The report recommends adding a business information security officer (BISO) to improve business security alignment, building a top-down measurable program, and changing reporting structures so the CISO reports directly to the CEO. Ultimately, analysts say it’s the CISO’s responsibility to build relationships with executives and the board and have regular conversations with them. “It’s not just the board ignoring things or executives minimizing things, but cybersecurity people staying in their lane,” says Jon Oltsik, senior principal analyst at Enterprise Strategy Group and author of the report. “We need progressive and proactive CISOs to kind of shake the world up.” To maintain momentum, CISOs must keep the board’s attention with a steady stream of relevant information delivered in business terms and presented in the form of risk and strategy for cybersecurity, not just tech solutions. Security leaders and analysts offer some tips, tools, and frameworks to help translate security into strategy and keep the conversation going. If CISOs want to speak in board terms, “you have to speak strategically, and there are strategic business tools to do that,” says Lance Spitzner, director of SANS security awareness.
As a first necessary but not sufficient step, the evaluation requires consideration of any evidence on the efficacy of the intervention. AI and big data can be of help to mine and digest existing literature and evidence, at a much higher speed and in a more exhaustive manner than is currently possible using human skills. It is crucial that for this evaluation of efficacy, standardized core outcome sets are applied. These are sets including only outcomes that are: relevant to patients; measurable in an accurate and reliable manner; and discriminative. At the micro-level of the healthcare professional and the patient, justifiable healthcare is in fact an essential element to allow for genuine shared decision making. Indeed, justifiable healthcare provides all stakeholders involved with the argumentation and information necessary to decide which intervention has the highest probability to lead to the desired outcome given this specific condition affecting this specific patient and taking into account other available interventions. Big data and AI can be of help to present alternative options in a way that both patients and healthcare workers can easily understand, and finetuned for the specific case of the patient.
All is not lost for gate-based methods – quite the contrary, in fact. GSK's researchers foresee that the expected increase in qubit count in computers like these will allow quantum devices to show a significant performance advantage over classical hardware, for pharmaceutically-relevant life science problems, but also many other types of application. The results of the scientists experiments are still in pre-print, and are yet to be certified by peer review; in addition, the trials only focus on a specific problem – the use of quantum computing to assist drug discovery. Nevertheless, the research offers a valuable overview of the capabilities of quantum devices as they stand, and of the limitations of different approaches to quantum computing. The problem addressed by the scientists is well-established in classical computing. Called codon optimization, it consists of finding sequences of genetic code, called codons, that will ultimately lead to the expression of a particular gene. Up to six codons can be required to represent an amino acid, which in turn form the proteins that determine the gene.
“The story of B2B software is largely about automation,” said Chou. If we consider classic examples of corporate applications, we see one common thread — B2B software has always sought to automate traditional office work. And so, it came to pass that computing and software devoured all these office tasks, from accounting to time-tracking, communications and many other areas. Though computer-based office work delivered huge efficiency boosts, these interfaces often introduced new hurdles; bad UI design, difficult navigation and a hundred open tabs, just to name a few. From there, robotic process automation (RPA) aimed to operationalize a growing number of tedious digital workflows across Excel spreadsheets, web apps and desktop apps. In Chou’s words, “RPA took the concepts of test automation software, and then pointed it toward production systems.” Though RPA’s process of recording screen interactions gathered much interest and attention (and funding), screen scraping is ultimately too fragile to be effective. It adds technical debt over legacy systems. It can be expensive to implement. Lastly, it’s not processes-centric and doesn’t implement reusable software-defined APIs.
The rapid digitalisation catalysed by COVID-19 presents the opportunity to rethink how we make decisions and how we apply technology in new and meaningful ways. Immense opportunity exists for enterprises that can capture the value of data to drive more sustainable solutions. For example, it’s estimated that the value unlocked by artificial intelligence in helping design out waste for food, keeping products and materials in use, and regenerating natural systems, could be up to $127 billion a year in 2030. The digital transformations of today must be purpose-led, delivering for all stakeholders as a requisite for company success. Spearheading that effort is the Forum's CEO Champions group on Accelerating Digital Transformation in a Post-COVID-19 World, which is led by Antonio Neri, the CEO of Hewlett Packard Enterprise (HPE). Today, this group published a playbook, Bridging Digital and Environmental Goals, designed to provide leaders with recommended actions and examples to leverage data-led insights and create products, strategies and business models that minimise their impact on the planet.
