Bard, Bing, and the 90% problem
With search in particular, accuracy and thoroughness matter. One simple answer
is fine — when it’s right. And when you can trust that it’s right. But it
certainly seems like right now, that’s anything but the case with any of this
technology. Hell, Microsoft's Bing-bot includes prominent disclaimers that it’s
likely to provide inaccurate or incomplete information! And all novelty and cool
factor aside, I just don’t see how that’ll make for an especially useful utility
from a search context, for as long as that remains the case. ... It's really
quite simple: If even one out of every 10 attempts at using something produces a
flawed or for any reason unsatisfactory result, folks tend to lose faith in said
thing pretty fast. And they then end up turning to another tool for the same
purpose more often than not. That's why lots of us rely on Assistant for
functional commands, which work fairly consistently — but when it comes to more
complex searches, whether we've got Assistant at our beck and call on a phone or
built into the core system interface on a Chromebook, we're still more likely to
go to Google to get an answer.
EaaS as a Technique to Raise Productivity in Teams
EaaS can help you provide your application in a staging environment.
Essentially, this environment is a copy of your production environment. EaaS
tools simply assist you with duplicating the production environment and all of
its elements (e.g., the codes, settings, and deployment configurations). These
technologies enable you to quickly create these environments for your clients,
providing them with a trial version of your software. Consequently, even before
the application is finished, you may present your products to clients more
quickly. EaaS also allows developers to be more creative by constructing
settings similar to sandboxes in which they can experiment with new ideas
without having to set up new setups or recreate current ones. The EaaS approach
is scalable and cost-effective. Only the resources you use and the time your
server is online are subject to payment. So, if you need to submit a proof of
concept to a stakeholder, you just need to pay for the time the environment will
be operational.
Fraudsters are using machine learning to help write scam emails in different languages
Scammers don't even need to speak the language of the people or organizations
they're targeting: analysis of some prolific BEC campaigns by researchers at
Abnormal Security suggests that email fraudsters are turning to machine
learning-powered translation tools like Google Translate to help compose
emails used in the attacks. This technique is enabling widespread BEC
campaigns for an expanded array of cyber-criminal groups, who can cast a
larger net at minimal cost. "Attacking targets across various regions and
using multiple languages is nothing new. However, in the past, these attacks
were perpetrated mainly by sophisticated organizations with bigger budgets and
more advanced resources," said Crane Hassold, director of threat intelligence
at Abnormal Security. ... The payment fraud campaigns have been distributed in
at least 13 different languages, including Danish, Dutch, Estonian, French,
German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and
Swedish.
Don’t Let a Cyberattack Destroy Your Pharmacy
One mistake that many independent pharmacies make is to use free Gmail
addresses to transmit sensitive data, Mr. Gallagher added. The email service
is not encrypted or secure, he stressed, which is why a better option is to
use a private domain for company email. Similarly, he added, it’s important to
choose HIPAA-compliant videoconferencing software, such as Microsoft Teams,
for discussions with patients and internal meetings. Sloppy data disposal
practices are another concern. “What we’ve learned from previous breaches that
have happened at pharmacies is that whether it’s paper or whether it’s
electronic, it’s really a good idea to ensure that the information is
responsibly and securely disposed of,” said Lee Kim, JD, the senior principal
of cybersecurity and privacy at the Healthcare Information and Management
Systems Society, who wasn’t a presenter at NASP. “How many of us actually
think, ‘Well, maybe I should ensure that everything is wiped from the
photocopier before it gets serviced’? Probably not many, but if you don’t
think about the small transactional things like that … people’s information is
at risk.”
States sketch out roadmaps for zero trust ‘journey’
“Money doesn't solve every problem, and endless amounts of money would not
instantly create a perfect world where every state has zero trust fully
implemented in a very mature way,” Pugh said. “But it would help those states
that are very budget strapped and have many competing priorities.” One way of
assessing how far along states are in implementing zero trust is whether it is
“top of mind in security conversations,” said Jim Richberg, public sector
field CISO and vice president of information security at Fortinet. And by that
measure, state leaders are paying attention. Those that have led the way on
state-level zero trust said guidance already exists from the likes of the
National Institute of Standards and Technology’s Authenticator Assurance
Levels and Identity Assurance Levels. With those guidelines in place, said
Adam Ford, Illinois’ chief information security officer during a National
Governors’ Association webinar, states can establish a baseline for
themselves, even though the system nationwide is set up so we are "50
experiments going on at the same time," he said.
