Monthly Archives: March 2018

The May 25 deadline for the EU’s General Data Protection Regulation (GDPR) is fast approaching, and all companies in the EU as well as those that deal with EU residents must comply with new data privacy laws, or face a fee. However, 65% of organizations are still not confident that their GDPR data will stay within the EU, according to a Tuesday report from Solix Technologies.

A recent UK government report found that less than half of businesses are aware of the upcoming GDPR laws, or what they mean for how information security is handled, as reported by ZDNet. This could pose a major financial problem for businesses, as non-compliance can result in fines of up to 4% of a company’s global annual revenue, or €20 million, whichever is higher.

Today, 22% of organizations said they are unaware that they must comply with GDPR, even if they are based outside of the EU but hold data of EU citizens.

“Based on our survey data, it’s clear that the majority of organizations are not currently prepared to meet GDPR requirements,” John Ottman, executive chairman of Solix Technologies, said in a press release. “There is an urgency to take steps now, as the enforcement deadline quickly approaches and applies to anyone who is currently operating with EU customers.”

Confusion still reigns over the GDPR’s “right to be forgotten,” as noted by ZDNet. This right allows an individual to request the deletion or removal of personal data when there is no longer a “compelling reason” for it to exist, according to the UK’s Information Commissioner’s Office.

Some 65% of organizations said they are unsure if an individual’s personal information is purged from all systems, forever, under this rule, the Solix report found. And 53% of organizations said they are not confident that processing of all personal data is based on explicit permission provided by the individual.

Further, 38% of organizations said that all their personal data under the new GDPR rules is not protected from misuse and unauthorized access at every stage in its lifecycle. And while 82% of organizations said they know where their sensitive data is stored, only 55% maintain audit trails for data consents, collections updates, and deletion.

via:  techrepublic

Microsoft’s year-old Healthcare NExT research organization is stepping up its work to make Microsoft’s cloud and AI services applicable to health researchers and doctors.

While Amazon and Apple are looking at healthcare from the employee-consumption side, Microsoft is focusing on using its cloud assets to meet the needs of researchers and doctors.

Last February, Microsoft announced it was creating a new healthcare-focused research unit, Healthcare NExT. On February 28, a week ahead of the HIMMS (Healthcare Information and Management Systems Society) medical IT conference, Microsoft is rolling out more healthcare “intelligent health” services and software.

Microsoft is making its Microsoft Genomics service generally available as of today. This service, which runs on Microsoft’s Azure cloud, is a precision medicine/genomic-processing service for medical professionals. Microsoft additionally is making generally available as of today its Azure Security and Compliance Blueprint for HIPAA/HITRUST. This guidance document is designed to help health organizations move to Azure while handling sensitive data.

Microsoft also is publishing new developer templates under the “Microsoft 365 Huddle Solution” brand. These templates are for Microsoft Teams and meant to enable health professionals to better use Teams in creating and maintaining their workflows. And the company is working on a research collaboration with UMPC to create a “Project Empower MD” system to reduce the task of note-taking for physicians.

Microsoft made its initial foray into healthcare over a decade ago, but ended up retrenching and selling off most of the health assets it originally acquired. Recently, the company announced it was dropping its HealthVault Insights applications, but is applying lessons learned about increasing patient engagement using machine-learning to other healthcare initiatives, officials said.

While Microsoft continues to operate its HealthVault patient-records system, the focus for the Healthcare NExT organization is first and foremost about applying the huge amounts of cloud processing power and AI smarts to the growing amount of health data out there.

“We make equity investments, we do commercial agreements, but we are very research-focused,” said Peter Lee, Corporate Vice President and head of Healthcare NExT “We are not a profit and loss center for Microsoft. This organization was Satya’s (CEO Satya Nadella) and Harry’s [research chief Harry Shum] idea.”

Lee said his ultimate challenge is to harness all of Microsoft’s AI products and services and turn them into viable health services. But don’t expect Microsoft to use the same tactic to create a Retail NeXT or Insurance NExT research organization. Healthcare got the spotlight because, at least in part, of Microsoft’s increasing and very public mission of doing good.

via:  zdnet

Businesses can be exposed to vulnerabilities when professionals prioritize a deadline over security, according to research from Threat Stack.

More than half of companies admit to loosening security measures to expedite projects or meet deadlines, a new Threat Stack report found.

In a survey of over 200 executives, 52% said their company had prioritized a deadline or objective over the firm’s security. The emphasis on speed over security could leave holes in a project, leaving a company vulnerable.

