Author Archives: DFM Team2

The automotive sector is on the cusp of a huge wave of change, rivalled only by historic moments such as Ford Model Ts rolling off the construction line or the deep-seated impact of the 1973 oil crisis. This time, however, it is not just one technological frontier disrupting the sector, but multiple innovations that are already making their mark.

Insurance Nexus by Reuters Events have produced the Connected Auto Insurance 2020 report to make sure Auto insurance businesses; personal or commercial, can deliver on customer expectations and maximize the opportunities that available technologies like telematics, IoT, AI and analytics offer.

As well as gaining insight from over 1200 North American insurance executives, get the detail on what this means for an insurance organization from industry experts, including:

• Shannon Lewandowski, Innovation and Digital Team – IoT, American Modern
• Lorenzo Morganti, Big Data/AI Senior Project Lead, AXA
• Glen Clarke, Head of Transformational Propositions, Allianz
• Eugene Y. Wen, Vice President, Group Advanced Analytics, Manulife
• Amrish Singh, Vice President of Product, Enterprise, Metromile
• Allison Whittington, Head of Housing, Zurich Municipal

And many more…

Download the report now

By downloading the report readers can discover the vital strategic steps you must take in 2020 in order to keep pace with an ever-evolving Auto insurance ecosystem; validated by industry statistics based on 1200 insurance carrier executives and technology leaders.

Justify next steps for investment with 7 easy-to-decipher infographics that clearly demonstrate technology trends, carrier ambitions, investment strategies and partnerships and learn from your peers through 3 in-depth case studies focussing on ‘Open APIs Open Up Business Opportunities,’ ‘Tracking Through Tags, Pulses and Apps,’ & ‘Enabling Mobility-Based Insurance.’

You can also access exclusive viewpoints including James Spears’ take on ‘OEMs Muscling In: The Battle for FNOL’ so that your next step towards OEM collaboration is informed and profitable.

Understand the ‘state of the industry’ and where it’s heading through a wealth of articles, commentary, and debate on the impact of OEMs and how carriers will respond, new models of car ownership, autonomous vehicles and commercial fleet developments so that you remain on the cutting edge.

Have any comments? Get in touch and learn about the Auto Insurance USA conference, April 16-17, Chicago. Website viewable here: https://events.insurancenexus.com/auto/

(169)

Cyan Forensics – the Edinburgh-based company aspiring and working towards a world where there is no place that harmful digital content can be easily hidden or shared – has announced that Paul Brennan is taking over as chair to guide through its next level of growth.

Cyan Forensics’ digital forensic analysis tools finds child sexual abuse images on devices within minutes and their product is currently being rolled out to police forces across the UK. Its products can also be applied in the field of counter terrorism and by social media and cloud companies to find and remove harmful content online.

Brennan offers a wealth of commercial experience helping to steer technology organisations into the international arena, with particular focus on the US and Europe. Former chair Simon Hardy will remain on the board continuing to bring with him experience from more than a decade of providing high technology solutions to law enforcement worldwide. Hugh Lennie, Cyan Forensics’ Chief Finance Officer (CFO), also joins the expanded board line up to bring his extensive experience of building, growing and exiting businesses.

Paul Brennan, new Chair of Cyan Forensics, comments: “I am delighted to have the opportunity to help shape Cyan Forensics’ forward momentum. Cyan Forensics’ technology has multiple applications to offer solutions that can make a real difference to protect people from online harms. The company has seen much success in its first three years’ of business and I look forward to supporting their expansion following a recent contract with the UK Home Office and into new markets in Northern Europe and the US.”

Ian Stevenson, CEO of Cyan Forensics, said: “We welcome Paul Brennan and Hugh Lennie onto our board, and are fortunate to retain the experience of our former Chair Simon Hardy. We are at an exciting stage of growth where our product is going into many police forces across the UK to help catch paedophiles much faster, and we are now in a strong position to enter the European market, as well as making greater in-roads in helping law enforcement in its fight against counter terrorism.”

Cyan Forensics was founded in 2016 by Bruce Ramsay, a former police forensic analyst and now the company’s CTO, and CEO Ian Stevenson. Last month the business confirmed a successful new round of funding from Triplepoint, Mercia, Social Investment Scotland Ventures, the Scottish Investment Bank and private investors, bringing the total raised by the company to £2.8m.

Last year Cyan Forensics announced partnerships with America’s National Center for Missing & Exploited Children and the UK Home Office’s Child Abuse Image Database (CAID).

Cyan Forensics is addressing a huge and growing problem for society. At the end of 2019 the WeProtect Global Alliance Threat Assessment report announced that there are 750,000 individuals estimated to be attempting to connect with children across the globe for sexual purposes online at any one time. Technology companies also reported a record 45 million online photos and videos of child abuse last year, that number was less than a million just five years ago, and is more than double what was reported the previous year, according to the National Center for Missing and Exploited Children (NCMEC).

