Data privacy and data security are not the same
"Data privacy is, in essence, a subset of an organization's data security,"
Ewing said. "The distinction is important because, although the tools used to
maintain data privacy and to ensure data security may overlap, the two are
generally addressed differently by different teams using different tools."
This overlap can cause confusion, leaving companies who focus just on data
security with the false impression that, by default, data privacy also is
protected. This is not the case. Unlike data security, which focuses on
protecting all of an organization's data from theft or corruption (like during
a ransomware attack), data privacy is more granular. To ensure data privacy,
organizations must understand, track, and control things like who is
authorized to access the data and where the data is stored -- in a Health
Insurance Portability and Accountability Act (HIPAA)-compliant cloud, for
example. A good example of differences between data privacy and data security
was the harvesting of 87 million Facebook user profiles by the now-defunct
political consulting firm Cambridge Analytica during the 2016-17 US
presidential election, said Joshua Kail, a communications consultant who ran
agency-side PR for Cambridge Analytica until it shut down in May 2018.
State of the Art in Automated Machine Learning
Through the years of development of the machine learning domain, we have seen
that a large number of tasks around data manipulation, feature engineering,
feature selection, model evaluation, hyperparameter tuning can be defined as
an optimization problem and, with enough computing power, efficiently
automated. We can see numerous proofs for that not only in research but also
in the software industry as platform offerings or open-source libraries. All
these tools use predefined methods for data processing, model training, and
evaluation. The creative approach to framing problems and applying new
techniques to existing problems is the one that is not likely to be replicated
by machine automation, due to a large number of possible permutations, complex
context, and expertise the machine lacks. As an example, look at the design of
neural net architectures and their applications, a problem where the search
space is so ample, where the progress is still mostly human-driven. ... In
theory, the entire ML process is computationally hard. From fitting data to,
say, a neural network, to hyperparameter selection, to neural architecture
search (NAS), these are all hard problems in the general case. However, all of
these components have been automated with varying degrees of success for
specific problems thanks to a combination of algorithmic advances,
computational power, and patience.
How AI is Becoming Essential to Cyber-Strategy
The problem with machine learning is that the AI is limited to the features
that it has been taught to expect. Fooling a machine learning security system
is as simple as adding an unexpected/ unprogrammed feature into the exploit.
Imagine a card trick such as “find the lady” where the machine learning
software is expecting the dealer to operate inside the given parameters (the
dealer is only moving around these three cards), but the dealer is cheating by
having a fourth card. Because the concept of the fourth card is outside the
expected features, the program can be defeated. What artificial neural
networks can do is allow an AI to self-determine what features it uses to
reach a conclusion. An artificial neural network still requires some degree of
human input to confirm if a conclusion is incorrect, but it effectively
self-organizes how it reviews and manages the data it has access to. As an
example, an AI looking for new types of viruses can sense everything happening
in a computer and then identify based on everything whether a program or even
an activity in the memory are doing something unwelcome. It does not need to
have seen the behavior before, it only has to recognize the outcome, or
potential outcome.
ICML 2020 highlights: A Transformer-based RL agent, causal ML for increased privacy, and more
Microsoft researchers are in full summer swing when it comes to advancing
machine learning in accessibility, privacy, healthcare, and other areas. As
Microsoft Partner Research Manager and ICML President John Langford puts it,
“ICML is a very broad conference, so its specialty is in some sense ‘all of
the above.’” But Langford goes on to add that one of the topics that ICML has
a long track record on is currently trending: reinforcement learning. A brief
glance through the sessions and workshops presented by Microsoft researchers
shows the wide influence reinforcement learning has in our world today, from
natural language to robotics to infrastructure considerations like
transportation. Beyond the research contributions, Microsoft was also a
sponsor of and recruiter at the conference. Additionally, the company
sponsored two events co-located with the conference, the first Women in
Machine Learning Un-Workshop and the fourth Queer in AI Workshop. The impact
of the conference—now and in the future—is multifaceted, according to
Langford. “ICML is ‘the’ summer machine learning conference. As such, it’s
critically important to the academic discovery, review, and dissemination
process, a great way to meet fellow researchers, and a natural recruiting
point for the field,” he says.
An open source solution for continuous testing at scale
With recent and ongoing updates, organizations can leverage Cerberus' features
from development to operations. It expands digital experience test coverage by
executing tests on a variety of browsers, devices, and apps. Its native
connectors for APIs (including SOAP and REST), desktop applications, and
Apache Kafka enable testing legacy apps, APIs, event-driven microservices,
streaming services, business intelligence, data science applications, and
other use cases. During the software development lifecycle, Cerberus supports
fast iterations in test management, execution, and reporting. Users can create
test specifications in plain English, compose tests using a library, execute
in parallel on various devices, and do advanced reporting. Native integration
with CI/CD solutions, such as Jenkins, Bitbucket, and others, combined with
one-click ticket creation in Jira and other tools, makes bug resolution faster
and easier. Cerberus can also monitor customer experience and business
operations. Tests can be functional and technical, allowing organizations to
test complex scenarios. For example, France's leading TV channel, TF1, uses it
for quality assurance on its streaming platform.
