The Future of Almost Everything, page 6
Your bank sees an unusual pattern of purchases from strange locations – and creates a Fraud Alert.
Amazon predicts which products to stock in warehouses close to your home, before you order them. This is somewhat similar to a supermarket tailoring the product ranges in each store according to the previous buying habits of that community. Amazon’s calculations are based on your shopping habits, age, income, even on how long your screen cursor lingers over a button.
Tesco led consumer marketing using Big Data, with its loyalty card in the UK. From the data it collects, it is able to come up with tailored, eye-catching offers for a specific customer.
A political party tracks public opinion on social media. Corporations also track reputation in the same way.
Los Angeles police use past crime data to predict areas where new crimes are most likely – sending in extra officers. Result: 26% fall in local burglaries.
The Pentagon looks for hidden patterns in aerial footage from drones, links between regular events on the ground, and local explosions or attacks.
Big Data cracked open the Enron scandal, when pattern recognition revealed that dodgy deals were all given the names of exotic birds.
The World Health Organisation and Google monitor the spread of viral epidemics such as ebola by looking for new patterns in Search requests in different towns and cities.
Weather agencies look for patterns in readings from tens of thousands of sensors around the world, going back over decades, to improve long-range forecasts.
Employers look for patterns in what people do at work – to detect fraud in banks, for example, or to monitor use of office space; or as part of knowledge-management systems, to build up a picture of who knows what, and where expertise is in particular areas.
Location-based marketing is the next big thing
In a mobile world, the most important thing to know about any customer is where they are right now, and where they have been. That tells you a huge amount about how they are likely to be feeling and acting, especially when combined with other data we have.
Here’s an example of location-based marketing. Coca-Cola has an app that records your favourite drink, and a vending machine that can produce infinite variations to create a customised drink for you. As you walk around, Coca-Cola can (with permission) see where you are. If you are close to a machine, it tells you. As you approach, it makes the drink, and as you pick it up, the machine charges your phone.
Leaking personal data in every taxi ride
Here is another example. I step into a London taxi where a screen is running a news item. The taxi detects the RFID in my glasses. So the taxi now knows:
I am wearing variable lenses – so I need reading glasses. That means I am probably over 50 years old.
I am wearing male designer glasses – so I am a man who also likes premium brands.
I am on a journey from A to B in the centre of London on a Tuesday afternoon.
The taxi monitor then starts running a customised advert: ‘Have you thought about laser correcting eye surgery? We are offering a 25% discount at our London clinic if you call us in the next ten minutes.’
My mobile phone company can also see that I am on the move, after making my way slowly down the street. A logical deduction is that I have just stepped into a taxi or bus. Pattern recognition shows that this usually happens at around this time of day, on Tuesdays and Thursdays. So now the telco can make a good guess about my destination, based on my usual habit. The company may also be seeing most of my online purchases and web searches. Some may think this kind of customer monitoring is frightening, but it is already happening, in subtle ways that few are fully aware of.
A personal guide on your journey of life
In a digital, multichannel, social media world, the key to marketing will not be shouting the same message at millions of people, but becoming an expert advisor or friend to each customer along their own journey of life.
Half of all 16–24-year-olds in the UK already use social networks or mobiles to send messages while watching TV, for example – undermining the impact of advertising breaks. Second screens are used to talk about programmes, not interact with them. The same is happening across the world from South Korea to Russia, Mexico to Nigeria.
As I say, marketers already see far more data than most customers realise, and it is easy to make customers feel very uncomfortable, if they reveal too much of what they know.
Who is watching you right now?
I have sat at a screen in front of a web page and watched individual letters and numbers appearing in a web form, in real time, as they were being entered by a customer living in another city. The customer was totally unaware that they were being closely monitored, second by second.
Imagine you are following someone online who is trying to buy a very expensive holiday. You see that she has entered her passport number three times incorrectly, her mouse is hovering, you sense her frustration, and fear she is about to give up. Do you phone the mobile number she entered earlier and say: ‘Hello, is that Mary Jones? I see you are having trouble with entering your passport number on our web page. Would you like me to take it from you over the phone?’ Or do you wait 20 minutes and pretend to be making a random sales call from the company? Answer: don’t interrupt her. Use the data to learn how to improve your web form, and phone her in a couple of hours.
Little Data will matter even more than Big Data
Big Data is about spotting a pattern, but Little Data is all about spotting a person. Most large companies need to take very small elements of their Big Data, and focus on little things to make a practical difference to customers – or they will get buried in analysis. Billions of dollars will be wasted over the next decade by companies on useless Big Data systems that produce nothing except frustration.
Let us imagine a wealthy telco customer. He likes sailing, and is about to buy a yacht. Here is the Little Data picture and how it develops towards the sale:
web page searches on his smartphone for yachts and marinas – over months
visits to marinas, many of them
purchases of yachting magazines
several holidays over 18 months, payments to yacht charter companies
web searches for yacht finance, yacht insurance, yacht ownership
smartphone sees the person arriving at national Boat Show, the largest selling event in the calendar for yacht manufacturers.
