4 ways to keep the cybersecurity conversation going after the crisis has passed
The report recommends adding a business information security officer (BISO) to
improve business security alignment, building a top-down measurable program, and
changing reporting structures so the CISO reports directly to the CEO.
Ultimately, analysts say it’s the CISO’s responsibility to build relationships
with executives and the board and have regular conversations with them. “It’s
not just the board ignoring things or executives minimizing things, but
cybersecurity people staying in their lane,” says Jon Oltsik, senior principal
analyst at Enterprise Strategy Group and author of the report. “We need
progressive and proactive CISOs to kind of shake the world up.” To maintain
momentum, CISOs must keep the board’s attention with a steady stream of relevant
information delivered in business terms and presented in the form of risk and
strategy for cybersecurity, not just tech solutions. Security leaders and
analysts offer some tips, tools, and frameworks to help translate security into
strategy and keep the conversation going. If CISOs want to speak in board terms,
“you have to speak strategically, and there are strategic business tools to do
that,” says Lance Spitzner, director of SANS security awareness.
The concept of justifiable healthcare and how big data can help us to achieve it
As a first necessary but not sufficient step, the evaluation requires
consideration of any evidence on the efficacy of the intervention. AI and big
data can be of help to mine and digest existing literature and evidence, at a
much higher speed and in a more exhaustive manner than is currently possible
using human skills. It is crucial that for this evaluation of efficacy,
standardized core outcome sets are applied. These are sets including only
outcomes that are: relevant to patients; measurable in an accurate and
reliable manner; and discriminative. At the micro-level of the healthcare
professional and the patient, justifiable healthcare is in fact an essential
element to allow for genuine shared decision making. Indeed, justifiable
healthcare provides all stakeholders involved with the argumentation and
information necessary to decide which intervention has the highest probability
to lead to the desired outcome given this specific condition affecting this
specific patient and taking into account other available interventions. Big
data and AI can be of help to present alternative options in a way that both
patients and healthcare workers can easily understand, and finetuned for the
specific case of the patient.
Quantum computing: Quantum annealing versus gate-based quantum computers
All is not lost for gate-based methods – quite the contrary, in fact. GSK's
researchers foresee that the expected increase in qubit count in computers like
these will allow quantum devices to show a significant performance advantage
over classical hardware, for pharmaceutically-relevant life science problems,
but also many other types of application. The results of the scientists
experiments are still in pre-print, and are yet to be certified by peer review;
in addition, the trials only focus on a specific problem – the use of quantum
computing to assist drug discovery. Nevertheless, the research offers a valuable
overview of the capabilities of quantum devices as they stand, and of the
limitations of different approaches to quantum computing. The problem addressed
by the scientists is well-established in classical computing. Called codon
optimization, it consists of finding sequences of genetic code, called codons,
that will ultimately lead to the expression of a particular gene. Up to six
codons can be required to represent an amino acid, which in turn form the
proteins that determine the gene.
Could No-Code Enable Everything Ops?
“The story of B2B software is largely about automation,” said Chou. If we
consider classic examples of corporate applications, we see one common thread —
B2B software has always sought to automate traditional office work. And so, it
came to pass that computing and software devoured all these office tasks, from
accounting to time-tracking, communications and many other areas. Though
computer-based office work delivered huge efficiency boosts, these interfaces
often introduced new hurdles; bad UI design, difficult navigation and a hundred
open tabs, just to name a few. From there, robotic process automation (RPA)
aimed to operationalize a growing number of tedious digital workflows across
Excel spreadsheets, web apps and desktop apps. In Chou’s words, “RPA took the
concepts of test automation software, and then pointed it toward production
systems.” Though RPA’s process of recording screen interactions gathered much
interest and attention (and funding), screen scraping is ultimately too fragile
to be effective. It adds technical debt over legacy systems. It can be expensive
to implement. Lastly, it’s not processes-centric and doesn’t implement reusable
software-defined APIs.
Here's how digital transformation and sustainability can flourish together
The rapid digitalisation catalysed by COVID-19 presents the opportunity to
rethink how we make decisions and how we apply technology in new and meaningful
ways. Immense opportunity exists for enterprises that can capture the value of
data to drive more sustainable solutions. For example, it’s estimated that the
value unlocked by artificial intelligence in helping design out waste for food,
keeping products and materials in use, and regenerating natural systems, could
be up to $127 billion a year in 2030. The digital transformations of today must
be purpose-led, delivering for all stakeholders as a requisite for company
success. Spearheading that effort is the Forum's CEO Champions group on
Accelerating Digital Transformation in a Post-COVID-19 World, which is led by
Antonio Neri, the CEO of Hewlett Packard Enterprise (HPE). Today, this group
published a playbook, Bridging Digital and Environmental Goals, designed to
provide leaders with recommended actions and examples to leverage data-led
insights and create products, strategies and business models that minimise their
impact on the planet.
