Monthly Archives: March 2015

The Internet Has Been a Colossal Economic Disappointment

image

The Internet is one of humanity’s greatest technical advances. Yet compared to great technological inventions of the past, it is also a colossal economic disappointment.

I’m talking about jobs.

Yes, young programmers are getting jobs straight out of college at salaries in the six figures. But I’m referring to jobs in a deep and sustaining sense – employment well beyond the “1 percent.”

For all its economic virtues, the Internet has been long on job displacement and short on job creation. As a result, it is playing a central role in wage stagnation and the decline of the middle class.

Sure, the Internet has created new applications and great companies – Google, Facebook, Amazon, Twitter, and the all-important cloud. But many of the largest Internet companies have for the most part taken revenue from existing companies without growing the total economy.

The technologies of the past had massive new job creation effects that swamped displacement effects. The Internet on the other hand has massive displacement effects that are overwhelming the job creation effects. In the past, new technological achievements created new industries that not only absorbed the displaced workers but generated opportunities for many more. The result was a vibrant middle class.

Consider the integrated circuit, which first appeared on the market in 1961. At that time, the worldwide electronics market was $29 billion. Today it is on the order of $1.5 trillion. The integrated circuit made existing products better. For example, vacuum tube mainframe computers were replaced by computers based on integrated circuits. The new machines were less expensive, far faster, more reliable, substantially smaller, and much more energy efficient. As a result the mainframe computer business expanded rapidly. IBM’s revenue increased from less than $2 billion in 1960 to over $26 billion in 1980. The integrated circuit also spawned new industries and applications that never existed before – cellular communications, PCs, tablets, and the Internet of Things.

The story of the internal combustion engine is even more dramatic. Not only did it create the automotive industry, but Henry Ford shocked the industrial world when he doubled the pay of assembly line workers to $5 a day. Ford reasoned that a higher paid workforce would be able to buy more cars and thus would grow his business. Others followed suit. Ford’s action helped to create the middle class.

Automotive companies also created a large demand for other products and services that employed millions more – steel, coal to make the steel, glass, machine tools, auto dealers and dealerships, gas stations, oil fields, mechanics, bridges, roads, construction equipment, etc. Automobiles created suburbia and the home construction boom that followed. They made a new form of retail distribution possible-the shopping center. The workers in new jobs purchased homes, appliances, and clothes creating still more jobs. During the 20th Century, the industrialized world enjoyed the fruits of what economists call the virtuous circle.

To date the Internet has been much more effective at eliminating jobs than creating new ones. Exhibit A: Online retailing has directly replaced many jobs and indirectly eliminated many more. Amazon’s extremely efficient distribution system replaces retail stores and their employees. Their warehouses use robots instead of workers.

Those are the direct effects. The indirect effects are the disappearing need for retail space, along with workers who build the stores and maintain them, as well as companies that supply retail establishments with furnishings.

The Internet has made shopping more efficient and created more competition that has driven down consumer prices. But it has had little or no effect on per capita sales. Monthly retail sales adjusted for both inflation and population growth are below where they were prior to the 2008 recession – $165 versus $168 billion – and have increased by less than 10% in the last 15 years or about 0.6% per year. Meanwhile, employment in the retail and wholesale trade has dropped from about 21.2 million in 2000 to 19.9 million in 2010.

Those highly paid young coders are a select few. They are also a symptom of something more insidious: The Internet is so efficient that it can create large income companies with few employees.

The reason Google, Facebook, and Twitter can pay them such large salaries is that the Internet companies is so efficient they can generate high revenues with few employees.

In 2013, Google had around 50,000 employees and generated revenues of around $55 billion in sales or about $1.0 million per employee. The numbers are similar for Facebook. Amazon was running at an $74 billion revenue rate and had around 110,000 employees or a little over $670,000 in sales per employee.

In the United States, each non-farm worker adds a little over $120,000 to the domestic output. That means that highly productive Internet companies must create five to ten times the dollars in sales to justify hiring an employee as the average company of the past did.

The prevailing economic wisdom is that new technologies will create new opportunities that will offset the effects of displacement. We continually use the experiences of the past to support our hopes about the future. But the experiences of the past took place in the physical world. Our future will be increasingly played out in a virtual one.

