Why you are ‘data negligent’…and your part in the downfall of your company…

by | Dec 17, 2024 | Uncategorised

Yes sounds like a ‘spoof’ movie or comedy show but I have to tell you as Employees, Management, Shareholders and Investors, deemed core stakeholders you are complicit in the downfall of businesses.

Picture by The Independent — employee leaving Lehman Bros in 2008 — too big to fail

Shock horror. Big statement but this is not funny— so let’s examine the facts…

I think it is fair to say most people working in a company take for granted the information they consume that underpins their day to day role is accurate, trusted, and the specific information they use for making key decisions has been validated as a trusted source.

A safe assumption right. Well WRONG actually. You could be misleading customers, lying to suppliers and putting out false inaccurate information to the markets.

Ask this: “Is the data behind the information you’re acting upon not just accurate and reliable — is it what the originator wanted you to see?

Keep reading because it’s about to get a whole lot worse as GenerativeAI will compound the issue 1000X.

As an Investment Manager are you also part of the negligence?

The brutal question to ask you as an Investor, a Shareholder married to a business? Are you ignoring the fundamentals by assuming the data in the veins of the business is reliable, accurate and trustworthy!

Can you confirm the data flowing across the business on which they make decisions that implicate your capital — is theirs to have, to hold, to use? It is reliable and suitable.

As a Portfolio Manager can you hand on heart feel comfortable the businesses you look after can deliver a compliant, auditable view of their data landscape , be certain the data flowing through the corporate wires is trusted? They have the necessary permission!

Here is the rub.

Doing business is about making decisions!

Picture — The Human Capital Hub — jpc — What brings down corporations…

Data — what is it?

For the non technical I define ‘data’ as structured elements that sit within tables, spreadsheets, files and records — numbers, dates, times, words and unstructured data videos, images and voice, that flows freely across corporate technology systems, into applications, in and out of databases and used natively to drive accounting systems, legal, CRM, email and so on…

The broader issue, largely caused by the Internet, data is seen as having no intrinsic value and why it freely traded between people, parties and layers in an industry for profit and no doubt for nefarious uses. Data is taken for granted, often stolen, acquired without the originators permission, copied, changed, collected and recorded without permission by third parties.

Baseline: The Data is probably not yours, to hold, or use…

Time to STOP and think. Data has ownership, has an originator, a creator and in most corporate IT Systems is used without the permission of the data owners. This has apparently become the acceptable new norm which doesn’t make it right or correct, and remains a growing problem and why Web3 and decentralised Rights Management approaches are proving popular.

People, Users, Customers, Suppliers of Products, Writers, Designers, Inventors, Composers and Employees want to know how their personal data is being handled. Their ‘rights’ are being respected, despite what the website disclaimer about data use and capture says. All data originates from somewhere, call them the Creator, the Rights Holder.

The QUESTION you should be asking is this — what IS the provenance of the data?

Now the Million Dollar Question: Is the data in the original state the Creator, Rights Holder wanted you to see?

Picture source MDPI — data ownership — but do you have permission?

Let’s be clear here this is not about Data Quality something that many businesses hide behind and I would say Gartners position is not discussing the ‘data turd’. Professing strong Data Management, Quality and Govermance standards and compliance isn’t the issue. That is like managing the infection once inside the body!

This is about having ‘data’ inside your business, on your servers you don’t have permission to hold and is not in its original state, on which your management are about to make decisions?

Let’s be clear…data that cannot be proven as trusted used in any form of decision making is a negligent act!

Look at this another way — ‘data’ that passes from point to point across a network is NOT recognised as owned. It as an object that is transported in ‘packets’ (encrypted or otherwsie) by a service providers who runs the network, and the data payload is not tracked and traced. Yes a reliable source (owner) may have sent it, but in its journey to the recipient things may have changed? You have no way of knowing because the reference source and origins isn’t checked!

Keep reading because this is a myth — you can…

Businesses hide behind GDPR and other Data and Privacy Acts, making inaccurate and misleading nonsense corporate statements ‘the company adheres to strict GDPR and Data Privacy policy and rules’ … What ‘bunkum”. The data flowing through the veins of your corporate systems remains unchecked, is not validated, has no clear ownership (origins) and you have no ay of knowing if its been changed, thus provenance is unknown! The smell of corporate BS is getting worse.

Unless you have a means to check and validate, track and trace and demonstrate sovereignty its best to assume most data is not yours, is unreliable (has been changed since its creation — a staff member, accountant, sales person and lawyer); and at some point a claim will be made against your business or you as an employee — when a decision is made using false unreliable information.

Your ‘water’ is already contaminated

Okay let’s put it another way — you have plumbing in your house that you believe delivers safe drinking water — the only validation is nobody has become visibly ill but your body may have developed immunity!

As soon as you add a connection to another source, a pipe from outside that contains infected water its bad right. This is how cyber security sees the world. But what if the water inside your plumbing is already contaminated, because the water company supply isn’t validated either. Same for data — how do you know it hasn’t been manipulated? You don’t!

The big threat is Data Manipulation that are cyber breaches that don’t steal but change the data inside you business…

RED FLAGS inside your head…

Some big red flags should be manifesting in your head right now as we think about ‘source data’ when you read a report, look at numbers, consult with colleagues before making a decision. Ask yourself this — is was what you’re reading how the originator, the author, the creator wanted you to see OR has it been changed, subverted? Who last touched/handled it? Did anything change?

The numbers in excel, the market data in a presentation, the reference data in a report, a proposal and sales agreement?

Houston we have a problem, Houston we can see an even BIGGER problem approaching…

It is fair to assume that 99% of enterprises that use computers, networks, servers and run multiple applications have spent time and money defending the landscape from cyber attack — but have not checked the enemy within — the quality of the water passing into the plumbing.

Imagine you and I are a hackers and we wanted to bring down a company, tarnish its brand and kill its reputation… Well we could steal its customer list or IP for a new product OR we could change the data, manipulate it, plants false and misleading disinformation. We could chnage the payment status on customer orders waiting to be shipped to ‘not paid’ or cancelling them after payment — customer outrage, reputation — then what? But we could do far worse things…

Watch-doggy…

You’ve guessed it, what is needed is an internal ‘watch dog’ a police force that has the responsibility to automatically track and trace the ownership, movement and the changes as files are read and written as a ‘synchronisation layer’. Yes an infrastructure layer that stands alone from the politics of a corporate function, provides the validation, the audit and compliance reporting on the entire data provenance, trust and sovereignty.

Keep reading the best bits are coming…

Picture — You Tube — The famous Deep Fake — Tom Cruise although it sounds like him, walks like him when he was younger, its fake.

The 1000X problem is already here…

Time to grab hold of something solid and strap yourself in as it is about to get a whole lot worse for you, your investments, your employees and management.

Yes you guessed it the arrival of Generative AI (a link you to another article I wrote on GenAI that explains what it IS and ISN’T will help grasp the magnitude of the issue).

Look, the many AI tools and bots out there seem do amazing things, can save time, make staff more productive, speed up projects, make analysis faster, even write reports and presentations for you. The age of AI is here… And that is a huge problem!

These AI tools have already entered the small and medium business world offering a competitive advantage, and now creeping into the larger enterprises, even the ones whos Compliance Department don’t allow it. Without realising , AI already has a foothold amongst your employees , working late, from home to make themslevs look better, do a good job, outperform others…

Harvard business review talks about a ‘persistent trust gap’ citing GenerativeAI as a source of issues. Here is a selection relevant to the data issue from the rather excellent report.

Disinformation: GenAI has already been weaponised to create deep fakes, modify original content (the data is changed from the origination) something Meta, TikTok do all the time. Used to ‘short’ stocks spreading misleading information and used to influence Election outcomes…you know the rest.

Security: the AI tools themselves are hacked, called ‘jail-broken’ and then used to accelerate the cyber attacks or to cover tracks. Used to manipulate employee/users to share data — as GenAI copies corporate emails, reports and impersonates people.