Smarter marketing messages
Many months before the boat show, the phone company or bank should have been sending apparently fairly random messages from time to time about boats, or displaying them in Facebook ads, on YouTube video clips, next to web pages, and so on, for example:
‘Tips for a great sailing holiday’
‘Taking the family – sailing in Greece’
‘Owning a boat is very affordable’
‘You will be pleased to know that we have reviewed your account and pre-cleared you for a low-interest loan of up to €50,000 if you want to buy a new car, yacht, motorboat. Click here if you are interested.’
And the genius about such online marketing is that the company pays nothing for all these ads to appear on all those screens, and is only spending money if the targeted customer actually gets as far as clicking on one of them to take things further. ‘Pay per click’ campaigns have completely revolutionised the way marketing budgets work.
Next-generation Cloud Computing
Let us turn now to the third element in the next digital revolution, Cloud Computing, which already affects us all, and will impact every corporation in radical ways. This too offers huge benefits, and creates huge risks.
Back in the early 1970s, all computer power was centralised, was accessed by terminals and long computer cables. Then in 1975 came personal computing, where each person had their own intelligent machine. My first company was an IT startup using the world’s first desktops with a maximum memory of 32,000 characters, to run medical records, payroll, word processing and health diagnosis. By 1980 desktops were more powerful than supercomputers a decade earlier.
Now we are going full circle and once again (almost) all computer power is being centralised, accessed by mobiles connected via wireless networks. The ‘cloud’ power used by your mobile device will be infinitely powerful.
An early example of cloud power was speech recognition. The best systems need huge memory and speed, way beyond the capability of any small device. Far more efficient to send speech by phone to some distant site and have it instantly decoded.
All humanity will be found in the Cloud
More than 90% of all web users globally are already using cloud-based email, or sites such as Facebook, LinkedIn, YouTube, Twitter or Instagram. Cloud computing will also grow rapidly as a means of preventing data loss – backing up automatically the contents of every computer or mobile.
But the real power of the Cloud has yet to be seen. ‘Software as a service’ will be rented by the day, week or month or year, running in the Cloud, rather than on your own machine. The savings can be colossal, not only in development, but also in keeping software updated.
SalesForce is a prime example of the new cloud world – designed to set up and run call centres almost instantly and manage customer relationships. SalesForce has capabilities that very few global corporations could possibly afford to develop on their own, with 12,000 employees and a budget of over $3bn a year.
Corporations will shift many different elements of their existing IT infrastructure into the Cloud – in many cases by setting up private clouds. At the same time, boardroom debates about risks from cloud attacks and loss of critical data to criminal gangs or competitors will intensify, especially in banking and financial services. And the larger clouds become, the more they will attract hackers.
Cyber-crime – one of world’s greatest threats
Add the trio of Internet of Things, Big Data and Cloud Computing to the world of telcos, mobile devices and personal computers, and we can begin to see what a cluster of mega-risks we have created, almost by accident.
Never in human history has it been possible for one person, sitting in a bedroom at home in a distant land, to create such havoc and chaos, to seize such power. Cyber-crime will therefore be one of the greatest threats to our world over the next 50 years, and far beyond, into centuries to come. There is no way back from such a future, except by dismantling all the global e-systems that link us increasingly together.
As I predicted, every large company in the world is now experiencing frequent cyber-attacks, on their own systems or in the Cloud, whether they realise it or not. The Centre for Strategic and International Studies has estimated total cost to business to be around $300bn a year.
Losses are likely to be more than $1 trillion a year by 2025, especially if we see wide-scale attacks, sponsored by hostile governments. We are not just talking about attacks on traditional targets like bank websites, but also commercial aggression like the blackmail of Sony, after the company released a controversial film about North Korea.
There is nothing new about web abuse. At least 80% of the 247 billion emails sent every day are spam, many of them so-called phishing attacks, pretending to be from a bank, encouraging people to enter passwords.
Expect 10 billion separate attacks a year
McAfee is already detecting over 600 million new and different computer viruses, malware or Trojan horses every year – several per second. Pharma, chemicals, mining, electronics and agricultural companies are seeing increases of 600% a year in malware attacks. Energy, oil and gas attacks are growing by 400%. Attempts to steal data from retailers are doubling every 12 months.
In many cases, tens of millions of credit card details have been stolen. A company called Target lost data on 70 million people in a single attack. A single contractor in South Korea managed to steal personal information on 20 million credit card users, more than half the country’s working population. Two years previously, personal data on 35 million South Koreans was stolen from Cyworld, a popular social network.
