Welcome to 2018

One sure prediction is that the new year will bring a slew of predictions, some glowingly optimistic and some confidently pessimistic. I’ve sifted through the predictions in the digital world, and here’s my summary, plus a New Year’s gift.

Artificial Intelligence

As the use of big data, algorithms and the digital technology has evolved artificial intelligence has moved from the esoteric into real world.

It turns up in marketing, with a series of caveats. It’s behind an app to identifying snakes, with caveats about what that does for our relationship with nature. It’s contributing to how we brew beer and AI is what makes chatbots smart enough to be helpful.

The Webby Awards Trend report notes that we still trust humans over AI, but I suspect we’re not always aware of where AI impacts our lives. We will see more practical adaptations of AI in 2018.

Virtual Reality

I like the idea of virtual reality, but my experience so far has been that it doesn’t add enough to my experience to compensate for the awfulness of the headset. Frankly I’d rather read a book and imagine the worlds. So the story-telling in VR needs to improve, and the devices need to get better.

So far the biggest use seems to be in gaming but even there users are underwhelmed, the Economist reported in December that VR has failed to live up to it’s hype, and added that there is a “distinct whiff of urgency in the air” as VR struggles with poor equipment and unsatisfactory content.

The devices are starting to get lighter and prettier, however they’re still relatively expensive.


Will 2018 be the year that the devices and the experiences improve?

Blockchain

Blockchain is the technology behind bitcoin and other crypto-currencies, it has other uses in making digital information exchange more trustworthy.

We’ll see these tests scale more widely along with more novel uses, I’m sure there are smart people out there looking at how blockchain could be used more broadly to securing our online identity.

Bots

Bots get a lot of bad press, they were exploited in the 2016 election and throughout 2017 to deliver false information to a screen near you, eroding reasonable debate and internet freedom according to Freedom House reports.

However due to advances in AI bots are starting to get better at customer service than humans. Will 2018 be the year we pass the Turing Test on a help-desk call?

Cybersecurity

This remained a big issue for business last year with major breaches in a range of industries from food retail, email, healthcare and governments.

Companies spend increasing proportions of their IT budget on cybersecurity and introduce restrictive measure to protect their data (USB sticks are frequently banned for example), 2018 will be the year of innovation in cybersecurity as companies struggle to reassure customers that their data is safe.

Social Media

Social media will become even more commercialised, expect more of those ads on Instagram, and more promoted posts – and more ways to promote content – on all platforms as the pressure increases for the platforms to be profitable and for company use of social media to demonstrate a return on investment. This won’t be pretty.

On the plus side we’ll see more tweaks on the platforms to encourage engagement; expect more platforms to adapt the Facebook emoticon model, and more uses of video and live-streaming.

My New Year’s Gift

In an attempt to be more consistent with my blog posting I developed a content calendar, I’ve added the various “International Day Of…” dates that might be useful along with a few significant birthdays and events. I’ve added a few content ideas, and I’m sharing the framework so far in case anyone else finds it useful.

2017

As we say farewell to 2017, here’s a reminder of what the world thought was worth searching for – it’s a two minute film from Google based on search data. It’s like a time capsule of the year.

 

Image: New Year’s Day  |  geralt on Pixabay  |  CC0 1.0

Happy World Password Day

CM2017_05_passwords.png

Happy World Password Day! I know it’s more fun to celebrate May-the-Fourth in other ways, but this is important.

Passwords are how we keep our online accounts secure, and yet the most common passwords are horribly simple to guess. Every year password keeper releases a list of the most common passwords and every year “123456” and “qwerty” are on the list.

Passwords must be both memorable and hard to guess, the conflict between those two needs is the fundamental problem.

Many sites require you to use combinations of uppercase, lower case, numbers, and symbols in the name of making it harder to guess or crack a password.

However the resulting password is not easy to remember, and as humans use common substitutions, it remains vulnerable to cracking by computer.

To make a password hard to break you need to make it longer, use a range of characters, and avoid dictionary words. Something like this.

According to Kapersky labs it would take 33 centuries to crack this password by a single home computer. Most hackers have more computer power so could do it in fewer centuries.

There are two factors making it hard for computers to guess, the randomness of the characters used and the length of the password. As the wonderful XKCD explained we can use the length to make passwords more secure and memorable.

One of the challenges of managing online passwords is that we have so many of them. Often they can be saved on your device or in your browser, but this carries its own risks. If you lose your device or someone cracks your browser password (in the case of chrome) the person gains access to all your accounts. You can use a password manager, there are many on the market and PC Mag evaluated 12 of them.

There’s a lot of advice out there on changing your password, it’s often a mandatory practice on websites and within companies. But it’s usefulness as as security measure is dubious, in fact because people tend to then use a transformation on an old password the system might be less secure.  One company requiring mandatory changes also prevented reuse of password elements for 20 changes. Luckily there are twenty regions of Italy. Of course if there is a password breach on any website you use you must change affected passwords.

To find a good memorable set of words look to poetry, quotes or song lyrics. Using the Kaspersky Labs password check Beyonce’s lyrics fare pretty well although  the words are dictionary based and not particularly random.

Please take time today to celebrate World Password Day by making your passwords more secure

  • choose long secure passwords
  • use different passwords for each site
  • use two factor authentication when sites allow it
  • consider a password manager
  • if you write down your passwords anywhere don’t keep it with the device.

Image: mine, and no, that’s not a real password

Security is Like Water

A pipe in my kitchen broke this week, water leaked everywhere, seeping into everything, through the smallest gap. This got me thinking about other types of leaks. I think there’s a reason we talk about information and security leaks; you can do everything you want to contain information but it will pass through the smallest gap.

The reason is that there is a natural tension between the measures needed to make a company secure, and the activities people have to perform in the line of their work. Every attempt to lock down security across an organisation pushes employees to find alternative routes to perform their work.

Ars Technica reported earlier this year that when Hillary Clinton, as Secretary of State, had requested a secure Blackberry she had been refused. Blackberry is Clinton’s preferred tool for answering emails, and a secure Blackberry had already been provided to Obama (and to Condoleeza Rice, Clinton’s predecessor).  Now this seems a very odd decision to me, Secretary of State is the third highest office in the US, and a role that would obviously involve a lot of email correspondence with the president, presumably of a similar “top secret” nature.

I’ve heard of the same thing playing out in different ways in companies.

  • Generic USB sticks were banned, the company provided USB sticks that had a nasty habit of corrupting movie files, and it was already impossible to email large files. So employees doing presentations outside the company would use a hotmail account to email the video to themselves so that they could play it at a conference or meeting outside the company.
  • When new board members wanted meeting notes electronically. The security advice was to give them company laptops. But these were people who travelled extensively and sat on the boards of several companies. Password protected pdfs were used as an interim measure, but longer term measures involved a secure site.
  • When security teams became aware of the possibility that social engineering techniques were being used on LinkedIn and specifically targetting company employees they blocked LinkedIn from the company network. Ignoring the fact that this just moved the risk to outside work hours, or via personal mobile phones.

In all these cases employees quickly found a work-around. In some cases the risk was reduced in this process, in others not.

As Tom Seo wrote in a recent Tech Crunch article “security is defined as a largely operational function, which in turn leads to reactive, incohesive decision-making”, and I think that security has been seen as an operational function for a long time with a defensive or reactive mentality.

To keep something perfectly secure we lock it away, put it in a safe, behind a wall, or in a fortress. But for companies there is no way to build an effective wall around a company’s digital information, since using that information is an operational necessity. Sure, we use the term “firewall” for a sort of digital approximation of a wall, but we still send information across a firewall, and use technology outside a firewall.

Years ago a security colleague said to me “we can no longer build a completely secure system; we have to choose which risks to remove and which to manage”. It’s a good start, but I look forward to the day when security teams think in terms of solutions rather than rules.

Image: water via pixabay