Daily Tech Digest - July 11, 2023

Multiple SD-WAN vendors can complicate move to SASE

The walls between networking and security teams must come down to deliver cloud-based security and network services across today’s sophisticated networks. “The opportunity to leverage a cloud-based architecture to enforce security policies to distributed locations and remote workers is the real value of SASE. It offers management efficiencies, it supports a modern workforce, and it supports an important integration between the network and security teams,” IDC’S Butler says. “In today’s world, when you have so many people working from home and so many distributed applications, a cloud-based security approach is really appealing.” As the market continues to evolve, vendors are boosting their capabilities – networking vendors are acquiring or developing security capabilities to offer SASE, and security providers are augmenting their product portfolios with advanced networking capabilities to offer SASE. That aligns with adoption trends; a majority (68%) of 830 respondents to an IDC survey said they would like to use the same vendor for their SD-WAN and security/SASE solution.

Decoding AI: Insights and Implications for InfoSec

AI is wonderfully adept at narrow tasks, but it is clueless beyond its specific training. It’s like a super-specialist who can thread a needle blindfolded but can’t understand why it shouldn’t sew its own fingers together. Say we task an AI with making a company network as secure as possible. It might suggest shutting down the network, preventing user access or even blocking external dataflows because, hey, it’s technically efficient! ... AI could reshape the world of cybersecurity in unimaginable ways, making our lives easier and more efficient. However, it is essential to bear in mind that AI, despite its remarkable abilities, is essentially a tool. It lacks the human touch—our capacity for intuition, empathy and understanding that extends beyond the data. AI will undoubtedly keep improving, but it is on us to guide its evolution in a way that respects our shared humanity and safeguards our values. So, the next time you see a headline touting the latest AI breakthrough, take a moment to appreciate the amazing technology—but remember that it’s not quite as “intelligent” as it might seem.

Sarah Silverman sues OpenAI, Meta over copyright infringement in AI training

The suits, filed last week in federal district court in San Francisco, argued that Microsoft-backed OpenAI and Meta didn’t have permission to use copyright works by Silverman and two other authors, Christopher Golden and Richard Kadrey, when it used them to train ChatGPT and Meta's LLaMA (Large Language Model Meta AI). It asks for injunctions against the companies to prevent them from continuing similar practices, as well as unspecified monetary damages. The heart of the lawsuit, according to the complaint, is OpenAI’s use of a data set called BookCorpus, which it said was created in 2015 for the purpose of large language model training. Much of BookCorpus, the plaintiffs say, was copied from a site called Smashwords, a host for self-published novels, which were under copyright. Additionally, the complaint alleges that there is no way that the book-based data sets used to train OpenAI came entirely from legal sources, as no legal databases offer enough content to account for the size of the “Books1” and “Books2” sets.

Law firms under cyberattack

As the UK National Cyber Security Centre (NCSC) noted in a recent report focusing on cyber threats to the legal sector, law firms handle sensitive client information that cybercriminals may find useful, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. The potential consequences of such breaches can be severe, as the disruption of business operations can incur substantial costs. Ransomware gangs specifically target law firms to extort money in exchange for allowing the restoration of business operations. In 2020, the Solicitors Regulation Authority (SRA) published a cybersecurity review revealing that 30 out of 40 of the law firms they visited have been victims of a cyberattack. In the remaining ten, cybercriminals have directly targeted their clients through legal transactions. “While not all incidents culminated in a financial loss for clients, 23 of the 30 cases in which firms were directly targeted saw a total of more than £4m [$5m+] of client money stolen,” the SRA noted.

7 IT consultant tricks CIOs should never fall for

Making a business case - Consultants love this one. It’s where the CIO engages them to build the business case for a pet project or priority — not to determine whether there’s even a business case to be made. To make one, starting with the predetermined answer and working backward from there, employing such questionable practices as cherry-picked data, one-sided analyses, inappropriate statistical tests, and selective anecdotes to name a few, defining and justifying a strategic program whose success depends on … surprise! … a major engagement for the consultant’s employer. ... Win, then hire - This is less common for delivery teams than the consultants whose work resulted in the win that created the need for the delivery team, but still … Few consultancies keep a bench of any size. As a result, winning an engagement is often far more stressful than losing one, because after winning an engagement the consultancy has no more than a month or so to hire the staff needed to execute the engagement, familiarize the newly hired staff with the methodology and practices the engagement calls for, and build a working relationship with their new managers.

