Daily Tech Digest - May 11, 2023

Will Rogue AI Become an Unstoppable Security Threat?

The rogue AI concept generally refers to AI systems that have been trained to generate or identify opportunities to exploit code or system vulnerabilities and then take some form of destructive action without human intervention, Saylors says. That action could be the creation of code known to be vulnerable and publishing it to a common code repository with the expectation it would be exploited at a later date. It could also be the active exploitation of vulnerabilities by the AI technology itself. The latter action is an extreme example, Saylors says, and generally only a concern for governments or high-profile enterprises, such as defense contractors and financial institutions. “Such organizations already tend to be under constant attack from well-funded APT groups,” he notes. Unfortunately, as sophisticated AI technologies such as ChatGPT become widely available, they will be trained to exploit code or system vulnerabilities. “I’m not saying ChatGPT, specifically, will do this, but I’m suggesting that bad actors will clone this type of technology and train it for nefarious use,” Saylors says.

Generative AI Will Transform Software Development. Are You Ready?

The coming convergence of generative AI and software development will have broad implications and pose new challenges for your IT organization. As an IT leader, you will have to strike the balance between your human coders—be they professionals or cit-devs—and their digital coworkers to ensure optimal productivity. You must provide your staff guidance and guardrails that are typical of organizations adopting new and experimental AI. Use good judgment. Don’t enter proprietary or otherwise corporate information and assets into these tools. Make sure the output aligns with the input, which will require understanding of what you hope to achieve. This step, aimed at pro programmers with knowledge of garbage in/garbage out practices, will help catch some of the pitfalls associated with new technologies. When in doubt give IT a shout. Or however you choose to lay down the law on responsible AI use. Regardless of your stance, the rise of generative AI underscores how software is poised for its biggest evolution since the digital Wild West known as Web 2.0.

AI outcry intensifies as EU readies regulation

AI offers both the potential to grow the business and a significant risk by eroding a company’s unique selling point (USP). While business leaders assess its impact, there is an outcry from industry experts and researchers, which is set to influence the direction future AI regulations take. In an interview with the New York Times discussing his decision to leave Google, prominent AI scientist Geoffory Hinton warned of the unintended consequences of the technology, saying: “It is hard to prevent bad actors from doing bad things.” Hinton is among a number of high-profile experts voicing their concerns over the development of AI. An open letter, published by the Future of Life Institute, has over 27,000 signatories calling for a pause in the development of AI, among them Tesla and SpaceX founder, Elon Musk – who, incidentally, is a co-founder of OpenAI, the organisation behind ChatGPT. Musk has been openly critical of advancement such as generative AI, but he is reportedly working on his own version. According to the Financial Times, Musk is bringing together a team of engineers and researchers to develop his own generative AI system and has “secured thousands of high powered GPU processors from Nvidia”.

Refined methodologies of ransomware attacks

“Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes,” said Chester Wisniewski, field CTO, Sophos. ... “With two thirds of organizations reporting that they have been victimized by ransomware criminals for the second year in a row, we’ve likely reached a plateau. The key to lowering this number is to work to aggressively lower both time to detect and time to respond. Human-led threat hunting is very effective at stopping these criminals in their tracks, but alerts must be investigated, and criminals evicted from systems in hours and days, not weeks and months. Experienced analysts can recognize the patterns of an active intrusion in minutes and spring into action. This is likely the difference between the third who stay safe and the two thirds who do not. Organizations must be on alert 24×7 to mount an effective defense these days,” said Wisniewski.

Automation: 3 ways it boosts productivity and reduces burnout

When we automate, we can carve out more time for the big stuff—and the more time we spend on the big stuff, the more engaged we become. Engaged employees aren’t just happier; they also create better customer experiences. Companies, in turn, can charge more for their services. The bottom line: Higher engagement is a win for everyone—companies, customers, and employees alike. To identify your most meaningful work, ask yourself what you enjoy doing the most and what delivers the most impact. For me, that’s writing and high-level strategizing. For a journalist, it might be drafting compelling narratives. For a designer, it might be brainstorming creative and beautiful ways to solve a customer’s problem. ... The benefits of automation are multifold: It increases engagement and productivity; it overcomes human limitations like the need to rest because with automation you set it and forget it; it minimizes errors; and it establishes processes that can be consistently refined. This list is not exhaustive. But here’s the rub: Automation can’t be established in a vacuum. 

NoOps vs. ZeroOps: What Are the Differences?

