Archive for Internet Security

Cybercriminals Hijacking Netflix and Other Streaming Accounts

It has been reported that the surge in the use of streaming music and video services has been accompanied by a surge in the number of user accounts being taken over by cybercriminals.

Entertainment During Isolation

Self-isolation and the instruction to stay at home during the next few weeks in the COVID-19 crisis has meant that many people have turned to streaming services like Amazon Prime Video, Netflix, Spotify and Apple Music. In fact, the demand has been so high that many streaming and social media platforms have reduced the bit rate of videos in order to make sure that services can still be delivered without taking up too much bandwidth.

Stealing and Selling Your Credentials

Security company Proofpoint has now warned that cybercriminals are taking advantage of this increase in demand for streaming services by stealing the valid credentials of users and selling them online.  This means that someone else may be piggybacking off a user’s streaming account without them even knowing it.  When the account credentials are sold online (for a much lower price than normal accounts), the seller gives instructions to the buyer not to try and change the login details of the account.

How?

For cybercriminals to hijack streaming accounts, they first need to steal the legitimate credentials of existing users. Proofpoint has reported that this is achieved by using methods such as:

Keyloggers and information stealers – software that has been unwittingly downloaded, that is able to record keystrokes to discover logins and other valuable personal data.

Phishing attacks – convincing emails from bogus sources that have made users click on a link/ to re-direct, which has led to login credentials and financial information being stolen and/or malicious software being loaded onto their computer/device.

Credential stuffing – where logins are stolen in cyber-attacks on other sites/platforms and sold on to other cybercriminals are tried in other websites in the hope that a user has been password sharing (using the same login for multiple websites).

How Do You Know?

The ways to tell whether your streaming account is being piggybacked include checking the settings to view which devices are connected to the account, checking previous activity on the account and activating the options that notify you each time a new device connects to your account.

Protection

Since the ability to hijack a streaming account relies on the ability to steal login details, following basic data security and hygiene can dramatically reduce the risk to users. For example, using strong and unique passwords, not sharing passwords between different websites/platforms, using a good password manager, keeping anti-virus software and patches up to date, keeping systems and browsers up to date, and not clicking on links or attachments in emails may help protect against this and others similar crimes.

What Does This Mean For Your Business?

Cybercriminals are quick to take advantage of a crisis or a trend and are always keen to find easy, low-risk ways to get money and personal details.  In this case, adhering to relatively basic security best practice can prevent you from falling victim to this and many other cyber-crimes.

Sadly, this is not a new situation.  For example, a CordCutting.com report from last year suggested that around 20 per cent of people who watch a paid-for video streaming service are using someone else’s account.

Now that streaming services are experiencing a surge in users and are very much in the spotlight, it may be a good time for those services to tackle some of the long-running security concerns and to reassure users that they are taking some responsibility to make it much more difficult of others to piggyback accounts.

Featured Article – Maintaining Security During The COVID-19 Health Crisis

The current global health crisis may bring many different IT security challenges to businesses and organisations and this article highlights some of the ways that you can prepare to keep IT security covered as best you can at this difficult time.

Larger and Smaller Businesses – Some Different Challenges

Larger organisations may be at an advantage as they may already have policies, procedures, equipment and security arrangements in place for remote working, although they may find themselves more stretched as many more staff work from home than usual.

Smaller businesses and organisations, however, may be less well used to and equipped for suddenly having to send staff home to work. This means that they may have a lot more work to do now in order to prepare, and their IT personnel will find themselves needing to prioritise and be prepared to provide more on-demand support over the coming weeks.

Guide

Even though larger and smaller companies may have different challenges on a different scale, here is brief guide incorporating a list of suggestions that could help many businesses and organisations to stay secure while employees, contractors and other stakeholders are working remotely:

– Alert all staff to the possibility of email-borne threats and other social engineering attacks.  For example, over the last few weeks, cybercriminals have been sending COVID-19 related phishing emails e.g. bogus workplace policy emails, emails purporting to be from a doctor offering details of a vaccine/cure, emails with a promise of a tax refund and more.  The message to employees should be to not open unfamiliar emails and certainly don’t click on any attachments or links to external pages from any suspect emails.

– Make sure that any software and software-based protection used by employees working from home is secure and up to date.  For example, this could include making sure their devices have up to date operating systems and browsers, firewall software and anti-virus software is installed and up to date, and make sure that employees install any new updates as soon as possible.

– Ensure that any devices used by employees are managed, secure (have downloaded trusted security apps), have appropriate protection e.g. data loss protection, updated anti-malware, and a capacity to be centrally monitored if possible. Ensure that all devices, including employee mobiles (which can carry confidential information), are password-protected, and can encrypt data to prevent theft.

– Monitor the supply chain arrangements where possible.  If a supplier is geographically remote, for example, and if the Covid-19 crisis has left a supplier short of qualified IT and/or security staff, or if contract staff/cover staff, or unfamiliar staff members have been brought in to replace staff members e.g. particularly in accounts, this could present a security risk.  Taking the time to conduct at least basic checks on who you dealing with could prevent social engineering, phishing and other security threats, and exercising caution and offering your own known secure channel suggestions where suppliers may be short of  IT-security staff could help to maintain your company’s security posture.

– Although employees are likely to stay at home in the current situation, you will still need to make sure that they are made aware of your policy about accessing information on public or unsecured networks e.g. using a VPN on mobile devices to encrypt data.

– Make sure you have a 24-hour reporting procedure for any stolen or lost equipment/devices.

– Pay attention to user identity management. For example, have a user account for each employee, and give appropriate access to each employee.  This should help to prevent unauthorised access by other persons.  Also, control which programs and data each employee has access to, and which level of user rights they have on certain platforms.

– Make employees aware that they must use only strong, unique passwords to sign-in to your network, and that these details should be changed regularly e.g. every 3 months.  Also, make sure that multi-factor authentication is used by employees.

– Stay on top of managing the workforce and general daily operations.  For example, make sure that key IT staff are available at all times, communication channels and procedures are clear and functioning, handover procedures are covered, any sickness (which looks likely) can have cover planned, and that productivity targets can be met despite remote working.

– Remind employees that they still need to comply with GDPR while working remotely and ensure that help and advice are available for this where needed.

– Use this experience to keep the company’s disaster recovery and business continuity plans up to date.

– Schedule regular, virtual/online meetings with staff and ensure that all employees have the contact details of other relevant employees.

– If you’re not already using a collaborative working platform e.g. Teams or Slack, consider the possibility of introducing this kind of working to help deal with future, similar threats.

Looking Forward

At this point, the country, businesses, and many individuals are thinking more about survival strategies, but taking time to ensure that IT security is maintained is important in making companies less vulnerable at a time when operations don’t follow normal patterns and when many cybercriminals are looking to capitalise on any weaknesses caused by the COVID-19 health emergency.

Cybercriminals Take Advantage of Covid-19 Outbreak With Phishing Emails

Some cybercriminals have already taken advantage of the fear surrounding the Covid-19 outbreak by sending out phishing emails that promise cures, seek donations, or heighten panic in order to extract personal data and money.

Phishing For Fear

Cybercriminals rely on exploiting human error that’s often driven by emotional responses.  The coronavirus outbreak has, therefore, provided scammers with a near-perfect opportunity to exploit the heightened the level of fear and to offer things that will take that fear and panic away as a motivation for a person to click on a link.  Clicking on a link in a phishing email, however, means having malicious software loaded onto your device that can allow cybercriminals to take control of your computer, log keystrokes, gain access to your personal information and financial data (for theft and identity theft), or simply direct you to a payment page.

Examples

Examples of the kinds of corona-virus related phishing emails which have been spotted over the last couple of weeks, and could be coming to an inbox near you, include:

– As reported by Proofpoint, an email purporting to be from a doctor offering details of a vaccine cure that’s been kept secret by the Chinese and UK governments.  Clicking on the link promises access to the vaccine cure details.

