Skip to content
Advertisements

Your Mobile Phone Is Your Identity. How Do You Protect It?

 The average cost of a data breach has risen 12% over the past 5 years and is now $3.92M. U.S.-based breaches average $8.19M in losses, leading all nations. Not integrating mobile phone platforms and protecting them with a Zero Trust Security framework can add up to $240K to the cost of a breach. Companies that fully deploy security automation technologies experience around half the cost of a breach ($2.65M on average) compared to those that do not deploy these technologies ($5.16M on average). These and many other fascinating insights are from the 14th annual IBM Security Cost of a Data Breach Report, 2019. IBM is making a copy of the report available here for download (76 pp., PDF, opt-in). IBM and Ponemon Institute collaborated on the report, recruiting 507 organizations that have experienced a breach in the last year and interviewing more than 3,211 individuals who are knowledgeable about the data breach incident in their organizations. A total of 16 countries and 17 industries were included in the scope of the study. For additional details regarding the methodology, please see pages 71 - 75 of the report. Key insights from the report include the following: Lost business costs are 36.2% of the total cost of an average breach, making it the single largest loss component of all. Detection and escalation costs are second at 31.1%, as it can take up to 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. IBM found the average breach lasts 279 days. Breaches take a heavy toll on the time resources of any organization as well, eating up 76% of an entire year before being discovered and contained. U.S.-based breaches average $8.19M in losses, leading all nations with the highest country average. The cost of U.S.-based breaches far outdistance all other countries and regions of the world due to the value and volume of data exfiltrated from enterprise IT systems based in North America. North American enterprises are also often the most likely to rely on mobile devices to enable greater communication and collaboration, further exposing that threat surface. The Middle East has the second-highest average breach loss of $5.97M. In contrast, Indian and Brazilian organizations had the lowest total average cost at $1.83M and $1.35M, respectively. Data breach costs increase quickly in integration-intensive corporate IT environments, especially where there is a proliferation of disconnected mobile platforms. The study found the highest contributing costs associated with a data breach are caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile and OT environments. This reinforces that organizations need to adopt a Zero Trust Security (ZTS) framework to secure the multiple endpoints, apps, networks, clouds, and operating systems across perimeter-less enterprises. Mobile devices are enterprises’ fasting growing threat surfaces, making them one of the highest priorities for implementing ZTS frameworks. Companies to watch in this area include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. The framework is built on the foundation of unified endpoint management (UEM) and additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat detection (MTD). This approach to securing access and protect data across the perimeter-less enterprise is helping to alleviate the high cost of data breaches, as shown in the graphic below. Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error. While less expensive than malicious attacks, which cost an average of $4.45M, system glitches and human error still result in costly breaches, with an average loss of $3.24M and $3.5M respectively. To establish complete control over data, wherever it lives, organizations need to adopt Zero Trust Security (ZTS) frameworks that are determined by “never trust, always verify.”. For example, MobileIron’s mobile-centric zero-trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. This zero-trust security framework is designed to stop accidental, inadvertent and maliciously-driven, intentional breaches. The following graphic compares the total cost for three data breach root causes: Conclusion Lost business is the single largest cost component of any breach, and it takes years to fully recover from one. IBM found that 67% of the costs of a breach accrue in the first year, 22% accrue in the second year and 11% in the third. The more regulated a company’s business, the longer a breach will accrue costs and impact operations. Compounding this is the need for a more Zero Trust-based approach to securing every endpoint across an organization. Not integrating mobile phone platforms and protecting them with a Zero Trust Security (ZTS) framework can add up to $240K to the cost of a breach. Companies working to bridge the gap between the need for securing mobile devices with ZTS frameworks include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. There’s a significant amount of innovation happening with Identity Access Management that thwarts privileged account abuse, which is the leading cause of breaches today. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

  • The average cost of a data breach has risen 12% over the past 5 years and is now $3.92M.
  • U.S.-based breaches average $8.19M in losses, leading all nations.
  • Not integrating mobile phone platforms and protecting them with a Zero Trust Security framework can add up to $240K to the cost of a breach.
  • Companies that fully deploy security automation technologies experience around half the cost of a breach ($2.65M on average) compared to those that do not deploy these technologies ($5.16M on average).

These and many other fascinating insights are from the 14th annual IBM Security Cost of a Data Breach Report, 2019. IBM is making a copy of the report available here for download (76 pp., PDF, opt-in). IBM and Ponemon Institute collaborated on the report, recruiting 507 organizations that have experienced a breach in the last year and interviewing more than 3,211 individuals who are knowledgeable about the data breach incident in their organizations. A total of 16 countries and 17 industries were included in the scope of the study. For additional details regarding the methodology, please see pages 71 – 75 of the report.

Key insights from the report include the following:

  • Lost business costs are 36.2% of the total cost of an average breach, making it the single largest loss component of all. Detection and escalation costs are second at 31.1%, as it can take up to 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. IBM found the average breach lasts 279 days. Breaches take a heavy toll on the time resources of any organization as well, eating up 76% of an entire year before being discovered and contained.

  • U.S.-based breaches average $8.19M in losses, leading all nations with the highest country average. The cost of U.S.-based breaches far outdistance all other countries and regions of the world due to the value and volume of data exfiltrated from enterprise IT systems based in North America. North American enterprises are also often the most likely to rely on mobile devices to enable greater communication and collaboration, further exposing that threat surface. The Middle East has the second-highest average breach loss of $5.97M. In contrast, Indian and Brazilian organizations had the lowest total average cost at $1.83M and $1.35M, respectively.

  • Data breach costs increase quickly in integration-intensive corporate IT environments, especially where there is a proliferation of disconnected mobile platforms. The study found the highest contributing costs associated with a data breach are caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile and OT environments. This reinforces that organizations need to adopt a Zero Trust Security (ZTS) framework to secure the multiple endpoints, apps, networks, clouds, and operating systems across perimeter-less enterprises. Mobile devices are enterprises’ fasting growing threat surfaces, making them one of the highest priorities for implementing ZTS frameworks. Companies to watch in this area include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. The framework is built on the foundation of unified endpoint management (UEM) and additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat detection (MTD). This approach to securing access and protect data across the perimeter-less enterprise is helping to alleviate the high cost of data breaches, as shown in the graphic below.

  • Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error. While less expensive than malicious attacks, which cost an average of $4.45M, system glitches and the human error still result in costly breaches, with an average loss of $3.24M and $3.5M respectively. To establish complete control over data, wherever it lives, organizations need to adopt Zero Trust Security (ZTS) frameworks that are determined by “never trust, always verify.”. For example, MobileIron’s mobile-centric zero-trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. This zero-trust security framework is designed to stop accidental, inadvertent and maliciously-driven, intentional breaches. The following graphic compares the total cost for three data breach root causes:

Conclusion

Lost business is the single largest cost component of any breach, and it takes years to fully recover from one. IBM found that 67% of the costs of a breach accrue in the first year, 22% accrue in the second year and 11% in the third.  The more regulated a company’s business, the longer a breach will accrue costs and impact operations. Compounding this is the need for a more Zero Trust-based approach to securing every endpoint across an organization.

