Keynote takeaways – Microsoft Future Decoded 2019


Reflecting on the output from Microsoft Future Decoded 2019 in London on 1st October has taken some time, as the talks were truly inspiring and thought provoking, on the future direction of technology and the societal impact that this will cause.   With much talk about the meaningful aggregation and dissemination of data using Azure Artificial Intelligence (AI) and Machine Learning, the message focused on the need to put people at the heart of the change process for AI.

Cindy Rose, CEO Microsoft

CEO of Microsoft, Sataya Nadella’s views were shared by Cindy Rose, Microsoft UK’s CEO, talking about the need for global tech providers to handle users’ data more responsibly to maintain trust going forwards.  In Rose’s speech she reflected on the need for the giants to agree a’ global ethical and empathetic framework and principles around AI design’ following the ‘Techlash’ debacle of 2018 (Facebook, Amazon, Apple, Google etc.).

Abhjit Akerkar, Head of AI Business Integration

In a later panel session, Abhjit Akerkar (Head of AI Business Integration) emphasised the importance of being hot on business trust and data privacy.  Knowing which stakeholders were accountable would mollify users and reassure regulators that (business) models were compliant.  Akekar also added his voice to the need to get employees involved and onboard with AI.  He said helping the workforce understand the possibilities and opportunities around AI and chatbots was key, as was aligning company culture, structure and ways of working to drive successful adoption of AI (and inform decision makers better about why algorithms made the decisions they did).

Microsoft shared some statistics from an AI study of 1,000 organisation leaders and 4,000 employees.  Companies were seen to be going from experimentation with AI (48%) to exploiting AI to solve big business challenges and create some vital commercial changes that would distinguish them resolutely from those who failed to adopt AI as part of their business model.  It was the 8% who were scaling successfully who were seeing the biggest impact change).  The UK survey, “Accelerating Competitive Advantage with AI” found that 56% of UK companies were using AI today and 11.5% of them would outperform their competitors because of this.  This was being achieved through better data science and insights, speed of platform, efficiency outputs, time savings and creating a richer customer experience.

 Darren Atkins, CTO, NHS East Suffolk and North Essex Foundation Trust

An example quoted was NHS East Suffolk and North Essex Foundation Trust (ESNEFT) who put nursing staff at the centre of an Azure AI development project with software developer Thoughtonomy, to create a robotic process automation workflow.   This proved hugely successful a) because the nurses were central to the process from the start so were culturally onboard through collaboration and keen adopters to use the automation workflows and b) the hospital saved 4,500 hours in admin tasks in 12 months that enabled nurses to be re-directed to patient care.

A PwC repot estimates that AI will contribute up to $15 trillion dollars to the global economy by 2030.  For the UK things look promising:

• 36% UK business leaders believe that AI is a skill that will help secure the future of the UK.
• The UK is in the top three countries worldwide for developing AI technology.
• The UK is also in third position for raising AI investment, and second for the number of AI companies based in the UK.

This creates a strong picture of optimism for business and the tech industry as whole.  However, the journey to AI remains challenging.  Only 26% of businesses surveyed said they were ready for transformation.  So many organisations are clearly still struggling to get to full cloud enablement before being in a position to accelerate their desired tech strategy on innovation and true transformation of business opportunities and competitive advantage. Interestingly, there seems to be a huge communication void around this technology between Board and workforce.  In those organisations surveyed who were intending to adopt AI, 96% of their employees had not had any discussion with their bosses about the introduction of AI, and conversely 83% of bosses had not been asked by their employees about introducing AI.  So clearly company vision is not being shared to enable a meaningful conversation to begin.

The power of communication in developing AI

Microsoft emphasised a gear shift in business development execution, asking for leaders to discuss AI more widely and ensure that AI plans were accessible to all, so that AI was democratised and offered inclusivity, as the best outcomes came from ethical integration.

Kate Rosenshine (Head of Azure Solutions Architecture)

Microsoft’s Kate Rosenshine (Head of Azure Solutions Architecture) talked of the need to foster true co-creation involving many voices, not just the technical, but those with social and business skills to create the business outcome and ‘common language’ required to enable the scaling out of AI.  AI, Rosenshine said required “the application of business, psychology and technology through a diverse set of skills and mindsets”.   Given the way most organisations function in their traditional management style, sharing such a project plan methodology would likely be a considerable challenge, but then the rewards would be greatest, and re-invent that business for the twenty-first century.

NHS East Suffolk and North Essex Foundation Trust’s CTO, Darren Atkins in the keynote panel discussion, noted that there appears to be a common fear around the introduction of AI technology.  His recommendation for other organisations looking at transformation projects was succinct:  firstly understand what you want to do with technology, then create a roadmap for the next 12-18 months, then before investing in a solution, ensure you are working with a partner who can support your strategy.

For many organisations, technology solutions often form complex journeys of several parts, involving multiple players.  But trust, openness and inclusivity, in parallel with a strong security and compliance ethic, will offer the best language for good AI design and adoption.  So find your right partner to walk alongside your organisation and take you into this new world offered by AI.

Amicus ITS as a trusted IT Managed Service Provider welcomes all discussions on technology topics.  Call our Sales team today on 02380 429429 for a confidential chat.

 

ICO reports security failures across all sectors as fines continue to ramp up in 2019

Since May 2018 when GDPR kicked, the ICO has been progressively investigating data breaches identified to them and no-one has been spared in their enforcements.  From local Government officials illegally accessing personal data, to public bodies (including HMRC for data harvesting), to the Metropolitan Police (responding to Subject Access Requests), the NHS (for illegally accessing medical records), to regulated industries and small businesses carrying out unsolicited communications by email or telephone (affecting up to 4.5 million unsuspecting contacts).  Even in one extraordinary case, a Council employee shared unredacted data about alleged gang members profiled on a police intelligence ‘Gang Matrix’ database to other Council staff and external organisations. This ended up on social media and was then used by the gang members themselves.  Unbelievable, but sadly true.

Amicus ITS Director of Technology, Security & Governance, JP Norman commented:  “The ICO are striking a balance between the severity of a breach individually, the volume of data affected and the harm and distress caused by the breach of security and lack of protocol.   We can see from the  enforcement notices published across 2018-19, the huge variety of cases that the ICO have dealt with in the last 18 months and ultimately this illustrates data responsibility is in the hands of every individual, with fallout picked up by the organisation/company directors”.

Big headliner fines this Summer featured the £183.4m fine published to British Airways following the 2018 cyber incident where users logging in to BA’s website were diverted to a fraudulent site where their personal details, payment information and travel plans were harvested.  This represented 1.5% out of a total possible fine of 4% of global turnover.  Plus, the £99.2m fine to Marriott International hotels group for a data breach whereby 339 million guest records globally were exposed over several years following a merger and lack of due diligence and security measures being adopted.  Both organisations are seeking to defend their position. Other big names included: Equifax (£500,000), Uber (£385,000), and Yahoo! (£250,000) for cyber security failures.

Against this backdrop, the ICO Annual Report for March 2018-19 published in July 2019 recognised that 82% of personal data breaches investigated had been closed with no further action, as corrective measures to avoid a repeat had been taken or were being acted upon, which we should take as positive news as organisations learn to manage their data more responsibly.

JP Norman adds:  “All organisations face the same responsibilities around data management and data security.  At the heart of good practice is education and staff training. This can identify what is appropriate when sharing data and that if approved, it is done lawfully and safely.   Organisations, institutions and businesses of any size must have a Data Protection Officer (DPO), who may also be the Data Controller if appropriate. These representatives need ready access to policies and guidance around data security and measures to be taken in the event of any breach, which can be evidenced and practised as part of a smart Business Continuity Plan.  This can be intimidating for businesses of even medium size to get to grips with and act confidently so we often see the DPO function outsourced”.

Amicus ITS recognises the challenges organisations face and earlier this year published our new Virtual Data Protection Officer service on G-Cloud 11 for public sector customers.  Notably, this service is equally available to SMEs.  Any organisation that is unsure if it has the right security policies and security measures in place can contact Amicus ITS in confidence.  If the service is taken up, this security consultancy could not only save you £000s but also help protect against reputational damage which can be priceless.  Call our Sales team today for a free initial discussion on +44 2380 429429.

Amicus ITS’ privacy policy can be found here

Microsoft rapid response to Windows patching after security scare


Users and organisations using out of support Windows Operating systems Windows XP, Windows 7, Windows Server 2003, Windows 2008 R2, Windows 2008 are being urged by Microsoft to undertake urgent patching measures, following Microsoft’s discovery of a critical remote code execution vulnerability.

The severity of its potential impact worldwide has prompted Microsoft to step in to release patches for the out of support Windows XP and Windows Server 2003.  Windows XP users will need to download the patch (Remote Code Execution CVE-2019-0708) from the Microsoft Update Catalogue.

Microsoft spokesman and Director of Incident Response, Simon Pope, speaking from their Security Response Centre advised that this exploit vulnerability was ‘wormable’.  This means that the user doesn’t have to ‘do’ anything themselves to cause the damage.  Any malware created by hackers in response to this vulnerability that links to this Microsoft code, would cause a ripple effect by cross-infecting computers through Remote Desktop Protocol (RDP). RDP would facilitate the hacker’s ability to send requests enabling arbitrary code to be run, to view, change or delete data, or create new accounts with full user rights. This was the experience in 2017 when the Wannacry attack went global.

With millions of users still using Windows 7 machines, Microsoft are not taking any chances and are taking the same holistic steps as in 2017 to seek to protect users whether using supported or unsupported systems.

Unfortunately, there doesn’t appear to be a killswitch for someone to discover in this vulnerability unlike with Wannacry, but prudent and expeditious action taken promptly by organisations and their inhouse IT teams, (or through the direct intervention of IT MSPs like Amicus ITS), can take the mitigation steps to limit impact.  Amicus ITS have already taken immediate steps to instigate the patching for all our customers. In addition, the RDP vulnerability can be mitigated by good access control and firewall management our Network Team are undertaking.

I would advise vulnerable organisations to update to the latest operating system (currently Windows 10), but check the following paths as part of risk mitigation consideration:

1. Upgrade to the latest or near latest operating systems – full mitigation
2. Consider migrating to the 365 / Azure platforms – server mitigation
3. Take up an advanced patching service via Amicus ITS – server and device patch assurance

Any organisations seeking advice or support can contact our Sales team in the first instance by calling +44 (0)2380 429429 or by emailing enquiries@amicusits.co.uk quoting ‘Microsoft Code Exploit 2019’

JP Norman is the Director of Technology, Security and Governance at Amicus ITS

Happy Data Privacy Day 2019!

It’s Data Privacy Day (@StaySafeOnline) and the National Cyber Security Alliance celebrates this with its annual symposium in San Francisco today.  It marks an opportunity to raise awareness and remind organisations about the importance of safeguarding data, respecting the privacy of individuals, enabling trust and encouraging a culture of cyber security.

Last week, IBM’s CEO Ginni Rometty speaking from Davos in Switzerland at the World Economic Forum, commented that one of the biggest issues for every government right now is privacy of consumer data but that a barrage of regulations could destroy the digital economy.

“Every government is itching to regulate, and the risk we all have is that there’s a great overreaction. The casualty is the whole digital economy.  We have to protect consumer privacy with precision regulation: consent, opt out, ability to delete”.

Rometty added that privacy is sacrosanct. “We (IBM) exist because clients trust us with data. So I think every company now has to do that, when everyone’s looking to benefit from it. If you’re gonna benefit from it, you have to live by those rules,” she said.

Amicus ITS Sales Director Les Keen added, “This is true for all responsible data guardians and a view that Amicus ITS endorses.  As an IT Managed Service Provider we are trusted and relied upon by our customers to manage their data safely.  Today’s event is a great reminder that we all have to keep on our toes to stay safe online and education will always remain at the heart of this – connecting the technologies, processes and people. Happy DPD!”

Any organisation wishing to discuss data protection issues in confidence can contact the Amicus ITS sales team by calling + 44 2380 429429.

 

Leeds first city to launch fully integrated NHS GP Electronic Patient Records service through GP Connect

NHS Digital have announced the launch this week of the first fully integrated GP Electronic Patient Records system to go live in the City of Leeds.  Leeds is the second largest city in England with a population approaching 785,000 so a decent test for working practice results.

This digital transformation has been facilitated by the NHS GP Connect programme service which works with various GP clinical system providers to develop Application Programming Interfaces (APIs) to make data from clinical systems available in standard form, so that it can be used across different systems.  In the case of Leeds, TPP (SystmOne) joined forces with EMIS Health to create this vital, secure backlink to GP practices.

The new system unlocks the digital records of all patients across the City to hospital clinicians, connecting primary and secondary care providers 24×7. It will enable authorised clinical staff to view GP records digitally and have source GP patient information to hand to better inform their care of patients.  The move reduces the burden on GP practices having to share  information via traditional unsecured routes like fax.  This is the first in a sea change of healthcare updates for the City, as plans are made to add more benefits in 2019.  These include secure access to structured medications (to optimise use of medicines), provision of allergies information, a more efficient appointment management system between practices and the integration of social care and mental health care records.

Richard Corbridge, Chief Digital & Information Officer at Leeds Teaching Hospital Trust said: “GP Connect connectivity improves the way data can be used as information in clinical practice throughout the city.  Delivering integrated care for the population is the key goal for every healthcare system and why the investment in digital is so intrinsic to the success of healthcare as a system rather than as silos of excellence.  In Leeds we can now plan to have a fully integrated primary care, social care, hospital care and mental health care record in place throughout the city in 2019, a giant leap and a unique proposition for the NHS.”

Dr John Parry, Clinical Director at TPP said; “This is a very important step to ensuring that patients benefit from having their medical records available for those caring for them , wherever they are receiving care”.

Dr Shaun O’Hanlon, chief medical officer at EMIS Group said: “We are delighted that connectivity via GP Connect is available right across Leeds. This important partnership with NHS Digital is part of our company’s wider commitment to providing the tools for system interoperability using open NHS standards across the UK, and helping clinicians drive up standards of joined up patient care.”

This marks a significant chapter for the NHS in contrast to the dismal days of NPfIT (National Programme for IT ), the NHS IT programme started in 2002 and scrapped after 9 years by the then coalition government and a public bill of £10 billion.  The journey to transformation in the NHS deploying Electronic Patient Records (EPR) has been slow and painful, but now with a number of vendors rolling out EPR services across the country (including: Cerner, Epic, Emis, Rose, eCare, Intersystems and System C), the pace is quickening for standardised data platforms to make an integrated healthcare service a reality rather than a dream.

French regulators throw the first big GDPR punch at Google with £44m fine

Google has fallen foul of the French data regulators with the announcement yesterday of an impressive £44m fine against the global search engine giant.  In a move that has sent the tech industry chattering, this marks the first major European penalty since the rollout of GDPR on 27th May 2018.  It was going to happen sooner or later, it was just a matter of who first?

Google’s blunder was their covert process of gathering data to personalise ads without ‘sufficiently’ informing user, burying the detail in terms and conditions and using pre-ticked boxes (contrary to new legislation).

CNIL, the French equivalent of the UK’s Information Commissioner’s Office filed two complaints as soon as GDPR came into effect.

Commenting on the severity of the fine, CNIL advised that the action was “justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent”.

The penalty is the largest to date under the European Union privacy law, known as the General Data Protection Regulation, which took effect in May, and shows that regulators are following through on a pledge to use the rules to push back against internet companies whose businesses depend on collecting data.

The fine announced on Monday is far lower than the maximum penalty under the European privacy law, which is 4% of global revenue. For Google, that would be more than $4 billion!

The response has been largely welcomed in the wider MSP community as a prompt to improve better marketing processes, echoed by Amicus ITS.  Like many others today, Amicus ITS uses Account Based Marketing, so the lawful consent required is applied directly with the customer.

The news is a salutary reminder for vigilance with firms to ensure they comply with GDPR and offer flexibility in providing services through different marketing channels that create the variety and correct routes for data capture through websites and other means (which these days is translated as the increase in companies offering AI chatbots when communicating services or offering information with 3rd parties).

Are you surprised by the fine?  Who do you think is going to be next up for punishment?  Give us your thoughts.

Beware Santa’s horses bearing gifts

Tis the season to be crafty!   Just as Amicus ITS was reaping the results of its own competition for staff to design a winning Christmas e-card for 2018 incentivised with online gift card vouchers for prizes, came the news report issued last Monday by security firm Barracuda Networks that Santa’s gone a bit phishy in a Gremlins kind of way in the run up to Christmas.

The increasing sophistication of social engineering has created a new cyber security workplace scam targeting receptionists, office managers and executive assistants.   The report states: “These types of attacks are very hard for traditional email filters to pick up because they are targeted, have a high reputation, and do not contain any obvious malicious signals”. 

Here, hackers will pretend to be the CEO or senior managers, using tactics like implied urgency and directed emails asking specifically say, for Google Play gift cards.  Phishing emails can also include a ‘signature’ implying it was sent from a mobile device.  Alternatively, the scam can be built around a secret ‘reward’ for employees.  There are no malicious payload links, or suspicious file attachments and they are often sent from trusted email domains.

Spokesman for Barracuda Networks, Asaf Cidon commented: “When sending social engineering-based attacks, attackers have always used context and timing to their advantage – and the Christmas season has opened the door wide to a lot of cleverly designed executive impersonation”.

What can you do about it?
Organisations should have the relevant anti-malware, spyware and adware in place.  Other security tools can include more advanced spybot software and AI-based security solutions to detect anomalies in email addresses that the CEO would not use, or behaviours which would recognised be uncharacteristic.  But alongside all of these technical competencies, it comes back to having an educated and informed workforce across the board, vigilant and trained to spot attack efforts and know the right remedial steps to take:

• Use HR to work with IT to help with employee messaging to avoid falling for these scams and to understand what technology is needed to ward off the attacks.
• Awareness spread through the employee network should reduce the time between attack and detection and prevent more extensive damage.
• If a gift card email scam hits your organisation, why not set a procedure in place for employees to be required to gain direct management approval to verify any financial requests.

Have you experienced this type of attack?  How did you react.  Anyone seeking advice on security measures around their IT systems can contact Sales on 02380 429429.