– Workplace policy emails that target employees in a specific company/organisation and encourage them to click on a link that will take them to their company’s Disease Management Policy.  Clicking on the link will, in fact, download malicious software that can provide a way into the company network.

– As reported by Mimecast, using the promise of a tax refund for coronavirus, directing the target to click on a link to input all their financial and tax information and with the lure of gaining access to (bogus) funds.

– Asking for donations for a fake campaign to fund the fast development of a Covid-19 vaccine.  In this scam, the victim is directed to a bitcoin payment page.

– As reported by Proofpoint, an email purporting to be from the World Health Organization (WHO) that offers a fake document with information about preventing the spread of coronavirus, where clicking on the link actually leads to the downloading of keylogging software (criminals can track your keystrokes to uncover passwords).

– Emails that exploit feelings of panic, such as an email that claims that Covid-19 has become airborne and asks the target to click on a link to a fake Microsoft login page.

Spotting Phishing Emails

Many phishing emails have giveaways that you can spot if you know what you’re looking for.  Examples of ways in which you can identify a phishing email include:

– Online requests for personal and financial information e.g. from government agencies are very unlikely to be sent by email from legitimate sources.

– Beware of generic greetings. Scammers are less likely to use your name to personalise the email greeting and title.

– Mistakes in spelling and grammar can be signs of scam emails.

– Check the email address by hovering your mouse (without clicking!) over the link in the email. This can quickly reveal if the email is genuine.

– Beware of heavy emotional appeals that urge you to act immediately.  These are signs of scam emails that hope to bypass your reasoning and tap into an emotional response.

What Does This Mean For Your Business?

Scammers often use phishing emails when there is/has been a recent crisis, when there’s been fraud/cybercrime that’s affected lots of people, or on other such events to take advantage of those who are looking for help and answers.  Scammers know that where emotions are strong and where they can tap into that by offering relief from negative feelings and by saying what people want to hear, they are more likely to achieve their aims.

In the case of coronavirus, although companies and organisations are issuing statements related to it, the best advice is to simply check the information that is given out through trusted, official sites such as the NHS https://www.nhs.uk/conditions/coronavirus-covid-19/, the World Health Organisation https://www.who.int/health-topics/coronavirus, and via trusted TV and radio stations.

Crisis or not, always exercise caution when you receive emails from unknown or unusual sources and remember that government agencies and financial institutions don’t send out emails asking for personal and financial information.

Companies also need to alert employees, many of whom may soon be working from home and may have a reduced ability to quickly ask the boss or manager about certain emails, to the threat of phishing emails with a Covid-19 theme and to the threat of social engineering attacks that could take advantage of a physically divided and reduced workforce.

Billions Of Devices At Risk Due To Wi-Fi Chip Vulnerability

A security threat to devices, Wi-Fi access points (APs), and routers that comes from the Kr00k Wi-Fi chip vulnerability could affect billions according to security researchers.

Kr00k

The existence of Kr00k, also known by the catchy name of CVE-2019-15126 was made public at the recent RSA Conference in San Francisco and its discovery was attributed to ESET security researchers Miloš Cermák, Robert Lipovský and Štefan Svorencík.

Broadcom and Cypress Chips

According to the researchers, the Kr00k vulnerability is present in Wi-Fi chips manufactured by Broadcom and Cypress.  These chips are present in billions of devices and, prior to patches being developed and released already by many major manufacturers, the kinds of devices that were at risk included home smart speakers (Amazon Echo), Kindles, smartphones (Apple iPhone and Samsung Galaxy), the Raspberry Pi 3 and many Wi-Fi routers and access points that have Broadcom chips.

What Could Happen?

The Kr00k vulnerability could allow attackers to decrypt Wi-Fi traffic, thereby gaining access to data. Kr00k can do this by forcing an extended dissociation period in Wi-Fi devices, which is the temporary disconnection that occurs when a device moves between access points or when there is a low signal. In this period, Kr00k resets the encryption key used to secure packets to an all-zero value, giving the attackers access to your data.

