Why CFOs Need to Evaluate and Prioritize Cybersecurity Initiatives
“CFOs should be aware of the increasing risks of cyber threats, including the
potential impact on financial performance, reputation, and customer trust,” said
Gregory Hatcher, a former U.S. special forces engineer and current founder of
cybersecurity consulting firm White Knight Labs. “This includes both external
cyber threats and the risk of insider threats posed by disgruntled employees or
those with privileged access.” ... “The most commonly overlooked aspects of
cybersecurity when transitioning to cloud operation and storage are the cloud
provider’s security protocols and compliance requirements,” Hatcher said. He
also mentioned the need for employee training on how to securely access and
handle cloud data, as well as the potential risks of third-party integrations.
Hatcher still recommends executives transfer data sets to the cloud, but with
cybersecurity as a large consideration during the process.... “However, it’s
essential to choose a reliable cloud provider and ensure compliance with data
protection regulations. Keeping data in-house can be risky due to limited
resources and potential vulnerabilities.”
Top ways attackers are targeting your endpoints
Vulnerabilities are made possible by bugs, which are errors in source code that
cause a program to function unexpectedly, in a way that can be exploited by
attackers. By themselves, bugs are not malicious, but they are gateways for
threat actors to infiltrate organizations. These allow threat actors to access
systems without needing to perform credential harvesting attacks and may open
systems to further exploitation. Once they are within a system, they can
introduce malware and tools to further access assets and credentials. For
attackers, vulnerability exploitation is a process of escalation, whether
through privileges on a device or by pivoting from one endpoint to other assets.
Every endpoint hardened against exploitation of vulnerabilities is a stumbling
block for a threat actor trying to propagate malware in a corporate IT
environment. There are routine tasks and maintenance tools that allow
organizations to prevent these vulnerabilities getting exploited by attackers.
Serverless WebAssembly for Browser Developers
A serverless function is designed to strip away as much of that “server-ness”
as possible. Instead, the developer who writes a serverless function should be
able to focus on just one thing: Respond to an HTTP request. There’s no
networking, no SSL configuration, and no request thread pool management — all
of that is handled by the platform. A serverless function starts up, answers
one request and then shuts down. This compact design not only reduces the
amount of code we have to write, but it also reduces the operational
complexity of running our serverless functions. We don’t have to keep our HTTP
or SSL libraries up to date, because we don’t manage those things directly.
The platform does. Everything from error handling to upgrades should be — and,
in fact, is — easier. ... As enticing as the programming paradigm is, though,
the early iterations of serverless functions suffered from several drawbacks.
They were slow to start. The experience of packaging a serverless function and
deploying it was cumbersome.
How to embrace generative AI in your enterprise
Alongside the positive media coverage, the GPT limitations have been widely
documented. This is partly due to their training on vast amounts of unverified
internet data. Generative AI tools can potentially provide users with
misleading or incorrect information, as well as biased and even harmful
content. In fact, the developers of ChatGPT make their users aware of all
these limitations on its website. Copyright and legal issues have also been
raised. And even the introduction of the GPT-4 version, with more advanced
algorithms and larger databases, enabling it to have a much better
understanding of nuances and contexts, does not eliminate its flaws, as OpenAI
CEO Sam Altman wrote on Twitter. Any enterprise looking to implement
generative AI tools needs to have strategies in place to mitigate any
limitations. The key to managing these is human supervision and control.
Deploying a team of conversational designers/moderators overseeing what
knowledge is searched and which GPT capabilities are used, gives control over
what information is passed on to users.
Will Cybersecurity Pros Feel Pressure as Hiring Cools?
“Regardless of the level of demand, though, my approach to hiring is the same,”
he says. “I’m usually looking for the right mix of 'security-plus' people.” That
means the right mix of core cybersecurity competencies, as well as some other
experience in a related technical or compliance field. “It’s not enough to know
just security,” he says. “We’re big on cybersecurity pros who aren’t afraid to
go broad and get involved in the business aspects of their projects so they can
relate to the teams they’ll be working with.” He says he recommend honing
technical skills related to zero trust, cloud, automation -- and don’t forget
soft skills like communications, project management, and leadership. “In many
generalist security roles, people will be expected to cover a lot of ground and
focusing on those soft skills can really set a candidate apart,” he says. Mika
Aalto, co-founder and CEO at Hoxhunt, notes organizations are still hiring, but
there is a lot more talent competing for the same jobs these days.