Security awareness programs: The difference between window dressing and behavior change
Instead of merely checking the annual compliance security box, good security
awareness programs are focused entirely on real-world outcomes and results. To
achieve measurable results, companies need to make a real change in educating
employees on cybersecurity and their role in protecting their companies. The
core issue with “cookie-cutter” security training, in which all employees
receive the same phishing simulation, is that they often do not target at-risk
users at the critical moment when a potential attack is in progress. Nor are
they conducted with enough frequency to remain top of mind for employees. By
implementing policies, controls, and technologies that focus on the individual,
organizations can more effectively teach employees the right behaviors that will
result in a cyber-savvy culture. ... Taking a behavior-based approach to
security awareness training is more effective than traditional initiatives,
reduces costs, and provides a measurable ROI for organizations. Consider lane
assist technology. While the reason why a driver might drift into another lane
can range from fatigue to inattention to an inability to see the lines, alerting
drivers exactly when they might be dangerously drifting into another lane helps
drivers avoid a collision.
AI and you: how confusion about the technology that runs our world threatens democracy
Machine learning occupies an interesting position in the story of scientific
progress. On one hand it’s a natural outcome of developments in computer
science that began in the 1980s. On the other hand, its total dependence on
information — and its ability to make do with all sorts of information,
including things like your keystroke and heart rate — marks what could turn
out to be a more radical break with previous technologies. Machine learning
uses existing information to generate new information. But it also allows that
new information to be put to a variety of questionable uses, including
surveillance and manipulation. If you’ve ever been recommended products while
shopping online, you’ve probably been profiled. Ever been denied an
application for a credit card in short order? Again, you’ve probably been
profiled. Algorithmic profiling presents a host of ethical and legal
challenges, particularly around discrimination and privacy. But profiling is
just the tip of an ever-expanding iceberg. Many uses of big tech pose a threat
to individuals as individuals, which is bad enough.
The cyber security risks of working from home
The most obvious risk is that most of our tasks are conducted online. After
all, if something’s on the Internet, then there’s always the possibility of a
cyber criminal compromising it. They might attempt to do this by cracking your
password. This could be easier than ever if you’re reusing login credentials
for the various online apps you need to stay in touch with your team.
Meanwhile, according to CISO’s Benchmark Report 2020, organisations are
struggling to manage remote workers’ use of phones and other mobile devices.
It found that 52% of respondents said that mobile devices are now challenging
to protect from cyber threats. ... Organisations should also be concerned
about remote employees using their own devices. This might have been
unavoidable given how quickly the pandemic spiralled and the suddenness of the
government’s decision to implement lockdown measures. Still, where possible,
all work should be done on a corporate laptop subject to remote access
security controls. This should include, at the very least, 2FA (two-factor
authentication), which will mitigate the risk of a crook gaining access to an
employee’s account.
The future of data privacy: confidential computing, quantum safe cryptography take center stage
Quantum safe cryptography aims to tackle the problems that will arrive with
the day we have a working quantum machine. While quantum computing is being
actively worked on by engineers worldwide, with Honeywell, for example,
ramping up the capacity of its own System Model H1 to a quantum volume of 512,
it is estimated that a full-capacity quantum computer could exist within the
next 10 to 15 years. When that day arrives, however, the high computational
power of these machines would render "virtually all electronic communication
insecure," according to IBM, as quantum computers are able to factor large
numbers -- a core precept of today's cryptography. To resolve this, standards
based on lattice cryptography have been proposed. This hides data in complex
algebraic structures and is considered to be an attractive option for
future-proofing data privacy architectures. According to IBM cryptographer
Vadim Lyubashevsky, adopting lattice frameworks is unlikely to impact
end-users -- and may actually improve computational performance. But why
bother now, when full quantum machines do not exist?
Enterprise architecture: a tool for business recovery?
From entirely new ways of working, permanent shifts in customer behaviour and
operational networks, the world beyond the crisis is set to look drastically
different. To emerge from the pandemic in a stronger position, organisations
will need to directly address the vulnerabilities the pandemic has exposed.
For instance, people may continue to be adverse to gathering in large groups,
ecommerce is unlikely to lose the gains it has obtained during multiple
lockdowns, and of course, businesses globally have realised the benefits that
the work from home model brings. These emerging trends will significantly
alter the roadmap ahead, but more importantly, it’ll accelerate the
exploration of new digital tools. A recent McKinsey report shows that nearly
all organisations, whether traditional companies or startups are re-orienting
their business models to be more digital as a direct result of the impact
Covid-19 has had on changing consumer behaviours, and many of these changes
will outlive the current landscape. As we delve into this virtual world, we
must prepare and ask ourselves, could parts of hospitality and tourism be
replaced by VR? Will business meetings make use of holographic technology for
a blended experience? Will self-driving or delivery drones spearhead the
future of retail?
Quote for the day:
"The world is full of obvious things
which nobody by any chance ever observes." --
Arthur Conan Doyle
No comments:
Post a Comment