This kind of attack, however, may not be as easy as it sounds because attackers would need to be within close range of their target’s Wi-Fi network.

Related to Krack

Some security commentators have noted that Kr00k is related to Krack, discovered in 2017, a vulnerability that was also a threat to devices that connected using Wi-Fi and required attackers to be in close proximity to the Wi-Fi network.  Krack was found to be a vulnerability in the Wi-Fi Protected Access 2 (WPA2) protocol.

What Does This Mean For Your Business?

The security researchers who discovered Kr00k shared their findings with the relevant manufacturers early-on which meant that the major manufacturers were able to quickly develop and release patches, thereby significantly reducing the scale of the threat posed by Kr00k.  Also, the need for attackers to be in close proximity to a Wi-Fi network to exploit the vulnerability is unlikely to be particularly attractive to many cybercriminals who prefer methods that allow maximum financial gain with minimum effort and that position them a long distance from their targets in a way that cannot be traced back to them.

Additionally, in this case, even though it is technically possible for attackers to use the dissociation period to decrypt Wi-Fi traffic, the data that they would be intending to steal is subject to being additionally encrypted by TLS thanks to HTTPS.

Dentist’s Legal Challenges To Anonymity of Negative Google Reviewer

ABC News in Australia has reported how a Melbourne dentist has convinced a Federal Court Judge to order tech giant Google to produce identifying information about a person who posted a damaging negative review about the dentist on Google’s platform.

What Happened?

The dentist, Dr Matthew Kabbabe, alleges that a reviewer’s comment posted on Google approximately three months ago advised others to “stay away” from his practice and that it damaged his teeth-whitening business and had a knock-on negative impact on his life.

Even though Google provides a platform to allow reviews to be posted in order to benefit businesses (if reviews are good), perhaps encourage and guide businesses to give good service, and to help Google users to decide whether to use a service, the comment was the only bad one on a page of five-star reviews. In addition to the possibly defamatory nature of the comment, Dr Kabbabe’s objection to the anonymity that Google offers comment posters, and that it could, as such be, something posted by a competitor or disgruntled ex-employee to damage his (or any other business) drove him to take the matter to the Federal Court after, it has been reported, his requests to Google to take the comment down were unsuccessful.

Landmark Ruling

Not only did Federal Court Judge Justice Bernard Murphy request that Google divulge identifying information about the comment poster, listed only a “CBsm 23″ (name, phone number, IP addresses, location metadata), but also the tech giant has been ordered to provide any other Google accounts (name and email addresses)  which are from the same IP address during the period of time in question.

Can Reply

Reviews posted on Google can be replied to by businesses as long as the replies comply with Google’s guidelines.

Dealing with some apparently unfair customer comments online is becoming more common for many businesses.  For example, hotels and restaurants have long struggled with how to respond to potentially damaging criticism left by customers on TripAdvisor. Recently, the owner of the Oriel Daniel Tearoom in Llangefni, Anglesey made the news when they responded to negative comments with brutal responses and threats of lifetime bans.

What Does This Mean For Your Business?

For the most part, potential customers are likely to be able to take a balanced view of comments that they read when finding out more about a business, but the fact that a Federal judge ruled in favour of not allowing those who have posted potentially damaging comments to hide behind online anonymity means that there may well be an argument for platforms to amend rules to try to redress the balance more in the favour of businesses.  It does seem unfair that, as in the case of the dentist, where the overwhelming majority of comments have been good, an individual, who may be a competitor or person with an axe to grind is allowed to anonymously and publicly publish damaging comments, whether justified or not, for a global audience to see and with no need to prove their allegations – something that would be subject to legal scrutiny in the offline world.  It will be interesting to see Google’s response to this ground-breaking ruling.

Worries About Huawei Persist

Security fears about Huawei products being used in the new 5G networks are still being expressed by the Trump administration, while Google has clarified its position on the matter.

What’s So Bad About Huawei?

Back in July 2018,  espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. (the so-called ‘Five-Eyes’), agreed at a meeting in July this year to try to contain the global growth of Chinese telecoms company Huawei (the world’s biggest producer of telecoms equipment) because of the threat that it could be using its phone network equipment to spy for China.  This led to the US, Australia and New Zealand barring Huawei Technologies Ltd. (with Japan more or less joining the ban) as a supplier for fifth-generation networks.

At the time, the Trump administration drew attention to the matter when Meng Wanzhou, the chief financial officer of Huawei, was detained in Vancouver at the request of U.S. authorities for violating US sanctions on Iran.

Since then, other countries have joined the ban and other allegations have been made against Huawei e.g. the US Department of Justice (DOJ) charged Huawei with bank fraud and stealing trade secrets back in January 2019.

What About The UK

As for the UK government, it will allow Huawei equipment to be used in the country’s 5G network, but not in core network functions or critical national infrastructure, and not in nuclear and military sites.  This has led to White House chief of staff Mick Mulvaney visiting just last week to help dissuade the UK from using Huawei’s products in phone networks.

Latest Warning From the US

The latest warning about Huawei products from the US has been voiced by Robert Strayer, who is the US deputy assistant secretary for cyber and communications. Mr Strayer, who is on a tour of Europe this week, warned that allowing Huawei to provide key aspects of the 5G network infrastructure could allow China to undermine it and to have access to “sensitive data”.  Mr Strayer piled on the pressure by warning that if the UK adopts Huawei as a 5G technology vendor it could threaten aspects of intelligence sharing between the US and UK.

Google Clarifies

As a US company, tech giant Google has been banned by the Trump administration since May 2019 from working with Huawei which last year led to Google confirming (via blog post) that it wouldn’t be working with Huawei on new device models or providing any Google apps (Gmail, Maps, YouTube, Play Store) for preload or download on Huawei devices.

In the light of more recent allegations and warnings about Huawei, Google has chosen to clarify its position in an article on its support pages (find it here https://support.google.com/android/thread/29434011?hl=en).  The article states that “To protect user data privacy, security, and safeguard the overall experience, the Google Play Store, Google Play Protect, and Google’s core apps (including Gmail, YouTube, Maps, and others) are only available on Play Protect certified devices”.

Google says in the article that sideloaded Google apps will not work reliably on Huawei devices.  Sideloaded apps are those which haven’t been through a certification process to appear in the Store and to run on a Windows device.  The fear is that sideloading apps could mean that apps could be installed which appear to be genuine and normal, but which may have been altered or tampered with in ways that could compromise user security.

What Does This Mean For Your Business?

The Trump administration in the US is keeping the pressure on as regards discouraging countries with which it has security and defence connections, and leverage as an ally or friend with to avoid installing Huawei products in networks, particularly in critical parts.  Clearly, a Republican administration (and in this case, and apparently inward-looking one championing US companies) in a country which has traditionally seen communist China as a threat is likely to be at least suspicious of Huawei products.  It is of course, unknown exactly what evidence exists to support the idea, and it should also be remembered that it is not long since President Trump launched a trade war with China, and may also be additionally conscious of spying issues from foreign powers after the allegations of Russian influence possibly influencing his own election as president.

For US, European, and other trusted tech network product companies from elsewhere, less for Huawei could mean more for them, and the rub-off bad publicity for Huawei also seems to have negatively affected Huawei’s sales of phone handsets, which has meant that US, Japanese and other phone suppliers have picked up more phone business.

In the run-up to next US presidential election, and with UK looking for trade deals outside the EU, it is likely that the US will continue to try and bring the UK and other countries round to its way of thinking about Huawei.

‘Runet’ Test – Russia Unplugs Itself From The Internet

A little later than its original planned date of April 1st 2019, a recent test-run has seen Russia successfully ‘unplug’ itself from the Internet and prove that it can create its own state-controlled Intranet.

Successfully Creating The ‘Runet’

The test, which was first announced back in February last year, is reported to have gone ahead without users noticing much difference and created what is effectively a giant, fully isolatable domestic intranet which has been dubbed the ‘Runet’.

Why?

Officially, the test to be able to pull up the drawbridge on the wider global internet is to ensure compliance with Russia’s new law called the Digital Economy National Program which came into force in November 2019.  This will require Russia’s ISPs to show that they can operate in the event of any foreign powers acting to isolate the country online with a “targeted large-scale external influence” i.e. a cyber-attack. For (state-owned) ISP’s, this will mean having to install deep packet inspection (DPI) network equipment which will allow Russia’s telecoms watchdog ‘Roskomnadzor’ to be able to identify traffic sources, filter content, and block certain sites. It has also been reported that, as part of the project to create and run the Runet, Russia is working on creating its own Internet address books.

Another official explanation for the value of the test to create the Runet is that it helped to show any vulnerabilities in the growing ‘Internet of Things’ (IoT).

Control

Although this is the official explanation, some western commentators see this as a move towards tighter control and authoritarian rule in a way that is similar to some other countries.  For example, China, which operates its own Great Firewall of China (GFW) for Internet censorship to block access to many foreign websites and to slow down and monitor cross-border internet traffic. Also, Iran operates its own National Information Network, run by the state-owned Telecommunication Company of Iran, which controls access to the web and polices content.

Difficult To Circumvent

Those thinking of circumventing the Runet and other censorship are likely to find it difficult as virtual private networks (VPNs) will not work with the Runet in place and many commentators think that it is likely that the Kremlin will try to stop access to end-to-end encrypted apps e.g. Telegram or WhatsApp.

Interfering

It is likely that one good reason for Russia to be able to cut itself off from the wider Internet is to protect itself from cyber threats in what now appears to be an ongoing war of interference, misinformation, and cyber-attacks between many states.  For example, Russia was shown to have interfered with the last U.S. presidential election and has itself been the subject of large-scale cyber-attacks. That said, the Chinese recently accused the U.S. of conducting “large-scale, organised and indiscriminate cyber theft” after it was revealed that since the 1970s, America’s CIA has been monitoring hundreds of countries via the Swiss cryptography firm Crypto AG.

What Does This Mean For Your Business?

For the Russian government, being able to exert tight control and conduct censorship on this scale, and to operate through a small number of state-owned suppliers not only guards against misinformation and cyber threats but also gives the government the opportunity to wield immense political power over its people. The move is, obviously, being greeted with suspicion and criticism from the west, with concern about the rights of Russian citizens.

Also, for non-Russian companies hoping to do business there, an inward-looking, state-controlled Intranet that favours Russian companies, particularly with tech and communications products and services would make trade there very difficult. Many western commentators are now worried that Russia may be going the same way as China in terms of censorship and access to the world by digital means.

Growth in Threats To Apple Compared To Windows Machines

In a trend that appears contrary to popular perceptions, the latest Malwarebytes (annual) State of malware report has revealed that the growth in attacks on Apple endpoints is outpacing the threats targeting Windows machines.

11 Threats Per Mac Endpoint

The report shows Mac threats were up (2019) four-fold year on year with 11 threats per Mac endpoint on average for Apple compared with only 5.8 threats per Windows endpoint.  An ‘endpoint’ refers to an Internet-capable computer hardware device on a TCP/IP network e.g. desktop computers, laptops, smartphones, tablets, printers etc.

Why?

It is likely that the growth in the average number of threats to Apple machines isn’t just down to the fact that there are now more Apple users, but also because Apple may not be taking enough measures that are tough enough to tackle adware and pups (potentially unwanted programmes) compared to efforts made to tackle more traditional malware.

Kaspersky Figures

Figures from Kaspersky this month also show increasing dangers for Mac users as it reports that two years on from its detection, Shlayer Trojan malware attacks one in ten macOS users, and it accounts for almost 30% of all detections for the macOS.

Criminals More Creative and Persistent

As well as the increasing danger for Mac users, in the report, Malwarebytes CEO Marcin Kleczynski highlights how adware, pre-installed malware and multi-vector attacks all show how cybercriminals appear to be heading in a direction where they are “more creative and increasingly persistent with their campaigns”.

Even though threats to Apple endpoints are growing at a faster rate, it is still Windows and Android devices that face the most threats from annoying and hard to uninstall adware and malware (including ransomware).

Business-Focused

The report highlighted the 13 per cent rise in global business threats last year, and how Trojan-turned-botnets Emotet and TrickBot have been targeting businesses and organisations with ransomware new families, like Ryuk, Sodinokibi and Phobos. Also, businesses are facing new risks from hack tools and registry key disablers.

What Does This Mean For Your Business?

As pointed out in the report, those in the online security industry are having to work hard to protect users and businesses from programs that violate user privacy, infect devices, or turn their own infrastructure against them. Businesses and organisations, whether they use Apple or Microsoft Operating Systems need to be acutely aware of (and make sure they are protected against) the threats outlined in the report (malware, ransomware, adware, credit card skimmers and skimmer scripts), as well as phishing and the increasing use of social engineering in attacks.

Mac users may want to check the advice on Apple’s website about features (found in System Preferences) that help protect Macs and the personal information of users from malicious software/malware e.g. protection from malware embedded in harmless-looking apps.  See: https://support.apple.com/en-gb/guide/mac-help/mh40596/mac

Also, Apple advises that MacOS users should exercise caution when accessing scripts, web archives and Java archives, which all pose potential threats.

Featured Article – Innovations/Gamechangers to Expect in 2020

This is the time of year for looking ahead to how technology could be affecting and hopefully, enhancing our lives over the coming year and here is a selection of just some of the possible game-changing technological innovations that could be making an impact in 2020.

5G Technologies

Technology and communications commentators are saying that 5G’s increased bandwidth and speed, along with other benefits could start to improve file sharing and other communication capabilities for businesses this year (in the geographical areas where it’s deployed).

Quantum Technologies

Back in October, we heard about the paper, published in the journal Nature, that told how scientists may have reached quantum supremacy, whereby a quantum computer can now to do something significant that a classical computer can’t.  With Google’s Sycamore chip (54-qubit processor), an algorithm output that would take 10,000 years using a classical computer only took 200 seconds, and heralded greater potentially game-changing developments this year and beyond. With results from computing power of this kind, many hitherto extremely challenging problems could be solved quickly across a range of industries, and this is likely to attract much more investment in Quantum technologies in 2020.

AI and Health

The possibilities for AI are still being explored, but thanks to start-ups like Imagen which builds AI software for the medical field e.g. OsteoDetect which uses algorithms to scan X-ray images for common wrist bone fractures, and AI software developed by Good Health researchers (in conjunction with other key partners) which has proven to be more accurate at detecting and diagnosing breast cancer than expert human radiologists, AI could be finding more positive ways to impact upon healthcare in 2020 and beyond.

Although AI has promise in so many areas, including health, one of the predicted downsides of AI developments for workers is that the automation that it brings could really start to replace many more human jobs in 2020.

Neural Interfaces

There are many predictions of how commercial applications of neural interfaces may bridge the gap between humans and computers, perhaps allowing people to think instructions to computers.  One of the key challenges is, of course, that neural communications are both chemical and electrical, but this didn’t stop head of SpaceX and Tesla, Elon Musk, announcing in July last year that brain implants (‘Neuralink’) that can link directly to devices could be a reality within a year i.e. by the end of 2020.  It remains to be seen, however, how much progress is made this year, but the idea that a near-instantaneous, wireless communication between brain and computer via an implant is that human brains could be offered a kind of ‘upgrade’ to enable them to keep up with and compete with AI.

Electric Vehicle Explosion

The many technologies (and government subsidies in some countries) that have led to a commitment by big car manufacturers to the production of electric vehicles mean that sales are predicted to rise 35 per cent in the first nine months of 2020.  More electric cars being produced and purchased in developed countries could herald game-changing results e.g. lessening the negative environmental impact of cars.

One other innovation that could help boost the growth of electric cars is a breakthrough in battery technology, such as that announced by Tesla’s head of battery research and university academic Jeff Danh, who has published a paper about a battery that could last a million miles without losing capacity.

Display Screen Technology

Advances in technologies used for display-screen e.g. for phones are likely to prove game-changers in their industries. With new screens becoming ultra-thin LEDs and, therefore, able to be added as computational surfaces to many different surfaces and objects e.g. walls and mirrors, and with advances like foldable screens e.g. Microsoft’s Surface Neo, our environment and communications tools could see some real changes in 2020.

Translation

Technology for mobile devices, AI, and language have converged to create translation apps such as Google’s interpreter mode real-time translator that’s just been rolled out for Assistant-enabled Android and iOS phones worldwide.  Having a reliable tool to hand that enables back and forth conversation with someone speaking a foreign language (and is loaded with 44 languages) could be a game-changer for business and personal travel in 2020.

Augmented Reality

Several tech commentators are predicting (perhaps optimistically) that 2020 could be the year that reliable Augmented Reality glasses find their way onto the market e.g. perhaps from Apple and could see large-scale adoption.

Looking Ahead

2020, therefore, holds a great deal of promise in terms of how different existing and some new technologies and developments combined in new products and services could become game-changers that drive positive benefits for businesses and individual users alike.

Business Leaders Lack Vital Digital Skills Says OU Survey

The Open University’s new ‘Leading in a Digital Age’ report highlights a link between improved business performance and leaders who are equipped, through technology training, to manage digital change.

Investing In Digital Skills Training

The latest version of the annual report, which bases its findings on a survey of 950 CTOs and senior leaders within UK organisations concludes that leaders who invested in digital skills training are experiencing improved productivity (56 per cent), greater employee engagement (55 per cent), enhanced agility, and vitally, increased profit.

The flipside, highlighted in the same survey, is that almost half (47 per cent) of those business leaders surveyed thought they lacked the tech skills to manage in the digital age, and more than three-quarters of them acknowledge that they could benefit from more digital training.

Key Point

The key point revealed by the OU survey and report is that the development of digital skills in businesses are led from the top and that those businesses that invest in learning and development of digital skills are likely to be more able to take advantage of opportunities in what could now be described as a ‘digital age’.

Skills Shortages

The report acknowledges the digital skills shortages that UK businesses and organisations face (63 per cent of senior business leaders report a skills shortage for their organisation) and the report identifies a regional divide in those companies reporting skills shortages – more employers in the South and particularly the South West are finding that skills are in short supply and reporting that recruitment for digital roles takes longer.

One likely contributing factor to some geographical/regional divides in skills shortages and difficulty in recruiting for tech roles in those areas may be the spending, per area, on addressing those skills shortages.  For example, London is reported to have spent (in 2019) £1.4 billion (the equivalent of £30,470 per organisation), while the North East spent the least (£172.2 million), and South East spent only £10,260 per organisation.

Factors Affecting The Skills Shortage

The OU report identifies several key factors that appear to be affecting the skills shortage and the investment that may be needed to address those skills shortages. These include the uncertainty over Brexit, increased competition, an ageing population, the speed and scope of the current ‘digital revolution’, and a lack of diversity.

What Does This Mean For Your Business?

Bearing in mind that the OU, whose survey and report this was, is a supplier of skills training, the report, nonetheless, makes some relevant and important points.  For many businesses, for example, managers and owners are most likely to the be the ones with the most integrated picture of the business and its aims, and if they had better digital skills and awareness they may be more likely to identify opportunities, and more likely to promote and invest in digital skills training within their organisation that could be integral to their organisation being able to take advantage of those opportunities.

The tech skills shortage in the UK is, unfortunately, not new and is not down to just businesses alone to solve the skills gap challenge. The government, the education system and businesses need to find ways to work together to develop a base of digital skills in the UK population and to make sure that the whole tech ecosystem finds effective ways to address the skills gap and keep the UK’s tech industries and business attractive and competitive.  As highlighted in the OU report, apprenticeships may be one more integrated way to help bridge skills shortages.