Fighting Exploitation Via Blockchain and Coke

Coca-Cola, the US State Department, and 2 other companies are working on a project to used blockchain to fight forced labour worldwide.

What Is Blockchain?

Blockchain is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes Blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

Forced-Labour

The International Labour Organisation estimates that there are nearly 25 million people working in forced-labour conditions worldwide, and 47% of them in the Asia-Pacific region.

The kind of work where there is known to be forced-labour varies, but many are engaged in work that contributes to products for food and beverage e.g. forced-labour in countries where sugarcane is produced.

A KnowTheChain (KTC), a partnership founded by U.S.-based Humanity United, showed that most food and beverage companies could be doing more solve the problem.

Coca-Cola Committed

As part of a new partnership, Coca-Cola has now committed to conduct 28 country-level studies on child labour, forced-labour, and land rights for its sugar supply chains by 2020.

Blockchain

Blockchain’s validation and digital notary capabilities are being used in the new project to create a secure registry for workers and their contracts. The project, involving Trust Accelerator (BTA), a non-profit organization, the US State Department, Coca-Cola, and U.S.-based Humanity United, will use blockchain to create a validated chain of evidence that will encourage compliance with labour contracts.

US tech company The Bitfury Group, will build the blockchain platform, while Emercoin will provide blockchain services.

Blockchain Used To Reduce Child Labour Too

Earlier this month it was reported that blockchain is also being used in a pilot project between car-maker BMW and start-up Circulor with a view to eliminating battery minerals produced using child labour. In that project, blockchain is being used to help provide a way to prove that artisanal miners are not using child labour in their cobalt mining activities. Bags of cobalt are given a digital tag which can be entered into blockchain using a mobile phone. The details of the digital tag can then be entered by each link in the chain of buyers, thereby providing a clear, verifiable trail, all the way from miner to smelter.

What Does This Mean For Your Business?

The new project involving Coca-Cola is another example of how blockchain is being used to ethically add value, genuinely reduce suffering and exploitation, and shows how this new technology can deliver social impact. One of the strengths central to blockchain is that it offers an incorruptible and transparent system that can provide a much greater, and more reliable level of proof that something has happened in the correct way in a value chain. Many different types of businesses can use blockchain to categorically prove a certain source and route for e.g. delivery, raw materials or production. This is proving to be particularly valuable to businesses where provenance is necessary to add to the monetary, ethical or other value of a product, service, and brand.

Tech Tip(s) – Browser Security

Your Internet browser is one of your most-used applications, so it makes sense that you should make yours as secure as possible. Here are a few tips to help you do just that :

  • Use browsers that have built-in protection features such as Chrome, Firefox, Apple and Safari.
  • Utilise the security settings on your browser. Look under advanced settings, and select Privacy and Security e.g. restrict your device from visiting dangerous sites.
  • Use private / incognito browsing to avoid tracking.
  • Consider deactivating ‘ActiveX’. This add-on acts as a middleman between your PC and Java/Flash-based interactions in certain sites, thereby potentially creating security problems by giving malicious websites a window into your PC.
  • Consider disabling ‘JavaScript’. As well as making browsing quicker and simpler, this can stop cyber criminals from using JavaScript in malicious ways in order to infect your device.
  • Delete Cookies. Although they can be helpful for remembering accounts and passwords, they can also be targeted by cyber criminals because of the information they contain.
  • Beware of some browser extensions and add-ons. Even though they can add extra functionality, they can also pose a security risk as they can be exploited to inject malware.

As always (e.g. with cookie or javascript usage), it’s a case of weighing up benefits of functionality against potential risks and exploits. The more ‘stuff’ you have open/running … the more that can (potentially) go wrong.

Voice Recognition ‘Sexist’

Delip Rao, CEO and co-founder of start-up R7 Speech Sciences has brought the issue back into the spotlight that voice recognition systems struggle more with female voices.

Not New

The issue has been known about for some time and has been brought into sharper focus with the popularity of voice-activated digital assistants like Apple’s Siri, or Amazon’s Alexa, or Google Home.

Why?

According to Linguistics experts, the key problem is that females have higher pitched voices than males, and they tend to be quieter and sound more “breathy” when they talk.

With speech for example, Mean Fundamental Frequency (Mean FO) can be expressed as a number around which vocal tones are spread. The FO for men is around 120Hz, but for women it is much higher at 200Hz.

MFCCs

Also, another problem for voice recognition systems comes when they try to process words and sounds into MFCCs (Mel-frequency cepstral coefficients). The voices of women are known to give a less robust acoustic signal, and this signal can be easily masked by noise. These two challenges also make things more difficult for speech recognition systems.

Lack of Diverse Training

Since speech recognition systems also rely on an AI element, they require training to become more used to recognising certain vocal characteristics. Linguistics experts, therefore, also believe that a lack of diverse training examples of the speech of women may also be a contributing factor to the problems encountered by current voice recognition systems.

Gender Biases As A Result

Some commentators are, therefore, predicting possible worsening gender biases problems with voice recognition systems if these issues are not tackled.

Experts have pointed out the importance of training systems using equal proportions of men and women to avoid the problem of them being very good at recognising male data and very bad at recognizing female data.

Ethnic Mix

The same experts have also highlighted potential biases based on ethnicity if voice recognition systems aren’t trained using a wide ethnic as well as gender mix.

What Does This Mean For Your Businesses?

With digital assistants now in the workplace in computer systems (e.g. Alexa for Business),and with AI bots being used e.g. to handle customer service systems (with a voice element), it’s important that women and / or certain ethnic groups are not at a disadvantage when using the systems.

The problem is known about now, and companies should, therefore, be taking action to make sure that voice recognition systems work well for all demographics, and deliver equality as part of their value.

Accountants To Use AI For The ‘Boring’ Stuff

A study by Sage that identified how 83% of clients would like their accountants to extend their services has seen 50% of accountants looking to solutions like AI to allow them to free up the necessary time to do so.

Off-Load Repetitive Tasks To AI

With accountancy clients looking for consultancy and advice (42%) as well as traditional services, half of the 3,000 accountants involved in the Sage study appear to be happy to consider AI and automation technology solutions to handle the workload of repetitive tasks such as number crunching, data entry and diary management.

Likely To Invest

The president of AI at Sage, Kriti Sharma, has been reported as having recognised that although AI is currently viewed as an automation tool by accountants, more are likely to invest in AI in the coming years as an important, lower cost way to scale their operations.

For example, AI could be used to review millions of transactions and spot anomalies, and even make recommendations. This would normally be something that would be done manually. AI could, therefore, significantly decrease costs and make accountants more time-rich, thereby enabling them to develop and sell new services.

Many Industries Adopting AI

Accountancy is certainly not the only industry beginning to realise and unlock the potential of AI. For example:

  • Some legal firms are already using AI to assemble, process and read certain types of documents.
  • AI ‘cognitive technology’ is being used to answer customer questions for customers in many areas of services.
  • In banking e.g. Nat West, AI software is being used to offer consumers an investment advice service. Also, for Royal Bank of Scotland (RBS) automated financial advice services have allowed the bank to reduce face-to-face adviser jobs by 220. As far back as 2016, RBS and NatWest introduced their virtual customer service technology in the form of the ‘Luvo’ chatbot from IBM Watson.
  • The AI The chatbot, called ‘DoNotPay’ (originally launched in March 2016 by British student, Joshua Browder), made famous for providing legal advice that led to a reported 375,000 claims against parking tickets, was then modified so that it could automatically sue Equifax for $15,000 per claim in the wake of a hack and data breach.

What Does This Mean For Your Business?

The adaptability and capacity of AI to learn and tackle even complicated tasks (in April last year an AI program beat the world’s leading poker players in a 5-day competition), means that it has huge business potential. Deploying AI e.g. to tackle repetitive tasks and free-up time in accountancy is just another example of how this technology can be used to add value, save costs, help meet changing customer needs, allow the cost-effective scaling of businesses, and improve competitiveness.

Even though AI appears to be advancing at a fast rate, we really haven’t seen anything yet as regards its true potential.

Eight New Cyber Threats Every Second

The latest McAfee Labs threat report shows that in the last quarter of 2017, organisations faced 8 new cyber threats a second as there was an 18% increase in the number of reported security incidents across Europe.

478 New Cyber Threats Every Minute

The report makes worrying reading as businesses and organisations try to secure their online and data security systems in preparation for the introduction of GDPR.

The McAfee Labs report shows an 18% increase in the number of reported security incidents across Europe with a specific focus the on adoption of newer tools and schemes, such as fileless malware, cryptocurrency mining and steganography.

Cytptocurrency Mining

The rocketing value of the cryptocurrency Bitcoin led to a big increase in cryptocurrency mining / cryptojacking in the last quarter of 2017. For example, cryptojacking involves installing ‘mining script’ code such as Coin Hive into multiple web pages without the knowledge of the website owners. The scammer then gets multiple computers to join their networks so that the combined computing power will enable them to solve mathematical problems. Whichever scammer is first to solve these problems is then able to claim / generate cash in the form of crypto-currency.

Also, at the end of 2017, ransomware operators were found to be hijacking Bitcoin and Monero wallets using Android apps developed exclusively for the purpose of cryptocurrency mining. Many criminals appear to have favoured Litecoin over Bitcoin because there was a lesser chance of exposure.

Fileless Malware Attacks

Another trend uncovered by the McAfee Labs threat report was the adoption of fileless malware and abusing Microsoft PowerShell, which showed a 432% surge over the course of 2017.

Fileless malware involves hijacking tools that are already built-in to Windows rather than installing software on a victim’s computer. It is designed to work in-memory (in the computer’s RAM) and is, therefore, very resistant to existing anti-computer forensic strategies, and is difficult to detect.

The MacAfee report showed a huge 267% growth in the use of the new PowerShell malware. Powershell is a legitimate tool (scripting language) that is built-in to Windows, and provides access to a machine’s inner core, including Windows APIs. This is why it has become a favoured route for fileless malware attacks.

Increase In Attacks On Healthcare

One other disappointing trend uncovered in the McAfee Labs threat report is the dramatic 210% overall increase in incidents against healthcare organisations in 2017. It is believed that these attacks were facilitated by organisational failures to comply with security best practices, or to address many known vulnerabilities in medical software.

What Does This Mean For Your Business?

The report highlights how businesses now face risks on an unprecedented scale, and how, particularly with GDPR on the way, businesses need to prioritise cyber and data security. A collaborative and liberalised information-sharing approach should be taken to improve attack defences and combat escalating asymmetrical cyber warfare.

Cyber-criminals always try to combine the highest returns in the shortest time with the least risk. This is why tactics like cryptojacking, stealthy fileless PowerShell attacks, and attacks on soft targets such as hospitals have become so popular over the last year.

New threats for this year, such as cyber-criminals developing botnets exploiting the Internet of Things (IoT) will pose more challenges to businesses and the security industry.

New Threat From Fileless Powershell Exploits

Businesses now face the growing threat of fileless hacking and fileless malware attacks facilitated by the PowerShell scripting language that is already built-in to Windows.

Surge Reported

The latest McAfee Labs threat report shows what an emerging and dangerous threat the exploiting of the PowerShell scripting language has become. Taking the last quarter of 2017, the adoption of fileless malware via Microsoft PowerShell showed a 432% surge.

How Does It Work?

Microsoft PowerShell is a scripting language that’s built-in to the Windows OS. Its main legitimate uses include running background commands, checking services installed on the system, terminating processes, and the managing configurations of systems and servers.

The Microsoft PowerShell scripting language provides access to your computer’s inner core, including unrestricted access to Windows APIs. Also, because it is a legitimate part of your computer’s Operating System, any commands it executes are usually ignored by security software, and it provides no signature for antivirus software to detect. Another crucial aspect of Powershell is that it can run remotely through WinRM. For these reasons, it has become an ideal route for cyber-criminals.

Controlling Computers Using Powershell

A hack via Powershell involves attackers getting to PowerShell remotely through WinRM, enabling them to get through Windows Firewall, run more PowerShell scripts complete with admin control. Even if WinRM is turned off, it can be turned on remotely through WMI using a single line of code.

Also, through Powershell, once an attacker obtains a username and password for one computer, the path to complete compromise of the whole enterprise system is laid open.

Recent Fileless Malware Attacks

It has been reported that PowerShell malware arrives via spam email, and it is the embedded code in the email that contains the PowerShell commands. This code usually contains instructions to download another payload to carry out the primary malicious activity.

The McAfee Threat report shows how recent attacks have used Powershell to download malware of the Bartallex (.bat and .vbs files) and Dridex families onto the systems of victims in what are now popularly known as fileless malware attacks.

What Does This Mean For Your Business?

The combination of PowerShell providing legitimate access to computer’s and its subsequent ability to be ignored by security software, as well as the ability to run it remotely through WinRM make it a low risk, low cost and potentially and potentially high return tactic for cyber-criminals. This means that fileless hacks and fileless malware attacks are now a serious and present risk to businesses and organisations of all kinds.

The stealth factor, plus the fact that it goes under the radar of normal antivirus software makes detection very difficult. The one clear chance to stop it appears to be not opening the malicious email that contains the code that begins the attack. Companies and organisations need to make sure that all staff are trained to recognise and resist social engineering tactics, and to be made aware of the risk of downloading and installing applications that they do not understand or trust.

UK Economy Could See £26bn From Rural Digital Investment

A study has revealed that greater investment in digital technologies and connectivity in rural parts of the UK could add between £12bn and £26.4bn annually to the British economy.

Digital Strategy and Investment Needed

The study, which was commissioned by Amazon and conducted by think tanks Rural England and Scotland’s Rural College (SRUC), showed that the rural economy is already worth £299bn in gross value add (GVA) to the national economy.

The report argues that a government-led digital rural strategy coupled with investment could unlock the potential of businesses in rural areas, and could increase business turnover by £15bn.

Concerns & Challenges

The report found that business owners in rural communities have many of the same concerns as larger businesses in more built-up areas. For example, four in five rural business owners saw digital tools and services as being important to their growth potential, and better access to cloud computing as being the biggest driver for their future growth.

Other perceived growth catalysts in the reports were by 5G mobile networks (54%), the IoT (47%), and machine learning and artificial intelligence (AI) (26%). Export businesses in the retail, tourism, and hospitality industries also identified e-commerce tools as being potential growth drivers.

The main perceived challenges to growth in rural businesses were identified in the report as being access to broadband and other forms of connectivity, and skills shortages (52%) e.g. recruiting people with appropriate skills, or retraining existing workers.

Recommendations

Amazon, who commissioned the report, has offered its own recommendations for public and private sector businesses, based on the results. These include:

  • The establishment of Digital Enterprise Hubs in rural towns to help (small) businesses with connectivity, workspace and training, and collaboration between employees and education / training or re-training providers.
  • The setting up of a single information portal to streamline digital support services.
  • The setting up of a single information portal and local directories to give guidance to businesses on digital resources.
  • Encouraging local, rural businesses that are already lucky enough to have and use superfast broadband services to encourage their peers to do the same.
  • Prioritising investment in connectivity and digital tools for rural businesses.
  • Making support for digital growth a key objective in future rural business support programmes.
  • The government encouraging large technology-driven firms to implement policies focused on digital adoption in rural areas that provide support for smaller businesses.

What Does This Mean For Your Business?

If you run a business in a rural area, you are likely to recognise the challenges outlined in the report and to welcome many of the ‘quick win’ recommendations that Amazon has made, plus the fact that this report has put rural digital business challenges back in the media spotlight.

Given a high priority, and the right level of government support and investment, there is no doubt that early-adopter rural businesses could be big contributors to the UK economy, and could compete with global competitors.

Many commentators, however, see this vision as still being some way off, partly because of the time that it will take to get high-speed broadband connectivity to all rural areas, let alone towns in the UK. For example, despite full fibre broadband pilots already being operated as part of the UK’s National Productivity Investment Fund, the reality is that the UK may still only actually have 7% full fibre coverage by 2020.

Tech Tip – Windows 10 – Using The ‘My People’ Feature

The ‘My People’ feature in Windows 10 provides a handy way for you to access all your favourite contacts from your taskbar using the inbuilt settings and account that is linked with the email that you have used in your Windows.

Here’s how to activate the feature:

1-Check whether your taskbar has the “people” icon there or not.
2-If it’s not there, click on the “Settings” icon on your windows and then select “personalise“.
3-Click on the option taskbar and activate the option “Show contacts on the taskbar“.
4-Click on the people icon on your taskbar, and then click on the option “Get started” to make the ‘my people’ panel appear.
5-Select the apps that you want to integrate with to get the contacts (these apps will be displayed).
6-Once you have selected the account, click on “Find people and add” and then select the people you want to add to your taskbar.
7-You can then add multiple contacts in your taskbar, and also pin and unpin them from the taskbar.

Facebook Ads That Target Your Beliefs

In a new trial involving a small number of users in the UK, Facebook has said that it will be testing the targeting of adverts based on users’ specific political and religious beliefs.

Why?

According to Facebook, the trial will help the social media platform to process and manage its customer data, so that it will be in a better position to ensure compliance with GDPR when it comes into force in May this year.

The severity of the fines associated with the enforcement of GDPR for large companies such as Facebook e.g. a fine for a breach of up to €20 million or 4% of their global annual turnover, whichever is greater, is likely to be a big motivator behind a trial that could improve how Facebook processes and stores data.

