Embrace AI Acceleration by Investing in Reliability
There’s no way to completely eliminate the unreliability risks of AI without
also eliminating all of its benefits. Manually reworking every line of code the
AI writes to be “robustly human-compatible,” for example, makes it not much
faster than writing code yourself. Instead, let AI accelerate you where it can,
and empower the people steering it to mitigate the risk. A major advantage of
engineers over current AI models is perspective. Your AI copilot is
lightning-fast at producing and testing code, but it doesn’t understand why
you’re asking for these tasks. Unfortunately, human engineers can also end up
stuck regurgitating code from requests, not knowing the big picture or having
any impact on it. When they become “managers” of AI, it’s more important than
ever to empower your engineers with this perspective. ... Even without needing
to understand the details of the AI-written code, each engineer can tackle
things on a higher level, mitigating the effect of the problem on the intended
outcome of the service. They’ll know what your users care about and how to
leverage AI to quickly bring back functionality.
CISOs under pressure: Protecting sensitive information in the age of high employee turnover
A risk assessment can quickly identify and prioritize cyber vulnerabilities so
that you can immediately deploy solutions to protect critical assets from
malicious cyber actors while immediately improving overall operational
cybersecurity. This includes protecting and backing up business enterprise
systems such as: financial systems, email exchange servers, HR, and procurement
systems with new security tools and policies. There are measures in a
vulnerability framework that are not cost prohibitive. Those measures can
include mandating strong passwords for employees and requiring multi-factor
authentication. Firewalls can be set up and CISOs can make plans to segment
their most sensitive data. Encryption software can also be affordable. The use
of the cloud and hybrid clouds enables implementation of dynamic policies,
faster encryption, drives down costs, and provides more transparency for access
control. A good cloud provider can provide some of those security controls for a
reasonable cost.
A Tutorial About Dealing With an Obfuscated Code
Security researchers face numerous challenges in their work, and malware
writers consistently attempt to compound these existing challenges with
additional obstacles. Therefore, when researchers examine a script, code, or
file, it often exhibits lengthy and vague variable names, occasionally
encrypted using methods like Base64 or subjected to XOR operations. The
code may contain unnecessary data, including thousands of lines of code that
are never utilized, among other elements deliberately intended to perplex
and consume the valuable time of the researcher. ... It’s worth considering
that deobfuscation techniques can vary, offering different approaches and
potential solutions. As a result, you may come across alternative methods
that resonate better with your preferences and prove to be more effective
for your specific needs. ... Occasionally, you may encounter files without
proper indentation. In such cases, you can search online for “VBS beautify”
tools to assist in organizing and formatting the code. So, this is what we
are dealing with today, there’s no need to overanalyze it at this point, we
will soon tackle it together:
Police Scotland use cloud for biometric data despite clear risks
Computer Weekly contacted Police Scotland about various aspects of the
story, including why DNA and fingerprint data was deemed too sensitive for
the system, but other biometric information was not; why it considers
encryption to be an effective safeguard in this instance; and why it decided
to press forward with the DESC pilot despite major data protection concerns
being highlighted by both the SPA and ICO. “Police Scotland continues to
work closely with all relevant partners to identify, assess and mitigate any
risks relating to data sovereignty, where required. Further risk assessments
and mitigation will be kept under ongoing scrutiny,” said a Police Scotland
spokesperson. “All digital evidence on the DESC system is held securely.
Access to the information is fully audited and monitored, and only
accessible to approved personnel. ... “We take the management and security
of data seriously. We are working with our criminal justice partners to
ensure robust, effective and secure processes are in place to support the
development of the system and will continue to engage with the biometrics
commissioner, the Information Commissioner’s Office and relevant
partners.”
Using Snapshots to Improve Data Security
Snapshots can augment backups for data protection. For those wishing to
reduce their recovery point objective without spending a fortune, snapshots
are one option. Backups can recover data anywhere from a day ago to a week
or more, depending on when the last backup was done. Anything later than the
last backup is lost. Snapshots can take the RPO down to an hour or so,
depending on how often they are done. Some businesses run snapshots more
often than once an hour due to the sensitive or financially lucrative nature
of the data they process. ... One way to achieve immutability is to send
data to a tape archive that remains offline. That air gap means that
cybercriminals can’t cause any mischief as there is no direct networking
connection to the data. But there are other solutions to immutability — some
better than others. Some try to pass off cloud storage as being immutable.
In reality, it is just cloud storage with extra layers of protection. Pure
Storage is one vendor that has put together some immutability features that
make snapshots more valuable.
Unlocking the Full Hybrid Cloud Potential With Modern Data Management
Protecting data along its journey to the cloud requires complete visibility.