Instead of merely checking the annual compliance security box, good security awareness programs are focused entirely on real-world outcomes and results. To achieve measurable results, companies need to make a real change in educating employees on cybersecurity and their role in protecting their companies. The core issue with “cookie-cutter” security training, in which all employees receive the same phishing simulation, is that they often do not target at-risk users at the critical moment when a potential attack is in progress. Nor are they conducted with enough frequency to remain top of mind for employees. By implementing policies, controls, and technologies that focus on the individual, organizations can more effectively teach employees the right behaviors that will result in a cyber-savvy culture. ... Taking a behavior-based approach to security awareness training is more effective than traditional initiatives, reduces costs, and provides a measurable ROI for organizations. Consider lane assist technology. While the reason why a driver might drift into another lane can range from fatigue to inattention to an inability to see the lines, alerting drivers exactly when they might be dangerously drifting into another lane helps drivers avoid a collision.
Machine learning occupies an interesting position in the story of scientific progress. On one hand it’s a natural outcome of developments in computer science that began in the 1980s. On the other hand, its total dependence on information — and its ability to make do with all sorts of information, including things like your keystroke and heart rate — marks what could turn out to be a more radical break with previous technologies. Machine learning uses existing information to generate new information. But it also allows that new information to be put to a variety of questionable uses, including surveillance and manipulation. If you’ve ever been recommended products while shopping online, you’ve probably been profiled. Ever been denied an application for a credit card in short order? Again, you’ve probably been profiled. Algorithmic profiling presents a host of ethical and legal challenges, particularly around discrimination and privacy. But profiling is just the tip of an ever-expanding iceberg. Many uses of big tech pose a threat to individuals as individuals, which is bad enough.
The most obvious risk is that most of our tasks are conducted online. After all, if something’s on the Internet, then there’s always the possibility of a cyber criminal compromising it. They might attempt to do this by cracking your password. This could be easier than ever if you’re reusing login credentials for the various online apps you need to stay in touch with your team. Meanwhile, according to CISO’s Benchmark Report 2020, organisations are struggling to manage remote workers’ use of phones and other mobile devices. It found that 52% of respondents said that mobile devices are now challenging to protect from cyber threats. ... Organisations should also be concerned about remote employees using their own devices. This might have been unavoidable given how quickly the pandemic spiralled and the suddenness of the government’s decision to implement lockdown measures. Still, where possible, all work should be done on a corporate laptop subject to remote access security controls. This should include, at the very least, 2FA (two-factor authentication), which will mitigate the risk of a crook gaining access to an employee’s account.
Quantum safe cryptography aims to tackle the problems that will arrive with the day we have a working quantum machine. While quantum computing is being actively worked on by engineers worldwide, with Honeywell, for example, ramping up the capacity of its own System Model H1 to a quantum volume of 512, it is estimated that a full-capacity quantum computer could exist within the next 10 to 15 years. When that day arrives, however, the high computational power of these machines would render "virtually all electronic communication insecure," according to IBM, as quantum computers are able to factor large numbers -- a core precept of today's cryptography. To resolve this, standards based on lattice cryptography have been proposed. This hides data in complex algebraic structures and is considered to be an attractive option for future-proofing data privacy architectures. According to IBM cryptographer Vadim Lyubashevsky, adopting lattice frameworks is unlikely to impact end-users -- and may actually improve computational performance. But why bother now, when full quantum machines do not exist?
From entirely new ways of working, permanent shifts in customer behaviour and operational networks, the world beyond the crisis is set to look drastically different. To emerge from the pandemic in a stronger position, organisations will need to directly address the vulnerabilities the pandemic has exposed. For instance, people may continue to be adverse to gathering in large groups, ecommerce is unlikely to lose the gains it has obtained during multiple lockdowns, and of course, businesses globally have realised the benefits that the work from home model brings. These emerging trends will significantly alter the roadmap ahead, but more importantly, it’ll accelerate the exploration of new digital tools. A recent McKinsey report shows that nearly all organisations, whether traditional companies or startups are re-orienting their business models to be more digital as a direct result of the impact Covid-19 has had on changing consumer behaviours, and many of these changes will outlive the current landscape. As we delve into this virtual world, we must prepare and ask ourselves, could parts of hospitality and tourism be replaced by VR? Will business meetings make use of holographic technology for a blended experience? Will self-driving or delivery drones spearhead the future of retail?
Quote for the day:
"The world is full of obvious things which nobody by any chance ever observes." -- Arthur Conan Doyle