Daily Tech Digest - October 28, 2023

Surviving a ransomware attack begins by acknowledging it’s inevitable

Senior management teams that see ransomware attacks as inevitable are quicker to prioritize actions that seek to reduce the risk of an attack and contain one when it happens. This mindset redirects board-level discussions of cybersecurity as an operating expense to a long-term investment in risk management. CISOs need to be part of that discussion and have a seat on the board. With the inevitability of ransomware attacks and risks to the core part of any business, CISOs must guide boards and provide them with insights to minimize risk. A great way for CISOs to gain a seat on boards is to show how their teams drive revenue gains by providing continuous operations and reducing risks. “When your board wants to talk about ransomware, remind them that it might take the form of day-to-day improvements — in your patching cadence, how you manage identity, how you defend environments and do infrastructure as code, how you do immutable backups and so forth,” Baer told VentureBeat.

Ilya Sutskever, OpenAI’s chief scientist, on his hopes and fears for the future of AI

A lot of what Sutskever says is wild. But not nearly as wild as it would have sounded just one or two years ago. As he tells me himself, ChatGPT has already rewritten a lot of people’s expectations about what’s coming, turning “will never happen” into “will happen faster than you think.” “It’s important to talk about where it’s all headed,” he says, before predicting the development of artificial general intelligence (by which he means machines as smart as humans) as if it were as sure a bet as another iPhone: “At some point we really will have AGI. Maybe OpenAI will build it. Maybe some other company will build it.” Since the release of its sudden surprise hit, ChatGPT, last November, the buzz around OpenAI has been astonishing, even in an industry known for hype. No one can get enough of this nerdy $80 billion startup. World leaders seek (and get) private audiences. Its clunky product names pop up in casual conversation. OpenAI’s CEO, Sam Altman, spent a good part of the summer on a weeks-long outreach tour, glad-handing politicians and speaking to packed auditoriums around the world. 

Lack of federal data privacy law seen hurting IT security

Dawson said the challenge will be overcoming two significant misconceptions about data collection. "The two big myths in this space are, 'They already have everything, so why bother?' and, 'If you have nothing to hide, what are you worried about?'" she said. "Those are two very deliberately structured myths to enable this sense of complacency about all of this data collection." Data collection occurs in multiple facets of consumer life, whether that's through online shopping, social media, travel or even online searches. Dawson said companies bring those data points together to create a 360-degree view of a consumer. She asserted that if consumers fully grasped the extent of companies' data collection, they might not consent willingly. ... "All of this data collection -- here's the church you go to, here's the alcohol you like, here's the guilty pleasure you like to read that nobody knows about. Now all of that can be merged together and can create a very different picture about your life in a way that people are probably not going to be very comfortable with," she said.

Why Infrastructure as Code Is Vital for Modern DevOps

Due to its ability to tackle the ownership problem, DevOps teams have embraced IaC in droves. Because of its ability to abstract, simplify and standardize deployments, IaC has proven a great boon in helping teams achieve continuous integration and continuous delivery (CI/CD). IaC has proven useful to CI/CD practices because it allows DevOps teams to make iterative improvements on apps and services without having to reassign or reconfigure an underlying piece of infrastructure. With IaC, developer teams can focus just on the application, with the onus for infrastructure configuration being on the respective owner as a separate workflow. This is especially useful for complex infrastructure arrangements, such as Kubernetes clusters. Additionally, IaC instructions can be monitored, committed and reverted by teams with ease. Just as they would with a regular coding workflow, code for IaC tools can be rapidly iterated on for infrastructure reconfiguration on the fly to reflect the pace of innovation in a CI/CD environment.

Why CIOs and CDOs Need to Rethink Data Management and Tap AI To Maximize Insights

The difference between the old model and the modern approach is that in the past, business leaders were swamped with data and tried to sift through it to find business insights. Today, in the era of AI and ML, data-driven companies start with the end goal of relevant business insights and then work backwards by delving into the data. “The top-down approach is a great way to pursue business insights because, if you know what you’re looking for in terms of measuring the efficiency of your business group, and if you have day-to-day challenges that you’re looking to better understand, it would absolutely help to use that as the driver,” says Ajay. This approach ensures companies derive insights from data they know is available. Starting with specific business challenges and finding the corresponding data enables businesses to pull together data fragments, aggregate them, and define specific metrics and KPIs that can be acted on. ... One of the critical drivers for accelerating business growth is the cloud. Ajay explained how he advocates for businesses to recognize how their cloud vendors are helping them accelerate their data-driven ambitions. 

