Innovation needs to be a culture, not just a practice
It is important to build open organisational structures that let teams avoid
obstacles and hierarchies that frequently stifle creativity. An inventive
culture places a strong emphasis on being flat and agile. Employees are more
able to freely communicate their thoughts when they have direct access to
decision-makers. The well-known sportswear company Nike is one example of this.
All levels of staff members are welcome to work together on cutting-edge
concepts and technologies at the company's "Innovation Kitchen." This open
mindset has produced ground-breaking goods like the Nike Flyknit, which
transformed the athletic footwear market. ... Most businesses have started
encouraging the participation of employees across sectors in brainstorming
sessions to think outside the box because they respect unusual thinking and
believe there are no negative ideas. But in some circumstances, one should be
ready to also support the genuinely absurd. Innovation requires a space where
creativity can thrive.
Quantum Plus AI Widens Cyberattack Threat Concerns
The mind-boggling speed of quantum computing is a double-edged sword, however.
On one hand, it helps solve difficult mathematical problems much faster. On the
other, it would increase the cyberattack capabilities beyond comprehension.
“When you marry quantum computing and AI together, you can have an exponential
increase in the advantages that both can offer,” said Dana Neustadter, director
of product management for security IP at Synopsys. “Quantum computing will be
able to enhance AI accuracy, speed, and efficiency. Enhancing AI can be a game
changer for the better for many reasons. Paired with quantum computing, AI will
have greater ability to solve very complex problems. As well, it will analyze
huge amounts of data needed to take decisions or make predictions more quickly
and accurately than conventional AI.” Very efficient and resilient solutions for
threat detection and secure management can be created with enhanced AI,
transforming cybersecurity as we know it today. “However, if used for the wrong
reasons, these powerful technologies also can threaten cybersecurity,”
Neustadter said.
IoT startups fill security gaps
Insider risks have long been one of the most difficult cybersecurity threats to
mitigate. Not only can power users, such as C-level executives, overrule IT
policies, but partners and contractors often get streamlined access to corporate
resources, and may unintentionally introduce risks in the name of expediency. As
IoT continues to encompass such devices as life-saving medical equipment and
self-driving vehicles, even small risks can metastasize into major security
incidents. For San Francisco-based self-driving car startup Cruise, a way to
mitigate the many risks associated with connected cars is to conduct thorough
risk assessments of partners and suppliers. The trouble is that third-party
assessments were such a time-consuming and cumbersome chore that the existing
process was not able to scale as the company grew. “The rise in cloud puts a
huge stress on understanding the risk posture of our partners. That is a complex
and non-trivial thing. Partnerships are always under pressure,” said Alexander
Hughes, Director of Information Security, Trust, and Assurance at Cruise.
Expert: Keep Calm, Avoid Overhyping China's AI Capabilities
"Some of China's bottlenecks relate to a reliance on Western companies to open
up new paradigms, China's censorship regime, and computing power bottlenecks,"
Ding said. "I submitted three specific policy recommendations to the committee,
but I want to emphasize one, which is, 'Keep calm and avoid overhyping China's
AI capabilities.'" Policymakers also erroneously think anything that helps China
around artificial intelligence is going to hurt the U.S. even though giants in
China's AI industry like ByteDance, Alibaba and Baidu end up generating a lot of
profits that come back into the U.S. economy and hopefully get reinvested into
American productivity, according to Ding. "It's a more difficult question than
just, 'Any investment in China's AI sector means it's harmful to U.S. national
security,'" Ding said. "Continuing to maintain the openness of these global
innovation networks is always going to favor the U.S. in the long-run in terms
of our ability to run faster."
Beyond Spreadsheets: How Data-Driven Organizations Outperform the Rest
Creating a data-driven culture must start at the executive level to drive the
understanding that data is central to the operations and success of your
organization, as well as to decision-making at every level. It begins with
communicating the importance of data, making it a corporate initiative. From
there must follow implementing the data infrastructure and analytics tools that
enable every role to get the data needed to drive evidenced-based
decision-making. There is no right or wrong organizational structure to create a
data-driven culture. Still, creating and assigning roles and responsibilities
that will work for your organization, and then staffing and training
accordingly, are essential. You may choose to train most of your staff to
understand and support analytics, or you may rely on a few for performing
analytics while conveying across your organization the overall importance and
requirements of using data and analytics to drive desired results.