Not integrating mobile phone platforms and protecting them with a Zero Trust Security (ZTS) framework can add up to $240K to the cost of a breach. Companies working to bridge the gap between the need for securing mobile devices with ZTS frameworks include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. There’s a significant amount of innovation happening with Identity Access Management that thwarts privileged account abuse, which is the leading cause of breaches today. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

Advertisements

How To Deal With Ransomware In A Zero Trust World

  • Lake City, Florida’s city government paid ransomware attackers about $530,000 or 42 Bitcoins, to restore access to systems and data last month.
  • The City of Riviera Beach, Florida, paid ransomware attackers about $600,000 to regain access to their systems last month.
  • Earlier this month, LaPorte County, Indiana paid over $130,000 worth of Bitcoins to ransomware hackers to regain access to part of its computer systems.
  • This week, Louisiana Governor John Bel Edwards activated a state of emergency in response to a wave of ransomware infections that have hit multiple school districts in North Louisiana.

The recent ransomware attacks on Lake City, FloridaRiviera Beach, FloridaLaPorte County, Indiana, the City of Baltimore, Maryland, and a diverse base of enterprises including Eurofins ScientificCOSCONorsk Hydro, the UK Police Federation, and Aebi Schmidt reflect higher ransoms are being demanded than in the past to release high-value systems. There’s been a 44% decline in the number of organizations affected by ransomware in the past two years, yet an 89% increase in ransom demands over the last 12 months according to the Q1, 2019 Ransomware Marketplace Report published by Coveware. The Wall Street Journal’s article “How Ransomware Attacks Are Forcing Big Payments From Cities, Counties” provides an excellent overview of how Ryuk, a ransomware variant, works and is being used to hold unprepared municipalities’ IT networks for ransom.

How To Handle A Ransomware Attack

Interested in learning more about ransomware and how to help municipalities and manufacturers protect themselves against it, I attended Centrify’s recent webinar, “5 Steps To Minimize Your Exposure To Ransomware Attacks”. Dr. Torsten George, noted cybersecurity evangelist, delivered a wealth of insights and knowledge about how any business can protect itself and recover from a ransomware attack. Key insights from his webinar include the following:

  • Ransomware attackers are becoming more sophisticated using spear-phishing emails that target specific individuals and seeding legitimate websites with malicious code – it’s helpful to know the anatomy of an attack. Some recent attacks have even started exploiting smartphone vulnerabilities to penetrate corporate networks, according to Dr. George. The following graphic from the webinar explains how attackers initiate their ransomware attempts by sending a phishing email that might include a malicious attachment or link that leads to a malicious website. When a user clicks on the file/webpage, it unloads the malware and starts executing. It then establishes communications to the Command and Control Server – more often than not via TOR, which is free, open-source software for enabling anonymous communication. In the next step, the files get encrypted, and the end-user gets the infamous ransomware screen. From there on, communications with the end-user is done via TOR or similar technologies. Once the ransom is paid – often via Bitcoin to avoid any traces to the attacker – the private key is delivered to the users to regain access to their data.

  • To minimize the impact of a ransomware attack on any business, Business Continuity and Prevention strategies need to be in place now. A foundation of any successful Business Continuity strategy is following best practices defined by the U.S. Government Interagency Technical Guidance. These include performing regular data backup, penetration testing, and secure backups as the graphic below illustrate:

  • There are six preventative measures every business can take today to minimize the risk and potential business disruption of ransomware, according to the U.S. Government Interagency Technical Guidelines and FBI. One of the most valuable insights gained from the webinar was learning about how every business needs to engrain cybersecurity best practices into their daily routines. Calling it “cyber hygiene,” Dr. George provided insights into the following six preventative measures:

  • Stopping privileged access abuse with a Zero Trust Privilege-based approach reduces ransomware attacks and breaches’ ability to proliferate. Centrify found that 74% of all data breaches involve access to a privileged account. In a separate study, The Forrester Wave™: Privileged Identity Management, Q4 2018, (PDF, 19 pp., no opt-in) found that at least 80% of data breaches have a connection to compromised privileged credentials. Dr. George observed that hackers don’t hack in anymore—they log in using weak, default, stolen, or otherwise compromised credentials. Zero Trust Privilege requires granting least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.
  • One of the most valuable segments of the webinar covered five steps for minimizing an organization’s exposure to ransomware taking a Zero Trust-based approach. The five steps that every organization needs to consider how to reduce the threat of ransomware includes the following:
  1. Immediately Establish A Secure Admin Environment. To prevent malware from spreading during sessions that connect servers with privileged access, establish policies that only authorize privileged access from a “clean” source. This will prevent direct access from user workstations that are connected to the Internet and receive external email messages, which are too easily infected with malware.
  2. Secure remote access from a Zero Trust standpoint first, especially if you are working with remote contractors, outsourced IT, or development staff. When remote access is secured through a Zero Trust-based approach, it alleviates the need for a VPN and handles all the transport security between the secure client and distributed server connector gateways. Ransomware can travel through VPN connections and spread through entire corporate networks. Taking advantage of a reverse proxy approach, there is no logical path to the network, and ransomware is unable to spread from system to the network.
  3. Zoning off access is also a must-have to thwart ransomware attacks from spreading across company networks. The webinar showed how it’s a very good idea to create and enforce a series of access zones that restrict access by privileged users to specific systems and requires multi-factor authentication (MFA) to reach assets outside of their zone. Without passing an MFA challenge, ransomware can’t spread to other systems.
  4. Minimizing attack surfaces is key to stopping ransomware. Minimizing attack surfaces reduces ransomware’s potential to enter and spread throughout a company’s network. Dr. George made the point that vaulting away shared local accounts is a very effective strategy for minimizing attack surfaces. The point was made that ransomware does not always need elevated privileges to spread, but if achieved, the impact will be much more damaging.
  5. Least Privilege Access is foundational to Zero Trust and a must-have on any network to protect against ransomware. When least privilege access is in place, organizations have much tighter, more granular control over which accounts and resources admin accounts and users have access to. Ransomware gets stopped in its tracks when it can’t install files or achieve least privilege access to complete installation of a script or code base.

Conclusion

Ransomware is the latest iteration of a criminal strategy used for centuries for financial gain. Holding someone or something for ransom has now graduated to holding entire cities and businesses hostage until a Bitcoin payment is made. The FBI warns that paying ransomware attackers only fuels more attacks and subsidizes an illegal business model. That’s why taking the preventative steps provided in the Centrify webinar is something every business needs to consider today.

Staying safe from ransomware in the modern threatscape is a challenge, but a Zero Trust Privilege approach can reduce the risk your organization will be the next victim forced to make a gut-wrenching decision of whether or not to pay a ransom.

AI Is Predicting The Future Of Online Fraud Detection

Bottom Line: Combining supervised and unsupervised machine learning as part of a broader Artificial Intelligence (AI) fraud detection strategy enables digital businesses to quickly and accurately detect automated and increasingly complex fraud attempts.

Recent research from the Association of Certified Fraud Examiners (ACFE)KPMGPwC, and others reflects how organized crime and state-sponsored fraudsters are increasing the sophistication, scale, and speed of their fraud attacks. One of the most common types of emerging attacks is based on using machine learning and other automation techniques to commit fraud that legacy approaches to fraud prevention can’t catch. The most common legacy approaches to fighting online fraud include relying on rules and predictive models that are no longer effective at confronting more advanced, nuanced levels of current fraud attempts. Online fraud detection needs AI to stay at parity with the quickly escalating complexity and sophistication of today’s fraud attempts.

Why AI is Ideal for Online Fraud Detection

It’s been my experience that digitally-based businesses that have the best track record of thwarting online fraud rely on AI and machine learning to do the following:

  • Actively use supervised machine learning to train models so they can spot fraud attempts quicker than manually-based approaches. Digitally-based businesses I’ve talked with say having supervised machine learning categorize and then predict fraudulent attempts is invaluable from a time-saving standpoint alone. Adopting supervised machine learning first is easier for many businesses as they have analytics teams on staff who are familiar with the foundational concepts and techniques. Digital businesses with high-risk exposure given their business models are adopting AI-based online fraud detection platforms to equip their fraud analysts with the insights they need to identify and stop threats early.
  • Combine supervised and unsupervised machine learning into a single fraud prevention payment score to excel at finding anomalies in emerging data. Integrating the results of fraud analysis based on supervised and unsupervised machine learning into one risk score is one way AI enables online fraud prevention to scale today. Leaders in this area of online fraud prevention can deliver payment scores in 250 milliseconds, using AI to interpret the data and provide a response. A more integrated approach to online fraud prevention that combines supervised and unsupervised machine learning can deliver scores that are twice as predictive as previous approaches.
  • Capitalizes on large-scale, universal data networks of transactions to fine-tune and scale supervised machine learning algorithms, improving fraud prevention scores in the process. The most advanced digital businesses are looking for ways to fine-tune their machine learning models using large-scale universal data sets. Many businesses have years of transaction data they rely on initially for this purpose. Online fraud prevention platforms also have large-scale universal data networks that often include billions of transactions captured over decades, from thousands of customers globally.

The integration of these three factors forms the foundation of online fraud detection and defines its future growth trajectory. One of the most rapid areas of innovation in these three areas is the fine-tuning of fraud prevention scores. Kount’s unique approach to creating and scaling its Omniscore indicates how AI is immediately redefining the future of online fraud detection.

Kount is distinct from other online fraud detection platforms due to the company’s ability to factor in all available historical data in their universal data network that includes billions of transactions accumulated over 12 years, 6,500 customers, across over 180 countries and territories, and multiple payment networks.

Insights into Why AI is the Future of Online Fraud Detection

Recent research studies provide insights into why AI is the future of online fraud detection. According to the Association of Certified Fraud Examiners (ACFE) inaugural Anti-Fraud Technology Benchmarking Report, the amount organizations are expected to spend on AI and machine learning to thwart online fraud is expected to triple by 2021. The ACFE study also found that only 13% of organizations currently use AI and machine learning to detect and deter fraud today. The report predicts another 25% plan to adopt these technologies in the next year or two – an increase of nearly 200%. The ACFE study found that AI and machine learning technology will most likely be adopted in the next two years to fight fraud, followed by predictive analytics and modeling.

PwC’s 2018 Global Economic Crime and Fraud Survey is based on interviews with 7,200 C-level and senior management respondents across 123 different nations and territories and was conducted to determine the true state of digital fraud prevention across the world. The study found that 42% of companies said they had increased funds used to combat fraud or economic crime. In addition, 34% of the C-level and senior management executives also said that existing approaches to combatting online fraud was generating too many false positives. The solution is to rely more on machine learning and AI in combination with predictive analytics as the graphic below illustrates. Kount’s unique approach to combining these technologies to define their Omniscore reflects the future of online fraud detection.

AI is a necessary foundation of online fraud detection, and for platforms built on these technologies to succeed, they must do three things extremely well. First, supervised machine learning algorithms need to be fine-tuned with decades worth of transaction data to minimize false positives and provide extremely fast responses to inquiries. Second, unsupervised machine learning is needed to find emerging anomalies that may signal entirely new, more sophisticated forms of online fraud. Finally, for an online fraud platform to scale, it needs to have a large-scale, universal data network of transactions to fine-tune and scale supervised machine learning algorithms that improve the accuracy of fraud prevention scores in the process.

AWS Certifications Increase Tech Pay Up To $12K A Year

AWS Certifications Increase Tech Pay Up To $12K A Year

  • AWS and Google certifications are among the most lucrative in North America, paying average salaries of $129,868 and $147,357 respectively.
  • Cross-certifying on AWS is providing a $12K salary bump to IT professionals who already have Citrix and Red Hat/Linux certifications today
  • Globally, four of the five top-paying certifications are in cloud computing.

These and many other insights of which certifications provide the highest salaries by region of the world are from the recently published Global Knowledge 2019 IT Skills and Salary ReportThe report is downloadable here (27 pp., PDF, free, opt-in). The methodology is based on 12,271 interviews across non-management IT staffs (29% of interviews), mid-level professionals including managers and team leads (43%), and senior-level and executive roles (28%) across four global regions. For additional details regarding the study’s methodology, please see page 24 of the report.

Key insights from the report include the following:

  • Cross-certifying on AWS is providing a $12K salary bump to IT professionals who already have Citrix and Red Hat/Linux certifications. Citrix certifications pay an average salary of $109,546 and those earning an AWS certification see a $12,339 salary bump on average. Red Hat/Linux certification-based jobs pay an average of $113,165 and are seeing an average salary bump of $12,553.  Cisco-certified IT professionals who gain AWS certification increase their salaries on average from $101,533 to $111,869, gaining a 10.2% increase. The following chart compares the salary bump AWS certifications are providing to IT professionals with seven of the more popular certifications (please click on the graphic to expand for easier reading).

  • AWS and Google certifications are among the most lucrative in North America, paying average salaries of $129,868 and $147,357 while the most popular are cybersecurity, governance, compliance, and policy. 27% of all respondents to Global Knowledge’s survey have at least one certification in this category. Nearly 18% are ITIL certified. In North American, the most popular certification categories beyond cybersecurity are CompTIA, Microsoft, and Cisco. The following table from the report provides an overview of salary by certification category (please click on the graphic to expand for easier reading).

  • AWS Certified Solutions Architect – Associate is the most popular AWS certification today, with 72% of respondents having achieved its requirements. Certified Solutions Architect – Associate leads the top five most commonly held AWS certifications today according to the survey. AWS Certified Developer – Associate (33%), AWS Certified SysOps Administrator – Associate (24%), AWS Certified Solutions Architect – Professional (16%) and AWS Certified Cloud Practitioner round out the top five most common AWS certifications across the 12,271 global respondents to the Global Knowledge survey.

10 Charts That Will Change Your Perspective Of Amazon’s Patent Growth

10 Charts That Will Change Your Perspective Of Amazon's Patent Growth

  • Since 2010 Amazon has grown its patent portfolio from less than 1,000 active patents in 2010 to nearly 10,000 in 2019, a ten-fold increase in less than a decade.
  • Amazon heavily cites Microsoft, IBM, and Alphabet, with 39%, 32% and 28% of Amazon’s total Patent Asset Index
  • Amazon’s patent portfolio is dominated by Cloud Computing, with the majority of the patents contributing to AWS’ current and future services roadmap. AWS achieved 41% year-over-year revenue growth in the latest fiscal quarter, reaching $7.6B in revenue.

Patents are fascinating because they provide a glimpse into potential plans, and roadmaps tech companies are considering. Amazon has one of the most interesting patent portfolios today that encompass a wide spectrum of technologies, from aircraft technology, drones, cloud computing, to machine learning. Interested in learning more about Amazon’s unique patent portfolio, I contacted PatentSight, a LexisNexis company, one of the leading providers of patent analytics and provider of the PatentSight analytics platform used for creating the ten charts shown below.

  • Amazon patents grew at a Compound Annual Growth Rate (CAGR) of above 35% between 2010 and 2019. PatentSight’s analysis shows that Amazon’s patent portfolio has increased tenfold in the last decade, and is comprised entirely of organic patents with only a small percentage gained from acquisitions. PatentSight also finds that Amazon’s patents have a falling average quality as measured by their Competitive Impact score shown on the vertical axis of the chart below. As Amazon’s patent portfolio has grown, there has been a downward trend of quality. William Mansfield, Head of Consulting and Customer Success at LexisNexis PatentSight explains why. “To maintain a high quality when growing the portfolio is difficult, as each patent would need to be equally as good as or better than the previous,” he said. Mr. Mansfield’s analysis found that Amazon’s portfolio has an average Competitive Impact of 2 today, double the PatentSight database average of 1.

  • Amazon’s patent portfolio is unique in that 100% of it is protected in the U.S. “The protection strategy of Amazon is also uncommon. While it can be the case that US firms tend to be US-centric, Amazon is an extreme case,” said William Mansfield. It’s surprising how many Amazon patents are active only in the USA (86%) and invented in the USA and active only in the USA (81%). William explained that “one factor for this US-centricity could be the great acceptance of software patents in the USA, we do also see high US-only filing for other tech giants, but are a level of around 60% vs. Amazon’s 86%.”

  • PatentSight found that the majority of the Amazon portfolio falls in the 2nd decile of Competitive Impact (top 20% – 10%). Comparable technology-based organizations have a higher density of patents in the top 10% of Competitive Impact, which is another unusual aspect regarding Amazon’s patent growth. “This is unusual compared to other big tech companies which have more in the top 10%, it could be Amazon is holding onto more lower value assets than required,” William Mansfield remarked.

  • Amazon’s patent citations most often cite Microsoft, IBM, and Alphabet, with 39%, 32% and 28% of Amazon’s total Patent Asset Index. Interesting that PatentSight’s analysis finds the reciprocal is not the case. A much smaller percentage of companies cite Amazon in return. This can be attributed to a few other firms having the breadth and depth of patent development that Amazon does today.  PatentSight found that less than 10% of their respective portfolios even mention Amazon.  William Mansfield explains that “one factor here is the larger size of these companies, vs. Amazon. However, even in absolute terms, Microsoft and IBM cite Amazon much less than the other way round. However, citation value is close to equal in absolute terms between Amazon and Alphabet.”

  • Relying on patents to keep AWS’ rapid growth going appears to be Amazon’s high priority patent strategy today. As can be seen from the portfolio below, Cloud Computing patents dominate Amazon’s patent portfolio today. In the latest fiscal quarter ending March 31, 2019, AWS delivered $7.9B in revenue and$2.2B in operating income, growing 41% year-over-year. “Amazon’s ongoing developments in alternative delivery methods in Urban Logistics and Drones are noteworthy with Drones being one area of particular strength in the portfolio as seen from the high Competitive Impact, despite the smaller portfolio size,” notes William Mansfield.

  • Amazon’s prioritization of cloud computing, AI, and machine learning patents is evident when 18 years of patent history is compared. The proliferation of AI and machine learning-based services on the AWS platform is apparent in the trend line starting in 2014. The success of Amazon’s SageMaker machine learning platform is a case in point. Amazon SageMaker enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at scale.

  • Amazon is already one of the top 10 patent holders in Drone technology, just behind Alphabet and Toyota Motors. PatentSight defines Drone technology as encompassing aviation, autonomous robots, and autonomous driving. Amazon’s rapid ascent in this area is attributable to the logistics and supply chain efficiencies possible when Drones and their related technologies are applied to their supply chain’s more complex challenges.

  • PatentSight finds that FinTech is an area of long-standing strength in the Amazon patent portfolio, attribute to their payment systems being the backbone of their e-commerce business. Reflecting how diverse their business model has become, Amazon is now one of the top 15 patent holders in this area due to cloud computing, AI, and machine learning taking precedence. “FinTech is a highly competitive field with many established players, and while Amazon is not in the top 10, but top 15 players, it’s still an impressive achievement,” said William Mansfield.

  • Amazon’s patent portfolio in speech recognition encompasses Alexa, its related patents, and Amazon Lex, an AWS service used for creating conversational interfaces for applications. Alphabet, Apple, Microsoft, and Samsung are patent leaders, according to PatentSight’s analysis. The fact that Amazon is in the top 10 speaks to the level of activity and patent production going on in the Alexa research and development and product teams.

  • Amazon’s patent strategy is eclectic yet always anchored to cloud computing to make AWS the platform of choice. The following selected patens reflect how broad the Amazon patent portfolio is. What each share in common is a reliance on AWS as the platform to ensure service consistency, reliability, and scale. An example of this is their patents Video Game Streaming.

Roadmap To Zero Trust For Small Businesses

Bottom Line:  Small businesses don’t need to sacrifice security due to budget constraints or productivity requirements – a Zero Trust roadmap can help them keep growing and stop breaches.

Having worked my way through college in a series of small businesses and having neighbors and friends who operate several today, I see how cloud, databases, and network devices save thousands of dollars, hours of tedious work, and streamline operations. Good friends running an AI startup, whose remarkable ability to turn whiteboard discussions into prototypes in a day, are a case in point. Keeping breach attempts from interrupting their growth needs to start with a roadmap to Zero Trust so these businesses can keep flourishing.

Defining A Zero Trust Roadmap

Most successful small businesses and my friends’ growing startup share the common trait of moving at a quick pace. They’re hiring new employees, contractors and adding new locations in days, not months. The startups and small businesses I work with are adding experts in AI, development, machine learning, sales, and marketing from around the world quickly. Each new employee, contractor, and occasional supplier receives their account login to cloud systems used for running the business, and then they’re given their first assignments.

Small Businesses Don’t Need To Sacrifice Speed For Security

Small businesses and startups run so fast there’s often a perception that achieving greater security will slow them down. In a Zero Trust world, they don’t need to spend a lot of sacrifice speed for security. Following a Zero Trust roadmap can protect their systems, valuable intellectual property, and valuable time by minimizing the risk of falling victim to costly breaches.

Here’s what small businesses and startups need to include on their Zero Trust roadmaps to reduce the potential for time-consuming, costly breaches that could steal not just data but market momentum too:

  • Put Multi-Factor Authentication (MFA) into place for every contractor, admin user, and partner account immediately. Implementing MFA is highly recommended as it can reduce the risk of privileged access credential abuse. A recent survey by Centrify found that 74% of all breaches involved privileged access abuse. Centrify also found that 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure exposed to hacking attempts, including unchallenged privileged access abuse.
  • Get a shared account and password vault to reduce the risk of being breached by privileged access abuse. Password vaults are a must-have for any business that relies on intellectual property (IP), patents, source code under development, and proprietary data that is pivotal to the company’s growth. Vaults make sure only trusted applications can request privileged account credentials by first identifying, then validating system accounts before passwords are retrieved. Another major advantage of vaults is that they minimize attack surfaces for small businesses and startups.
  • Secure Remote Access needs to be in place to ensure employee, contractor, and IT systems contractors are given least privilege access to only the resources they need. Small businesses and startups growing fast often don’t have the expertise on staff to manage their IT systems. It’s cheaper for many to have an IT service manage server maintenance, upgrades, and security. Secure Remote Access is predicated on the “never trust, always verify, enforce least privilege” Zero Trust approach to grant access to specific resources.
  • Implement real-time audit and monitoring to track all privileged sessions and metadata auditing everything across all systems to deliver a comprehensive picture of intentions and outcomes. Creating and adding to an ongoing chronology of login and resource attempts is invaluable for discovering how a security incident first gets started, and for meeting compliance requirements. It’s much easier to identify and thwart privileged credential abuse based on the insights gained from the single system of record a real-time audit and monitoring service creates. As small businesses and startups grow, the data that real-time audits and monitoring generate are invaluable in proving privileged access is controlled and audited to meet the regulatory compliance requirements of SOX, HIPAA, FISMA, NIST, PCI, MAS, and other regulatory standards.
  • Privileged access credentials to network devices need to be part of the Zero Trust Roadmap. Small businesses and startups face a continual time shortage and sometimes forget to change the manufacturer default passwords which are often weak and well known in the hacker community. That’s why it needs to be a priority to include the network device portfolio in A Zero Trust Privilege-based security roadmap and strategy. Security admins need to have these included in the shared account and passwords vault.

Conclusion

The five factors mentioned here are the start of building a scalable, secure Zero Trust roadmap that will help alleviate the leading cause of breaches today, which is privileged access credential abuse. For small businesses who are outsourcing IT and security administration, the core elements of the Zero Trust roadmap provide them the secure login and a “never trust, always verify, enforce least privilege” strategy that can scale with their business. With Zero Trust Privilege, small businesses and startups will be able to grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment

Top 10 IoT Startups Of 2019 According To IoT Analytics

  • IoT startups have received $3.6B in funding this year alone, according to IoT Analytics’ estimates.
  • Manufacturing is attracting the highest percentage of vertically-focused IoT startups at 30%.
  • 43% of all IoT startups are founded in North America, the leading region globally of startup activity.
  • 7 of the top 10 IoT startups primarily focus on AI, Analytics, and Data Science.
  • 46% of all IoT startups tracked by IoT Analytics primarily focus on AI, Analytics, and Data Science.

These and many other fascinating insights are from IoT Analytics’ recently published IoT Startups Report & Database 2019.  IoT Analytics found that there approximately 1,018 startups creating Internet of Things (IoT) products or services today. They have defined one of the most thorough methodologies in IoT research to identify the top 10 IoT analytics startups worldwide. To qualify, startups have to be older than 6 years and fit the definition of the Internet of Things, and methodology and criterion explained at the end of this post.

“The hot IoT startups today have a strong focus on data analytics and AI and are increasingly targeting industrial and manufacturing clients. It remains to be seen how much of the analytics technology that today’s startups are building will be scalable across IoT use cases and industries. For now, most of the IoT startups are adding value in specific industries or for specific use cases,” said Knud Lasse Lueth, Managing Director of IoT Analytics.

The following are the top 10 IoT Startups Of 2019 from IoT Analytics:

  1. Arundo Analytics (IoT Middleware & Software Infrastructure)

Arundo Analytics is a hot IoT Startup that provides analytics software for industrial and energy companies. The company has formed several strategic alliances, e.g., with Dell Technologies and WorleyParsons. Arundo has also formed a joint venture with DNV GL to provide stream data analytics for maritime companies. The board of directors includes Tore Myrholt, Senior Partner at McKinsey and Thomas Malone, the founding director of the MIT Center for Collective Intelligence. Recently, Arundo launched several applications incl. machine monitoring and fuel efficiency.

  1. Bright Machines (IoT Middleware & Software Infrastructure)

Bright Machines is currently the fastest growing IoT Startup, has grown from virtually zero at the beginning of 2018 to almost 200 employees a year later (April 2019). The firm focuses on “micro-factories” made up of its software and robot cells as well as new software tools that make manufacturing more efficient. The leadership team is filled with former executives from Autodesk, Flextronics, and Amazon including Amar Hanspal (CEO), Brian Mathews (CTO), Tzahi Rodrig (COO) and Nick Ciubotariu (SVP, Software Engineering). The company recently entered into a strategic partnership with BMW i Ventures.

  1. Dragos (IoT Middleware & Software Infrastructure)

Dragos is a cybersecurity startup that offers a software-defined security platform for manufacturers. The company has seen a 300%+ growth in headcount the last two years and collaborates with GE, Deloitte, OSIsoft, ThreatConnect, Crowdstrike, and several other companies. The company recently acquired Atlanta-based NexDefense and collaborates with Waterfall Solution for a joint solution.

  1. Element (IoT Middleware & Software Infrastructure)

Element (also known as Element Analytics) is a fascinating IoT Startup that focuses on industrial analytics software such as Digital Twins, particularly in heavy industries. The company counts an impressive list of investors, including Kleiner Perkins, GE, Honeywell, and ABB. Element partners with Microsoft, Uptake, OSIsoft, and Radix (consulting).

  1. FogHorn (IoT Middleware & Software Infrastructure)

In recent years, US-based startup FogHorn has gained an excellent reputation with leading manufacturers and oil and gas organizations around the world for its real-time edge computing and analytics software. The company has seen an 89% employee growth in the past two years and has secured partnerships with 50+ industrial solution providers, OEMs, gateway providers, and consultants/SIs, including AWS, Google Cloud, Microsoft, Cisco, HP, NTT Data, and more. FogHorn is also a member of LF Edge, an umbrella organization to drive an open, interoperable framework for edge computing to accelerate deployment among the growing number of edge devices. Investors in FogHorn include The Hive, Bosch, Dell, GE, Honeywell, Intel, Saudi Aramco, and Yokogawa.

  1. Iguazio (IoT Middleware & Software Infrastructure)

Iguazio is a hot startup that provides a state-of-the-art data science platform for various verticals, including Industrial IoT, Smart Mobility, and Telecommunications. The company recently entered into collaborations with NVIDIA, Microsoft, and Google. Iguazio markets its Nuclio platform product as a “serverless” framework for multi-cloud environments and is thus well-positioned for the next wave of cloud computing.

  1. IoTium (IoT Connectivity)

IoTium is a quickly upcoming IoT startup from the Silicon Valley area that focuses on software-defined network infrastructure in manufacturing and related verticals. The company has seen a 100%+ growth in headcount over the last two years and now counts John Chambers, former Cisco CEO, as an investor along with other well-known corporate investors incl. Juniper, Qualcomm, SafeNet, and Wind River. The company is also very active in the EdgeX Foundry and recently joined the Siemens’ MindSphere partner program as a gold member.

  1. Preferred Networks (IoT Middleware & Software Infrastructure)

Preferred Networks is one of Japan’s IoT hotshots, focused on applying real-time machine-learning technologies to new Internet of Things applications. The company has seen a 100%+ employee growth in the last two years and now collaborates with world-leading organizations incl. Toyota Motor Corporation, Fanuc, and the National Cancer Center. The company is also very active in developing the deep-learning framework Chainer™ together with IBM, Intel, Microsoft, Nvidia.

  1. READY Robotics (IoT Hardware)

READY Robotics is a rare robotics startup that is looking to benefit from the increasing automation and flexibility of manufacturing processes around the world. The company emerged from the cutting-edge robotics research at Johns Hopkins University to develop its industrial robotic software called Forge.  The company has seen a 150%+ growth in headcount in the last two years and is now producing roughly 15 robot systems per month.

  1. SparkCognition (IoT Middleware & Software Infrastructure)

SparkCognition excels in AI-powered analytics, particularly in manufacturing and related verticals. SparkCognition has seen a 100%+ growth in headcount over the last two years. The company has launched Skygrid, a joint venture with Boeing and it has partnered with Siemens as part of its Mindsphere program. The company is also a Google Cloud Technology Partner and works with IBM as a trusted partner.

The full 62-page report (+ 1,018 line-item database) titled “IoT Startups Report & Database 2019” is available for purchase here.

Why AI Is The Future Of Cybersecurity

These and many other insights are from Capgemini’s Reinventing Cybersecurity with Artificial Intelligence Report published this week. You can download the report here (28 pp., PDF, free, no opt-in). Capgemini Research Institute surveyed 850 senior executives from seven industries, including consumer products, retail, banking, insurance, automotive, utilities, and telecom. 20% of the executive respondents are CIOs, and 10% are CISOs. Enterprises headquartered in France, Germany, the UK, the US, Australia, the Netherlands, India, Italy, Spain, and Sweden are included in the report. Please see page 21 of the report for a description of the methodology.

Capgemini found that as digital businesses grow, their risk of cyberattacks exponentially increases. 21% said their organization experienced a cybersecurity breach leading to unauthorized access in 2018. Enterprises are paying a heavy price for cybersecurity breaches: 20% report losses of more than $50 million. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

Key insights include the following:

  • 69% of enterprises believe AI will be necessary to respond to cyberattacks. The majority of telecom companies (80%) say they are counting on AI to help identify threats and thwart attacks. Capgemini found the telecom industry has the highest reported incidence of losses exceeding $50M, making AI a priority for thwarting costly breaches in that industry. It’s understandable by Consumer Products (78%), and Banking (75%) are 2nd and 3rd given each of these industry’s growing reliance on digitally-based business models. U.S.-based enterprises are placing the highest priority on AI-based cybersecurity applications and platforms, 15% higher than the global average when measured on a country basis.

  • 73% of enterprises are testing use cases for AI for cybersecurity across their organizations today with network security leading all categories. Endpoint security the 3rd-highest priority for investing in AI-based cybersecurity solutions given the proliferation of endpoint devices, which are expected to increase to over 25B by 2021. Internet of Things (IoT) and Industrial Internet of Things (IIoT) sensors and systems they enable are exponentially increasing the number of endpoints and threat surfaces an enterprise needs to protect. The old “trust but verify” approach to enterprise security can’t keep up with the pace and scale of threatscape growth today. Identities are the new security perimeter, and they require a Zero Trust Security framework to be secure. Be sure to follow Chase Cunningham of Forrester, Principal Analyst, and the leading authority on Zero Trust Security to keep current on this rapidly changing area. You can find his blog here.

  • 51% of executives are making extensive AI for cyber threat detection, outpacing prediction, and response by a wide margin. Enterprise executives are concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase. “AI tools are also getting better at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams,” said Nicko van Someren, Chief Technology Officer at Absolute Software.

  • 64% say that AI lowers the cost to detect and respond to breaches and reduces the overall time taken to detect threats and breaches up to 12%. The reduction in cost for a majority of enterprises ranges from 1% – 15% (with an average of 12%). With AI, the overall time taken to detect threats and breaches is reduced by up to 12%. Dwell time – the amount of time threat actors remain undetected – drops by 11% with the use of AI. This time reduction is achieved by continuously scanning for known or unknown anomalies that show threat patterns. PetSmart, a US-based specialty retailer, was able to save up to $12M by using AI in fraud detection from Kount. By partnering with Kount, PetSmart was able to implement an AI/Machine Learning technology that aggregates millions of transactions and their outcomes. The technology determines the legitimacy of each transaction by comparing it against all other transactions received. As fraudulent orders were identified, they were canceled, saving the company money and avoiding damage to the brand. The top 9 ways Artificial Intelligence prevents fraud provides insights into how Kount’s approach to unsupervised and supervised machine learning stops fraud.