Given that the Internet isn’t turning out to be the job creation engine of the future we all hoped for, we had better get to work on searching for and implementing policies that will offset the Internet’s displacement effects.

To start with those policies must be implemented with the Internet’s efficiency in mind. Raising the minimum wage, for instance, plays straight into the hands of the Internet efficiency engine. Raising the minimum wage will just drive employers to use machines to replace people. An earned income tax credit is a better approach. Low paid workers get the benefit of transfer payments and employers who will not pay hirer wages will feel less pressure to automate.

Investing in infrastructure is an excellent way to create jobs but such infrastructure should be compatible with an increasingly virtual world. Yes we should fix the roads but as more and more people work from home, as more and more of what we purchase gets delivered to our doorstep, as more and more of us go out to the movies in our living rooms, and as highway congestion grows, the chances are that more and more of us will use our cars less.

Millennials are the harbingers of this new trend. The numbers of cars purchased by people 18 to 34 years old has fallen by almost 30%. Millennials are opting to spend their money on high tech things like tablets, smart phones, and high bandwidth access.

For a millennial, the infrastructure of the future will be higher bandwidth interconnections and public transportation that will take the place of his car.

Actions like these will chip away at the problem. The challenge will be to find enough to them to offset the effects of the most powerful efficiency engine the world has ever known.

HBR

Advertisements

Sinhala and Tamil new year celebrations 2015 Los Angeles, California

image

No Indian in ICC’s World Cup XI led by McCullum

image

DUBAI: Not a single Indian cricketer found a place in the ICC’s World Cup XI which was dominated by runners-up New Zealand rather than champions Australia with Black Caps skipper Brendon McCullum as its captain.

The ICC team features five New Zealanders, including McCullum, despite their seven-wicket loss to Australia in the summit clash on Sunday. India, the defending champions, had bowed out after a semifinal loss to Australia.

“McCullum was chosen as the captain following his aggressive, innovative and inspirational leadership during the 44-day tournament that was the cornerstone of his team’s progression to the final where it lost to Australia by seven wickets,” the ICC said in a statement.

McCullum also scored 328 runs in nine matches with four half-centuries at a strike-rate of 188.50.

The team was chosen by a select group of experts who were given the task of picking a balanced side on the basis of performances in the tournament. Statistics were used but were not the sole basis for selections.

image

In addition to McCullum, the side includes four New Zealanders — Corey Anderson, Trent Boult, Martin Guptill, Daniel Vettori — three Australians in Glenn Maxwell, Steven Smith and Mitchell Starc, two South Africans (AB de Villiers and Morne Morkel), with Sri Lanka’s Kumar Sangakkara as wicketkeeper-batsman.

Zimbabwe’s Brendan Taylor, who finished with 433 runs in six matches, was named as the 12th man.

ICC general manager (Cricket), Geoff Allardice, who chaired the panel, said Indian pacers Umesh Yadav and Mohammad Shami along with off-spinner R Ashwin were in the running.

“The panel had an extremely difficult choice of selecting a 12-member squad at the back of an outstanding tournament, highlighted by some eye-catching individual performances including two double-centuries, 38 centuries, two hat-tricks and 28 four-wicket hauls,” he said.

“There were a number of other players that were discussed as possible selections in the team. These included batsmen Mahmudullah (Bangladesh) and Shaiman Anwar (UAE), fast bowlers Umesh Yadav, Mohammad Shami (both India), Wahab Riaz (Pakistan) and spinners Imran Tahir (South Africa) and R Ashwin (India),” added Allardice.

“But there were so many brilliant individual performances during the tournament that it was not possible to fit them into the team. The panel eventually came up with this side, which, in their view, was the most balanced outfit that is capable of beating any side on any given day.”

Team of the ICC Cricket World Cup 2015 in batting order: Martin Guptill (New Zealand), Brendon McCullum (New Zealand, captain), Kumar Sangakkara (Sri Lanka, wicketkeeper), Steven Smith (Australia), AB de Villiers (South Africa), Glenn Maxwell (Australia), Corey Anderson (New Zealand), Daniel Vettori (New Zealand), Mitchell Starc (Australia), Trent Boult (New Zealand), Morne Morkel (South Africa), Brendan Taylor (Zimbabwe, 12th man).