Don't put off data minimization
From a risk-based perspective, the biggest exposure is in relation to
cyberattack. This is a particular threat for law firms because cybercriminals
now include you on a shortlist of prime targets. The ABA’s cybersecurity
report in 2021 observed that ransomware, in particular, is: “an increasing
threat to lawyers and law firms of all sizes”. Microsoft revealed that
state-sponsored Chinese hackers have been targeting “US-based universities,
defense contractors, law firms and infectious disease researchers”. A lack of
systematic data minimisation increases your attractiveness to such criminals
because you present a larger, juicier target. Moreover, cyberattack can be
your biggest nightmare. It incurs lost productivity and may entail ransom
demands. You’ll likely need to pay cybercrime expert fees, and potentially
regulatory and professional fines. But that’s not all. A New York based
entertainment law firm suffered an attack in 2020 when hackers demanded a
ransom payment of USD$42 million to prevent the release of confidential
information about the firm’s world-famous clients. News outlets subsequently
reported that the firm eventually paid out USD$365k. And there’s the
rub.
CIO role: 4 ways to do more with less
Even the best CIOs can fall victim to a common efficiency-robbing habit:
getting lost in the weeds on a particular project. As CIO, you have a lot on
your plate, and it’s easy to miss deadlines or deliver sub-par performance if
you get too focused on details your team can – and should – handle. Assuming
you have a competent, trustworthy team, let go of more minor details and
remain laser-focused on your organization’s desired strategic outcomes. When
CIOs feel compelled to control every detail, it can indicate a struggling
organization. If a business’ IT arm is bogged down by legacy systems or an
outpouring of manual and rote tasks that do nothing for business performance,
the CIO will often be mired in dealing with organizational performance issues.
That means more time managing internal fire drills and less time thinking
strategically and making business-critical decisions. ... When you have the
confidence and infrastructure to delegate details to your team, you’ll have
much more bandwidth to focus on the big picture and drive your business
forward.
Navigating the ever-changing landscape of digital security solutions
We see an increasingly fragmented geopolitical landscape with unique data
residency requirements for each country which is resulting in localized
hosting of solutions as well as nimbleness and increased granularity of data
control. Regulations like GDPR and CCPA necessitate the need for not only
safeguarding information (via encryption and tokenization) but also driving
automated protection of PII. Recent regulations from the White House and
guidance from CISA are aimed at driving better compliance with incident
disclosure as well as offering a blueprint for zero trust. ... Most
progressive organizations view cybersecurity as business critical and partner
with organizations like ours to create a comprehensive cybersecurity strategy.
In short, while there is increased oversight, both the consumers and providers
of security solutions are more focused on: implementing a zero-trust approach,
instituting automated protection of information and taking a partnership
posture as opposed to a traditional vendor-buyer approach.
Cybersecurity Jobs Remain Secure Despite Recession Fears
"With reports of job cuts at organizations including Twitter, Meta, Microsoft,
Amazon and Google, cybersecurity staff could benefit from proactive hiring
targeted towards those recent layoffs," the report stated. "With so many tech
jobs impacted by recent layoffs, it is possible that many of those individuals
may find opportunity in pursuing a career in cybersecurity, where they can
apply related skills and expertise." The resilience in demand for
cybersecurity professionals comes as many workers burned out and resigned,
part of the Great Resignation in 2022. Organizations that lost valuable
specialists did so for three main reasons, Rosso says. Cybersecurity teams
have traditionally not had great career advancement opportunities, so their
ability to gain promotions and increased salaries at their current company are
often limited. In addition, the culture surrounding many security teams has
often led to burnout and mental stress, she says. "We know, for example, that
at the end of 2021 and beginning of 2022, the Log4j issue was causing people
to clock a lot of hours, and that led to some burnout," she says.
Why Your Organization Needs to Embrace Data Resiliency
Enterprises should take a holistic approach to understanding their data: how
it's gathered, how it's used throughout the organization, and how it's
impacted by a lack of availability or corruption, Krishnamoorthy says. “This
starts with creating a detailed map of business processes, applications,
systems, and data,” he suggests. Schick notes that there's no
industry-standard checklist for ensuring data resiliency, but advises
separating critical and non-critical data, storing data in separate locations,
logging transactions that change critical data, and using tools and processes
to quickly recover corrupted or lost data. Enterprises should retain data only
for as long as it's needed, O'Hern suggests. “We eliminate risk when we purge
… which means it no longer exists to be held hostage.” Krishnamoorthy notes
that it's also important to understand how applications, automated tools and
systems, and IT staff interact with enterprise data from manageability,
serviceability, and security perspectives.
Quote for the day:
"Nothing is so potent as the silent
influence of a good example." -- James Kent
No comments:
Post a Comment