"You can't achieve agility, and you can't be adaptive unless you empower your business users with as much self-service analytics and business intelligence and reporting as they can consume," Evelson said. "Self-service is really the only way to become agile and adaptive." That, however, is linked to data governance, which is also imperative to agile data-driven decision-making. "There is a very fine line between too much self-service and not enough governance, versus too much governance and not enough self-service," Evelson added. "Hopefully, there is a middle ground between the two, which we call Goldilocks data governance." All of the competencies together, meanwhile, enable an organization to be agile through what Evelson terms multi-modal analytics and reporting. They empower organizations to do descriptive analytics through dashboards and reports, diagnostic and predictive analytics to get insights, and ultimately prescriptive and actionable analytics to make decisions and trigger actions. And should organizations fail to become agile and adapt to constant change, they risk irrelevancy and ultimately insolvency. Forty years ago, the average lifespan of companies in the S&P 500 was about 30 years, Evelson said.
Autonomy is the idea that the brain is self-governing, receptive to the environment, but always in control. Somatic disorders ranging from improper sugar levels and hormone imbalances to diseases such as malaria or syphilis can cause mental dysfunction. Some individuals are placed in mental hospitals when correcting an underlying disorder would actually fix the problem. At the simplest level, no amount of mental determination would make you a world-class athlete if you did not have the right type of muscle fibers or hand-eye coordination. You cannot flap your arms and fly—the aerodynamics does not allow it. Paganini could only be the legendary violinist he was because of his flexibility. No amount of musicianship could provide that ability. Cognitive processes are embodied. They emerge from the interaction between physical organisms and their environment, not just their brains. For example, there is evidence that the nature of your gut bacteria can cause anxiety, stress, and even depression. Replacing a diseased organ with a healthy one can increase mental functioning. A kidney transplant will help remove poisons from the blood such as urea or ammonia which will increase brain health.
The survey affirms we are in the “age of the CLO.” With 78 percent of respondents reporting to the CEO, the overall trend remains very positive. Further, while CLOs still spend around one quarter of their time providing legal advice, they also spend a significant amount of time on board matters and governance issues, contributing to strategy development, and advising other executives on non-legal issues. The survey found that 46 percent of CLOs are responsible for their company’s data privacy function, reflecting the growing integration of legal in business strategy and technology policy. In the order of functions reporting to the Chief Legal Officer, only compliance (74 percent) outranks privacy. CLOs are also increasingly engaging with environmental, social, and governance issues. This includes diversity and inclusion (D&I). A full 72.7 percent of CLOs expect diversity and inclusion specifically to accelerate in 2021. Encouragingly, even despite COVID-19, 32 percent of law departments plan to take on more lawyers in 2021, a slight increase over 30 percent from 2020.
Apart from the traditional challenges around access management, data pilferage and threats from data communication with third party applications is gaining prominence. Communication with third party applications has found increased traction through APIs, which are increasingly being targeted by threat actors. Further, misconfigurations and policy violations in cloud assets create potential vulnerabilities and backdoors leading to risk of compromise. This is primarily due to the policies of some companies to not change the default security settings on their cloud workloads. These cloud vulnerabilities are accentuated by the increasing number of connected systems and their dependencies. The genesis of many vulnerabilities boil down to access and privilege management. Organizations need to plan for a deep inspection and vulnerability management system as part of their devsecops pipeline for building scalable cloud native applications. A comprehensive vulnerability management system goes a long way to enable organizations to effectively manage and minimizing their threat attack surface.
More broadly, big(ger) data from personal, commercial and government sources has the potential to address various challenges related to the Sustainable Development Goals. For instance, the Humanitarian and Resilience Investing Initiative aims to fill critical gaps in the available data that are preventing investors from accessing more humanitarian and resilience investing (HRI) opportunities. The pandemic has exposed and exacerbated existing gaps and inequalities, notably almost half of the global population remain offline and broadband services are too expensive for 50% of the population in developed countries. These “connectivity deserts” hamper access to health, education and economic inclusion. In a bid to improve access to the digital economy, during The Davos Agenda, the Forum launched the Essential Digital Infrastructure and Services Network, or EDISON Alliance, tasked with working to accelerate digital inclusion Meanwhile, in metropolises around the globe, which account for nearly two-thirds of CO2 emissions, smart energy infrastructure connected through data and digitalization is central to transitioning to “net zero” cities.
