Is misinformation the newest malware?
"When we were thinking about the risks of Twitter being targeted by, let's say,
the Russian government, we always had to recognize that there would be attempts
to get into Twitter's systems and target the company and exfiltrate user data,"
Roth said. "There would be attempts to influence the conversations happening on
the platforms, and there would be attempts to compromise the accounts of
Twitter's users. There were multiple layers to each of these things. And Twitter
as a company had a role to play in addressing that conduct across each one of
those levels.” Roth pointed to the "great Twitter hack of 2020," when
financially motivated people in their twenties compromised a Twitter employee's
account to promote a crypto scam on high-profile accounts. This incident is an
example of what he called the "illusory distinction" between malware and
misinformation. "This was targeting Twitter's employees to gain access to
Twitter's backend systems in order to carry out malicious activity propagated
across the social network. You cannot think of these problems in isolation,"
Roth said.
Just Who Exactly Should Take Responsibility for Application Security?
We talk a great deal about shifting left and putting it on individuals. But if
developers’ goals and incentives don’t include security, they won’t do it.
Humans act in their own interests and unless their interests are made to be
something different, they’re going to behave how they want to behave. If a
company wants to secure code, it’s on them to put in place the standards,
enforce the standards, and actually care and invest. Companies that don’t do
those things will never be secure and are basically just setting up people to
fail. Companies have to get their priorities right and invest in the tools and
training that empowers developers to perform robust security. …But they do need
to be engaged There are things that development managers can do to introduce
more security in a reasonable way that doesn’t cost a ton of extra time and
money. Importantly, they can lead by encouraging developers to take reasonable
steps that will help. For instance, when introducing a new library, don’t
introduce anything that’s got a known vulnerability, kind of a “do no harm”
approach.
Why We Should Establish Guardrails For Artificial General Intelligence Now
Weizenbaum’s fears show that ethical concerns over computers’ capabilities are
nothing new. As we enter the exciting age of AGI-led possibilities, perhaps we
should take lessons from what happened with social media platforms. When
applications like MySpace, Facebook and the like first launched, they were
touted as a means to bring people together and enable self-expression through
personal posts and photo sharing. The platforms’ intent was to connect people in
a convenient, friendly way. What the platforms’ founders didn’t envision is that
one day, these networks would bombard members with annoying advertisements that
creepily follow them around. They didn’t worry that they were asking members to
give their most personal details to large corporations or possibly even
governments (e.g., TikTok). They didn’t expect that disinformation would
interfere in elections or that children would be bullied or view harmful
content. As a result, the operations of these social platforms are now under
question and they might face government regulation if they can’t gain control
over content and data privacy.
Your decommissioned routers could be a security disaster
Often, they included network locations and some revealed cloud applications
hosted in specific remote data centers, “complete with which ports or
controlled-access mechanisms were used to access them, and from which source
networks.” Additionally, they found firewall rules used to block or allow
certain access from certain networks. Often specifics about the times of day
they could be accessed were available as well. “With this level of detail,
impersonating network or internal hosts would be far simpler for an attacker,
especially since the devices often contain VPN credentials or other easily
cracked authentication tokens,” according to the white paper. The routers—four
Cisco ASA 5500 Series, three Fortinet Fortigate Series, and 11 Juniper
Networks SRX Series Service Gateways—were all bought legally through
used-equipment vendors, according to the paper. “No procedures or tools of a
primarily forensic or data-recovery nature were ever employed, nor were any
techniques that required opening the routers’ cases,” yet the researchers said
they were able to recover data that would be “a treasure trove for a potential
adversary—for both technical and social-engineering attacks.”
5 surefire ways to derail a digital transformation (without knowing it)
Digital transformations can start with one initiative, defined goals, and a
dedicated team. But CIOs are under pressure to accelerate and find digital
transformation force multipliers. That means growing the number of leaders and
teams that can plan innovations and deliver transformative impacts.
“Innovation does not happen in isolation: It occurs when organizations
encourage and nurture it, often with processes to enable nontraditional ways
of thinking, working, and the space to try out ideas in a safe environment,”
says Hasmukh Ranjan, CIO of AMD. Here’s how I spot derailments: Ask initiative
leaders to share access to their roadmaps, agile backlogs, collaboration
tools, stakeholder communications, and internal documentation. ...
Subject matter experts and internal stakeholders should be contributors to
priorities and requirements, not decision-makers or backlog dictators. Digital
transformations derail when CIOs miss the opportunity to establish and
communicate product management responsibilities for creating and evolving
market- and customer-driven roadmaps.
