Surviving a ransomware attack begins by acknowledging it’s inevitable
Senior management teams that see ransomware attacks as inevitable are quicker to
prioritize actions that seek to reduce the risk of an attack and contain one
when it happens. This mindset redirects board-level discussions of cybersecurity
as an operating expense to a long-term investment in risk management. CISOs need
to be part of that discussion and have a seat on the board. With the
inevitability of ransomware attacks and risks to the core part of any business,
CISOs must guide boards and provide them with insights to minimize risk. A great
way for CISOs to gain a seat on boards is to show how their teams drive revenue
gains by providing continuous operations and reducing risks. “When your board
wants to talk about ransomware, remind them that it might take the form of
day-to-day improvements — in your patching cadence, how you manage identity, how
you defend environments and do infrastructure as code, how you do immutable
backups and so forth,” Baer told VentureBeat.
Ilya Sutskever, OpenAI’s chief scientist, on his hopes and fears for the future of AI
A lot of what Sutskever says is wild. But not nearly as wild as it would have
sounded just one or two years ago. As he tells me himself, ChatGPT has already
rewritten a lot of people’s expectations about what’s coming, turning “will
never happen” into “will happen faster than you think.” “It’s important to talk
about where it’s all headed,” he says, before predicting the development of
artificial general intelligence (by which he means machines as smart as humans)
as if it were as sure a bet as another iPhone: “At some point we really will
have AGI. Maybe OpenAI will build it. Maybe some other company will build
it.” Since the release of its sudden surprise hit, ChatGPT, last November,
the buzz around OpenAI has been astonishing, even in an industry known for hype.
No one can get enough of this nerdy $80 billion startup. World leaders seek (and
get) private audiences. Its clunky product names pop up in casual conversation.
OpenAI’s CEO, Sam Altman, spent a good part of the summer on a weeks-long
outreach tour, glad-handing politicians and speaking to packed auditoriums
around the world.
Lack of federal data privacy law seen hurting IT security
Dawson said the challenge will be overcoming two significant misconceptions
about data collection. "The two big myths in this space are, 'They already have
everything, so why bother?' and, 'If you have nothing to hide, what are you
worried about?'" she said. "Those are two very deliberately structured myths to
enable this sense of complacency about all of this data collection." Data
collection occurs in multiple facets of consumer life, whether that's through
online shopping, social media, travel or even online searches. Dawson said
companies bring those data points together to create a 360-degree view of a
consumer. She asserted that if consumers fully grasped the extent of companies'
data collection, they might not consent willingly. ... "All of this data
collection -- here's the church you go to, here's the alcohol you like, here's
the guilty pleasure you like to read that nobody knows about. Now all of that
can be merged together and can create a very different picture about your life
in a way that people are probably not going to be very comfortable with," she
said.
Why Infrastructure as Code Is Vital for Modern DevOps
Due to its ability to tackle the ownership problem, DevOps teams have embraced
IaC in droves. Because of its ability to abstract, simplify and standardize
deployments, IaC has proven a great boon in helping teams achieve continuous
integration and continuous delivery (CI/CD). IaC has proven useful to CI/CD
practices because it allows DevOps teams to make iterative improvements on apps
and services without having to reassign or reconfigure an underlying piece of
infrastructure. With IaC, developer teams can focus just on the application,
with the onus for infrastructure configuration being on the respective owner as
a separate workflow. This is especially useful for complex infrastructure
arrangements, such as Kubernetes clusters. Additionally, IaC instructions can be
monitored, committed and reverted by teams with ease. Just as they would with a
regular coding workflow, code for IaC tools can be rapidly iterated on for
infrastructure reconfiguration on the fly to reflect the pace of innovation in a
CI/CD environment.
Why CIOs and CDOs Need to Rethink Data Management and Tap AI To Maximize Insights
The difference between the old model and the modern approach is that in the
past, business leaders were swamped with data and tried to sift through it to
find business insights. Today, in the era of AI and ML, data-driven companies
start with the end goal of relevant business insights and then work backwards by
delving into the data. “The top-down approach is a great way to pursue business
insights because, if you know what you’re looking for in terms of measuring the
efficiency of your business group, and if you have day-to-day challenges that
you’re looking to better understand, it would absolutely help to use that as the
driver,” says Ajay. This approach ensures companies derive insights from data
they know is available. Starting with specific business challenges and finding
the corresponding data enables businesses to pull together data fragments,
aggregate them, and define specific metrics and KPIs that can be acted on. ...
One of the critical drivers for accelerating business growth is the cloud. Ajay
explained how he advocates for businesses to recognize how their cloud vendors
are helping them accelerate their data-driven ambitions.
How will cyber security evolve in the data-driven world?
Data breaches within the automotive sector have become more frequent,
particularly involving well-known manufacturers and brands. Earlier this year
there was a data leak of Toyota customers in Japan which was publicly available
for a decade due to a simple technical error. Over two million customers had
data exposed—that’s nearly the entire customer base which had signed up for
Toyota’s main cloud service platforms since 2012. Then, prominent automotive
retailer Arnold Clarke was blackmailed by hackers after suffering a data breach.
It was reported that customers had their addresses, passports and national
insurance numbers leaked on the dark web following a cyber attack on the car
retail giant. More recently, Tesla disclosed a data breach impacting roughly
75,000 people. Notably, this is the result of a whistle-blower leak rather than
a malicious cyber attack. The compromised information includes names, contact
information, and employment-related records associated with current and former
employees as well as customer bank details, production secrets, and customer
complaints regarding driver assistance systems.
White House to issue AI rules for federal employees
For companies developing AI, the executive order might necessitate an overhaul
in how they approach their practices, according to Adnan Masood, chief AI
architect at digital transformation services company UST. The new rules may also
driving up operational costs initially. "However, aligning with national
standards could also streamline federal procurement processes for their products
and foster trust among private consumers," Masood said. "Ultimately, while
regulation is necessary to mitigate AI’s risks, it must be delicately balanced
with maintaining an environment conducive to innovation. "If we tip the scales
too far towards restrictive oversight, particularly in research, development,
and open-source initiatives, we risk stifling innovation and conceding ground to
more lenient jurisdictions globally," Masood continued. "The key lies in making
regulations that safeguard public and national interests while still fueling the
engines of creativity and advancement in the AI sector." Masood said the
upcoming regulations from the White House have been "a long time coming, and
it’s a good step [at] a critical juncture in the US government's approach to
harnessing and containing AI technology.
How Collaboration Among Stakeholders Can Help Better Manage Insider Threats
Not surprisingly, the most effective approach includes a combination of people,
processes, and technology, starting with the latter. Perhaps the most
significant challenge is detecting unauthorized or inappropriate viewing of
patient records, especially given the “wide span of entry points to gain access
to these environments and to the data,” said Fasolo. And while most
organizations would like to be able to continuously monitor access to each and
every patient record, it simply isn’t realistic. What often ends up happening,
according to Culbertson, is that security teams focus their energy on mitigating
serious risks. The problem with that tradeoff, however, is that most incidents
don’t happen out of the blue. “If you look at an individual’s behavior
retrospectively, you see that they did some benign things and built on them,” he
noted. “They test the system,” realizing that low-risk incidents are far less
likely to be investigated. But that’s where the real threat lies, he said,
noting that Protenus’ Protect Patient Privacy solution leverages artificial
intelligence to audit “every access to every record, every day.
How Your CTO And CFO Can Work Together On Tech Costs
CFOs and CTOs need to work together to forecast the TCO annually over the life
of an application for budgeting to be more reflective of the true costs to run
the enterprise application. This process involves identifying the potential cost
takeouts as well, because if code can be 30 percent more efficient, this would
further reduce the cost. The CFO is not the only one who needs this data;
everyone from the developers to the management does. Our goals as technology
professionals should be to understand the efficiency and costs of the features
or code we are creating before they are promoted to production. This is the only
way to truly control the costs of the application and enterprise cloud bills,
which are often way over budget since this mindset is not currently built into
operations. ... Just like a car, every server has an engine (capacity) and gas
mileage (efficiency) and is run at a level of speed that will either tax the
system or is sustainable. We check these regularly as a matter of course for our
cars; why not for our technology?
The Relationship Between Enterprise Tech Debt And Systemic Risk
We are currently witnessing a significant shift as boardrooms are being forced
to address systemic risk. The recent changes announced by the SEC regarding
cybersecurity expertise on boards are part of that shift, and boards and
executive teams are being tasked with directly addressing systemic risk within
their organizations. Systemic risk is one of the biggest challenges facing
most organizations today, and tech debt is one of the primary drivers of
systemic risk. And most executive teams don’t pay attention to either one.
Yet. ... This is the significant challenge that tech debt brings to an
organization. It hides under the cover of “working systems” in the background.
The byproduct of tech debt is systemic risk. These aging platforms carry with
them the risk of failing due to aging infrastructure and unreliable hardware,
and even more importantly they have the chance of being unable to support new
workflows due to poor data structures and limited connectivity options for new
data pipelines. So the systemic risk builds quietly, behind the scenes, while
businesses function seemingly smoothly.
Quote for the day:
''Our expectation in ourselves must be
higher than our expectation in others.'' --
Victor Manuel Rivera
No comments:
Post a Comment