Let’s think Intelligently about AI.

Posted on : 17-01-2017 | By : richard.gale | In : Uncategorized

Tags: , , , ,


Currently there is a daily avalanche of artificial intelligence (AI) related news clogging the internet. Almost every new product, service or feature has an AI, ‘Machine Learning’ or ‘Robo something’  angle to it. So what is so great about AI? What is different about it and how can it improve the way we live and work? We think there has been an over emphasis on ‘machine learning’ relying on crunching huge amounts of information via a set of algorithms. The actual ‘intelligence’ part has been overlooked, the unsupervised way humans learn through observation and modifying our behaviour based on changes to our actions is missing. Most ‘AI’ tools today work well but have a very narrow range of abilities and have no ability to really think creatively and as wide ranging as a human (or animal) brain.


Artificial Intelligence as a concept has been around for hundreds of years. That human thought, learning, reasoning and creativity could be replicated in some form of machine. AI as an academic practice really grew out of the early computing concepts of Alan Turing and the first AI research lab was created in Dartmouth college in 1956. The objective seemed simple, create a machine as intelligent as a human being. The original team quickly found they had grossly underestimated the complexity of the task and progress in AI moved gradually forward over the next 50 years.

Although there are a number of approaches to AI, all generally rely on learning, processing information about the environment, how it changes, the  frequency and type of inputs experienced. This can result in a huge amount of data to be absorbed. The combination of the availability of vast amounts of computing power & storage with massive amounts of information (from computer searches and interaction) has enabled AI, sometimes known as machine learning to gather pace. There are three main types of learning in AI;

  • Reinforcement learning — This is focused on the problem of how an AI tool ought to act in order to maximise the chance of solving a problem. In a particular situation, the machine picks an action or a sequence of actions, and progresses. This is frequently used when teaching machines to play and win chess games. One issue is that in its purest form, reinforcement learning requires an extremely large number of repetitions to achieve a level of success.
  • Supervised learning —  The programme is told what the correct answer is for a particular input: here is the image of a kettle the correct answer is “kettle.” It is called supervised learning because the process of an algorithm learning from the labelled training data-set is similar to showing a picture book to a young child. The adult knows the correct answer and the child makes predictions based on previous examples. This is the most common technique for training neural networks and other machine learning architectures. An example might be: Given the descriptions of a large number of houses in your town together with their prices, try to predict the selling price of your own home.
  • Unsupervised learning / predictive learning — Much of what humans and animals learn, they learn it in the first hours, days, months, and years of their lives in an unsupervised manner: we learn how the world works by observing it and seeing the result of our actions. No one is here to tell us the name and function of every object we perceive. We learn very basic concepts, like the fact that the world is three-dimensional, that objects don’t disappear spontaneously, that objects that are not supported fall. We do not know how to do this with machines at the moment, at least not at the level that humans and animals can. Our lack of AI technique for unsupervised or predictive learning is one of the factors that limits the progress of AI at the moment.

How useful is AI?

We are constantly interacting with AI. There are a multitude of programmes, working, helping and predicting  your next move (or at least trying to). Working out the best route is an obvious one where Google uses feedback from thousands of other live and historic journeys to route you the most efficient way to work. It then updates its algorithms based on the results from yours. Ad choices, ‘people also liked/went on to buy’ all assist in some ways to make our lives ‘easier’. The way you spend money is predictable so any unusual behaviour can result in a call from your bank to check a transaction. Weather forecasting uses machine learning (and an enormous amount of processing power combined with historic data) to provide improving short and medium term forecasts.

One of the limitations with current reinforcement and supervised models of learning is that, although we can build a highly intelligent device it has very limited focus. The chess computer ‘Deep Blue’ could beat Grand-master human chess players but, unlike them, it cannot drive a car, open a window or describe the beauty of a painting.

What’s next?

So could a machine ever duplicate or move beyond the capabilities of a human brain. The short answer is ‘of course’. Another short answer is ‘never’… Computers and programmes are getting more powerful, sophisticated and consistent each year. The amount of digital data is doubling on a yearly basis and the reach of devices is expanding at extreme pace. What does that mean for us? Who knows is the honest answer. AI and intelligent machines will become a part of all our daily life but the creativity of humans should ensure we partner and use them to enrich and improve our lives and environment.

Deep Learning‘ is the latest buzz term in AI. Some researchers explain this as ‘working just like the brain’ a better explanation from Jan LeCun (Head of AI at Facebook) is ‘machines that learn to represent the world’. So more general purpose machine learning tools rather than highly specialised single purpose ones. We see this as the next likely direction for AI in the same way, perhaps, that the general purpose Personal Computer (PC) transformed computing from dedicated single purpose to multi-purpose business tools.


Data Breach – What’s the cost?

Posted on : 17-01-2017 | By : admin | In : Cyber Security, Data, Uncategorized

Tags: , , , , , , , , , , , , ,


It’s a common question. Our clients are continually grappling with quantifying the actual cost of a potential data breach to their organisation, whether to understand risk profile, build a business case for investment plans, price cyber insurance and so on.

How do you do it and what factors should companies keep in mind? Firstly, there are a many industry statistics available which are useful as a reference point, be it from industry bodies, consultancies or vendors. Let’s start with a recent study from IBM which found that the average cost of data breach was up to $4m (from $3.8 in 2015), with the cost incurred for each record stolen increasing to $158 and a likelihood of a breach involving 10,000 lost or stolen records in the next 2 years at 26%.

These are significant numbers, but of course, as with all disclaimers “can go up as well as down” based on the respective business profile. So, what should organisations consider when and quantifying data breach risk? Here are some of the factors that we cover when assessing and assigning a cyber value at risk;

  • Size and Scale – naturally, the amount of data that an organisation processes is a key factor, but also other factors such as numbers of employees, business locations and currency can impact the data breach cost
  • Company profile – the type of business and data is one of the major factors in determining a value. If an organisations data is sensitive, such as private health information (PHI), personally identifiable information (PII), or payment card (PCI) then the impact can vary significantly in terms of regulatory fines and the like
  • Board Profile – not only will the company profile have an impact but also that of the board. From whether the business activities may draw unwanted attention to that of individuals themselves, it is important to understand the risk that this might engender
  • Operational Impact – what would be the impact of a partial or complete cessation of business operations over various time periods? These are normally easier to quantify and, in many organisations, should have been addressed to some extent through a Business Impact Assessment (BIA) as part of business continuity planning
  • Cause of breach – it is important, if possible, to understand the root cause of the breach whether externally targeted or internal though malicious activity, insufficient process, employee error or supply chain/3rd party (indeed, the latter are often the most difficult to manage and the costliest)
  • Breach Restoration – the material impact of restoring services, both in terms of the immediate resumption of business operations which may involve resource, software and hardware, but also the cost post breach to shore up any potential deficiency in people, process or technology
  • Forensics – data breaches can often be difficult to assess not only in terms of the impact but also the penetration and scale. Often, organisations will need to bring in a third party specialist to perform these activities, which can be at a significant cost. The value of this, alongside any cyber insurance, needs to be considered
  • Reputation and Disclosure – a difficult one to calculate pre-breach but nevertheless one which should be an input when determining a cyber value at risk. The impact of losing customer confidence in products or services to the bottom line (or the stock price). Historic data helps both in quantification and lessons learned as to how executives should react

By looking at these factors organisations can build as good a view as possible in terms of how much a data breach will cost. Each should be thought through carefully and weighted appropriately to give business leaders an assessment of the likelihood and impact. This also allows for a more targeted discussion regarding mitigating actions and subsequent investment profile.

It’s a difficult question to answer, but not impossible.

If you would like to understand your companies cyber at risk profile, please email assurity@broadgateconsultants.com