Microsoft launches first Asia Pacific Public Sector Cyber Security Executive Council
With most technology infrastructure owned and operated by private companies; it
is also mission critical that governments form coalitions with leading tech
companies to lead effective cyber-defense strategies and safeguard our region
against attackers. Dato’ Ts. Dr. Haji Amirudin Abdul Wahab FASc, CEO of
CyberSecurity Malaysia shared, “Cybersecurity is an important national agenda
that cannot rely solely on the back of IT team. It should be a priority and
responsibility of all individuals, as we continue to see cyber-criminal
activities rise exponentially with the proliferation of data and digital
connectivity. This coalition certainly establish stronger partnerships with
industry leaders and practitioners that allow us to fortify our security
postures and combat cybercrime.” On the future of the cybersecurity eco-system
and role the coalition will play, Ph.D. candidate ChangHee Yun, Principle
Researcher of AI/Future Strategy Center, National Information Society Agency
Korea added, “the collective intelligence amongst the Asia Pacific nations is
paramount to jointly share best practices and strategies that will enable us to
resolve cybersecurity challenges at a faster pace, and a more proactive manner.
...”
A look at API prioritisation strategy of ICICI Lombard
Like any other software development, API development and rollout have their
own set of challenges. One of the most important challenges is to ensure
security and encryption. A robust security framework and periodic security
audits of applications are a must in ensuring that not only endpoints of
applications are tracked but also there is a sufficient level of encryption
and account-level security that is maintained. Detection of vulnerabilities
and plugging them is an ongoing affair and needs to be monitored regularly.
Data protection is a critical aspect of security that we pay close attention
to. According to Nayak, one of the key aspects, where organisations make
mistakes, involves the estimation of volumes for integration. Since a lot of
the APIs are built keeping the number of users in mind, it becomes extremely
important to also estimate user-based rate limits to ensure scalability.
“User-based rate limits also help in tracking the number of calls per user and
outliers are identified as a part of the security evaluation.
HITRUST explained: One framework to rule them all
To understand how this works, we need to first understand what we mean when we
talk about a security framework. This isn't some whiz-bang software tool or
hardware appliance; instead, it's a set of policies and procedures meant to
improve your organization's cyber security strategies. There are innumerable
frameworks available out there, some put out by for-profit companies, some by
industry cybersecurity orgs, and some by government agencies. This last
category will become important for our discussion: many government regulations
that touch on cybersecurity have at their heart prescribed frameworks that
companies need to implement in order to be in compliance. HITRUST's framework,
known as the HITRUST CSF, works along these same lines. What makes HITRUST
special is that it isn't attempting to impose its own unique security
philosophy onto its users; rather, it consolidates multiple existing public
domain security frameworks into a single document. For instance, plenty of
these frameworks require all passwords within an organization to be eight
characters or more; therefore, the HITRUST CSF includes an eight-character
password requirement for those organizations to which that control applies.
Microsoft's Low-Code Strategy Paints a Target on UIPath and the Other RPA Companies
Microsoft has assembled all of the pieces required by an enterprise to deliver
low code solutions. If they execute well on this strategy they are poised to
become unassailable in the low-code world. When Microsoft talks about low
code, they have a pretty expansive view. The language they use when describing
low code encompasses everything from an accountant writing a formula in Excel,
to a software engineer using a pre-built connector to pull data from an API,
to a consulting firm building a bespoke end-to-end claims management solution
for a customer. Microsoft realises that the real challenge with scaling low
code is not writing low code applications - it’s deploying and monitoring low
code applications. And it is firmly on a trajectory to solving this challenge.
... Microsoft has put together a pretty impressive strategy. I don’t know how
much is by design and how much by tactical zigging and zagging but, judging by
the dates that the company released each of the pieces in this strategy, it
looks like sometime in 2019 someone at Microsoft had a lightbulb moment about
how all this should fit together, and they’ve been executing against that
strategy ever since.
Are MRI Scans Done By AI Systems Reliable?
Convolutional neural networks are trained to map the measurement directly to
an artifact-free image or map from a coarse least-squares reconstruction from
the under-sampled measurement to an artifact-free image. The best-performing
methods in the fastMRI competition are all trained networks and yield
significant improvements over classical methods. Traditional CS methods are
trendy in MRI reconstruction, and are used in clinical practice. Untrained
networks are also powerful for compressive sensing, and simple convolutional
architectures such as the Deep Decoder work well in practice. For the
experiments, the researchers picked ten randomly-chosen
proton-density-weighted knee MRI scans from the fastMRI validation set. For
each of those images, a small perturbation was added to the measurement. The
results showed that both trained and untrained methods are sensitive to small
adversarial perturbations. For the next experiment to check for dataset shift,
the researchers tested on the Stanford dataset retrieved by collecting all
available 18 knee volumes. “Our main finding is that all reconstruction
methods perform worse on the new MRI samples, but by a similar amount.
