Daily Tech Digest - October 16, 2023

A Holistic Approach to Cyber Resilience

Beyond investing in the right training techniques to build resilience, it is important for security leaders to set up the right culture for cybersecurity and ultimately build a strong cybersecurity foundation. To help meet today’s cybersecurity challenges, organizations should treat cybersecurity as a team sport, working with employees to adopt a collective responsibility mindset throughout the entire organization so as to not place blame or pressure on just the cybersecurity teams. To start building this collective mindset, begin including employees outside of security teams in security training to avoid the blame game when an attack inevitably happens. ... Not only does this help ease the burden security teams feel, but it also ensures that all employees know the appropriate steps to take when encountering a potential threat. By focusing on creating a culture of understanding, employees outside the security team may be more open to learning from these incidents and identifying concerns in the future, ultimately giving your organization a more holistic view of the true state of its cyber resilience.

Why IT projects still fail

Some project leaders list the prevailing do-more-with-less expectation as another reason for failed IT projects today. They say this mentality generally leads to project teams lacking the resources that they need to get the desired work done on time. “Everybody is very concerned with that bottom line, and they should be concerned about that, but the other side of that is they’re expecting a few people to do a lot of things,” Phillips says. For example, she says workers are frequently assigned to multiple projects simultaneously, and many are assigned to that project work on top of their existing duties. As a result, these workers are pulled in too many different directions. Others say enterprise leaders underestimate costs and the time required to complete the work or they fail to allocate the right talent to the team, even as project managers surface the consequences of under-allocating the money, talent, and time needed for success. Experienced project leaders say it’s crucial for IT project managers and CIOs themselves to ensure that the business sponsors and C-suite executives get the information they need to be realistic about the required resources, support, and schedules.

Making sure open source doesn’t fail AI

The biggest difficulty is in defining open source in a world where data and software are so inextricably linked. As Maffulli describes, the most intense discussions among his working group revolve around the dependencies between training data and the instructions on how to apply it. Perhaps not surprisingly, given the complexity and the stakes involved, “there is no strong consensus right now on what that means,” he says. There are at least two approaches, with two primary factions squaring off in the working group. The first tries to stick closely to the comfortable concept of source code, promoting the idea that “source code” gets one-to-one translated to the data set. In this view, the combination of the instructions on how to build the model and the binary code is the source code subject to “open source.” The second faction sees things in a radically different way, believing that you can’t modify code without having access to the original data set. In this view, you need other things to effectively exercise the fundamental freedoms of open source. 

What Are Data Governance Tools, and How Do They Work?

Data governance tools catalog data assets; they collect data from databases, files, applications and other data sources. They then tag data assets based on predefined or custom metadata attributes and classify them based on their sensitivity, importance or relevance to specific compliance regulations. Data governance software ensures that data is accurate, complete and consistent by performing data quality checks and validations. ... Data governance tools help businesses define and manage data ownership, roles and responsibilities as well as implement data security and privacy measures. They ensure data management processes meet regulatory compliance and quality standards. They also help automate the workflow and provide structure to large volumes of data. Data governance tools serve several purposes, which include data quality management to ensure data remains accurate, complete and consistent across an organization. These tools can even be used to enforce compliance with regulatory requirements, such as GDPR and HIPAA. 

Enhancing Enterprise Solutions with SOC as a Service Network Protection

Companies that outsource their SOC activities might benefit from the knowledge, use of cutting-edge technology, and risk assessment of safety professionals. Nearly seventy-one percent of SOC analysts state that they are burned out in their jobs, particularly since there are only a few among them who are in charge of the safety of the entire company. The hackers can take advantage of holes on the infrastructure of a business to gain access unauthorized authorisation or disrupt operations. The threat control and oversight services provided by SOC as a Service aid in identifying and assessing potential risks in OT with IT settings. Owing to the proactive approach, companies are able to tackle problems before they might be used on customers. The tendency to overlook is the process of regularly checking for flaws regarding network infrastructure, software, and users. These analyses also uncover present vulnerabilities and analyze the risks associated with each problem, allowing businesses to choose updates and solutions. SOC as a Service provider not only assists in identifying problems, but additionally in monitoring and resolving those flaws.

Unleashing the Power of AI and ML in Data

Businesses can leverage AI to generate data such as fake reviews and use that information to test and demo a product. This type of demo data generation helps to create a valuable and practical data product that is quick and efficient. One of the key benefits of using AI to generate mock data is that it allows businesses to test and demo data products without having to collect real data from users. ... In forecasting, ML delivers highly automated, finely granular, and more accurate predictions than manual projections. It solves the knowledge risk inherent in organizations where projections are based on “gut feel” and “years of experience.” ML can also pick up on the nuances and subtleties of multiple features playing out in parallel that are invisible to the human eye. ... AI is a powerful technology that can enhance and optimize data analysis, but it doesn’t replace the essential role of software engineers and human expertise. Great technology demands leadership, creativity, empathy, and the ability to navigate complex ecosystems and stakeholders – a uniquely human capacity.

How APAC organisations are tapping generative AI

Across the Asia-Pacific (APAC) region, organisations like GovTech and Culture Amp have been doubling down on GenAI initiatives, more so than other parts of the world. According to a recent study by Enterprise Strategy Group and TechTarget, 75% of APAC respondents plan to adopt generative AI within the next 12 months, with nearly a third already running GenAI workloads in production or are testing the technology. The enthusiasm for generative AI in APAC is also reflected in IT budgets, with over half having allocated budgets to GenAI. Among them, 39% have allocated between 5% and 20% of their IT budget to the technology. The blinding speed of GenAI uptake among APAC organisations is also reflected in the 19% of organisations that are not yet sure if GenAI is a budget item. Nevertheless, the rapid emergence of GenAI as a top IT priority is both impressive and alarming. The study shows that GenAI has become the fifth most important strategic initiative in APAC, trailing behind digital transformation, automation, cyber security, and cost-cutting, and surpassing traditional priorities like cloud and application modernisation.

CISOs and board members are finding a common language

“The C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions,” said Jason Lee, CISO, Splunk. “These relationships provide CISOs the opportunity to become champions who strengthen an organization’s security culture and lead teams to become more cross-collaborative and resilient. By communicating key security metrics, CISOs can also guide boards on adopting emerging technologies, such as generative AI, to help improve cyber defense management and prepare for the future.” ... In 47% of organizations surveyed, the CISOs are now reporting directly to the CEO, indicating a closer relationship with the C-Suite and their respective governing boards. Boards of directors are increasingly looking to CISOs to guide cybersecurity strategy, offering an opportunity for CISOs to articulate value and fill in communication gaps. Numerous CISOs across many industries report regular participation in board meetings, including technology (100%), government (100%), communications and media (94%), healthcare (88%) and manufacturing (86%).

Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies

Enterprise risk executives should start by implementing clear rules prohibiting employees from using any unapproved web applications and tools. “It’s really another instance of shadow IT, which includes any IT-related purchases, activities or uses that the IT department is unaware of and which has historically been a big problem in most organizations,” Stevens says. When employees use approved GenAI tools, the company needs rules governing what data can -- and, more importantly, cannot -- be used with the tool. “But these rules shouldn’t be limited to only GenAI tools,” she adds. “They should be in place for all tools and applications used in the organization.” These execs should partner with any key stakeholders who might use GenAI tools. Stevens says ideally, the organization has a CISO, with the infosec organization a key stakeholder for every application that accesses and stores data or lives within the company’s network and ecosystem.

How To Use Serverless Architecture

Imagine an application as being composed of two parts: the frontend, which users interact with, and the backend, which powers the frontend. In serverless architectures, this backend code runs on the infrastructure provided by the cloud service, removing the need for businesses to worry about managing physical servers. While this does simplify things significantly, it doesn’t entirely remove responsibility from the business owner or the developer. There’s still the need to ensure the security of your code, and initial setup is necessary, albeit less time-consuming than traditional server setups. Serverless architectures are also event-driven. When certain events or triggers happen (like an HTTP request or database event, for example), your application responds. While this shifts the security of the physical servers onto the cloud provider, the responsibility for securing your code still lies with you. The building blocks of serverless applications are functions—small pieces of code, each doing a specific task. 

Quote for the day:

"Thinking should become your capital asset, no matter whatever ups and downs you come across in your life." -- Dr. APJ Kalam

No comments:

Post a Comment