A billion people’s personal details will be stolen
Similar attacks have happened across the world. Hackers recently stole personal details of 213 million eBay users. Sony lost the details of 100 million clients to a hacker. The Heartbleed bug caused huge damage in 2014 as it swept globally, invading the websites of many multinationals, retailers, banks and email companies.
Another example was a major attack on JP Morgan Chase – following a sustained assault with tens of thousands of separate attacks each day over many months, mostly traced to Russia. In these attacks 76 million names, addresses, telephone numbers and email addresses were stolen – affecting two thirds of all households in America.
Why hackers will often escape prosecution if caught
I have met bankers who don’t prosecute or even sack staff who hack into their own bank systems. ‘Just thought you should know… Of course I should probably leak the news or publish the account names.’ Terrified of bad publicity, they pay them off, give them a wonderful reference, and let them go and work for a competitor – where exactly the same thing is likely to happen again. There is no legal requirement in most countries for any bank to report when they have been hacked and lost data, which means that most attacks will never be known, and the true scale is far larger than most people think.
Even the most basic bank security can be pitifully weak. I remember when, shortly before spending a day advising the board of a Swiss bank, I decided to carry out a test of my own. Without being challenged, I managed to walk right into a high-security area using the oldest tricks in the book: distracting reception staff, and gently pulling apart sliding security doors with my fingers.
Large corporations will be forced to encrypt stored data
All IT and smartphone companies will step up personal security with end-to-end encryption during data transmission, and encryption of all data ‘at rest’ stored on servers. It is really shocking that most banks still do not encrypt data on their servers, so once a hacker gains entry, which they do in every large bank several times a year, they usually have no trouble at all reading files. It was very careless of Sony to allow hackers to so easily read all their archived emails, contracts and other documents. Best practice will mean universal encryption, which makes a large attack significantly more difficult for hackers.
Customers will be urged to set up two-step authentication, with confirmation of passwords using codes sent to mobile devices. As a result, expect dramatic growth in attacks on telco companies and all mobile devices, as people try to hack into SMS and intercept these codes. In 2014, such attacks grew more than a hundred times over the previous year.
Cyber-war – a new kind of Cold War
Expect many significant large-scale cyber-attacks against nations and groups of enterprises over the next two decades, often directed by criminal gangs rather than government staff, paid for by secret agents of other countries. The largest of these attacks are likely to form part of next-generation conflicts/disputes between nations, paralysing entire government agencies for days, causing major disruption to banking and telecommunications, damaging utilities such as power stations or parts of the national grid.
It is already happening: for example, a blast furnace in a steel mill was hit by hackers in Germany recently, causing parts of the plant to fail. But for understandable reasons, most successful attacks on major installations will be kept strictly secret, in the national interest. An increasingly common trick will be to hijack thousands of computers with a virus and order them to attack a corporate website, with multiple visits every second. The site then crashes – until a ransom is paid (Denial of Service).
Cyber-attacks on people, companies and nations
Cyber-attacks are easy to carry out on physical web infrastructure too. For example, most bandwidth in the world is carried on a few, very vulnerable, fibre-optic cables. Cutting them is very easy – all you have to do is drag a ship’s anchor along a sea bed to snag them. And it is very hard to detect which ship did it, especially in relatively busy shipping areas. Recent cable damage reduced web access in India by 70%, Egypt by 60%, and with many other nations affected in the Middle East. In another episode, divers were arrested off the coast of Egypt in the act of sabotage.
For all these reasons, NATO includes cyber-attacks as one of the events that could trigger a joint response by the Alliance. However, it will be almost impossible to prove who is really behind such attacks, and therefore impossible to retaliate effectively. The US Navy is being hit on a routine basis by over 100,000 separate online attacks every hour, according to Hewlett Packard. But from where and by whom and for what purpose?
Sometimes debris is left by accident, which gives clues about origin – for example naming a piece of code, deeply encrypted inside a complex virus, after a popular TV comedian in a particular country. But subtle clue-dropping can also be a deliberate decoy, used by secret services or gangs to cast blame on an innocent nation.
Viruses designed to control entire countries
Energetic Bear is a cyber-espionage weapon that infected vital parts of Europe’s energy infrastructure during the Ukraine–Russia–EU crisis. It targeted a wide range of industrial control systems, national grids, power stations, wind turbines, and biomass fuel plants. It was designed to monitor energy use in real time and to disable systems on command – but on whose command? Future energy viruses will target smart grids and smart homes – imagine the impact, for example, of a hacker from a hostile state or group turning on 15 million air conditioners simultaneously, causing instant power cuts.
A few weeks after the discovery of Energetic Bear, Russian telecom and health companies, utilities and government agencies discovered that they too had been hit by one of the most deadly and sophisticated clusters of viruses ever created, called Regin. The cluster was designed with multiple Apps to steal passwords, extract information on a huge range of systems, and take total control of many different types of industrial equipment.
