Tag Archives: firms

Using automated machine learning for AI in insurance

Mitsui Sumitomo Insurance, one of the largest insurance firms in Japan, began the process of digital transformation several years ago. The company launched multiple projects, and continues to start new projects, to send it further into the digital age.

One of MSI’s more ambitious undertakings is the MS1 Brain platform, an AI in insurance project to create a more personalized experience for customers.

AI in insurance

Released earlier this year, the MS1 Brain platform uses machine learning and predictive analytics, along with customer data, including contract details, accident information and lifestyle changes, to recommend products and services to customers based on their predicted needs.

The platform also generates personalized communications for customers.

“Our business model is B to B to C [business to business to consumer]. We provide our products through agencies,” said Teruki Yokoyama, deputy manager of digital strategy in the department of digital business at MSI. “Until now, we have provided products to customers, both individuals and corporations mostly by leveraging experienced agents’ intimate knowledge of client needs.”

“By providing the needs analysis outcomes of each customer to the agency by MS1Brain, now even an inexperienced agency can make optimal proposals to customers with higher demands,” he continued.

To build the platform, MSI chose dotData, a startup automated machine learning vendor based in San Mateo, Calif.

Machine learning
Mitsui Sumitomo Insurance used automated machine learning to build out a machine learning platform

Automated machine learning

MSI first connected with dotData in 2017, when MSI‘s CIO visited Silicon Valley for a technical survey, Yokoyama said.

At that time, dotData was just getting started, and it hadn’t released a product. Still, MSI was intrigued by its automated machine learning platform, which claims to provide full-cycle machine learning automation. DotData competitors include DataRobot, H2O.ai and Auger.ai.

Automation of the data science process is the only way a company can truly deliver value from AI/ML investments and provide competitive differentiation by investing in predictive analytics.
Teruki YokoyamaDeputy manager of digital strategy, Mitsui Sumitomo Insurance

“When it comes to data analysis, model accuracy often gets the most attention; dotData, on the other hand, focuses on how quickly you can move from raw data to working models — the AI-based feature engineering is what stood out,” Yokoyama said.

MSI had to build a lot of intelligent models, said Ryohei Fujimaki, CEO and founder of dotData. But, the firm didn’t have the data science team to build them.

DotData’s platform was scalable and enabled MSI to automate the entire AI building process, from feature generation to model implementation, Yokoyama said.

“Everyone should embrace this approach,” said Yokoyama of the automated machine learning approach.

“Automation of the data science process is the only way a company can truly deliver value from AI/ML investments and provide competitive differentiation by investing in predictive analytics,” he said.

Go to Original Article
Author:

For insider threat programs, HR should provide checks and balances

Insider threats are on the rise and firms are doing more to stop them, according to a new report from Forrester Research. But it warns that insider threat programs can hurt employee engagement and productivity.

One of the ways companies are trying to curtail insider threats is by analyzing employee personal data to better detect suspicious or risky behavior. But IT security may go overboard in its collection process, security may be too stringent, and practices such as social media monitoring might “lead to eroded employee trust,” Forrester warns.

An insider threat program can turn adversarial, impacting employees in negative ways. It’s up to HR to work with IT security to provide the checks and balances, said Joseph Blankenship, vice president and research director of security and risk at Forrester.

Blankenship further discussed project delays in this Q&A. His responses were edited for clarity and length.

Insider threats are increasing. In 2015, malicious insiders accounted for about 26% of internal data breaches. And in 2019, it was 48%, according to Forrester’s survey data. Why this increase?

Joseph BlankenshipJoseph Blankenship

Joseph Blankenship: I think it’s twofold. You have the ability for users to monetize data and move data in large quantities like they’ve never had before. The ease of moving that data — and the portability of that data — is one factor. The other big factor is we’re looking for [threats] more often. The tools are better. Whenever we see a new capability for threat detection, that’s usually the period when we see this increase [in discovered incidents].

Nonetheless, this must be a stunning finding for a lot of firms. How do they respond to it?

Blankenship: Probably like the stages of grief. We see that pattern quite a bit in security. An event happens, and we realized we are at risk for that event happening again. So now we put effort behind it. We put budget behind it, we buy technology, we build a program and things improve.