How will cyber security evolve in the data-driven world?

Data breaches within the automotive sector have become more frequent, particularly involving well-known manufacturers and brands. Earlier this year there was a data leak of Toyota customers in Japan which was publicly available for a decade due to a simple technical error. Over two million customers had data exposed—that’s nearly the entire customer base which had signed up for Toyota’s main cloud service platforms since 2012. Then, prominent automotive retailer Arnold Clarke was blackmailed by hackers after suffering a data breach. It was reported that customers had their addresses, passports and national insurance numbers leaked on the dark web following a cyber attack on the car retail giant. More recently, Tesla disclosed a data breach impacting roughly 75,000 people. Notably, this is the result of a whistle-blower leak rather than a malicious cyber attack. The compromised information includes names, contact information, and employment-related records associated with current and former employees as well as customer bank details, production secrets, and customer complaints regarding driver assistance systems.

White House to issue AI rules for federal employees

For companies developing AI, the executive order might necessitate an overhaul in how they approach their practices, according to Adnan Masood, chief AI architect at digital transformation services company UST. The new rules may also driving up operational costs initially. "However, aligning with national standards could also streamline federal procurement processes for their products and foster trust among private consumers," Masood said. "Ultimately, while regulation is necessary to mitigate AI’s risks, it must be delicately balanced with maintaining an environment conducive to innovation. "If we tip the scales too far towards restrictive oversight, particularly in research, development, and open-source initiatives, we risk stifling innovation and conceding ground to more lenient jurisdictions globally," Masood continued. "The key lies in making regulations that safeguard public and national interests while still fueling the engines of creativity and advancement in the AI sector." Masood said the upcoming regulations from the White House have been "a long time coming, and it’s a good step [at] a critical juncture in the US government's approach to harnessing and containing AI technology.

How Collaboration Among Stakeholders Can Help Better Manage Insider Threats

Not surprisingly, the most effective approach includes a combination of people, processes, and technology, starting with the latter. Perhaps the most significant challenge is detecting unauthorized or inappropriate viewing of patient records, especially given the “wide span of entry points to gain access to these environments and to the data,” said Fasolo. And while most organizations would like to be able to continuously monitor access to each and every patient record, it simply isn’t realistic. What often ends up happening, according to Culbertson, is that security teams focus their energy on mitigating serious risks. The problem with that tradeoff, however, is that most incidents don’t happen out of the blue. “If you look at an individual’s behavior retrospectively, you see that they did some benign things and built on them,” he noted. “They test the system,” realizing that low-risk incidents are far less likely to be investigated. But that’s where the real threat lies, he said, noting that Protenus’ Protect Patient Privacy solution leverages artificial intelligence to audit “every access to every record, every day. 

How Your CTO And CFO Can Work Together On Tech Costs

CFOs and CTOs need to work together to forecast the TCO annually over the life of an application for budgeting to be more reflective of the true costs to run the enterprise application. This process involves identifying the potential cost takeouts as well, because if code can be 30 percent more efficient, this would further reduce the cost. The CFO is not the only one who needs this data; everyone from the developers to the management does. Our goals as technology professionals should be to understand the efficiency and costs of the features or code we are creating before they are promoted to production. This is the only way to truly control the costs of the application and enterprise cloud bills, which are often way over budget since this mindset is not currently built into operations. ... Just like a car, every server has an engine (capacity) and gas mileage (efficiency) and is run at a level of speed that will either tax the system or is sustainable. We check these regularly as a matter of course for our cars; why not for our technology?

The Relationship Between Enterprise Tech Debt And Systemic Risk

We are currently witnessing a significant shift as boardrooms are being forced to address systemic risk. The recent changes announced by the SEC regarding cybersecurity expertise on boards are part of that shift, and boards and executive teams are being tasked with directly addressing systemic risk within their organizations. Systemic risk is one of the biggest challenges facing most organizations today, and tech debt is one of the primary drivers of systemic risk. And most executive teams don’t pay attention to either one. Yet. ... This is the significant challenge that tech debt brings to an organization. It hides under the cover of “working systems” in the background. The byproduct of tech debt is systemic risk. These aging platforms carry with them the risk of failing due to aging infrastructure and unreliable hardware, and even more importantly they have the chance of being unable to support new workflows due to poor data structures and limited connectivity options for new data pipelines. So the systemic risk builds quietly, behind the scenes, while businesses function seemingly smoothly. 

Quote for the day:

''Our expectation in ourselves must be higher than our expectation in others.'' -- Victor Manuel Rivera

No comments:

Post a Comment