A human-centric approach to protect against cybersecurity threats
Teaching and reinforcing positive cyber hygiene among employees is one way in
which they can help in defending against cyberattacks. This is the consistent
and safe training of employees when they perform a manoeuvre that could
compromise important data or open themselves up to a threat. This could be
attaching a document with sensitive information to an outside source using a
document sharing service or clicking on e-mail without reviewing the source.
With practice and consistent guidance, it is possible to train employees with
new programmes that help to curb unwanted behaviours, with notifications being
made to the employees when one of these incidents is about to occur. The
employee can learn in real-time why they cannot or should not perform this
action. It can also be a comfort to the employees who know they are protected
within this system of alerts, with additional options to anonymise which
employee is connected to each incident – in other words, ensuring full
visibility while maintaining privacy. With time, these actions will become
habits. Human error is always likely to occur, but with incident-based
training, employees and companies can better protect themselves from outside
risks.
Investing in the Cybersecurity Workforce of Tomorrow
One solution that will help close the skills gap is to seek out and hire
underrepresented candidates. However, providing them with the needed
educational resources and skill-building opportunities is yet another
challenge. Cybersecurity education is not always accessible to these groups,
which typically leads them to pursue other career paths. Investing in the
preparation of essential talent pools, such as students, is one key component
to closing the cybersecurity skills gap. With the crucial need for people with
cyber skills, IT recruiters need to consider candidates who don’t fit the
traditional mold of a cybersecurity professional. ... Organizations must
provide appropriate resources, and candidates must be willing to take
advantage of this opportunity. Along with universities that offer
cybersecurity curricula, several community organizations recognize the value
of diversity in the industry, providing access to content and programs
designed to address the talent shortage. ICMCP and WiCyS are two examples of
groups that partner with private organizations to create access to different
types of training and mentorship programs for women and minorities looking to
transition or grow within the field of cybersecurity.
CISO Confidence Is Rising, but Issues Remain
Many CISOs feel they lack boardroom support. Fewer than two-thirds of global
CISOs surveyed for the report indicated that they agree with their board's
approach to cybersecurity. Fifty-seven percent of them indicated that the
expectations placed on their role are excessive. Fifty-nine percent of global
CISOs say their reporting line hinders their job effectiveness. This view is
most prevalent in the technology sector, where three-quarters of CISOs
expressed this sentiment. In the public sector, the issue is less pressing;
here, just 38% felt reporting was a burden. The apparent distance between them
and their C-suite colleagues makes many CISOs feel they can't do their jobs to
the best of their ability. Nearly half of them don't global believe their
organization is setting them up to succeed. What's worse, 24% of CISOs
strongly agree this is the case. The CISO's ability to trade off agility and
security will be even more critical in the future. Now that more organizations
know what remote working brings along in terms of cost-savings and
flexibility, it's likely that many will adopt hybrid working models going
forward. But CISOs will need to convince their boards that the passable
approach they used over the past year won't be enough in the long term.
How data centres can help businesses be more sustainable
The first step for many providers is in a move away from fossil fuels. Data
centres are particularly well placed to benefit from renewable energy sources
due to their stable power consumption. Indeed, some providers are already
achieving 100% zero-carbon energy in their buildings, resulting in lower
emissions of carbon and other types of pollution, as well as cost
efficiencies. Google is another trailblazer in this area – its large-scale
procurement of wind and solar power has made Google the world’s largest
corporate buyer of renewable energy. Renewable energy is, and will continue to
be, an important part of the strategy to reduce carbon emissions, but
different global locations will benefit from different approaches, and it’s
important to move beyond a straight ‘we must embrace renewables’ message, to
one that recognises the nuances of location. For example, in the Middle East
and parts of the US, solar energy is much more prevalent than in the Nordics.
Other locations have different options: a good example is at a campus on the
southwestern tip of Iceland, which runs almost entirely on geothermal and
hydroelectric power.
Security leaders more concerned about legal settlements than regulatory fines
Egress CEO Tony Pepper comments: “The financial cost of data breach has always
driven discussion around GDPR – and initially, it was thought hefty regulatory
fines would do the most damage. But the widely unforeseen consequences of
class action lawsuits and independent litigation are now dominating
conversation. Organizations can challenge the ICO’s intention to fine to
reduce the price tag, and over the last year, the ICO has shown leniency
towards pandemic-hit businesses, such as British Airways, letting them off
with greatly reduced fines that have been seen by many as merely a slap on the
wrist. “With data subjects highly aware of their rights and lawsuits
potentially becoming ‘opt-out’ for those affected in future, security leaders
are right to be nervous about the financial impacts of litigation.” Lisa
Forte, Partner at Red Goat Cyber Security, comments: “The greatest financial
risk post breach no longer sits with the regulatory fines that could be
issued. Lawsuits are now common place and could equal the writing of a blank
cheque if your data is compromised.
Quote for the day:
"It is easy to lead from the front when there are no obstacles before you,
the true colors of a leader are exposed when placed under fire." --
Mark W. Boye
No comments:
Post a Comment