Teleclick - Technology, IT & Marketing Blog News

Federal employees have been banned from using the Chinese-based TikTok video app on Canadian government-issued computing devices.

“Effective Feburary 28, the TikTok application will be removed from government-issued mobile devices,” Treasury Board president Mona Fortier said in a statement today. “Users of these devices will also be blocked from downloading the application in the future.

“Following a review of TikTok, the Chief Information Officer of Canada determined that it presents an unacceptable level of risk to privacy and security.”

The decision to remove and block TikTok from government mobile devices is being taken as a precaution, the statement says, particularly given concerns about the legal regime that governs the information collected from mobile devices, and is in line with the approach of our international partners. On a mobile device, TikTok’s data collection methods provide considerable access to the contents of the phone.

“While the risks of using this application are clear, we have no evidence at this point that government information has been compromised.

“For the broader public, the decision to use a social media application or platform is a personal choice. However, the Communications Security Establishment’s Canadian Centre for Cyber Security (Cyber Centre) guidance strongly recommends that Canadians understand the risks and make an informed choice on their own before deciding what tools to use.”

Treasury Board is responsible for advising the government on digital standards for federal employees.

The announcement comes after Canada’s federal privacy commissioner, along with three provincial privacy commissioners, last week started an investigation into TikTok, examining how the video-streaming platform collects the personal data of Canadian users.

The investigation is beginning now because class action lawsuits in the United States and Canada have been settled, the commissioners said in a statement.

It also comes after Washington issued a ban in December on U.S. government employees using TikTok on federal devices. In February the European Commission suspended the use of the TikTok application on its corporate devices and on personal devices enrolled in the commission’s mobile device service. Employees have until March 15th to remove it from their devices.

TikTok is owned by ByteDance of Bejing. According to Newsweek, ByteDance is not actually registered in China, but is incorporated in the Cayman Islands.

There are allegations the company is close to the Chinese government. While the company insists its Singapore-based CEO, Shou Zi Chew, is independent, last month the New York Times said 12 former TikTok and ByteDance employees and executives believe his decision-making power is limited.

“Decisions about the service — including moves to emphasize livestreaming and shopping on TikTok — are made by Zhang Yiming, ByteDance’s founder, as well as by a top ByteDance strategy executive and the head of TikTok’s research and development team, said the people, who declined to be identified for fear of reprisals,” the article says in part.

Shou Zi Chew is scheduled to testify before the U.S. Congress on March 23rd, according to CNN. This follows the company’s COO’s testimony before Congress last September.

There are also fears that TikTok could gather the private data of subscribers.

Last June, Buzzfeed reported on leaked audio from more than 80 internal TikTok meetings showing China-based employees of ByteDance have repeatedly accessed nonpublic data about U.S. TikTok users.

In December, Forbes reported that an internal investigation by ByteDance found that employees tracked multiple journalists covering the company, improperly gaining access to their IP addresses and user data in an attempt to identify whether they had been in the same locales as ByteDance employees.

In August, 2020, Public Safety Canada recognized growing international concern about TikTok and alleged privacy concerns in a research note quoting news media.

Being dropped by the general public in Western nations because of these allegations would be costly to TikTok and ByteDance because of the huge usage of the app around the world. In an attempt to diffuse criticism in the U.S., TikTok last year created a new division called U.S. Data Security (USDS) “to bring heightened focus and governance to our ongoing efforts to strengthen our data protection policies and protocols, further protect our users, and build confidence in our systems and controls in the United States,” the company said.  The goal is to minimize TikTok employee access to U.S. user data and minimize data transfers across regions – including to China, it said.

“Tiktok has essentially tried to prove that its data is walled off, so that its U.S. data stays in the U.S. and its China data stays in China,” Kendra Schaefer, the head of tech policy research at the Beijing-based consultancy Trivium China, was quoted as saying in Fast Company. “But it’s been hard to assuage U.S. policymakers.”

The post Canada bans employees from using TikTok on federal devices first appeared on IT World Canada.

Customer experience and changing expectations in accessing government services was a key discussion at Technicity GTA last week. 

Karthik Venkataraman, director of IT services, Town of Newmarket, Cielo Medel, chief information officer (CIO), City of Mississauga, Gary Yorke, director of customer experience division, City of Toronto and Beckie Jamieson, director of corporate services and clerk, Township of Scugog, shared their insights on the matter in a panel moderated by Mai Nguyen, head of government relations and public policy at VMware Canada.

The panelists kicked off the discussion by revealing the stumbling blocks that their respective municipalities face in implementing new technologies to streamline access to services for residents.

Collaboration across various departments and organizations, as well as partnerships with the private sector, help government leaders keep up with technology, update their legacy systems, and ensure that there are sufficient resources, staffing and technical help to face time-consuming roadblocks like budget cycles and council initiatives, explained Venkataraman.

The siloed structure of government teams is a challenge for the City of Mississauga also, Medel stated. “We have two levels of government: we have both the municipality and the region. The resident’s interaction starts with the municipality, but it has to flow through the region. So that alone provides a greater depth of access for the public.”

With 44 different levels of enterprise interaction within the city of Toronto, and each entity feeling like they own the customer or a fragment of the customer experience, delivering streamlined and consistent services to residents remains a challenge, Yorke added. “The city has to remember and be humble in the fact that we provide services. The group that owns the relationship with the public is council and the office of the mayor. We provide services.”

The biggest challenge in a smaller municipality like Scugog is being compared with and pressured to move at the same pace as larger municipalities while navigating outdated systems with very limited resources and budget, Jamieson explained. 

Here are some of the measures, highlighted by the panelists, that their municipalities have taken to improve customer experience:

1. Township of Scugog

 Implementing new software for building and planning applications, and launched a new Bylaw application.
Partnered with Region of Durham to launch the first phase of myscugog.ca

2. Town of Newmarket

 Building a new integration platform that standardizes the procurement of new technology, based on what it calls a LB (load balancer) API.
giving guidance on the use of these new technologies so that the service delivery department keeps up with the new standards.
Holding more hybrid council meetings that led to increased citizen interaction and engagement at a council level

3. City of Toronto

 Digitized all 600 types of service request, transitioning from a multi-channel environment to an omni-channel environment, looked at cost per transaction dropping from $11 – $16 (per service request calls) to 10 cents – $1, post digitization.
Developed the award-winning 311 Toronto mobile app, capable of handling over 600 categories of service request.

4. City of Mississauga

Invested in the ease of use and reliability of the mississauga.ca website
Being transparent in the use of residents’ data . 

The panelists also acknowledged that engaging with frontline employees, getting their feedback and finding what tools and resources they need to be successful has helped deliver efficient frontline customer service.

“Don’t be afraid to bring any idea forward,” said Jamieson. “It may not be possible, but we’ll definitely consider it and see if we can find a way to incorporate it.”

Watch the full panel here.

The post Technicity GTA 2023: Improving customer experience with technology first appeared on IT World Canada.

Most municipalities are different from organizations in the private sector, however, they have one thing in common: the need to prioritize their data to meet privacy and security obligations.

During an online cybersecurity panel at this month’s Technicity GTA conference, speakers from the municipal sector made it clear doing that is no different from the way profit-making firms do it.

“It’s critical that the information security team spend time with business leaders to understand questions such as how long would it take to retrace all of our engineering drawings, how much lost productivity would we have if the ERP system was unavailable for a week?” said Brent Capp, IT security and risk officer, for the town of Newmarket, Ont.

“Using this information we can start to tell a story of how critical an asset is, what it’s worth from a service delivery perspective.”

It starts with collaborating with the city clerk’s office, with business owners and data custodians who can help identify data based on its classification, agreed Maneesh Agnihotri, interim CISO of the city of Toronto. Then, he said, based on the data classification, infosec leaders can look at the security infrastructure and everything around it that supports the safekeeping of that data.

“So the first step is to have that discussion, to identify what is the key data in the organization, where is it housed, and how do we secure that?”

That led moderator Richard Freeman, Ricoh of Canada’s portfolio manager for enterprise workflow solutions, to ask how municipalities can balance the security needs of users — internal and taxpayers — with the need to protect data.

Kush Sharma, director of municipal modernization and partnerships for the Municipal Information Security Association of Ontario, reported that 92 per cent of respondents to a recent poll of members said municipalities should first focus on critical infrastructure — such as the water system, public transit, solid waste and the voting system — before what they called traditional IT.

“What you don’t want is the water system to be breached. If Microsoft Office 365 and your documents go down, or maybe you can’t process some financial statements, that can be fixed. But if your water system goes down there are life-safety issues. If we can try to balance the resources we have as municipalities and focus on the critical infrastructure components …. that would be a good start.”

Finding information is vital, panelists said. Capp noted that IT business system analysts and the records management team will help with the lesser-known areas where personally identified information is stored. They are experts at collaborating with different business units and know where some data is “unofficially” stored.

“Sometimes you’ll find people are storing PII somewhere because it’s convenient and helps them get from point A to point B faster. The more we understand the use cases for these temporary or alternate use cases, the easier it is to work with the business units and improve the security posture,” he said.

The panel also touched on cyber insurance. Roland Chan, CISO at Toronto Metropolitan University, said that because rates depend on what organizations are doing to protect themselves, his institution makes departments aware of the importance of good cybersecurity practices.

Many municipalities won’t be able to qualify for insurance based on the heightened cyber controls insurers are asking for, warned Sharma. Even if they do, insurers may declare a cyber incident is excluded from coverage because it is part of an ‘act of war’.

Any municipalities smaller than a city may have to look at self-insurance, he advised, or group with other municipalities to self-fund themselves.

“Organizations have to understand insurance isn’t a cyber control,” said Agnihotri. “It’s part of your remediation, it’s part of your recovery. So what is driving this now is how fast can we improve and mature our security posture.”

Finally, asked for tips on improving employees’ cybersecurity awareness, Sharma urged infosec leaders to stop thinking of themselves as technical experts. “We need to translate and communicate better to the leadership that we are a critical business function within the organization,” he said.