World Cup 2015: This was closest to a fairytale in sport, says Clarke

image

MELBOURNE: Having guided his team to World Cup triumph with a pivotal innings, Australian captain Michael Clarke on Sunday described his last day in ODI cricket as nothing short of a fairytale.

Australia rode on Clarke’s 72-ball 74 to outplay New Zealand by seven wickets and bag their fifth 50-over World Cup title in front of a record 93,000 MCG crowd.

Asked about how it felt to retire on such a high, Clarke said, “Look, I have said it yesterday that I thought it was the right time. Now I know it’s the right time. I think obviously there’s no such thing as fairytales in sport, but that’s probably as close as it gets for me.

“Not only to win a World Cup but to win in front of your home fans. I think the boys soaked that up from day one and loved every minute of it,” Clarke said at the post match-presentation ceremony.

“I said after our semifinal that mentally we were ready for this final. I think we showed that today. The whole squad deserves a lot of credit. Every single player has played a big part in us having success and we’ve worked really hard.

“I think even today, once we bowled New Zealand out, six or seven of the guys went to the nets for a hit in the lead-up to our batting innings just to make sure they were as well prepared as they could be and be ready to chase those 180 runs,” Clarke was all praise for the intensity showed by boys.

The Phillip Hughes death and the subsequent turn of events had affected Clarke emotionally and he admitted it once again that it was difficult to comeback after such a tragedy.

“You know, I think through the whole World Cup, I made it very clear that it was going to be skill, not emotion that won us the World Cup, and I think a lot of the things I’ve said in press conferences have actually been for myself.

I’m saying it out loud so I can hear it myself, and I think that’s probably one of the main things I’ve been saying, skill over emotion will win the World Cup for us, and I think I’ve needed to hear that, as well. I’ve needed to say it out loud because it has been emotional, there’s no doubt about it,” he said.

“To fight my backside off and work as hard as I possibly have to get back into the team, number one, after surgery, and then I guess to deal with what we’ve all dealt with over the last few months and to win a World Cup in front of your home fans, it’s taken amazing discipline from all the players, a lot of hard work, and it’s a fitting reward, like I say, for the pain everyone has gone through.”

Clarke said that he is in regular contact with Hughes’ mother and sister and would wear the black armband for the rest of my career.

“I think Hughesy is thought about and spoken about on a daily basis. I think probably the last couple of months for me personally, it’s probably been harder than when he first passed away. I’ve been in regular contact with his sister and his family. And I know they would have been watching tonight. I guess that’s what makes it so special, that we are still thinking about him.

“We are still talking about him, and we always will. Like I say, I won’t play another game, I certainly won’t play a Test match without his Test number on my hat, and I’ll wear this black armband for the rest of my career. You know, we’ve spoken about it as a team. We believe we played this World Cup with 16 players in our squad, and that will continue for the rest of my career, that’s for sure.”

The skipper said that he will introspect about his future in T20 leagues after taking a break.

“I haven’t thought too much about it (T20 leagues), to be honest. I spoke at the start of the World Cup when there was some talk about the Melbourne Stars and I said I was really concentrating on — I wanted to concentrate on this World Cup and nothing has changed. I think now that the World Cup is over, I’ve had some time to have a think about what I want to do there. I’m still really excited about Test cricket, and then I’ll have a think about the T20 format moving forward.

“Yeah, I don’t want to rush away from this feeling right now and this moment. I want to enjoy over the next few days, I want to enjoy what we’ve achieved as a team. I want to enjoy what I’ve achieved as a One Day cricketer for Australia, and then I’ll have a think about things and assess then.”

Someone, who has always rated Test cricket as the pinnacle of the game, it was no wonder that he termed his Test century against India at Adelaide (last December) as the proudest moment of his career.”

When someone asked as to why he chose yesterday to announce his retirement and not after the match, Clarke said, “Because I think tomorrow’s press is going to be about the team, and if I announce it tonight, then tomorrow’s press wouldn’t have been about the team.