The focus on speed comes from pushback on both sides of a project, the report found. Over two-thirds—68%—of respondents said their CEO asks the DevOps and security teams to not do anything that would slow a project, while 62% said their operations team sometimes fights new security efforts.

he majority of respondents said SecOps is important for their organization, but only 35% said it was a complete or mostly complete project at their company. At 18% of companies, SecOps isn’t established at all, the report found.

“The vast majority of companies are bought-in, but, unfortunately, a major gap exists between intent of practicing SecOps and the reality of their fast-growing businesses. It’s important that stakeholders across every enterprise prioritize the alignment of DevOps and security,” Brian Ahern, Threat Stack CEO, said in the press release.

Most of the challenges come from organizational alignment, the report found, as DevOps and security teams might be operating in different silos.

The discrepancy suggests companies should agree and focus on security to ensure their company remains safe, even under pressure from a deadline or the competition.

via:  techrepublic

Providing health services to a widely-dispersed population can be a challenge. Here’s how AI can help when there aren’t enough medical professionals to go around.

China’s population, which in 2016 had 793 million urban residents and 590 rural residents, is spread out over a land mass of 3.7 million square miles.

By 2010, 93% of the rural population had healthcare coverage, but providing rural medicine and timely healthcare to rural regions persist. This is where analytics can make a difference.

“We wanted to take analytics, artificial intelligence and deep learning technologies and use them to better understand different medical conditions, how to diagnose them, and how to treat them,” said Kuan Chen, founder and CEO of Infervision, a Chinese artificial intelligence and deep learning company that specializes in medical image diagnosis.

Analytics, artificial intelligence, and deep learning are put into play by analyzing medical images and reports on different pathological conditions, and then coming up with different models and sources of treatment and medical interventions based on common patterns that are assembled from studies of thousands of patients in China’s urban hospitals. “These models use deep learning to ‘learn’ from the data and continuously improve their diagnostic capabilities,” said Chen.

The first disease that Chen targeted was lung cancer, with the software being able to locate hard-to-detect or hidden nodules in the lungs that could prove to be cancerous.

Now the task at hand is providing a similar diagnostic and medical intervention tool for strokes, which can especially be useful in rural areas where qualified medical practitioners are scarce.

How important is this?

“In many rural areas in China, there are no trained radiologists who can help stroke victims,” said Chen. “And in other areas of the world, like the US, radiologists make an average of $375,000 a year, so they are very expensive.”

Chen says that the feedback he gets from hospitals is that younger radiologists and medical practitioners rely heavily on AI, while older practitioners prefer to use it as a second opinion that they cross-check against their own.

“In a stroke, you want to respond to the condition as quickly as possible,” said Chen. “It might take 30 to 35 seconds in a standard process to generate a report on the condition so treatment can be determined. With our tool, that time is cut to less than three seconds.”

The use of deep learning and expanded analytics also expand the spectrum of diagnosis, which can lead to better results.

“In one non-stroke case that involved diagnosis and treatment of a bone fracture and a degenerated area of bone, the standard approach is to treat the affected area itself,” said Chen. “With analytics and AI, a system can focus on different areas of the body that are far removed from where the problem is to see if these other areas could be affecting the condition. If it is a problem that is being generated far from the fracture itself, the analytics allow us to treat causes of the condition, and not just symptoms.”

Here are some best practices hospitals and clinics can adopt as AI and deep learning tools evolve:

Deploy the tool where help is needed most

If there is an acute shortage of medical practitioners in a specific region, analytics and AI can help in situations like stroke intervention and treatment, and the chances for success for patients will improve.

Use the tool for training

Radiologists and medical practitioners must develop knowledge and experience before they can become expert diagnosticians. An analytics and deep learning tool can assist in the training process because users can compare their own findings against what the system finds in numerous scenarios.

Learn to expect the unexpected

You might think you are going to treat one condition and end up treating another. The bone fracture that Chen mentioned, where the system actually found the causal problem in a different area of the body, is a prime example. This is why medical practitioners should keep their minds open.

Never forget that AI and deep learning tools are still developing

Just because a system uses AI, deep learning and analytics doesn’t mean that is it always right. Medical practitioners should use these systems as assistants and not as undisputed authorities, because there are some areas where a machine can’t be a replacement for human thought and reasoning.

via:  techrepublic

Security professionals still struggle to prevent attackers from breaking into internal networks, according to a CyberArk report.

Despite an increasingly sophisticated cyber threat landscape, organizations are failing to proactively update their security defenses, according to a new report from security firm CyberArk. Some 46% of the 1,300 IT professionals and business leaders surveyed said that their organization’s security strategy rarely changes substantially, even after suffering a cyberattack.

