AI regulation in peril: Navigating uncertain times
Existing laws are often vague in many fields, including those related to the environment and technology, leaving interpretation and regulation to the agencies. This vagueness in legislation is often intentional, for both political and practical reasons. Now, however, any regulatory decision by a federal agency based on those laws can be more easily challenged in court, and federal judges have more power to decide what a law means. This shift could have significant consequences for AI regulation. Proponents argue that it ensures a more consistent interpretation of laws, free from potential agency overreach. However, the danger of this ruling is that in a fast-moving field like AI, agencies often have more expertise than the courts. ... The judicial branch has no such existing expertise. Nevertheless, the majority opinion said that “…agencies have no special competence in resolving statutory ambiguities. Courts do.” ... Going forward, then, when passing a new law affecting the development or use of AI, if Congress wished for federal agencies to lead on regulation, they would need to state this explicitly within the legislation. Otherwise, that authority would reside with the federal courts.
Fostering Digital Trust in India's Digital Transformation journey
In this era where digital interactions dominate, trust is the anchor for building resilient organizations and stronger relationships with stakeholders and customers. As per ISACA’s State of Digital Trust 2023 research, 90 percent of respondents in India say digital trust is important and 89 percent believe its importance will increase in the next five years. Nowhere is this truer than in India, the world’s largest digitally connected democracy and a burgeoning hub of digital innovation and transformation. ... A key hurdle in building and maintaining digital trust in most countries is the absence of a standardized conceptual framework for measurement and access to reliable internet infrastructure and digital literacy. In India’s case, with a rapidly expanding digital footprint comes an equally high threat of issues such as lack of funding, unavailability of technological resources, shortage of skilled workforce, lack of alignment between digital trust and enterprise goals, inadequate governance mechanisms, the spread of misinformation through social media, etc. leading to financial fraud and data theft.
Tech debt: the hidden cost of innovation
While tech debt may seem like an unavoidable cost for any business heavily
investing in innovation, delving deeper into its causes can reveal issues that
may derail operations entirely. Many organisations struggle to find a solution,
as the time required for risk analysis can seem unfeasible. Yet, by recognising
early signs, businesses can leverage the right tools and find the right partners
to facilitate a low-risk and controlled modernisation of legacy systems. Any IT
modernisation program requires a strategic, evidence-based approach, starting
with a rigorous fact-finding process to identify opportunities and
inefficiencies within legacy systems. ... Making a case for modernisation
requires articulating the expected benefits, costs and challenges beforehand.
This begins with a comprehensive analysis that identifies existing system
functionality and data against business and technical requirements, highlighting
any gaps or challenges. ... In extreme situations, it may be necessary to
replace an entire system. This is always the last resort due to the large
investment needed and the disruption it can cause.
Fake Websites, Phishing Surface in Wake CrowdStrike Outage
These fake sites often promise quick fixes or falsely offer cryptocurrency
rewards to lure visitors into accessing malicious content. George Kurtz,
CEO of CrowdStrike, emphasized the importance of using official communication
channels, urging customers to be wary of imposters. "Our team is fully mobilized
to secure and stabilize our customers' systems," Kurtz said, noting the
significant increase in phishing emails and phone calls impersonating
CrowdStrike support staff. Imposters have also posed as independent researchers
selling fake recovery solutions, further complicating efforts to resolve the
outage. Rachel Tobac, founder of SocialProof Security, warned about social
engineering threats in a series of tweets on X, formerly Twitter. "Criminals are
exploiting the outage as cover to trick victims into handing over passwords and
other sensitive codes," Tobac warned. She advised users to verify the identity
of anyone requesting sensitive information. The surge in cybercriminal activity
in the wake of the outage follows a common tactic used by cybercriminals to
exploit chaotic situations.
Under-Resourced Maintainers Pose Risk to Africa's Open Source Push
To shore up security and avoid the dangers of under-resourced projects,
companies have a few options, all starting with determining which OSS their
developers and operations rely on. To that end, software bills of materials
(SBOMs) and software composition analysis (SCA) software can help enumerate
what's in the environment, and potentially help trim down the number of packages
that companies need to check, verify, and manage, says Chris Hughes, chief
security adviser for software supply chain security firm Endor Labs. "There's
simply so much software, so many projects, so many libraries, that the idea of
... monitoring them all actively is just — it's very hard," he says. Finally,
educating developers and package managers on how to produce and manage code
securely is another area that can produce significant gains. The OpenSSF, for
example, has created a free course LFD 121 as part of that effort. "We'll be
building a course on security architectures, which will also be released later
this year," OpenSSF's Arasaratnam says. "As well as a course on security for not
just engineers, but engineering managers, as we believe that's a critical part
of the equation."
Cross-industry standards for data provenance in AI
Knowing the source and history of datasets can help organizations better
assess their reliability and suitability for training or fine-tuning AI
models. This is crucial because the quality of training data directly affects
the performance and accuracy of AI models. Understanding the characteristics
and limitations of the training data also allows for a better assessment of
model performance and potential failure modes. ... As AI regulations such as
the EU AI Act evolve, data provenance becomes increasingly important for
demonstrating compliance. It allows organizations to show that they use data
appropriately and align with relevant laws and regulations. ... Organizations
should start by reviewing the standards documentation, including the Executive
Overview, use case scenarios, and technical specifications (available in
GitHub). Launching a proof of concept (PoC) with a data provider is
recommended to build internal confidence. Organizations lacking resources or
deploying a PoC “light” may opt to use our metadata generator tool to create
and access standardized metadata files
Why an Agile Culture Is Critical for Enterprise Innovation
In the end, embracing agility isn’t just about staying afloat in the turbulent
waters of AI innovation; it’s about turning those waves into opportunities for
growth and transformation. Because in this ever-evolving landscape, the
businesses that thrive will be the ones that are flexible, responsive, and
always ready to adapt to whatever comes next. Which brings me to my next point
– you need to start loving failure. This requires a whole reframe because in
the world of AI, getting things wrong can actually be the fastest way to get
things right. Most companies are so scared of getting it wrong that they never
try anything new and are frozen like a deer in headlights. In AI, that’s a
death sentence. ... Be prepared for resistance. Change is scary, and you’ll
always have a few “blockers” who are negative in their approach. These are the
people you need to win over the most. In the meantime, you just need to
weather the storm. Lastly, remember that becoming agile is a journey, not a
destination. It’s about creating a mindset of continuous improvement. Always
in beta? That’s absolutely fine and in the fast-paced world of AI, that’s
exactly where you want to be.
The Rise of Cybersecurity Data Lakes: Shielding the Future of Data
Beyond real-time threat detection and analysis, cybersecurity data lakes offer
organizations a powerful platform for vulnerability prediction and risk
assessment. By examining past incidents, organizations can uncover trends and
commonalities in security breaches, weak points in their defenses, and
recurring threats. Cybersecurity data lakes store vast amounts of data
spanning extended periods, which is a rich source of information for
identifying recurring vulnerabilities or attack vectors. With techniques such
as time-series analysis and pattern recognition, organizations can uncover
historical vulnerability patterns through rigorous testing and use this
knowledge to anticipate and mitigate future risks. In fact, this is one of the
reasons why the global pentesting market is expected to rise to a value of $5
billion by 2031, with more innovative approaches like blackbox pentesting to
exploit hidden attack vectors and using AI for vulnerability assessment (VAS)
to improve efficiency. When combined with other vulnerability assessment
methods like threat modeling and red team exercises, predictive modeling can
also help organizations identify potential attack paths and attack surface
areas and proactively implement defensive measures.
Internships can be a gold mine for cybersecurity hiring
Though an internship can pay off for an employer in the form of a fresh crop
of talent to hire, it requires the company to invest time, planning,
oversight, and resources. Designating one or more people to manage the process
internally can make things easier for the organization. “Sit down with the
supervisory personnel so they understand what that position is being
advertised for, what the expected outcomes are and how to manage that intern,
the program needs, and how they have to report [on that intern],” ... If
possible, Smith recommends mentoring an intern, not simply ticking off a
bureaucratic checklist of their tasks: “I do fervently believe you essentially
need a sponsor, someone who’s going to take the intern under his or her wing
and nurture that relationship, nurture that person.” Chiasson warns employers
to manage their own expectations as carefully as they manage the interns
themselves. Rather than expecting a unicorn to show up — an intern with one or
more degrees, several technical certifications and other prior workplace
experience — she urges companies to “take them on and then train them based on
what you require.”
Desirable Data: How To Fall Back In Love With Data Quality
With so much data being pumped out at breakneck rates, it can seem like an
insurmountable challenge to ensure data accuracy, completeness, and
consistency. And despite technological, governance and team efforts, poor data
can still endure. As such, maintaining data quality can feel like a perennial
challenge. But quality data is fundamental to a company’s digital success. In
order to create a business case for embracing data quality, you have to,
firstly, demonstrate the far-reaching consequences of poor data quality on
organisational performance. If you can present the problem from a business
standpoint — backed by evidence and real-world scenarios of data quality
issues leading to incurred costs, reputational risk, and uncapitalised
opportunities — you can implement proactive measures and trigger a desire by
top-level management to adapt processes. To bring your case to life, you then
have to find ways of quantifying the business impact of data quality issues.
This could take the form of illustrating the effect of bad data on a marketing
campaign, showing the difference with and without data quality in relation to
usable records, sales leads, and how this impacts your revenue.
Quote for the day:
"Defeat is not bitter unless you
swallow it." -- Joe Clark
No comments:
Post a Comment