Daily Tech Digest - March 24, 2023

Why CFOs Need to Evaluate and Prioritize Cybersecurity Initiatives

“CFOs should be aware of the increasing risks of cyber threats, including the potential impact on financial performance, reputation, and customer trust,” said Gregory Hatcher, a former U.S. special forces engineer and current founder of cybersecurity consulting firm White Knight Labs. “This includes both external cyber threats and the risk of insider threats posed by disgruntled employees or those with privileged access.” ... “The most commonly overlooked aspects of cybersecurity when transitioning to cloud operation and storage are the cloud provider’s security protocols and compliance requirements,” Hatcher said. He also mentioned the need for employee training on how to securely access and handle cloud data, as well as the potential risks of third-party integrations. Hatcher still recommends executives transfer data sets to the cloud, but with cybersecurity as a large consideration during the process.... “However, it’s essential to choose a reliable cloud provider and ensure compliance with data protection regulations. Keeping data in-house can be risky due to limited resources and potential vulnerabilities.”

Top ways attackers are targeting your endpoints

Vulnerabilities are made possible by bugs, which are errors in source code that cause a program to function unexpectedly, in a way that can be exploited by attackers. By themselves, bugs are not malicious, but they are gateways for threat actors to infiltrate organizations. These allow threat actors to access systems without needing to perform credential harvesting attacks and may open systems to further exploitation. Once they are within a system, they can introduce malware and tools to further access assets and credentials. For attackers, vulnerability exploitation is a process of escalation, whether through privileges on a device or by pivoting from one endpoint to other assets. Every endpoint hardened against exploitation of vulnerabilities is a stumbling block for a threat actor trying to propagate malware in a corporate IT environment. There are routine tasks and maintenance tools that allow organizations to prevent these vulnerabilities getting exploited by attackers.

Serverless WebAssembly for Browser Developers

A serverless function is designed to strip away as much of that “server-ness” as possible. Instead, the developer who writes a serverless function should be able to focus on just one thing: Respond to an HTTP request. There’s no networking, no SSL configuration, and no request thread pool management — all of that is handled by the platform. A serverless function starts up, answers one request and then shuts down. This compact design not only reduces the amount of code we have to write, but it also reduces the operational complexity of running our serverless functions. We don’t have to keep our HTTP or SSL libraries up to date, because we don’t manage those things directly. The platform does. Everything from error handling to upgrades should be — and, in fact, is — easier. ... As enticing as the programming paradigm is, though, the early iterations of serverless functions suffered from several drawbacks. They were slow to start. The experience of packaging a serverless function and deploying it was cumbersome.

How to embrace generative AI in your enterprise

Alongside the positive media coverage, the GPT limitations have been widely documented. This is partly due to their training on vast amounts of unverified internet data. Generative AI tools can potentially provide users with misleading or incorrect information, as well as biased and even harmful content. In fact, the developers of ChatGPT make their users aware of all these limitations on its website. Copyright and legal issues have also been raised. And even the introduction of the GPT-4 version, with more advanced algorithms and larger databases, enabling it to have a much better understanding of nuances and contexts, does not eliminate its flaws, as OpenAI CEO Sam Altman wrote on Twitter. Any enterprise looking to implement generative AI tools needs to have strategies in place to mitigate any limitations. The key to managing these is human supervision and control. Deploying a team of conversational designers/moderators overseeing what knowledge is searched and which GPT capabilities are used, gives control over what information is passed on to users. 

Will Cybersecurity Pros Feel Pressure as Hiring Cools?

“Regardless of the level of demand, though, my approach to hiring is the same,” he says. “I’m usually looking for the right mix of 'security-plus' people.” That means the right mix of core cybersecurity competencies, as well as some other experience in a related technical or compliance field. “It’s not enough to know just security,” he says. “We’re big on cybersecurity pros who aren’t afraid to go broad and get involved in the business aspects of their projects so they can relate to the teams they’ll be working with.” He says he recommend honing technical skills related to zero trust, cloud, automation -- and don’t forget soft skills like communications, project management, and leadership. “In many generalist security roles, people will be expected to cover a lot of ground and focusing on those soft skills can really set a candidate apart,” he says. Mika Aalto, co-founder and CEO at Hoxhunt, notes organizations are still hiring, but there is a lot more talent competing for the same jobs these days. 

