Intercast August 2025 – The Data Team Gap

Welcome to the August 2025 edition of Intercast’s monthly newsletter for cybersecurity professionals. As always, we’ll bring you the latest news and views to bring you up to speed.

In This Issue:

  • Client Insight: The Data Team Gap
  • We’re Not Loving It
  • Symmetry Key To Improved Machine Learning
  • US Leads Europe In Government Cybersecurity
  • Feature Collapse Explained
  • Simple Password Leads To Company Collapse
  • Best of The Rest

Client Insight: The Data Team Gap

Each month we ask our clients what’s on their mind to help us get a broader perspective on the industry. This month we’ve been getting a lot of feedback on an article by Joel Shapiro of Northwestern University on the relationship between business and data teams.

He’s identified an unfortunate irony in that relationship. For years we’ve told business leaders not to get distracted by data but instead to start by identifying questions and problems, then search the data for answers and solutions.

The problem is that producing data is now a widely recognised task in itself and the people who do it don’t always see the importance of explaining the results in terms that relate to real business problems. Shapiro says it comes down to five dreaded words: “Our model speaks for itself.”

It’s definitely a talking point and bridging that gap is a question many of us need to answer.

We’re Not Loving It

However sophisticated technology seems, simple human error remains one of the key weaknesses. That’s certainly the case for a McDonald’s AI-powered hiring tool with an embarrassing flaw that could have exposed personal data for 64 million applicants.

The McHire platform included a “recruiter bot” called Olivia that collected chat data which was clearly sensitive. Unfortunately, security researchers were able to access the data thanks to an insecure Direct Object Reference and a failure to change the default admin login of 123456 for both user name and password.

The researchers say they not only found chat transcripts but also contact details and even the outcomes of personality tests. They also accessed tokens that would have let them pose as candidates on the platform.

Paradox, which operates the platform, says it quickly fixed the vulnerability and says there’s no evidence that anyone other than the researchers accessed the data without permission.

Symmetry Key To Improved Machine Learning

Machine learning is all about patterns, but MIT researchers have explored how symmetry is both a major limitation and a potential breakthrough area for models.

They started with the specific example of a molecular structure that is rotated. A human can quickly spot that it’s the same structure and is functionally identical, while machine learning models will often default to treating it as a new structure. The same principle applies to numerous forms of data analysis, particularly image recognition, leading to wasted and even redundant analysis.

The researchers have developed an algorithm that uses known approaches from both algebra and geometry. Combining the two turned out to be the best way to simplify algorithms enough that models can learn to recognize symmetry without having to be fed with every possible variation of the same data point such as rotations of an image.

US Leads Europe In Government Cybersecurity

Studies of government organizations in the US and UK found a significant difference in cybersecurity protection. Not only was the US average protection level higher, but US organizations were the only ones to receive the highest rating.

The study, from Cybernews, looked at 500 US government organizations and 75 European Union organizations. It scanned public-facing systems to assess seven security areas: software patching; web application security; email security; system reputation (whether IP addresses and domains are associated with malicious activity); TLS/SSL configuration; system hosting; and data breach history.

The average score was 75% in the US and 71% in the EU, both classed as “high risk”, but it’s a case where the averages don’t tell the whole story. While 54% of US sites fell into the worst risk category (high or critical), 67% of EU sites were in this range. Meanwhile, not a single EU site was in the medium or low risk category, compared with 32% of US sites.

Feature Collapse Explained

Towards Data Science has a great piece on why machine learning often slows to a halt after initial booms in performance. It’s a problem known as feature collapse and is arguably an inherent characteristic rather than an error.

In the simplest terms, models starting a task will inherently pay the most attention to the factors which prove the most predictive. At this point, the approach makes perfect sense: it means the initial results and first few generations of improvements are as productive as possible.

The problem is that when the model gets new input data, it can’t necessarily get the best insights from it. The new data may be more influenced by factors the model initially dismissed as not predictive. Even worse, monitoring systems designed to make sure the model is still working as planned may not spot the problem. That’s because they are based more on “Is the model working?” than “Is the model working as well as it could?”

There’s no perfect solution, but some surprisingly creative approaches can reduce the risks. This includes forcing the model to work on multiple tasks at once when it starts a project, and even deliberately masking some of the input. At the risk of anthropomorphizing, this can force the model to keep an open mind rather than try to figure out the perfect approach too early.

Best of the Rest

Here’s our round up of what else you need to know:

Back to Blog