Daily Tech Digest - January 19, 2023

Security risks of ChatGPT and other AI text generators

Yet ChatGPT is likely just the beginning of AI-powered cybercrime. Over the next five years, future iterations of AI will indeed change the game for cybersecurity attackers and defenders, argues a research paper entitled "The security threat of AI-powered cyberattacks" released in mid-December 2022 by Traficom, the Finnish government's transportation and communications agency. "Current rapid progress in AI research, coupled with the numerous new applications it enables, leads us to believe that AI techniques will soon be used to support more of the steps typically used during cyberattacks," says Traficom. "We predict that AI-enabled attacks will become more widespread among less skilled attackers in the next five years. As conventional cyberattacks will become obsolete, AI technologies, skills and tools will become more available and affordable, incentivizing attackers to make use of AI-enabled cyberattacks." The paper says while AI cannot help with all aspects of a cyberattack, it will boost attackers' "speed, scale, coverage and sophistication" by automating repetitive tasks.

Why Innovation Depends on Intellectual Honesty

Anxious teams score high on intellectual honesty and moderate to low on psychological safety. Team members are encouraged to be brutally honest because it’s better to be right, and win, than it is to be nice. To return to Steve Jobs: He famously described his approach as being designed to keep “the B players, the bozos, from larding the organization. Only the A players survive.”5 Just as famously, he cared little for creating social cohesion. Apple’s former chief design officer, Jony Ive, has described a conversation during which Jobs berated him for wanting to be liked by his team at the expense of being completely honest about the quality of their work. This example illustrates two types of conflict that emerge from intellectual honesty: task conflict and relationship conflict. Task conflict — disagreement about the work — can be highly productive for innovation and team performance. But relationship conflict, which arises when the way someone says or does something makes people feel rejected, is detrimental. Here’s why. On teams that have an anxious culture, people are willing to push one another to learn through disagreement. 

8 ‘future of work’ mistakes IT leaders must avoid

Virtual reality is one technology that could have an impact on the future of work, and some IT leaders are considering the benefits. Oculus headsets from Meta, for example, are being rolled out on a trial basis at the University of Phoenix, which has made the decision to go fully remote. This was a big mindset change for Smith, who felt pre-pandemic that “face-to-face collaboration was better and high fidelity for creativity purposes,’’ he says. “Then, when everything shifted to full-time remote, it went against my core beliefs, so personally, I had to lean in.” Smith has come to realize that staying remote has not affected IT’s ability to collaborate and teams have been able to remain productive and launch “complex new products into the marketplace.” He says that working remotely has increased his ability to access tech talent outside of the Phoenix area. But when people were working in a hybrid model early on, there would be multiple conversations going on, and “people on the remote end were getting the short end of the stick” because they “couldn’t get a word in edgewise,’’ Smith recalls.

Top intelligent automation trends to watch in 2023

Automation technology will be key in automating previously inflexible processes whilst providing intelligent data led nudges that help agents work efficiently in a complex operating environment. This means that companies can offer an unprecedented level of flexibility and support to their staff, while making significant improvements to engagement and wellbeing. By improving engagement between employees and employers – and fostering a culture of support and encouragement – everyone benefits. ... Since machine learning (ML) rose to significance a decade or so ago, it has rapidly transformed nearly every industry. Businesses would be wise to sharpen their skills and learn what ML has to offer. Whilst technologies in the past only processed static, historical data, ML provides a real-time capability that transforms the gap. It can help organisations become better at predicting flows and responding to them proactively rather than reactively. The potential improvement to areas such as customer service is enormous. Solutions can leverage “productionising” ML models – by which a model is transformed to a scalable, observable, mission critical, production-ready software solution – at their core.

What kind of future will AI bring enterprise IT?

The incremental approach turns out to be the smartest way to build with AI/ML. As AWS Serverless Hero Ben Kehoe argues, “When people imagine integrating AI … into software development (or any other process), they tend to be overly optimistic.” A key failing, he stresses, is belief in AI/ML’s potential to think without a commensurate ability to fully trust its results: “A lot of the AI takes I see assert that AI will be able to assume the entire responsibility for a given task for a person, and implicitly assume that the person’s accountability for the task will just sort of … evaporate?” In the real world, developers (or others) have to take responsibility for outcomes. If you’re using GitHub Copilot, for example, you’re still responsible for the code, no matter how it was written. If the code ends up buggy, it won’t work to blame the AI. The person with the paystub will bear the blame, and if they can’t verify how they arrived at a result, well, they’re likely to scrap the AI model before they’ll give up their job. This is not to say that AI and ML don’t have a place in software development or other areas of the enterprise.