  • Fraud detection, malware detection, intrusion detection, scoring risk in a network, and user/machine behavioral analysis are the five highest AI use cases for improving cybersecurity. Capgemini analyzed 20 use cases across information technology (IT), operational technology (OT) and the Internet of Things (IoT) and ranked them according to their implementation complexity and resultant benefits (in terms of time reduction). Based on their analysis, we recommend a shortlist of five high-potential use cases that have low complexity and high benefits. 54% of enterprises have already implemented five high impact cases. The following graphic compares the recommended use cases by the level of benefit and relative complexity.

  • 56% of senior execs say their cybersecurity analysts are overwhelmed and close to a quarter (23%) are not able to successfully investigate all identified incidents. Capgemini found that hacking organizations are successfully using algorithms to send ‘spear phishing’ tweets (personalized tweets sent to targeted users to trick them into sharing sensitive information). AI can send the tweets six times faster than a human and with twice the success. “It’s no surprise that Capgemini’s data shows that security analysts are overwhelmed. The cybersecurity skills shortage has been growing for some time, and so have the number and complexity of attacks; using machine learning to augment the few available skilled people can help ease this. What’s exciting about the state of the industry right now is that recent advances in Machine Learning methods are poised to make their way into deployable products,” said Nicko van Someren, Chief Technology Officer at Absolute Software.

Conclusion

AI and machine learning are redefining every aspect of cybersecurity today. From improving organizations’ ability to anticipate and thwart breaches, protecting the proliferating number of threat surfaces with Zero Trust Security frameworks to making passwords obsolete, AI and machine learning are essential to securing the perimeters of any business.  One of the most vulnerable and fastest-growing threat surfaces are mobile phones. The two recent research reports from MobileIronSay Goodbye to Passwords (4 pp., PDF, opt-in) in collaboration with IDG, and Passwordless Authentication: Bridging the Gap Between High-Security and Low-Friction Identity Management (34 pp., PDF, opt-in) by Enterprise Management Associates (EMA) provide fascinating insights into the passwordless future. They reflect and quantify how ready enterprises are to abandon passwords for more proven authentication techniques including biometrics and mobile-centric Zero Trust Security platform.

Passwords Are The Weakest Defense In A Zero Trust World

  • 90% of security professionals have witnessed security incidents stemming from the theft of credentials, according to a recent MobileIron study conducted by IDG.
  • 86% of CIO, CISO and Security VPs would abandon password authentication if they could.
  • Another survey by EMA found that mobile devices secured by biometric authentication methods present the best option for replacing passwords.
  • There is a direct correlation between the number of times a user authenticates and the number of user access problems that need to be addressed.

These and many other fascinating insights make it clear that passwords are now the weakest defense anyone can rely on in a Zero Trust world. Two recent research studies quantify just how weak and incomplete an IT security strategy based on passwords is, especially when the need to access mobile apps is proliferating. Combined, these two MobileIron reports pack a one-two punch at passwords, and how they’re not strong enough alone to protect mobile devices, the fastest proliferating threat surface in a Zero Trust world.

The first, Say Goodbye to Passwords (4 pp., PDF, opt-in) by IDG, is based on interviews with 200 IT security leaders in the US, UK, Australia, and New Zealand working in a range of industries at companies with at least 500 employees. The survey’s goal is to uncover and quantify the major authentication pain points facing enterprises.  The second, Passwordless Authentication: Bridging the Gap Between High-Security and Low-Friction Identity Management (34 pp., PDF, opt-in) by Enterprise Management Associates (EMA), is based on interviews with 200 North American-based IT professionals who are knowledgeable about their organization’s use of identity and access management services. Please see page 4 of the study for additional details regarding the methodology.

The two studies provide insights into the perils of passwords and the merits of mobile when it comes to enterprise security, user experiences, and workforce productivity:

  • 90% of respondents to the EMA survey have experienced significant password policy violations in just the last year. The most frequently reported was that identical passwords are being used to support multiple accounts (39.06%). The following graphic from the EMA study reflects password management worst practices that put an organization at a high risk of a breach. A recent survey by Centrify found that 74% of all breaches involved access to a privileged account. Hackers aren’t breaking into systems; they’re obtaining privileged access credentials and walking in the front door as the graphic below shows.

  • 88% of global security leaders believe that mobile devices will soon serve as a digital ID for accessing enterprise apps and data. In the US, the percentage rises to 91%. With cyberattacks on the rise and the disadvantages of passwords and Multi-Factor Authentication (MFA) apparent to security leaders—from both a user and a security standpoint— it’s clear that new authentication methods are needed. Hardware tokens, seen by many security leaders as a more secure option for authentication than passwords, take a hit on user-friendliness compared to biometrics on a mobile device according to the survey’s results. Among the security leaders, 72% see biometrics as more user-friendly than passwords, versus just 58% favoring tokens over passwords for ease of use.

  • Four of the top five authentication technologies IT leaders prefer over passwords are biometrics-based. What’s encouraging from the EMA study is that the majority of IT departments are actively evaluating biometrics with 82% of respondents identifying at least one of the four basic biometric approaches as a passwordless solution.

  • 87% of enterprises anticipate an increase in users needing business app access over the next 24 months. 85% of respondents reported seeing an increase in the number of users who need to access business apps from a mobile device over the past 12 months. Mobile apps dominate enterprises’ internal software development efforts according to 91% of respondents to the IDG study.

  • Eliminating passwords reduces the friction or hassles required to gain access to apps and resources while improving organization-wide security. The paradox of how to improve productivity and increase security is solved when passwords go away. Low-friction identity management approaches improve user experiences while simultaneously enhancing security and reducing management efforts as the graphic below shows:

Conclusion

Hackers would instead find ingenious ways to steal passwords and privileged access credentials than spend time attempting to hack into an organization’s systems. Mobile devices and the apps they use are the fastest growing and most unprotected threat surface there is for businesses today, making them a high priority for hackers. Relying on passwords alone to protect mobile devices makes them the weakest defense in a Zero Trust World. Eliminating passwords for more effective authentication and security approaches that are more consistent with Zero Trust is needed now.

10 Charts That Will Change Your Perspective Of AI In Marketing

  • Top-performing companies are more than twice as likely to be using AI for marketing (28% vs. 12%) according to Adobe’s latest Digital Intelligence Briefing.
  • Retailers are investing $5.9B this year in AI-based marketing and customer service solutions to improve shoppers’ buying experiences according to IDC.
  • Financial Services marketers lead all other industries in AI application adoption, with 37% currently using them today.
  • Sales and Marketing teams most often collaborate using Configure-Price-Quote (CPQ) and Marketing Automation AI-based applications, with sales leaders predicting AI adoption will increase 155% across sales teams in two years.