Accidental release of internal data accounted for 43% of all insider incidents. What does that say about training?

Blankenship: It’s also culture. Do employees actually understand why the [security] policy is there? Some of that is people trying to get around policies. They find that the security policy is restrictive. You see some of that when people decide to work on their own laptop and their laptop gets stolen. It’s usually people that are somewhat well-meaning, but they find that the policy is getting in their way. Those are all mistakes. Those are all policy violations.

Types of insider threats
Types of insider threats

Who is responsible in a company for ensuring that the employees understand the rules?

Blankenship: Typically it’s the CISO’s responsibility to do this kind of security education.

Is this primarily the job of the IT security department?

Blankenship: Certainly, it’s in partnership with human resources.

IT manages the internal security program, but many of the risks from an insider threat program are HR-related such as increased turnover or hiring. The HR department’s metrics suffer if the program creates employee friction. Is that the case?

Blankenship: I don’t think that’s necessarily the case. You have to make the employee aware: ‘Hey, we’re doing this kind of monitoring because we have important customer data. We can’t afford a breach of customer trust. We’re doing this monitoring because we have intellectual property.’ Things become a lot less scary, a lot less onerous, when people understand the reasons why. If it’s too heavy-handed, if we’re doing things to either punish employees or make their jobs really difficult, it does create that adversarial relationship.

What is the best practice here? Should HR or IT spell out exactly what they do to protect company security?

Blankenship: I don’t know if you get into all the specifics of a security program, but make the employees aware. ‘We’re going to be monitoring things like email. We may be monitoring your computer usage.’  

What is HR’s role in helping the company implement these policies?

Because HR is the part of the company responsible for employee experience, it is very much incumbent on them to work with the security department and keep it a little bit honest.
Joseph BlankenshipVice president and research director, Forrester Research

Blankenship: Because HR is the part of the company responsible for employee experience, it is very much incumbent on them to work with the security department and keep it a little bit honest. I’m sure there are a lot of security folks that would love to really turn up the dial on security policies. If you remember some years ago, the big debate was should we allow personal internet usage on company issued devices. There were lots of security reasons why we would say, ‘absolutely not.’ However, the employee experience dictated that we had to allow some of that activity, otherwise we wouldn’t be able to recruit any new employees. We really had to find the balance.

It sounds as if HR’s responsibility here is to provide some checks and balances.

Blankenship: There’s checks and balances as well as helping [IT security] to design the education program. There’s probably not a lot of security technologists that are amazing at building culture, but that is absolutely the job of good HR professionals.

Go to Original Article
Author:

Slack services partners to help vendor target enterprises

Slack is partnering with IT services and consulting firms to help midsize or larger businesses adopt and use its team collaboration app.

It is Slack’s first significant step toward developing a partner channel that would help it compete with Microsoft and Cisco for large enterprises. Those vendors rely on an ecosystem of resellers and IT integrators to support businesses on a global scale.

But Slack’s initial partners are small and midsize organizations. The vendor has yet to recruit the world’s leading IT integrators. Until it does so, Slack will still be at a significant disadvantage against those larger rivals as it attempts to sell to businesses with tens of thousands of employees.

The move comes as financial analysts sour on Slack, worrying that the vendor will be unable to compete with Microsoft Teams in the enterprise market over the long term. Slack’s valuation has dropped from $19 billion to less than $12 billion amid a steady decline in its stock price over the past several months.

The Slack services partners will help businesses with more than 250 employees build integrations, train employees and figure out where Slack fits into their move to the cloud. Slack is launching the program with seven partners across the United States, the United Kingdom and Japan.

Slack could launch a reseller program in the future, said Rich Hasslacher, Slack’s head of global alliances and channels. But, for now, the company will pay its services partners a finder’s fee worth 8% of the first-year contract of any customer they refer to Slack.

The services partners are Robot & Pencils, Adaptavist, Abeam Consulting, Ricksoft, Rainmaker, Onix and Cprime. Slack plans to add additional partners to the program around February or March of 2020, targeting markets in continental Europe, Australia and Latin America.

Developing the right ecosystem of partners will be essential to Slack’s long-term viability, said Zeus Kerravala, principal analyst at ZK Research. Slack is more than just a messaging app. Yet, many businesses don’t understand how to take full advantage of the platform, he said.