Exploring the Exciting World of Generative AI: The Future is Now
Generative AI has the potential to have a huge impact on the economy and society
in the coming decade. AI-powered tools can help us automate mundane tasks,
freeing up more time for us to focus on more creative tasks. AI can also help us
find new ways to solve problems, creating new jobs and opportunities. AI can
also be used to create new products and services. AI-powered tools can help us
create new products and services that are tailored to the needs of our
customers. AI-powered tools can also help us make more informed decisions,
allowing us to better understand our customers and their needs. A survey from
the World Economic Forum predicted that by 2025, machines will eliminate 85
million jobs while also creating 97 million new employment roles. Shelly Palmer,
a professor of advanced media at Syracuse University, says that jobs like middle
managers, salespeople, writers and journalists, accountants and bookkeepers, and
doctors who specialize in things like drug interactions are “doomed” when it
comes to the possibility of AI being incorporated into their jobs.
Q&A: Univ. of Phoenix CIO says chatbots could threaten innovation
"Right now, it’s like a dark art — prompt engineering is closer to sorcery than
engineering at this point. There are emerging best practices, but this is a
problem anyways in having a lot of [unique] machine learning models out there.
For example, we have a machine learning model that’s SMS-text for nurturing our
prospects, but we also have a chatbot that’s for nurturing prospects. We’ve had
to train both those models separately. "So [there needs to be] not only the
prompting but more consistency in training and how you can train around intent
consistently. There are going to have to be standards. Otherwise, it’s just
going to be too messy. "It’s like having a bunch of children right now. You have
to teach each of them the same lesson but at different times, and sometimes they
don’t behave all that well. "That’s the other piece of it. That’s what scares
me, too. I don’t know that it’s an existential threat yet — you know, like it’s
the end of the world, apocalypse, Skynet is here thing. But it is going to
really reshape our economy, knowledge work. It’s changing things faster than we
can adapt to it."
New UK GDPR Draft Greatly Reduces Business Compliance Requirements
The Data Protection and Digital Information (No. 2) Bill would cut down on the
types of records that UK businesses are required to keep. This could reduce the
ability of data subjects to view, correct and request deletion of certain
information; it would also likely make data breach reports less comprehensive
and accurate, as businesses would not be required to keep as close of a watch on
what they lost. ICO, the regulator for data breaches and privacy violations,
would also be subject to review of its procedures by a new board composed of
members the secretary of state appoints. This has raised the question of
possible political interference in what is currently an independent body. This
particular element could be a sticking point for keeping the UK GDPR equivalent
with its EU counterpart for international data transfer purposes, however, as
independent regulation has proven to be one of the key points in adequacy
decisions.
How to Navigate Strategic Change with Business Capabilities
Architects in the office of the CIO are often tasked to support senior
management with decision-making to get transparency on business and IT
transformation. Capability-based planning is a discipline that ensures the
alignment of (IT) transformation to business strategy and provides a shared
communication instrument aligning strategy, goals and business priorities to
investments. Putting capabilities at the center of planning and executing
business transformation helps the organization to focus on improving ‘what we
do’ rather than jumping directly into the ‘how’ and specific solutions. In this
way, capability-based planning helps to ensure we are not just doing things
correctly but also focusing on ensuring that we are ‘doing the right things.’
Enterprise architecture practices are important in several stages of
implementing capability-based planning. If you’re starting your journey or want
to mature your practice, gain more knowledge from our eBook [Lankhorst et al.,
2023]. As described in this eBook, our overall process for capability-based
planning consists of 10 steps.
IT layoffs: 7 tips to develop resiliency
How did you get to where you are today? What stories have you created for
yourself and the world? What skills have you gained? What kind of trust have you
earned from people? Who would include you as someone who impacted them? Who had
a major influence on your life and career? Many people mistakenly think they are
indispensable: If we’re not there, a customer will be disappointed, a product
release will be delayed, or a shipment delivery will be late. But the truth is,
we are all dispensable. Come to terms with this fact and build your life and
career around it. ... We all understand that technology changes rapidly
(consider that just a few weeks ago, the world had never heard of ChatGPT). Use
this downtime to take online courses on new topics and areas of interest –
enroll in an art class, learn a musical instrument, or check out public
speaking. There are many opportunities to venture into new areas that will
expand your horizons for future work. When you add additional skills to your
resume, you expand your thinking and possibilities.
Quote for the day:
"Life is like a dogsled team. If you
ain_t the lead dog, the scenery never changes." --
Lewis Grizzard
No comments:
Post a Comment