Deepfakes use a carefully cultivated understanding of the face’s features and landmarks to map one person’s expressions and movements onto a completely different face. The Facebook team used the same features and landmarks, but instead uses them to tweak the face just enough that it’s no longer recognizable to facial recognition engines. This could allow someone who, for whatever reason, wants to appear on video but not be recognized publicly to do so without something as clunky as a mask or completely fabricated face. Instead, they’d look a bit like themselves, but with slightly wider-set eyes, a thinner mouth, higher forehead and so on. The system they created appears to work well, but would of course require some optimization before it can be deployed as a product. But one can imagine how useful such a thing might be, either for those at risk of retribution from political oppressors or more garden variety privacy preferences. In virtual spaces it can be difficult to recognize someone at all — partly because of the lack of nonverbal cues we perceive constantly in real life.
Part of the problem is how people get into cybersecurity. Only 42% of the security professionals in the survey started out working in the field. There are few university degrees in cybersecurity, and there isn't an A-level or GCSE in security. There are plenty of certifications (not least the CISSP program (ISC)2 runs) and almost half of the organizations in the survey are increasing their training budget for security - but cross-training existing staff isn't going to fill the whole gap. And to get people interested in gaining a certification, they have to know that it's a viable career in the first place. "When you choose what you're going to do in your life, you probably make your choice when you choose your university and your course, and even the first year of university may be too late [to reach people]," says (ISC)2 board member Biljana Cerin. "I think we need to give high school students a bit more information about the field and the different aspects of it." There are plenty of bootcamps and campaigns to encourage children (and adults who want to switch into a technology job) to go into coding; there are far fewer teaching IT administration or security.
"The middle market is low hanging fruit for attackers," said Brad LaPorte, senior director analyst of end security and threat intelligence at Gartner. "They often do not have the budget, skillset, or ability to implement proper security best practices." Nearly half of organizations (47%) said they believe risk in their industry will increase in the next year, and almost the same number (48%) said they believe risk for their company will also grow, the report found. Cybersecurity remains the most challenged risk to manage for companies. In Q2, 47% of organizations rated cybersecurity as their top concern, and the trend followed in Q3, with cybersecurity taking the top spot at 46%, according to the report. "Midmarket enterprises have the same security concerns as larger enterprises," said Paul Furtado, senior director analyst at Gartner. ... However, stakeholders for middle market organizations are recognizing these issues and investing in proper security tools; and those that haven't, should, he said. Beneficial investments include cybersecurity awareness training, insider threat mitigation, cloud security, improved authentication, and managed security providers (MSSP) or managed detection response (MDR), Furtado said.
New research paper from Kingson Man and Antonio Damasio at Brain and Creativity Institute, University of Southern California, Los Angeles, looks into robots with feeling. Feelings are a mental expression of the state of life in the body and play a critical role in regulating behavior. “Our goal here is to inquire about conditions,” said the authors, “that would potentially allow machines to care about what they do or think.” Jan Cortes in Medical Daily: “The gist is simple: Simply build a robot that would have the ability to be aware of its existence, and the perils of it… a modern A.I. brain could easily develop feelings and behavior that will help guide it to self-preservation and survival.” “Even if they would never achieve full-blown inner experience in the human sense,” said the authors about the robots, “their properly motivated behaviour would result in expanded intelligence and better-behaved autonomy.”
Futurists and experts predict that if self-driving cars become widely adopted by the public, the vehicle itself will transform into something of an entertainment or leisure zone. Parents could watch animated films with their children on long drives. Executives could conduct presentations and hold conference calls en route to their destination. And if passengers traveling from out-of-town forgot to pack their razor or toothpaste, some casual online shopping from the vehicle's network will ensure that new grooming and hygiene products await them when arrive at their hotel. For every instance of digital convenience a self-driving car may provide, there is an equal or greater cybersecurity risk associated with it. Hackers could manipulate a vehicle's AV system and disable screens or potentially stream malicious content. There may be an anonymous, unidentified viewer or eavesdropper on the executive's call taking note of confidential information, while also gaining access to other participants' computer systems and networks outside of the car.
"It is not enough if just industrial automation companies get together and discuss this because we are not necessarily the 5G experts," said Bosch's Andreas Mueller, who serves as chairman of 5G-ACIA, in explaining the purpose of the association. "It's hard to say what the infrastructure will be capable of. It's hard to say what the network operators will do. So that's why... we have to reach out to all these other stakeholders as well." The group counts almost 60 members spanning manufacturers, network operators, radio equipment vendors, chipmakers, module makers and test equipment vendors. "We are very much interested in attracting more companies," said Mueller. "We want to attract end users." End users of 5G industrial automation solutions are the big prize for the companies that are investing in and testing these new technologies. But so far, none of them have launched live production lines using 5G. Even at Bosch's own factories, the 5G trials run parallel to the live production lines, but are not responsible for actual manufactured deliverables. In the future, Mueller hopes to see Bosch and many other companies using 5G to connect mobile control panels that can instantaneously start and stop factory machines.
Intel has put in a fair amount of effort in an attempt to fully bake cybersecurity into its technology strategy. The acquisition, integration, and eventual spinoff of McAfee played a central role in recent years and demonstrated that the road is not necessarily easy. Intel is still focused on improving cybersecurity, though, and has made a decision to disregard business as usual and try a different approach. Now, they’re focused on cybersecurity and will continue to invest in the industry. ... Kurkure explained to me that the Intel Capital investment philosophy around cybersecurity is to partner with innovative companies that can integrate and work with Intel to create a more holistic approach to cybersecurity. As opposed to the acquisition path Intel pursued with McAfee, the new strategy is to invest in companies that provide some synergy and that can collaborate with Intel—and with each other—in a way where the sum is hopefully greater than its parts. With Duality in particular, Kurkure stressed the importance of the privacy space right now.
According to hundreds of reports, users said that Chrome tabs were going blank, all of a sudden, in what's called a "White Screen of Death" (WSOD) error. The issue was no joke. System administrators at many companies reported that hundreds and thousands of employees couldn't use Chrome to access the internet, as the active browser tab kept going blank while working. In tightly controlled enterprise environments, many employees didn't have the option to change browsers and were left unable to do their jobs. Similarly, system administrators couldn't just replace Chrome with another browser right away. "This has had a huge impact for all our Call Center agents and not being able to chat with our members," someone with a Costco email address said in a bug report. "We spent the last day and a half trying to figure this out." "Our organization with multiple large retail brands had 1000 call center agents and many IT people affected for 2 days. This had a very large financial impact," said another user.
What differentiates high-performers from less-productive teams? It all starts with a dedicated approach to upskilling team members, Groll said, which can include online resources and other techniques. "Companies that have really adopted a digital approach, an immersive learning approach, are much more successful." There are several ways for organizations to establish community structures to promote learning, both to identify common internal struggles and be more resilient to personnel or product changes. According to Accelerate, more than half of elite performers use communities of practice -- small groups of voluntary practitioners -- which was a common thread among attendees at the conference, as well. The report also named bottom-up DevOps initiatives and proofs of concept as common elements among elite performers -- those who nailed DevOps.
Every security vendor promises the moon in their marketing materials. As a small organization, we need to be confident that any tool we buy will do what we need it to do in our environment. The only way to do that is to kick the tires. PowerPoint presentations and demos are a helpful starting point. But just like buying a new car, you need to take technology for a test drive. Otherwise, you risk wasting time and money, not to mention your own reputation. A POC won't answer every possible question about a piece of technology or a service provider. But a provider's willingness to engage with you - and the way they engage with you - will help you learn a great deal about what your relationship will be like once the ink on the contract is dry. One of the most surprising things I found as we evaluated managed detection and response providers was how few of them would even agree to do a POC. When vendors refused, I could only conclude that our business wasn't a good fit for them or they couldn't back up their marketing claims. Ultimately, we selected Expel.
Quote for the day:
"Your greatest area of leadership often comes out of your greatest area of pain and weakness." -- Wayde Goodall