Modeling Asset Protection for Zero Trust – Part 1
For operating your IT environment, the Security, Information, and Event
Management (SIEM) system must be a good fit for the infrastructure. Once you
have a complete inventory of your infrastructure, we recommend you complete an
architectural-level evaluation of your SIEM to ensure good alignment. ... The
evaluation should include the cost of setup and three years of operations,
evaluation of organizational competence and available training for each, and the
features of each against your IT landscape. As you evaluate your SIEM
environment, consider evaluating your Extended Detection and Response (XDR)
capability and performing a similar architectural evaluation. You might consider
this part of your SIEM solution or treat it separately and it might be operated
by a separate group. XDR also might not fit well into any pillar evaluation so
could be overlooked if not captured here. Zero Trust requires identification and
valuation of all information technology (IT) assets, automated enforcement of
governance, and automated detection, response, and remediation to threats and
attacks.
Data Engineer vs. Data Analyst
Data engineers play a pivotal role in establishing and maintaining robust Data
Governance practices. They are responsible for designing and implementing data
pipelines, ensuring that data is collected, stored, and processed accurately. By
implementing rigorous quality checks during the extract, Transform, load (ETL)
process, they guarantee that the data is clean and reliable for analysis. On the
other hand, data analysts rely on high-quality and trustworthy data to derive
meaningful insights. They work closely with the data engineer to define
standards for data collection, storage, and usage. ... So, a crucial similarity
between data engineers and data analysts is their shared emphasis on teamwork
and collaboration. Both roles recognize that combining their expertise can lead
to more accurate insights and better decision-making. Moreover, teamwork enables
knowledge sharing between data engineers and analysts. They can exchange ideas,
techniques, and best practices, enhancing their individual skill sets while
collectively driving innovation in Data Management and analysis.
What AppSec and developers working in cloud-native environments need to know
With the emergence of IaaS, PaaS, and IaaS models, the definition of an
application extends to include the associated runtime environment and the
underlying infrastructure. Applications are now not just bundles of code, but
holistic systems that include the virtualized hardware resources, operating
systems, databases, and network configurations they rely on. The advent of
microservices and containerization, where an application can consist of many
independently deployable components each running in its own environment, further
complexifies this definition. In a cloud-native application, each microservice
with its code, dependencies, and environment could be considered an
“application” in its own right. The introduction of Infrastructure as Code (IaC)
has further complicated the definition of applications. IaC is the practice of
managing and provisioning infrastructure through machine-readable definition
files, rather than physical hardware configuration or interactive configuration
tools.
Could the DOJ’s Antitrust Trial vs Google Drive More Innovation?
The thought process among regulators, he says, might be that the antitrust case
against Microsoft brought about change and created opportunities for more
competition -- a similar attempt with Google may be worth the effort. “This
particular antitrust case really focuses narrowly on the company’s popular
search engine, and it alleges that Google uses their 90% market share to
illegally throttle competition in search and search advertising,” Kemp says. CTO
Jimmie Lee with XFactor.io, a developer of a business decision platform, says he
can understand some of big tech’s perspective having come from Meta, Facebook’s
parent, and Microsoft. “When you’re in the company, it feels very different from
being on the outside,” he says. “From the inside, you see the strength of the
technology and how you can better add security and privacy and features and
functionalities throughout the entire stack and workflow.”
4 steps for purple team success
Purple teaming is a function of collaborative security. Historically, it has
literally brought together offensive security engineers or pen testers from the
red side of the team and investigators, detection engineers, and CTI analysts
from the blue side of the team. More recently, however, purple teams have looked
very different, including a variety of members including developers, architects,
information system security officers, software engineers, DFIR teams, and BCP
personnel as well as other departments. To view the purple team simply as a
tactical unit would be an oversimplification. Beyond the immediate operational
benefits, the true value of a purple team lies in fostering cyber resilience. It
is about building an organizational capability that can not only withstand cyber
threats but also adapt and recover swiftly from them. By collaboratively
assessing, learning, and adapting, the purple team approach instills a
resilience mindset, ensuring that the organization is prepared for evolving
cyber threats and is capable of bouncing back even when breaches occur.
Quote for the day:
"If you don’t build your dream, someone
else will hire you to help them build theirs." --
Dhirubhai Ambani
No comments:
Post a Comment