Security risks of ChatGPT and other AI text generators
Yet ChatGPT is likely just the beginning of AI-powered cybercrime. Over the next
five years, future iterations of AI will indeed change the game for
cybersecurity attackers and defenders, argues a research paper entitled "The
security threat of AI-powered cyberattacks" released in mid-December 2022 by
Traficom, the Finnish government's transportation and communications agency.
"Current rapid progress in AI research, coupled with the numerous new
applications it enables, leads us to believe that AI techniques will soon be
used to support more of the steps typically used during cyberattacks," says
Traficom. "We predict that AI-enabled attacks will become more widespread among
less skilled attackers in the next five years. As conventional cyberattacks will
become obsolete, AI technologies, skills and tools will become more available
and affordable, incentivizing attackers to make use of AI-enabled cyberattacks."
The paper says while AI cannot help with all aspects of a cyberattack, it will
boost attackers' "speed, scale, coverage and sophistication" by automating
repetitive tasks.
Why Innovation Depends on Intellectual Honesty
Anxious teams score high on intellectual honesty and moderate to low on
psychological safety. Team members are encouraged to be brutally honest because
it’s better to be right, and win, than it is to be nice. To return to Steve
Jobs: He famously described his approach as being designed to keep “the B
players, the bozos, from larding the organization. Only the A players
survive.”5
Just as famously, he cared little for creating social cohesion. Apple’s former
chief design officer, Jony Ive, has described a conversation during which Jobs
berated him for wanting to be liked by his team at the expense of being
completely honest about the quality of their work. This example illustrates two
types of conflict that emerge from intellectual honesty: task conflict and
relationship conflict. Task conflict — disagreement about the work — can be
highly productive for innovation and team performance. But relationship
conflict, which arises when the way someone says or does something makes people
feel rejected, is detrimental. Here’s why. On teams that have an anxious
culture, people are willing to push one another to learn through
disagreement.
8 ‘future of work’ mistakes IT leaders must avoid
Virtual reality is one technology that could have an impact on the future of
work, and some IT leaders are considering the benefits. Oculus headsets from
Meta, for example, are being rolled out on a trial basis at the University of
Phoenix, which has made the decision to go fully remote. This was a big mindset
change for Smith, who felt pre-pandemic that “face-to-face collaboration was
better and high fidelity for creativity purposes,’’ he says. “Then, when
everything shifted to full-time remote, it went against my core beliefs, so
personally, I had to lean in.” Smith has come to realize that staying remote has
not affected IT’s ability to collaborate and teams have been able to remain
productive and launch “complex new products into the marketplace.” He says that
working remotely has increased his ability to access tech talent outside of the
Phoenix area. But when people were working in a hybrid model early on, there
would be multiple conversations going on, and “people on the remote end were
getting the short end of the stick” because they “couldn’t get a word in
edgewise,’’ Smith recalls.
Top intelligent automation trends to watch in 2023
Automation technology will be key in automating previously inflexible
processes whilst providing intelligent data led nudges that help agents work
efficiently in a complex operating environment. This means that companies can
offer an unprecedented level of flexibility and support to their staff, while
making significant improvements to engagement and wellbeing. By improving
engagement between employees and employers – and fostering a culture of
support and encouragement – everyone benefits. ... Since machine learning (ML)
rose to significance a decade or so ago, it has rapidly transformed nearly
every industry. Businesses would be wise to sharpen their skills and learn
what ML has to offer. Whilst technologies in the past only processed static,
historical data, ML provides a real-time capability that transforms the gap.
It can help organisations become better at predicting flows and responding to
them proactively rather than reactively. The potential improvement to areas
such as customer service is enormous. Solutions can leverage “productionising”
ML models – by which a model is transformed to a scalable, observable, mission
critical, production-ready software solution – at their core.
What kind of future will AI bring enterprise IT?
The incremental approach turns out to be the smartest way to build with AI/ML.
As AWS Serverless Hero Ben Kehoe argues, “When people imagine integrating AI …
into software development (or any other process), they tend to be overly
optimistic.” A key failing, he stresses, is belief in AI/ML’s potential to
think without a commensurate ability to fully trust its results: “A lot of the
AI takes I see assert that AI will be able to assume the entire responsibility
for a given task for a person, and implicitly assume that the person’s
accountability for the task will just sort of … evaporate?” In the real world,
developers (or others) have to take responsibility for outcomes. If you’re
using GitHub Copilot, for example, you’re still responsible for the code, no
matter how it was written. If the code ends up buggy, it won’t work to blame
the AI. The person with the paystub will bear the blame, and if they can’t
verify how they arrived at a result, well, they’re likely to scrap the AI
model before they’ll give up their job. This is not to say that AI and ML
don’t have a place in software development or other areas of the
enterprise.
