Deep Learning's Diminishing Returns
While deep learning's rise may have been meteoric, its future may be bumpy. Like
Rosenblatt before them, today's deep-learning researchers are nearing the
frontier of what their tools can achieve. To understand why this will reshape
machine learning, you must first understand why deep learning has been so
successful and what it costs to keep it that way. ... Deep-learning models are
overparameterized, which is to say they have more parameters than there are data
points available for training. Classically, this would lead to overfitting,
where the model not only learns general trends but also the random vagaries of
the data it was trained on. Deep learning avoids this trap by initializing the
parameters randomly and then iteratively adjusting sets of them to better fit
the data using a method called stochastic gradient descent. Surprisingly, this
procedure has been proven to ensure that the learned model generalizes well. The
success of flexible deep-learning models can be seen in machine translation. For
decades, software has been used to translate text from one language to another.
Early approaches to this problem used rules designed by grammar experts.
IT security and cybersecurity: What's the difference?
Information technology focuses on the systems that store and transmit digital
information. Cybersecurity, in contrast, focuses on protecting electronic
information stored within those systems. Cybersecurity usually focuses on
digital information and infrastructure. Infrastructure may include internet
connections and local area networks that store and share information. In short,
cybersecurity focuses on preventing hackers from gaining digital access to
important data on networks, on computers, or within programs. Workers in IT and
cybersecurity have varying job titles depending on their education, training,
experience, and responsibilities. One subset of IT, IT security, focuses on
protecting access to computers, networks, and information. IT security
professionals may create plans to protect digital assets and monitor computer
systems and networks for threats. They may also work to protect the physical
equipment storing the data, along with the data itself. Another subset of IT,
information security, focuses on securing data and systems against unauthorized
access.
How to quit your job and start your business in 90 days
Giving up is a straightforward decision that requires courage, boldness, and a
strong belief in what you are about to do. But on the other hand, having a job
you don't like can be the worst death sentence for your happiness and personal
fulfillment. Quitting your job should be done wisely and in a balanced way,
and building a business that replaces the security of income from your
previous job is an art. ... Stopping working for someone else doesn't
automatically make you able to work for yourself, but it does qualify you to
try. Starting a business is like planning an expedition to Mount Everest.
Climbing the highest peak in the world requires money, training, a year of
planning, and only 49% of those who attempt it make it to the top. A dream
without a deadline is a wish. Sitting for months contemplating your idea is
one of the worst passive tactics to avoid compromise. Set a date to quit your
job and dedicate yourself full time to your business. Just as it is important
to set a start date, it is just as important to designate an end date. A date
in which with maturity and wisdom you can say "this is not working."
How one coding error turned AirTags into perfect malware distributors
“Security consultant and penetration tester Bobby Rauch discovered that
Apple's AirTags — tiny devices which can be affixed to frequently lost items
like laptops, phones, or car keys — don't sanitize user input. This oversight
opens the door for AirTags to be used in a drop attack. Instead of seeding a
target's parking lot with USB drives loaded with malware, an attacker can drop
a maliciously prepared AirTag,” the publication reported. “This kind of attack
doesn't need much technological know-how — the attacker simply types valid XSS
into the AirTag's phone number field, then puts the AirTag in Lost mode and
drops it somewhere the target is likely to find it. In theory, scanning a lost
AirTag is a safe action — it's only supposed to pop up a webpage at
https://found.apple.com/. The problem is that found.apple.com then embeds the
contents of the phone number field in the website as displayed on the victim's
browser, unsanitized.” The worst part about this hole is that the damage it
can inflict is only limited by the attacker’s creativity.
Why today’s cybersecurity threats are more dangerous
Unlike 20 years ago, when even extensive IT systems were comparatively
standalone and straightforward, the interdependencies of systems now make
dealing with and defending against threats a much more difficult proposition.
"The core problem here is complexity and our interdependence," Snyder said.
"That is something that we're not going to move away from because that is
providing us flexibility and functionality and all these other critical
functions that we need. We've got a growing problem here." One new variable
thrown into the digital mix is the meteroic growth of ransomware, which makes
it appear that cyberattacks are getting worse. "I think that the ransomware
attackers have found a perfectly successful illegitimate business model," Rand
Corporation researcher Jonathan Welburn said. "Every time there's a
large-scale attack, we see that [victims] issue a payment, and it solves the
problem. It's a really good advertisement for that business model." Jay
Healey, a senior research scholar at Columbia University, said that at one
level, cybersecurity risks are unchanged from what they were two decades ago.
