Though simpler, India’s data privacy law is stricter than GDPR in some ways
If you think this is all a tough ask, you should know that the law is simpler
and less prescriptive than data privacy laws in many countries. This kind of
simpler law is appropriate for a country like India for two reasons – one,
because India is just starting down the road of data privacy compliance and two
– because India has a huge SME sector that would struggle to comply with a more
complex law. At the same time, the law is stricter than GDPR in some ways; for
example, in the EU, a business that can develop a case for it having a
“legitimate interest” to process personal data can do so without consent. This
is largely not possible in India. Further, in the EU, a data breach needs to be
reported only to the regulator and individuals only where the data fiduciary
concludes that the breach could result in a risk to the rights and freedoms of
the individual. The government has given itself the power to exempt classes of
data fiduciaries from provisions of the law. This includes start-ups, which have
been specifically mentioned.
Exploring Differences Between Diversity and Inclusion
At an organizational level, both diversity and equity can be addressed through
recruitment processes, but inclusivity is the most challenging and up to the
company as a whole, including all employees. One of the ways to encourage
employees to adopt inclusive behavior is through the power of education. When
people understand why change is important, they are often more inclined to
respond. The word “inclusive” is not a new concept—however, sometimes it is
referred to with little substance. Workplaces say they are inclusive because
they have a diverse representation of employees, but when you ask the minority
groups in that organization if they feel heard, the answer is often conflicting.
Rather than playing the game, they feel as though they are mascots or warming
the bench. When employees realize inclusion means making sure minority groups
feel like they belong, it allows them to assess and challenge their own personal
bias, which may be preventing them from fully embracing all perspectives.
Breached for years: How long-term cyber attacks are able to linger
The first step for any cyber criminal looking to pull off a years’ long hack
is find a way into a target’s network. Even when organizations make it
difficult, there’s usually one entry point. Whether by using initial access
brokers (IABs), exploiting vulnerabilities, or using employee credentials –
the most effective of the three – they need to get in without tripping any
alarms. During the early days of a breach, hackers will do very little other
than observe a business and how its people work. They’ll learn all the
different processes that staff execute during a typical workday and use that
knowledge to mask their movements around the network. There will be no
intrusive actions (data exfiltration, vulnerability exploits, lateral
movements) until they know how to blend in with everyday traffic being triaged
by the organization’s security operations center (SOC) analyst. Attackers
usually indulge in one of two methods to remain undetected for extended
periods of time. The first is when they use genuine compromised credentials
and mimic that employee’s usual behavior
Tech leaders weigh in on the upside and flipside of generative AI
So if projects are already getting off the ground, what are feelings about
where generative AI works best, and how? “The best practises are undoubtedly
cross-functional collaboration, ‘try before you buy,’ and learn from what you
do,” says Marc O’Brien, CIO at radiology healthcare service provider Medica
Group. “In my experience, the algorithms from reputable firms do what they say
on the tin but what really matters is where you position in the workflow.”
Team Teach’s Ivell believes companies can gain a fast start by using tools
being built into applications and suites. “One of the key and immediate
opportunities of generative AI is it’s already being built into some tools we
already use, be that Power BI, Adobe or more industry-specific apps,” he says.
“To take advantage of these needs some internal discovery or analysis of these
new functions, understanding how we’d use them, and, in the first instance,
training our staff how to exploit the new features. People tend to use tools
in the way they always have, and adoption of new features can be slow, so we
need to accelerate that.”
6 best practices to defend against corporate account takeover attacks
It’s important to have strong multifactor authentication around all corporate
accounts, says Bryan Willett, CISO at Lexmark. "What we’re finding with some
of the latest phishing services that are out there, such as EvilProxy, is that
they’re getting very good at imitating a login screen that looks just like
your corporate login screen and your corporate MFA challenge," Willett says.
"And the user has the potential of falling victim to that and sharing their
MFA." ... Organizations should also implement contextual access management
that considers a user’s current location, the device being used, time of
access, network environment, behavior patterns, and other contextual
information, according to Halstead. "By doing so, the risk of unauthorized
access, often exploited in corporate account takeovers, can be significantly
minimized," he says. ... Employee education and awareness are critical, says
Halstead. This "human firewall" remains a very important defense in preventing
corporate account takeovers.
Make Data Security Training Fun and Engaging with These Tips
What are your employees most interested in? What’s most likely to capture
their attention? If you don’t know, ask. Gather insights from employees to
identify their current concerns and interests and integrate those into the
content. Consider how you could leverage their personal interests in your
storytelling approach. For instance, if you have a large base of avid football
fans, how might a Super Bowl-themed story or challenge related to data
security help capture their interest? Ensure accuracy while entertaining:
learning outcomes need to take center stage in your communication efforts, of
course. Strive to provide accurate information about cybersecurity and
employees’ roles in helping to protect systems and data, while integrating
some fun into the delivery of the content. ... Good stories have a protagonist
(in this case, the employees), an antagonist (cybercriminals), and some
tension that leads to a climax in the plotline. Use these elements to create
content that entertains while also illustrating the tangible outcomes and
repercussions of poor data security practices, like the potential damage to
personal and professional relationships.
Robotic Process Automation: Is Your Job at Risk?
One thing is certain: Change is inevitable. Hairston points to The World
Economic Forum’s The Future of Jobs Report 2023, which estimates that 44% of
workers’ skills will be disrupted over the next five years. The current pace
of technology evolution is transforming jobs faster than ever. IT can either
be a key facilitator of the change or a recipient of the change. “In the
former case, IT can push the business toward RPA and other automation
technologies that are designed to be used by business,” he says. “This will
help companies achieve their most strategic objectives and view IT as more of
a partner.” As RPA and AI gain stronger footholds, the only way forward is to
help displaced team members reskill and upskill, Zhao says. “Fortunately, many
online training platforms are available at affordable costs.” To expedite
learning, he advises organizations to develop curated content that employees
can freely access. Zhao notes that such content should be relevant to both the
work being phased out as well as to the tasks that team members will need
moving forward. Executive-level sponsorship of any intelligent automation
strategy is essential for long-term success.
We think that as general-purpose robots are becoming more common—and they
are—people could misuse them. You can find videos online showing how easy it
is to attach a weapon to a mobile robot. So, there’s a reasonable concern
about who will have access to robots and what they can do with that access. We
want to make sure that there will be some regulation around this—and lead the
charge in getting it put into place. Policymakers need to get engaged and be
informed about the capabilities of the robots, as well as the potential
dangers. We are being vocal about our anti-weaponization stance: robots should
not cause harm, nor should they impinge upon anybody’s privacy. The industry
that we’re hoping to build only exists if people trust robots. If they’re
afraid of them, then that’s going to be a problem. ... By managing the final
assembly ourselves, we have better control over the quality and cost, and it
helps us to rapidly iterate. One of the things we have learned is that when
you iterate your design and work with a partner to do the assembly, the
communication challenges are pretty thick.
The Architect’s Guide to Thinking about Hybrid/Multicloud
While most people will tell you complexity is the hardest thing to manage in a
multicloud environment, the truth is that consistency is the primary
challenge. Having software that can run across clouds (public, private, edge)
provides the consistency to manage complexity. Take object storage. If you
have a single object store that can run on AWS, GCP, Azure, IBM, Equinix or
your private cloud, your architecture becomes materially simpler. Consistent
storage and its features (replication, encryption, etc.) enable the enterprise
to focus on the application layer. Consistency creates optionality, and
optionality creates leverage. Reducing complexity can’t come at some
unsustainable cost. By selecting software that runs across clouds (public,
private, edge) you reduce complexity and you increase optionality. If it’s
cheaper to run that workload on GCP, move it there. If it’s cheaper to run
that database on AWS, run it there. If it’s cheaper to store your data on
premises and use external tables, do that.
Observability – everything you need to know
The first thing you need to do on any of these platforms is to get your data
into it. Historically, for log analytics solutions, like Splunk, that was
relatively easy. I don’t mean to trivialise this, but you would grab logs from
all of your infrastructure and send those back to Splunk and we process those.
You would usually deploy an agent to do it. For observability solutions – not
just ours, but any of them – you need more data. In addition to those logs
that you capture from each host, you also need system metrics and application
metrics and profiles and distributed traces and everything else. There are
additional layers of complexity here. Now you’re not just capturing human
readable logs from operating systems, you’re capturing all these other types
of data from the individual applications that people have written. That
requires hooks into all of the hundreds of thousands of libraries that
software developers use. I think that historically has held back this industry
to a fairly large degree. We rely on a project that I co-founded with a number
of other people, and a number of other companies.
Quote for the day:
"I believe it is important for people
to create a healthy mental environment in which to accomplish daily tasks."
-- Darren L. Johnson
No comments:
Post a Comment