WSL stands for writing as a second language. ... Whatever the intention, WSL
leads to an overall tone that adds distance between the writer and the reader.
And that is precisely the opposite of what is needed now from leaders. If
there are fewer opportunities to hear leaders speak in person because so many
of us are working from home, then we need to “hear” them speak in their
emails. A more conversational writing tone shortens the distance between
author and audience. It feels more real, which is what everyone craves at a
time when we are living more of our lives online. To guard against WSL, just
apply this simple test when reviewing what you’ve written: Does this sound
like me? Would I talk like this if I were speaking face-to-face with a
colleague? Reading aloud is a good way to check for the WSL problem
(especially if, as a leader, someone else is writing the words for you). ...
“Expert-itis” happens when people get too close to their subject. They assume
everyone else knows as much as they do, so they focus on the nuances of a
particular topic or insight without explaining the context.
Attackers Are Already Exploiting ChatGPT to Write Malicious Code
Sergey Shykevich reiterates that with ChatGPT, a malicious actor needs to have
no coding experience to write malware: "You should just know what
functionality the malware — or any program — should have. ChatGTP will write
the code for you that will execute the required functionality." Thus,
"the short-term concern is definitely about ChatGPT allowing low-skilled
cybercriminals to develop malware," Shykevich says. "In the longer term, I
assume that also more sophisticated cybercriminals will adopt ChatGPT to
improve the efficiency of their activity, or to address different gaps they
may have." From an attacker’s perspective, code-generating AI systems
allow malicious actors to easily bridge any skills gap they might have by
serving as a sort of translator between languages, added Brad Hong, customer
success manager at Horizon3ai. Such tools provide an on-demand means of
creating templates of code relevant to an attacker's objectives and cuts down
on the need for them to search through developer sites such as Stack Overflow
and Git, Hong said in an emailed statement to Dark Reading.
Cybersecurity staff are struggling. Here's how to support them better
Cybersecurity professionals are at breaking point, with many fearing they will
soon lose their jobs because of a cyberattack and others struggling to cope
with the growing strain. Unless businesses act soon, an ever-growing skills
gap might become an unbridgeable chasm. ... "Cyber used to be very much off in
a darkened room," she says. "And don't get me wrong, there's loads of stuff
relating to IT security that people in security still have to do. But you need
to be thinking about cyber at the heart of every business process and
everything that you do within an organization." And cyber isn't a one-way
street -- as well as ensuring the people in security feel part of the broader
enterprise, Heneghan says line-of-business professionals must also learn about
cyber concerns themselves. Success requires a joined-up approach, where
business and security come together and recognize how information integrity
isn't just one team's -- or even one person's -- responsibility. "It's about
building the fundamental foundation," she says. "It's not acceptable for
anyone in an organization not to understand the exposure and the risks around
security anymore."
FTC Is Escalating Scrutiny of Dark Patterns, Children’s Privacy
The FTC has publicly identified dark patterns as an enforcement priority. In
September 2022, the FTC released a report summarizing concerns that companies
are increasingly using sophisticated design practices, known as dark patterns,
to trick or manipulate consumers into buying products or services or provide
their personal data. The report reflects the FTC’s findings that dark patterns
are used in a variety of industries and contexts, including e-commerce, cookie
consent banners, children’s apps, and subscription sales. Unlike neutral
interfaces, dark patterns often take advantage of consumers’ cognitive biases
to steer their conduct or delay access to information needed to make fully
informed decisions. The FTC’s research noted that dark patterns are highly
effective at influencing consumer behavior. Dark patterns include disguising
ads to look like independent content, making it difficult for consumers to
cancel subscriptions or charges, burying key terms or junk fees, and tricking
consumers into sharing their data. Because dark patterns are covert or
otherwise deceptive, many consumers don’t realize they are being manipulated
or misled.
8 top priorities for CIOs in 2023
Over the past decade, enterprises have rapidly added powerful technology and
cloud-based services to their portfolios. At the same time, they have been
much less likely to retire the legacy systems these new tools were meant to
replace, creating a complex web of redundant applications and systems, warns
VMware CIO Jason Conyard. There’s an industry-wide push to reduce technical
and data debt and reallocate those resources toward building the future,
Conyard says. “CIOs will be looking to rationalize their technology estate to
reduce unnecessary cost and maintenance, and to minimize their security attack
surface and privacy exposure.” ... There must be open, transparent, and
collaborative working sessions to create alignment on how technology
capabilities can be deployed to meet enterprise goals, states Bill Cassidy,
CIO at New York Life Insurance. “All participants need to demonstrate strong
communication skills, including effective listening, to properly weigh the
pros, cons, and tradeoffs of one path of execution versus another,” he adds.
... Organizations that can successfully act on their data insights will
thrive, says Dan Krantz, CIO of electronics test and measurement equipment
manufacturer Keysight Technologies.
Learning From Other People’s Mistakes
One prerequisite to this consolidation of wisdom is the need for information
sharing. Information about what works and what does not work is needed to
enact controls in an environment that help prevent certain events from
happening twice. This can be accomplished in several ways. Using organizations
such as ISACA® to stay connected to peers working at other enterprises helps
professionals converse about relevant topics. But information sharing goes
beyond merely discussing what you are working on and how you are solving
control problems. There is also a need to discuss what went wrong. This means
sharing information about what failed and why. This is hard for several
reasons, not the least of which is that it is embarrassing to admit to
failure. However, there can also be legal impacts of admitting that something
went wrong and that as a result services, people’s data, or even their lives
were endangered. ... In short, not all cyberincidents can be attributed to
sophisticated nation-state hackers leveraging advanced persistent threats
(APTs), phrases such as “we are taking it seriously” notwithstanding.
Developer experience will take center stage in 2023
In order for software companies to win and retain top developer talent, they
must be able to provide a great developer experience. To do that, tech leaders
must prioritize minimizing toil and frustration in the software development
process. Software development is a highly creative process, but is often
rampant with bottlenecks and inefficiencies that disrupt creative flow. By
minimizing bottlenecks like idle time waiting for build and test feedback
cycles to complete and inefficient troubleshooting, software development teams
will improve productivity while increasing developer happiness. Especially
given the uncertain economic outlook, now is the time for companies to focus
on solidifying their software development team and upgrading their talent
pool. As a result, there will be a greater emphasis on tools that boost
productivity so developers can spend more time innovating and creating useful
code. This is the best way to attract and retain top talent. When you ask many
software development leaders what their average feedback cycle time is, they
usually don’t have an answer.
What Are the Advantages of Quantum Computing?
At their core, quantum computers manipulate subatomic particles, making them
ideal for atomic and molecular scale research and development. “It can help us
solve physics problems where quantum machines and the interrelation of
materials or properties are important,” Mark Potter, SVP and CTO of Hewlett
Packard Enterprise and director of Hewlett Packard Labs, explained in an
interview with ITPro in late 2019. “At an atomic level, quantum computing
simulates nature and therefore could help us find new materials or identify
new chemical compounds for drug discovery.” Quantum technology is also having
an out-sized impact on logistics management and route planning. For example,
grocery chain Save-On-Foods is using quantum computing to optimize their
logistics to become more efficient, save money, and bring fresh food to their
customers. Specifically, they were able to reduce the computation time of an
optimization task down from 25 hours to only 2 minutes. Another major area of
interest is quantum cryptography, which, depending who you ask, is either a
major advantage or a cause for concern.
CISOs Mark Data Proliferation as Growing Security Problem
Claude Mandy, chief evangelist of data security at Symmetry Systems, says data
sprawl is a headache for security teams because they have historically
designed their security to protect the systems and networks that data is
stored or transmitted on, but not the data. “As data proliferates outside of
these secured environments, they have realized their security is no longer
adequate,” he says. “This is particularly concerning when the traditional
perimeter that provided some comfort has all but disappeared as organizations
have moved to the cloud.” ... In the new era of data security, CISOs must have
the ability to learn where sensitive data is anywhere in the cloud
environment, who can access these data, and their security posture and deploy
these solutions. “Traditionally, data security has been the ultimate goal of
infosec organizations,” says Ravi Ithal, Normalyze CTO and cofounder. “As the
volume of data increases and the number of places where data exists increases
-- data proliferation -- the number of ways in which it can be accessed and
misused also increases.
4 key shifts in the breach and attack simulation (BAS) market
First, they require up-front configuration for their on-site deployments,
which may also require customizations to ensure everything works properly with
the integrations. Additionally, BAS solutions need to be proactively
maintained, and for enterprise environments this often requires dedicated
staff. As a result, we’ll see BAS vendors work harder to streamline their
product deployments to help reduce the overhead cost for their customers
through methods such as providing more SaaS-based offerings. Many BAS tools
are designed to conduct automated security control validation. Most have an
extensive library of automation modules that can simulate specific threats and
malicious behaviors on endpoints, networks, or cloud platforms. BAS vendors
tend to compete in the market this way. However, many vendors don’t offer the
ability to create or customize modules in a meaningful way. For example, some
don’t provide the user with a way to chain attack procedures together, which
can be essential when trying to simulate an emerging threat that uses common
tactics, techniques, and procedures
Quote for the day:
"A leader is someone people respond to, trust and want to work with."
-- @ShawnUpchurch
No comments:
Post a Comment