The post Technicity GTA 2023: How municipalities prioritize data security first appeared on IT World Canada.

TekSavvy’s application to the CRTC to address issues of undue preference arising from off-tariff agreements (OTAs) stirred up a hornet’s nest, with interventions pouring in from sympathizers and critics alike.

OTAs were permitted by the CRTC in 2012, allowing carriers to enter into negotiated wholesale agreements with competitors that deviated from the Commission’s normal rate regime.

But with the embattled Rogers-Shaw merger at stake, a new policy direction pushing for competition and innovation, and the meteoric rise in cell phone service bills over the past decade, the OTAs dispute could not be more relevant.

TekSavvy’s Part 1 application, filed on Jan. 20, refers to two alleged instances of undue preference. First is the OTAs that Rogers has entered into with Vidéotron as a remedy to enable the closing of its C$26 billion acquisition of Shaw. The wholesale arrangements will confer on Vidéotron favourable rates and terms for access to backhaul, domestic roaming, and Third-Party Internet Access (TPIA), not available to other competitors.

The second instance concerns Bell which, according to the independent ISP, is providing its newly-acquired EBOX Inc. with access to wholesale FTTP (fibre-to-the premises) services that are not available to other competitors and for which there are no wholesale tariffs.

Pending the outcome of this investigation, TekSavvy is asking the CRTC to void the wholesale agreement between Rogers and Vidéotron or order Rogers to extend the same rates and terms to all competitors. Bell should also be ordered to offer competitors aggregated wholesale access to FTTP service speeds it has provided EBOX, Teksavvy said.

The application gained support from advocacy groups like OpenMedia, Public Interest Advocacy Centre (PIAC), Competitive Network Operators of Canada and competitor carriers Globalive, TELUS, and Community Fibre Company.

Globalive, one of the most vocal critics of the Rogers-Shaw merger, argued that these wholesale arrangements will have a negative impact on its re-entry into the wireless market. Globalive also said it is preparing its own Part 1 Application to the CRTC regarding the these wireless-specific arrangements and related specific remedies.

PIAC contended that the CRTC allowing OTAs was “the beginning of a slow death for wholesale competition”, adding, “it is no surprise that a system ripe for abuse and secrecy, in the absence of rigorous Commission oversight, was indeed abused and rendered largely inscrutable to both competitors and the public.”

Furthermore, OpenMedia claimed that its support for TekSavvy’s application represents a community of “nearly 300,000 people in Canada”. But it should be noted that the association attached a petition with only 31,886 signatures, senior consultant in the telecommunications industry Mark Goldberg pointed out in a tweet, adding that scanning through the signatures revealed many duplicates.

TELUS also showed support for TekSavvy’s request to investigate whether agreements between Rogers and Vidéotron violate subsection 27(2) of the Telecommunications Act but “takes no position” on whether a similar investigation in Bell’s case is warranted.

Shaw and Québecor, unsurprisingly, bared their teeth, lambasting TekSavvy’s plea to sabotage the side divestiture on which the Rogers-Shaw merger deal lives or dies. 

Since the 2012 decision, Shaw argued, at least 21 OTAs were entered into by carriers, and since 2015, dozens more. “In spite of the exponential increase in OTAs being entered into in the past decade, TekSavvy’s is the first Part 1 application alleging undue preference through an OTA, negating TekSavvy’s suggestion that OTAs are inherently problematic.”

Shaw added that the new policy direction does not justify a reconsideration of the entire OTA regime. “In fact, the prevalence of OTAs demonstrates that a robust market for wholesale internet services has emerged and is healthy. The current regime is achieving the Act’s objectives, while also helping to encourage all forms of competition and in doing so foster affordability in the market, all of which are consistent with section 2 of the new Policy Direction.”

Québecor, on the other hand, took the high road, saying that it is actually open to entering into an OTA with TekSavvy or any other carrier. The Quebec-based carrier said it can even offer the same wholesale arrangements as the one it currently has with Rogers. That, Québecor says, should be enough for the CRTC to see there is no undue preference whatsoever arising from its OTA with Rogers.

However, Québecor vouched for TekSavvy’s request to investigate Bell’s alleged instance of undue preference.

In response to TekSavvy’s accusations, Bell affirmed; “EBOX is now a division of Bell. Bell doesn’t provide EBOX with any wholesale services, telecom or other. There can be no agreement, off-tariff or not, preferential or not, between Bell & EBOX since they’re the same corporate entity.”

The post CRTC puts off-tariff agreements under scrutiny again first appeared on IT World Canada.

More lessons from the Russia-Ukraine cyber war, a US medical lab fined after theft of old data, and more.

Welcome to Cyber Security Today. It’s Monday, February 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

The first-year anniversary of the Russian invasion of Ukraine has spawned a lot of analysis of the cyber side of the war. One, from researchers at Florida-based ReliaQuest caught my eye. It has two conclusions about cyberattacks on businesses that information security pros should think about. First, some cybercrime groups are keeping their allegiance to Russia quiet. This is because after the Conti ransomware group said it was on the side of Russia, a Ukrainian security researcher leaked their communications in retaliation. As a result the gang’s operations were impaired. It allegedly has disbanded. Other cybercrooks that support Russia learned the lesson. They’re quiet about that support. The conclusion: Criminals are no longer focused on just chasing your firm’s money when they chose targets. Second, hacktivists aligned with Russia represent one of the biggest cyber threats to most businesses, the report says. These are groups launching distributed denial of service attacks. Both conclusions complicate things for security teams looking to attribute where attacks come from. My advice: Attribution is less important than a multi-layered defence. Crooks may have chosen your firm because it has revenue. Or because your government supports Ukraine.

An unknown threat actor is using the Discord messaging platform to host ransomware and malware sent to unsuspecting victims. According to researchers at Menlo Security, many of the targets are government departments in North America and the Asia Pacific regions. A typical attack starts with an email inviting a victim to click on a link to an app on Discord. The link goes to a malicious password-protected zip file. When opened it downloads malware. Lesson: Employees must regularly be reminded to not trust links in messages, especially if they’re the ‘Hey, try this.’ variety.

In January, IBM issued a patch to close a serious vulnerability in its Aspera Faspex file transfer tool. The hole serious enough that the U.S. government has added the bug to its catalog of known vulnerabilities being exploited by threat actors. US civilian government departments have until March 14th to install the patch. If your IT department uses this utility and hasn’t installed the update yet, do it fast.

By the way, also added to the patching catalog are two vulnerabilities to Mitel’s MiVoice communications platform.

An American lab that does DNA testing has agreed to pay US$200,000 to two U.S. states as a result of a data breach in 2021. The lab, DNA Diagnostics Centre, failed to properly use reasonable data security measures to protect sensitive personal information, the attorney generals of Ohio and Pennsylvania said. A hacker was able to copy and exfiltrate 28 databases. The thing is, those databases — which included patients’ social insurance numbers — dated back to a 2012 acquisition of a competitor. The lab didn’t realize it still had those databases. Lesson: You can’t secure your organization if you don’t know where all your data is. Or prevent it from being fined for the theft of data you don’t know you have.

News Corp., which owns Fox News, the Wall Street Journal and other media outlets, has admitted a data breach it discovered this month began as far back as two years ago. The Bleeping Computer news site says attackers got names, dates of birth, social security numbers, drivers licence numbers, passport numbers, financial and medical information on some employees. The attackers also accessed email and document storage systems. The suspicion is the attacker is affiliated with China and the goal was spying.

Scammers continue getting away with putting deceptive ads with links on search engines like Chrome. These ads fool unsuspecting victims who give away personal or financial information. One of the latest victims is journalist and author Cory Doctorow. He admitted on Twitter he was recently fooled by what he thought was a search engine link to his favourite Los Angeles-area takeout restaurant. He ordered a meal on the fake site, which sent the order to the real site — but secretly added 15 per cent to the tab. Luckily the restaurant spotted something wrong and canceled the order. But there are two questions: First, why can’t search engines do a better job at detecting fake ads, and second, how did a credit card company get fooled? For those who don’t know, an ad on a search engine looks like a description and link to a legitimate website. But if you look closely the word ‘ad’ or ‘sponsored’ will appear beside the company’s name. When people search for a product, relevant ads appear at the top of the results. You’ve got to to think carefully if you want to click on them.

Finally, can you trust the privacy descriptions developers write about their apps in Google’s Play Store? Maybe not, say researchers at Mozilla. They looked at 40 popular free and paid apps to see if their data collection policies align with what was disclosed on Google’s Data Safety Forms. Those are the descriptions that people who use the Play Store see. There were significant discrepancies between the apps’ own privacy policies and what shows on the Play Store, the report says. This is similar to a finding about apps in the Apple Store, the Washington Post found in 2021. Lesson: No app store platform is responsible for what app developers write about their products. In fact, if you look closely Google and Apple say that. Mozilla suggests platforms that distribute apps require developers to follow a standard disclosure form, just like companies that make packaged food have to put a Nutrition Facts label on their products.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Feb. 27, 2023 – More lessons from the Russia-Ukraine cyber war, a US medical lab fined after theft of old data, and more first appeared on IT World Canada.

Facebook’s parent Meta enters the AI fight with a surprising one-two punch, companies are already replacing workers with ChatGPT and remote work paranoia.

It’s Hashtag Trending for Monday, February 27th and I’m your host Jim Love, bringing you the top tech news stories for today.

On Friday, Meta, the parent of social media giant Facebook announced that it was entering the AI competition with a large language model that it claims will outperform OpenAI’s GPT-3.

If Meta’s announcement is to be believed, their new AI, called LLaMA, has two huge differences from OpenAI’s ChatGPT.  

First, Meta’s offering is ten times smaller.  

Second, Meta trained its AI using publicly available datasets, such as Common Crawl, Wikipedia, and C4, which makes the sourcing of the training much more transparent and allows the possibility that Meta’s model could be offered as open source.  And in a tweet issued by a project member Guillame Lample, it appears that making the model open source is a real possibility.

Lample states: Unlike Chinchilla, PaLM or GPT-3, we only use datasets publicly available, making our work compatible with open-sourcing and reproducible, while most existing models relay on data which is either not publicly available on undocumented.” 

The key to this breakthrough appears to be in what is termed parameter size. Parameters are the variables that a machine-learning model uses to make its predictions based on input data. Larger models typically are more capable of delivering much more complex answers. But since more parameters take exponentially more computing resources, if an AI could generate the same results with fewer parameters, it is capable of running with far less resources.  

Anyone who has tried to investigate ChatGPT and found the “server busy” message, has had direct experience of why a more efficient model can lead to greater usage.

Plus, a model with a reputed 10X efficiency advantage opens the way for ChatGPT style AI on devices such as PCs and possibly even smartphones. 

A copy of the link to Meta’s paper announcing their new model can be found in the text version of this podcast at ITWorldCanada.com

Sources for this include an article in ArsTechnica

Employers are already replacing workers with ChatGPT

Resumebuilder.com, an online app for resume development, surveyed 1,000 business leaders who already use or are planning to use ChatGPT. Nearly half of the companies have already implemented it, and of that roughly ½ of the companies who have adopted it, say they were already using it to replace workers.  

Resumebuilder’s Chief Career Advisor Stacie Haller said, “Since this new technology is just ramping up in the workplace, workers need to surely be thinking about how it may affect the responsibilities of their current job. The results of this survey show that employers are looking to streamline some job responsibilities using ChatGPT.

According to the survey results, some of the ways that companies are using ChatGPT include 66 per cent for writing code, 57 per cent for customer support and 52 per cent for meeting summaries and other documents. 

77 per cent of companies say they are using ChatGPT to help write job descriptions, 66 per cent to draft interview question and 65 per cent to respond to applications.

And in a news release from ResumeBuilder.com, the company reported that companies were extremely impressed with the results to date.  “Fifty-five per cent say the quality of the work produced by ChatGPT is ‘excellent’ and 34 per cent say it is ‘very good.’”

Haller noted that the “economic model for using ChatGPT is evolving.” But of the companies surveyed who were using it, nearly all said they’ve saved money, with 48 per cent saying they’ve saved $50,000 and 11 per cent saying they’ve saved more than $100,000. 

No wonder that 93 per cent said they plan to expand their use of ChatGPT.  A further note in from the survey – 90 per cent of executives say ChatGPT experience is beneficial for job seekers – provided of course, that it hasn’t already been used replaced their job.

Productivity paranoia?

Another survey, this one from Envoy.com claims that although 94 per cent of employees believe their managers trust them to do work from anywhere, only 24 per cent of those same employees trust their co-workers who work from home.

Larry Gadea, CEO and founder of Envoy said,
“Less visibility in the office is skewing perceptions and seeding a distrust of everyone and everything, starting from leadership and trickling down,” “Now, managers realize that the relationships and trust employees develop in person are critical to getting work done right, especially in today’s environment,”

There’s a significant gap between the responses of Gen Z, Millenials and Baby Boomers as well. Only 57 per cent of Gen Z “feel strongly they have the manager’s trust.” That’s compared with 71 per cent of Millenials and 77 per cent of Boomers.

But despite these differences, they are universally suspicious of their co-workers. Only 31 per cent of Gen Z, 23 per cent of Millenials, and 17 per cent of Boomers trust their colleagues to do work when working outside the office.

That distrust percentage varies radically based on whether the employees themselves work remotely or full time in the office. While 34 per cent of hybrid employees trust their colleagues, and only 10 per cent of those who work full time in the office feel the same way.

Almost all (98 per cent) felt that certain work is better done in the office. Training and onboarding, problem solving and brainstorming were favoured as in office by one half or more of the sample. Curiously, conflict management was only viewed by 37 per cent as more effective in the office and only 35 per cent thought that the office was best for meeting people from outside the organization.

One of the most telling statistics was in terms of the recent round of layoffs is that 92 per cent said that being seen at the office improves their job security.

Sources include: TechRepublic and envoy.com

And in more related news from what is the fastest growing app of all time, hackers are exploiting the popularity of ChatGPT to swindle unsuspecting users. 

ITWorldCanada.com’s security reporter, Howard Solomon reported a number of weeks ago that there were a number of applications in the Google Play Store which purported to be ChatGPT additions, but which actually contained malware or could potentially steal data or load malware to a user’s phone or PC.  According to a tweet by Dominic Alvieri, the number of those potentially malicious apps keeps growing,  Alvieri, , so devoted to security that he has reportedy deleted his own Facebook account –  reported that there were 1,453 domains registered this week including the words ChatGPT

One website, according to Alvieri, called chat-gpt-pc.online presented itself as a way to download ChatGPT as a local application for Windows. Alvieri found that the download would inject users with a malware called RedLine which stole information from the user’s web browsers. If, for instance, a user has passwords or credit card in information stored in their browser, this application could pull that information and send it to the hackers.