“I’ve probably taken one day of media rather than a week of it. I’m hoping the next week is full of positive things about every single player in that change room and what they’ve achieved in this tournament. But you guys will dictate that.”

Clarke dedicates victory to Hughes

image

Captain Michael Clarke dedicated Australia’s fifth World Cup title to his former team-mate Phillip Hughes.

Batsman Hughes died at the age of 25 after being struck on the neck by a bouncer in Sydney in November.

“I’m sure everybody on this stage will say we played this World Cup with 16 players,” said Clarke after his team’s seven-wicket win over New Zealand.

“Hughesy used to party as good as any of them so I guarantee we’ll celebrate hard tonight.”

After Australia bowled out New Zealand for 183, Clarke led from the front with 74 as the hosts knocked off the runs in 33.1 overs at a packed Melbourne Cricket Ground.

image

Phillip Hughes played 26 Tests and 25 one-day internationals for Australia

Clarke, who read a moving eulogy at Hughes’s funeral, batted with a black armband carrying the player’s initials in his final one-day international,

“As you can see it’s got PH on it. I’ll wear it every game I play for Australia,” added Clarke.

“I think for everybody in Australian cricket it’s been really tough few months. Tonight is certainly dedicated to our little brother and our team-mate Phillip Hughes.”

Australia captain Michael Clarke fights back tears at Phillip Hughes’s funeral

Paceman Mitchell Starc set the tone for a blistering bowling performance in the first over of the match when he bowled opposing captain Brendon McCullum.

Mitchell Johnson and James Faulkner weighed in with three wickets apiece as the Kiwis were bowled out in 45 overs.

David Warner cracked 45 at the top of the Aussie order before Clarke and Steve Smith (56 not out) steered the them to a comfortable win to the delight of a record 93,000 crowd.

“We’re really proud, it’s a wonderful achievement,” added Clarke.

“It’s a great thing just to make a World Cup final, but to be able to win in your own back yard in front of your family and friends is extremely special and I guarantee we’ll celebrate hard tonight.”

Co-hosts New Zealand were competing in their first final but had won all eight of their matches to reach the showpiece.

“The New Zealand team deserve a lot of credit,” said Clarke. “They’re always a tough team to beat it seems in any sporting event. Australia v New Zealand is always an exciting contest and tonight was no different.”

On his future, Clarke added: “It’s been an honour and a privilege to represent my country in both Test and one-day cricket and Twenty20 cricket.

“The time is right for me to walk away from one-day cricket, but I’ll keep playing Test cricket.”

Australia crush NZ to win World Cup

image

By Stephan Shemilt BBC Sport in Melbourne

New Zealand 183 (45 overs): Elliott 83, Johnson 3-30, Faulkner 3-36

Australia 186-3 (33.1 overs): Clarke 74, Smith 56*

Australia win by 7 wickets

Australia overwhelmed New Zealand to win the World Cup for a fifth time at a packed Melbourne Cricket Ground.

New Zealand lost influential captain Brendon McCullum to the fifth ball of the match and were bowled out for 183.

Grant Elliott resisted with 83, while Mitchell Starc, Mitchell Johnson and James Faulkner shared eight wickets.

Australia rarely looked troubled, sealing a seven-wicket win in 33.1 overs, with captain Michael Clarke scoring 74 and Steve Smith 56 not out.

Full report to follow.

‘Ultimate game’ excites New Zealand skipper McCullum

image

MELBOURNE: New Zealand captain Brendon McCullum said he was excited, not intimidated, at the prospect of leading his country in their first World Cup final when they face old foes Australia at the gigantic Melbourne Cricket Ground on Sunday.

Australia, the top-ranked side in one-day international cricket, are bidding for a fifth World Cup title and will be considered favourites on home turf at the MCG where New Zealand last played an ODI in 2009.

But the Black Caps are the only unbeaten team in the tournament, having won eight games in a row.

One of those victories was against Australia in a low-scoring pool stage thriller in Auckland on February 28 when a Kane Williamson six off Pat Cummins helped them reach a modest target of 152 with one wicket standing.

