Daily Tech Digest - February 23, 2023

Trends in Data Governance in 2023: Maturation Toward a Service Model

Organizations will increasingly adopt a Data Governance service model as they increase implementations of AI technologies. The “EU and U.S. plan to impose new regulations to protect consumers and impact how algorithms can ingest, use, transform, and make recommendations based on datasets. Companies have a short time to ramp up their Data Governance responses to AI because many algorithms adjust inputs and outputs in real time. Organizations need more Data Governance preparation, as only 30% of a McKinsey AI study respondents recognized potential legal risks as relevant. The firms, blinded to the importance of AI regulations, will face increased pressure to adapt their Data Governance approaches by the end of 2023. EU’s draft AI regulations promise to impose more considerable fines on companies who fail to comply, 6% of their global revenue, instead of the 4% levied by the GDPR. Consequently, worker adoption of Data Governance updates, in preparation for AI regulations, with their engagement and feedback, will play a crucial role in 2023. 

Sci-fi magazine halts new submissions after a surge in AI-written stories

Clarke acknowledged there are tools available for detecting plagiarized and machine-written text, but noted they are prone to false negatives and positives. OpenAI recently released a free classifier tool to detect AI-generated text, but also noted it was "imperfect" and it was still not known whether it was actually useful. The classifier correctly identifies 26% of AI-written text as "likely AI-written" -- its true positive rate. It incorrectly identifies human-written text as AI-written 9% of the time -- its false positive. Clarke outlines a number of approaches that publishers could take besides implementing third-party detection tools, which he thinks most short fiction markets can't currently afford. Other techniques could include blocking submissions over a VPN or blocking submissions from regions associated with a higher percentage of fraudulent submissions. "It's not just going to go away on its own and I don't have a solution. I'm tinkering with some, but this isn't a game of whack-a-mole that anyone can "win." The best we can hope for is to bail enough water to stay afloat," wrote Clarke.

Pairing AI with Tech Pros: A Roadmap to Successful Implementation

“The technology can also automatically check the quality and interpret data where metadata is not available, interpret tabular data and summarize them with natural text and jointly interpret image, text, and tabular data,” he says. Krishna cautions that while generative AI has exciting potential, the recent focus on the technology has also reinforced the importance of responsible AI. “Going forward, organizations will be using AI methodologies to make decisions for their customers, employees, vendors and everyone associated with them,” he says. “A responsibility charter needs to be sponsored by C-suite leaders and developed through dynamic and consistent discussions led by the leaders in compliance, risk and data analytics.” Lo Giudice adds it is important for organizational leaders and IT workers, for example software developers, to come together and decide which AI-based tools could be deployed and the strategy behind that deployment. “Developers are influencers of this, because if they get excited about it, it will win,” he says. 

Platforming the Developer Experience

With intuitive, self-service workflows and all the tools developers need, they rarely, if ever, have to think about ‘the how’ of getting their software into the hands of users. And this works if and when an organization does at least a couple of things right: The organization prioritizes the developer experience and empowers other parts of the organization to answer the question, How can we create the optimal developer experience? The organization puts resources behind understanding and building the best developer experience–and that’s where both the developer platform and DevOps teams as “fixers” ideas emerge. Does this mean the “optimal experience” can’t be optimized? Does that mean developers cannot have input into their own (or more general) developer experience(s)? No. In fact, part of what makes the developer platform idea compelling is that developers don’t have to weigh in or make decisions on the platform or tooling. Still, it’s possible to let them have that freedom if the team or organization wants to. Bottom line: There is no one-size-fits-all developer platform any more than there is a single developer experience. 

How IT professionals can change careers to cyber security

While most IT professionals will have these skills on a basic level, many will only understand them as needed for their own day to day work, Teale says. Therefore, additional training is sometimes necessary. Many IT professionals may not need to fork out for a cyber security degree although certifications might be a helpful way forward. Basic foundational books and courses can offer some guidance, and an apprenticeship or course from a certified body might make sense for IT professionals who are looking to switch early in their careers, Finch says. ... There are a number of entry level courses available, such as CISMP or CompTIA, says Freha Arshad, managing director, Accenture Security in the UK. “All of the major cloud service providers offer security courses for varied levels and skill sets. With enterprises increasingly focused on the cloud, this area is also a good place to start.” In addition, says McQuade, there are free resources online to support self-learning: “HackXpert and TryHackMe provide training labs, while Cybrary offers a library of helpful videos, labs and training exams. ...”

CISOs struggle with stress and limited resources

The lack of bandwidth and resources is not only impacting CISOs, but their teams as well. ... Relentless stress levels are also affecting recruitment efforts with 83% of CISOs admitting they have had to compromise on the staff they hire to fill gaps left by employees who have quit their job. More than a third of the CISOs surveyed said they are either actively looking for or considering a new role. “The results from our mental health survey are devastating but it’s not all doom and gloom. Our research found that CISOs know exactly what they need to reduce stress levels: more automated tools to manage repetitive tasks, better training, and the ability to outsource some work responsibilities,” said Eyal Gruner, CEO, Cynet. “One of the most eye-opening insights from the report was the fact that more than 50% of the CISOs we surveyed said consolidating multiple security technologies on a single platform would decrease their work-related stress levels,” Gruner added.

Making Risk Management for Agile Projects Effective

Agile claims to be risk-driven and based on its implicit practices—it lends itself to an adaptive risk management style. For instance, the adaptability of sprint planning is a response to uncertainty, “biting off a small chunk at a time” to eventually deliver the finished solution. Due to its inherent nature, Agile can mitigate some risk that occurs during the sprint cycle, but this is not the only risk that may occur during a project’s lifespan. For example, in larger enterprises, there is more risk related to the external, organizational and project environments, including corporate reputation, project financing, user adoption of business changes and regulatory compliance. Management of this type of “project” risk is not addressed in most Agile literature, which focuses on risk that may occur at the sprint level. One recent proposal to address this limitation is to adopt an Agile risk management process that includes tailoring Agile methodologies to include project and enterprise risk management approaches in line with the risk context for the project.

Robotic Process Automation: Confluence of Automation and AI

According to Deloitte, it can lead to improved service, fewer mistakes, increased audibility, increased productivity, and lower costs. It makes it possible to have a workforce that is automated in a variety of ways around the clock. More sophisticated tools are taking the place of the outdated methods that relied on Excel sheets and macros. Additionally, functions like dashboarding, workflow, and proactive system and process monitoring are becoming increasingly important components of technology infrastructures thanks to these new tools. Additionally, these “new” tools frequently need to interact with older systems, which is not possible alway. To extract, format, shape, and distribute the data in a way that a downstream system can consume, necessitates human interaction. This process is being automated with RPA in a more controlled, efficient, and less labor-intensive manner. RPA bots can, for the sake of simplicity, completely automate human actions like opening files, entering data, and copy-pasting fields.

The Future of Network Security: Predictive Analytics and ML-Driven Solutions

ML-driven network security solutions in cybersecurity refer to the use of self-learning algorithms and other predictive technologies (statistics, time analysis, correlations etc.) to automate various aspects of threat detection. The use of ML algorithms is becoming increasingly popular for scalable technologies due to the limitations present in traditional rule-based security solutions. This results in the processing of data through advanced algorithms that can identify patterns, anomalies, and other subtle indicators of malicious activity, including new and evolving threats that may not have known bad indicators or existing signatures. Detecting known threat indicators and blocking established attack patterns is still a crucial part of overall cyber hygiene. However, traditional approaches using threat feeds and static rules can become time-consuming when it comes to maintaining and covering all the different log sources. In addition, Indicators of Attack (IoA) or Indicators of Compromise (IoC) may not be available at the time of an attack or are quickly outdated.

1 in 4 CISOs Wants to Say Sayonara to Security

CISOs aren't necessarily running down alerts constantly the way their employees are, but they're overloaded with other career fatigue factors. "CISOs are constantly trying to balance high expectations against an absence of the tools needed to meet those expectations," Gartner analysts wrote in the prediction piece. "Compliance-centric cybersecurity programs, significantly low executive support, and subpar industry-level maturity are all indicators of an organization that does not view security risk management as critical to business success." One of the big factors that could have CISOs reconsidering their career trajectory in cybersecurity altogether is the fear about what will happen to their professional reputation if their company gets breached, says Diana Kelley, a veteran cybersecurity executive and co-founder and CSO of Cybrize, a cybersecurity workforce planning platform. She says CISOs and CSOs worry about "having their name dragged through the mud" after a breach, or even facing criminal charges, which feels more possible in the fallout from the conviction of Uber's Joe Sullivan last year.

Quote for the day:

"Leadership is a two-way street, loyalty up and loyalty down." -- Grace Murray Hopper

No comments:

Post a Comment