Whats the Big Data

The 2015 Data Breach Investigations Report, released in April by Verizon, estimated that there were 2,122 confirmed data breaches in 2014, generating $400 million in losses. This week we learned that one attack that was not included in this count happened in June 2014, targeting CareFirst BlueCross Blue Shield, serving 3.4 million customers in Maryland, Virginia and the District of Columbia. CareFirst only recently discovered the breach—names, birthdates, and email addresses of 1.1. million members—after putting in place new security measures.

In April, hackers redirected traffic from the Federal Reserve Bank of St. Louis’ research website to rogue pages. In its notice to users, the St. Louis Fed warned them that they may have been exposed to “phishing, malware and access to user names and passwords.” And Australian telecoms group Telstra said hackers gained access to the network of its Asian subsidiary Pacnet, and that it “was made aware of the breach” when its purchase of Pacnet was finalized on April 16.

To prevent the continuing loss of money, reputation, and customers, companies must make stopping cybercrime a team effort, internally and externally.  Collaboration is the essence of preventing data breaches and responding to them effectively.

I came to this conclusion after listening to a presentation by Jason Malo, a Research Director in CEB TowerGroup’s Retail Banking practice, at the 2015 CEB Financial Services Technology Summit. Malo pointed out that security should not be considered only the job responsibility of the Chief Information Security Officer (CISO). On-going collaboration across multiple internal teams and their leaders is crucial.

While the CISO plays a leadership role in discovery, mitigation and analysis of a data breach and is in charge of management and monitoring across all business lines, other teams and their respective leaders should be involved in a variety of roles in different stages of a response to a data breach. These include the CIO and CTO providing technical support and the Chief Compliance Officer, the communications team, and line of business executives taking a lead role in the disclosure stage and in enabling customers.

The last stage of the response to a data breach—empowering customers—is also the first step towards preventing more data breaches in the future. Collaborating with your customers, like collaborating internally, is crucial for minimizing the impact of a data breach and lessening the probability of being hacked again.

Malo suggests that contrary to the trend towards a “frictionless” customer experience—the idea that fraud should be detected and corrected without customer involvement—it is better to empower customers. This includes customers who are looking to take a more active role in protecting their data and those that need to be nudged to do so.

The response to a data breach should be honest, prompt, compassionate, informative, and interactive. Answering the question “what should I do?” the interactive part of the response should include a menu of security options, recognizing that different customers have different risk-sensitivity profiles.

In his presentation, Malo pointed out to an Associated Press–GfK Poll that found that consumers do little in response to a breach—only 41% checked their credit reports, 31% changed passwords for online retailers, 18% signed up for credit monitoring. But he also pointed out that consumers are typically not being offered adequate tools to manage their data.

Companies should invest more in educating their customers (and potential customers) in security best-practices and what to do in case of a data breach, even before one occurs. Collaborating with customers, making sure they make it more difficult for criminals to steal their data if and when a breach occurs, is an important investment in the company’s reputation and customer relations.

It’s not getting easier and it may get much more serious, with the potential to severely impact business performance. A recent Ponemon Institute Survey found that 83 percent of companies in the Financial Services sector and 44 percent of Retail firms experienced more than 50 attacks per month. Earlier this year, Juniper Research estimated that the annual cost incurred from malicious data breaches worldwide will exceed $2 trillion in 2019. Juniper noted that this is 2.2% of the IMF’s forecast for global GDP that year. They also noted that US breaches account for over 90% of the global cost of data breaches. Even if the US will account for “only” 80% of the global cost in 2019, the impact on the US economy will be $1.6 trillion. Given that the IMF’s forecast for US GDP in 2019 is $21 trillion, we could see the cost of data breaches reaching 7.6% of the US economy over the next four years.

Originally published on Forbes.com

[youtube https://www.youtube.com/watch?v=Avt7GEpHYtI?rel=0]

Steve Jobs in 2003: “People have told us over and over and over again–they don’t want to rent their music.”

The Wall Street Journal:

In March, Daniel Benitez, a cinema executive in Miami, paid $2,500 for a necktie. It wasn’t just any strip of designer neckwear. Imprinted on the blue silk were six lines of computer code that once brought the motion picture industry to its knees.

To the unschooled eye, the algorithm script on the tie, known formally as “qrpff,” looks like a lengthy typographical error.

But to Mr. Benitez and other computer cognoscenti, the algorithm it encodes is an artifact of rare beauty that embodies a kind of performance art. He framed it.

The algorithm sets out a procedure for what copyright holders once deemed a criminal act: picking the software lock on the digital scrambling system that Hollywood uses to protect its DVDs. At the turn of the century, hackers encoded it in many ways and distributed them freely—as programs, lines of poetry, lyrics in a rock song, and a square dance routine. They printed it on T-shirts and ties, like the item Mr. Benitez purchased. They proclaimed it free speech. No matter how many times the entertainment industry sued, their lawyers found the algorithm as hard to eradicate as kudzu.