How CISOs can manage the cybersecurity of high-level executives

The risk faced by executives has grown rapidly as the pandemic-driven rise of hybrid work increased the blurring of professional and personal digital lives. Complex geopolitical tensions, opportunities for digital activism against corporates—particularly in industries with higher risk profiles—and the prospect of financial gain from targeting wealthy leaders have all raised the stakes on the personal digital lives of executives. A large organization, especially if it's a publicly listed company with a C-suite leadership team that has a presence in the media and on social media can be a lightning rod for the attention of bad actors, says Gergana Winzer, partner of cyber services with KPMG Australia. “Some of these small-time criminals have awakened to the reality of being able to make monetary returns by utilizing easy-to-buy malware or ransomware online and just deploying it across those types of high-net-worth individuals,” Winzer says. This class of personal risks can take many different forms, according to Pierson, who says one of the biggest risks is to intellectual property—the loss of corporate documents from executives’ personal devices or personal accounts where there are fewer or no controls.

Taking the Reins on IT Interoperability

Interoperability can be elusive because many organizations embark on tactical changes or fail to see the complete picture, Barnett says. “In many cases, they focus only on a part of the organization without fully understanding the impact on technology investments, process reengineering, and human capital assets,” he explains. The intersection of operational technology (OT) and information technology (IT) can prove particularly nettlesome. Historically, these two entities have operated separately, with attempts to connect systems and data an afterthought. “This often leads to the creation of data silos … that hinder agility, reduce productivity, impede customer experience improvements, and hamper scalability,” Barnett says. Business and IT leaders who ignore these problems do so at their own peril. Accenture found that 66% of organizations struggle with the sheer number of applications. This results in technical debt and a loss of agility, McKillips says. In addition, 60% are unable to align their application strategy with overall business goals and 44% struggle to identity the right business case or ROI. Remarkably, 34% believe interoperability is simply too expensive.

ICS Confronted by Attackers Armed With New Motives, Tactics, and Malware

The report identified top trends in the ICS threat landscape based on a compilation of information from various sources including open source media, CISA ICS-CERT advisories, and Nozomi Networks telemetry, as well as on exclusive IoT honeypots that Nozomi researchers employ for "a deeper insight into how adversaries are targeting OT and IoT, furthering the understanding of malicious botnets that attempt to access these systems," Gordon says. What researchers observed over the last six months was a significant uptick in attacks that caused disruption to a number of industries, with transportation and healthcare being among the top new sectors finding themselves in the crosshairs of adversaries among more traditional targets. Attackers are using various methods of initial entry to ICS networks, although some common weak security links that have historically plagued not just ICS but the entire enterprise IT sector — weak/cleartext passwords and weak encryption — continue to be the top access threats. Still, “Root” and “admin” credentials are most often used as a way for threat actors to gain initial access and escalate privileges once in the network, the findings show.

Cybersecurity CTO: A day in the life

Given the scope of the job, a CTO is rarely going to have a consistent daily schedule. Instead, goals and cadences are established weekly. That being said, I do go into the office every day. My typical workday begins at 9:30 a.m., and I take an electric scooter to get into the office. Our headquarters are located in Tel Aviv, so the weather is almost always perfect for the scooter. On a weekly basis, I hold one-on-one meetings with specific managers to understand team needs, review KPIs to ensure they’re being met, and review our proof-of-concept (POC) projects to ensure our customers and potential customers are advancing. These POC reviews are where we often catch technical issues, allowing us to fix them before they cause problems for our customers. While I’m responsible for several employees within our R&D department, I do my best to distance myself and empower our VP of R&D to manage the team. The goal is quality – not getting bogged down in how or when people work. I usually wrap up my time in the office around 6:30 or 7:00 p.m. 

Proven Solutions to Five Test Automation Issues

When you run your automated tests, you need the dependent systems to support your test scenarios. That includes setting up the API and service responses to match what is needed for your test cases. Setting up test data in backends might be problematic, as they might not be within your team’s control. Relying on another team to set up the test data for you means you may end up with incorrect or missing test data and, therefore, cannot continue working on or running your automated tests. Another issue is that even if you have the test data, running your automated tests frequently in the build pipeline might use it all up (test data burning). Then you need a test data refresh, which might take even longer than the partial test data setup, and you are blocked again. Even if you have all the test data you need, when you (or some other team) run their automated or manual tests against the same services, the test data might change (for example, the balance on account or list of purchased items by a user). The tests break again because of test data issues rather than actual issues with the product.

Quote for the day:

"People don't resist change. They resist being changed." -- Peter M. Senge

No comments:

Post a Comment