47% of U.S.-based enterprises are using AI today for recruitment, leading all countries in the survey. U.S.-based enterprises’’ adoption of AI for recruitment soared in the last year, jumping from 22% in 2018 to 47% this year based on last years’ Harris Interactive Talent Intelligence and Management Report 2018.
73% of U.S. CEOs and CHROs plan to use more AI in the next three years to improve talent management.
U.S.-based enterprises’’ adoption of AI for recruitment soared in the last year, jumping from 22% in 2018 to 47% this year.
U.S.-based enterprises lead in the use of AI to automate repetitive tasks (44%) and employee retention (42%).
These and many other fascinating insights are from a recent study completed by Harris Interactive in collaboration with Eightfold titled Talent Intelligence And Management Report 2019-2020, which provides insights into how CHROs are adopting AI today and in the future. You can download a copy here. A total of 1,350 CEOs and CHROs from the U.S., France, Germany, and the U.K. responded to the survey. One of the most noteworthy findings is how U.S-based CEOs and CHROs lead the world in prioritizing and taking action on improving their teams and their own AI skills. The more expertise they and their teams have with AI, the more effective they will be achieving operational improvements while taming the bias beast. The following graphic provides insights into how the four nations surveyed vary by their CEOs’ and CHROs’ perception of new technologies having had positive impacts, their plans for using AI in three years, and employee’s concerns about AI:
Predicting The Future Of AI In Talent Management
Four leading experts who are actively advising clients, implementing, and using AI to solve talent management challenges shared their predictions of how AI will improve talent management in 2020. The panel includes Kelly O. Kay, Partner, Heidrick & Struggles, Jared Lucas, Chief People Officer at MobileIron, Mandy Sebel, Senior Vice President, People at UiPath and David Windley CEO, IQTalent Partners. Mr. Kay leads the Software Practice for Heidrick & Struggles, a leading executive search and consulting firm commented: “As we all know, the talent crisis of 2019 is real and Eightfold’s application of AI on today is the most impactful approach I’ve seen and the outcomes they deliver eliminate unconscious bias, increases transparency and improves matching supply and demand of talent.” The following are their predictions of how AI will improve the following areas of talent management in 2020:
“I believe the use of AI in the talent acquisition space will begin to hit critical mass in 2020. We are still in the early adopter phase, but the use of AI to match potential candidates to job profiles is catching on. Especially the use of AI for rediscovering candidates in ATS systems of larger corporations. Companies like Eightfold, Hiretual, and Atipica are leading the way,” said David Windley CEO, IQTalent Partners.
AI will provide the insights needed for CHROs to retain and grow their best talent, according to Jared Lucas, Chief People Officer at MobileIron. “I predict that AI will drive better internal mobility and internal candidate identification as companies are better able to mine their internal talent to fill critical roles,” he said.
Having gained credibility for executive and senior management recruiting, AI platforms’ use will continue to proliferate in 2020. “Private Equity is beginning to commercialize how AI can help select executives for roles based on competencies and experiences, which is exciting!” said Kelly O. Kay, Partner, Heidrick & Struggles.
$10.7B was invested in AI startups this year in their seed, early-stage venture, or late-stage venture funding rounds.
Over half, or 57.9% of all AI startup financing rounds where either seed or pre-seed, 21.2% are Series A, 11.8% are Series B, and all others comprise 9% of all funding rounds.
The median AI startup funding round generated $4M with the average being $14.6M and the maximum, $319M, obtained by Vacasa.
These and many other fascinating insights are from an analysis of AI startups’ funding rounds in 2019 using Crunchbase Pro research. AI startups who have had seed, early-stage venture or late-stage venture funding since December 31, 2018, and are U.S.-based are included in the analysis which is provided here. Crunchbase Pro found 499 startups meeting the search criteria as of today.
Top 25 AI Startups Who Have Raised The Most Money In 2019
Vacasa – Raised $319M from a Series C round on October 29th, Vacasa is creating and using AI-driven tools to improve their customers’ experiences renting vacation homes around the world. Their AI strategies include improving every aspect of the customer’s lifecycle from pricing through scheduling post-stay cleans. The company manages a growing portfolio of more than 14,000 vacation homes in the U.S, Europe, Central, and South America, and South Africa.
Samsara – Raised $300M from a Series F round on September 10th. Samsara is an IoT platform combining hardware, software, and cloud to bring real-time visibility, analytics, and AI to operations. Samsara’s portfolio of Internet of Things (IoT) solutions combine hardware, software, and cloud to bring real-time visibility, analytics, and AI to operations. Their core strengths include vehicle telematics, driver safety, mobile workflow and compliance, asset tracking, and industrial process controls all in an integrated, open, real-time platform.
TripActions – Raised $250M from a Series D round on June 27th. TripActions is a business travel platform that combines the latest AI-driven personalization with inventory and 24×7 365 live human support to serve employees, finance leaders, and travel managers alike all while empowering organizations to seize travel as a strategic lever for growth.
ThoughtSpot – Raised $248M from a Series E round on August 22nd. ThoughtSpot’s AI-Driven analytics platform enables business analyst to capitalize on the expertise and shared knowledge of experienced data scientists. With ThoughtSpot, business analysts can analyze data or automatically get trusted insights pushed to you with a single click. ThoughtSpot connects with any on-premise, cloud, big data, or desktop data source. Business Intelligence and Analytics teams have used ThoughtSpot to cut reporting backlogs by more than 90% and make more than 3 million decisions and counting.
CloudMinds – Raised $186M from a Series B round on February 23rd. Founded in 2015, CloudMinds’ unique Cloud Robot Service Platform consists of Human Augmented Robotics Intelligence with Extreme Reality (HARIX), a Secure virtual backbone network (VBN over 4G/5G), and Robot Control Unit (RCU). Designed by CloudMinds, XR-1 Robot is the first commercial humanoid service robot powered by our Smart Compliant Actuator (SCA) technology with precise and compliant grasping capability. Their AI Cloud Brain platform (HARIX) is designed to enable robotic intelligence through a secured network over 4G/5G. CloudMinds is focused on several core technologies, including Smart Vision, Smart Voice, Smart Motion and Human Augmentation. The following is an overview of their architecture:
Icertis – Raised $115M from a Series E round on July 17th. Icertis is an enterprise contract management platform in the cloud that solves contract management problems using AI. Using advanced algorithms, Icertis helps its customers accelerate business cycles by increasing contract velocity, protecting against risk by ensuring regulatory and policy compliance and optimizing the commercial relationships by maximizing revenue and reducing costs. 3M, Airbus, Cognizant, Daimler, Microsoft, and Roche who rely on Icertis to manage 5.7 million contracts in 40+ languages across 90+ countries, are all customers. The following is an overview of the Icertis Contract Management Platform:
SparkCognition – Raised $100M from a Series C round on October 8th. SparkCognition builds artificial intelligence systems focused on the needs of its customers in the aviation, cybersecurity, defense, Financial Services, manufacturing, maritime, and Utilities industries. SparkCognition offers four main products: DarwinTM, DeepArmor, SparkPredict, and DeepNLPTM. One of their most noteworthy products is DeepArmor, an AI-powered endpoint security solution that has trained on millions of malicious and benign files and provides industry-leading protection against a broad spectrum of threats. With millions of new malware variants showing up each month, DeepArmor uses AI to assess risk levels and thwart malware and break attempts. DeepArmor’s dashboard is shown below:
Vectra AI – Raised $100M from a Series E round on June 10th. Vectra specializes in network detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito platform accelerates threat detection and investigation using artificial intelligence to collect, store, and enrich network metadata with the right context to detect, hunt and investigate known and unknown threats in real-time.