The sheer quantity of attacks in 2020 was surprising, Kaczmarek says. "We always expect the number of attacks to increase year over year and quarter over quarter, but we didn't expect that the quantity would increase by over 150%," he says. "This truly reflects the impact of the pandemic and the challenging precedent the 'new normal' has set for cybersecurity." The number of DDoS attacks that involved two or more vectors increased from 40% in 2019 to 72% in 2020, Kaczmarek added. "This means that the attackers as well as the tools they are using are improving," he says. According to Neustar, while the use of DDoS to try and extort ransoms is not new, these attacks grew in persistence, sophistication, and targeting in 2020. Cyber extortionists purporting to belong to well-known nation-state groups went after organizations in industries they have not regularly targeted previously, such as financial services, government, and telecommunications. "RDDoS attacks surged in Q4 2020 as groups claiming to be Fancy Bear, Cozy Bear, and the Lazarus Group attempted to extort organizations around the world," says Omer Yoachimik, product manager, DDoS protection at Cloudflare, another vendor that observed the same trend.
The core of the matter involves deterrence and retaliation. In conventional warfare, deterrence usually consists of potential retaliatory military strikes against enemies. But in cybersecurity, this is more complicated. If identifying cyberattackers is difficult, then retaliating too quickly or too often, on the basis of limited information such as the location of certain IP addresses, can be counterproductive. Indeed, it can embolden other countries to launch their own attacks, by leading them to think they will not be blamed. “If one country becomes more aggressive, then the equilibrium response is that all countries are going to end up becoming more aggressive,” says Alexander Wolitzky, an MIT economist who specializes in game theory. “If after every cyberattack my first instinct is to retaliate against Russia and China, this gives North Korea and Iran impunity to engage in cyberattacks.” But Wolitzky and his colleagues do think there is a viable new approach, involving a more judicious and well-informed use of selective retaliation. “Imperfect attribution makes deterrence multilateral,” Wolitzky says. “You have to think about everybody’s incentives together. Focusing your attention on the most likely culprits could be a big mistake.”
On almost all metrics, therefore, the EU seems to be taking a backseat; and according to the researchers, there is no doubt that this is due to stringent regulations that are in place within the bloc. "Many in Europe do not trust AI and see it as technology to be feared and constrained, rather than welcomed and promoted," concludes the report, recommending that the EU change its regulatory system to be "more innovation-friendly". The General Data Protection Regulation (GDPR), say the researchers, limits the collection and use of data that can foster developments in AI. Proposals for a Data Governance Act, while encouraging the re-use of public sector data, also restrains the transfer of some information; and by creating European data spaces, the regulation could inhibit global partnerships. Recent reports show that the last year has seen almost a 40% increase in GDPR fines issued by the EU compared to the previous 20 months, reaching a total of $332 million in fines since the new laws started applying. In that context, it is not rare to find that some firms are deterred from developing AI systems altogether, out of fear of receiving a fine – even for the most well-intentioned innovations.
As more small and new module providers emerge into the IoT market, many cheaper IoT modules are becoming available to customers with extremely attractive tag price. If we simply look at the initial deployment cost of using cheaper modules, it might look like that it saves a lot of money for the customers. But is the quality of these modules guaranteed? The process of developing a new product and making it deliverable to the market takes long and is costly. Low-quality modules always accompany a higher risk of malfunction and, to the worst extent, result in the failure of the whole project. This will not help IoT companies to generate expected project income, in reverse, it causes a greater loss in investment. From a long-term perspective, even if the product was launched to the market, the unstable performance of the module is likely to cause unwanted surprises and require frequent maintenances. This will not be simply a higher operating cost to the business, it will also harm the reputation of the brand and damage the customers’ loyalty. For the long-term growth of the business, choosing a reliable partner and quality-guaranteed module products is wise and worthy.
The vulnerability, called "Baron Samedit" by the researchers and officially tracked as CVE-2021-3156, is a heap-based buffer overflow in the Sudo utility, which is found in most Unix and Linux operating systems. Sudo is a utility included in open-source operating systems that enables users to run programs with the security privileges of another user, which would them give them administrative – or superuser - privileges. The bug, which appears to have been added into the Sudo source code in July 2011, was not detected until earlier this month, Qualys says. "Qualys security researchers have been able to independently verify the vulnerability and develop multiple variants of exploits and obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). Other operating systems and distributions are also likely to be exploitable," the researchers say. After Qualys notified the authors of Sudo, a patch was included in version 1.5.5p2, published this week. Qualys and the Sudo authors are urging Linux and Unix users to immediately patch systems. Rob Joyce, who was recently named director of the National Security Agency's Cybersecurity Directorate, also flagged the alert on Twitter.
Quote for the day:
"Believe those who are seeking the truth. Doubt those who find it." -- Andre Gide