This month’s Knowledge Exchange will examine both the benefits and the potential dangers of unregulated Artificial Intelligence on Enterprise resourcing, business IT platforms, sales and marketing strategies and also on customer experience. It will also ask if it is possible to pause AI development to roll out ethical and regulated AI that protects and enhances jobs rather than potentially replace them; protects personal data, privacy, and preferences rather than manipulate it for nefarious reasons and that doesn’t spiral us into a “Terminator” or “Matrix” like future where the machines are in control!
The Good Side of AI
As we discussed in last month’s Knowledge Exchange on Hybrid Cloud, Artificial Intelligence (AI) has some compelling usages for ITDMs especially when it can help tame IT complexity by automating repetitive and time-consuming tasks. It can also be used to learn and write code from past data and be used to autogenerate content and images from multiple sources by mimicking human intelligence and human labour. As the technology develops, there seems to be a whole raft of plug-ins and algorithms that people such as Microsoft’s chief executive, Satya Nadella believes will: “Create a new era of computing.”
Copilot (sic) works alongside you, embedded in the apps millions of people use every day: Word, Excel, PowerPoint, Outlook, Teams, and more…it (sic) is a whole new way of working.
Microsoft 365 head I Jared Spataro
And as corporations and investors are constantly looking at growth, efficiencies and ultimately profit, the lure of AI to support this new paradigm must be insatiable proposition right now, especially as we are seeing a lot of economic pressure from various financial, energy and geopolitical crises.
This is perhaps why, as news service Reuters notes, since the March 2023 launch of Microsoft’s AI “Co-pilot” developer tool, over 10,000 companies have signed up to its suite that can help with the generative creation and optimisation of its Office 365 Word, Excel, Powerpoint and Outlook email software that some commentators are calling “Clippy on Steroids”
Speaking to Senior editor of the Verge, Tom Warren, Microsoft 365 head Jared Spataro said: “Copilot (sic) works alongside you, embedded in the apps millions of people use every day: Word, Excel, PowerPoint, Outlook, Teams, and more…it (sic) is a whole new way of working.”
Microsoft has also invested $1bn into former non-profit, OpenAI a company co-founded by billionaire inventor and investor, Elon Musk who has since left the company to concentrate on his Tesla automotive and SpaceX Aeronautical business. Now a for-profit business, OpenAI, is working on an Artificial Generative Intelligence (AGI) to perform like a human brain.
Microsoft and OpenAI will jointly build new Azure AI supercomputing technologies. OpenAI will port its services to run on Microsoft Azure, which it will use to create new AI technologies and deliver on the promise of artificial general intelligence. Microsoft will become OpenAI’s preferred partner for commercialising new AI technologies,
Microsoft 365 head I Jared Spataro
The partnership will offer Microsoft the chance to not only catch up with Google’s AI developments of late, but also give it more muscle for AI development due to its combination of resources and hardware combined with the researchers and developers at OpenAI, according to industry watcher, TechGig it noted:
“Microsoft and OpenAI will jointly build new Azure AI supercomputing technologies. OpenAI will port its services to run on Microsoft Azure, which it will use to create new AI technologies and deliver on the promise of artificial general intelligence. Microsoft will become OpenAI’s preferred partner for commercialising new AI technologies,” according to an official Microsoft statement.
Back in November 2022, OpenAI launched its much lauded and controversial text generator ChatGPT, ahead of rivals Google that launched its rival Bard text generator product later in February 2023. Until then, Google had been largely considered at being ahead of its rivals by integrating AI tools into products such as its search engine, something Microsoft also started to implement into its Bing search engine in February. But unlike ChatGPT, Bard is still not available or supported in most European countries.
As the AI ‘arms’ race heated up in April this year, Google launched a raft of tools for its email, collaboration and cloud products, according to Reuters, that reported Google had combined “Its AI research units Google Brain and DeepMind and work on “multimodal” AI, like OpenAI’s latest model GPT-4, which can respond not only to text prompts but to image inputs as well to generate new content.”