Globality – Raised $100M from a Series D round on January 22nd. The January round enabled Globality to accelerate its growth through investment in its AI technology, increasing business capacity by hiring additional members of its engineering, product, and client teams, and expanding its Marketing and Sales programs. Through its AI-powered Platform, Globality is automating the procurement of B2B services and improving the RFP process. Globality efficiently matches companies with service providers that meet their specific needs, cutting the sourcing process from months to hours, and delivering savings of 20% or more for companies.
Black Sesame Technologies – Raised $100M from a Series B round on April 12th. Black Sesame Technologies is an AI digital imaging technology firm provides solutions for image processing and computing images, as well as embedded sensing platforms. The firm specializes in algorithms for smartphones, autonomous driving, and other consumer electronics. Its R & D teams are actively working on core algorithm development, ASIC design, software system, and ADAS engineering applications.
Scale – Raised $100M from a Series C round on August 5th. Scale accelerates the development of AI applications by helping computer vision teams generate high-quality ground truth data. Our advanced LiDAR, video, and image annotation APIs allow self-driving, drone, and robotics teams at companies like Waymo, OpenAI, Lyft, Zoox, Pinterest, and Airbnb focus on building differentiated models vs. labeling data. Scale’s greatest strength is its API for training data, providing access to human-powered data for a multitude of use cases.
AutoX – Raised $100M from a Series A round on September 16th. AutoX is a self-driving car startup that uses AI to fine-tune Location-Based Services with camera-first autonomous driving technology. In July of this year, AutoX announced a partnership with NEVS, the Swedish holding company, and electric vehicle manufacturer that bought Saab’s assets out of bankruptcy, to deploy a robotaxi pilot service in Europe by the end of 2020.
DISCO – Raised $83M from a Series E round on January 24th. DISCO is a legal technology company that applies artificial intelligence and cloud computing to legal problems to help lawyers and legal teams improve legal outcomes for clients. Corporate legal departments, law firms, and government agencies around the world use DISCO as an ediscovery solution for compliance, disputes, and investigations. The company is looking to reinvent legal technology to automate and simplify complex and error-prone tasks that distract from practicing law.
QOMPLX – Raised $78.6M from a Series A round on July 23rd. QOMPLX makes it faster and easier for organizations to integrate disparate internal and external data sources across the enterprise via a unified analytics infrastructure that supports better decision-making using AI at scale. This enterprise data-fabric is called QOMPLX OS: an enterprise operating system that powers QOMPLX’s decision platforms in cybersecurity, insurance, and quantitative finance. The following is an example of how the QOMPLX OS automates data management while providing greater contextual intelligence to data:
Galileo Financial Technologies – Raised $77M from a Series A round on October 17th. Galileo’s APIs are used widely throughout the neobank, payments, gig economy, investing and SaaS market segments. As of September 2019, Galileo was managing over $26B in annual payments volume, a 130% increase over September 2018. Galileo’s latest round, a $77M investment led by venture capital firm Accel with participation from Qualtrics Co-Founder & CEO Ryan Smith. The company, which is already profitable and growing rapidly, plans to use the funds to accelerate growth, including expansion into Latin America, the UK, and Europe, and for continued product expansion.
BlackThorn Therapeutics – Raised 76M from a Series B round on June 13th. BlackThorn Therapeutics, Inc., is a clinical-stage neurobehavioral health company pioneering the next generation of AI technologies to advance its pipeline of targeted therapeutics for treating brain disorders. The company has engineered PathFinder, a cloud-based computational psychiatry and data platform, to enable the collection, integration, and analysis of multimodal data at great speed and scale. BlackThorn applies its data-driven approaches to create an understanding of the core underlying pathophysiology of neurobehavioral disorders and uses these insights to generate objective neuromarkers, which support drug target identification, patient stratification, and objective clinical trial endpoints.
Highspot – Raised $75M from a Series D round on December 3rd. Highspot is a sales enablement platform that relies on AI technologies to elevate and add value to companies’ conversations with their customers and drive strategic growth. The platform combines intelligent content management, training, contextual guidance, customer engagement, and actionable analytics. Revenue teams use Highspot to deliver a unified buying experience that increases revenue, customer satisfaction and retention. Highspot has attained a 90% average monthly recurring usage rate and has global support across 125 countries. It’s available on the Salesforce AppExchange, Microsoft Store, Google Play and Apple AppStore.
Moveworks – Raised $75M from a Series B round on November 11th. Moveworks is a cloud-based AI platform designed for large enterprises’ IT support and service desk challenges. Instead of just tracking issues, Moveworks uses advanced AI to solve IT support and service problems automatically, often with no human intervention. Customers include AutoDesk, Broadcom, Nutanix and many other Fortune 500 companies. Moveworks is backed by Bain Capital Ventures and Lightspeed Venture Partners and is headquartered in Mountain View, California.
Reonomy – Raised $60M from a Series D round on November 7th. Reonomy is an AI-powered data platform for the commercial real estate industry. The goal of the company’s platform is to leverage big data, partnerships, and machine learning to connect the fragmented world of commercial real estate. Reonomy products enable individuals, teams, and companies to unlock new insights from property intelligence. By constantly aggregating and organizing up-to-the-minute marketplace data, Reonomy offer investors and brokers the opportunity to research nuanced property characteristics that indicate the likelihood of a future sale. Below is an example of an analysis of the San Francisco neighborhood using AI-based filtering technology:
Clari – Raised $60M from a Series D round on October 10th. Clari is a connected revenue operations platform that uses automation and AI to unlock all the activity data captured in key business systems such as marketing automation, CRM, email, calendar, phone, content management, and conversations. It automatically aligns that data to accounts and opportunities to deliver visibility, forecasting, and apply predictive insights, which results in more insight, less guesswork, and more predictable revenue. Clari helps companies by changing their revenue operations to be more connected, efficient, and predictable. Clari’s platform is used by hundreds of sales, marketing, and customer success teams at B2B companies such as Qualtrics, Lenovo, Adobe, Dropbox, and Okta to control pipeline, audit deals and accounts, forecast the business, and reduce churn. The following is an example of a Clari dashboard:
People.ai – Raised $60M from a Series C round on May 21st. People.ai is an artificial intelligence (AI) platform for enterprise revenue. People.ai helps sales, marketing, and customer success teams uncover every revenue opportunity from every customer by capturing all customer contacts, activity, and engagement to drive actionable insights across all revenue teams. People.ai enables sales leaders to be more effective at managing their teams and growing revenue by giving them a complete picture of sales activities and leveraging AI to deliver sales performance analytics, personalized coaching, one-on-one feedback, and pipeline reviews. The People.ai platform identifies and targets the buying group, and gives marketers a clear visualization of whom sales have spoken with, and which campaign has been successful in each opportunity. Using this information, marketers are able to build personas and deal models in order to better target their marketing efforts and get better campaign ROI. Customer success and services teams use People.ai to ensure they are engaging with the right people when the customer is handed off to them, but more importantly, these post-sales teams are constantly looking to align their effort and activities with the right opportunities and customers, tracking the true cost to support each customer. The following graphic illustrates the People.ai platform automatically capture all contact and customer activity data, dynamically update your CRM, and provide actionable intelligence to realize the full potential of customer-facing teams. The following graphic illustrates the People.ai platform:
Invoca – Raised $56M from a Series C round on October 17th. Invoca is an AI-powered call tracking and analytics platform that helps marketers drive inbound calls and turn them into sales. The platform delivers real-time call analytics to help marketers take informed actions based on data generated before and during a phone conversation. It also allows marketers to understand, in real-time, the factors affecting consumers’ intent to buy, like competitive promotional campaigns. Marketers can put the data to work directly in the platform by automating customer experience workflows during, before, and after each call. Invoca’s platform integrates with Google Marketing Platform, Facebook, Adobe Experience Cloud, and Salesforce Sales and Marketing Clouds. Invoca’s investors include Accel Partners, H.I.G. Growth Partners, Upfront Ventures, Morgan Stanley Alternative Investment Partners, Salesforce Ventures, and Rincon Venture Partners. The following is an example of an Invoca dashboard used for measuring Google AdWords effectiveness:
Clinc – Raised $52M from a Series B round on May 20th. Clinc is a conversational AI platform that enables enterprises to build “human-in-the-room” level, next-gen, virtual assistants. In contrast to a speech-to-text word matching algorithm, Clinc analyzes dozens of factors from the user’s input including wording, sentiment, intent, tone of voice, time of day, location, and relationships, and uses those factors to deliver an answer that represents a composite of knowledge extracted from its trained brain. Clinc’s underlying technology is based on state-of-the-art machine learning and deep neural networks (DNN)-as-a-service developed by computer science professors at the University of Michigan. Clinc is a standalone “trained brain” that has been given an initial deep knowledge of the financial and banking industry. Its machine learning capabilities enable it to expand its knowledge with every query and to then draw from that knowledge for each subsequent customer query.
Biz2Credit – Raised $52M from a Series D round on June 4th. Biz2Credit is a hub connecting small business owners with lenders and service providers, and seek solutions based on their online profiles. Biz2X uses a streamlined user interface, AI-driven analytics, and a customizable white label environment to help banks enhance their core services such as offering focused customer service, growing their portfolio, and increasing the use of their products. With enhanced loan management, servicing, risk analytics and a configurable customer journey, Biz2X is helping banks like these run their lending operations at scale.
Uniphore – Raised $51M from a Series C round on August 13th. Uniphore is a global Conversational AI technology company that offers a customer service platform that is powered by AI and automation technologies. The Company’s vision is to bridge the gap between people and machines through voice. Uniphore enables businesses globally to deliver transformational customer service by providing a platform of Conversational Analytics, Conversational Assistant, and Conversational Security that changes the way enterprises engage their consumers, build loyalty and realize efficiencies.
Microsoft, Apple, and IBM lead the world in hardware & software patent innovation according to PatentSight.
Samsung, Johnson & Johnson, LG Electronics. Alphabet, Qualcomm, Ford, Intel, Microsoft, Sony, and VW are the ten most innovative companies in the world, according to PatentSight’s patent analytics research.
Ford leads the global automotive industry in patent innovation, due in large part to successful R&D efforts in autonomous driving.
These and many other fascinating insights are from Swiss consulting firm EconSight’s patent analytics research that first identified all the patents that are supposed to protect particularly relevant innovations – in this case, defined as innovations for the digitization of applied technologies – using the PatentSight database. Companies not only have to maintain their innovative strength; they also have to continue to expand in comparison to previous years to take a leading position in the ranking. For additional details on the methodology and to request the rank of your company, please visit the PatentSight Innovation Ranking 2019 site here.
Key insights from EconSight’s patent analytics research defining the most innovative companies globally include the following:
38 of the most innovative companies in the world are based in the U.S, 21 in China, and 15 from Europe. Chinese followed by Japanese-based companies lead the world in electronics innovation as measured by the uniqueness of patents produced. U.S. companies lead the world in medical technology patent innovation. The following graphic compares the number of companies within the global top 100 ranking by country and industry for 2019.
In the U.S., tech companies dominate the top 10 most innovative companies in 2019. Alphabet, Qualcomm, Intel, Microsoft, Honeywell, Apple, and GE are producing the most unique, differentiated and value-adding patents based on EconSight’s methodology. Medical technology companies show the greatest growth in innovative patent production as the graphic below illustrates:
The world’s most innovative medical technology companies’ patent focus is on biosensors, surgical robotics, shortening the time-to-market for pharmaceutical drugs, and funding startup incubators that yield new patents. Johnson & Johnson’s (J&J) multifaceted innovation strategy reflects the broader strategic vision of every medical technology company pursuing new intellectual property (IP) that leads to patent leadership. J&J acquired Auris Health and Verb Surgical, which is managed as a joint venture with Alphabet’s Verily medical division, which gives them a patent portfolio in healthcare intelligence. J&J has in total acquired over 300 companies in the medical technology industry according to PatentSight’s analysis. These acquisitions have moved them into biosensors, surgical robotics, and startups performing drug research.
Japanese robotics manufacturer Fanuc is the world’s most innovative automation technology company based on patent analysis. Since 2019 Fanuc has jumped 42 places in the ranking, from 61st to 19th. The global labor shortage in manufacturing is a contributing factor to the strong market demand Fanuc is seeing for all its robotics products and systems. The following are the top 25 robotics companies of 2019:
Ford leads the global automotive industry in patent innovation, while Volkswagen doubles down on patents over the last two years. Ford leads the world in patent innovation due to its rapid advances in autonomous vehicle development. Volkswagen’s rapid ascent in the automotive industry rankings has made them the most innovative company in Germany based on patent analytics this year. VW is investing in autonomous vehicles, and the networking of mobility participants, setting a solid foundation for future vehicle models today.
PatentSight – A Lexis Nexis company– specializes in cleaning and refining patent data and providing advanced patent analytics. Publicly available patent data simply cannot be used without qualitative preparation and correction. Due to the sheer mass (about 3.3 million new registrations in 2018 alone), all available patents cannot be viewed manually. Publications in many different languages and often very abstract contents make a manual review and evaluation difficult not only for laymen but also for experts. A further challenge is to level out the widely differing citation practices of national patent offices or to document the legal status of patents.
PatentSight, through manually supervised and scientifically developed algorithms, has best-in-class information on ownership data, going far beyond the testing standards recommended by the World Intellectual Property Organization (WIPO).
Moreover, PatentSight‘s proprietary patent valuation metrics reveal which patents are key, and which are superfluous. Based on citations, global protection, and several correction factors, EconSight leveraged these metrics to determine the most innovative companies.
More than 5,000 personal devices connect to enterprise networks every day with little or no endpoint security enabled in one of every three companies in the U.S., U.K., and Germany.
More than 1,000 shadow IoT devices connect to enterprise networks every day in 30% of the U.S., U.K., and German companies.
12% of U.K. organizations are seeing more than 10,000 shadow IoT devices connect to their enterprise networks every day.
Associates most often use shadow IT devices to access social media (39%), followed by downloading apps (24%), games (13%), and films (7%). Hackers, organized crime and state-sponsored cybercrime organizations rely on social engineering hacks, phishing, and malware injection across these four popular areas to gain access to enterprise networks and exfiltrate data.
Shadow personal IoT voice assistants, Amazon Kindles, smartphone, and tablet devices are proliferating across enterprise networks today, accelerated by last-minute shopping everyone is trying to get done before the end of December. 82% of organizations have introduced security policies governing the use of these devices but just 24% of employees are aware of them. Meanwhile, the majority of IT senior management, 88%, believe their policies are effective. These and many other fascinating insights are from a recent study completed by Infoblox titled, What is Lurking on Your Network, Exposing the threat of shadow devices (PDF, 7 pp., no opt-in).
Shadow IT’s Security Gaps Create New Opportunities For Hackers
Gaps in threat surface and endpoint security are what hackers, organized crime, and state-sponsored cybercrime organizations thrive on. The holidays create new opportunities for these organizations to capitalize on security gaps using social engineering hacks, phishing, malware injection and more. “With cybercriminals increasingly exploiting vulnerable devices, as well as targeting employees’ insecure usage of these devices, it is crucial for enterprise IT teams to discover what’s lurking on their networks and actively defend against the threats introduced,” Gary Cox, Technology Director, Western Europe for Infoblox said. Just a few of the many threats include the following:
A quick on-ramp for hackers to exfiltrate data from enterprise systems. Every personal device left unprotected on an enterprise network is an ideal threat surface for hackers and other malicious actors to infiltrate an enterprise network from. The most common technique is to use DNS tunneling, which enables cybercriminals to insert malware or pass stolen information into DNS queries, creating a covert communication channel that bypasses most firewalls. Project Sauron was one particularly advanced threat, which allegedly went undetected for five years at a number of organizations that used DNS tunneling for data exfiltration.
Distributed Denial of Service (DDoS) attacks are often launched from a series of hijacked connected devices that are often the least protected threat surface on corporate networks. It’s common for DDoS attacks to begin with malicious actors hijacking any vulnerable device they can to launch repeated and frequent queries that bombard the Domain Name Server (DNS) with the intent of slowing down its ability to process legitimate queries, often to the point that it can no longer function.
Creating and targeting Botnet armies using vulnerable IoT devices to attack organizations’ enterprise systems is increasing, according to Verizon’s latest 2019 Data Breach Investigations Report.“Botnets are truly a low-effort attack that knows no boundaries and brings attackers either direct revenue through financial account,” according to Verizon’s 2019 study. Botnets are also being used to steal privileged access credentials to an enterprises’ systems that are being accessed from the same personal devices employees are using for social media access and shopping. There have been over 40,000 breaches initiated using botnets this year so far, according to Verizon. The report notes that a variant of the Mirai IoT botnet began scanning for vulnerable Drupal servers in April of this year and was successful in finding the most vulnerable systems globally to install crypto mining software. The attack is known as Drupalgeddon2, and the scope of its vulnerabilities are still being discovered today.
Where To Start: Secure The Networks Shadow IT Relies On
Chief Information Security Officers (CISOs) have told me that the most challenging aspect of securing the proliferation of shadow IT devices is protecting the multitude of remote locations that together form their distributed networks. They’re saying that in 2020, enabling network security is the greatest challenge their enterprises will face. More enterprises are adopting cloud-based DDI platforms that enable enterprises to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Leaders in this area include Infoblox, a leader in SD-WAN and cloud-based DDI platforms for enterprises. Here are the most common strategies they’re relying on to secure their distributed networks based on the proliferation of personal devices:
Integrating threat intelligence data to evaluate if specific sites and applications are high risk or not. IT administrators need to deploy solutions that allow them to build safeguards that will prevent potential dangerous activity occurring on the network. Integrating threat intelligence data into DNS management enables security teams to monitor and prevent access to Newly Observed Domains. Many new domains will be set up ahead of phishing and/or spear-phishing campaign, so in preventing access to these sites, organizations can reduce the risk of employees accidentally introducing malware through clicking through to insecure links on personal devices connected to the enterprise network.
Set the goal of achieving full visibility across distributed networks by starting with a plan that considers cloud-based DDI platforms. CISOs and the IT teams working with them need to translate their policies into action by achieving more unified visibility by upgrading their core network services, including DNS, DHCP, and IP address management, on cloud-based DDI platforms to bring greater security scale and reliability across their enterprise networks.
Design in greater DNS security at the network level. Enterprise networks are heavily reliant on DNS, making them an area malicious actors attempt to disrupt in their broader efforts to exfiltrate valuable data from organizations. Existing security controls, such as firewalls and proxies, rarely focus on DNS and associated threats – leaving organizations vulnerable to highly aggressive, rapidly proliferating attacks. When secured, the DNS can act as an organization’s first line of defense. The DNS can provide essential context and visibility, so IT teams can be alerted of any network anomalies, report on what devices are joining and leaving the network, and resolve problems faster.
Bring Your Own Device (BYOD) initiatives’ benefits far outweigh the costs, making the business case for BYOD overwhelming positive, as seen in how financial services firms stay secure. Enterprises need to consider adopting a cloud-based DDI platform approach that enables them to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Many CISOs are beginning to realize the model of relying on centralized IT security isn’t scaling to support and protect the proliferation of user devices with internet access, leaving employees, branch offices, and corporate networks less secure than ever before. Every IT architect, IT Director, or CIO needs to consider how taking an SDWAN-based approach to network management reduces the risk of a breach and data exfiltration.
Tim Steinkopf is CEO at Centrify, where he leads the management, strategic direction, and execution of the company’s vision. Tim initially joined Centrify as Chief Financial Officer in October 2011 and took over as CEO in January 2019. Before Centrify, he held CFO positions at Secure Computing Corporation (acquired by McAfee), SumTotal Systems, Purfresh, and Silicon Entertainment. Tim has also held executive and management positions with Watt/Peterson and Ernst & Young.
Under Tim’s leadership, Centrify is only one of five cybersecurity companies with six or more years on Inc.’s annual list of America’s 5000 fastest-growing private companies. Centrify’s many honors include being awarded Gartner Peer Insights Customer’s Choice 2019 award earlier this year.
Tim is also a member of the Forbes Tech Council, and his latest article, Five Skills Necessary To Transition From CFO to CEO, shares how the lessons he learned from serving as a CFO for over two decades prepared him for the role of CEO. He says the one clear key attribute of CFOs is the ability to apply a metrics-driven approach to all facets of a business. The ability to orchestrate initiatives, programs, and strategies across the many departments of a company and have them all contribute to the metrics that define organizational success is vital and provides CFOs invaluable training in their progression to leading a company.
I had the opportunity to sit down with Tim recently for an executive Q&A to learn how Centrify is separating itself from the pack in crowded cybersecurity space, under his leadership and in partnership with private equity investor Thoma Bravo:
Louis: Centrify is only one of five cybersecurity companies with six or more years on Inc.’s annual list of America’s 5000 fastest-growing private companies. What are the most effective growth strategies that also deliver strong profitability today that keep Centrify growing?
Tim: I’m going to break this into two pieces because I think there’s a difference between growth versus profitability.
On the growth side, you can only attain the Inc. 5000 ranking by looking at a cumulative period of time. So, it isn’t that we’ve just grown for six years, it’s that we’ve had the ability to sustain growth over a rolling four-year period. To maintain placement on that list, we’ve had to excel at the details of how we serve our customers. It is quite an accomplishment and congratulations to all the current and former Centrify employees who were involved in that.
The real driver is our history of innovation. Centrify has always been an innovator, and we’ve always paid attention to our market, our drivers, and what our customers are saying. We’re trying to be a step or two ahead of our customers. If you’re able to do that, and you’re able to continue to innovate, then you can drive additional adoption of your solution set, and continue to drive growth.
Profitability does go hand in hand, but it’s slightly different because now you’re talking about effective, efficient growth. As CFO, I always had an eye on ROI and how to put capital, resources, and additional headcount to use, such that we could drive growth. Then you often ask yourself if you are driving it as efficiently as possible. And that’s where making the right kind of bets in technology for running and growing the business make a difference. It’s also about deploying into the correct markets so that you can land and then sustain growth.
Louis: In a previous interview, you mentioned the need for balanced metrics and change management strategies. Would you like to comment on those aspects of being a CEO?
Tim: It all comes down to the role of the CEO, leading a company to accomplish its goals. CEOs report to the board of directors, who ultimately set the goals for any company. And when you’re a CEO, you want to do everything possible to get to those goals. Knowing how the different parts of the company run and knowing where and how to allocate resources and change management all contributes to achieving the company’s goals.
Louis: How has Thoma Bravo, after becoming the majority investor in Centrify, helped your company pursue new partner, product, and service initiatives?
Tim: TB is known for placing winning bests, and investing in Centrify is a real feather in our cap. It’s seen by partners, prospects, and customers as a vote of confidence. We’ve been in business for over 15 years, are perennially in the Gartner Magic Quadrant, a leader in the Forrester Wave, and a leader in the channel as recognized by Computer Reseller news. We’ve got our own pedigree, and that’s great. Then you add on the fact that TB is a majority investor, and our reputation is even stronger.
Regarding product and service initiatives, TB spends a lot of time and effort on each investment, and they have a great track record, specifically in InfoSec and cybersecurity. They came in and said, “Hey, our investment thesis is to take Centrify and split it into two companies, where each will have a better ability to focus and compete, and that will drive more efficient resource allocation, and growth opportunities.” Centrify current iteration formed as a result of the investment thesis being implemented, and we’re excelling in our chosen market.
Louis: Gartner Peer Insights awarded Centrify with the 2019 Customer’s Choice recognition recently. What do you attribute your customers’ success to, and their willingness to share their stories online on forums include Gartner’s Peer Insights and others? They’re so critical to sale cycles right now.
Tim: Customer references are so important, and this is where we have to give credit to the greater Centrify organization. We have a customer-centric attitude, and that is why our customers are willing to speak up, which gives us the opportunity to compete and win awards, including Customer’s Choice 2019 and others.
Behind the scenes, it includes building and delivering a solid solution set combined with services. Once our solution is installed, we work quickly and in close collaboration with our customers to make sure it’s working and meeting their requirements. We view every customer relationship as a partnership, and how we implement our identity-centric PAM solutions for them is essential to a successful journey for them. We measure our success by our customers’ results, and if they are achieving their goals.
Louis: Privileged Access Management (PAM) shows potential in 2020 as a growth market. What are Centrify’s plans to capitalize on this market momentum?
Tim: That’s absolutely the market we’re in and serving customers with solutions for today. Going back 10 to 15 years, legacy approaches to PAM were thought of only in terms of password vaulting. We’ve strived to stay in step with our customers, as they’ve shown us that deploying a vault-only approach to PAM is not enough. They need to move beyond the vault and move to an identity-centric approach.
When organizations deploy a vault-only solution, they’re enabling login with shared admin or root accounts, and so that is a generic approach that is not identity-centric. Centrify’s solution helps organizations to centralize authentication and have their employees request access to specific resources with specific privilege elevation rights while also tracking all activity for audits, compliance, forensics, and regulatory purposes. Our customers place a high value on all of these aspects of our solution as it provides non-repudiation across their environments and better protects resources against cyberthreats.
The real potential for growth are the drivers moving PAM beyond the vault. It’s becoming more identity-centric, with a least privilege access approach. That message is resonating across the industry, and people get it. The biggest driver is the fact that 80% of the breaches are occurring because privileged credentials are getting compromised. Since they’re not identity-centric, too much privilege exists, which means the attack surface is greater, and it continues to get breached.
Louis: What are the most challenging aspects of being CEO of a fast-growing cyber security company today?
Tim: The most challenging aspects of being a CEO are the most exciting. One of the most energizing is competing in a very dynamic market. That’s what motivates me and why I’ve been in tech a long time.
Advances in technology drive the market, and it motivates companies, customers, and investors to take advantage of those advances and drive their business forward. At Centrify, our core focus is to capitalize on technology gains to help our customers achieve their goals by bringing new products to market. These include cloud, Infrastructure-as-a-Service (IaaS), machine learning, and other key strategic technologies. We’re always interested in utilizing new technologies, as the bad actors are also doing their own development of new ways to compromise our customers and their systems. They are looking for the weakest link.
We are completely committed to what we’re doing to stay ahead of those bad actors. Since technology continues to evolve and change, it makes the industry/market very dynamic.
Louis: When you visit with Centrify customers, what’s the most interesting feedback you’re hearing from them?
Tim: Our customer is normally the infrastructure and/or security people and teams. Who we primarily interact with is determined by the structure of a given customer’s organization. The people deploying, running, and supporting the networks and IT environments, who are responsible for those areas, are who we primarily work with.
The one common theme we hear from them is that they’re just trying to keep up. They look to us for help doing that, specifically how they can make privileged access management more efficient and effective across their organizations. Our customers look to Centrify so they can capitalize on our decades of expertise and complete commitment to providing privileged access management solutions that scale with their business.
They all know that it only takes one compromised, privileged credential to ruin their day, affecting millions of customers and costing hundreds of thousands (or millions) of dollars. One of our challenges in helping our customers is to help them face the challenge of educating upwards in their organizations as to the importance of having the proper tools for cybersecurity.
Louis: When you get invited into a prospect’s bake-off to compare PAM vendors, why does Centrify win? And how do you proceed into a Proof of Concept following winning a bake-off?
Tim: The number one reason we win is because we have a strong vision around identity-centric privileged access management. In addition, many organizations are undergoing digital transformations, and the majority of organizations have a hybrid IT and cloud environment. This includes on-premises, hybrid cloud and multi-cloud environments, and ephemeral environments. The ability to manage all of those different aspects with a central approach to identity is much more efficient and effective in the long run.
We see customers looking to make this their ongoing infrastructure deployment strategy, which will set them up for the future. That, and having a more encompassing solution set that addresses their greatest security risks are how we are differentiating today.
Louis: Your customer base appears to have a robust multi-cloud strategy, combining AWS, Microsoft Azure, and Google Cloud Platform. What’s a major challenge many are facing when migrating to cloud, and what does the future look like in terms of securing their identity and privileged access?
Tim: Multi-cloud didn’t really shape our strategy because we are based on a central repository for identity. Implicit in that approach is having everybody log in as themselves while providing them the freedom to do their jobs. And when it comes to least privileged access, we focus on allowing just enough access to every member to get their work done, while tracking every login to ensure compliance.
We’ve always supported that vision with an architecture that would span on-premises and cloud systems because nobody is going to completely do multi-cloud overnight. It’s a journey that begins by recognizing the business need for a hybrid IT environment that includes multi-cloud integration and platforms.
Our architecture is based on a cloud-based privileged access service that connects to wherever our customer’s identity store is. Through the use of cloud connectors, we can provide centralized identity and privileged access into your workloads running within a Virtual Private Cloud (VPC). We find most customers have multiple VPCs and their architected to be generic, which reflects the fact our customers end up with more than one infrastructure as a service platform provider. We’re able to handle that and provide privileged access management across all those environments.
It’s the strength of our privileged access service and our cloud connectors give our customers the option of selecting a thin client that deploys on their workloads within different VPCs, and then comes back to the service and communicates with various connected identity stores. It’s designed to be a very efficient architecture, and it plays well in ephemeral, quickly-changing elastic environments to support the requirements and scale needs of the business. Our architecture flexes and provides identity and privileged access management across their unique cloud and on-premise system configurations.
Python, React (web), Angular, machine learning, and Docker will be the five most popular tech skills in 2020.
TensorFlow is the most popular tech skill of the last three years, exponentially increasing between 2016 and 2019 based on Udemy’s
Udemy sees robust demand for AI and data science skills, in addition to web development frameworks, cloud computing, and IT certifications, including AWS, CompTIA & Docker.
SAP expertise is projected to be the fastest-growing process-related skill set in 2020.
These and many other fascinating insights are from Udemy for Business’ 2020 Workplace Learning Trends Report: The Skills of the Future (48 pp., PDF, opt-in). The report provides compelling evidence of how important it is to prepare workforces for the future of work in an AI-enabled world. Udemy predicts 2020 will be the year AI goes mainstream. The report states that “In the world of finance, investment funds managed by AI and computers account for 35% of America’s stock market today,” citing a recent article in The Economist, The rise of the financial machines. The following are the key insights from the report:
Python, React (web), Angular, machine learning, and Docker will be the five most popular tech skills in 2020. TensorFlow, OpenCV, and neural networks are the foundational skills many data scientists are pursuing and perfecting today to advance their AI-based career strategies. Mastering those three skills is essential for understanding and developing AI apps and platforms. TensorFlow is a free and open-source software library for dataflow and differentiable programming across a range of tasks. It is a symbolic math library and is also used for machine learning applications such as neural networks. The following is a comparison of the top 10 most popular tech skills in 2020 and the top 10 tech skills that grew in popularity between 2016 and 2019.
Udemy for Business’ 2020 Workplace Learning Trends Report: The Skills of the Future
The top 10 emerging tech skills in 2020 will be web development, quantum computing, and Internet of Things IoT). Udemy analyzed the emerging skills that over 40M people are learning on Udemy today, and found that Gatsby.js, a new web development framework tool, is gaining rapid adoption. Additional web development tools include React Hooks, Next.js, and SwiftUI, a user interface tool for Apple apps. Entirely new skills, including quantum computing and ESP32, used in the IoT development, are also among the top 1 emerging tech skills of 2020.
Udemy for Business’ 2020 Workplace Learning Trends Report: The Skills of the Future
SAP enterprise software expertise, knowledge of the ISO/IEC 27001 standard, information security, and Microsoft Dynamics 365 are projected to be the four of the fastest-growing process and tools skills in 2020. Udemy also found a strong interest in Robotic Process Automation (RPA) and Business Process Management (BPM). Robotic Process Automation (RPA) refers to the use of process automation tools to quickly replicate how human beings perform routine daily office work using popular productivity apps, including Microsoft Excel, databases, or web applications.
Udemy for Business’ 2020 Workplace Learning Trends Report: The Skills of the Future
Chef Software expertise, network security, penetration testing, Linux security, and AWS Certified Cloud are predicted among the fastest-growing skills for IT professionals in 2020. Chef software is prevalent in IT organizations and is used for streamlining the task of configuring & maintaining a company’s servers. Chef has invested in integrating with many of the most popular cloud-based platforms, including Rackspace, Microsoft Azure, and Amazon Elastic Compute Cloud, to automatically provision and configure new machines.
Udemy for Business’ 2020 Workplace Learning Trends Report: The Skills of the Future
Cloud-based endpoint protection platforms (EPP) are proliferating across enterprises today as CIOs and CISOs prioritize greater resiliency in their endpoint security strategies going into 2020.
Gartner predicts that Global Information Security and Risk Management end-user spending is forecast to grow at a five-year CAGR of 9.2% to reach $174.5 billion in 2022, with approximately $50B spent on endpoint security.
Endpoint security tools are 24% of all IT security spending, and by 2020 global IT security spending will reach $128B according to Morgan Stanley Research.
70% of all breaches still originate at endpoints, despite the increased IT spending on this threat surface, according to IDC.
There’s a surge of activity happening right now in enterprises that are prioritizing more resiliency in their endpoint security strategies going into 2020. The factors motivating CIOs, CISOs, IT, and Practice Directors to prioritize endpoint resiliency include more effective asset management based on real-time data while securing and ensuring every endpoint can heal itself using designed-in regenerative software at the BIOS level of every device. CIOs say the real-time monitoring helps reduce asset management operating expense, a big plus many of them appreciate give their tight budgets. Sean Maxwell, Chief Commercial Officer at Absolute, says, “Trust is at the center of every endpoint discussion today as CIOs, CISOs and their teams want the assurance every endpoint will be able to heal itself and keep functioning.”
The Endpoint Market Is Heating Up Going Into 2020
Over thirty vendors are competing in the endpoint security market right now. A few of the most interesting are Absolute Software, Microsoft,Palo Alto Networks, and others who are seeing a surge of activity from enterprises based on discussions with CIOs and CISOs. Absolute Software’s Persistence self-healing endpoint security technology is embedded in the firmware of more than 500 million devices and gives CIOs, CISOs and their team’s complete visibility and control over devices and data. Absolute is the leading visibility and control platform that provides enterprises with tamper-proof resilience and protection of all devices, data, and applications.
Like Absolute, Microsoft is unique in how they are the only vendor to provide built-in endpoint protection at the device level, with the core focus being on the OS. Windows 10 has Windows Defender Antivirus now integrated at the OS level, the same System Center Endpoint Protection delivers in Windows 7 and 8 OS. Microsoft Defender Advanced Threat Protection (ATP) incident response console aggregates alerts and incident response activities across Microsoft Defender ATP, Office 365 ATP, Azure ATP, and Active Directory, in addition to Azure.
Further evidence of how enterprise customers are placing a high priority on endpoint security is the increase in valuations of key providers in this market, including Absolute Software(TSE: ABT) and others. Absolute’s stock price has jumped 13% in just a month, following their latest earnings announcement on November 12th with a transcript of their earnings call here. Absolute’s CEO Christy Wyatt commented during the company’s most recent earnings call that, “The ability to utilize near real-time data from the endpoint to… to deliver actionable insights to IT about where controls are failing and the ability to apply resilience to self-heal and reinforce those security controls will become a critical skill for every one of our customers. This is the essence of Absolute’s platform, which adds resiliency to our customer’s operations.” It’s evident from what CIOs and CISOs are saying that resiliency is transforming endpoint security today and will accelerate in 2020.
Key Takeaways From Conversations With Enterprise Cybersecurity Leaders
The conversations with CIOs, CISOs, and IT Directors provided valuable insights into why resiliency is becoming a high priority for endpoint security strategies today. The following are key takeaways from the conversations:
Known humorously as the “fun button” cybersecurity teams enjoy being able to brick any device any time while monitoring the activity happening on it in real-time. One CIO told the story of how their laptops had been given to a service provider who was supposed to destroy them to stay in compliance with the Health Insurance Portability and Accountability Act (HIPAA), and one had been resold on the back market, ending up in a 3rd world nation. As the hacker attempted to rebuild the machine, the security team watched as each new image was loaded, at which time they would promptly brick the machine. After 19 tries, the hacker gave up and called the image re-build “brick me.”
IT budgets for 2020 are flat or slightly up, with many CIOs being given the goal of reducing asset management operating expenses, making resiliency ideal for better managing device costs. The more effectively assets are managed, the more secure an organization becomes. That’s another motivating factor motivating enterprises to adopt resiliency as a core part of the endpoint security strategies.
One CIO was adamant they had nine software agents on every endpoint, but Absolute’s Resilience platform found 16, saving the enterprise from potential security gaps. The gold image an enterprise IT team was using had inadvertently captured only a subset of the total number of software endpoints active on their networks. Absolute’s Resilience offering and Persistence technology enabled the CIO to discover gaps in endpoint security the team didn’t know existed before.
Endpoints enabled with Resiliency have proven their ability to autonomously self-heal themselves, earning the trust of CIOs and CISOs, who are adopting Absolute to alleviate costly network interruptions and potential breaches in the process. 19% of endpoints across a typical IT network require at least one client or patch management repair monthly, according to Absolute’s 2019 Endpoint Security Trends Report. The report also found that increasing security spending on protecting endpoints doesn’t increase an organizations’ safety – and in some instances, reduces it. Having a systematic, design-in solution to these challenges gives CIOs, CISO, and their teams greater peace of mind and reduces expensive interruptions and potential breaches that impede their organizations’ growth.
Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.
Cybersecurity is at an inflection point entering 2020. Advances in AI and machine learning are accelerating its technological progress. Real-time data and analytics are making it possible to build stronger business cases, driving higher adoption. Cybersecurity spending has rarely been linked to increasing revenues or reducing costs, but that’s about to change in 2020.
What Leading Cybersecurity Experts Are Predicting For 2020
AI and machine learning will continue to enable asset management improvements that also deliver exponential gains in IT security by providing greater endpoint resiliency in 2020. Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, observes that “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space, accelerating in 2020 as more enterprises choose greater resiliency to secure endpoints.”
AI tools will continue to improve at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams. Nicko van Someren, Ph.D., and CTO at Absolute Software also predict that“Enterprise executives will be concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase.”
Threat actors will increase the use of AI to analyze defense mechanisms and simulate behavioral patterns to bypass security controls, leveraging analytics to and machine learning to hack into organizations. Dr. Torsten George, Cybersecurity Evangelist at Centrify, predicts that “threat actors, many of them state-sponsored, will increase their use and sophistication of AI algorithms to analyze organizations’’ defense mechanisms and tailor attacks to specific weak areas. He also sees the threat of bad actors being able to plug into the data streams of organizations and use the data to further orchestrate sophisticated attacks.”
Given the severe shortage of experienced security operations resources and the sheer volume of data that most organizations are trying to work through, we are likely to see organizations seeking out AI/ML capabilities to automate their security operations processes. Craig Sanderson, Vice President of Security Products at Infoblox also predicts that “while AI and machine learning will increasingly be used to detect new threats it still leaves organizations with the task of understanding the scope, severity, and veracity of that threat to inform an effective response. As security operations becomes a big data problem it necessitates big data solutions.”
There’s going to be a greater need for adversarial machine learning to combat supply chain corruption in 2020. Sean Tierney, Director of Threat Intelligence at Infoblox, predicts that “the need for adversarial machine learning to combat supply chain corruption is going to increase in 2020. Sean predicts that the big problem with remote coworking spaces is determining who has access to what data. As a result, AI will become more prevalent in traditional business processes and be used to identify if a supply chain has been corrupted.”
Artificial intelligence will become more prevalent in account takeover—both the proliferation and prevention of it. Josh Johnston, Director of AI at Kount, predicts that “the average consumer will realize that passwords are not providing enough account protection and that every account they have is vulnerable. Captcha won’t be reliable either, because while it can tell if someone is a bot, it can’t confirm that the person attempting to log in is the account holder. AI can recognize a returning user. AI will be key in protecting the entire customer journey, from account creation to account takeover, to a payment transaction. And, AI will allow businesses to establish a relationship with their account holders that are protected by more than just a password.”
Consumers will take greater control of their data sharing and privacy in 2020. Brian Foster, Senior Vice President Product Management at MobileIron, observes that over the past few years, we’ve witnessed some of the biggest privacy and data breaches. As a result of the backlash, tech giants such as Apple, Google, Facebook and Amazon beefed up their privacy controls to gain back trust from customers. Now, the tables have turned in favor of consumers and companies will have to put privacy first to stay in business. Moving forward, consumers will own their data, which means they will be able to selectively share it with third parties, but most importantly, they will get their data back after sharing, unlike in years past.
As cybersecurity threats evolve, we’ll fight AI with AI. Brian Foster, Senior Vice President Product Management at MobileIron, notes that the most successful cyberattacks are executed by highly professional criminal networks that leverage AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. All of this makes it extremely hard for IT security organizations to keep up — much less stay ahead of these threats. While an attacker only needs to find one open door in an enterprise’s security, the enterprise must race to lock all of the doors. AI conducts this at a pace and thoroughness human ability can no longer compete with, and businesses will finally take notice in 2020.
