Data breach notifications are meant to tell you what happened, when and what impact it may have on you. You’ve probably already seen a few this year. That’s because most U.S. states have laws that compel companies to publicly disclose security incidents, like a data breach, as soon as possible. Europe’s rules are stricter, and fines can be a common occurrence if breaches aren’t disclosed. But data breach notifications have become an all-too-regular exercise in crisis communications. These notices increasingly try to deflect blame, obfuscate important details and omit important facts. After all, it’s in a company’s best interest to keep the stock markets happy, investors satisfied and regulators off their backs. Why would it want to say anything to the contrary? ... Hackers aren’t always caught in the act. In a lot of cases, most hackers are long gone by the time a company learns of a breach. When a company says it took immediate steps, don’t assume it’s from the moment of the breach. Equifax said it “acted immediately” to stop its intrusion, which saw hackers steal nearly 150 million consumers’ credit records. But hackers had already been in its system for two months before Equifax found the suspicious activity. What really matters is when did the security incident start; when did the company learn of the security incident; and when did the company inform regulators of the breach?
While reinforcement learning is a powerful technique, it often must be constrained in real-world, unstructured environments so that it doesn’t perform tasks unacceptably poorly. (A robot vacuum shouldn’t break a vase or harm a house cat, for instance.) Reinforcement learning-trained robots in particular have affordances with ethical implications insofar as they might be able to harm or to help others. Realizing this, the Uber team considered the possibility that there’s no single ethical theory (e.g., utilitarianism, deontology, and virtue ethics) an agent should follow, and that agents should instead act with uncertainty as to which theory is appropriate for a given context. The researchers suggest ethical theories can be treated according to the principle of Proportional Say, under which the theories have influence proportional only to their credence and not to the particular details of their choice-worthiness in the final decision. They devise several systems based on this that an agent might use to select theories, which they compare across four related grid-world environments designed to tease out the differences between the various systems.
It’s a multifaceted issue that should be understood from both angles. Misaligned business priorities and processes can create an array of problems, from a lack of innovation for fear of increased risk to unforeseen vulnerabilities falling through the cracks during the development process. And when developers aren’t empowered to improve their skills with educational tools like Security Labs, there’s less of a chance that they’ll feel prepared or appreciated when security comes knocking. To begin addressing these concerns, changes must come from the top-down, trickling through each team to impact their goals and methods for an overall healthier AppSec program. When they have direction, developers and security leaders can find a common ground by building a working relationship that benefits both teams (and ultimately, the entire organization). Three key steps to fixing the misalignment between security and development include: Shifting to a security-focused mindset across the business; Implementing a security champions program to encourage developer participation; and Making it easier for the development team to write secure code.
To prepare for working from home, the company’s safety team wrote new guidelines for engineers taking Spot back with them, though they mainly involve keeping the public a safe distance from the robots. Seifert recalls one incident when someone who didn’t know Spot came up and gave it a bear hug. “People unfamiliar with robots want to treat Spot like a dog, and calmly approaching a dog before bending over for pets and hugs is a reasonable thing to do,” he says. “Thankfully no one got hurt, but Spot has some really powerful motors and a lot of pinch points.” Now, engineers know to warn anyone who approaches the robots to keep a safe distance. ... Seifert says he gets a few more stares than this. “More than once I’ve witnessed a car drive by, only to see it a few seconds later reverse back into view and then stop for a few minutes while the driver records a video on their cell phone,” he says. But his parents live in a friendly neighborhood, so most neighbors have just gotten used to the sight of him and Spot, out for a walk. Like Seifert, Barry’s workflow involves writing code, loading it into Spot, testing out the robot, and then analyzing the results. But instead of having Spot navigate homemade mazes, he’s been flexing its robotic arm, scattering whatever random items he can find around the house to act as a picking challenge.
Organizations need a new cloud-enabled supply chain to back up the ambition at the digital edge. Moving to cloud-native application development and leveraging API-driven microservice architectures can increase agility and time to value. Once again, there are two distinct journeys, which also have the potential to be interlocked to create compound benefit for the organization. The first journey is to renovate legacy platform architectures and convert the IT supply chain into a more agile and scalable services engine. This is powered by a shift to software-defined and cloud-based service delivery models, which is required to address the siloed nature of legacy back-end architectures. As organizations move to explore the scale of the digital edge, it is possible that the transactional systems that support core functionality―such as ordering, payment, supply chain, ERP, HR, and finance―will struggle to cope with the unpredictable demand. From online shopping to unresponsive e-learning platforms, many of the back-end systems and services that underpin these experiences were not designed to scale on unexpected demand.
“Working in collaboration with businesses across engineering and technology industries, we create exciting projects about these sectors and turn them into free bootcamps for schools. We then map out these projects to national curriculum standards, deliver them through our e-learning platform, and train teachers to sustainably embed them into their subjects.” “Our focus is on creating more exciting projects, personalising the experience for learners, and opening up the platform for other people and organisations to deliver workshops and bootcamps,” he adds. By design, the Dicey Tech model relies on collaborating with universities and other companies to deliver modern learning experiences. The business has a particularly good relationship with Manchester City Council and Manchester Science Partnerships, through which it is helping students from disadvantaged backgrounds experience new ways of learning and teaching, and access equipment and further resources. During the pandemic, Dicey Tech has been putting its 3D printing capabilities to use by making visors for frontline NHS staff. Also conscious of the need to keep children engaged in education at home, the company created a free learning challenge.
Steve Blow, UK systems engineering manager at Zerto, points out that: “Google reported that it had blocked more than 18 million COVID-19 related phishing emails every day during the first week of April. It is not surprising that cybercriminals are taking advantage by executing ransomware attacks amidst this pandemic, as many organisations, especially those in healthcare or public sector, face enormous pressures to keep systems up and running.” Blow goes on to explain that: “Cybercriminals often exploit vulnerabilities in employee emails, so it is crucial to have the right cyber-defences in place to avoid a disaster where critical data could be at risk – especially when it comes to government or healthcare organisations. Having appropriate role based access control and an extensive tiered security model will help minimise risk. But, the attack itself is only half of the problem because, without sufficient recovery tools, the resulting outage will cause loss of data and money, as well as reputational harm. “Over the coming months it is important that we see more organisations utilising tools that allow them to roll back and recover all of their systems to a point in time just before an attack.
The researchers found the spiking neural network became increasingly unstable after extended periods of unsupervised dictionary learning. After that fact, the team used spiking neural network computer simulations to better understand exactly what led to this instability. The researchers discovered that the neurons within the system began to fire regardless of the input signals they received after extended training. In an attempt to stabilize the networks, the team implemented various types of noise, with Gaussian noise having the best results. The research team postulates that this is because Gaussian noise may mimic the inputs biological neurons receive throughout slow-wave sleep. "Why is slow-wave sleep so indispensable?" said senior author of the study Garrett Kenyon. "Our results make the surprising prediction that slow-wave sleep may be essential for any spiking neural network, or indeed any organism with a nervous system, to be able to learn from its environment." Although further research is necessary, artificial "sleep" may be imperative to maintaining stability in spiking neural networks. Next, the researchers plan to use this algorithm on Intel's Loihi neuromorphic chip.
DeepMind, the Alphabet-backed machine learning lab that’s tackled chess, Go, Starcraft 2, Montezuma’s Revenge, and beyond, believes the board game Diplomacy could motivate a promising new direction in reinforcement learning research. In a paper published on the preprint server Arxiv.org, the firm’s researchers describe an AI system that achieves high scores in Diplomacy while yielding “consistent improvements.” AI systems have achieved strong competitive play in complex, large-scale games like Hex, shogi, and poker, but the bulk of these are two-player zero-sum games where a player can win only by causing another player to lose. That doesn’t reflect the real world, necessarily; tasks like route planning around congestion, contract negotiations, and interacting with customers all involve compromise and consideration of how preferences of group members coincide and conflict. Even when AI software agents are self-interested, they might gain by coordinating and cooperating, so interacting among diverse groups requires complex reasoning about others’ goals and motivations.
"A sense of humor is part of the art of leadership, of getting along with people, of getting things done." -- Dwight D. Eisenhower
The sudden demand for remote working as a result of social distancing to reduce the spread of COVID-19 was something that many businesses had not prepared for and left lots of us rushing to find a solution. However, in the hurry to implement a solution, businesses may have failed to carefully consider the potential for cyber threats and as a result, nearly three-quarters of UK businesses now think that home working is putting their organisations at risk. Whatsmore, many organisations have overridden their security rules to ensure workers are quickly set up to work from home. Private end devices such as laptops, tablets and smartphones which are not protected by the corporate network and uniform security standards are being used now more than ever. Not to mention, there are no IT professionals on-site to monitor traffic and watch for suspicious activity. There are a number of solutions that businesses can employ to ensure that their workforce continues to work as normal with all their applications seamlessly integrated, and the security of these solutions must be the number one priority.
Quote for the day: