A Holistic Approach to Cyber Resilience
Beyond investing in the right training techniques to build resilience, it is important for security leaders to set up the right culture for cybersecurity and ultimately build a strong cybersecurity foundation. To help meet today’s cybersecurity challenges, organizations should treat cybersecurity as a team sport, working with employees to adopt a collective responsibility mindset throughout the entire organization so as to not place blame or pressure on just the cybersecurity teams. To start building this collective mindset, begin including employees outside of security teams in security training to avoid the blame game when an attack inevitably happens. ... Not only does this help ease the burden security teams feel, but it also ensures that all employees know the appropriate steps to take when encountering a potential threat. By focusing on creating a culture of understanding, employees outside the security team may be more open to learning from these incidents and identifying concerns in the future, ultimately giving your organization a more holistic view of the true state of its cyber resilience.
Why IT projects still fail
Some project leaders list the prevailing do-more-with-less expectation as another reason for failed IT projects today. They say this mentality generally leads to project teams lacking the resources that they need to get the desired work done on time. “Everybody is very concerned with that bottom line, and they should be concerned about that, but the other side of that is they’re expecting a few people to do a lot of things,” Phillips says. For example, she says workers are frequently assigned to multiple projects simultaneously, and many are assigned to that project work on top of their existing duties. As a result, these workers are pulled in too many different directions. Others say enterprise leaders underestimate costs and the time required to complete the work or they fail to allocate the right talent to the team, even as project managers surface the consequences of under-allocating the money, talent, and time needed for success. Experienced project leaders say it’s crucial for IT project managers and CIOs themselves to ensure that the business sponsors and C-suite executives get the information they need to be realistic about the required resources, support, and schedules.
Making sure open source doesn’t fail AI
The biggest difficulty is in defining open source in a world where data and
software are so inextricably linked. As Maffulli describes, the most intense
discussions among his working group revolve around the dependencies between
training data and the instructions on how to apply it. Perhaps not surprisingly,
given the complexity and the stakes involved, “there is no strong consensus
right now on what that means,” he says. There are at least two approaches, with
two primary factions squaring off in the working group. The first tries to stick
closely to the comfortable concept of source code, promoting the idea that
“source code” gets one-to-one translated to the data set. In this view, the
combination of the instructions on how to build the model and the binary code is
the source code subject to “open source.” The second faction sees things in a
radically different way, believing that you can’t modify code without having
access to the original data set. In this view, you need other things to
effectively exercise the fundamental freedoms of open source.
What Are Data Governance Tools, and How Do They Work?
Data governance tools catalog data assets; they collect data from databases,
files, applications and other data sources. They then tag data assets based on
predefined or custom metadata attributes and classify them based on their
sensitivity, importance or relevance to specific compliance regulations. Data
governance software ensures that data is accurate, complete and consistent by
performing data quality checks and validations. ... Data governance tools help
businesses define and manage data ownership, roles and responsibilities as well
as implement data security and privacy measures. They ensure data management
processes meet regulatory compliance and quality standards. They also help
automate the workflow and provide structure to large volumes of data. Data
governance tools serve several purposes, which include data quality management
to ensure data remains accurate, complete and consistent across an organization.
These tools can even be used to enforce compliance with regulatory requirements,
such as GDPR and HIPAA.
Enhancing Enterprise Solutions with SOC as a Service Network Protection
Companies that outsource their SOC activities might benefit from the knowledge,
use of cutting-edge technology, and risk assessment of safety professionals.
Nearly seventy-one percent of SOC analysts state that they are burned out in
their jobs, particularly since there are only a few among them who are in charge
of the safety of the entire company. The hackers can take advantage of holes on
the infrastructure of a business to gain access unauthorized authorisation or
disrupt operations. The threat control and oversight services provided by SOC as
a Service aid in identifying and assessing potential risks in OT with IT
settings. Owing to the proactive approach, companies are able to tackle problems
before they might be used on customers. The tendency to overlook is the process
of regularly checking for flaws regarding network infrastructure, software, and
users. These analyses also uncover present vulnerabilities and analyze the risks
associated with each problem, allowing businesses to choose updates and
solutions. SOC as a Service provider not only assists in identifying problems,
but additionally in monitoring and resolving those flaws.