Further, 46% of security professionals said that their organization can’t prevent attackers from breaking into internal networks each time a hack is attempted, the report found. And only 8% of security leaders said that their company continuously conducts penetration testing to determine where vulnerabilities may sit.

“In medium to large organizations especially, there is a need for security teams to reset expectations around where security priorities and spend should be focused,” the report stated. “These findings support the dangers of inertia, with organizations not taking the initiative to make necessary changes following an attack.”

Organizations are also failing to protect privileged credentials and data in the cloud, the report found. While 50% of IT professionals said their organization stores business-critical information in the cloud, 49% said they have no privileged account security for the cloud—so they are storing data in the cloud, but not taking additional steps to protect it.

In terms of protecting passwords, 36% of companies reported that administrative credentials were stored in Word or Excel documents on company PCs, 34% said they were stored on shared servers or USB drives, and 19% said they were stored on printed documents in physical filing systems.

Many organizations are also failing to adequately protect endpoints, the report found: Only 52% of IT security professionals said they keep their operating systems and patches current, and 29% employ whitelist application controls.

As professionals reported the greatest security threats facing their organization are targeted phishing attacks (56%), insider threats (51%), and malware and ransomware (48%), it’s important for companies to remain vigilant about cybersecurity best practices.

via:  techrepublic

The GSMA’s Peter Montgomery explained how the combination of mobile data, big data, and information from clinics could help stop the spread of disease and illness in India.

One of the things the GSMA tried to highlight at Mobile World Congress 2018 was the place where tech legitimately can do good—for example in helping drive efficiencies in public health so that resources can stretch to have a bigger impact.

Montgomery said, “The GSMA is doing a lot a work around sustainable development and humanitarian work. And one of the projects we’ve been looking at is using the mobile networks to understand how that can better treat things like the outbreak of tuberculosis. So in India, approximately 1,400 people die every day from tuberculosis. And we’ve been looking at how we can use mobile data, big data, and information from clinics on the ground to better treat and eradicate the disease.

“We obviously have information on the ground that comes in from the various clinics. And we can look at that data to see where the outbreaks and the hotspots of tuberculosis are. So we know where the red zone is, where there’s a large density population of TB, and the green zones, where there’s less. And then if you look at the mobile data—the information from the mobile networks—you can understand anonymously the commuter patterns. Are people moving from a low-risk area into a high-risk area? And then looking at that even further, you can understand. But how do we address that? Do we need to educate people on that route? Do we need to put more clinics into our region? And then you begin to treat the cause and the root cause of it.”

Montgomery added, “Obviously this was run as a proof-of-concept with a view to be rolling out. You’re looking at how do you better spend the resource, so instead of blanket-treating the entire country, you can begin to work where there are target areas that we need to really address. What are the hotspots, and how do we then best [treat] those? Is it through education? Is it through a different approach on the medical side of things? And you can make informed decisions about what needs to be done on a more granular basis. Rather than spreading a lot a resources very thinly, you can target specific areas that need treatments really badly.”

via:  techrepublic

Close scrutiny of tech operations can uncover cybersecurity gaps before deals close.

Automatic Data Processing Inc. deployed a team of cybersecurity, risk management and financial-crime specialists to WorkMarket before acquiring it in January.

The ADP team combed the software maker’s technology, practices and internal policies. It also interviewed staff about monitoring for intrusions, training employees and performing other security tasks. The payroll processor also hired a cybersecurity firm to do its own evaluation.

Security problems, said ADP’s chief security officer Roland Cloutier, could kill any deal.

“If we found out data was exfiltrated, we may walk away,” he said. “We’ve looked at a lot of companies and only purchased a few. Security always plays a part.”

Companies are intensifying due diligence of acquisition targets to avoid costly cybersecurity surprises, particularly when intellectual property, such as software code or customer data drive the deal.

Scrutiny will continue as merger and acquisition activity heats up on expectations of extra cash from lower corporate tax rates. As of late February, 18 transactions valued at more than $5 billion each have been announced — up from 10 such big deals during the same period in each of 2017 and 2016, according to Dealogic.

Gaps in data protection, undiscovered breaches, regulatory violations and other holes in a company’s technology operations can threaten transactions. Such problems can also decrease the value of a deal or leave an acquirer liable for problems after a merger.

Security problems, said ADP’s chief security officer Roland Cloutier, could kill any deal.

“If we found out data was exfiltrated, we may walk away,” he said. “We’ve looked at a lot of companies and only purchased a few. Security always plays a part.”

Companies are intensifying due diligence of acquisition targets to avoid costly cybersecurity surprises, particularly when intellectual property, such as software code or customer data drive the deal.

Scrutiny will continue as merger and acquisition activity heats up on expectations of extra cash from lower corporate tax rates. As of late February, 18 transactions valued at more than $5 billion each have been announced — up from 10 such big deals during the same period in each of 2017 and 2016, according to Dealogic.

Gaps in data protection, undiscovered breaches, regulatory violations and other holes in a company’s technology operations can threaten transactions. Such problems can also decrease the value of a deal or leave an acquirer liable for problems after a merger.

Problems can arise even years later. FedEx Corp. moved quickly last month to secure a server that exposed data from customer driver’s licenses and passports. FedEx inherited the server when it bought e-commerce service Bongo International in 2014.

Four or five years ago, cybersecurity due diligence consisted of asking a few questions in a short phone call, said Evan Wolff, a partner at Crowell & Moring LLP.

Now data compromises can diminish the value of a transaction, he said. Suspected theft of sensitive data uncovered through due diligence “becomes a business issue,” he said.

Verizon Communications Inc. last year renegotiated an acquisition proposal with Yahoo Inc.’s board after details emerged about massive hacking incidents. Verizon would ultimately learn all three billion Yahoo accounts were hit.

As a result, Verizon lowered it’s proposed purchase price by $350 million to $4.48 billion.

The company did studies to assess potential reputational harm and future risks, said Craig Silliman, Verizon’s general counsel, speaking at a Wall Street Journal conference in December. “We said, ‘We feel like we have enough clarity that we can put parameters around the risk here and negotiate a deal that effectively compensates us for the risk.’”

Home Depot Inc. performed cyberrisk due diligence before buying retailer The Company Store and tool-rental firm Compact Power Equipment Inc. in 2017, said finance chief Carol Tomé.

“Our plans are basically to integrate these companies,” Ms. Tomé said. Their operations will be moved to Home Depot’s platforms and networks, she said. “So we’re closing down any little holes that the threat actor could take advantage of.”

The company has assessed cyberrisk on potential deals for the past decade, according to a spokesman. Getting breached in 2014 elevated cybersecurity concerns among senior leaders at Home Depot, Ms. Tomé said. Hackers stole email and payment-card information of up to 56 million customers.

Home Depot’s due diligence playbook includes penetration testing, Ms. Tomé said. “We have a heightened sense of awareness in this area and our due diligence is exhaustive.”

Waste Management Inc. doesn’t dedicate a team to cyber issues during the diligence phase. The company instead focuses on the later stage of moving data from the target’s systems into its own, said CFO Devina Rankin.

The company spends $100 million to $200 million a year on garbage and recycling haulers. Legal, finance and digital groups move data about employees at acquired companies, usually within a week of closing the transaction. Customer data is absorbed within one month, she said.

Acquirers sometimes find costly cybersecurity issues embedded in contracts that a target signed with its own customers, said Buck De Wolf, general counsel for General Electric Co.’s global research group. GE has purchased at least 14 companies since 2015, including several small software providers, according to its annual reports.

Small companies hungry for sales might make onerous promises about how they will help and what they will pay for in a data breach related to their products, Mr. De Wolf said, speaking at security conference in December. It can be “a Trojan Horse” when taking on a new company, he said. Reviewing contracts helps GE avoid these problems, he said.

via: wsj

AT&T announced the first handful of cities where it’ll roll out its 5G network later this year. Today at Mobile World Congress, T-Mobile and Sprint did the same.

Sprint’s first 5G networks will go live in Chicago, Los Angeles, Dallas, Atlanta, Washington, DC and Houston.

T-Mobile will fire up 5G in New York, Los Angeles, Las Vegas and Dallas first, promising to have it up and running in 30 cities total by the end of the year.

So what does this mean for you? Right now… not much. Eventually, 5G will mean waaaaayfaster speeds on your various compatible smart devices. How fast, exactly, is still sort of up in the air as telecoms groups nail down and finalize the standards — but it’s fast. Companies have already demonstrated connections upwards of 500 megabytes (not megabits) per second.

The catch: Even if you live in any of the aforementioned cities, you’ll need a 5G-compatible phone to get on that network… and, well, those won’t be available until next year.

via:  techcrunch

More intimate than text but easier to record than video, Facebook hopes voice could get people sharing more on its aging social network. And internationally, where users may have to deal with non-native language keyboards, voice lets them speak their mind without a typing barrier.

Facebook is now testing Voice Clips as a status update option with a small percentage of users in India. First spotted by Abhishek Saxena, Facebook confirms to TechCrunch the presence of the new feature. As a spokesperson tells us, “We are always working to help people share and connect with their friends and family on Facebook in ways that are authentic to them. Voice Clips gives people a new medium through which to express themselves.”