IS Audit in Practice: Advantages of Technology in Achieving Diversity
The benefits of diversity have long been sought after by schools of
management. Diverse styles produce a broad range of ideas and approaches,
which can translate to a more cohesive work environment and create a
competitive edge that impacts the bottom line. Diverse work teams with
inclusive mindsets can bridge gaps in understanding that help avoid rework.
The classic example is strong collaboration between IT and the business, where
post-development user acceptance testing (UAT) produces a go-live outcome that
satisfies users. Diverse teams also make it easier to reach a wider audience
by creating products and services that are broadly appealing. Technology helps
make these products and services more ubiquitous. If diversity can bring such
advantages, why is it so hard to achieve? The terms "unconscious bias," "the
boys’ club," "cliques" and "the inner circle" suggest that work and social
groups form around what is familiar. ... Breaking away from the known and
comfortable to include new approaches and different individuals can feel
risky, as any change does for those accustomed to operating within established
boundaries.
The role of AI as an everyday life assistant
One of the concerns the book raises is how businesses experienced in selling
to humans will respond. There is no reason to assume the machine will remain
in the domain of low-value purchasing, leaving businesses free to focus their
efforts on high-value human customers. “Doubling down on the human market and
perceived higher-value human customer service capabilities, the losers will
find their cost of sale gradually increasing even as their revenue and total
addressable market appears to shrink,” warn Raskino and co-author Don
Scheibenreif. Society may not yet be ready for the machine customer, but the
idea is finding its way into people’s lives by automating boring or repetitive
tasks. In the book, Raskino and Scheibenreif discuss the May 2018
demonstration by Google CEO Sundar Pichai of an AI assistant called Duplex.
The AI was so convincing that it was able to book an appointment at a hair
salon over the telephone, without the person on the other end of the line
being aware that it was a machine making the appointment.
Data infrastructure: The picks and shovels of the AI gold rush
While AI models form the cornerstone of this recent progress, scaling AI
requires a robust data foundation that trains models and serves them
effectively. This process involves collecting and storing raw data, utilizing
computational power to transform data and train models, and processing and
ingesting data in real-time for inference. Ultimately, turning raw data into
AI insights in production is complex and dependent on having strong data
infrastructure. Data engineering teams will play a crucial role in enabling AI
and must lean into an ever-improving set of tools to address rapidly growing
volumes of data, larger models, and the need for real-time processing and
movement of data. Data infrastructure has transformed over the past decade
irrespective of AI, driven by the shift to the cloud and a greater focus on
analytics. This transformation has created huge commercial successes with the
likes of Snowflake, Databricks, Confluent, Elastic, MongoDB, and others.
Today, we are in a moment in time where storage and compute limitations have
largely been erased thanks to the cloud.
Why platform engineering?
While simple in concept, platform engineering isn’t trivial to execute because
it requires a product development mindset. Platform engineers must develop a
product that agile development teams want to consume, and developers must let
go of their desires for DIY (do it yourself) devops approaches. One place to
start is infrastructure and cloud provisioning, where IT can benefit
significantly from standards, and developers are less likely to have
application-specific architectural requirements. Donnie Berkholz, senior vice
president of product management at Percona, says, “Platform engineering covers
how teams can deliver the right kind of developer experience using automation
and self-service, so developers can get to writing code and implementing
applications rather than having to wait for infrastructure to be set up based
on a ticket request.” Therein lies the customer pain point. If I am a
developer or data scientist who wants to code, the last thing I want to do is
open a ticket for computing resources. But IT and security leaders also want
to avoid having developers customize the infrastructure’s configuration, which
can be costly and create security vulnerabilities.
3 Ways To Manage Conflict In The Workplace
If you’re experiencing a conflict, you might spend some time digging into all
the possible root causes of the conflict you’re currently dealing with that
may be different from your initial perception. In writing down the
possibilities or alternatives, you just might find that the conflict you
thought you were struggling with isn’t what the conflict is actually about.
This is an exercise to get to the heart of the matter, because we can’t solve
for what we don’t even realize exists. ... Justification is often what keeps
us stuck in conflict, according to conflict and collaboration consultant Cair
Canfield. Conflict can keep us stuck if our egos want us to remain blameless,
like we don’t have any part in the problem and so we don’t have to change. But
it doesn’t really serve you, because you’ll keep doing the same thing in the
same way, rather than be able to move forward productively. ... nstead of
immediately shutting down an idea because you disagree with it, ask questions.
You might ask, ‘What in your life has shaped your viewpoint?’ Being curious
about why the other person sees things the way they do helps your brain to
stay open to new information, while being defensive can make you less open
minded.
Quote for the day:
"Blessed are the people whose leaders
can look destiny in the eye without flinching but also without attempting to
play God" -- Henry Kissinger
No comments:
Post a Comment