Exploring the Exciting World of Generative AI: The Future is Now

Generative AI has the potential to have a huge impact on the economy and society in the coming decade. AI-powered tools can help us automate mundane tasks, freeing up more time for us to focus on more creative tasks. AI can also help us find new ways to solve problems, creating new jobs and opportunities. AI can also be used to create new products and services. AI-powered tools can help us create new products and services that are tailored to the needs of our customers. AI-powered tools can also help us make more informed decisions, allowing us to better understand our customers and their needs. A survey from the World Economic Forum predicted that by 2025, machines will eliminate 85 million jobs while also creating 97 million new employment roles. Shelly Palmer, a professor of advanced media at Syracuse University, says that jobs like middle managers, salespeople, writers and journalists, accountants and bookkeepers, and doctors who specialize in things like drug interactions are “doomed” when it comes to the possibility of AI being incorporated into their jobs.

Q&A: Univ. of Phoenix CIO says chatbots could threaten innovation

"Right now, it’s like a dark art — prompt engineering is closer to sorcery than engineering at this point. There are emerging best practices, but this is a problem anyways in having a lot of [unique] machine learning models out there. For example, we have a machine learning model that’s SMS-text for nurturing our prospects, but we also have a chatbot that’s for nurturing prospects. We’ve had to train both those models separately. "So [there needs to be] not only the prompting but more consistency in training and how you can train around intent consistently. There are going to have to be standards. Otherwise, it’s just going to be too messy. "It’s like having a bunch of children right now. You have to teach each of them the same lesson but at different times, and sometimes they don’t behave all that well. "That’s the other piece of it. That’s what scares me, too. I don’t know that it’s an existential threat yet — you know, like it’s the end of the world, apocalypse, Skynet is here thing. But it is going to really reshape our economy, knowledge work. It’s changing things faster than we can adapt to it."

New UK GDPR Draft Greatly Reduces Business Compliance Requirements

The Data Protection and Digital Information (No. 2) Bill would cut down on the types of records that UK businesses are required to keep. This could reduce the ability of data subjects to view, correct and request deletion of certain information; it would also likely make data breach reports less comprehensive and accurate, as businesses would not be required to keep as close of a watch on what they lost. ICO, the regulator for data breaches and privacy violations, would also be subject to review of its procedures by a new board composed of members the secretary of state appoints. This has raised the question of possible political interference in what is currently an independent body. This particular element could be a sticking point for keeping the UK GDPR equivalent with its EU counterpart for international data transfer purposes, however, as independent regulation has proven to be one of the key points in adequacy decisions. 

How to Navigate Strategic Change with Business Capabilities

Architects in the office of the CIO are often tasked to support senior management with decision-making to get transparency on business and IT transformation. Capability-based planning is a discipline that ensures the alignment of (IT) transformation to business strategy and provides a shared communication instrument aligning strategy, goals and business priorities to investments. Putting capabilities at the center of planning and executing business transformation helps the organization to focus on improving ‘what we do’ rather than jumping directly into the ‘how’ and specific solutions. In this way, capability-based planning helps to ensure we are not just doing things correctly but also focusing on ensuring that we are ‘doing the right things.’ Enterprise architecture practices are important in several stages of implementing capability-based planning. If you’re starting your journey or want to mature your practice, gain more knowledge from our eBook [Lankhorst et al., 2023]. As described in this eBook, our overall process for capability-based planning consists of 10 steps.

IT layoffs: 7 tips to develop resiliency

How did you get to where you are today? What stories have you created for yourself and the world? What skills have you gained? What kind of trust have you earned from people? Who would include you as someone who impacted them? Who had a major influence on your life and career? Many people mistakenly think they are indispensable: If we’re not there, a customer will be disappointed, a product release will be delayed, or a shipment delivery will be late. But the truth is, we are all dispensable. Come to terms with this fact and build your life and career around it. ... We all understand that technology changes rapidly (consider that just a few weeks ago, the world had never heard of ChatGPT). Use this downtime to take online courses on new topics and areas of interest – enroll in an art class, learn a musical instrument, or check out public speaking. There are many opportunities to venture into new areas that will expand your horizons for future work. When you add additional skills to your resume, you expand your thinking and possibilities. 

Quote for the day:

"Life is like a dogsled team. If you ain_t the lead dog, the scenery never changes." -- Lewis Grizzard

No comments:

Post a Comment