Unleashing the Power of AI and ML in Data
Businesses can leverage AI to generate data such as fake reviews and use that
information to test and demo a product. This type of demo data generation helps
to create a valuable and practical data product that is quick and efficient. One
of the key benefits of using AI to generate mock data is that it allows
businesses to test and demo data products without having to collect real data
from users. ... In forecasting, ML delivers highly automated, finely granular,
and more accurate predictions than manual projections. It solves the knowledge
risk inherent in organizations where projections are based on “gut feel” and
“years of experience.” ML can also pick up on the nuances and subtleties of
multiple features playing out in parallel that are invisible to the human eye.
... AI is a powerful technology that can enhance and optimize data analysis, but
it doesn’t replace the essential role of software engineers and human expertise.
Great technology demands leadership, creativity, empathy, and the ability to
navigate complex ecosystems and stakeholders – a uniquely human capacity.
How APAC organisations are tapping generative AI
Across the Asia-Pacific (APAC) region, organisations like GovTech and Culture
Amp have been doubling down on GenAI initiatives, more so than other parts of
the world. According to a recent study by Enterprise Strategy Group and
TechTarget, 75% of APAC respondents plan to adopt generative AI within the
next 12 months, with nearly a third already running GenAI workloads in
production or are testing the technology. The enthusiasm for generative AI in
APAC is also reflected in IT budgets, with over half having allocated budgets
to GenAI. Among them, 39% have allocated between 5% and 20% of their IT budget
to the technology. The blinding speed of GenAI uptake among APAC organisations
is also reflected in the 19% of organisations that are not yet sure if GenAI
is a budget item. Nevertheless, the rapid emergence of GenAI as a top IT
priority is both impressive and alarming. The study shows that GenAI has
become the fifth most important strategic initiative in APAC, trailing behind
digital transformation, automation, cyber security, and cost-cutting, and
surpassing traditional priorities like cloud and application modernisation.
CISOs and board members are finding a common language
“The C-Suite and board of directors are increasingly relying on CISOs for
guidance across a sophisticated threat landscape and changing market
conditions,” said Jason Lee, CISO, Splunk. “These relationships provide CISOs
the opportunity to become champions who strengthen an organization’s security
culture and lead teams to become more cross-collaborative and resilient. By
communicating key security metrics, CISOs can also guide boards on adopting
emerging technologies, such as generative AI, to help improve cyber defense
management and prepare for the future.” ... In 47% of organizations surveyed,
the CISOs are now reporting directly to the CEO, indicating a closer
relationship with the C-Suite and their respective governing boards. Boards of
directors are increasingly looking to CISOs to guide cybersecurity strategy,
offering an opportunity for CISOs to articulate value and fill in
communication gaps. Numerous CISOs across many industries report regular
participation in board meetings, including technology (100%), government
(100%), communications and media (94%), healthcare (88%) and manufacturing
(86%).
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies
Enterprise risk executives should start by implementing clear rules
prohibiting employees from using any unapproved web applications and tools.
“It’s really another instance of shadow IT, which includes any IT-related
purchases, activities or uses that the IT department is unaware of and which
has historically been a big problem in most organizations,” Stevens says. When
employees use approved GenAI tools, the company needs rules governing what
data can -- and, more importantly, cannot -- be used with the tool. “But these
rules shouldn’t be limited to only GenAI tools,” she adds. “They should be in
place for all tools and applications used in the organization.” These execs
should partner with any key stakeholders who might use GenAI tools. Stevens
says ideally, the organization has a CISO, with the infosec organization a key
stakeholder for every application that accesses and stores data or lives
within the company’s network and ecosystem.
How To Use Serverless Architecture
Imagine an application as being composed of two parts: the frontend, which
users interact with, and the backend, which powers the frontend. In serverless
architectures, this backend code runs on the infrastructure provided by the
cloud service, removing the need for businesses to worry about managing
physical servers. While this does simplify things significantly, it doesn’t
entirely remove responsibility from the business owner or the developer.
There’s still the need to ensure the security of your code, and initial setup
is necessary, albeit less time-consuming than traditional server setups.
Serverless architectures are also event-driven. When certain events or
triggers happen (like an HTTP request or database event, for example), your
application responds. While this shifts the security of the physical servers
onto the cloud provider, the responsibility for securing your code still lies
with you. The building blocks of serverless applications are functions—small
pieces of code, each doing a specific task.
Quote for the day:
"Thinking should become your capital
asset, no matter whatever ups and downs you come across in your life." --
Dr. APJ Kalam
No comments:
Post a Comment