Daily Tech Digest - July 18, 2023

Embrace AI Acceleration by Investing in Reliability

There’s no way to completely eliminate the unreliability risks of AI without also eliminating all of its benefits. Manually reworking every line of code the AI writes to be “robustly human-compatible,” for example, makes it not much faster than writing code yourself. Instead, let AI accelerate you where it can, and empower the people steering it to mitigate the risk. A major advantage of engineers over current AI models is perspective. Your AI copilot is lightning-fast at producing and testing code, but it doesn’t understand why you’re asking for these tasks. Unfortunately, human engineers can also end up stuck regurgitating code from requests, not knowing the big picture or having any impact on it. When they become “managers” of AI, it’s more important than ever to empower your engineers with this perspective. ... Even without needing to understand the details of the AI-written code, each engineer can tackle things on a higher level, mitigating the effect of the problem on the intended outcome of the service. They’ll know what your users care about and how to leverage AI to quickly bring back functionality. 

CISOs under pressure: Protecting sensitive information in the age of high employee turnover

A risk assessment can quickly identify and prioritize cyber vulnerabilities so that you can immediately deploy solutions to protect critical assets from malicious cyber actors while immediately improving overall operational cybersecurity. This includes protecting and backing up business enterprise systems such as: financial systems, email exchange servers, HR, and procurement systems with new security tools and policies. There are measures in a vulnerability framework that are not cost prohibitive. Those measures can include mandating strong passwords for employees and requiring multi-factor authentication. Firewalls can be set up and CISOs can make plans to segment their most sensitive data. Encryption software can also be affordable. The use of the cloud and hybrid clouds enables implementation of dynamic policies, faster encryption, drives down costs, and provides more transparency for access control. A good cloud provider can provide some of those security controls for a reasonable cost. 

A Tutorial About Dealing With an Obfuscated Code

Security researchers face numerous challenges in their work, and malware writers consistently attempt to compound these existing challenges with additional obstacles. Therefore, when researchers examine a script, code, or file, it often exhibits lengthy and vague variable names, occasionally encrypted using methods like Base64 or subjected to XOR operations. The code may contain unnecessary data, including thousands of lines of code that are never utilized, among other elements deliberately intended to perplex and consume the valuable time of the researcher. ... It’s worth considering that deobfuscation techniques can vary, offering different approaches and potential solutions. As a result, you may come across alternative methods that resonate better with your preferences and prove to be more effective for your specific needs. ... Occasionally, you may encounter files without proper indentation. In such cases, you can search online for “VBS beautify” tools to assist in organizing and formatting the code. So, this is what we are dealing with today, there’s no need to overanalyze it at this point, we will soon tackle it together:

Police Scotland use cloud for biometric data despite clear risks

Computer Weekly contacted Police Scotland about various aspects of the story, including why DNA and fingerprint data was deemed too sensitive for the system, but other biometric information was not; why it considers encryption to be an effective safeguard in this instance; and why it decided to press forward with the DESC pilot despite major data protection concerns being highlighted by both the SPA and ICO. “Police Scotland continues to work closely with all relevant partners to identify, assess and mitigate any risks relating to data sovereignty, where required. Further risk assessments and mitigation will be kept under ongoing scrutiny,” said a Police Scotland spokesperson. “All digital evidence on the DESC system is held securely. Access to the information is fully audited and monitored, and only accessible to approved personnel. ... “We take the management and security of data seriously. We are working with our criminal justice partners to ensure robust, effective and secure processes are in place to support the development of the system and will continue to engage with the biometrics commissioner, the Information Commissioner’s Office and relevant partners.”

Using Snapshots to Improve Data Security

Snapshots can augment backups for data protection. For those wishing to reduce their recovery point objective without spending a fortune, snapshots are one option. Backups can recover data anywhere from a day ago to a week or more, depending on when the last backup was done. Anything later than the last backup is lost. Snapshots can take the RPO down to an hour or so, depending on how often they are done. Some businesses run snapshots more often than once an hour due to the sensitive or financially lucrative nature of the data they process. ... One way to achieve immutability is to send data to a tape archive that remains offline. That air gap means that cybercriminals can’t cause any mischief as there is no direct networking connection to the data. But there are other solutions to immutability — some better than others. Some try to pass off cloud storage as being immutable. In reality, it is just cloud storage with extra layers of protection. Pure Storage is one vendor that has put together some immutability features that make snapshots more valuable. 

Unlocking the Full Hybrid Cloud Potential With Modern Data Management

Protecting data along its journey to the cloud requires complete visibility. Legacy systems often create data siloes, making it difficult to see what’s happening in a given corner of the business. When modernizing, companies should prioritize solutions that allow for siloes to be eliminated. This ultimately offers decision-makers a picture of their data across the entirety of the enterprise. Furthermore, due to the sheer volume of data in the hands of today's typical business, software solutions that bring agility and flexibility to data management are also a must. Hybrid migrations can facilitate frictionless modernization. However, continuous, successful transformation hinges on ensuring the business is equipped with the right tools in its technology stack to drive this objective. This emphasizes the point that for hybrid cloud strategies to result in successful modernization, deep visibility and strong controls on data in transit is crucial. ... With established, effective data practices, organizations can more freely interact with their valuable and critical data without incurring risk.

A Disturbing Trend in Ransomware Attacks: Legitimate Software Abuse

Leveraging legitimate software can allow attackers’ activity to remain hidden, which may allow them to achieve their goals on a victim network without being discovered. Legitimate software misuse also can make attribution of an attack more difficult, and these tools can also lower barriers to entry. This means less-skilled hackers may still be able to conduct quite wide-ranging and disruptive attacks. The legitimate tools we most commonly see being used by malicious actors are remote monitoring and management (RMM) tools, such as AnyDesk, Atera, TeamViewer, ConnectWise, and more. In fact, the use of RMM software by malicious actors was considered serious enough for the Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert about this kind of. As recently as February this year, the Symantec Threat Hunter team saw ConnectWise used in both Noberus and Royal ransomware attacks. These tools are commonly used legitimately by IT departments in small, midsize, and large organizations.

Only half of organizations “very prepared” to meet global data privacy laws

The survey suggests that those who feel they are very prepared to meet data privacy laws may not be as ready as they believe. While 70% say they have designated an internal project manager or owner and 58% conduct regular training of staff on data privacy and compliance, less than half of the overall respondent pool have taken the following steps: engaged outside legal counsel (42%), participated in a peer group to keep abreast of changes (40%), or developed a task force/oversight counsel to track privacy law changes (35%), the research found. ... "Data mapping - knowing what data you have and where it lives - is foundational for any effective data privacy and cybersecurity strategy," wrote Tara Cho, partner, chair of the Womble Bond Dickinson privacy and cybersecurity team, and report contributor. While many companies might implement external-facing actions, such as putting a cookie banner on their website or updating privacy policies, there is still a need to build out back-end requirements to truly operationalize the compliance requirements, Cho added.

Is quantum computing the next frontier for machine learning experts?

“We need more quantum literate programmers and engineers; but equally as important, I encourage quantum literacy across a wide range of diverse roles. For example, we need quantum literate scientific journalists, policy makers, ethicists, teachers, cyber analysts and strategists,” says Dr Kristin M. Gilkes, global innovation quantum leader at EY.“Quantum is a domain for which we need all kinds of diverse thinking and leadership, not just the physicists, programmers and engineers.” ... “Quantum is picking up pace and given the advances we are seeing using a hybrid ML/quantum process, I think we are going to see serious benefits in the next two to three years,” Dr Gilkes adds. “We are finding a symbiotic relationship between the disciplines of AI and quantum, each bringing their own value to the table and making the other more efficient and faster. ML has the ability, today, to organise and manipulate large data sets really well, which is a function that quantum computing can benefit from.” Similar to how AI is surpassing all scaling timeframe predictions, Dr Gilkes believes that the rapid advancement of quantum computing means its impact will be felt in the next couple of years. 

How Intelligent Applications Can Boost Sales

One way an intelligent app can increase sales is by creating a personalized user experience. “This focuses on offering potential customers products or services that are applicable to them specifically, based on data obtained from prior user interactions, past searches, or surveys,” says Danielle Borisovsky, a manager in intelligent automation technologies at automation firm Reveal Group. Lead prioritization is another way intelligent applications can help spur sales. Ranking leads based on potential value and conversion probability allows sales teams to focus on the most promising prospects, Ours says. “Elements helping to prioritize leads can range from prior history, strength of relationship, size of the deal, customer monetization value, or even the maturity of your product or offering.” Perhaps the most popular -- and valuable -- intelligent application sales tool is forecasting. “By analyzing historical sales data and various market factors, AI-powered sales applications can generate more accurate forecasts, driving better decision-making, upselling, and cross-selling,” Ours says.

Quote for the day:

"The first task of a leader is to keep hope alive." -- Joe Batten

No comments:

Post a Comment