe into a data breach disclosed in January 2019. As The Wall Street Journal reports, it will probably be next year before the European Union’s privacy regulators publish a final ruling in the matter, which could generate a fine of as much as 2% of global revenue.

Information technology jobs, and especially IT security roles, should be in demand for the rest of the decade amid the rise of remote work, a government report predicts.

According to the report from the Bureau of Labor Statistics (BLS), employment growth for the “computer systems design and related services industry” will be an estimated 26.1% in a baseline scenario, compared with 3.7% for all industries.

That would increase industry employment by 574,500 to a total of 2.8 million in 2029. Under more optimistic scenarios, the BLS predicts the 10-year employment growth rate through 2029 rising as high as 31.8%. “In the baseline projections, information security analysts were among the top 10 fastest growing occupations,” the report reads. “The increase in telework and robust demand for work-related digital security are expected to make these analysts the fourth-fastest-growing occupation in either alternate scenario.”

CIO Dive, which previously reported on the BLS projections, notes that it’s uncertain where the industry will find these new workers. Lisa Walker, VP of brand and workforce futurist at cloud company Fuze, told the publication that COVID-19 has driven “essentially a five-year acceleration in what we’ve been seeing in flexible work.” She said remote work and other flexible working arrangements will be key for companies seeking top talent.

On an anecdotal level, information security hires certainly continue apace. Cisco, for one, has promoted longtime engineer and trust strategy officer Anthony Grieco to the role of chief information security officer, succeeding Mike Hanley, who is headed to a new job outside the organization, as Business Insider reports.

The California State Lottery is also seeking a chief information security and privacy officer, according to Techwire. Meanwhile, Credit Suisse has posted a job listing for a VP of information security risk and regulatory governance.

A debate has broken out among cybersecurity professionals over the use of the term “black hat” after a Google executive called attention to the issue. Earlier this month, David Kleidermacher, a vice president of engineering at Google in charge of Android security and privacy, announced he was withdrawing from a planned speech at the long-running Black Hat USA conference.

Citing a need for society to adjust how it talks in support of racial justice and equality, Kleidermacher called for changing the familiar information-security terms “black hat” and “white hat.” Beyond race, Kleidermacher also suggested that “man in the middle” attacks should be called “person in the middle” attacks. “These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias,” Kleidermacher wrote in a series of tweets. “Not everyone agrees which terms to change, but I feel strongly our language needs to (this one in particular).”

As ZDNet reports, Kleidermacher’s call for more neutral language came as Google, Microsoft, Twitter, LinkedIn, GitHub and others have announced plans to change their technical language in the wake of the Black Lives Matter protests. Terms such as “master,” “slave,” “blacklist” and “whitelist” have been going the way of the fax machine.

A “vast majority” of the information security community reportedly took issue with Kleidermacher’s sense, arguing that the origins of the terms “black hat” and “white hat” relate to cowboy movies rather than race specifically. Kleidermacher wrote that the need for change had “nothing to do” with the terms’ origins. “Those who focus on that are missing the point,” he tweeted. “Black hat / white hat and blacklist / whitelist perpetuate harmful associations of black=bad, white=good.”

As Yahoo reports, hackers worried about racial justice pushed for more opportunities for Black hackers, pointing on Twitter to “huge danger that we waste the moment shuffling words around instead of changing power systems.”

Critics also slammed Kleidermacher’s stance as “performative” and “virtue signaling,” as Infosecurity Magazine reports.

In May, the UK National Cyber Security Center updated its terms, swapping out “blacklist” and “whitelist” for “deny list” and “allow list.”

As many workers have been doing their jobs remotely to try to curb the spread of the coronavirus pandemic, students too have been attempting to do their learning from home.

While cybersecurity watchers have been sounding the alarm for weeks now about the risks of remote work, some are now also calling attention to the unique challenges of e-learning.

Bernie Acre, chief information officer for the city of Bryan, Texas, recommends not having children use a work computer, as KBTX reports. The kids, he reasons, run a bigger risk of potentially infecting the computer by clicking on malicious sites. “Make sure those computers are being used in a public area in the home,” Acre suggests. “Do not let them go into another room and connect to the WiFi because who knows what kids will end up getting themselves into by accident.”

Acre recommends further securing the data on a family’s computers and phones by setting up separate networks for each member, possibly even a guest network. For remote workers or remote students alike, Acre emphasises the importance of keeping software completely up to date to keep out hackers.

Kansas City, Missouri’s school system has ramped up its security precautions, reports EdTech Magazine. Joe Phillips, director of technology for Kansas City Public Schools, says the district has implemented endpoint threat detection on all of its devices, among other network security solutions, to get ready for remote education. The onus, as always, is on employees—teachers and staff—to maintain good cybersecurity practices to safeguard confidential information.

Beyond children, the prevalence of remote cybersecurity training during the COVID-19 health crisis could reshape how workers learn overall, driving a rise in e-learning, reports FedScoop.

“The discussions I’m hearing at the moment are less about the training needs and more about how the entire learning ecosystem could be fundamentally changed,” says Rodney Petersen, director of the National Initiative for Cybersecurity Education. “And cybersecurity could become the pilot for how that is implemented and rethought in this current environment.”

Charges that U.S. officials have leveled at a Russian group calling itself Evil Corp. may drive home the potential rewards of cybercrime.

Federal prosecutors recently unsealed an indictment against two Russian nationals, Maksim Yakubets and Igor Turashev, who are alleged to be running the organization. U.S. authorities are offering a reward of up to $5 million for information that leads to the arrest of the two men, according to a recent BBC article. That amount may be small change compared to the vast sums that law enforcement officials accuse Yakubets and Turashev of stealing from others’ bank accounts using malware: an estimated $70 million, according to an ARS Technica article.

Yet, the lifestyle these men allegedly lead appears to illustrate the incentives for those inclined toward cybercrime—and the challenge that information security professionals face in trying to keep hackers out of their data.

Rob Jones is director of the cyber crime unit at the National Crime Agency in the United Kingdom, which is one of 43 countries in which a total of 300 or more organizations have been affected by Evil Corp.’s theft, according to a recent CNN article. Jones said that Yakubets and Turashev ran with a crew that likes to live large. “We’ve been able to identify an online presence for associates of these individuals... which gives you a very good pen portrait of their behavior and the type of lifestyle they lead, which is cash-rich, fast cars, behaving and acting like very flamboyant and extravagant millionaires,” Jones said.

A news release from the NCA even shows Yakubets flaunting his “customized Lamborghini supercar with a personalised number plate that translates to ‘Thief.’”

As The Washington Post concludes, based on the indictments, “Cybercrime definitely pays. At least in the short term. And for the guys at the top.”

In addition to the criminal indictments, the U.S. Treasury Department also announced new sanctions on the Evil Corp. organization.