Artificial Intelligence enables marketers to understand sales cycles better, correlating their strategies and spending to sales results. AI-driven insights are also helping to break down data silos so marketing and sales can collaborate more on deals. Marketing is more analytics and quant-driven than ever before with the best CMOs knowing which metrics and KPIs to track and why they fluctuate.

The bottom line is that machine learning and AI are the technologies CMOs and their teams need to excel today. The best CMOs balance the quant-intensive nature of running marketing with qualitative factors that make a company’s brand and customer experience unique. With greater insight into how prospects make decisions when, where, and how to buy, CMOs are bringing a new level of intensity into driving outcomes. An example of this can be seen from the recent Forbes Insights and Quantcast research, Lessons of 21st-Century Brands Modern Brands & AI Report (17 pp., PDF, free, opt-in). The study found that AI enables marketers to increase sales (52%), increase in customer retention (51%), and succeed at new product launches (49%). AI is making solid contributions to improving lead quality, persona development, segmentation, pricing, and service.

The following ten charts provide insights into how AI is transforming marketing:

  • 21% of sales leaders rely on AI-based applications today, with the majority collaborating with marketing teams sharing these applications. Sales leaders predict that their use of AI will increase 155% in the next two years. Sales leaders predict AI will reach critical mass by 2020 when 54% expect to be using these technologies. Marketing and sales are relying on AI-based marketing automation, configure-price-quote (CPQ), and intelligent selling systems to increase revenue and profit growth significantly in the next two years. Source: Salesforce Research, State of Sales, 3rd edition. (58 pp., PDF, free, opt-in).

  • AI sees the most significant adoption by marketers working in $500M to $1B companies, with conversational AI for customer service is the most dominant. Businesses with between $500M to $1B lead all other revenue categories in the number and depth of AI adoption use cases. Just over 52% of small businesses with sales of $25M or less are using AI for predictive analytics for customer insights. It’s interesting to note that small companies are the leaders in AI spending, at 38.1%, to improve marketing ROI by optimizing marketing content and timing. Source: The CMO Survey: Highlights and Insights Report, February 2019. Duke University, Deloitte and American Marketing Association. (71 pp., PDF, free, no opt-in).

  • 22% of marketers currently are using AI-based applications with an additional 57% planning to use in the next two years. There are nine dominant use cases marketers are concentrating on today, ranging from personalized channel experiences to programmatic advertising and media buying to predictive customer journeys and real-time next best offers. Source: Salesforce’s State of Marketing Study, 5th edition

  • Content personalization and predictive analytics from customer insights are the two areas CMOs most prioritize AI spending today. The CMO study found that B2B service companies are the top user of AI for content personalization (62.2%) and B2B product companies use AI for augmented and virtual reality, facial recognition and visual search more than any other business types. Source: CMOs’ Top Uses For AI: Personalization and Predictive Analytics. Marketing Charts. March 14, 2019

  • Personalizing the overall customer journey and driving next-best offers in real-time are the two most common ways marketing leaders are using AI today, according to Salesforce. Improving customer segmentation, improving advertising and media buying, and personalizing channel experiences are the next fastest-growing areas of AI adoption in marketing today. Source: Salesforce’s State of Marketing Study, 5th edition

  • 81% of marketers are either planning to or are using AI in audience targeting this year. 80% are currently using or planning to use AI for audience segmentation. EConsultancy’s study found marketers are enthusiastic about AI’s potential to increase marketing effectiveness and track progress. 88% of marketers interviewed say AI will enable them t be more effective in getting to their goals. Source: Dream vs. Reality: The State of Consumer First and Omnichannel Marketing. EConsultancy (36 pp., PDF, free, no opt-in).

  • Over 41% of marketers say AI is enabling them to generate higher revenues from e-mail marketing. They also see an over 13% improvement in click-thru rates and 7.64% improvement in open rates. Source: 4 Positive Effects of AI Use in Email Marketing, Statista (infographic), March 1, 2019.

Additional data sources on AI’s use in Marketing:

15 examples of artificial intelligence in marketing, eConsultancy, February 28, 2019

4 Positive Effects of AI Use in Email Marketing, Statista, March 1, 2019

4 Ways Artificial Intelligence Can Improve Your Marketing (Plus 10 Provider Suggestions), Forbes, Kate Harrison, January 20, 2019

AI: The Next Generation Of Marketing Driving Competitive Advantage Throughout The Customer Life Cycle, Forrester Consulting. February 2017 (10 pp., PDF, free, no opt-in).

Artificial Intelligence for Marketing (complete book) (361 pp., PDF, free, no opt-in)

Artificial Intelligence Roundup, eMarketer, May 2018 (15 pp., PDF, free, no opt-in)

Digital Intelligence Briefing, Adobe, 2018 (43 pp., PDF, free, no opt-in).

How 28 Brands Are Using AI to Enhance Their Marketing [Infographic], Impact Blog

How AI Is Changing Sales, Harvard Business Review, July 30, 2018

How Top Marketers Use Artificial Intelligence On-Demand Webinar with Vala Afshar, Chief Digital Evangelist, Salesforce and Meghann York, Director, Product Marketing, Salesforce

How To Win Tomorrow’s Car Buyers – Artificial Intelligence in Marketing & Sales, McKinsey Center for Future Mobility, McKinsey & Company. February 2019. (44 pp., PDF, free, no opt-in)

IDC MarketScape: Worldwide Artificial Intelligence in Enterprise Marketing Clouds 2017 Vendor Assessment, (11 pp., PDF, free, no opt-in.)

In-depth: Artificial Intelligence 2019, Statista Digital Market Outlook, February 2019 (client access reqd).

Leading reasons to use artificial intelligence (AI) for marketing personalization according to industry professionals worldwide in 2018, Statista.

Lessons of 21st-Century Brands Modern Brands & AI Report, Forbes Insights and Quantcast Study (17 pp., PDF, free, opt-in),

Powerful pricing: The next frontier in apparel and fashion advanced analytics, McKinsey & Company, December 2018

Share of marketing and agency professionals who are comfortable with AI-enabled technology automated handling of their campaigns in the United States as of June 2018, Statista.  

The CMO Survey: Highlights and Insights Report, February 2019. Duke University, Deloitte and American Marketing Association. (71 pp., PDF, free, no opt-in).

Visualizing the uses and potential impact of AI and other analytics, McKinsey Global Institute, April 2018.  Interactive page based on Tableau data set can be found here.

What really matters in B2B dynamic pricing, McKinsey & Company, October 2018

Winning tomorrow’s car buyers using artificial intelligence in marketing and sales, McKinsey & Company, February 2019

Worldwide Spending on Artificial Intelligence Systems Will Grow to Nearly $35.8 Billion in 2019, According to New IDC Spending Guide, IDC; March 11, 2019

%d bloggers like this: