Community

About time BoE is getting this conversation out in the open. It's been a long time coming though, we had "Lights in the Tunnel" then a couple of economists took note and published their thinking on this including Roubini's tweet in 2014 https://twitter.com/nouriel/status/543413556675219456 , let alone Jeremy Rifkin's 'Zero Marginal Cost Society' (which talked about the 3rd revolution, before Germany decided they wanted to call it the 4th, lol) and I'd direct everyone to the prez given by David Autor at the ECB meeting last year: https://www.nytimes.com/2017/06/28/business/economy/ecb-automation-robotics-economy-jobs.html?emc=edit_th_20170629&nl=todaysheadlines&nlid=5161799

FWIW, you could consider AI/ML are just another facet of automation in general that is changing the landscape of tomorrow's workforce and opportunities.

+1 on sharing your experiiences here and setting up the LinkedIn group.

I think an appropriate analogy one might care to use could be taken from history... back when we had bank heists one of the key advantages was a) surprise (no change there) and b) speed of getaway.

Lets look at b) first... banks are so slow when it comes to security hardening it's become a farce, when you compare the speed of modern ecommerce sites under a devops culture that can roll out new code across clusters of production servers worldwide effortlessly you get to see why banks are at the mercy of their legacy investments.

In terms of a) you need to check how many banks actually operate real CERT teams rather than pass the buck and outsource this to 3rd parties. More so, the fact they are so used to 'not sharing' they are making the job even easier for criminals by not pooling the knowledge of shared logs to help identify potential APTs.

They have only themselves to blame, though as one person once reminded me regarding the InfoSec challenges in the porn industry with content leakage, they're making so much money they don't really care that much.

This is just brand damage and they will suffer dearly as more innovative bankers launch banks with technology that is up to date and benefitting from the fastest possible managmement and maintenance stragegies possible. Tomorrow, when you choose your bank you will also be choosing your technology as well, you just don't realise it yet.

A good start would be to send all the infra teams to a DevOpsDays conference, a cheap and worthwhile investment to help them 'get' what it means to do configuration management a la InfoSec in today's world. I'd also highly recommend Kris Buytaert and Martin Simons amongst others in our (DevOps) community who have already been advising banks ready to listen and evolve their antiquated practices.

"using Man-in-the-Browser attacks"

Lol :-)

Hmm, I doubt CGI will have much to worry about.

I highly recommend reading and digesting the following 2 reports recently published:

Snooping Dragon

Ghostnet

Then for those that are curious to know what IT people do about security then this checklist from ISO 17799 is a good place to start.

If you are concerned about security then the best thing you can do is act, get external help and ensure a comprehensive review of your information security policy and its effectiveness is undertaken.

If you're working at home and have little IT knowledge then it would be best to find a competent IT resource to provide a day's consulting to let you know if you're safe or... not.

I vote for disruption, it's about time they read Christian's book on dilemmas and solutions for innovators.

Quite right they are - of course no one would want me to say that in public would they?

The issue is that things out there are truly broken - users have been expected to update and patch their systems regularly - it's hardly the same as getting the MOT sorted every year is it?  In fact each month you need a 'MOT' from Microsoft and that still doesn't guarantee you've got a rootkit installed that's letting you think all is fine and dandy while it snapshots you entering those funny passwords using the dropdown lists.

More upsetting is the fact that the congniscenti are telling us that SSL is broken: http://digg.com/security/SSL_broken_with_200_PS3s

It won't be easy to get the confidence of users when you tell them there is a 1/1000 chance they'll be shafted by a click hijack or other shenanigan - for me the only solution has been to go the Linux route to feel safe and secure when online.

I should add... I'm looking forward to watching Michael Moore's new film :-)

Here's me thinking there was something useful here having been caught out by the headline, now of course it will appear I sound like a troll but for heaven's sake - Paul left in 2004 so "Stop Press" is a crap headline to use - I thought you were going to tell us another Risk chap was whistle-blowing.

Nice quote at the end though.