Daily Tech Digest - August 24, 2023

3 data privacy principles to adopt now, even while governments still debate

Fairness is one of the most powerful guiding principles any brand can adopt for its use of data, but what does it mean in practice? On the one hand, it’s about considering how you’re using not just data but the tools and technologies that help you harness data in your marketing and decision-making. On the other hand, it’s important to remember we’re not just talking about one moment in time, like the moment when someone gives you their data, or the moment of an interaction between them and you, in a store or on your website. It’s about the potential implications that these moments can have down the line. Could it lead to an unfair, harmful, or discriminatory outcome for them? Could it keep them from getting credit? Or a job offer? Could it perpetuate a stereotype about a protected class of people? Building a foundation of fairness, for example, could mean implementing policies and procedures to regularly assess the data and tech you use to ensure they do not have a disparate impact on vulnerable consumers.

Cyber attackers using Gen AI more effectively than defenders

Both cyber attackers and defenders employ generative AI, but attackers use it more effectively. Adversaries capitalise on AI/ML, deepfake, facial recognition, and Augmented Reality/Virtual Reality (VR) (AR/VR) to enhance hacking strategies against government agencies, businesses, and strategic targets, surpassing cyber defenders in technological adaptation. Facial recognition and AR/VR systems illustrate the extensive use of deepfake technology by cybercriminals. We predict that within two years, social engineering and phishing attacks will predominantly employ deep fakes, making defenders' tasks much harder. Malware capabilities have evolved significantly. Instead of creating static malware, hackers now build multi-behavioural malware that adapts in real-time. Upon reaching a target, this malware assesses the environment and generates tailored malicious code, targeting various systems like Windows, Linux, Outlook, and mobile devices. This is powered by AI/ML engines, resulting in multi-behavioural, metamorphic, and polymorphic malware that dynamically alters their code as they spread.

Cloud Robotics: A New Frontier for Internet Technology

Robots connected to the cloud are being used in warehouses and distribution centers for material handling, order fulfillment, and inventory management duties. These robots are capable of independent navigation, object recognition and picking, and teamwork with human personnel. The medical sector is likewise ripe for transformation because to cloud robots. Robots connected to the cloud can access patient information, medical records, and cutting-edge disease-diagnosis algorithms. Cloud robotics alters how we connect with our domestic environment regarding home automation. Robots with cloud capabilities can automate harvesting, monitor crop health, and manage resource usage in agriculture. These robots can use the cloud to evaluate massive volumes of field data, forecast agricultural yields, and make quick judgments. Cloud robotics has tremendous promise as we look to the future. Advanced artificial intelligence (AI) and cloud robotics are being combined as a new trend, allowing robots to act more intelligently and quickly adapt to their surroundings.

Organizing Around Business Capabilities

A Value Structure is an idealized teaming structure illustrating how the organization delivers benefits to its customers. The idealized structure includes teams and roles to not only operate a capability, but also to build it. We call this structure the value structure to differentiate it from two other structures within an organization: formal structure and learning structure. The formal structure represents the way an organization structures its activities into jobs and job families, manages compensation and other aspects of human resources. The learning structure represents the way an organization learns to improve its performance, including role-based learning, team-based learning, and establishing a culture of relentless improvement without guilt or blame. Establishment of a value structure independent from formal and learning structures enables an organization to begin to change how it delivers value to customers without the overhead of changing formal reporting or job titles. The value structure makes impediments to the flow of value clearly visible so we can either eliminate them or explicitly orchestrate them.

How to Build True Cyber Resilience

Cyber resilience cannot be achieved by implementing one initiative or investing in one new technology. “CISOs should focus on the question, ‘How ready are we?’" says Hopkins. Are organizations ready to detect threats, respond to them, recover, and adapt to an ever-changing threat landscape? “The first step to building cyber resilience involves understanding which cyberattacks are most relevant to an organization based on its industry, location, IT ecosystem, data type, users, etc.,” says Tony Velleca, CISO at digital technology and IT service company UST and CEO of CyberProof, a UST security services company. Once an organization understands its risks, the question becomes how to detect those threats, stop them, and contain them if and when they become cybersecurity incidents. The answer lies in a blend of technology and talent. Combining the power of cybersecurity tools, such as zero trust and managed detection and response, can help organizations achieve cyber resilience, but they need to ensure the strategies they deploy make measurable progress toward that goal.

AI and the evolution of surveillance systems

AI models are influenced by the datasets used to train them. It is imperative that AI vendors carefully tune and balance their datasets to prevent biases from occurring. Balancing datasets is a manual process that requires making sure that the humans visible in the datasets are a good representation of reality, and do not have biases towards certain human traits. In our case, we use diverse groups of actors, from all over the world, to play out violence for our training datasets to ensure they are balanced. Furthermore, testing regularly for such biases can go a long way. A carefully designed system can protect and help people without significantly impacting their privacy. This requires considering privacy from designing to implementing AI systems. I believe that the future of AI-powered surveillance will see reduced privacy infringement. Currently, large surveillance installations still require humans looking at camera streams all the time. In a trigger-based workflow, where humans take actions after an AI has alerted them, the amount of security camera footage seen by humans is much less, and thus the risk of privacy infringement decreases.

Controversial Cybercrime Law Passes in Jordan

A joint statement by Human Rights Watch, Access Now, Article 19, and 11 other organizations said the bill has several provisions threatening freedom of expression, the right to information, and the right to privacy, as well as tightening government control over the Internet. The groups also claimed the bill will introduce new controls over social media, weaken online anonymity, hamper free expression and access to information, and increase online censorship. Meantime the European Union says it recognizes and supports Jordan's objective to create a strong legislative framework to deal with and counter cybercrime efficiently, but it contends that some of the provisions of the new cybercrime law depart from international human rights standards and could result in limiting freedom of expression online and offline. Liz Throssell, the United Nations' spokesperson for the UN High Commissioner for Human Rights, said countries indeed need to take steps to combat cybercrime, but protecting security online and ensuring online freedoms must be treated as complementary goals.

Evaluating Open Source: Green Flags to Look For

First and foremost, is the open-source community for the solution vibrant; is it widely adopted and does the community regularly contribute updates? A healthily engaged community is a sign that the technology has legs and that companies are successful with it; it often indicates the extent to which companies are employing staff to contribute to the community. Closely related to this point, does the open source technology actually solve the problems you need solved? With the enormous popularity of open source comes the enormous hype around novel technologies, but are those technologies actually something that help solve your business problems in a sustainable way such that you can be confident that your investments may carry you several years? You should evaluate the suitability of open source technology in the same way you evaluate proprietary technology and not let the free or low-cost factors lead to hasty decisions. Finally, are vendors providing software, services, and support for the open source technology? 

How Threat Research Can Inform Your Cloud Security Strategy

The most important thing to remember about cybersecurity is that it’s not an action you take, but a practice you follow. Implementing a strong cloud security posture requires regularly assessing and updating your cloud security policies in light of new threats or not. This means being proactive in your protection strategies and planning for the unexpected. Creating an incident response plan is a great place to start, and continuing employee education and training will help embed a security-focused mindset across the organization as a whole. There is no “one right way” to establish a cloud security strategy, but it’s a sure bet that being informed is a good move. Keeping up to date on the latest cybersecurity threats and vulnerabilities through sources like the National Vulnerability Database and Orca Research Pod is a good place to start. However, proactive measures like implementing best practices, organizational training, and even bug bounties and other security policies can go a long way toward creating a well-informed cloud security posture.

Regulatory uncertainty overshadows gen AI despite pace of adoption

In traditional application development, enterprises have to be careful that end users aren’t allowed access to data they don’t have permission to see. For example, in an HR application, an employee might be allowed to see their own salary information and benefits, but not that of other employees. If such a tool is augmented or replaced by an HR chatbot powered by gen AI, then it will need to have access to the employee database so it can answer user questions. But how can a company be sure the AI doesn’t tell everything it knows to anyone who asks? This is particularly important for customer-facing chatbots that might have to answer questions about customers’ financial transactions or medical records. Protecting access to sensitive data is just one part of the data governance picture. “You need to know where the data’s coming from, how it’s transformed, and what the outputs are,” says Nick Amabile, CEO at DAS42, a data consulting firm. “Companies in general are still having problems with data governance.”

Quote for the day:

"The leader has to be practical and a realist, yet must talk the language of the visionary and the idealist." -- Eric Hoffer

No comments:

Post a Comment