“We are not intimidated, we are excited,” McCullum said Saturday. “This has been the greatest time of our lives. We dreamed right from the start and to reach the final is an amazing achievement.”

New Zealand crossed the semifinal hurdle for the first time in seven attempts to leave an enthralled rugby-mad nation backing their cricketers to take home cricket’s biggest global prize.

“We’ve had some tremendous support back home and also from around the world,” said McCullum. “The brand of cricket that we’ve played has really touched a lot of people and endeared ourselves to a lot of people who follow this game.

“Hopefully, if we play well we’ll be smiling at the end of the day and be able to look back on a fantastic campaign and something which would hopefully invigorate the game and New Zealand.”

McCullum said the expected full house of 90,000 at the MCG would see a keen contest between two evenly-matched teams.

“We will play well tomorrow,” he said. “It does not guarantee us anything and it does not mean that Australia won’t beat us. But we will turn up and display our skills just as we have done throughout the tournament.

“There is no challenge which is insurmountable with a lot of hard work, a lot of heart, a lot of belief and making sure that everyone’s heading in the same direction.

“We will play an aggressive brand of cricket with bat and ball. We will play with the humility which we’ve played with throughout this campaign.

“And hopefully the big fella upstairs shines on us when the pressure situations come into play.”

McCullum insisted that his team were not overawed by the prospect of playing at the famous amphitheatre, where New Zealand have won three of their last five matches against Australia.

“I guess this is the ultimate game for us,” he said. “A 100,000 people in Australia’s backyard, MCG and its history and traditions and against a very good Australian.

“I’m sure some guys will be nervous tomorrow morning. There is some excitement about us going out there tomorrow and putting our skills against the best in their backyard.

“That certainly whets the appetite and creates the greatest stage we can ask for. It is certainly going to be a special day.”

McCullum added he hoped his team could win the World Cup for 36-year-old Daniel Vettori, who is likely to end his international career after Sunday’s final even though the spinner has taken 15 wickets in the tournament.

“He is a tremendous ambassador for the game,” the captain said. “He’s given over half his life to this game and has been both an outstanding teammate and a very close friend. It will be nice to achieve the ultimate success for him.”

McCullum said he expected a keen battle against a country with whom New Zealand shared a “healthy rivalry.”

“We have seen some epic battles over the years and across codes as well, not just cricket and rugby,” he said.

“Tomorrow is no different. It’s a healthy rivalry which can continue well after our time. It’s one that we look forward to as well.”

F8 Conference: Facebook Messenger to allow third-party iOS app integration

image

Facebook has debuted its new Messenger Platform at the F8 Facebook Developer Conference. The feature will allow users to send content like GIFs, photos, audio clips, videos, and more from third-party apps within the Facebook Messenger for iOS.

Starting today iOS app developers will be able to build Facebook Messenger support into their apps, making them directly accessible from within the app. Facebook has already collaborated with 40 developers, so lots of apps with Messenger support are already available on Apple’s App Store, like Giphy (a GIF app), sticker apps, emoji apps, video apps, collage apps, and more. The social networking giant has also released its own apps for Messenger, such as Selfied, Stickered and Shout.

Apart from the Messenger Platform, the social network also unveiled a range of new services and tools. These include Messenger for Business, a Parse software development kit for the Internet of Things, 360-degree video support, embeddable videos, a new mobile app advertising analytics tool, and much more. CEO Mark Zukerberg also announced at the F8 Conference, that Messenger has now more than 600 million users globally.

Last week, Facebook announced the option to transfer funds between friends via Messenger. The new tools will make Messenger a one-stop shop for a broad set of functions and gives more rationale as to why Facebook made the messenger a stand-alone app in the first place, much to the chagrin, at the time, of millions of people.

FB

Gavaskar picks Australia as favourites against India

image

SYDNEY: Former captain Sunil Gavaskar on Wednesday tipped Australia as favourites to win Thursday’s high-voltage ICC Cricket World Cup 2015 semifinal against India but said Mahendra Singh Dhoni’s side can beat the hosts if they bat first and put up a big total.