Now it is exhibit A in the art world’s newest collecting trend.

Dealers in digital art are amassing algorithms, the computerized formulas that automate processes from stock-market sales to social networks.

In March, the online art brokerage Artsy and a digital code gallery called Ruse Laboratories held the world’s first algorithm art auction in New York. The Cooper Hewitt, Smithsonian Design Museum, where the auction was held as a fundraiser, is assembling a collection of computer code. In April, the Museum of Modern Art convened a gathering of computer experts and digital artists to discuss algorithms and design…

To give collectors something to show for their money, people who sell digital art strive for creative ways to make an algorithm tangible.

When Mr. Benitez, chief technology officer of Bardan Cinema, purchased the computer program qrpff, he actually got the tie, a commemorative tablet, and a password to access the code at an online software repository.

Another collector at the Artsy auction bought the compatibility calculator used by the online dating site OkCupid. He received two mathematical interpretations of the algorithm drawn on paper and autographed by the four company founders, but no legal right to use or see actual working code.

Indeed, no one yet is really sure what collectors ought to receive when they acquire an algorithm for art’s sake—source code, memorabilia, intellectual property rights, or a right to the output of the procedure. It varies depending on the legal status of the algorithm.

“Software is eating the world,” said digital designer Chris Maury at Pittsburgh-based Conversant Labs, who recently sold a computer vision algorithm at the auction. “The art world is the next part to be eaten.”

Gadi Tirosh, Jerusalem Venture Partners

In the first quarter of 2015, 166 Israeli high-tech companies raised $994 million, a 48 percent increase year-over-year, according to research firm IVC. “We are on a positive slope right now,” Gadi Tirosh told me recently, “which is fine, as long as it’s not over-hyped. At the end of the day, what drives the numbers are significant outcomes.”

Tirosh is very familiar with the “significant outcomes” that have produced new record numbers for Israeli entrepreneurs and venture capitalists. He is Managing Partner at Jerusalem Venture Partners (JVP), one of Israel’s leading venture capital firms, established in 1991. The founder, Erel Margalit, is now a member of the Israeli Parliament; the other managing partners currently are Kobi Rozengarten and Raffi Kesten.

JVP was the lead investor in computer security startup CyberArk, one of the best-performing IPOs of 2014 and where Tirosh is serving as Chairman.

“Having an outcome like CyberArk,” says Tirosh, “creates a virtuous cycle. It makes people understand that the prize at the end might be very very significant.” This may explain why we have seen in recent years more IPOs by Israeli startups. The general tendency for years has been to sell quickly even before reaching any meaningful revenues (I found out about 10 years ago that the word “exit,” as in a successful sale of a startup, has become widely used by Israelis, including those not working in high-tech). Tirosh points out, however, that while “CyberArk gives everybody in the industry something to wish for, you have to be opportunistic and if there are good outcomes on the way, that’s a judgement call you need to make.”

“Having an outcome like CyberArk,” says Tirosh, “creates a virtuous cycle. It makes people understand that the prize at the end might be very very significant.” This may explain why we have seen in recent years more IPOs by Israeli startups. The general tendency for years has been to sell quickly even before reaching any meaningful revenues (I found out about 10 years ago that the word “exit,” as in a successful sale of a startup, has become widely used by Israelis, including those not working in high-tech). Tirosh points out, however, that while “CyberArk gives everybody in the industry something to wish for, you have to be opportunistic and if there are good outcomes on the way, that’s a judgement call you need to make.”

JVP made recently just such a judgment call when it sold CyActive, a startup fresh from JVP’s cyber security incubator (more on this later), to PayPal (for a reported $60 million). “It absolutely made sense for the founders and ourselves to integrate this very innovative technology into a bigger home,” says Tirosh.

So what’s hot in cyber security today? One way JVP knows the answer to this question is by tracking the deal flow in 17 different segments of the security market (see chart below). In addition to established areas of computer security, they track new and emerging technologies, knowing that entrepreneurs look to target security gaps created by the introduction of these technologies.

GRC=Government Relations Compliance; SIEM/DSS= Security Incidence and Events Management/ Decision Support System

For example, says Tirosh, “the move to the cloud creates a whole new set of security challenges.” Your data is in the hands of a third-party and your beloved single-point-of-entry that you used to protect nicely with a firewall has just vanished. How do you protect your data when it is processed on servers located around the world that are provisioned on-the-fly? You need a new security paradigm, says Tirosh, and JVP has invested in GreenSQL, a startup offering security software that protects both traditional, on-premise databases and databases in the cloud.

New technologies create new security headaches, but they also provide new solutions. Take for example big data analytics. One of the startups in JVP’s portfolio, ThetaRay, has developed a unique approach to anomaly detection, using sophisticated algorithms to protect against unknown threats.