Retrospectives for Management Teams
Good action points are the ones that propel the team forward and make them
productive; I focus on quantity, quality, and the process itself. When it
comes to quantity, it’s always wise to limit our commitments in order to
maximize our chance of delivering them on time. Sometimes it aches the team to
let go of some great ideas and not turn them into action points after a
meeting. I believe it’s our duty as facilitators to increase the likelihood of
a positive impact, even if it means cutting the number of initiatives we start
simultaneously. When it comes to quality, in Radical Candor Kim Scott gives an
easy-to-remember recipe for action points. You need to have a one-line answer
to who will do what by when? If you do not have an answer on all three
aspects, you don’t have an action point after all. If you follow her lead, you
get a statement that is easy to act upon, easy to check if it’s being done,
and easy to communicate with your stakeholders. Regarding the process, I like
to encourage people to write their action items themselves - it helps to frame
them in a way they understand and find easy to act upon. It helps to remember
them, too.
What is an IT director? Everything you need to know about one of the top jobs in tech
The first IT professionals were employed to help their organisations manage
mainframe systems. As computers became more integral to the way we work, so
technology leaders – be they IT directors or CIOs – started to be appointed.
IT director was the more commonly used term initially. Through the late
1990s and into the new millennium, it became customary for the top executive
in a business to take the CIO moniker. While that's still often the case,
it's not a hard and fast rule – many organisations still use the IT director
title to describe their most senior tech executive, or use closely related
titles, such as head of IT, head of technology, vice president of IT, or VP
of technology. Apart from the job title, the roles are perceived to have a
subtly different focus. Many big organisations now employ a CIO and an IT
director. Where both executives are in situ, a split in responsibilities is
likely to occur. IT directors are more likely to ensure day-to-day
technology operations meet the mark, covering areas such as system uptime,
service maintenance and vendor agreements. CIOs, on the other hand, are seen
as the outward face of the technology department – CIOs spend less time in
the data centre and more time engaging with their business peers in an
attempt to understand how technology can be used to help meet their demands.
The Age of Accelerating Strategy Breakthroughs
Leading companies are also prioritizing the need to identify threats and
opportunities created by megatrends that can rapidly reshape businesses. The
coronavirus pandemic has shown that negative megatrends like epidemics and
climate change can no longer be treated as tail risks so extreme that no
preparation would make a difference. Companies have to build up resilience to
safeguard profits by being prepared to play ferocious defense against other
negative megatrends gathering momentum, like public debt crises, at one end of
the spectrum. At the other, they must aggressively pursue new prospects
created by positive megatrends like digitalization and health and wellness.
Macro shifts set off by the pandemic illustrate how quickly megatrends can
force companies to reset strategies. Retailers are rerouting investments
earmarked for building physical locations into upgrading online commerce
features and delivery services. Financial services companies are accelerating
many more digital-only offerings, such as contactless payments and risk
management products such as health insurance.
How to avoid cloud vendor lock-in and take advantage of multi-vendor sourcing options
Businesses recognise the benefit of utilising different suppliers and over
half are now using more than one public cloud provider. According to McQuire,
the moves of major cloud providers is reflecting this trend, with the launch
of products like Google Cloud’s Anthos and Big Query Omni, as well as
Microsoft’s Azure Arc. “Customers and developers want depth in cloud services
but don’t want to be locked into a single cloud environment. Above all, they
want choice when it comes to spinning up infrastructure for new applications,
lift-and shift projects or maintaining consistency across their on premises,
public cloud and edge environments,” he comments. McQuire warns, however, that
while the market is still very early in its transition to the cloud, “care
must be taken in pursuing multi-cloud approaches, so that they are not adding
even more complexity to an already highly-complicated cloud computing stack.
“Whilst consistency is key in multi-cloud, there will be those that do not
want a lowest common denominator approach in order to support this strategy.”
How Ransomware Threats Are Evolving & How to Spot Them
"The cleverness, the creativity, and the intimate knowledge of these very, very
miniscule technical details to craft a bypass like that is almost unseen in
criminal malware," says Wisniewski. "It's the kind of thing we expect to see in
espionage-style attacks, not in criminal attacks." Some attackers bypass
technical tools by "living off the land," or using legitimate admin tools to
achieve goals. Some use software deployment tools to roll out ransomware instead
of delivering patches to Windows machines, Wisniewski says as an example. They
may abuse PowerShell, other Microsoft tools, or so-called "gray hat" tools like
Metasploit or Cobalt Strike. This behavior isn't new, Wisniewski says. "What is
new is that may be the only indication you're going to get that they're in your
network." Organizations may notice small, unusual things once in a while, remedy
them, and close the ticket without realizing they're part of a larger incident.
By the time they do, an attacker has been in their network for weeks.
WastedLocker and Maze will "sit there for a month" to figure out the thing that
will shut down their enterprise victim.
Quote for the day:
No comments:
Post a Comment