“Australia are favourites because they have psychological advantage of having beaten India in all the matches the two sides have played in all formats in recent times. I understand that World Cup is a different ball game altogether but I still feel that Australia have got the advantage,” Gavaskar said.

“My heart says India but my mind says Australia are the favourites. If Australia bats first then India will struggle. India can win only in case they bat first and put up a big total, say 290-300,” he added.

Gavaskar played down the presence of retired leg-spin legend Shane Warne at Australian team net session at the SCG on Wednesday, saying India need not worry on that front.

“Indian team does not have a leg-spinner. Australians will not be facing a leg-spinner. R Ashwin and Ravindra Jadeja are completely different bowlers. So, that will not be too much of an issue,” he said.

The former Indian captain said that India will have to tackle both Steven Smith and Glenn Maxwell well if they want to win the semis.

“Finch, Warner and Watson have not been in best of form. But Steven Smith has been consistent and Maxwell is the guy India will have to watch out for,” Gavaskar said.

West Indies batting legend Brian Lara differed from Gavaskar and tipped India to win the semifinal as he said the conditions at the SCG would suit Dhoni’s men.

“SCG suits Indians more than anywhere else in Australia. A batting pitch and a bit of spin, that should suit the Indians. I will put my money for India. I hope my favourite player Virat Kohli comes out and score a century,” he said.

“Indian bowlers must be aggressive and attack in-form Steven Smith. Australia lacked a specialist fifth bowler and they struggled against Pakistan fast bowler Wahab Riaz. Indian batsmen should exploit their weakest bowler,” he added.

Former Australian captain Ian Chappell also said that India can win if they put up a big total and take a couple of early wickets but still tipped his country as the slight favourites.

“It’s like 50-50. But I think Australia are the slight favourites because they have more match-winners. In a big match, the team which has more match-winners has the advantage. If two or three players fail, some from remaining can still win matches,” he said.

“But, if India bats first and post a big total and Australia lose a couple of early wickets, then India has a chance to win,” he added.

See Your Company Through the Eyes of a Hacker

image

JP Morgan Chase. Target. Sony. Each has been part of the growing number of cyber-attacks against private companies around the world in recent years. In the latter two cases, CEOs were forced to resign in the wake of the breach. Attacks are growing more sophisticated and more damaging, targeting what companies value the most: their customer data, their intellectual property, and their reputations.

What these attacks – together with breaches to defense, law-enforcement, and military-contractor networks – reveal is that our cyber-security efforts over the last two decades have largely failed, and fixing this will require the attention not only of security officers and IT teams, but also of boards and CEOs.

Companies need to take a new approach. They can do so by looking at themselves through the eyes of their attackers. In the military this is called turning the map around. The point is to get inside the mind of the enemy, and to see the situation as they do, in order to anticipate and prepare for what’s to come.

Unfortunately, this mindset is still too rare. Despite spending billions of dollars every year on the latest security products and hiring the best security engineers and analysts, companies are more vulnerable than they’ve ever been. Two trends account for this: the rapid convergence of enterprise IT architectures, and the proliferation of increasingly sophisticated adversaries.

Changes in enterprise IT over the past decade mean that every company is now a technology company. By the end of the decade, there will be 50 billion devices connected to the Internet, complicating networks and generating petabytes of data. To add to that, the cloud revolution has finally dissolved perimeters – companies enjoying the benefits of infrastructure as a service must depend upon the security of networks and systems beyond their direct control.

As mobility, the Internet of Things, and the cloud change enterprises, adversaries are also becoming more sophisticated. States and state-sponsored entities spy on and attack private companies, often using military-grade tactics and capabilities. They do this within a system where offense enjoys a structural advantage over defense because attribution is difficult, deterrence is uncertain, and attackers need to succeed only once, but defenders must succeed always.

Most companies try to deal with this chaos by parsing signal from noise. They build walled castles around their most precious assets, but perimeters don’t matter when even the average college student owns seven IP-enabled devices. They rely on automated alerts to tell them when something malicious on their networks matches some previous bad event, but this approach overwhelms them with red flags while remaining blind to new and previously unknown threats.

There’s just too much noise to contend with. Security analysts, for example, may see a thousand incidents in a given day, but only have the time and resources to investigate a fraction of them. This is why hackers were able to exfiltrate over 40 million credit-card numbers from Target, despite the fact that a peripheral network device had detected the malware. It’s also the reason why Neiman Marcus was hacked after its system generated over 60-days’ worth of malware alerts. And this is why Sony was hacked after its IT team knew the company had been under attack for two years.

By turning the map around, executive teams can learn a great deal about their own companies, and better prepare for the inevitable attacks. This is how most companies look from an attacker’s perspective:

Their security is overwhelmingly focused on generic malware detection and protection against automated threats that aren’t being guided with precision.
They don’t have a full picture of what is on their networks, the cloud services they’re using, the applications running on those services, and the security postures of their supply chains and partners. Their IT and security teams are peripheral concerns, costs to be managed rather than centers of excellence that support the core business.

Overall, they are reactive, rather than proactive, in their approach to security.
Each bullet-point above is a weakness that attackers can exploit. This is why companies should learn from attackers in deciding how to defend themselves. Here’s how.

1. Understand your major risks and how adversaries aim to exploit them. If security could be calculated, then adversaries would be the numerator. Companies must understand their unique threatscapes to the greatest possible extent, and generic data are insufficient. Effective security must integrate indicators of compromise (have we been attacked?), tactics, techniques and procedures (how are we being targeted?), identity intelligence (who would target us, and why?), vulnerability intelligence (what is being exploited in the wild?), and attack attribution (is this commodity or targeted?). Only with focused threat intelligence can analysts spend their precious and valuable time investigating the most important incidents, prioritizing those associated with your most formidable adversaries and your greatest business risks. You can go crazy (and broke) trying to play Whack-A-Mole in defense against them all. Instead, identify your most essential assets and focus scarce resources only on those threats that actually pose a risk to your company.

2. Take inventory of your assets and monitor them continuously. If security could be calculated, then inventory would be the denominator. At the simplest level, companies must identify and monitor all of their interconnected assets: is a developer spinning up a thousand virtual machines without your knowledge? What applications are running on the database servers holding your most valuable information? Did an employee connect a new device to your corporate network? Does one of your distant subsidiaries have a new partner? Does your HVAC system connect somehow with your Point of Sale? Periodic assessments, reports that take weeks to prepare, and conclusions that require complex interpretation contribute to gaps in security. Companies must maintain a dynamic, real-time inventory of assets, monitor those assets continuously, and render them visually in way that is simple and intuitive for security and operations teams.

3. Make security a part of your mission. The prevailing approach to security is compliance-focused, cost-constrained, peripheral to the core business, and delegatable by C-suite leaders. Working on a team like that isn’t fun inside any enterprise, and it loses against 21st-century adversaries who know that it’s more fun to be a pirate than to join the Navy. Any defense is only as good as the people doing the defending. The new model of security needs to be about mission and leadership, ensuring that we have the best defenders up against the best attackers. Security is no longer delegable, and the mission of security teams must be synonymous with the mission of the company.

4. Be active, not passive, in hunting adversaries on your network and removing them. The term “active defense” has been tarred as a euphemism for “hacking back,” and companies are ill-advised to go on the offensive: first, it’s illegal to access others’ networks without permission, even if you’re acting in supposed self-defense; and second, it’s just not smart to escalate unless you can dominate, and even the biggest companies will ultimately lose against state or state-sponsored adversaries. So while you cannot go attack the other team on their own turf, you can and increasingly must be active against adversaries inside your own networks. This means assuming not merely that you are under attack, but that your attacker is in, and so you must hunt for a stealthy, persistent human adversary in order to contain and remediate the risk before they can cause damage – dramatically cutting the time between breach and detection from its current average of more than 200 days.

It is easy during these days of frequent and devastating attacks to cry out that the sky is falling, and that the very future of the Internet as a trusted domain of commerce and communication is at stake. But it would be wrong to extrapolate the data points of recent years into a line leading to ruin. Too many of us have too much at stake here, and the combined forces of executives, entrepreneurs, software developers, security teams, and investors all turning the map around can equip us to defend against this next generation of adversaries.

HBR

%d bloggers like this: