Tech Insight : How A Norwegian Company Is Tackling ‘AI Hallucinations’

Oslo-based startup Iris.ai has developed an AI Chat feature for its Researcher Workspace platform which it says can reduce ‘AI hallucinations’ to single-figure percentages.

What Are AI Hallucinations? 

AI hallucinations, also known as ‘adversarial examples’ or ‘AI-generated illusions,’ are where AI systems generate or disseminate information that is inaccurate, misleading, or simply false. The fact that the information appears convincing and authoritative despite lacking any factual basis means that it can create problems for companies that use the information without verifying it.

Examples 

A couple of high-profile examples of when AI hallucinations have occurred are:

– When Facebook / Meta demonstrated its Galactica LLM (designed for science researchers and students) and, when asked to draft a paper about creating avatars, the model cited a fake paper from a genuine author working on that subject.

– Back in February, when Google demonstrated its Bard chatbot in a promotional video, Bard gave incorrect information about which satellite first took pictures of a planet outside the Earth’s solar system. Although it happened before a presentation by Google, it was widely reported, resulting in Alphabet Inc losing $100 billion in market value on its shares.

Why Do AI Hallucinations Occur? 

There are a number of reasons why chatbots (e.g. ChatGPT) generate AI hallucinations, including:

– Generalisation issues. AI models generalise from their training data, and this can sometimes result in inaccuracies, such as predicting incorrect years due to over-generalisation.

– No ground truth. LLMs don’t have a set “correct” output during training, differing from supervised learning. As a result, they might produce answers that seem right but aren’t.

– Model limitations and optimisation targets. Despite advances, no model is perfect. They’re trained to predict likely next words based on statistics, not always ensuring factual accuracy. Also, there has to be a trade-off between a model’s size, the amount of data it’s been trained on, its speed, and its accuracy.

What Problems Can AI Hallucinations Cause? 

Using the information from AI hallucinations can have many negative consequences for individuals and businesses. For example:

– Reputational damage and financial consequences (as in the case of Google and Bard’s mistake in the video).

– Potential harm to individuals or businesses, e.g. through taking and using incorrect medical, business, or legal advice (although ChatGPT passed the Bar Examination and business school exams early this year).

– Legal consequences, e.g. through publishing incorrect information obtained from an AI chatbot.

– Adding to time and workloads in research, i.e. through trying to verify information.

– Hampering trust in AI and AI’s value in research. For example, an Iris.ai survey of 500 corporate R&D workers showed that although 84 per cent of workers use ChatGPT as their primary AI research support tool, only 22 per cent of them said they trust it and systems like it.

Iris.ai’s Answer 

Iris.ai has therefore attempted to address these factuality concerns by creating a new system that has an AI engine for understanding scientific text. This is because the company developed it primarily for use in its Researcher Workspace platform (to which it’s been added as a chat feature) so that its (mainly large) clients, such as the Finnish Food Authority can use it confidently in research.

Iris.ai has reported that the inclusion of the system accelerated research on a potential avian flu crisis can essentially save 75 per cent of a researcher’s time (by not having to verify whether information is correct or made up).

How Does The Iris.ai System Reduce AI Hallucinations? 

Iris.ai says its system is able to address the factuality concerns of AI using a “multi-pronged approach that intertwines technological innovation, ethical considerations, and ongoing learning.” This means using:

– Robust training data. Iris.ai says that it has meticulously curated training data from diverse, reputable sources to ensure accuracy and reduce the risk of spreading misinformation.

– Transparency and explainability. Iris.ai says using advanced NLP techniques, it can provide explainability for model outputs. Tools like the ‘Extract’ feature, for example, show confidence scores, allowing researchers to cross-check uncertain data points.

– The use of knowledge graphs. Iris.ai says it incorporates knowledge graphs from scientific texts, directing language models towards factual information and reducing the chance of hallucinations. The company says this is because this kind of guidance is more precise than merely predicting the next word based on probabilities.

Improving Factual Accuracy 

Iris.ai’s techniques for improving factual accuracy in AI outputs, therefore, hinge upon using:

– Knowledge mapping, i.e. Iris.ai maps key knowledge concepts expected in a correct answer, ensuring the AI’s response contains those facts from trustworthy sources.

– Comparison to ground truth. The AI outputs are compared to a verified “ground truth.” Using the WISDM metric, semantic similarity is assessed, including checks on topics, structure, and vital information.

– Coherence examination. Iris.ai’s new system reviews the output’s coherence, ensuring it includes relevant subjects, data, and sources pertinent to the question.

These combined techniques set a standard for factual accuracy and the company says its aim has been to create a system that generates responses that align closely with what a human expert would provide.

What Does This Mean For Your Business? 

It’s widely accepted (and publicly admitted by AI companies themselves) that AI hallucinations are an issue that can be a threat for companies (and individuals) who use the output of generative AI chatbots without verification. Giving false but convincing information highlights both one of the strengths of AI chatbots, i.e. how it’s able to present information, as well as one of its key weaknesses.

As Iris.ai’s own research shows, although most companies are now likely to be using AI chatbots in their R&D, they are aware that they may not be able to fully trust all outputs, thereby losing some of the potential time savings by having to verify as well as facing many potentially costly risks. Although Iris.ai’s new system was developed specifically for understanding scientific text with a view to including it as a useful tool for researchers who use its own site, the fact that it can reduce AI hallucinations to single-figure percentages is impressive. Its methodology may, therefore, have gone a long way toward solving one of the big drawbacks of generative AI chatbots and, if it weren’t so difficult to scale up for popular LLMs it may already have been more widely adopted.

As good as it appears to be, Iris.ai’s new system can still not solve the issue of people simply misinterpreting the results they receive.

Looking ahead, some tech commentators have suggested that methods like using coding language rather than the diverse range of data sources and collaborations with LLM-makers to build larger datasets may bring further reductions in AI hallucinations. For most businesses now, it’s a case of finding the balance of using generative AI outputs to save time and increase productivity while being aware that those results can’t always be fully trusted and conducting verification checks where appropriate and possible.

Tech Insight : No Email Backup For Microsoft 365?

In this insight, we look at what many users think to be a surprising fact in that Microsoft 365 doesn’t provide a traditional email backup solution, and we look at what businesses can do about this.

Did You Know?…. 

Contrary to popular belief, Microsoft 365 (previously known as Office 365) is not designed as a traditional “backup” solution in the way many businesses might think of backups. Most importantly, email isn’t properly “backed-up” by Microsoft. Instead, the onus is on the business-owner to find their own email backup solution. In fact, Microsoft 365’s backup and recovery default settings only really protect your data for 30-90 days on average.

So, How Does It Handle Email and Other Data? 

Although Microsoft 365 doesn’t automatically provide a traditional email backup, it does provide some email and data handling protections that can include aspects of email. For example:

– Microsoft has multiple copies of your data as part of its ‘data resilience.’  For example, if there’s an issue with one data centre or a disk fails, they can recover data from their copies. Although this can help, it’s not the same as a backup that can be used to recover from accidental deletions, malicious activity, etc.

– Microsoft 365 provides retention policies that allow you to specify how long data (like emails) are kept in user mailboxes. Even if a user deletes an email, it can, therefore, be retained in a hidden part of their mailbox for a period you specify.

– For legal purposes, it is possible to put an entire mailbox (or just specific emails) on “Litigation Hold”, which basically ensures that the emails can’t be deleted or modified. Also, eDiscovery tools / document review software can be used by legal professionals for searching across the environment for specific data, e.g. to find emails, documents CAD/CAM files, databases, image files, and more.

– Microsoft’s archiving, i.e. where older emails can be automatically moved to an archive mailbox, can be one way to help businesses ensure that critical data is retained without cluttering the primary mailbox.

– When users delete emails, they go to the ‘Deleted Items’ folder. If emails are deleted from there, they go to the ‘Recoverable Items’ folder, where they remain for another 14 days (by default, but this can be extended) and can, therefore, be recovered.

Limitations 

Although these features help with retaining some important business data and emails, they’re not a substitute for a dedicated and complete email backup solution, and they have their limitations, which are:

– They may not protect against all types of data loss, especially if data gets deleted before a retention policy is set or if the retention period expires. For example, with email archiving, when an item reaches the end of its aging period, it is automatically deleted from Microsoft 365.

– They may not facilitate easy recovery if a user accidentally (or maliciously) deletes a vast amount of critical data.

– They don’t offer a separate, offsite backup in case of catastrophic issues or targeted attacks.

Third-Party Backup Solutions

Given these limitations and given that most businesses would feel more secure knowing that they have a proper email backup solution in place (such as for the sake of business continuity and disaster recovery following a cyber-attack or other serious incident), many businesses opt for third-party backup solutions specifically designed for Microsoft 365 to provide another layer of protection.

These solutions can offer more traditional backup and valued recovery capabilities, such as ‘point-in-time restoration’.

Backup Soultions

There are many examples of third-party Office 365 and email backup solutions and for most businesses, their managed support provider is able to provide an email backup solution that meets their specific needs.

Does Google Backup Your Gmail Emails? 

As with Microsoft 365, Google provides a range of data retention and resilience features for Gmail (especially for its business-oriented services like Google Workspace) but these aren’t traditional backup solutions. The retention and resilience features Google’s Gmail does provide include:

– For data resilience, Google has multiple data copies. If one fails, another ensures data availability.

– Deleted Gmail emails stay in ‘Trash’ for 30 days, allowing user recovery.

– The ‘Google Vault for Google Workspace sets email retention rules, which can be used to preserve emails even if deleted in Gmail.

– “Google Takeout” (data export) is probably the closest thing to backup that Gmail offers its users. Takeout lets users export/download their Gmail data for offline storage. Also, the exported MBOX file can be imported into various email clients or platforms. However, this isn’t necessarily the automatic, ongoing backup solution that many businesses feel they need.

Like 365, Google Workspace offers archiving to retain critical emails beyond Gmail’s regular duration.

Limitations

As with Microsoft 365’s data retaining features, these also have their limitations, such as:

– They might not protect against all types of data loss, especially if emails are deleted before retention policies are set or if the retention period expires.

– They might not offer an easy recovery process for large-scale data losses.

– They don’t provide a separate, offsite backup.

What Can Gmail Users Do To Back Up Their Email?

In addition to simply using Google Takeout for backups, other options that Gmail users could consider for email backup include:

– Third-party backup tools, such as UpSafe and Spinbackup and others.

– Using an email client, e.g. Microsoft Outlook. For example, once set up, the client will download and store a local copy of the emails, and regularly backing up the local machine or the email client’s data will include these emails.

– Setting up email forwarding to another account, although this may be a bit rudimentary for many businesses, and it won’t back up existing emails.

– While a bit tedious, businesses could choose to manually forward important emails to another email address or save emails as PDFs.

– Google Workspace Vault can technically enable Workspace admins to set retention rules, ensuring certain emails are kept even if they’re deleted in the main Gmail interface.

What Does This Mean For Your Business? 

You may (perhaps rightly) be surprised that Microsoft 365, and Google’s Gmail don’t specifically provide email backup as a matter of course.

Considering we operate in business environment where data is now a critical asset of businesses and organisations, email is still a core business communications tool, and cybercrime such as phishing attacks, malware (ransomware) are common threats, having an effective, regular, and automatic business backup solution in place is now essential, at least for business continuity and disaster recovery. Although Microsoft and Google offer a variety of data retention features, these have clear limitations and are not really a substitute for the peace of mind and confidence of knowing that the emails that are the lifeblood of the business (and contain sensitive and important data) are being backed up regularly, securely, and reliably.

For many businesses and organisations, therefore, their IT support company (or MSP – ‘managed service provider’) is the obvious and sensible first stop for getting a reliable backup solution for their Microsoft 365 emails.

This is because their IT Support company is likely to already have a suitable solution that they know well, and have an in-depth understanding of the business’s infrastructure, requirements, and unique challenges. This means that they can tailor their backup solution to fit specific client needs, ensuring seamless integration with existing systems. Also, their first-hand knowledge of a business’s operations positions them better for rapid response and effective resolution in case of data restoration requirements or backup issues. For businesses, lowering risk by entrusting email backup to a known entity can also streamline communication and support processes, making the overall backup and recovery experience more efficient and reliable for the business.

Tech Insight : How To Make a QR Code

In this tech insight, we look at QR codes, the many different methods to generate them, the benefits of doing so, and the future for QR codes as the successor to barcodes.

What Is A QR code? 

A QR (Quick Response) code, first designed in 1994 by Japanese company ‘Denso Wave’, is a type of two-dimensional barcode. It looks like square grid made up of smaller black and white squares (modules) and typically features three larger square patterns in three of its corners, which help scanners identify and orient the code. The black and white squares within the grid encodes the data. Unlike a one-dimensional barcode, which represents data in a series of vertical lines (which are based on the dots and dashes in Morse code), a QR code stores data in both vertical and horizontal arrangements. This means that a lot more data can be encoded in a QR code than a bar code, and a QR code can contain complex information, e.g. text, URLs, and other data types.

Making A QR Code 

There are several ways you can make your own QR code. If you want to quickly share a URL of interest with others, it’s possible to make a QR code in Microsoft Edge that can be shared, and which directs them to that web page. This could be particularly useful if you want to open the same web page on a mobile device or share it with someone else without having to type or text the entire URL. Here’s how to make a QR code for a URL in Edge:

– Open Edge and go to the web page you want to make a QR code for.

– Right-click on a blank area of the web page and select ‘Create QR code for this page’ and choose either the option to ‘Copy’ (to paste and share it) or ‘Download’ (to get a png image download of the QR code).

– A QR code symbol also appears in the right-hand side of the address bar enabling you to re-use the code by clicking on it (which launches another QR code copy/download window).

Making A QR Code For A URL In Google Chrome 

To make a QR code for a URL using Google Chrome, the process is the same, but a QR code symbol doesn’t appear in the address bar.

Safari? 

For the Safari browser, a QR code can’t be generated unless a Safari QR code generator extension or an online QR code generator is used.

Online QR Code Generators 

You can also use online QR code generators. Examples include https://www.qr-code-generator.com/https://www.the-qrcode-generator.com/, and many more.

Other Options 

Other options for making a QR code include:

– Using open-source software e.g., Libre Office (free open-source software).Open the ‘Insert’ menu, hover over ‘OLE,’ click ‘QR and Barcode,’ and paste in the URL to be converted to QR code.

– Mobile apps for Android’s or iOS. These apps often have the function to generate QR codes in addition to reading them. Examples include: QR Code Reader and Scanner, QR TIGER, QR & Barcode Scanner, QR Code Reader, NeoReader, and many more.

– Web browser extensions or add-ons.

– QR Code APIs e.g., QRServer’s free API or Goqr.me’s API.

QR Codes Will Replace Bar Codes 

QR codes are already set to replace bar codes. This will of course mean lower costs for retailers, will have implications for package design (less on-packaging information but more information available to customers), and the positive environmental impact of less packaging. For retailers, this could also mean improvements to inventory management, and it is likely to give greater flexibility to manufacturers and retailers in terms of updating product information.

What Does This Mean For Your Business? 

QR codes provide businesses a streamlined and interactive method to connect with their audience, offering a bridge between the physical and digital realms. By generating and sharing QR codes for URLs, businesses can quickly direct customers to specific online content, whether it’s a promotional deal, a digital menu, or an informational page, without requiring users to manually type in web addresses. This eliminates potential errors, speeds up access, and is easy and convenient for customers in a world where most of us now use our mobiles for everything.

Having QR code generation features built into browsers, is also very convenient for users as the creation process is fast, seamless, integrated, and creates something that’s easy to share, which helps the business whose URL is being shared.  Also, not having to rely upon on external tools or platforms to generate QR codes means that businesses can instantly create, share, and update QR codes directly from their browser, thereby enhancing efficiency and ensuring they can adapt to changing digital needs swiftly.

Being able to generate and share QR codes will soon be more important than ever for businesses with the QR codes set to replace the now 50-year-old bar codes. It should be noted, however, that QR codes can send users to web pages containing malicious code and therefore care should be taken when scanning them to check for authenticity, which could be something as simple as ensuring a sticker hasn’t been put over the original code.

Tech Insight : Blockchain Bill

In this insight, we look at the introduction of the Electronic Trade Documents Act 2023 (ETDA), what it means and why it’s so significant, plus its implications.

The ETDA 

The Electronic Trade Documents Act 2023 (ETDA), which was based on a draft Bill published by the Law Commission in March 2022, came into force in UK law on 20 September. This Act allows the legal recognition of trade documents in electronic form and crucially, allows an electronic document to be used and recognised in the same way as a paper equivalent. The type of trade documents it applies to include a bill of lading (a legal document issued by a carrier, or their agent, to a shipper, acknowledging the receipt of goods for transport), a bill of exchange, a promissory note, a ship’s delivery order, a warehouse receipt, and more.

The Aims 

The aims of the ETDA, which gives the electronic equivalents of paper trade documents the same legal treatment (subject to criteria) is to:

– Help to rectify deficiencies in the treatment of electronic trade documents under English law and modernise the law to reflect and embrace the benefits of new technologies.

– Help the move towards the benefits of paperless trade and to boost the UK’s international trade.

– Help in the longer-term goal to harmonise and digitise global commerce and its underlying legal frameworks, thereby advancing legal globalisation.

– Complement the 2017 UNCITRAL Model Law on Electronic Transferable Records (MLETR). This is the legal framework for the use of electronic transferable records that are functionally equivalent to transferable documents and instruments, e.g. bills of lading or promissory notes.

Why The Reference To Blockchain In The Title (‘Blockchain Bill’)? 

The development of technologies like blockchain (i.e. an incorruptible distributed ledger) technology that allows multiple parties to transfer value and record forgery-proof records of steps in supply chains and provenance in a secure and transparent way has made trade based on electronic documents possible and attractive.

What’s The Problem With A Paper-Based Trade Document System? 

Moving goods across borders involves a wide range of different actors, e.g. transportation, insurance, finance, and logistics, all of which require (paper) documentation. For example, it’s been estimated that global container shipping generates billions of paper documents per year. A single international shipment, for example, can involve multiple documents, many of which are issued with duplicates, and, considering that two-thirds of the total value of global trade uses container ships, the volume of paper documents is immense.

The need for so much paper, therefore, can slow things down (costs and inefficiencies), creates complication, and has a negative environmental impact.

Based On Old Practices 

Also, existing laws relating to trade documents are based on centuries old merchants’ practices. One key example from this is, prior to the new ETDA, the “holder” of a document was significant because an electronic document couldn’t be “possessed” (in England and Wales), hence the reliance on a paper system. Under ETDA, an electronic document can be possessed, thereby updating the law.

How Does It Benefit Trade? 

Giving electronic equivalents of paper trade documents the same legal treatment offers multiple benefits for businesses, governments and other stakeholders involved in trade. Some of the notable benefits include:

– Efficiency and Speed. Electronic documents can be generated, sent, received, and processed much faster than their paper counterparts. This can significantly reduce the time taken for trade transactions and the associated administrative procedures.

– Cost Savings. Transitioning to electronic trade documentation can save businesses considerable amounts of money by reducing costs related to printing, storage, and transportation of paper documents. For example, the Digital Container Shipping Association (DCSA) estimates that global savings could be as much as £3bn if half of the container shipping industry adopted electronic bills of lading.

– Environmental Benefits. As mentioned above, the shift from paper to electronic documentation could reduce the environmental impact associated with paper production, printing, and disposal. Also, as highlighted by the World Economic Forum, moving to digital trade documents could reduce global logistics carbon emissions by 10 to 12 per cent.

– Accuracy and transparency. Electronic documentation systems often come with features that reduce manual data entry, thereby decreasing errors. Additionally, digital platforms can provide more transparency in the trade process with easy-to-access logs and history.

– Security and fraud reduction. Advanced digital platforms come with encryption, authentication, and other security measures that can reduce the chances of document tampering and fraud. Blockchain, for example, is ‘incorruptible.’ It’s also easier to track the origin and changes in electronic documents.

– Accessibility and storage. ETDA doesn’t exactly specify any one technology, only the criteria that a trade document must meet to qualify as an “electronic trade document” (see the act for the exact criteria). That said, electronic documents can generally be easily stored, retrieved, and accessed from anywhere with the appropriate security clearances, making it easier for businesses to manage and maintain records.

– Interoperability. Digital documents can be more easily integrated with other IT systems, such as customs and regulatory databases, enterprise resource planning (ERP) systems, or financial platforms, providing more seamless trade operations.

– Flexibility and adaptability. Electronic systems can be more easily updated or modified to reflect changes in regulations, business practices, or market conditions.

– Harmonisation of standards. The adoption of electronic documents can pave the way for international standards/global standards, simplifying cross-border trade and making processes more predictable and harmonised across countries.

– Enhanced market access. For smaller enterprises that might not have the resources to deal with cumbersome paper-based processes, the digitisation of trade documentation could make it much easier to access global markets.

– Dispute resolution. Having a digital (secure) record with a clear audit trail, could make it easier to resolve disputes when discrepancies occur.

What Does This Mean For Your Business? 

The technologies exist now to enable reliable, secure, and workable systems that use digital rather than paper documents and this UK Act, in combination with other similar legal changes in other countries could help modernise and standardise global trade. Accepting digital documents as legal equivalents to their paper counterparts will bring a range of benefits to global trade including cost and time savings, greater efficiency, reduced complication (and making it easier for more businesses to get involved in international trade), environmental benefits, the advancement of standardisation of trade globally, and many more.

For the UK, not only does the Act update existing laws but could bring a significant trade boost. For example, the government estimates it could bring benefits to UK businesses (over the next 10 years) of £1.1 billion. It’s easy to see, therefore, why the introduction of EDTA is being seen by some as one of the most significant trade laws passed in over 140 years.

Tech Insight : Laundering Money Via Spotify?

In this insight, we look at how, according to an investigation by Swedish newspaper Svenska Dagbladet (SvD), criminals may have been using Spotify to launder money since 2019.

How? 

The reported money laundering process, which was noticed by analysts from the National Operative Unit of the Swedish Police Force, involved a web of activities using a Facebook group, cryptocurrency payments and the encrypted app Telegram, the digital music streaming service Spotify, artists connected to criminal gangs and the setting up of a label.

The Process 

According to the SvD investigation, here’s an outline of how the criminal network’s money laundering process has been working:

– Bitcoin cryptocurrency is purchased (cash in hand) via a Facebook group.

– The bitcoin pays for fake streams / manipulated streams in order to make a song. For example, bots are used to simulate user behaviour by repeatedly streaming a song. The end-to-end encrypted app Telegram is used to organise the false streaming activities, e.g. using hijacked accounts, and other inauthentic methods (in addition to the bots). Possible other methods for fake streaming (some of which may be used) include click farms, VPN manipulation, algorithmic exploitation, collusive behaviour, paid services (paying others to use these methods), and more.

– The increased popularity / higher ratings of the songs as a result of the fake streams lead to more real plays / actual streams of the songs. With the artist and their labels both being linked to / owned by the criminal gangs, the laundered money then comes back as payouts via Spotify.

Only Worth It For Large Amounts 

Considering the relatively small amounts that artists receive via Spotify plays, it’s been reported that it would only have been worth operating such a process with sums exceeding several million Swedish krona (1mn SEK = approx. €84,000). This also gives an idea of how much money the criminal gangs are making before (allegedly) laundering and how much manipulation of Spotify streams may be taking place (according to reports of the SvD investigation).

How Was It Discovered? 

According to reports, the analysts at the National Operative Unit of the Swedish Police Force were actually listening to music by rappers who had published the music on Spotify since autumn 2021 in order to gather information about crimes from the lyrics. This led to the analysts noticing the unusual streaming patterns.

What Does Spotify Say? 

Spotify has acknowledged that “manipulated streams are an industry-wide challenge” but says it has not been contacted by law enforcement concerning SVD article outlining how Spotify may have been used by criminals for money laundering. Spotify also says that it hasn’t been provided with any data or “hard evidence” that its platform has been used in the way described.

How Many Fake Streams? 

Spotify says that only 1 per cent of its streams are deemed to be artificial, and its systems can detect anomalies before they reach a “significant” threshold.

However, it was recently reported (Financial Times) that there has been a suggestion by JP Morgan executives that as much as 10 per cent of all streams could be fake.

The 30-Second Track Trick 

Unfortunately for Spotify, it has also been in the news having to deny that users may have been fooling its royalty system to make money by using a ‘trick’ involving a 30-second track. It’s been alleged that users can simply repeatedly listen to their own uploaded 30-second track to make royalties. It’s been reported, for example, that analysts at JP Morgan have suggested that Spotify subscribers could make as much as £960 per a month by listening to their song on repeat, 24 hours a day.

Spotify has denied that the 30-second track money-making trick is possible on its platform saying that its royalty system doesn’t work that way.

What Does This Mean For Your Business? 

According to Spotify, the reports about how criminals may have been using its platform for money laundering have not been backed up with evidence and haven’t led to police enquiries. However, although Spotify suggests that fake streams only make up one per cent on its platform, it appears that others (JP Morgan analysts) suggest it could be at a much higher level. The story of the alleged money laundering and the 30-secong track allegations could also appear to suggest that Spotify’s systems may not be as good at spotting and preventing manipulation of the platform as the company thinks/says.

With AI now widely available, the potential for manipulation could be even greater and, no doubt, may be something that Spotify (and other platforms) are having to think about. Fake streaming can damage the music industry and distort ratings, thereby adversely affecting many artists.

It appears, however, that change is on the way, with Universal Music Group and Deezer announcing the joint launch of a music streaming model that’s designed to give more (royalty) money to the artists, which could put pressure on others like Spotify and Apple Music, to follow suit or at least re-examine how their owns systems work.

Tech Insight : How To Check Your Web Usage

In this insight, we look at the many ways to check how much bandwidth you’re using, thereby helping to avoid exceeding data caps, and providing other benefits.

Why Monitor Bandwidth? 

As we move deeper into the digital age, internet usage is skyrocketing, and with it, the necessity to manage bandwidth. For businesses, this is even more critical given the increasing reliance on cloud computing, data analytics, and online communications. One particularly good reason to monitor your business bandwidth, therefore, is to save costs by avoiding any ‘overage fees,’ especially if you’re dealing with Internet Service Providers (ISPs) that have data caps.

What Caps? 

Data caps, for example, can range from a generous 1-1.25TB to as low as 250GB for smaller providers. Exceeding them can result in higher fees or, worse, throttled internet speeds that can have a very negative effect on business operations.

More Than Just A Cost Consideration 

Monitoring bandwidth, however, may bring more benefits than just cost management. For example, a sudden surge in data consumption might indicate unauthorised usage, perhaps even a cyber-attack. Therefore, having a clear understanding of your bandwidth usage can be an invaluable tool in maintaining both the efficiency and security of your business.

Ways To Monitor Bandwidth

There are many different ways to monitor bandwidth. Some of the main ways include:

Using ISP Dashboards

This is the quickest and most straightforward way to check bandwidth usage, i.e. by logging-in to your ISP’s dashboard. Some ISPs, for example may provide a breakdown of upload and download usage, while others may only highlight the total usage. It’s worth remembering, however, that both upload and download data count toward a bandwidth cap. Although a quick method, checking the ISP dashboard to find web usage figures may have its limitations, e.g. the dashboard might not update in real-time, and it may only offer a broad overview without insights into individual device usage.

Router-Level Monitoring of Data Usage

Modern routers can now provide advanced features, including built-in bandwidth monitoring. Whether using popular mesh routers, e.g. Nest Wi-Fi or Eero, or traditional ones such as ASUS, you can see real-time data consumption right down to the device level through the control panel or associated mobile apps. This more detailed information can be very valuable for diagnosing “bandwidth vampires” i.e., devices that continue to sap data when they’re not actually in use.

Monitoring Via Hardware Firewalls

Those looking for a higher level of network management and security may consider making use of a dedicated hardware firewall. This method involves setting up a separate physical device between the modem and internal network with the benefit of getting robust monitoring capabilities, including traffic inspection and advanced security features. For users willing to roll up their sleeves, open-source projects like pfSense or OPNsense can turn an old computer into a powerful firewall and bandwidth monitor.

Network Management Software 

Companies like SolarWinds, ManageEngine, and PRTG offer robust network monitoring solutions that provide a detailed overview of bandwidth usage. These platforms generally provide real-time insights and alerts and can even offer predictive analytics to forecast future usage patterns. Ideal for businesses with complex networks, these software solutions usually require some technical expertise to set up and manage effectively.

Cloud-Based Monitoring Tools 

Software-as-a-Service (SaaS) options like Cisco Meraki offer cloud-based network monitoring. They can be particularly useful for businesses with multiple locations or remote work environments because all the data can be monitored and managed from a centralised cloud dashboard. These services often come with monthly or annual subscriptions.

SNMP (Simple Network Management Protocol) 

SNMP is a standard protocol used to collect and organise information about devices on an IP network, including bandwidth usage. It’s especially useful for large-scale or enterprises.

Packet Sniffing Tools

Packet sniffers / packet analysers (e.g. Wireshark) capture the data packets that are sent to and from a network and while primarily used for debugging network issues or monitoring for security breaches, they can also be used to analyse bandwidth consumption. These tools are generally not for the faint-hearted and are best suited for those who have a deep understanding of network protocols.

Mobile Data Monitoring Apps

While more relevant for individual users or remote workers, mobile data monitoring apps like My Data Manager or Data Usage can track how much data is being consumed on smartphones and tablets. These are useful in BYOD (Bring Your Own Device) environments where employees might use personal devices for work purposes.

Built-in Operating System Tools

Both Windows and macOS offer built-in tools to check data usage, albeit not in real-time. For example, Windows has a “Data Usage” overview available in its Settings, and macOS has a “Network” tab under “Activity Monitor.” These are fairly basic and offer limited details, but they’re relatively straightforward and easy to use for quick checks.

VPN with Bandwidth Monitoring

Some advanced Virtual Private Network (VPN) services offer built-in bandwidth monitoring features. This is particularly useful for businesses that rely on VPNs for secure data transmission.

Proxy Servers

These act as an intermediary between the user’s computer and the Internet, thereby allowing the monitoring, filtering, and control of web-based traffic. Proxy servers can provide detailed logs of internet activity, which can be analysed for bandwidth usage.

Challenges and Considerations 

It should be remembered however, that there are some challenges and disadvantages of using some of methods of bandwidth monitoring. For example:

– Limited Insights from ISP dashboards. As previously mentioned, while an ISP dashboard may be a good starting point, this method can lack the ‘granularity’ of device-level statistics, e.g. it can be a bit like knowing you’ve consumed water without knowing if it’s because of a leak or because you watered the garden.

– Update Frequency and time frames in router monitoring. Not all routers update in real-time, and some routers may not allow users to set specific time frames that align with billing cycles (which can be inconvenient), as not all routers have this flexibility.

– The costs and complexity of advanced solutions. Hardware firewalls and sophisticated router setups may offer better monitoring capabilities, but they come at a financial cost and can require a higher level of technical expertise that not everyone has. Also, using SNMP for bandwidth monitoring can be complex and usually requires specialised software to interpret the SNMP data and present it in a user-friendly format. Similarly, using packet sniffing tools to monitor bandwidth is complex, not for the faint-hearted and, so could be best suited to those who with a good understanding of network protocols.

What Does This Mean For Your Business?

Monitoring bandwidth, therefore, isn’t all just about dodging extra fees, but it can also help with business sustainability and security. For example, knowing where your data is going and how much you are using can provide valuable insights into optimising business operations. Also, with today’s digital society and modern internet usage surging, bandwidth monitoring is becoming almost as fundamental to businesses as budgeting or quality control.

As shown above, there are many different ways to monitor web usage (bandwidth), with some providing much greater detail than others, but some being much more complex, costly, and requiring much more in-house expertise and tech know-how. The key for businesses, therefore, is to choose a monitoring strategy that aligns with business needs, operational capacity, and budget.

Tech Insight : Python in Excel … So What?

Following the announcement that Microsoft is releasing a public preview of Python in Excel, we look at what this will mean for Excel users and how it could help businesses.

What Is Python? 

The initial version was created in the late 1980s by Guido van Rossum, with its first official release, Python 0.9.0, coming out in February 1991. It was named after the eponymous Monty Python Show, after having been developed as a successor to the ABC language and was intended to be easy to read and allow for concise code, among other goals.

It’s regarded as a good general-purpose programming language that’s relatively easy to learn due to its simple and straightforward syntax. Python is often used in creating web applications and artificial intelligence applications, and it is the language behind platforms like Pinterest and Instagram.

Added To Excel 

Last week, Microsoft announced that is releasing a Public Preview of Python in Excel, thereby enabling the combination of Python and Excel analytics within the same workbook, with no setup required. Microsoft says: “With Python in Excel, you can type Python directly into a cell, the Python calculations run in the Microsoft Cloud, and your results are returned to the worksheet, including plots and visualisations.”  In short, this means that Excel users will be able to carry out advanced data analysis in the familiar Excel environment, by accessing Python from the Excel ribbon.

Two other key benefits of the integration highlighted by Microsoft are that it runs securely on the Microsoft Cloud, thereby keeping data private, and it is built to work with Teams. This enables colleagues to (seamlessly) interact with and refresh Python in Excel based analytics without needing to worry about installing additional tools, Python runtimes, or managing libraries and dependencies.

What Sort Of Things Can Be Done With The Excel/Python Combination?

Python’s ability to manipulate Excel tables will be of particular help to businesses that frequently work with data because it offers many practical benefits and uses. For example:

– Saving time by automating repetitive tasks in excel, e.g. formatting, or reorganising data.

– Potentially getting better data insights because Python enables the handling of large data sets and can be more efficient in processing and analysing that data.

– Saving time and doing a better job of data cleaning, e.g. Python is better at locating missing values, standardising formats, removing duplicates, and using techniques like regular expressions for pattern-based transformations.

– Improved data analysis and analytics due to the use of Python’s powerful data analysis libraries, e.g. Pandas, Matplotlib, and scikit-learn and the fact that Python in Excel leverages Anaconda (a popular enterprise repository) Distribution for Python running in Azure. This can help with complex calculations, statistical analysis, and data transformations that might be cumbersome or inefficient in Excel.

– Advanced visualisation. I.e., Python charting libraries like Matplotlib and seaborn enabling the creation of a wide variety of charts, spanning from conventional bar graphs and line plots to more specialized visualisations such as heatmaps, violin plots, and swarm plots.

– Helping to focus collaborative work efforts, e.g. where multiple people or systems are providing data in different formats or structures, Python acts as an aggregator, harmonising and consolidating diverse data sources into a single Excel sheet or structure.

– Python scripts can be scheduled to run at specified intervals, thereby making it easier to update or analyse Excel data even when you’re not around.

– Using Python as a bridge to enable Excel data to interact with other web applications, databases, or other external systems.

– Python scripts can be used to create custom functions not natively available in Excel, thereby expanding the scope of what can be done with Excel.

– Python can be used to periodically back up Excel files and even maintain versions (if needed).

– Python libraries like scikit-learn and statsmodels can be leveraged to apply popular machine learning, predictive analytics, and forecasting techniques, e.g. regression analysis, time series modelling, and more.

Examples

Some everyday examples of how using the power of Python in Excel could help businesses include:

– Making monthly sales reports better as well as faster and easier to produce. For example, if a sales manager needs to compile monthly sales reports and receives sales data from multiple regions in different Excel files, a Python script can be written to automatically consolidate all these files into a master report.

– Helping to track the expenses of a small business by using Python to automatically categorise and summarise expenses from an Excel sheet, thereby helping to track where money is being spent most frequently.

– In retail, a store manager could use a Python script to alert them when inventory for a particular item goes below a certain threshold (based on the data in the Excel inventory list).

– Financial analysts could predict future revenue or costs by using Python apply complex forecasting models on past financial data in Excel.

– In accounts, if a business needs to generate bulk invoices, Python can be used to save time by pulling data from an Excel sheet (like client details and amounts) and produce individual invoice files for each client.

– A business with critical data in Excel can have Python scripts scheduled to automatically back up these files at regular intervals, thereby ensuring data safety.

Other examples of what businesses can use Python scripts in combination with Excel include employee scheduling, e.g. generating shift schedules, quickly analysing any customer feedback collected in Excel, automatically highlighting best prices collected in Excel from different vendors, calculating commission for sales staff from figures collected in Excel, and analysing supplier delivery performance, e.g. delivery date and time records held in Excel.

What Does This Mean For Your Business? 

In short, releasing Python in Excel enables businesses (that leverage the integration) to effectively ‘supercharge’ their data processing and analysis capabilities, thereby giving them the ability to handle more complex tasks, larger data sets, and integrate with a broader range of technologies.

This could improve productivity, competitiveness, give new insights and reveal new business opportunities, save time, and produce better quality reports and visualisations which can improve transparency and business decision making. The fact(s) that Python in Excel doesn’t require any setup, integrates seamlessly with Teams, plus works securely in the cloud must surely also be attractive to businesses, many of whom now have remote and flexible working (all Teams users have access and security worries are minimised). Most businesses must, however, wait a little longer to start using the power of Python in Excel because it’s currently only available to users running Beta Channel on Windows and Microsoft 365 Insider Program members, although it will start to roll out with build 16.0.16818.20000, and then to the other platforms at a later date.

Tech Insight : 70% Of Companies Using Generative AI

A new VentureBeat survey has revealed that 70 per cent of companies are experimenting with generative AI.

Most Experimenting and Some Implementing 

The (ongoing) survey which was started ahead of the tech news and events company’s recently concluded VB Transform 2023 Conference in San Francisco, gathered the opinions of global executives in data, IT, AI, security, and marketing.

The results revealed that more than half (54.6 per cent) of organisations are experimenting with generative AI, with 18.2 per cent already implementing it into their operations. That said, only a relatively small percentage (18.2 per cent) expect to spend more on the technology in the year ahead.

A Third Not Deploying Gen AI 

One perhaps surprising (for those within tech) statistic from the VentureBeat survey is that quite a substantial proportion of respondents (32 per cent) said they weren’t deploying gen AI for other use cases, or not using it at all yet.

More Than A Quarter In The UK Have Used Gen AI 

The general popularity of generative AI is highlighted by a recent Deloitte survey which showed that more than a quarter of UK adults have used gen AI tools like chatbots, while 4 million people have used it for work.

Popular Among Younger People

Deloitte’s figures also show that more than a quarter (26 per cent) of 16-to-75 year-olds have used a generative AI tool (13 million people) with one in 10 of those respondents using it at least once a day.

Adoption Rate of Gen AI Higher Than Smart Speakers 

The Deloitte survey also highlights how the rate of adoption of generative AI exceeds that of voice-assisted speakers like Amazon’s Alexa. For example, it took five years for voice-assisted speakers to achieve the same adoption levels compared to generative AI’s adoption which really began in earnest last November with ChatGPT’s introduction.

How Are Companies Experimenting With AI? 

Returning to the VentureBeat survey, unsurprisingly, it shows that most companies currently use AI for tasks like chat and messaging (46 per cent) as well as content creation (32 per cent), e.g. ChatGPT.

A Spending Mismatch 

However, the fact is that many companies are experimenting, yet few can envisage spending more on AI tools in the year ahead which therefore reveals a mismatch that could challenge implementation of AI. VentureBeat has suggested that possible reasons for this include constrained company budgets and a lack of budget prioritisation for generative AI.

A Cautious Approach 

It is thought that an apparently cautious approach to generative AI adoption by businesses, highlighted by the VentureBeat survey, may be down to reasons like:

– A shortage of talent and/or resources for generative AI (36.4 per cent).

– Insufficient support from leaders or stakeholders (18.2 per cent).

– Being overwhelmed by too many options and possible uses – not sure how best to deploy the new technology.

– The rapid pace of change in the generative AI meaning that some prefer to wait rather than commit now.

What Does This Mean For Your Business? 

Although revolutionary, generative AI is a new technology to businesses and, as the surveys show, while many people have tried it and businesses are using it, there are some challenges to its wider adoption and implementation. For example, the novelty and an uncertainty about how best to use it (with the breadth of possibilities), an AI skills gap / talent shortage in the market, a lack of budget for it, and its stratospheric growth rate (prompting caution or waiting for new and better versions or tools than can be tailored to their needs) are all to be overcome to bring about wider adoption by businesses.

These challenges may also mean that generative AI vendors in the marketplace at the moment need to make very clear, compelling, targeted usage-cases to the sectors and problem areas for prospective clients in order to convince them to take plunge. The rapid growth of generative AI is continuing with a wide variety of text, image, voice tools being released and with the big tech companies all releasing their own versions (e.g. Microsoft’s Copilot and Google’s Bard) so we’re still very much in the early stages of generative AI’s growth with a great deal of rapid change to come.

Tech Insight : Explosion In Subject Access Requests

Following the recent Nigel Farage and Coutts Bank row, we look at what a Subject Access Request (SAR) is, how to make one, and why there appears to have been an explosion of them in recent times.

What Happened Between Nigel Farage and Coutts? 

To summarise in a way that’s relevant this article, in a chain of events starting at the end of June, British broadcaster and former UK politician Nigel Farage was informed by Coutts bank that, due to a “commercial decision”, it would no longer do business with him and was closing his account. The NatWest-owned Coutts bank is widely regarded as being a bank for wealthy people because to be a customer you famously need to maintain at least £1m in investments or borrowing (mortgage), or £3m in savings.  Following several allegations and theories about why Coutts may have done this, Mr Farage submitted a SAR to find out exactly why. The 40-page document sent back to him by the bank revealed that staff at the bank had spent time compiling evidence on the “significant reputational risks of being associated with him”. The document was reported to have suggested that the bank didn’t want him as a customer because his views didn’t align with the firm’s “values”, e.g. Mr Farage’s position on LGBTQ+ rights and his friendship with former US president Donald Trump. In short, the document suggested that Mr Farage’s views were at odds with the bank’s position as an inclusive organisation.

Although there are other aspects to this story, the relevant point here in terms of this tech-insight is that Mr Farage would not have known the reason or have received an apology – as he did (as well as heads rolling at the bank) were it not for the SAR.

What Is A Subject Access Request (SAR)? 

A SAR (sometimes called a DSAR – data subject access request) allows an individual to ask an organisation for copies of any personal information that it holds about them. This legal right was granted under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 with the intention of empowering people to be aware of and understand how their personal data is being processed by organisations.

How Do You Make A SAR? 

You can make a SAR in writing or electronically, i.e. by email or via an online form (check that it’s the right and appropriate form first).

What Should You Write? 

The Information Commissioner’s Office (ICO), says that a SAR should include:

– A clear title in the email / form subject line e.g., ‘subject access request’.

– A comprehensive list, which it may be best to compile beforehand, of what personal data you want to access, and how you would like to receive the information.

– It’s also important to include your full name and contact details (email address and phone number).

It’s worth noting that a template request is available on the ICO website here.

Then What Happens? 

Upon receiving a SAR, the organisation must respond within one month. In some cases, however, this period can be extended to two months if the request is complex or if the organisation receives multiple requests from the same individual.

When responding to a SAR, an organisation must provide a copy of the requested personal data in a structured, commonly used, and machine-readable format. The response should include information about the purposes of the processing, the recipients or categories of recipients of the data, and the retention period for the data.

Some Exemptions To Note 

There are, however, some exemptions to organisations having to send you a copy of the requested data, for example if the disclosure would reveal information about another individual or if it could prejudice criminal investigations or legal proceedings.

Is It Free To Make A SAR? 

In most cases, organisations can’t charge a fee for handling a SAR. However, if the request is clearly unfounded, excessive, or repetitive, an organisation could decide to charge a reasonable fee or refuse to comply with the request.

What If You’re Not Happy With The Response Or If There’s No Response? 

It’s a legal right so, unless an exemption can be proved, the organisation should respond. If, however, an individual believes that an organisation has not responded appropriately to their SAR or has mishandled their personal data, they can complain to the Information Commissioner’s Office (ICO).

That said, from April 2022 to March 2023, 15,848 complaints related to Subject Access were reported to the ICO, prompting the ICO to publish a new guide to on responding to subject access requests, and warning companies not to get “caught out” by not responding / responding poorly and risking a fine or reprimand.

Surge In SARs 

The press coverage over the Nigel Farage and Coutts story highlighted SARs and how useful and important they can be, and how they allow individuals to stand up to powerful organisations and have control and transparency over the use of their personal data will, no doubt, add to what could be described as an explosion of SARs since the legal right was granted with GDPR. For example, SARs are now often used by employees in dispute with their employer looking for information to use in their defence in negotiations or at an employment tribunal, and by celebrities, public figures, and politicians (e.g., to find out the plans and motives of opposition parties).

What Does This Mean For Your Business? 

For any individual, SARs gives them legal power to challenge organisations, gives them a means for greater control and understanding about how their personal data is being processed by organisations, and a way to complain and get satisfaction if they’re not happy. SARs are a way to greater transparency and, as highlighted above, can be very useful in many situations, e.g. for employment tribunals. For businesses, SARs are a reminder of their data protection responsibilities under GDPR and of the need to comply or face financial and reputational consequences.

Several years down the line from the introduction of GDPR, businesses should already have a more organised and compliant way of handling data and should have processes in place to ensure that SARs requests are assessed quickly and accurately and that the requested data is sent promptly in a structured, commonly used, and machine-readable format. With SARs now widely used, businesses need to be prepared.

Tech Insight : What Are ‘Zero-Day’ Attacks?

In this tech insight, we look at what ‘zero-day’ attacks are, then look at some recent high-profile examples and ultimately at what businesses can do to protect themselves from zero-day attacks.

Sophisticated Attacks That Highlight Vulnerabilities 

In the ever-evolving landscape of digital threats and cyber warfare, one term often sends chills down the spines of cybersecurity professionals: Zero-Day Attacks. These sophisticated and stealthy cyber-attacks represent a significant challenge in today’s interconnected business world. They symbolise not just the advancement of cybercriminals’ tactics but also highlight the vulnerabilities that exist within our most trusted digital infrastructures.

Exploiting Zero-Day Vulnerabilities 

Zero-day attacks are attacks by threat actors that exploit zero-day vulnerabilities. These are undisclosed software vulnerabilities (unknown to vendor or victims) that hackers can exploit to adversely affect computer programs, data, additional computers, or a network.

Vulnerabilities targeted in zero-day attacks can be found in operating systems, web browsers, Office applications, open-source components, hardware and firmware, and the Internet of Things (IoT).

Why “Zero-Day”? 

The term “zero-day” comes from the fact that software developers and those in charge of digital security have zero days to fix the vulnerability because it is simply not known to them until the first attack. This means that attackers can exploit the vulnerabilities before developers become aware and are able to issue any patches or remediations.

How Big Is The Problem? 

Although zero-day vulnerabilities fell by almost a third in 2022, it was still the second highest year on record (Mandiant research) with 55 zero-day vulnerabilities exploited and products from the three largest vendors (Microsoft, Google, and Apple) were the most commonly exploited (for the third year in a row).

What Can Happen? 

Zero-day attacks commonly result in unauthorised data access, data theft, or service disruptions. These, in turn, can result in reputational damage, lost customers, fines (e.g. legal action by those affected an/or ICO fines), plus possibly the loss of the business itself if the attack is serious enough. Secondary attacks on the business and those affected by data theft could also come from the first attack,.e.g. malware, ransomware, phishing, social engineering attacks, and more.

Cybersecurity experts, therefore, continually work to discover these types of vulnerabilities before hackers do, to try and prevent potential attacks.

Vulnerabilities, Exploits, Then Attacks 

After threat actors have discovered a zero-day vulnerability, the next stage is ‘zero-day exploits’ – the blueprints that outline how these hidden flaws can be taken advantage of, often traded on the dark web. The zero-day attack itself is, therefore, the act of exploiting the flaw/vulnerability, using the guidance of the exploit, before a patch can be rolled out, leaving a digital system scrambling in the wake of the unforeseen breach.

Who? 

These under-the-radar strikes are often orchestrated by advanced cyber criminals, state-sponsored hacking groups, or unscrupulous entities with nefarious motives. The objectives are as varied as the threat actors themselves. For some, it’s about monetary gains whereas for others, it’s a tool for intellectual property theft, infiltrating state secrets, or merely sowing seeds of chaos. Corporate espionage and political machinations are just the tip of the iceberg when it comes to reasons behind these attacks.

Recent High-Profile Examples 

Some recent, high-profile examples of Zero-Day attacks include:

– In 2023, a critical vulnerability was uncovered in the secure managed file transfer (MFT) service provided by MOVEit, a transfer platform widely used by large companies in a variety of sectors including healthcare, government, finance, and aviation. The Russian-based Clop Ransomware group exploited the vulnerability and were able to steal data from eight UK organisations including BBC, British Airways, Aer Lingus, and Boots.

– In 2022 the CVE-2022-30190, a.k.a. Follina vulnerability in Microsoft Diagnostics Tool (MDST), was exploited and victims were persuaded to open Word documents which enabled attackers to execute arbitrary code. The government of the Philippines, business service providers in South Asia, and organisations in Belarus and Russia were all subject to the same zero-day attack.

– The notorious Microsoft Exchange Server hack in early 2021, widely believed to have been sponsored by a nation-state, exploited several previously unknown vulnerabilities in Microsoft’s email server software. The damage was widespread and profound, with tens of thousands of organisations worldwide left grappling with the aftermath before a security patch could be rolled out.

– Google’s Chrome suffered a series of zero-day threats in 2021, causing Chrome to issue updates. The vulnerability was a bug in the V8 JavaScript engine used in the web browser.

– A zero-day attack on video conferencing platform Zoom in 2020 where hackers accessed a user’s PC remotely if they were running an older version of Windows. The hackers targeted the administrator, allowing them to completely take over their machine and access all files.

– In 2020, the Apple iOS was attacked twice with zero-day vulnerabilities and one zero-day bug allowed attackers to compromise iPhones remotely.

How Businesses Can Protect Themselves 

So, how can businesses protect themselves against the threat of zero-day attacks? Given their nature, these attacks pose a formidable challenge, but protective measures that can be taken include:

– Regularly updating software updates and staying up to date with patching.

– Employing advanced threat detection tools that utilise behaviour-based detection techniques to pinpoint anomalies and unusual activity in network traffic (often the first sign of a zero-day attack).

– Conducting regular penetration tests and vulnerability assessments. These proactive practices can unearth previously unknown vulnerabilities within systems, allowing businesses to patch them before they are exploited. Following the principle of least privilege – limiting user access rights to the bare minimum needed for their work – can also help reduce the extent of potential damage should an attack occur.

– Beyond technological defences, investing in comprehensive cybersecurity awareness training for employees is crucial. An informed team acts as the human firewall against cyber threats, understanding the risks, recognising signs of possible attacks, and knowing how to respond swiftly and effectively.

What Does This Mean For Your Business? 

In the face of the ominous threat of zero-day attacks, businesses must adopt a proactive and comprehensive approach to digital security. A robust defence strategy isn’t a luxury but an absolute necessity in today’s digital age. It involves a constant balancing act of risk management, regular system updates, advanced threat detection, routine penetration testing, and vulnerability assessments, regular system audits, and maintaining a culture of security vigilance throughout the organisation.

A multi-layered security approach and a zero-trust model could, therefore, provide a solid foundation for defence although, because some vulnerabilities may still not be known until it’s too late, zero-day attacks remain an ever-present threat.

The potential devastation of zero-day attacks and their aftermath is unquestionable, but it is not an insurmountable challenge. By being as vigilant and proactive in defence measures as is realistically possible, businesses can steer through the murky waters of the cyber threat landscape, securing their digital assets, and upholding the trust of their customers and partners. The world of cybersecurity may be akin to a never-ending arms race, but with the right preparation and resilience, staying one step ahead must be an achievable goal.