Traditional approaches for detecting credit fraud, for example, do not scale because they rely on pinpointing deviations from a pre-defined set of rules.  “As the system grows, you end up writing more and more rules, making it impossible to manage,” says Tirosh. “Not only that,” he adds, “once you define the set of rules, you actually define the next hack. You identify for the hackers what are the rules that they need to circumvent.”

Rule-based systems create a lot of false positives, issuing alerts for incidents that are not real fraud or threat. “The problem with dealing with so many false positives,” says Tirosh, “is that they don’t let the operators get to the true positives. It is well documented that with the Target breach, all the alarms went off. But the problem was that there were simply too many alarms.”

In contrast, ThetaRay’s algorithms do not assume anything about the domain they’re analyzing. They are derived from academic research into building a multi-dimensional, even “hyper-dimensional,” data matrix. The more data is analyzed, the better they get at detecting anomalies, knowledge that is combined with the domain expertise of the customer to identify the true positives, the real threats. By analyzing 250 million transactions, ThetaRay’s algorithms identified, in a matter of hours, fraud incidents worth 10 million euros, incidents that were not detected by the existing rules-based system, says Tirosh.

ThetaRay got its start in a JVP incubator. JVP is unique in that it’s a venture capital firm that runs two startup incubation programs. Much talked-about Silicon Valley-based incubators, such as Y Combinator (which bills itself as having “created a new model for funding early stage startups”), are just the best-known examples of some 1,250 business incubators in the U.S. and 7,000 around the world (2012 numbers from the National Association of Business Incubators). Typically, sponsors of incubators are academic institutions (about a third of U.S. business incubators) or economic development organizations (about a quarter).

JVP operates two incubators, JVP Media Labs in the areas of media and storage (in Jerusalem) and JVP Cyber Labs, in the area of cyber security (in Beer Sheva). It is not an academic institution or an economic development organization, and unlike Y Combinator, JVP does not focus only on early stage startups, so why incubate?

“We are the only VC firm running an incubator within the fund itself,” says Tirosh. One good reason to do that is that the Israeli government adds $500,000 as a risk-free loan to the first $100,000 JVP invests.  “So we have a pool of at least $600,000,”says Tirosh, “to experiment with new ideas and new teams and we can make these decisions pretty rapidly.” In that sense, it’s a unique economic development model, where the government invests and takes risks but lets private sector experts manage and nurture.

This does not explain, however, why other Israeli VC firms are not taking advantage of the State of Israel’s incubator program, sponsored by the office of the Chief Scientist. Tirosh expounds on JVP’s philosophy:  “It’s the question of what do you do with the companies that succeed and graduate out of the incubator. Having it as part of the fund allows us to fund the entrepreneurs that graduate the incubator, people we know really well. We’ve been growing the company together with them.”

Tirosh says JVP’s success in investing in all stages of the life of a startup is due to the operational background of many of the partners: “It requires a lot of involvement. You need to make sure you like it. Also, you need to be relatively good at it. Most VCs take a much more hands-off approach.”

For the entrepreneurs, JVP’s approach promises a significant follow-on investment from the main fund if and when they graduate the incubator. “It helps them build a longer-term view,” says Tirosh, “and it helps them raise money as they come out of the incubator,” having JVP’s stamp of approval.

JVP Cyber Labs was established in 2014 with the goal of identifying, nurturing and building the next wave of cyber security companies. It is located at the Beer Sheva Advanced Technologies Park, in close proximity to Ben-Gurion University (which has a leading computer science department with a special focus in computer security), the IDF’s elite computer units, and R&D centers of many multinational companies. This could be the highest concentration in the world of cyber security expertise per square foot.

“We had our Jerusalem incubator running for a while,” Tirosh told me. “It has been successful and we got quite a lot of requests to replicate it in other places around the world. None of us wanted to re-locate so we were looking to replicate it here in Israel. Since we’ve opened the Cyber incubator in early 2014, we’ve made six investments and we had our first exit when we sold CyActive to PayPal.“

And many more exits to come, no doubt.

Originally posted on Forbes.com

eMarketer:

The chief digital officer (CDO) role emerged alongside the digital transformation, and companies are rapidly making room for the position. In a report released in May 2015, The CDO Club estimated that the number of CDOs worldwide would double between 2014 and 2015, from 1,000 to 2,000…. Other research also suggests that more companies are relying on CDOs—or similar professionals—to navigate the digital landscape. When a January 2015 study by Accenture asked executives worldwide about their progress in leveraging digital governance and decision-making, 80% of respondents said they had a CDO or comparable role to oversee the use of digital technologies.

To this we can add research findings from Mondo, a digital marketing and technology resourcing provider. In the recent National Digital Marketing Salary Guide. Mondo reported that the Chief Digital Officer garners the highest salary among digital marketing executives, with $301,000 at the high end and $156,000 at the low end.