Sales +11% On ‘Cyber Weekend’ In Canada, Topping Black Friday Says Salesforce

Posted in Commentary with tags on November 28, 2023 by itnerd

Salesforce’s annual Cyber Week Recap Report going live later this evening which analyzes shopping data from over one and a half billion shoppers globally.

Canadians played a game of ‘discount chicken’, patiently waiting for the best deals of the week – retailers experienced the biggest surge Saturday and Sunday as sales jumped 11% YoY. While Cyber Monday sales grew 4% YoY, as of 4 pm ET sales were still only showing 1% growth indicating last minute shopping into the evening hours.

Global online Cyber Week sales totalled US$298 billion, up 6% YoY from ($281 billion in 2022). Growth was driven primarily by order volume, rather than inflation, signaling increased consumer demand for the first time in over five quarters. 

Canadian Cyber Week Data (by day): 

  • Friday: +2% YoY sales growth / 25% average discount
  • Saturday + Sunday: +11% YoY sales growth / 26% average discount
  • Monday (as of 4 p.m EST): +4% YoY sales growth / 25% average discount
  • Cyber Week (Friday-Monday): +5% sales growth YoY

Global Cyber Week Insights: 

  • AI wins over shoppers: AI influenced US$51 billion in online sales in areas including targeted offers, product recommendations, and generative AI-powered chat services.
  • Consumers shopped mostly on mobile: Mobile phones accounted for a record-breaking 80% of Cyber Week ecommerce traffic, up from 76% in 2022. Given this, social traffic on mobile was a critical acquisition channel – representing 10% of all referrals to retailer websites.
  • Discounts rose to meet pent-up demand: After lackluster deals earlier in the holiday season, discount rates rose to 27% globally on average throughout Cyber Week — representing the best deals of the holiday season. Verticals with the highest global discount rates were:
    • Makeup (38%)
    • General Apparel (33%)
    • Skincare (33%)
    • Active Apparel (32%)

You can view full global data available here

Leave a comment »

Ransomware Actors Are On Full Attack Mode

Posted in Commentary with tags on November 28, 2023 by itnerd

If there was any doubt that ransomware actors are in full attack mode, here are just some of my top recent fire drills:

May as well disconnect from the internet on holidays as it seems that you’re likely to get pwned.

Emily Phelps, Director, Cyware offered up this comment:

   “Cybercriminals are largely opportunistic, seeking the path of least resistance to execute an attack. They know that holidays can be a prime time to take advantage of potentially decreased defenses. Before the holidays, consider security awareness training and increase authentication and access controls. Patch and update systems and ensure incident response and recovery plans are current. Communicate with partners and vendors to ensure they are also maintaining strong security practices during the holiday season. Vigilance is critical year-round, and organizations must take additional steps before the holidays to safeguard against opportunistic threat actors. “

Stephen Gates, Principal Security SME, Horizon3.ai had this comment:

   “In the context of recent headlines about massive data breaches, disruption of life-saving medical services, and successful ransomware attacks against government, healthcare, finance, education, and so on, it’s a clear indication that organizations of all sizes and across all industries are losing the battle against their adversaries. From a simple, high-level observation, never in history have so many organizations – and the public at large – been impacted by the current onslaught of recent criminal activity. At this point, most would agree that the layer upon layer of cyber defenses commonly deployed to protect everyone are simply not working.

   “Almost all organizations today have no idea where their truly exploitable vulnerabilities exist, and due to this fact, it is supercharging attacker campaigns. If organizations cannot find that hidden chink in their armor, that crack in their layered walls of defense, that blind spot they didn’t even know existed, they will never be able to adequately defend themselves against a purposeful attacker with nothing but time on their side – and money on their mind. It’s time to go on the offensive and attack yourself with the same tactics, techniques, and procedures attackers use so you can see your networks through the eyes of an attacker – before they do.”


David Ratner, CEO, HYAS Infosec follows with this:

   “Attacks on critical infrastructure don’t only cause reputational and financial damage but have the ability to impact human life as well.  It’s vital that critical infrastructure providers everywhere follow the guidance of CISA and others and implement appropriate solutions for operational resiliency and business continuity — this is the only way they can ensure continual service, have the confidence to operate their businesses, and ultimately protect human lives.

   “All too often bad actors leave themselves hidden backdoors to continue to exploit an organization even after restoration and cleanup. It’s why service-assurance and continual monitoring post cleanup is so important. The best way to accomplish this is with visibility into the various traffic streams coming out of the enterprise, to properly identify bad actors communicating with their malware via command-and-control and shut it down before damage ensues.”

The fact that there are this many ransomware events shows just how out of control ransomware actors are. Clearly something needs to be done or else there’s going to be no hope for any of us.

Leave a comment »

Cisco Launches New Business Performance Insight & Visibility For Modern Applications on AWS

Posted in Commentary with tags on November 28, 2023 by itnerd

Cisco today announced new business metrics in Cisco Cloud Observability. Powered by the Cisco Observability Platform to enhance business context for modern applications running on Amazon Web Services (AWS). This latest release also supports integration with AWS services and application performance monitoring (APM) correlation and provides end-to-end visibility into the performance of cloud native applications.   

Traditional application monitoring tools only provide visibility of application and infrastructure performance metrics. This leaves teams— including ITOps, DevOps and SREs— managing modern applications without clear sight into the relationship between application performance and critical business KPIs such as customer conversion rates and real-time impact on business revenue.  

As a result, these teams are unable to make prioritizations based on business impact.  

Cisco’s latest innovations in full-stack observability deliver teams with the enhanced business context they need to manage modern applications and protect revenue, customer experiences and brand reputation, bridging the gap between business goals and IT. 

This new capability empowers users with:  

  • Support for multiple business metrics within a business transaction.   
  • Easy identification of business transactions configured with business metrics for troubleshooting.  
  • User-friendly configuration interface that enables users to preview business transaction attributes for accuracy and set up mission-critical metric alerts.   
  • Advanced KPI visualization including baseline performance and a historical analysis trend line, to easily identify when business performance is abnormal.    
  • Data segmentation by selected attribute values for quick visibility of customer segments being affected most. 

Supporting integration with more AWS services, DevOps teams can also now observe AWS Lambda functions as an entity within Cisco Cloud Observability APM pages, helping them to understand the functions’ contribution to an application, correlate their performance to overall user experience and quickly troubleshoot unexpected behaviour.   

Cisco also announced support for 10 additional AWS services that are now pre-integrated with Cisco Cloud Observability. By tying together applications, business transactions, business metrics and expanded support for AWS infrastructure services, application owners can gain deep cross-domain visibility across the full stack. 

Business metrics for Cisco Cloud Observability is now available. For more information, register for their upcoming webinar here

Leave a comment »

Sage Construction Management Launches 

Posted in Commentary with tags on November 28, 2023 by itnerd

 Sage, the leader in accounting, financial, HR and payroll technology for small and mid-sized businesses (SMBs), today announces the launch of Sage Construction Management in Canada. Sage is expanding its construction cloud suite with the addition of cloud pre-construction and project management capabilities to its industry-leading construction portfolio.

Sage Construction Management is built for collaboration and mobility so that field, office, and external teams can share real-time project information to make quick, informed decisions.  The solution is offered with Sage Intacct Construction Financials as an end-to-end suite that enables operational and finance teams to align and work together for improved job profitability.

Sage is also offering the Construction Essentials package, which includes Sage Construction Management and Sage Intacct Construction Financials, as an end-to-end suite at a cost-effective price for growing contractors. In addition, Sage Construction Management is available as a standalone preconstruction and project management solution that can easily integrate with other accounting solutions, providing businesses the power and flexibility to choose the right mix of solutions that best meets their needs.                 

Sage exists to knock down barriers so everyone can thrive, starting with the millions of small- and mid-sized businesses served by them, their partners, and accountants. Customers trust their finance, HR, and payroll software to make work and money flow. By digitizing business processes and relationships with customers, suppliers, employees, banks, and governments, their digital network connects SMBs, removing friction and delivering insights. Knocking down barriers also means we all use our time, technology, and experience to tackle digital inequality, economic inequality, and the climate crisis. To learn more, visit sage.com/en-ca/            

Leave a comment »

Is Rogers About To Increase Upstream Speeds For Their Internet Offering In Ontario?

Posted in Commentary with tags on November 28, 2023 by itnerd

A reader tipped me off to the fact that Rogers appears to be on the verge of increasing their upload speeds in parts of Ontario. The reader in question pointed me to this document on CRTC website (Warning: ZIP File) which has a Microsoft Word file that contains this text:

  1. On November 1, 2023, Rogers Communications Canada Inc. (“Rogers”) is announcing new available upload speeds for customers in certain areas of Ontario. Pursuant to paragraph 209 of Telecom Decision 2006-77, Rogers hereby files TN 81 updating the available services:
    • 50Mbps Upload (U) / 50Mbps Download (D)
    • 150Mbps Upload (U) / 150Mbps Download (D)
    • 150Mbps Upload (U) / 500 Mbps Download (D)
    • 150Mbps Upload (U) / 1,500 Mbps Download (D)
  2. These speeds are only available in certain areas of the network where Rogers has invested in the capability to provide these upload speeds.  Services with higher upload speed will be available in areas where network augmentation has occurred and will replace the corresponding lower upload speed service. As there is no change to the download speed available Rogers is not proposing a change to the tariff rates for these services.

Now I did have a look at Rogers press release website and didn’t see an announcement regarding this. I also had a look at their Twitter account and didn’t see anything there either. So I have to wonder if Rogers hit some sort of snag when it comes to rolling these new upload speeds out, or they simply chose not to announce it. Either way, it’s clear that Rogers is up to something. Though, the cynic in me is also thinking that these speeds still don’t match what Bell has to offer. And that still leaves Rogers at a competitive disadvantage relative to Bell. Still, I suppose any speed increase is a good one. Whenever it arrives.

Leave a comment »

Some Brands Have Stopped Interacting With Followers On Twitter Entirely

Posted in Commentary with tags on November 28, 2023 by itnerd

Since it came to light that Elon Musk is an antisemite that supports antisemitism on Twitter, brands such as IBM and Apple have paused advertising on Twitter. But according to CNN, some ads are going one step further, they’ve stopped interacting with followers on Twitter entirely:

In recent days, a number of prominent media brands have not only paused their paid marketing campaigns on the embattled Elon Musk-owned social platform, but have ceased posting on it altogether, going silent on the once essential site that sought to be the world’s “digital town square.”

The flagship accounts belonging to Disney, Paramount, Lionsgate, Sony Pictures, Universal, and Warner Bros. Discovery (CNN’s parent company) have not posted on the platform in roughly 10 days, following Musk’s disturbing endorsement of an antisemitic conspiracy theory, which he still has not apologized for.

None of the studios commented on the record when CNN reached out for comment. But people familiar with the social media strategies of Paramount and WBD confirmed under the condition of anonymity that it’s no coincidence: the companies have made the active decision to stop posting under certain handles on X due to concerns, including brand safety.

The blackout on X extends beyond these companies’ corporate accounts, in some cases. For instance, the most high profile accounts affiliated with Disney have gone dark on X, such as @StarWars, @Pixar, and @MarvelStudios, which were previously posting multiple times a day on the platform to their millions of followers. Instead, these brands have switched over to the Meta-owned rival Threads, where they have started actively posting.

Here’s the thing. If enough brands stop posting to Twitter and instead post to other platforms such as Threads, people will follow and Twitter becomes less relevant. That in turn makes other advertisers say “why is my brand on Twitter as there’s less people here”? And they’ll go to where the people are. Which will make Twitter even less relevant. Ultimately, it will end with Twitter being driven into extinction and Elon Musk looking like the loser that he is for paying $44 billion for a company and running it into the ground due to his on ineptitude. Frankly that’s what he deserves given his behaviour over the last year.

1 Comment »

Fact: Despite What Some Say, NameDrop Is Safe

Posted in Commentary with tags on November 28, 2023 by itnerd

Some warnings have recently appeared that claim that Apple’s NameDrop feature that appeared in iOS 17 and allows you to share information when you bring two iPhones or Apple Watches together isn’t safe. Specifically, police departments in PennsylvaniaOhioOklahoma (these are Facebook links) and other places posted similar Facebook messages warning about the privacy risk of NameDrop. Specifically, that any miscreant can bring their phone next to yours and get your contact info.

The fact is, this is completely inaccurate. Here’s why:

  1. NameDrop only works if your Apple device is within a few centimetres/a couple of inches of another one.
  2. Both iPhones need to be unlocked for NameDrop to work, and you have to pick which pieces of contact information you want to share.