ZeroOps works from the philosophy that a company’s IT team is uniquely positioned to create innovation that services the organization — if it has time to think, rather than constantly chasing tickets or dealing with upkeep, that is. With more time free, IT teams might create new infrastructure that provides enhanced performance for specific corporate applications or might suggest ways in which current applications can be improved. The opportunities are limitless — if only operations teams had the time to do what they need to be doing! And with ZeroOps, they finally can. A ZeroOps provider works with the IT team to create an environment that is ideally suited to the organization, but in which the ZeroOps provider uses a combination of intelligent automation and remote support to relieve the IT team of the general burden of ensuring the system runs properly. Removing these burdens from a team’s shoulders allows them to place focus back on where it should have been in the first place. In other words, innovation and creation are actually possible again, instead of being bogged down by the backlog of things to do to keep everything running.

Quantifying the Value of Data to Business Leaders

The ROI of data is frequently obscured when critical data points fail to form a bigger picture, said Soares. For example, a modest profit from a particular business asset might not be tracked against a long-enough timescale to warrant its initial price tag. ... How is it possible to change business culture to recognize the true value of data? Soares suggested that there is an ultimately simple way to begin benchmarking across companies to assign data value without resorting to “voodoo economics.” “The value of a company’s data divided by the value of the company is what we call a data monetization index,” noted Soares. “And we have another metric called intangible asset index.” Data-related intangibles include customer data, employee data, reference data, reports, critical data elements, and more. How does one identify a critical data element? Soares estimates that roughly 10% of corporate data would fall under this category, though this number is contextual: What may be critical for one application may not be critical for another. 

Does Your Organization Need a CISO or an External Advisor?

The question on every leader’s mind now is, what is the best way to prepare? Should businesses hire a Chief Information Security Officer (CISO), or incorporate an advisor to the organization's board? Based on our work, we have several recommendations to navigate the best option for your organization: Each business context requires a different cybersecurity strategy. Factoring in the types of threats faced and their level of criticality is also key in the decision-making process. The different types of threats may include manufacturing facilities, high value IP (next generation tech, in particular if related to communications or weapons), infrastructure (e.g., energy generation or distribution), ransomware targets, and exploitation opportunities. Being open to exploring hybrid models can be a way to avoid missteps. What level of sophistication does your organization need in a CISO or advisor? Companies with low threat levels (are there any left?) or limited resources may want to rely on external vendors and advisors at early stages on their cybersecurity journey, rather than hiring a CISO immediately.

4 strategies for embracing ‘Everywhere Work’ in 2023

“When it comes to how and where employees work – leaders who do not embrace and enable flexibility where they can – also risk not reaping the benefits of a more engaged, more productive workforce,” said Jeff Abbott, CEO at Ivanti. Attracting and retaining the very best talent will always be an executive priority, but the organisations that embrace an Everywhere Work mindset – and supporting tech stack – will have a sustainable competitive advantage. There has been a seismic shift in how and where employees expect to get work done and it's imperative for leaders to break down culture and tech barriers to enable it.” As employees strive to strike a balance between work and personal life, they are pushing for new ways of working that help them reduce long commutes and minimise the negative impact on their health and well-being. Unfortunately, many employers are still hesitant to fully embrace virtual work arrangements, treating them as temporary solutions that may be reversed in the future. This reluctance to embrace remote work has led to widespread burnout and disengagement among knowledge workers, particularly younger employees.

Introducing the Data Trust Index: A New Tool to Drive Data Democratization

Data quality frameworks have traditionally focused solely on technical data quality dimensions; the Data Trust Index places a heavy emphasis on the social trust component of confirmability to account for the emotional and cultural factors that shape how people perceive and interact with data in their organizations. The adoption and implementation of data quality frameworks have typically been regarded as the necessary step for any organization wishing to promote data democratization. Good quality data will increase use of the data, or so the logic goes. Our conviction is that a data quality framework is only the necessary first step, that true data democratization requires a holistic approach that appeals to both the logical and emotional sides of people. The Data Trust Index brings data trust out of the realm of sterile dashboards and into something tangible that instills confidence in data and helps create a culture of trust around data. We developed the critical components of the Trust Framework (Credibility, Consistency, Confirmability) over many conversations about what was working and what wasn’t for our clients seeking benefits out of investments in data.

Quote for the day:

"To be successful, you have to have your heart in your business, and your business in your heart." -- Thomas Watson, Sr.

No comments:

Post a Comment