Legacy systems often create data siloes, making it difficult to see what’s
happening in a given corner of the business. When modernizing, companies
should prioritize solutions that allow for siloes to be eliminated. This
ultimately offers decision-makers a picture of their data across the
entirety of the enterprise. Furthermore, due to the sheer volume of data in
the hands of today's typical business, software solutions that bring agility
and flexibility to data management are also a must. Hybrid migrations can
facilitate frictionless modernization. However, continuous, successful
transformation hinges on ensuring the business is equipped with the right
tools in its technology stack to drive this objective. This emphasizes the
point that for hybrid cloud strategies to result in successful
modernization, deep visibility and strong controls on data in transit is
crucial. ... With established, effective data practices, organizations can
more freely interact with their valuable and critical data without incurring
risk.
A Disturbing Trend in Ransomware Attacks: Legitimate Software Abuse
Leveraging legitimate software can allow attackers’ activity to remain
hidden, which may allow them to achieve their goals on a victim network
without being discovered. Legitimate software misuse also can make
attribution of an attack more difficult, and these tools can also lower
barriers to entry. This means less-skilled hackers may still be able to
conduct quite wide-ranging and disruptive attacks. The legitimate tools we
most commonly see being used by malicious actors are remote monitoring and
management (RMM) tools, such as AnyDesk, Atera, TeamViewer, ConnectWise, and
more. In fact, the use of RMM software by malicious actors was considered
serious enough for the Cybersecurity and Infrastructure Security Agency
(CISA) to issue an alert about this kind of. As recently as February this
year, the Symantec Threat Hunter team saw ConnectWise used in both Noberus
and Royal ransomware attacks. These tools are commonly used legitimately by
IT departments in small, midsize, and large organizations.
Only half of organizations “very prepared” to meet global data privacy laws
The survey suggests that those who feel they are very prepared to meet data
privacy laws may not be as ready as they believe. While 70% say they have
designated an internal project manager or owner and 58% conduct regular
training of staff on data privacy and compliance, less than half of the
overall respondent pool have taken the following steps: engaged outside
legal counsel (42%), participated in a peer group to keep abreast of changes
(40%), or developed a task force/oversight counsel to track privacy law
changes (35%), the research found. ... "Data mapping - knowing what data you
have and where it lives - is foundational for any effective data privacy and
cybersecurity strategy," wrote Tara Cho, partner, chair of the Womble Bond
Dickinson privacy and cybersecurity team, and report contributor. While many
companies might implement external-facing actions, such as putting a cookie
banner on their website or updating privacy policies, there is still a need
to build out back-end requirements to truly operationalize the compliance
requirements, Cho added.
Is quantum computing the next frontier for machine learning experts?
“We need more quantum literate programmers and engineers; but equally as
important, I encourage quantum literacy across a wide range of diverse
roles. For example, we need quantum literate scientific journalists, policy
makers, ethicists, teachers, cyber analysts and strategists,” says Dr
Kristin M. Gilkes, global innovation quantum leader at EY.“Quantum is a
domain for which we need all kinds of diverse thinking and leadership, not
just the physicists, programmers and engineers.” ... “Quantum is picking up
pace and given the advances we are seeing using a hybrid ML/quantum process,
I think we are going to see serious benefits in the next two to three
years,” Dr Gilkes adds. “We are finding a symbiotic relationship between the
disciplines of AI and quantum, each bringing their own value to the table
and making the other more efficient and faster. ML has the ability, today,
to organise and manipulate large data sets really well, which is a function
that quantum computing can benefit from.” Similar to how AI is surpassing
all scaling timeframe predictions, Dr Gilkes believes that the rapid
advancement of quantum computing means its impact will be felt in the next
couple of years.
How Intelligent Applications Can Boost Sales
One way an intelligent app can increase sales is by creating a personalized
user experience. “This focuses on offering potential customers products or
services that are applicable to them specifically, based on data obtained
from prior user interactions, past searches, or surveys,” says Danielle
Borisovsky, a manager in intelligent automation technologies at automation
firm Reveal Group. Lead prioritization is another way intelligent
applications can help spur sales. Ranking leads based on potential value and
conversion probability allows sales teams to focus on the most promising
prospects, Ours says. “Elements helping to prioritize leads can range from
prior history, strength of relationship, size of the deal, customer
monetization value, or even the maturity of your product or offering.”
Perhaps the most popular -- and valuable -- intelligent application sales
tool is forecasting. “By analyzing historical sales data and various market
factors, AI-powered sales applications can generate more accurate forecasts,
driving better decision-making, upselling, and cross-selling,” Ours says.
Quote for the day:
"The first task of a leader is to
keep hope alive." -- Joe Batten
No comments:
Post a Comment