How to decode a data breach notice
Data breach notifications are meant to tell you what happened, when and what
impact it may have on you. You’ve probably already seen a few this year.
That’s because most U.S. states have laws that compel companies to publicly
disclose security incidents, like a data breach, as soon as possible. Europe’s
rules are stricter, and fines can be a common occurrence if breaches aren’t
disclosed. But data breach notifications have become an all-too-regular
exercise in crisis communications. These notices increasingly try to deflect
blame, obfuscate important details and omit important facts. After all, it’s
in a company’s best interest to keep the stock markets happy, investors
satisfied and regulators off their backs. Why would it want to say anything to
the contrary? ... Hackers aren’t always caught in the act. In a lot of cases,
most hackers are long gone by the time a company learns of a breach. When a
company says it took immediate steps, don’t assume it’s from the moment of the
breach. Equifax said it “acted immediately” to stop its intrusion, which saw
hackers steal nearly 150 million consumers’ credit records. But hackers had
already been in its system for two months before Equifax found the suspicious
activity. What really matters is when did the security incident start; when
did the company learn of the security incident; and when did the company
inform regulators of the breach?
Uber researchers investigate whether AI can behave ethically
While reinforcement learning is a powerful technique, it often must be
constrained in real-world, unstructured environments so that it doesn’t
perform tasks unacceptably poorly. (A robot vacuum shouldn’t break a vase or
harm a house cat, for instance.) Reinforcement learning-trained robots in
particular have affordances with ethical implications insofar as they might be
able to harm or to help others. Realizing this, the Uber team considered the
possibility that there’s no single ethical theory (e.g., utilitarianism,
deontology, and virtue ethics) an agent should follow, and that agents should
instead act with uncertainty as to which theory is appropriate for a given
context. The researchers suggest ethical theories can be treated according to
the principle of Proportional Say, under which the theories have influence
proportional only to their credence and not to the particular details of their
choice-worthiness in the final decision. They devise several systems based on
this that an agent might use to select theories, which they compare across
four related grid-world environments designed to tease out the differences
between the various systems.
Realigning Priorities and Building a Bridge Between Security and Development
It’s a multifaceted issue that should be understood from both angles.
Misaligned business priorities and processes can create an array of problems,
from a lack of innovation for fear of increased risk to unforeseen
vulnerabilities falling through the cracks during the development process. And
when developers aren’t empowered to improve their skills with educational
tools like Security Labs, there’s less of a chance that they’ll feel prepared
or appreciated when security comes knocking. To begin addressing these
concerns, changes must come from the top-down, trickling through each team to
impact their goals and methods for an overall healthier AppSec program. When
they have direction, developers and security leaders can find a common ground
by building a working relationship that benefits both teams (and ultimately,
the entire organization). Three key steps to fixing the misalignment between
security and development include: Shifting to a security-focused mindset
across the business; Implementing a security champions program to
encourage developer participation; and Making it easier for the
development team to write secure code.
Working From Home With Robots
:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/66921575/VRG_ILLO_4062_WFH_with_SPOT_2040.0.0.jpg)
To prepare for working from home, the company’s safety team wrote new
guidelines for engineers taking Spot back with them, though they mainly
involve keeping the public a safe distance from the robots. Seifert recalls
one incident when someone who didn’t know Spot came up and gave it a bear hug.
“People unfamiliar with robots want to treat Spot like a dog, and calmly
approaching a dog before bending over for pets and hugs is a reasonable thing
to do,” he says. “Thankfully no one got hurt, but Spot has some really
powerful motors and a lot of pinch points.” Now, engineers know to warn anyone
who approaches the robots to keep a safe distance. ... Seifert says he gets a
few more stares than this. “More than once I’ve witnessed a car drive by, only
to see it a few seconds later reverse back into view and then stop for a few
minutes while the driver records a video on their cell phone,” he says. But
his parents live in a friendly neighborhood, so most neighbors have just
gotten used to the sight of him and Spot, out for a walk. Like Seifert,
Barry’s workflow involves writing code, loading it into Spot, testing out the
robot, and then analyzing the results. But instead of having Spot navigate
homemade mazes, he’s been flexing its robotic arm, scattering whatever random
items he can find around the house to act as a picking challenge.
Digital transformation: A map for the path forward
Organizations need a new cloud-enabled supply chain to back up the ambition at
the digital edge. Moving to cloud-native application development and
leveraging API-driven microservice architectures can increase agility and time
to value. Once again, there are two distinct journeys, which also have the
potential to be interlocked to create compound benefit for the organization.
The first journey is to renovate legacy platform architectures and convert the
IT supply chain into a more agile and scalable services engine. This is
powered by a shift to software-defined and cloud-based service delivery
models, which is required to address the siloed nature of legacy back-end
architectures. As organizations move to explore the scale of the digital edge,
it is possible that the transactional systems that support core
functionality―such as ordering, payment, supply chain, ERP, HR, and
finance―will struggle to cope with the unpredictable demand. From online
shopping to unresponsive e-learning platforms, many of the back-end systems
and services that underpin these experiences were not designed to scale on
unexpected demand.
Rebooting Education For The Digital Age
“Working in collaboration with businesses across engineering and technology
industries, we create exciting projects about these sectors and turn them into
free bootcamps for schools. We then map out these projects to national
curriculum standards, deliver them through our e-learning platform, and train
teachers to sustainably embed them into their subjects.” “Our focus is on
creating more exciting projects, personalising the experience for learners,
and opening up the platform for other people and organisations to deliver
workshops and bootcamps,” he adds. By design, the Dicey Tech model relies on
collaborating with universities and other companies to deliver modern learning
experiences. The business has a particularly good relationship with Manchester
City Council and Manchester Science Partnerships, through which it is helping
students from disadvantaged backgrounds experience new ways of learning and
teaching, and access equipment and further resources. During the pandemic,
Dicey Tech has been putting its 3D printing capabilities to use by making
visors for frontline NHS staff. Also conscious of the need to keep children
engaged in education at home, the company created a free learning challenge.
Tackling the curve: 7 IT experts share new working predictions for businesses
Steve Blow, UK systems engineering manager at Zerto, points out that: “Google
reported that it had blocked more than 18 million COVID-19 related phishing
emails every day during the first week of April. It is not surprising that
cybercriminals are taking advantage by executing ransomware attacks amidst
this pandemic, as many organisations, especially those in healthcare or public
sector, face enormous pressures to keep systems up and running.” Blow goes on
to explain that: “Cybercriminals often exploit vulnerabilities in employee
emails, so it is crucial to have the right cyber-defences in place to avoid a
disaster where critical data could be at risk – especially when it comes to
government or healthcare organisations. Having appropriate role based access
control and an extensive tiered security model will help minimise risk. But,
the attack itself is only half of the problem because, without sufficient
recovery tools, the resulting outage will cause loss of data and money, as
well as reputational harm. “Over the coming months it is important that we see
more organisations utilising tools that allow them to roll back and recover
all of their systems to a point in time just before an attack.
Turns out artificial brains need "sleep" too, but do they dream?
The researchers found the spiking neural network became increasingly unstable
after extended periods of unsupervised dictionary learning. After that fact,
the team used spiking neural network computer simulations to better understand
exactly what led to this instability. The researchers discovered that the
neurons within the system began to fire regardless of the input signals they
received after extended training. In an attempt to stabilize the networks, the
team implemented various types of noise, with Gaussian noise having the best
results. The research team postulates that this is because Gaussian noise may
mimic the inputs biological neurons receive throughout slow-wave sleep. "Why
is slow-wave sleep so indispensable?" said senior author of the study Garrett
Kenyon. "Our results make the surprising prediction that slow-wave sleep may
be essential for any spiking neural network, or indeed any organism with a
nervous system, to be able to learn from its environment." Although further
research is necessary, artificial "sleep" may be imperative to maintaining
stability in spiking neural networks. Next, the researchers plan to use this
algorithm on Intel's Loihi neuromorphic chip.
DeepMind hopes to teach AI to cooperate by playing Diplomacy
DeepMind, the Alphabet-backed machine learning lab that’s tackled chess, Go,
Starcraft 2, Montezuma’s Revenge, and beyond, believes the board game
Diplomacy could motivate a promising new direction in reinforcement learning
research. In a paper published on the preprint server Arxiv.org, the firm’s
researchers describe an AI system that achieves high scores in Diplomacy while
yielding “consistent improvements.” AI systems have achieved strong
competitive play in complex, large-scale games like Hex, shogi, and poker, but
the bulk of these are two-player zero-sum games where a player can win only by
causing another player to lose. That doesn’t reflect the real world,
necessarily; tasks like route planning around congestion, contract
negotiations, and interacting with customers all involve compromise and
consideration of how preferences of group members coincide and conflict. Even
when AI software agents are self-interested, they might gain by coordinating
and cooperating, so interacting among diverse groups requires complex
reasoning about others’ goals and motivations.
"A sense of humor is part of the art of leadership, of getting along with
people, of getting things done." -- Dwight D. Eisenhower
Minimising corporate security risks with (XaaS) Everything-as-a-service
The sudden demand for remote working as a result of social distancing to
reduce the spread of COVID-19 was something that many businesses had not
prepared for and left lots of us rushing to find a solution. However, in the
hurry to implement a solution, businesses may have failed to carefully
consider the potential for cyber threats and as a result, nearly
three-quarters of UK businesses now think that home working is putting their
organisations at risk. Whatsmore, many organisations have overridden their
security rules to ensure workers are quickly set up to work from home.
Private end devices such as laptops, tablets and smartphones which are not
protected by the corporate network and uniform security standards are being
used now more than ever. Not to mention, there are no IT professionals
on-site to monitor traffic and watch for suspicious activity. There are a
number of solutions that businesses can employ to ensure that their
workforce continues to work as normal with all their applications seamlessly
integrated, and the security of these solutions must be the number one
priority.
Quote for the day:
No comments:
Post a Comment