Ethical concerns: maths and algorithms don’t sit well with ethics as software code cannot distinguish between what is ethically or any other form of right or wrong, good or bad. GenAI doesn’t hate us, it just doesn’t care.

Bias: Training the Large Language models in huge data sets always produce bias, how the alogo’s are expressed and again the reference data used. GenAI will thus always discriminate, lacks fairness, yes this impacts your employees and customers.

Hallucination: a real issues with Large Language Models is the action of the Transformer the ‘T’ in GPT. Transformers have learned human emotions, gestures even from the billions of data sources of written spoken and communications can produce lets be blunt ‘lies’. Yes GenAI will fill in the blanks and make things up. But worst of all — users and employees being spied upon (worse than social media and smart phones) will continue to make everyone nervous as to the AI’s real intentions hidden in the code base. Also called the Unknown Unknowns.

Picture — portal26.ai

The Blackbox Problem

The big one is the ‘The Blackbox Problem’ where the source material isn’t published even though AI mentions the OpenAI is open source, the secret recipe isn’t. So more data will flow into the enterprise and corporate IT systems and networks that isn’t validated, checked and provenance remains unknown. Remember access is not the same as permssion.

By using GenAI where employees and management know the risks and the Black Box issues, and continue regardless, can be construed as spreading corporate misinformation and untruths — will fill HRs diary for years to come. Seen as acting against the interests of the Company and its Shareholders!

The Answer, the Solution…

Yes there is one.

This is serous stuff and demands urgent attention.

Born from the need to ensure data provenance in a military setting , the bright people at Byzgen have come up with something that will save the day, your company and your investment. The data on which soldiers lives are at stake, alongside expensive assets, on missions whose outcomes have significant geopolitical implications and risks…MUST be validated. Imagine co-ordinates have been intercepted and changed, visual confirmations faked, numbers of assets in theatre changed?

The corporate world is too lax, trusting and this is exactly what the next wave of corporate sabotage, espionage and hackers are looking for with the average time of 235 days before an intrusion is detected. Good luck.

The solution is actually easy, fast to deploy, inexpensive, adds a synchronisation layer to your tech infrastructure that does the heavy lifting across the enterprise, to deliver the necessarily track and trace of the data flowing across the organisation, the provenance, sovereignty delivering TRUST. Plus the evidenced reporting to defend your corporate rights and activities as your use of the data will be challenged.

Already available on Microsoft Sentinel Security Marketplace, and trusted by the big IT Services brands ATOS, IBM and others as a core part of their Digital Transformation Services, the Byzgen’s FALKOR solution enables you to sleep at night knowing that ‘when’ challenged, and you will be, you will be able to present a fully compliant report that shows your house is in order.

Final word.

The corporate world that runs enterprise wide applications remains largely unaware or is not responding to the issue, either way this can be considered negligent.

If you claim you don’t know, the question is why don’t you not know? Of have you got used to consuming others peoples data on the Internet, and from other people with not care about from whom it came.

The culture of entitlement, to consume, use and distribute any data we come across, because we have access is not an adequate defence.

Or maybe you assume someone else is dealing with it. In your mind a basement function whose sole tasks to ‘fact check’ the data and find out where it came from and the permissions are in place to use it!

Your IT Department isn’t communicating the real issues having spend a fortune on data tools and cyber security solutions that paper over the cracks, also compound the data issue. The Compliance function don’t understand the issue, hide behind GDPR and blame others; while Marketing grab any and all data from the Internet in pursuit of an competitive edge, to reach more customers — the problem compounds.

The ONLY saving grace is the Digital Rights lawyers taking time to load bullets in their prosecution guns, whilst the Regulators as usual try to understand what they’ve missed…

About the Author.

Nick is a polymath, a technologist over 45 years, works at the forefront of Deep and Frontier Tech. He advises Founders and works with Family Offices. A known speaker and commentator on tech with several exist behind him and 25 years running globl IT services businesses.