“When you look at long-term viability, that’s always been around platforms, not products,” Kerravala said. “I think if Slack wants to go down that route, [the services partner program] is part of what they need to do.”

Developing a channel should also help Slack sell to IT departments, rather than to isolated business units and groups of end users. Slack has 12 million daily active users, but only 6 million paid seats. Winning more company-wide deployments would help Slack boost its paid user count.

Go to Original Article
Author:

VR in real estate has mainstream potential for IT resellers

Channel firms targeting the real estate market are likely to encounter growing customer interest in emerging VR and AR technology.

That’s according to a recent podcast by distributor Ingram Micro, which explored benefits of AR and VR in real estate.  Up to now, the technology has been mostly experimented within high-end real estate situations — conducting virtual walkthroughs of New York luxury lofts or West Coast mansions, for example. But as the cost of the hardware decreases, channel partners can expect to see VR and AR technology move downstream.

“I would say that [VR in real estate] hasn’t trickled all the way down yet, and that’s mainly because of the cost of the hardware associated” with it, said Sam Alt, technical support specialist at Ingram Micro, in the podcast. Hardware would include VR headsets and 3D camera equipment.

The benefits of VR in real estate are clear, Alt said. Agents could use VR to perform numerous house tours from one location rather than have to drive with their clients to physically tour the locations. “You could go to one location and you could view multiple houses in an afternoon versus only a few,” he said. While house buyers would eventually want to visit a prospective real estate purchase in person, VR could help them weed through the options.

Alt also pointed to a role for augmented reality. Architectural firms could use AR to walk clients through model homes and, using an AR helmet, “swipe through what types of kitchens they could provide,” he said. “I think that’s a really easy way to … get a person who’s looking to … build a brand-new home really, really excited and be able to showcase that the end result is going to look exactly like … [what you can see] in this AR helmet, versus what it would look like on a piece of paper.”

“I think that VR and AR really do this market justice because it just brings in an entire new level of detail to what [firms] previously could provide,” he added.

CompTIA seeks tech stories

In an effort to encourage young people to enter the IT industry, CompTIA has launched a #MyTechStory initiative, in which current industry personnel tell the story of how they got started in technology.

Todd Thibodeaux, CEO at CompTIA, invited attendees at ChannelCon 2018 to participate, but the program is open to tech workers worldwide. Three- to five-minute videos may be tweeted to @CompTIA using #MyTechStory. Videos may also be emailed to [email protected]. Thibodeaux said his road to IT started with Lincoln Logs and Legos.

Other news

  • AppDynamics, a Cisco business unit specializing in app performance monitoring software, expanded its partner program with a new Pioneer partner tier. Dedicated to regional partners with domain expertise in applications, the Pioneer tier adds to the AppDynamics program’s existing Alliance and invitation-only Titan tiers, acting essentially as a promotion path to Titan status. Pioneer partners can access support from channel account managers and channel sales engineers, training and enablement programs, and semiannual business planning sessions, AppDynamics said.
  • Cloud distributor Pax8 will offer Anchor and Cloudfinder to MSPs under a new agreement with Axcient/eFolder, which provides data protection and business continuity offerings.
  • Xerox introduced a marketing toolkit to help partners promote the vendor’s managed print services and ConnectKey portfolio. New resources include social media syndication, redesigned partner badges and tools for hosting on-site customer events.
  • Collabrance, a provider of products and services for managed service providers (MSPs), said it expanded its Master Managed Security Services Provider portfolio. The portfolio now features security information event management and vulnerability and penetration testing, Collabrance said.

Market Share is a news roundup published every Friday.

Onboarding software a weak link, according to HCI-Kronos survey

Onboarding software may help reduce turnover, but many firms are neglecting this technology, according to a new study. A bad onboarding experience may prompt a new employee to quit.

Most firms today have invested in recruiting management systems. They want to speed hiring and find the best candidates. IDC said it expects spending in 2018 on applicant tracking systems to reach double digits.

Like recruiting, onboarding software is a pillar of talent management systems. But it’s “neglected,” said Jenna Filipkowski, the head of research at the Human Capital Institute (HCI), based in Cincinnati. That’s a mistake, she argued.

HCI and workforce management software vendor Kronos Inc., in a survey of 350 firms, found 36% have “insufficient technology” to automate or organize the onboarding process. Overall, this research found 75% reported “that onboarding practices are underutilized.” In a tight labor market, this may be a mistake.

Bad onboarding experience may hurt retention

A good onboarding program can make a difference in whether people leave work on that first day wondering what they have gotten themselves into and whether they made a huge mistake.
Howard Kleinprofessor of management of human resources at Ohio State University

Getting a job seeker excited about taking a job may be undercut by underused onboarding tech. Disorganized, incomplete, paper-based and inefficient onboarding can sour a new hire. It also hurts productivity if it takes longer to become proficient. The new employee may well believe they “were sold a bill of goods,” Filipkowski said.

“When they do have a more positive [onboarding] experience, studies have shown that they tend to want to stay longer,” Filipkowski said.

Other studies support this, according to management professors who have examined this issue.

“A good onboarding program can make a difference in whether people leave work on that first day wondering what they have gotten themselves into and whether they made a huge mistake,” said Howard Klein, a professor of management of human resources at Ohio State University and editor in chief of the Human Resource Management Review, a professional journal.

First impressions really do matter

“First impressions matter,” Klein said in an email. “If you ask people about their worst job, chances are you’ll hear about a horrible first day or week in which they were not made to feel welcome, appreciated or important,” he said.

New employees are impressionable, and an organization “does not want to miss that opportunity to instill values, vision and desired behaviors,” Klein said.

Onboarding software systems are intended to make onboarding more efficient. These platforms include online training, electronic paperwork processing, incorporating audio and video onboarding materials, automatic updates of employee records, set reminders and appointments.

Onboarding software use is inconsistent

The HCI and Kronos survey suggests adoption of onboarding software will increase. About 60% of the firms surveyed were using some type of onboarding technology, either web-based or developed in-house. Of the balance, 24% said they didn’t use it, but plan on doing so in the next three years. The remaining 15% said they had no plan to use onboarding technology in the next three years.

Talya Bauer, a professor of management at Portland State University, said organizations have come a long way in terms of thinking of onboarding as a yearlong process and not just new employee orientation, “but there’s great variance in how much time and attention onboarding gets across organizations.”

Keeping new hires will be important if a just-released survey by staffing firm Accountemps, a Robert Half company, proves to be accurate. It found 29% of professionals intend to look for a new position in the next year. The highest percentage of workers considering leaving their present employers is in Los Angeles, at 40%, followed closely by Austin and Dallas, Texas.

Bad Rabbit ransomware data recovery may be possible

Two different security research firms uncovered important information about the Bad Rabbit ransomware attacks, including the motives and a possible way to recover data without paying.

A threat research team from FireEye found a connection between the Bad Rabbit ransomware and “Backswing,” which FireEye described as a “malicious JavaScript profiling framework.” According to the researchers, Backswing has been seen in use in the wild since September 2016 and recently some sites harboring the framework were redirecting to Bad Rabbit distribution URLs.

“Malicious profilers allow attackers to obtain more information about potential victims before deploying payloads (in this case, the Bad Rabbit ‘flash update’ dropper),” FireEye researchers wrote. “The distribution of sites compromised with Backswing suggest a motivation other than financial gain. FireEye observed this framework on compromised Turkish sites and Montenegrin sites over the past year. We observed a spike of Backswing instances on Ukrainian sites, with a significant increase in May 2017. While some sites hosting Backswing do not have a clear strategic link, the pattern of deployment raises the possibility of a strategic sponsor with specific regional interests.”

Researchers added that using Backswing to gather information on targets and the growing number of malicious websites containing the framework could point to “a considerable footprint the actors could leverage in future attacks.”

Bad Rabbit ransomware recovery

Meanwhile, researchers from Kaspersky Lab discovered flaws in the Bad Rabbit ransomware that could give victims a chance to recover encrypted data without paying the ransom.

The Kaspersky team wrote in a blog post that early reports that the Bad Rabbit ransomware leaked the encryption key were false, but the team did find a flaw in the code where the malware doesn’t wipe the generated password from memory, leaving a slim chance to extract it before the process terminates.

However, the team also detailed an easier way to potentially recover files.

“We have discovered that Bad Rabbit does not delete shadow copies after encrypting the victim’s files,” Kaspersky researchers wrote. “It means that if the shadow copies had been enabled prior to infection and if the full disk encryption did not occur for some reason, then the victim can restore the original versions of the encrypted files by the means of the standard Windows mechanism or 3rd-party utilities.”

Deloitte hack compromised sensitive emails, client data

Deloitte, one of the “big four” accounting and consultancy firms, has confirmed it exposed confidential emails and client data in a targeted attack.

Deloitte, which provides high-end cybersecurity consulting services, discovered the hack in March 2017, but attackers may have had access to the company’s systems since October or November of 2016.

According to The Guardian, which broke the story of the Deloitte hack early this week, attackers were able to compromise Deloitte’s email server through an administrator account that wasn’t protected with two-factor authentication. Through this email server, The Guardian reported, the attacker likely had privileged, unrestricted access to all systems, including the Microsoft Azure cloud service that Deloitte uses to store the emails its staff sends and receives. In a statement on the incident, Deloitte confirmed attackers were able to “access data through an email platform” but didn’t provide further details on additional systems or services that may have been affected.

Deloitte provides services to major companies across the globe, including banks, multinational corporations and government agencies. The company claimed that “very few clients were impacted” by the breach. According to The Guardian, only six of the organization’s clients have been alerted that their information was compromised in the Deloitte hack. However, the hackers did potentially have access to usernames, passwords, IP addresses, health information and architectural diagrams for businesses.

The Deloitte hack focused primarily on U.S.-based operations and spurred an internal investigation that’s lasted six months so far. The responsible parties have yet to be identified, though, and Deloitte hasn’t released any specific details on how many clients were affected.

In other news

  • A bug in the most recent version of Internet Explorer exposes whatever is entered into the address bar — such as website addresses or searches — to hackers. Security researcher Manuel Caballero disclosed the flaw in a blog post this week. “When a script is executed inside an object-html tag, the location object will get confused and return the main location instead of its own,” Caballero wrote. “To be precise, it will return the text written in the address bar so whatever the user types there will be accessible by the attacker.” This means that whatever a targeted user types into the address bar can be viewed by a malicious actor. Caballero’s proof of concept shows that malicious sites can view information the user assumed was private. He also expressed his concerns about Microsoft’s handling of Internet Explorer. “In my opinion, Microsoft is trying to get rid of IE without saying it. It would be easier, more honest to simply tell users that their older browser is not being serviced like Edge,” he said.
  • The United States has asked China not to enforce its Cybersecurity Law that was passed in November 2016 and went into effect in June this year. In a document submitted to the World Trade Organization, the U.S. said “China’s measures would disrupt, deter, and in many cases, prohibit cross-border transfers of information that are routine in the ordinary course of business.” The Cybersecurity Law states that any “network operators” in China, including any local or international firms that collect data, must store all user data within China. The U.S. argued in the document that “such a broad definition” of network operators “could have a negative impact on a wide range [of] foreign companies.” It also raised concerns that “the measures, which pertain to ‘important data’ and ‘personal information,’ would severely restrict cross-border transfers unless a broad set of burdensome conditions are met.” The U.S. noted some other concerns in the document and requested that China “refrain from issuing or implementing final measures until such concerns are addressed.”
  • Oracle released out-of-band patches for the latest Apache Struts 2 vulnerability, tracked as CVE-2017-9805, a month before its scheduled quarterly Critical Patch Update. In its blog post announcing the availability of the patches, Oracle noted that a previous Apache Struts 2 vulnerability, left unpatched, was implicated in the “significant security incident” suffered by Equifax earlier this month. The patches were made available by the Apache Foundation for the popular web development framework on Sept. 5, but vendors like Oracle using the open source framework need to apply those patches to their own source code. “Oracle strongly recommends that customers apply the fixes contained in this Security Alert as soon as possible,” wrote Eric Maurice, director of security assurance at Oracle. “Furthermore, Oracle reminds customers that they should keep up with security releases and should have applied the July 2017 Critical Patch Update (the most recent Critical Patch Update release).”