Why the industrial metaverse will eclipse the consumer one
The industrial metaverse is further ahead on the 3D front, with simulations
and digital twins. The industrial metaverse is ahead on the standards front,
with companies like Nvidia pushing potential standards such as Universal Scene
Description (USD) through its Omniverse platform. USD has been characterized
as doing for the metaverse what HTML did for the internet. In this regard, USD
can lead to greater interoperability, [connecting] formerly disparate
applications or ecosystems … to make workflows more seamless. ... Digital
assets, similarly, are typically locked to a particular ecosystem, servicer or
game. Many of the most transformative opportunities in the consumer space will
also come with mainstream smart glasses, which are still years away before we
see a stronger impact. The enterprise and industrial metaverses are also
better grounded in ROI, meaning more trials and initial deployments have a
higher potential to succeed or lead to more adoption compared to consumer
efforts, which have seen more pushback, such as the addition of NFTs in games
in Western markets [gaining] limited traction.
Surviving the Incident
The next step to the IR playbook is to identify the "crown jewels" of the
organization — the critical systems, services, and operations that, if
impacted by a cyber event, would disrupt business operations and cause a loss
of revenue. Similarly, understanding the collected data type, how it is
transmitted and stored, and who should access it must be mapped to ensure data
security. Identifying and mapping critical systems can be accomplished through
penetration tests, risk assessments, and threat modeling. A risk assessment is
often the first tool to identify potential attack vectors and prioritize
security events. However, to achieve a proactive stance, organizations are
increasingly leveraging threat intelligence and modeling to identify and
address vulnerabilities and security gaps early on before a known attack
occurs. The primary goal is to identify weaknesses or vulnerabilities with
assets to reduce the attack surface and close all the security gaps. This
guide will focus on web application security as our attack scenario. Why web
application security?
Not everything we call AI is actually 'artificial intelligence'. Here's what you need to know
Most of what we know as AI today has narrow intelligence – where a particular
system addresses a particular problem. Unlike human intelligence, such narrow
AI intelligence is effective only in the area in which it has been trained:
fraud detection, facial recognition or social recommendations, for example.
AGI, however, would function as humans do. For now, the most notable example
of trying to achieve this is the use of neural networks and “deep learning”
trained on vast amounts of data. Neural networks are inspired by the way human
brains work. Unlike most machine learning models that run calculations on the
training data, neural networks work by feeding each data point one by one
through an interconnected network, each time adjusting the parameters. As more
and more data are fed through the network, the parameters stabilise; the final
outcome is the “trained” neural network, which can then produce the desired
output on new data – for example, recognising whether an image contains a cat
or a dog. The significant leap forward in AI today is driven by technological
improvements in the way we can train large neural networks, readjusting vast
numbers of parameters in each run thanks to the capabilities of large
cloud-computing infrastructures.
Metaverse Security Concerns Coming Into Focus as Businesses Plan For “Virtual Reality” Futures
Organizations smell potential here, with 23% responding that they are already
developing initiatives even as basic specifications are still firming up. Of
the respondents that expressed a desire to do business in the metaverse, the
leading interest (44%) was customer engagement opportunities. Other popular
areas are learning/training measures and workplace collaboration. But when
asked about their concerns about expanding into this new area, respondents
said that metaverse security was item #1 on the list. By and large, today’s
security solutions have not yet considered the prospect of metaverse
integration. Nevertheless, 86% of the respondents said that they would feel
comfortable sharing user personal information between different metaverse
services. Security providers may be waiting to see what users settle on in the
metaverse before tailoring their products accordingly. Of the products
available thus far, online games are the only ones drawing mass amounts of
users (particularly the pre-existing Roblox and Fortnite) along with simple 3D
world chat apps that allow users to appear as an avatar.
What’s next for AI
The big companies that have historically dominated AI research are
implementing massive layoffs and hiring freezes as the global economic outlook
darkens. AI research is expensive, and as purse strings are tightened,
companies will have to be very careful about picking which projects they
invest in—and are likely to choose whichever have the potential to make them
the most money, rather than the most innovative, interesting, or experimental
ones, says Oren Etzioni, the CEO of the Allen Institute for AI, a research
organization. That bottom-line focus is already taking effect at Meta, which
has reorganized its AI research teams and moved many of them to work within
teams that build products. But while Big Tech is tightening its belt, flashy
new upstarts working on generative AI are seeing a surge in interest from
venture capital funds. Next year could be a boon for AI startups, Etzioni
says. There is a lot of talent floating around, and often in recessions people
tend to rethink their lives—going back into academia or leaving a big
corporation for a startup, for example.
How to Innovate by Introducing Product Management in SMB and Non-Tech Companies
It’s common to find product managers and product owners in SaaS, technology,
ecommerce, retail, and other B2C companies. Leadership in these companies long
realized that understanding markets, determining product-market fits, defining
customer personas, and understanding value propositions are all key to
developing minimally viable solutions and delivering ongoing product
enhancements. But identifying product managers and owners in non-tech
companies, B2B businesses, SMBs, and the government remains a long-running
work in progress. To start innovating, it comes down to transforming from
stakeholder-led backlogs to product-managed, market-driven roadmaps. Tech,
media, and ecommerce companies figure this out right away because chasing
stakeholder-driven features often yields subpar results. More traditional
businesses are likely to misdiagnose the problems with stakeholder-driven
backlogs as a technology execution or platform issue. But there are a few
secrets to making product management work even in the most traditional
businesses.
IT Job Market: 2022's Wild Ride and What to Expect for 2023
Even as those layoff announcements were rolling in, the US Bureau of Labor
Statistics job report for October showed a strong job market for tech pros and
continued growth for remote jobs. In November that growth continued with IT
industry association CompTIA reporting that US tech companies added 14,400
workers during the month, marking two consecutive years of monthly job growth
in the sector. Tech jobs in all industry sectors increased by 137,000
positions. And while job postings for future hiring slipped in November, they
still totaled nearly 270,000. As the tech sector heads into a changed 2023
employment market, it’s unclear how all these mixed signals will play out,
although experts are starting to weigh in on best practices. Employers are
likely looking carefully at budgets and head counts. But it will be a
challenging line to walk. Employers have spent the past few years investing in
employee experience programs and focusing on retaining their valuable talent.
An abrupt change in direction such as mass layoffs will likely sour companies’
reputations as employers.
Inside the Next-Level Fraud Ring Scamming Billions Off Holiday Retailers
Besides the operation being stacked with technology know-how, Michael Pezely,
Signifyd's director of risk intelligence, tells Dark Reading that the
e-commerce threat group has sheer speed and volume of scam transactions on its
side. "E-commerce orders — particularly at the enterprise level — arrive at
dizzying speed," Pezely says. "Signifyd, for instance, processed as much as
$42 million an hour in orders during Cyber Week. It would be virtually
impossible for a human team to review that volume of orders for signs of
fraud." Pezely added that merchants are on the lookout for goods being shipped
to a foreign country, but this group of scammers places orders that appear to
originate from the US and ship to US addresses. "Furthermore, if a merchant is
relying on only its own transaction data, there likely will be a lag between
the time a fraud attack begins and when it is recognized," Pezely explains.
"Without having the benefit of seeing millions of transactions across
thousands of merchants, a novel fraud attack might not be in plain sight for
some time."
Protecting your organization from rising software supply chain attacks
The reason for the continued bombardment, said Moore, is increasing reliance
on third-party code (including Log4j). This makes distributors and suppliers
ever more vulnerable, and vulnerability is often equated with a higher payout,
he explained. Also, “ransomware actors are increasingly thorough and use
non-conventional methods to reach their targets,” said Moore. For example,
using proper segmentation protocols, ransomware agents target IT management
software systems and parent companies. Then, after breaching, they leverage
this relationship to infiltrate the infrastructure of that organization’s
subsidiaries and trusted partners. “Supply chain attacks are unfortunately
common right now in part because there are higher stakes,” said Moore.
“Extended supply chain disruptions have placed the industry at a fragile
crossroads.” Supply chain attacks are low cost and can be minimal effort and
have potential for high reward, said Crystal Morin, threat research engineer
at Sysdig. And, tools and techniques are often readily shared online, as well
as disclosed by security companies, who frequently post detailed findings.
Why User Journeys Are Critical to Application Detection
The first generation of cybersecurity detection technology is rules, but rules
only detect known patterns. Individualized rules require expensive experts to
maintain: each application is unique, and one must be extremely familiar with
its business logic, log formats, how it is used, etc., in order to write and
manage rules for detecting application breaches. ... Over a decade ago, the
security market adopted statistical analysis to augment rule-based solutions
in an attempt to provide more accurate detection for the infrastructure and
access layers. However, UEBA failed to deliver as promised to dramatically
increase accuracy and reduce false positive alerts due to a fundamentally
mistaken assumption – that user behavior can be characterized by statistical
quantities, such as the average daily number of activities. ... The main
criteria for success in a detection solution is accuracy, which is dictated by
the number of false positives, and the number of false negatives. The
evolution of detection solutions led to the third generation of solutions
analyzing Sequences of Activity, i.e. Journeys, to contextualize activity and
improve detection accuracy.
Quote for the day:
"Before you revel in the anticipation
of tomorrow, toil in the preparation of today." -- Tim Fargo
No comments:
Post a Comment