And there certainly seems a tsunami of AI development projects that are either in development or planned to be rolled out from seemingly all collaboration, content, cloud, data and security vendors that can see the potential that AI could do to enhance current offerings and workflows. As we examined in March’s Knowledge Exchange whitepaper, adding AI to Cybersecurity applications to prevent increasing vulnerability and sophistication of attacks, including AI generated malware, was one of the main hopes and priorities of ITDMs for 2023 and beyond.
In other applications of AI, from a customer user experience point of view, having the ability to generate not just content but localised or personalised content is also very attractive for companies to generate Website content, emails and sales and marketing communications, because they don’t require hundreds of content and digital specialists to create it. For example, in the UK, Press Association (PA), has recently launched its Reporters And Data and Robots (RADAR) service to supply local news media with a mixture of journalist generated content and AI generated content to supplement their local coverage.
This venture is beneficial for local areas that have seen local news coverage drop in favour of centralised national news coverage and shines a light on how AI and Human intelligence can be combined to create quality content. And from a marketing point of view, the ability to generate personalised emails by AI using data from multiple sources would seem like discovering the Holy Grail. Imagine a scenario where AI looks at intent data from a customer Ideal Customer Profile list to see who is currently in market for a product or service by analysing what content a company or individual might be consuming. Using some predictive analysis, autogenerated content could be used to nurture those companies or individuals to a point where more predictive analysis could be deployed to analyse where they are in the purchasing process and create content accordingly. Or it could be used send invitations to follow up with a sales person or drive people to a website where there are AI enhanced chatbots that can gather yet more information about a product or service requirement in more of a conversational style, as Cloud giant AWS is developing:
Businesses in the retail industry have an opportunity to improve customer service by using artificial intelligence (AI) chatbots. These solutions on AWS offer solutions for chatbots that are capable of natural language processing, which helps them better analyse human speech.
By implementing these AI chatbots on their websites, businesses can decrease response times and create a better customer experience while improving operational efficiency.
Lastly, from a sales and business development point of view, having AI enhanced tools to generate less cold call intros and help with following up with more personalised and less generic emails is also a compelling application of AI in the lead and pipeline generation space.
With increasingly leaner SDR and BDR teams, it is often difficult for companies, especially start-ups, to get sales staff up to speed on complex IT solutions. But having a product matter expert involved in the modelling of AI algorithms that can enhance conversational email and follow up allows the BDR/SDR not only achieve the right messaging but also allows them to manage and communicate with more potential leads.
The bad side of Artificial Intelligence
As a species, humans have always seemingly developed tools, products, medicines, industries, and societal frameworks that have the potential either help or harm society. But more recently we’ve really accelerated the ability for our tools to impact our world for better or worse.
But often, we are too distracted by the “wow isn’t that cool” part of technology before we think: Should we be doing this? What are the down sides? Who is regulating this? What are the long-term impacts. Can we stop it if we have to?
AI systems with human-competitive intelligence can pose profound risks to society and humanity, as shown by extensive research and acknowledged by top AI labs. As stated in the widely-endorsed Asilomar AI Principles, Advanced AI could represent a profound change in the history of life on Earth, and should be planned for and managed with commensurate care and resources.
Pause Giant AI Experiments: An Open Letter
And while we marvel at dancing robotic dogs from Boston Dynamics or AI infused technology into computer generated imagery and text there are many leading tech and industrial figures that are worried of the implications of rapidly evolving, unregulated AI upon businesses and society at large. They are very worried.
Before his death, eminent physicist, Stephen Hawking, forewarned that AI could help to end the human race. And in March this year, Elon Musk, who has started his own AI company and a whole host of tech leaders put their signatures to an open letter to the Tech industry to “pause giant AI experiments” for at least 6 months and not surpass any technology that exceeds frameworks like ChatGPT 4. The letter at the time of writing had nearly 30K signatures.
To read on and gain full access to exclusive Knowledge Exchange insights and analysis
In part one of our cybersecurity and digital transformation blog series, we set out the importance of keeping security needs at the forefront of any digital strategy. This installment will present the most common cybersecurity threats that businesses are faced with.
Cybersecurity threats come in various forms from different sources, and can be defined as either passive or active, attacking both operating systems and hardware.
Passive Threat & Active Attacks
Passive cybersecurity threats are attacks which does not harm a company’s system directly, but information is obtained which may be sensitive data. A hacker will attempt to remain unnoticed while gathering information about the victim’s machine, network, or other systems.
An active attack encompasses a wide range of different techniques that jeopardises a system’s integrity and availability. This type of attack poses a threat to both the organisation and individuals where a hacker attempts to directly modify resources. Unlike a passive attack, these breaches are more easily identified.
Common passive attacks:
Phishing – A common, but effective type of attack typically carried out via email. It is designed to steal users’ credentials and trick them into installing malicious software on their device. Over time, phishing attacks have evolved into more sophisticated and efficient tactics, with attackers frequently utilizing authentic-looking credentials to increase their success rate.
Cyber espionage – Where a hacker accesses, steals, or exposes classified data or intellectual property with malicious intent which can lead to damaging consequences. Common methods include advanced persistent threats (APT), social engineering and spear phishing.
Data packet sniffing – Similar to wiretapping, packet sniffing allows anyone to eavesdrop on computer conversations. An attacker will install hardware or software to monitor, collect and analyse data sent over a network.
Common active attacks:
Malware – any malicious software which aims to cause disruption or damage a computer, server, or network. Devices can be infected through simple means such as clicking on a suspicious link, but it can allow the hacker access to personal and sensitive information.
Denial of Service (DoS) – An attack carried out by bots designed to flood an organisations system with fake requests, therefore blocking legitimate requests. This type of attack both seriously effects company resources and damages infrastructure.
Domain spoofing – This is another form of phishing where an attacker impersonates a known business or person by using a fake web or email domain hoping to fool people into trusting them as at first glance they often look legitimate. However, users can be tricked into revealing sensitive information, sending money or clicking malicious links.
Cyberattacks can affect both operating systems and hardware, creating challenges for businesses who wish to fortify their infrastructure against cybersecurity threats. This can create even greater challenge for smaller businesses who are trying to manage this with limited resources. The third installment of this blog series will discuss the challenges caused by these security breaches.
As digital transformation introduces new, and ever evolving technology to small business IT infrastructure, it is inevitable that an organization’s potential attack surface grows, introducing more cybersecurity challenges.
As they try to navigate a wide range of potential threats, small businesses can struggle to distribute the right resources to ensure they stay safe, meaning they are vulnerable to various cybersecurity challenges such as:
Secure back-up and recovery of data
Detection and response to threats and vulnerabilities
Supply chain integrity
Manage security activities 24/7
Secure back-up and recovery of data
One major cybersecurity challenge that small businesses face is the secure back-up and recovery of data. Companies must have adequate systems in place to ensure that their data is securely backed up and recoverable in the event of damage or corruption.
Data-driven companies, in particular, must protect their information from sophisticated ransomware attacks. As small businesses increasingly include multi-cloud and on-premise storage of data in their IT infrastructures, cyber resilience is essential to ensure business continuity in the event of a data loss.
Detection and response to threats and vulnerabilities
The vulnerability of cybersecurity breach above and below a company’s operating system will inevitably increase as the business grows. Threats can present themselves in various forms with the intention of accessing, changing, destroying, or deleting information without authorized access.
Supply chains are a multi-party ecosystem. Businesses rely on advanced technology to support connectivity and sophisticated logistics networks. However, this technology is also vulnerable to attacks, threatening the integrity of supply chain systems. It is vital to maintain the security of the supply chain eco-systems to avoid operational disruptions, lost revenue, jeopardized data, reduced productivity and potential brand and reputation damage.
Technology supply chains can also be infiltrated with counterfeit devices that have been tampered with. IT teams work hard to secure their infrastructure, but this is a futile activity if a third party does not maintain their defence along the supply chain. Businesses must ensure devices and their components are safe to deploy using secure verification.
Manage security activities 24/7
With cyber-attacks posing a threat at any time of day, businesses must remain vigilant around the clock. However, companies often face the challenge of not having the necessary resources in house to physically monitor their networks continuously.
As threats continue to increase in frequency and complexity, efficient threat detection systems are essential in identifying and preventing attacks before any damage can occur. This can mean having to invest in outsourced services to ensure networks are monitored 24/7.
Small businesses face numerous cybersecurity challenges in the ever-changing landscape of digital transformation. To ensure their safety, companies must prioritize cyber resilience and invest in efficient threat detection systems. By doing so, they can protect their data, maintain supply chain integrity, and prevent cyber-attacks from disrupting their operations. In the fourth and final blog in this series we will lay out the steps you can take to improve your security measures to keep your infrastructure safe.
Part fourwill conclude this blog series by detailing the steps needed to implement practices that best address your cybersecurity challenges.
Author: Maya Horowitz, VP Research at Check Point Software Technologies
“In 2022, the proportion of email-delivered-attacks has increased, reaching a staggering record of 86% of all file-based attacks in-the-wild.”
“The Russia-Ukraine war demonstrated how traditional, kinetic war can be augmented by a cybernetic war. It has also influenced the broader threat landscape in the rapid changes of hacktivism and how independent threat actors choose to work for state-affiliated missions.
The war has also seen enhanced usage of wiper malware, malware that intends to erase or wipe data of the drive it infects, and this trend has been adopted by several actors, reaching a point where 2022 has seen more wiper attacks globally, than in the previous decade altogether.”
In 2021 systems and software giant, IBM Security found that over half of SMBs had experienced a cyber-attack largely as the result of the pandemic where new hybrid working models were introduced or with the increased migrations to cloud infrastructure.
IBM notes that 40% of SMBs do not have comprehensive and updated cyber-security incident plan. Other findings of the IBM research found that or companies with less that 500 employees the cost of an average Cyber breach was around $3m per incident.
This month’s Knowledge Exchange white paper on emerging and existing Cyber Security threats will examine why ITDMs and Business Leaders are extremely worried about a ‘catastrophic cyber event’ that could have more of a societal impact than Covid-19 in next few years, and what ITDMs can do today and longer term to mitigate those risks.
It may be pure co-incidence, but it was certainly chilling to see that in a matter of weeks after the World Economic Forum’s (WEF) 2023 annual summit in Davos, Switzerland that warned of a total “grid down” scenario caused by a ‘catastrophic cyber event;’ a mysterious high-altitude balloon was seen floating across America.
And while many in the mainstream media have quickly judged this and subsequent other balloons to be a surveillance or spy balloons, other commentators claim that most state sponsored espionage is done via satellites1 and that this vehicle has potentially a more sinister capability: The ability to activate an electromagnetic pulse or EMP at high altitude (HEMP) using a smaller lighter nuclear payload.
Therefore, if the balloon was carrying an EMP device or was just a drill to test the detection and response time of such devices, at the sort of altitude the vehicle was flying it would have a greater geographical reach than a ground detonated device and could have knocked out a big chunk of the infrastructure it was flying over.
A grid down scenario would make Covid’s impact seem like, ‘a small disturbance’
Klaus Schwab, founder of the WEF.
he result would be an instant shut down of power, communication, finance, and business systems that would have a devastating effect to emergency services and supply chains that could tip society into chaos in a matter of days.
A grid down scenario would make Covid’s impact seem like, ‘a small disturbance,’ according to Klaus Schwab, founder of the WEF.
President of the Centre for American Defence Studies, Paul Crespo also confirmed the high-altitude vehicles could be a trial run for a cyber-attack using a balloon-mounted weapon.
“While China has tested hypersonic missiles launched from balloons in the past, that isn’t a likely use for these airships."
“The biggest threat is sending one or more of these high-altitude balloons over the US with a small nuclear EMP device.”
While we hope the vehicle may be nothing more than a ‘weather balloon,’ with rising geopolitical tension between the US with China2, over Taiwan, tensions with Russia, over Ukraine; an increasingly unstable regime in Iran and a reescalation of tension with North Korea, the usage of EMP enabled weapons for a global pre-emptive strike seems alarmingly possible.
Military strategists at these countries may be in favour of a high-altitude pre-emptive HEMP strike over a conventional full blown nuclear attack as it limits immediate death, radiation fall out and keeps the infrastructure intact, albeit broken, that can be repaired in time.
Author: Maya Horowitz, VP Research at Check Point Software Technologies
“In 2022, the proportion of email-delivered-attacks has increased, reaching a staggering record of 86% of all file-based attacks in-the-wild.”
“The Russia-Ukraine war demonstrated how traditional, kinetic war can be augmented by a cybernetic war. It has also influenced the broader threat landscape in the rapid changes of hacktivism and how independent threat actors choose to work for state-affiliated missions.
The war has also seen enhanced usage of wiper malware, malware that intends to erase or wipe data of the drive it infects, and this trend has been adopted by several actors, reaching a point where 2022 has seen more wiper attacks globally, than in the previous decade altogether.”
In 2021 systems and software giant, IBM Security found that over half of SMBs had experienced a cyber-attack largely as the result of the pandemic where new hybrid working models were introduced or with the increased migrations to cloud infrastructure.
IBM notes that 40% of SMBs do not have comprehensive and updated cyber-security incident plan. Other findings of the IBM research found that or companies with less that 500 employees the cost of an average Cyber breach was around $3m per incident.
The first three blogs of our cybersecurity and digital transformation series focused on the threats and security challenges faced by businesses when implementing a digital transformation strategy. In this concluding installment we will lay out the steps you can take to protect your company from potential attacks.
How can businesses reduce the risks of cyber-attacks?
SMBs face a significant risk of cyber-attacks and security breaches. Businesses can take this steps to improve cybersecurity practices. A single attack can cause irreparable damage to the business. Therefore, it's essential for businesses to establish robust security practices to mitigate security threats to their infrastructure and organization. In this fourth and final installment of our cybersecurity series, we will lay out the best ways to tackle these challenges and threats.
Preparing your business for potential security breaches may seem daunting, but there are many steps you can take to improve your security measures. Here are some ways to improve your business's cybersecurity practices:
• Back up your data on the cloud:
Backing up your data on the cloud is an easy and secure way to ensure that your data is safe and accessible even in the event of hardware failure or corruption. Cloud storage is less susceptible to theft or damage than physical on-premise devices as cloud service providers offer firewall protection, making it a safer choice for data storage. Public and private cloud options are available to businesses of all sizes, and data can be accessed from anywhere with an internet connection.
• Implement access controls:
Access control policies limit access to your business's critical assets. Avoid sharing user IDs for accessing systems and data. Instead, use unique IDs and login credentials to make it easier to track who is accessing your resources. Implementing automated Identity Access Management (IAM) systems helps streamline this task and eliminates a large amount of risk.
• Thoroughly train employees in best practices:
Humans are often the weakest link in the cybersecurity chain. It is essential that your employees and adequately trained in your more updated security procedures. They need to be equipped with the knowledge and skills to be able to identify and avoid potential threats. Without this, they may be more likely to fall victim to sophisticated phishing attacks, and unintentionally expose the company’s data or put it at risk of an attack.
• User Authentication:
User authentication is the process of verifying the identity of a user before they are granted access to a system or application. Multi-factor authentication creates a layered security system that requires employees to use a randomly generated one-time code sent via SMS or email in addition to their password to verify their identity. This type of security system protects your data by preventing unauthorized third-party users from gaining entry to business systems and websites.
• Implement a Managed Detection and Response (MDR) service:
Small businesses and their IT security teams can struggle to keep pace with their growing volume of technology and threats. A Managed Detection and Response (MDR) service is a cybersecurity service that combines high-end technology with human expertise to rapidly identify and limit the impact of cyber threats without the need to hire additional staff. This service monitors your systems and applications 24/7 to detect and respond to any security incidents.
Final Thoughts
In conclusion, improving your business's cybersecurity practices is essential to safeguarding your data and ensuring the continuity of your business. By implementing these security measures, you can help protect your business from cyber threats and avoid the devastating consequences of a security breach.
We use our own and third-party cookies to analyze our services and show you advertising related to your preferences based on a profile drawn up based on your browsing habits (for example, pages visited).
You can obtain more information and configure your preferences following this link.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Third-party cookies
We use our own and third-party cookies to analyze our services and show you advertising related to your preferences based on a profile drawn up based on your browsing habits (for example, pages visited). You can obtain more information and configure your preferences following this link.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