In other words, you would not only know that someone is trying to get your contact info, but you would have to authorize the sharing of contact info. The ability to share contact info without your knowledge simply doesn’t exist. And that shouldn’t be a shock to anyone given how Apple tends to roll when it comes to security and privacy.

Having said that, if you really want to turn off NameDrop because you’re concerned about this feature, here’s how you do it:

  • Tap on the Settings app on your iPhone
  • Tap on General
  • Tap on AirDrop
  • Turn off the button for “Bringing Devices Together.”

But honestly, this who NameDrop is a risk thing is overblown and inaccurate. NameDrop is safe and the police departments who are freaking out about it are doing so for no reason. Until someone shows up with some actual evidence based on demonstrable facts, you should move on to paying attention to something that actually matters.

Leave a comment »

Elon Musk’s Lawsuit Against Media Matters Has Resulted In Him Being Introduced To The Streisand Effect

Posted in Commentary with tags on November 27, 2023 by itnerd

First some background. Here’s a definition of the Streisand effect:

The Streisand effect is an unintended consequence of attempts to hide, remove, or censor information, where the effort instead backfires by increasing awareness of that information. It is named after American singer and actress Barbra Streisand, whose attempt to suppress the California Coastal Records Project‘s photograph of her cliff-top residence in Malibu, California, taken to document California coastal erosion, inadvertently drew far greater attention to the heretofore obscure photograph in 2003.

Now here’s how it applies to Elon Musk. His lawsuit against Media Matters for exposing antisemitic posts on Twitter being served up beside ads from big name advertisers, who then pulled their ads from Twitter, is has basically resulted in the Streisand effect coming into play according to TechDirt:

in making a big deal out of this and filing one of the worst SLAPP suits I’ve ever seen, all while claiming that Media Matters “manipulated” things (even as the lawsuit admits that it did no such thing), it is only begging more people to go looking for ads appearing next to terrible content.

And they’re finding them. Easily.

As the DailyDot pointed out, a bunch of users started looking around and found that ads were being served next to the tag #HeilHitler and “killjews” among other neo-Nazi content and accounts.

SLAPP stands for Strategic lawsuit against public participation by the way. But I digress. The point is that he’s adding to the reasons that Media Matters is going to win this lawsuit. The fact is that what they said is true and evidence of antisemitism and Nazi posts are easily found if you go looking for them. And you apparently don’t have to try all that hard to find them. The only lawsuit that’s going to be even easier to win than this one is the dBrand vs. Casetify lawsuit. The fact is that Elon is going to get pwned in court as well as the court of public opinion at the rate he’s going. Thus if he were smart, he’d make this go away and do something more than go on the apology tour that he’s planning to go on. But as has been proven recently, he’s not smart. Which is why this will be one more thing that hurts him.

Leave a comment »

The Buffalo Sabres Team Up With Fubo TV

Posted in Commentary with tags on November 27, 2023 by itnerd

Fubo TV today announced they have entered into a multi-year partnership to expand streaming capability of over 40 Buffalo Sabres games into the Niagara region of Southern Ontario, beginning November 27th. This partnership signifies the first time the Buffalo Sabres’ MSG broadcast will be available to fans in Southern Ontario since 2015-16.   

In addition to in-game coverage, Fubo will also stream pre- and post-game coverage of Sabres hockey including but not limited to pre-game breakdowns, highlights, exclusive interviews and studio analysis. Fubo subscribers residing in zip codes in which Sabres broadcasts will be available will have access to all Buffalo Sabres game content and shoulder programming on the newly launched Fubo Sports Niagara channel.  

Additionally, to celebrate this new expansion, Buffalo Sabres season ticket members are eligible to receive an exclusive offer for a 30-day free trial of Fubo, while non-season ticket members are eligible to receive an offer for a 14-day free trial.   

Buffalo Sabres games will be available on Fubo to Niagara region subscribers beginning with Buffalo’s road contest against New York Rangers tonight.   

Leave a comment »

New Secure AI System Guidelines Agreed To By 18 Countries

Posted in Commentary with tags on November 27, 2023 by itnerd

The US, UK, among 16 other countries have jointly released secure AI system guidelines based on the principle that it should be secure by design:

This document recommends guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.

This document is aimed primarily at providers of AI systems who are using models hosted by an organisation, or are using external application programming interfaces (APIs). We urge all stakeholders (including data scientists, developers, managers, decision-makers and risk owners) to read these guidelines to help them make informed decisions about the design, development, deployment and operation of their AI systems.

 Anurag Gurtu , Chief Product Officer, StrikeReady had this comment:

The recent secure AI system development guidelines released by the U.K., U.S., and other international partners are a significant move in enhancing cybersecurity in the field of artificial intelligence. These guidelines emphasize the importance of security outcomes for customers, incorporating transparency and accountability, and promoting a secure organizational structure. They focus on managing AI-related risks, requiring rigorous testing of tools before public release, and establishing measures to counteract societal harms, like bias. Additionally, the guidelines advocate a ‘secure by design’ approach covering all stages of AI development and deployment, and address the need to combat adversarial attacks targeting AI and machine learning systems, including prompt injection attacks and data poisoning.

The fact that 18 countries agreed on a common set of principals is great. The thing is that more nations have to do the same thing. Otherwise you may still have AI that is closer to the “Terminator” end of the spectrum rather than being helpful and friendly.

UPDATE: Troy Batterberry, CEO and founder, EchoMark had this comment:

   “While logging and monitoring insider activities are important, we know they do not go nearly far enough to prevent insider leaks. Highly damaging leaks continue to happen at well-run government and commercial organizations all over the world, even with sophisticated monitoring activities in place. The leaker (insider) simply feels they can hide in the anonymity of the group and never be caught. An entirely new approach is required to help change human behavior. Information watermarking is one such technology that can help keep private information private.”

UPDATE #2:  Josh Davies, Principal Technical Manager, Fortra adds this:

The AI arms race and rapid adoption of open AI systems* have created concerns in the cyber security sector around the impact of a supply chain compromise – where the AI source code is compromised and used as a trusted delivery mechanism to pass on the compromise to third party users. These guidelines look to secure the design, development, and deployment of AI which will help reduce the likelihood of this type of attack.

As systems and nation states are increasingly interdependent on each other, global buy in is crucial. We have already seen how collective security is important, otherwise threats are allowed to grow, become more sophisticated, and attack global targets. Ransomware criminal families are a prime example. This levels the playing field by homogenising guidance across national states and limiting a race to the bottom with AI tech.

The guidelines recommend the use of red teaming. Red teaming surfaces the gaps in systems, and security strategies, and ties them directly to an impact. The AI Executive Order also mandates red teaming to identify flaws and vulnerabilities in AI systems. Mandating red teaming future proofs these guidelines (and other regulations) as it is hard to anticipate the threats of tomorrow and the appropriate mitigations – especially at the pace governments can legislate. It’s an indirect way of saying you need to make sure that your security strategies are always up to date, because if not, attackers will surely find and expose your gaps. This is important as we have seen other security regulations quickly become outdated and redundant as controls cannot be agreed upon and updated at the pace required to achieve good security.

Will we see adoption? Or does it just serve to re-assure the public that AI issues are being considered? What is the consequence of not following the guidance? I would hope to see soft enforcement through the exclusion of organisations that cannot show adherence to guidance from government or B2B collaborations.

Without any punitive measures, a cynic would say organizations have no motivation to implement the recommendations properly. An optimist might lean on the red team reports and hope for buy in on reporting flaws and issues, removing the ‘black box’ nature of AI which some executives have hid behind, and opening up these leaders to the court of public opinion if there is evidence they were aware of a flaw and did not take appropriate action, resulting in a compromise and/or data breach.

These guidelines are a step in the right direction. They pull together key AI stakeholders, from nation states and industry, and call for collaboration and consideration of the security of AI. Hopefully this is a continued theme, as we’ve seen with the United States AI executive order, and that AI systems are developed responsibly, without stifling innovation and adoption.

My personal opinion is that the real value we might see from such collaboration will be when we do see a large-scale AI compromise. Hopefully the involved parties are brave enough to lift the lid on what happened so everyone can learn how to be better prepared, and we can define further guidance (preferably as a requirement) beyond just secure build practices and a general monitoring requirement. But this is a good start.

Is it ground breaking? In my opinion, no. Security teams should already be looking to apply the principles outlined to any technological development. This has taken long standing DevSecOps principles and applied them to AI. I would expect it will have the most impact on startups entering the space, i.e. those without an existing level of security maturity.

*open source data sets, i.e. the internet, not OpenAI the company

Leave a comment »

« Older Entries
Newer Entries »