How Could Targeting Adverts This Way Be Of Help?

The trial appears to be using adverts for consenting participants to focus on testing and improving how the company handles the required greater consent from data subjects that GDPR will bring, and to ensure that sensitive data is better protected.

One other important result of the trial will be to enable the testing of facial recognition. Facebook is exploring how it can successfully give users an opt-in for facial recognition, which will form part of a measure to stop online impersonations by informing users whenever their faces have been used elsewhere on the site.

The Trial

It has been reported that the trial will work by first asking a number of UK users for permission to allow advertisers to target them on the basis of their political and religious beliefs, and their listed interests.

It is understood that Facebook will also ask users whether they are happy for their public information that identifies them (e.g. their faith and politics) to remain visible for everyone and, if permission is given, Facebook will provide an opt-in for allowing the information to be used to personalise content, and also act as one of the signals for relevant suggesting ads. This will include targeted advertising based upon things like politics, sexuality and faith.

Worries

Some people have expressed fear that opting-in to elements of the trial could enable extremists to use targeted advertising for recruitment propaganda. Facebook has denied this.

What Does This Mean For Your Business?

This story is more proof that the seriousness of the implications of GDPR is hitting home, particularly with those companies that stand to lose in a big way if they are found not to be compliant. Although the subject of targeted advertising is an emotive one that can make us feel a bit uneasy as Internet users in terms of privacy, it is at least good news that this Facebook trial could lead to better protection of our personal data by a platform that arguably knows more about us than most.

With X-day now past this story should be another reminder that its time for companies everywhere to think about double-checking that their own systems and procedures will be GDPR compliant.

Location Based Marketing … Creepy?

MoviePass CEO, Mitch Lowe, has caused controversy by telling the Hollywood audience at the Entertainment Finance Forum that his MoviePass app can track and gather information about users before and after their trip to the movies.

What Is MoviePass?

MoviePass, based in New York, offers a service whereby, for a flat monthly fee ($9.95 per month), users can go and watch unlimited number of movies in cinemas, with some restrictions. It could be described as a kind of Netflix for moviegoers.

Location Tracking

According to the MoviePass CEO, the company’s app has location-tracking built-in. What some commentators have described as ‘creepy’ though is that the app can track your movements long before and after you’ve been to watch a movie.

Why?

What MoviePass prefers to call ‘location-based marketing’ is reportedly being used to improve the customer’s experience of the service and create more opportunities for subscribers to enjoy all the various elements of what the company thinks make up a good movie night. The company says that by tracking customers and gathering data along the way, it can “create a full-featured movie-going experience”.

How?

The big idea is that subscribers may want refreshments before or after the movie, and may have to travel some distance to the cinema. By knowing a subscriber’s location and route, MoviePass can then, via the phone app, give the subscriber details like discounts on transportation, finding places to park nearby, coupons for nearby restaurants, and other similar opportunities.

What Kind Of Data Is Gathered?

According to online reporting of CEO Lowe’s speech, as well as your location, the MoviePass app is also capable of gathering “an enormous amount of information,” which includes your address, which Mr. Lowe says can be used for demographic information.

Criticism

What MoviePass may see as a kind of personalised, helpful marketing idea, critics appear to see as a potentially dangerous invasion of privacy that could have security consequences for MoviePass subscribers.

What Does This Mean For Your Business?

Using new technology to improve marketing and customer experiences is all very well, but the point here is that customers need to be informed exactly what happens to their data, what is collected by the app, how it’s stored and for how long. This will enable them to make an informed choice, give consent, or decline. In a time when cyber-crime and data mismanagement and theft appear to be rife, customers value their privacy and data security more than ever. Companies need to be transparent about their intentions and methods, and need to be able to show customers that they can be trusted with their valuable personal data.

Also, in this case, it appeared to come as a shock about the capabilities of the app, and to some commentators, it may have appeared to be an inappropriate way and style to reveal what the app is capable of. This is likely to prompt complaints from some customers, and could harm the reputation of MoviePass.

If you are worried about the security implications of apps of this kind, for example, you could try to limit location data collection by going into your phone’s app settings. One other, obvious way to avoid any problems with the app would be to avoid MoviePass for now.

The introduction of GDPR in May this year is also likely to have implications for how MoviePass deals with the data of any EU citizen subscribers, as the company will need to comply with the new Regulation.