Facebook has spent years struggling to get people to share more unique personal content on the app instead of generic news article links that audiences can find elsewhere, like on Twitter. Original content broadcasting declined 21 percent year-over-year as of mid-2015, and was down another 15 percent as of mid-2016, The Information reported. Original content has shifted to Facebook’s Instagram, but also competitors like Snapchat with its immersive full-screen Stories.

The danger for Facebook is that it becomes a place for drab life events like people getting a new job, and mindless viral link sharing. Facebook has tried to combat this by prioritizing friends in the News Feed, downranking public and news publisher content and introducing its own Facebook Stories feature. Yet still Facebook saw its first-ever decline in U.S. and Canada daily active users in Q4 2017, losing 700,000 — though that was contributed to by new changes that demoted viral videos.

Voice Clips could let people share compelling, deeply personal content even if they’re home and not anywhere interesting, don’t have video capture or editing savvy, aren’t attractive on screen or lack a nice smartphone camera. Making people less self-conscious about what they share is partly why Facebook introduced ephemeral Live broadcasts, and augmented reality masks that cover your face.

Facebook already offers private Voice Clip sharing through Messenger, but the popularity of podcasting has exploded in recent years. If Twitter made blogging into microblogging, perhaps quick shares to the News Feed could let Facebook pioneer micropodcasting.

To access the new feature, users select “Add Voice Clip” from the status update composer menu that includes photo uploads, location check-ins and more. They see a waveform of their voice while they record, and can talk for as long as their device storage allows without a specific limit from Facebook. Users then can preview their clip (but not edit it), and share it to the News Feed where friends can hit play to listen while watching the waveform animation. But unlike some audio apps, users can’t close Facebook and keep listening because technically the clip registers as a video.

It makes sense to start in India, which features 22 popular languages. Typing in a second tongue can be difficult. Last year Google added support for 11 additional Indian languages to its Gboard keyboard app to adapt to the market. Facebook wants to keep growing despite hitting saturation in some of its core Western markets, and India’s population of 1.3 billion is highly appealing.

If the Voice Clips feature proves popular, it could roll out elsewhere, just as Facebook is getting more serious about voice. It’s building a smart speaker code-named Aloha to be released as Portal, Cheddar reports. It’s easy to imagine users dictating Voice Clip status updates to Portal without ever having to open their phone or check that their words were properly transcribed. Facebook wants to encompass all the ways we share, and voice is perhaps our most instinctual communication medium.

via:  techcrunch

Amazon Prime Video just added a heaping helping of reality TV to its catalog, including multiple seasons of Hell’s Kitchen, River Monsters, Whale Wars, Miami Ink, Survivorman, Hoarding: Buried Alive and a whole lot of other shows that have ruined the once sterling reputations of networks like TLC, A&E and others (via Variety).

These shows are pure, unadulterated trash and that’s why I love them all so much. So, so very much. Amazon has effectively ruined me with this addition, since I’m already inclined to both A) binge on streaming services and B) watch the broadcast marathons of most of these shows when they happen to air on their original networks.

The shows I mentioned above were mere highlights, too, and there’s such a rich tapestry of vile, reprehensible “reality fare” that it was hard to narrow it at all. Here’s the full list for your guilty pleasure:

• Hell’s Kitchen” (Seasons 1-15)
  
• “Toddlers & Tiaras” (Seasons 1-9)
  
• “Kitchen Nightmares” (Seasons 1-7)
  
• “Miami Ink” (Seasons 1-6)
  
• “Addicted” (Season 2)
  
• “Man vs. Wild” (Seasons 1-3)
  
• “Survivorman” (Seasons 1-7)
  
• “Hoarding: Buried Alive” (Seasons 4-8)
  
• “What Not to Wear” (Final Season)
  
• “Beyond Belief: Fact or Fiction” (Seasons 1-4)
  
• “Unsolved Mysteries” (Seasons 1-12)
  
• “Forensic Files (20 seasons)
  
• “Most Haunted” (Seasons 1-15)
  
• “My Five Wives” (Season 1-2)
  
• “I Shouldn’t Be Alive” (Seasons 3-6)
  
• “Rich Bride Poor Bride” (Seasons 1-6)
  
• “Inside the Mind of a Serial Killer” (Season 1)
  
• “River Monsters” (Seasons 1-9)
  
• “Whale Wars” (Seasons 1-6)
  
• “Leah Remini: It’s All Relative” (Seasons 1-2)

Now I have to go because I have to watch ALL OF IT. Never tell anyone I told you I like this stuff: That’s our little secret.

via:  techcrunch