Why Qubit Connectivity Matters

Of course, high-connectivity architectures are not without disadvantages. High connectivity relies on the ability to shuttle qubits around, and shuttling qubits carries several potential issues. Shuttling qubits can be a relatively slow process compared to the speed of quantum gate operations. This can increase the total computation time and reduce the number of operations that can be performed before the qubits lose coherence. The process of moving qubits introduces the risk of decoherence, which is the loss of the quantum state due to interaction with the environment. Shuttling qubits also adds an extra layer of complexity to the design of the computer, and this can be challenging to implement, especially in a large-scale system. In summary, qubit connectivity plays a vital role in the performance and functionality of quantum computers. It impacts the implementation of quantum algorithms, the creation of quantum entanglement, error correction, and the overall scalability, speed, and efficiency of quantum computing systems. When one considers the quantum modality of choice for their application, qubit connectivity should be one of the factors taken under consideration.

Analysts: Cybersecurity Funding Set for Rebound

A lot of the optimism has to do with enterprises continuing to invest heavily in cybersecurity, despite a slowdown in other expenditures. Market research firm IDC expects that organizations will spend some $219 billion this year on security products and services — or some 13% more than they did in 2022 — to address threats, to support hybrid work environments, and to meet compliance requirements. The areas that will receive the most spending are managed security services, endpoint security, network security, and identity and access management. "While the theme of conservatism and expectations for continued headwinds have remained throughout the first half of the year, we do expect to see strategic activity slowly begin to rebound in the second half of 2023 and into 2024," says Eric McAlpine, founder and managing partner of analyst firm Momentum Cyber. Financing and M&A activity will both eventually pick up as companies that were able to make do financially so far begin to feel the need for fresh capital to fuel their business, he says.

Why Enterprises Should Merge Private 5G With Programmable Communications

5G private networks provide an opportunity to integrate the application and the network so that the two can inform one another, allowing adjustments to be made in real time. Businesses not only have an improved network with a private cellular network, but they can also sync their applications with the network’s performance, enabling multiple tasks to be completed based on network performance at a specific moment. ... A new generation of digital engagement providers is looking at how these communication platforms evolve into platforms that integrate across a range of business processes. They are not only leveraging robust voice, video and messaging solutions but also introducing fully programmable computer vision and audio analytics solutions. This combination of communications and AI-based media analytics and programmability makes this evolved communications platform an ideal and unexpected solution to Industry 4.0 business needs. New communication platforms are focused less on meeting one business need but rather on the integration of communications to evolve and inform applications, making adjustments and building cost-effective efficiencies.

5 ways to prepare a new cybersecurity team for a crisis

Not all security incidents cause an enterprise-level crisis, and not all crises are cyber-related. Natural disasters, product recalls, accidents, and public relations debacles are all examples of non-cyber events that could have a significant negative impact on an organization. So, in preparing a new cybersecurity team for a crisis, it is important to define and rank--first, by severity and then by likelihood--what precisely the business would define as a security “crisis,” says John Pescatore director of emerging security trends at the SANS Institute. “It is not the case that the top of the list will always be something like ransomware,” Pescatore says. Sometimes, a crisis might have nothing to do with cybersecurity, he notes. “For example, I remember hearing a Boston-area hospital CIO talk about how they were bombarded with attempts to get into hospital data after the [Boston Marathon] bombing because press reports had noted the bombers went to that hospital.” Once the cybersecurity team has an understanding of what would constitute a security crisis for the company, create playbooks for the top handful of them.

Writing your company’s own ChatGPT policy

To help employees grasp and embrace key basics quickly, one useful starting point can be signposting relevant parts of existing policies they can check for best practices. Producing tailored guidance for an internal ChatGPT policy is slightly more complex. To develop a truly all-encompassing ChatGPT policy, companies will likely need to run extensive cross-business workshops and individual surveys which enable them to identify, and discuss, every use case. Putting in this groundwork, however, will allow them to build specific directions which ultimately ensure better protection, as well as giving workers the comprehensive knowledge required to make the most of advanced tech. ... Explicitly highlighting threats and setting unambiguous usage limitations is also just as critical to leave no room for accidental misuse. This is particularly important for businesses where generative AI may be deployed to streamline tasks that involve some level of PII, such as drafting client contracts, writing emails, or suggesting which code snippets to use in programming.

Quote for the day:

"Learning is a lifetime process, but there comes a time when we must stop adding and start updating." -- Robert Brault

No comments:

Post a Comment