A report from cybersecurity firm Cyble discovered more than 50 fake ChatGPT apps. In addition to stealing data, one of these, called ChatGPT1 provides no AI services, but does covertly subscribe its victims to numerous paid services in an SMS billing fraud scheme.

Until such time as reliable listings of AI programs become available, the only reliable source of ChatGPT is at the OpenAI website or through the facility in the Bing web brower .

Despite layoffs, the average salary for tech workers in the United States remains in excess of six figures according to a leading salary database provider, Dice.com 

Dice’s 2023 Tech Salary report reports that “the average tech salary increased 2.3 per cent year over year to $111,000 (compared to $108,000) in 2022. Following a year of strong salary growth for tech professionals, the continued upward trend in average tech salary shows that tech skills and the professionals that provide them can still command high compensation because of sustained demand.

The top cities in terms of salaries had significant gains including Tampa, with a year over year increase of 22 per cent and Portland at 16 per cent.

Also, according to Dice’s analysis, six figure plus salaries for high tech workers are no longer limited to the coasts. Non-traditional tech hubs including Columbus, saw average tech salaries increase of 16 per cent year over year, and Phoenix saw salaries grew 26 per cent.

All of the top 25 cities for tech compensation boast an average salary over $100,000, and these locations are spread throughout the country.  For more information you can go to Dice.com/Salary Trends.

Source: Business Insider

And that’s the top tech news stories for today.  Hashtag Trending goes to air five days a week with daily news and we have a special weekend edition, bringing you an interview with an expert on some area of technology that’s making the news.

Follow us on Apple, Google, Spotify and anywhere you get your podcasts. You can get us on your smart speaker and instructions for that can be found on our podcast page at www.itworldcanada.com/podcasts where you can also find links mentioned in this podcast. 

If you are interested in cybersecurity, why not check out our sister podcast Cybersecurity Today. 

As always, we are glad to hear from you – a shout out to a couple of people who wrote me over the weekend and thanks for your comments. As always, I’ll take the time to respond personally to each of these and we will be working to incorporate your great suggestions. Your ideas and your comments help us serve your information needs better. Keep ‘em coming.

Thanks. I’m your host Jim Love – Let’s make it a great Monday!

The post Hashtag Trending Feb. 27th- Meta enters the AI battle; companies replace workers with ChatGPT; study reveals remote work paranoia first appeared on IT World Canada.

He was driving to the airport and this problem kept bugging him.  There has to be a better way.

We have an artificial intelligence solution, he thought, but it only runs on a dedicated server. But why do I have to buy a device in the US, have it shipped it to my lab in Canada, provision it with our solution and then ship it back to my customer in the U.S. ?

Then it hit him.  Why can’t I provision this in the cloud, do that in less that an hour and my client will have immediate access?

I know what you’re thinking.  What is so interesting about this?  Isn’t the solution obvious – easy in fact?  And the answer to that is, yes. In 2023.  But what if I told you this was what was going through my guest’s mind in 2009. Almost 14 years ago.

At that time he was talking about something that few companies had done.  There wasn’t much of a road map in place and there were lot’s of problems to solve to make that vision work.

Laurent Simoneau was and is the CTO of Canada’s Artificial Intelligence company, Coveo. Along with co-founder Louis Tetu, he has been a driving force at Coveo and a cloud pioneer for almost two decades.

Through the years he’s continued to innovate and learn lessons in both the cloud, and in AI — answers to questions that many companies are still grappling with.

Some startups came to market in the cloud and then found that the costs of a consumption model meant that their rapid growth was sinking their business, especially in a freemium model – Laurent anticipated this, maximizing the efficiency of his solution to manage costs as they grew.

Having done this, his company has found real benefits,  having one software version for all customers, having virtually an infinite, but also an elastic resource.

And he hasn’t stopped. Today he’s still pioneering – looking for ways to continually optimize. And he’s on a quest for that elusive, exceptional customer interface…

We can learn a lot from his past experience and his future directions.  Not only about how to manage the cloud – but in how we might take new ideas like conversational AI and harness them to solve real problems for our companies and our customers.  So I was thrilled to have him come by our virtual studio for this week’s weekend interview.

Hey, if you are reading this, please take a minute to let us know what you think. We do this for you, the listener and we can only get better if you help us.

Have a great weekend!

The post Laurent Simoneau, CTO of Coveo – Talking about cloud and AI on Hashtag Trending, the Weekend Edition for February 25, 2023 first appeared on IT World Canada.

At this year’s edition of Technicity GTA, ITWC’s chief information officer Jim Love sat down with Becky Jamieson, director, corporate services/municipal clerk, Township of Scugog, and Kalyan Chakravarthy, chief information officer, Durham Region, to discuss a residents’ services digital transformation project where the two organizations of very different sizes found a way to work together in a way that, in the end, was certainly to the benefit of the residents as much as the organizations.

In 2022, the Township of Scugog, one of the eight lower-tier municipalities in the Region of Durham, partnered with the Region of Durham on its Customer Relationship Management (CRM) project. Scugog built its CRM, myscugogconnected.ca, within the Region of Durham’s CRM, which will be live to the public in late March 2023.

The project started when Durham Region was seeking to enhance its customer experience, explains Chakravarthy. What they ended up doing was taking an all-channels approach. One of these channels was telephone, so the system had to support 311 service for the region. They also chose to include a customer portal where residents can create service requests and then track their progress, as well as get information about the Region’s services.

But the most unique thing about the project is how two levels of government managed to work together on a common project that would respond to the specific needs of each organization, as well as those of their respective residents.

“We were in a position where we were looking to do our CRM,” says Jamieson, “and it happened to be that the Region of Durham was going down a very similar path at the same time.” Durham Region had already been providing support to the Township of Scugog at the time. “So we already had started to develop that partnership, and then this opportunity presented itself and we decided to give it a shot,” she continued.

The project was not without its challenges, and Durham knew there were going to be some. “But I think the biggest part of this partnership was about that trust and respect for each other,” said Chakravarthy. “That is what helped us to really go into this partnership and think about it and say: ‘Hey, let’s try to make this so that it is always thinking about our residents’. We were looking at it and saying ‘how can we make it easy for our residents?’”

For the Township of Scugog, there was a lot of stress to begin with. A lot of people told Jamieson she was crazy. “But when we weighed our pros and cons, it made the most sense for us”, she says. “We have limited resources here at the township, especially on an IT front, and we saw this as an opportunity. Hopefully in the future, others will look at what the region has done and allowed us to be a part of as something that they want to strive to do in the future.”

Reflecting on the challenges they encountered, Chakravarthy explained how integrating the township’s portal within the region’s came with its set of hurdles, starting with branding and differentiating one from the other. “These are all the kind of small technical challenges [that] we would not have thought about if you’re going alone,” he said. And these challenges were addressed through discussion and compromise.

In the end, the winners turned out to be the residents of Scugog Township and Durham Region. As Jamieson puts it, “Being able to provide something to our residents [where] they’re not going to have to know whether it’s Scugog or the region that’s responsible for it, and being able to track all those service requests in one place, is a huge win. And I think that’s really what sold us on this project – the ability that, from a resident standpoint, it’s going to be so simple and easy for them to understand and see all their various service requests in one place.”

Chakravarthy also gave some advice to other organizations contemplating such a partnership. First and foremost, this is about enhancing customer service for the residents. You need to see the partners are equal, despite their size difference. There will be roadblocks, but with many smart-minded people working together as one, the chances of success are there. “Although from a legal perspective, from a provincial perspective, we are two separate entities, at the end of the day we are serving the same residents, so we are here to help each other out,” he concluded.

The post Technicity GTA 2023: A partnership in customer relationship management first appeared on IT World Canada.

Welcome to Cyber Security Today. From Toronto, this is the Week in Review edition for the week ending Friday, February 24th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

In a few minutes Terry Cutler of Montreal’s Cyology Labs will be here to discuss recent news. But first a summary of some of what happened in the last seven days:

Twitter users will soon have to pay to get their two-factor authentication (2FA) codes by SMS. They’ll have to subscribe to the premium Twitter Blue service. Is this logical? Terry and I have opinions.

More malware has been discovered in the open-source NPM and PyPI code repositories. We’ll ask why repository operators can’t put a lid on this.

Game developer Activision acknowledged it was hacked in December after an employee fell for a text messaging scam. That will be part of our discussion.

In France five people were indicted for using a device normally only accessible to police. They used it to capture hundreds of thousands of mobile phone numbers for spam.

And Gartner predicts there may be upheaval in infosec departments. Stress is causing cybersecurity leaders to re-evaluate their careers, the company said, predicting that over the next two years nearly half of them will change jobs. Terry will have some thoughts on the pressure on leaders.

Researchers at ESET suspect North Korea’s Lazarus threat group is deploying a new backdoor. It’s part of malware discovered in 2021 capable of downloading Windows binaries. The new backdoor is one of the payloads. The backdoor module collects system information and provides ways of deleting or exfiltrating files.

Fruit and salad processor Dole had to temporarily shut its production plants in North America earlier this month because of a ransomware attack.

And a new information-stealing malware is being marketed to threat actors. According to researchers at the French firm Sekoia, the malware is called Stealc. It’s similar to other code that steals data from infected computers like Vidar, Raccoon, Mars and Redline. One way Stealc is spreading is through infected software and mobile apps pretending to be utilities.

(The following is an edited transcript of part of the discussion. To hear the full talk play the podcast)

Howard: Gartner published research this week about how worn out cyber security leaders are. By 2025, it predicts, half of the cybersecurity leaders will have changed their jobs, and of them 25 per cent will just leave the IT profession for different roles entirely due to multiple work-related stressors. These include low executive support for cybersecurity and making IT focus on compliance rather than risk management. What are you hearing from cybersecurity leaders that you talk to?