How CISOs can manage the cybersecurity of high-level executives
The risk faced by executives has grown rapidly as the pandemic-driven rise of
hybrid work increased the blurring of professional and personal digital lives.
Complex geopolitical tensions, opportunities for digital activism against
corporates—particularly in industries with higher risk profiles—and the
prospect of financial gain from targeting wealthy leaders have all raised the
stakes on the personal digital lives of executives. A large organization,
especially if it's a publicly listed company with a C-suite leadership team
that has a presence in the media and on social media can be a lightning rod
for the attention of bad actors, says Gergana Winzer, partner of cyber
services with KPMG Australia. “Some of these small-time criminals have
awakened to the reality of being able to make monetary returns by utilizing
easy-to-buy malware or ransomware online and just deploying it across those
types of high-net-worth individuals,” Winzer says. This class of personal
risks can take many different forms, according to Pierson, who says one of the
biggest risks is to intellectual property—the loss of corporate documents from
executives’ personal devices or personal accounts where there are fewer or no
controls.
Taking the Reins on IT Interoperability
Interoperability can be elusive because many organizations embark on tactical
changes or fail to see the complete picture, Barnett says. “In many cases,
they focus only on a part of the organization without fully understanding the
impact on technology investments, process reengineering, and human capital
assets,” he explains. The intersection of operational technology (OT) and
information technology (IT) can prove particularly nettlesome. Historically,
these two entities have operated separately, with attempts to connect systems
and data an afterthought. “This often leads to the creation of data silos …
that hinder agility, reduce productivity, impede customer experience
improvements, and hamper scalability,” Barnett says. Business and IT leaders
who ignore these problems do so at their own peril. Accenture found that 66%
of organizations struggle with the sheer number of applications. This results
in technical debt and a loss of agility, McKillips says. In addition, 60% are
unable to align their application strategy with overall business goals and 44%
struggle to identity the right business case or ROI. Remarkably, 34% believe
interoperability is simply too expensive.
ICS Confronted by Attackers Armed With New Motives, Tactics, and Malware
The report identified top trends in the ICS threat landscape based on a
compilation of information from various sources including open source media,
CISA ICS-CERT advisories, and Nozomi Networks telemetry, as well as on
exclusive IoT honeypots that Nozomi researchers employ for "a deeper insight
into how adversaries are targeting OT and IoT, furthering the understanding of
malicious botnets that attempt to access these systems," Gordon says. What
researchers observed over the last six months was a significant uptick in
attacks that caused disruption to a number of industries, with transportation
and healthcare being among the top new sectors finding themselves in the
crosshairs of adversaries among more traditional targets. Attackers are using
various methods of initial entry to ICS networks, although some common weak
security links that have historically plagued not just ICS but the entire
enterprise IT sector — weak/cleartext passwords and weak encryption — continue
to be the top access threats. Still, “Root” and “admin” credentials are most
often used as a way for threat actors to gain initial access and escalate
privileges once in the network, the findings show.
Cybersecurity CTO: A day in the life
Given the scope of the job, a CTO is rarely going to have a consistent daily
schedule. Instead, goals and cadences are established weekly. That being said,
I do go into the office every day. My typical workday begins at 9:30 a.m., and
I take an electric scooter to get into the office. Our headquarters are
located in Tel Aviv, so the weather is almost always perfect for the scooter.
On a weekly basis, I hold one-on-one meetings with specific managers to
understand team needs, review KPIs to ensure they’re being met, and review our
proof-of-concept (POC) projects to ensure our customers and potential
customers are advancing. These POC reviews are where we often catch technical
issues, allowing us to fix them before they cause problems for our customers.
While I’m responsible for several employees within our R&D department, I
do my best to distance myself and empower our VP of R&D to manage the
team. The goal is quality – not getting bogged down in how or when people
work. I usually wrap up my time in the office around 6:30 or 7:00
p.m.
Proven Solutions to Five Test Automation Issues
/filters:no_upscale()/articles/test-automation-solutions/en/resources/2image-4-1673521781133.jpeg)
When you run your automated tests, you need the dependent systems to support
your test scenarios. That includes setting up the API and service responses to
match what is needed for your test cases. Setting up test data in backends
might be problematic, as they might not be within your team’s control. Relying
on another team to set up the test data for you means you may end up with
incorrect or missing test data and, therefore, cannot continue working on or
running your automated tests. Another issue is that even if you have the test
data, running your automated tests frequently in the build pipeline might use
it all up (test data burning). Then you need a test data refresh, which might
take even longer than the partial test data setup, and you are blocked again.
Even if you have all the test data you need, when you (or some other team) run
their automated or manual tests against the same services, the test data might
change (for example, the balance on account or list of purchased items by a
user). The tests break again because of test data issues rather than actual
issues with the product.
Quote for the day:
"People don't resist change. They
resist being changed." -- Peter M. Senge
No comments:
Post a Comment