(240)

(471)

Organisations are detecting and containing cyber attacks faster since the introduction of GDPR in 2018, according to a report from FireEye Mandiant. In the EMEA region, the ‘dwell time’ for organizations- the time between the start of a cyber intrusion and it being identified- has fallen from 177 days to 54 days since the introduction of GDPR. There has also been a decrease in dwell time globally, which is down 28 percent since the previous report. The median dwell time for organizations that self-detected their incident is 30 days, a 40 percent decrease year on year. However, 12% of investigations continue to have dwell times of greater than 700 days.

Jake Moore, Cybersecurity Specialist at ESET:

“It’s great to see a positive GDPR story – and this is exactly what it was designed to help with. Dwell times have notoriously been longer than they should be over the years, but this statistic really shows that GDPR regulations are working, and that organisations are becoming more secure in the process. GDPR shouldn’t be seen as an inconvenience, but instead as a remedy to improve security. There is simply no excuse to have a dwell time of over 700 days and I would imagine that the 12% of companies that do would require a serious security overhaul.”

(209)

Commenting on this, Sam Curry, chief security officer at Cybereason, said “In the case of the ISS World ransomware attack, and all ransomware attacks for that matter, corporations can either become a hero or a villain. In the adrenaline rush of “crisis mode,” I hope the executives and security staff of ISS World choose to be heroes by protecting employees, being transparent and erring on the side of doing the right thing. We all hope for minimum damage, rapid recovery and strengthening of ISS World in the wake of this and of peers from their experience when the dust clears. In any cyber attack, transparency and clarity is what matters and like so many others we’ll wait to hear more in the coming days. Recently, Travelex suffered a significant breach and leadership was widely criticized for a slow response. That criticism was coming from pundits without specific knowledge of the incident. Let’s not “bayonet the wounded” because being a target and a victim is happening more and more frequently. Organizations today need to take a much more proactive approach to cyber hygiene by actively hunting for anomalies in their networks. Preventing, detecting and responding to incidents has to highest on the list of steps being taken to minimize and reduce high impact breaches.”

(261)

(129)

(125)

(240)

The world as we know it is rapidly being impacted by A.I.-driven technology. It was only a decade ago when smartphones came to prominence, and now, the A.I. landscape is slowly hogging all the spotlight.

Markets rise and fall based on predictive algorithms, smart homes perform menial tasks based on people’s behavior and self-driving cars drive more accurately by the day, among other uses.

These innovations have been made possible by increased internet speeds, stronger computing hardware, and the rise of technologies like Edge and Cloud Computing.

However, all of the benefits come with equivalent hazards. Now that our personal data is situated in the cloud, it’s more vulnerable than ever to theft.

That’s why it’s not surprising that a heavy emphasis on cybersecurity and secure server practices have been strictly adhered to in recent years.

But, before we dive right in to how A.I. fits in the whole cybersecurity puzzle, we first need to discuss the individual concepts in their current state.

White Hat, Black Hat

Cybersecurity, as a whole, encompasses a wide range of aspects from the hardware-level all the way to the social-level. It serves as a direct response to the malicious practice commonly known as hacking.

While hacking itself is an even more general term, ranging from phishing scams to malware attacks, hackers themselves aren’t all bad.

“White hat” hackers, for instance, use the same toolkit and adhere to the same practices as their more hostile counterparts, but their intent leans towards the improvement of security rather than breaking it.

Penetration testing or (Pen test), otherwise known as Ethical Hacking or White Hat Hacking, is conducted by white hat hackers to combat the threat of malicious hackers, commonly known as “black hats.”

Pen testing is an authorized simulated cyberattack on a computer system with the main goal of detecting vulnerabilities and weaknesses of a system.

The whole process is an end-to-end test that starts from gathering the necessary information all the way to reporting all of the detected weak spots.

Contrary to popular belief, penetration testing doesn’t just involve hardware and software components, it also employs social engineering tactics to weed out weak employees.

White hat hackers who conduct social engineering penetration testing do this by deceiving employees into giving out sensitive data or perform actions that will create security weaknesses that allow the hackers slip through. 

Automate Everything

Unfortunately for white hat hackers, their black hat counterparts are up-to-date on the latest cutting-edge technologies themselves.

A.I. is being used as drones for large-scale bot networks (or botnets) to enact massive Distributed Denial-of-Service attacks, among many other illicit activities.

In order to keep up with the pervasive threat, white hat hackers must be willing to keep up and adapt to the ever-changing landscape.

But, as with other industries that are automatable, there is a looming question of whether or not Artificial Intelligence would eventually replace the human aspect of penetration testing.

To answer that, we first need to examine the current state of A.I and how it could supplant the need for manual intervention.

Even though science fiction novels and movies have led us to believe that A.I. would be so advanced in the present day that they could easily pass as humans, unfortunately that’s not the case.

Chatbots have made great strides over the last decade, but they have a long way to go before they effectively mimic the way humans speak.

It’s an underrated aspect but one that could make or break the social engineering part of spoofing potential attack vectors.

On the plus side, A.I. can sift through a hundred thousand lines of data in a matter of seconds. Even the search parameters doesn’t have to be extensive since they can adjust on-the-fly.

Throw in a good Optical Character Recognition (OCR) plugin and they could easily have the ability to read text in pictures and handwritten notes.

Unlike humans that get tired, A.I. can run 24/7 non-stop. Plus, they could easily multiply and are highly extensible. You wouldn’t need to pay them for their services as well.

All of these are highly relevant to the information gathering process when performing penetration testing.

However, given the unpredictability of human emotions and the probability of human error, tactics would need to be adjusted on-the-spot given whatever context presents itself.

This is something that A.I. could eventually learn to analyze, but currently their models need to be trained further to cater to the inherent randomness.

Given a proper setup, A.I. can seamlessly interface to different systems and it can follow its protocol exactly as it was designed – leaving none to minimum margins of error.

A.I. decision making might be rigid (to an extent), but it is objectively infallible, especially compared to humans. Not to mention, it can generate extremely detailed reports in a blink of an eye.

Humans are prone to error, lapses in judgment and, depending on the sensitivity of the information to be handled, hard to trust than technology that can be programmed or designed to “learn” new information.

These glaring weaknesses can be easily bypassed through the use of A.I. So, why hasn’t A.I. fully taken over this whole process yet?

Man and Machine Working Together

Even though A.I. has come a long way in the past two decades, it still has a long way to go before it can fully take over the different types of penetration testing processes.

Despite the growing stack of benefits, the biggest argument against handing complete control of penetration testing to A.I. is its reliability.

While the A.I. can follow a set of instructions, it can easily be exploited by hackers that are prepared to take on the automated defense system.

Here’s an example of how hackers can carry out their attack on AI-based cybersecurity systems. 

Machine learning – an application of A.I. – learns and gets “smarter” by observing patterns found in data, and making assumptions about its meaning – whether on a large neural network or on individual computers. 

So if a certain action within computer processors occurs at the same time that particular processes are running, plus, the action gets repeated on the specific computer or neural network, the system will learn that the action means that a cyber-attack is happening. 

This also prompts the system that the necessary actions need to be taken to address the attack.

The tricky part though is that A.I. – savvy malware, for instance, can insert false data for the security to read – the goal of which is to disrupt the patterns that machine learning algorithms utilize to make their decisions.

This means that fake data could be injected into a database to make it seem like a process that’s copying sensitive information is part of the regular IT system routine, and therefore, can just be ignored.   

Thus, A.I.-centric approaches might be the future decades down the line, but for the time being, human-led pen testing still remains as the go-to for many prominent companies.

But, that doesn’t discount what A.I. can do for pen testing today. While it may not be a viable alternative to give it autonomy, pen testers could still leverage A.I. as a tool to aid their practices.

As mentioned earlier, A.I.-supported information gathering can help ease the burden of having to sift through piles of information. That would leave human pen testers more time to focus on other aspects.

White hat bots can be employed to combat malicious bots, and automated sniffers can be used to detect fraudulent sites before they can do any significant damage.

Reports can be automatically generated and steps can be easily documented with the help of automated tools.

A.I. – powered tools are also used to “look at” rendered web pages to determine the ones that most likely have actionable leads. 

The current penetration testers’ method are to do this task manually – which can take up a lot of time since they have to check each screenshot one at a time. 

With the latest AI technology, however, and deep neural networks, performing this task – visually inspecting web-pages – can now be done through an automated process.  

There has never been an easier time to get into penetration testing. If you’re interested to start a career, you can read up on tech articles to help you get started on your journey.

Don’t feel too pressured that you need to catch up quickly with the latest trends. There’s a lot of ground to cover and you would need a lot of time to practice.

What’s next?

While it might be tempting to go for a DIY approach when it comes to protecting your site against cyber attacks — especially since there are a lot of available tools out there in the market — you might do yourself more harm than good.

For the most part, it is a good practice to work with reliable cyber security companies that do penetration testing since they have specialists who work on cybersecurity day in and day out.

With the help of experts running pen tests on your network, your network security is bound to get rid of its security gaps.

(400)

(104)