Terry Cutler: I’m not sure if you’ve ever seen this meme on the internet where day one of your cybersecurity job you looked like baby Yoda, and two years or three years later, you looked like 900-year-old Yoda. The burnout’s real. It’s very, very, very difficult this field, especially if you’re not passionate about it. You’re gonna burn out even quicker. How many times have you heard folks say, ‘Cybersecurity is paying really, really well.’ But if you’re a plumber, for example, and you want to switch over to cyber, it’s very, very difficult. So you have to be passionate about this field to get in. But there’s a lot of high pressure to manage consistent, evolving threats. Then you got limited resources and conflicting priorities.

For example, you’ll have issues in cybersecurity, but then other business leaders are not on the same page as you. They’re not going to prioritize your requests. And that’ll leave you with a sense of frustration and isolation because you’ll say, ‘This is a threat. It’s a zero-day [vulnerability]. We have to deploy these patches right away.’ I actually experienced this often in healthcare: There was a vulnerability out and we said let’s scan the [IT] environment. I’m still waiting four months later to get the approval to scan the environment for vulnerabilities. There’s so much red tape in some of these companies. it’s crazy. You have to wait for all the groups to be on the same page and give you permission. As an advisor and such you’re always faced with these delays. And if you’re not on the same page as the other folks, because they don’t understand the risk level, you’re just going to feel like you’re banging your head against the wall. And that’s why people just leave.

You know what? You wanna get hacked? Don’t blame me. Here, sign this paper. That’s what I think CISOs are going to have to do to cover their butts: ‘I’m advising you of this threat. You don’t want to do it, sign here.’

Howard: What will it take for CEOs to prevent cybersecurity leaders from leaving their company?

Terry: CEOs need to prioritize cybersecurity as a critical business function and provide the necessary resources and support to help cybersecurity leaders be successful. The biggest is provide adequate funding. How many times do we try to do audits that are really inexpensive, that could save the company hundreds of thousands, if not millions, of dollars? It probably would’ve just cost 10 grand to avoid headaches. The other thing is the CEOs need to build a cybersecurity culture. Even if the janitor has access to the network to check his email he can click on a ransomware link and infect the whole company. So everybody needs to be on the same page that cybersecurity is really important and understand if the firm gets hit with a cyber attack it could cost their jobs.

One of the bigger things is to bring the CISO to the [executive] table as a respected thought leader. It’s important that the CISO is able to articulate the risks. And provide career paths [for infosec leaders] … If you don’t do these things you’re not going to attract the top talent to your company.

The post Cyber Security Today, Week in Review for Friday, February 24, 20223 first appeared on IT World Canada.

Researchers at a Québec university are investigating two of the country’s biggest cybersecurity worries: The readiness of power utilities to face cyber attacks, and the security of wireless industrial internet-connected devices.

News of the projects came Thursday when Ottawa announced it has given the University of Sherbrooke the second half of just under $2 million for the studies.

Sébastien Roy, a professor in the Department of Electrical Engineering, and one of the co-principal investigators, told IT World Canada that the money was awarded over two years ago, when work started, but the announcement was delayed by the pandemic. Reports on both are due in 2024.

One project is assessing the resiliency of Hydro Sherbrooke, a medium-sized power distributor, in the context of Industry 4.0, particularly its ability to identify new threats. According to Roy, this project is almost done.

Industry 4.0 refers to the integration of new technologies (Internet of Things, cloud computing, artificial intelligence) into a company’s production centres and overall operations.

The second project is analyzing the security of the industrial Internet of Things devices with 5G connectivity and edge computing. It includes studying the devices’ applications to agriculture, water management, and building management.

Partners in this study include Bell Canada, VMware, Honeywell, and the cities of Sherbrooke and Magog, QC.

For both projects, lessons learned will be spread through the electric, telecommunications, and IT manufacturing industries, Roy said.

The funding from Public Safety Canada came under the National Cyber Security Strategy.
The projects are being overseen by a multi-faculty and multi-disciplinary team involving five university faculties, 11 researchers, and more than 50 students from 14 countries.

“This work will strengthen the resiliency of Canada’s critical infrastructure, or the assets and equipment that a third party needs to access to offer its own product or service in a market,” the university said in a news release.

“There is a lot of synergy between the two projects, although the objectives are distinct,” said Roy. The underlying theme in both is protecting critical infrastructures. In the first case it’s energy distribution, the second is more about communications infrastructures.”

5G is different from previous cellular technologies, Roy said, in that it is less centralized and puts more control at the edge of wireless networks. That causes security concerns, particularly access authentication. It doesn’t help that typically 5G IoT devices “have no security,” he added.

“At the end we will be able to recommend good practices and technological architectures for these areas to the government and our industrial partners for specific use cases. In the meantime, we’re training over 50 students at the master’s, PhD and post-doctorate levels, in addition to a lot of interns, who will then move on to use their expertise in industry.”

The post Researchers looking into cybersecurity of Canada’s power, IoT sectors first appeared on IT World Canada.