"We've been here before," he said.
The insecure application conundrum: how to stop the influx of vulnerable applications
The fundamental root cause of application insecurities can be attributed to
the fact that security awareness training for developers is virtually
non-existent. Developers do not willingly deploy applications in the hope that
exploits are never found. Instead, there still exists a lack of exposure and
experience that plays a part in them not understanding the actual severity of
some of the vulnerabilities. At the same time, there is a global shortage of
experienced developers, as evidenced, by the fact that vacancies for
application development security developers are set to grow 164% in the next
five years. Finding an experienced developer with a rounded skillset is like
finding a needle in a haystack. As a result, for businesses, there is more
economic value in investing in the training of developers in cyber security to
build their competence at secure development methods, linked to their
business. In essence, there are two major ways to distinguish how
vulnerabilities are caused – through technical vulnerabilities and business
logic flaws.
Facebook outage was a series of unfortunate events
Facebook says the root cause of its outage Monday involved a routine
maintenance job gone awry that resulted in rendering its DNS servers
unavailable, but first the entire Facebook backbone network had crashed. To
make matters worse, the loss of DNS made it impossible for Facebook engineers
to remotely access the devices they needed to in order to bring the network
back up, so they had to go into the data centers to manually restart systems.
That slowed things down, but they were slowed down even more because the data
centers have safeguards in place to make tampering hard—for anybody. “They’re
hard to get into, and once you’re inside, the hardware and routers are
designed to be difficult to modify even when you have physical access to
them,” according to a Facebook blog written by Santosh Janardhan, the
company's vice president of engineering and infrastructure. It took time, but
once the systems were restored, the network came back up. Restoring the
customer-facing services that run over the network was another lengthy process
because turning them up all at once could cause another round of
crashes.
The Three Symptoms of Toxic Leadership and How to Get Out of It
Toxicity has eaten deep into the very fabric of what is standard in the
workplace. Why is it okay for people to use swear words and hate on one
another, but not okay to use words such as love and appreciation? Why has what
is supposed to be the norm now considered or seen as being “out there”? That's
not right, and a change in this thought pattern is long overdue. Now is the
time to educate everyone on the importance of speaking right, doing right,
treating each other right in the workplace, and above all, being a nontoxic
leader. It’s time we stop being toxic leaders and take action. Once I started
studying and analyzing my own toxic traits, I was able to come out of it. And
now, I help other successful leaders in tech do the same. For example, I was
once working with an engineering manager at a start-up company. She worked
around the clock to provide everything for her team. She did sufficient
training, was nice to everyone, and provided all the support she possibly
could.
Hybrid work: 9 ways to encourage healthy team conflict
Diversity of thought leads to better solutions in the end. “Leaders of
high-performing teams consistently convey the importance of conflict and push
the team to engage in constructive debate, even to the point that the tension
makes team members uncomfortable, to generate the best decisions,” says Andy
Atkins, practice leader at BTS Boston. This can be trickier in the hybrid
world. “It is more difficult to gauge team members’ reactions, or test the
temperature in the room, and it is easier for team members themselves to
withdraw from the conversation,” says Atkins. Therefore, leaders must be more
deliberate in creating a culture that encourages speaking up. The most
successful leaders not only model the willingness to face conflict themselves,
but also help team members express their own points of view. “It helps if the
team leader takes care to reserve his or her own observations in discussions
to allow others to speak first, and to deliberately draw out different
opinions around the table before moving on,” says Atkins.
Critical infrastructure IoT security: Going back to basics
Ultimately, IoT devices weren’t built with security in mind. The vast amount
of IoT devices tend to be poorly secured, often functioning with out-of-date
software or using default security configurations which makes it a vulnerable
target for threat actors. The fact is that until the last 5 or 10 years,
security wasn’t even something considered as a part of developing OT. It’s not
like a hospital buys a new MRI machine every year, so that 10-year-old MRI
machine in the hospital is still highly vulnerable since it was built in a
time when security wasn’t important or thought of. It is unsurprising that the
vulnerability of IoT and the critical infrastructure landscape as a whole to
cyberattacks is becoming a growing concern within the security landscape and
recent attacks on the sector have proven the need to ramp up security efforts.
Even though IoT is becoming an increasing target, the focus on many recent
attacks is on OT infrastructure. For that reason, the critical infrastructure
industry must take a security-first stance to security their
operations.
Quote for the day:
"Leaders keep their eyes on the
horizon, not just on the bottom line." -- Warren G. Bennis
No comments:
Post a Comment