AI and machine learning will thwart compromised hardware finding its way into organizations’ supply chains. Rising demand for electronic components will expand the market for counterfeit components and cloned products, increasing the threat of compromised hardware finding its way into organizations’ supply chains. The vectors for hardware supply-chain attacks are expanding as market demand for more and cheaper chips, and components drive a booming business for hardware counterfeiters and cloners. This expansion is likely to create greater opportunities for compromise by both nation-state and cybercriminal threat actors. Source: 2020 Cybersecurity Threats Trends Outlook; Booz, Allen, Hamilton, 2019.
Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security. Capgemini found that nearly one in five organizations were using AI to improve cybersecurity before 2019. In addition to network security, data security, endpoint security, and identity and access management are the highest priority use cases for improving cybersecurity with AI in enterprises today. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.
Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.
On average, there are 82 new rogue applications submitted per day to any given AppExchange or application platform, all designed to defraud consumers. Mobile and digital commerce are cybercriminals’ favorite attack surfaces because they are succeeding with a broad base of strategies for defrauding people and businesses.
Phishing, malware, smishing, or the use of SMS texts rather than email to launch phishing attempts are succeeding in gaining access to victims’ account credentials, credit card numbers, and personal information to launch identity theft breaches. The RSA is seeing an arms race between cybercriminals and mobile OS providers with criminals improving their malware to stay at parity or leapfrog new versions and security patches of mobile operating systems.
Improving Mobile Fraud Prevention With AI And Machine Learning
Creating a series of rogue applications and successfully uploading them into an AppExchange or application store gives cybercriminals immediate access to global markets. Hacking mobile apps and devices is one of the fastest-growing cybercriminal markets, one with 6.8B mobile users worldwide this year, projected to increase to 7.3B in 2023, according to The Radicati Group. The total number of mobile devices, including both phones and tablets, will be over 13B by the end of 2019, according to the research firm. And a small percentage of mobile fraud transactions get reported, with mobile fraud losses reported totaling just over $40M across 14,392 breaches according to the U.S. Federal Trade Commission. Mobile fraud is an epidemic that needs to be fought with state-of-the-art approaches based on AI and machine learning’s innate strengths.
Traditional approaches to thwarting digital fraud rely on rules engines that thrive on detecting and taking action based on established, known patterns, and are often hard-coded into a merchant’s system. Fraud analyst teams further customize rules engines to reflect the unique requirements of the merchants’ selling strategies across each channel. Fine-tuning rules engines makes them effective at recognizing and taking action on known threat patterns. The challenge for every merchant relying on a fraud rules engine is that they often don’t catch the latest patterns in cybercriminal activity. Where rules-based approaches to digital fraud don’t scale, AI, and machine learning do.
Exploring The 7 Ways AI Is Reducing Mobile Fraud
Where rules engines are best suited for spotting existing trends in fraud activity, machine learning excels at classifying observations (called supervised machine learning) and finding anomalies in data by finding entirely new patterns and associations (called unsupervised machine learning). Combining supervised and unsupervised machine learning algorithms are proving to be very effective at reducing mobile fraud. The following are the seven ways AI and machine learning are reducing mobile fraud today:
AI and machine learning reduce false positives by interpreting the nuances of specific behaviors and accurately predicting if a transaction is fraudulent or not. Merchants are relying on AI and machine learning to reduce false positives, saving their customers from having to re-authenticate who they are and their payment method. A false positive at that first interaction with a customer is going to reduce the amount of money that they spend with a merchant, so it’s very important to interpret each transaction accurately.
Identifying and thwarting merchant fraud based on anomalous activity from a compromised mobile device. Cybercriminals are relying on SIM swapping to gain control of mobile devices and commit fraud, as the recent hack of Twitter’s founder Jack Dorsey illustrates. Hackers were able to transfer his telephone number using SIM swapping and by talking Dorsey’s mobile service provider to bypass the account passcode. Fortunately, only his Twitter account was hacked. Any app or account accessible on his phone could have been breached, leading to fraudulent bank transfers or purchases. The attack could have been thwarted if Jack Dorsey’s mobile service provider was using AI-based risk scoring to detect and act on anomalous activity.
AI and machine learning-based techniques scale across a wider breadth of merchants than any rules-based approach to mobile fraud prevention can. Machine learning-based models scale and learn across different industries in real-time, accumulating valuable data that improves payment fraud prediction accuracy. Kount’s Universal Data Network is noteworthy, as it includes billions of transactions over 12 years, 6,500 customers, 180+ countries and territories, and multiple payment networks. That rich data feeds Kount’s machine learning models to detect anomalies more accurately and reduce false positives and chargebacks.
Combining supervised and unsupervised machine learning algorithms translates into a formidable speed advantage, with fraudulent transactions identified on average in 250 milliseconds. Merchants’ digital business models’ scale and speed are increasing, and with the holidays coming up, there’s a high probability many will set mobile commerce sales records. The merchants who will gain the most sales are focusing on how security and customer experience can complement each other. Being able to approve or reject a transaction within a second or less is the cornerstone of an excellent customer buying experience.
Knowing when to use two-factor authentication via SMS or Voice PIN to reduce false negatives or not, preserving customer relationships in the process. Rules engines will often take a brute-force approach to authentication if any of the factors they’re tracking show a given transaction is potentially fraudulent. Requesting customers authenticate themselves after they’re logged into a merchant’s site when they attempt to buy an item is a sure way to lose a customer for life. By being able to spot anomalies quickly, fewer customers are forced to re-authenticate themselves, and customer relationships are preserved. And when transactions are indeed fraudulent, losses have been averted in less than a second.
Provide a real-time transaction risk score that combines the strengths of supervised and unsupervised machine learning into a single fraud prevention payment score. Merchants need a real-time transaction risk score that applies to every channel they sell, though. Fraud rules engines had to be tailored to each specific selling channel with specific rules for each type of transaction. That’s no longer the case due to machine learnings’ ability to scale across all channels and provide a transaction risk score in milliseconds. Leaders in this area include Kount’s Omniscore, the actionable transaction safety rating that is a result of their AI, which combines patented, proprietary supervised and unsupervised machine learning algorithms and technologies.
Combining insights from supervised and unsupervised machine learning with contextual intelligence of transactions frees up fraud analysts to do more investigations and fewer transaction reviews. AI and machine learning-based fraud prevention systems’ first contribution is often reducing the time fraud analysts take for manual reviews. Digitally-based businesses I’ve talked with say having supervised machine learning categorize and then predict fraudulent attempts is invaluable from a time-saving standpoint alone. Merchants are finding AI, and machine learning-based approaches enable to score to approve more orders automatically, reject more orders automatically, and focus on those gray area orders, freeing up fraud analysts to do more strategic, rewarding work. They’re able to find more sophisticated, nuanced abuse attacks like refer a friend abuse or a promotion abuse or seller collusion in a marketplace. Letting the model do the work of true payment fraud prevention frees up those fraud analysts to do other worth that add value.
With the holiday season rapidly approaching, it’s time for merchants to look at how they can protect mobile transactions at scale across all selling channels. AI and machine learning are proving themselves as viable replacements to traditional rules engines that rely on predictable, known fraud patterns. With 70% of fraudulent transactions originating in the mobile channel in 2018 and the influx of orders coming in the next three months, now would be a good time for merchants to increase their ability to thwart mobile fraud while reducing false positives that alienate customers.