Daily Tech Digest - November 17, 2023

Here is how far we are to achieving AGI, according to DeepMindDeep

Mind presents a matrix that measures “performance” and “generality” across five levels, ranging from no AI to superhuman AGI, a general AI system that outperforms all humans on all tasks. Performance refers to how an AI system’s capabilities compare to humans, while generality denotes the breadth of the AI system’s capabilities or the range of tasks for which it reaches the specified performance level in the matrix. ... DeepMind suggests that an AGI benchmark would encompass a broad suite of cognitive and metacognitive tasks, measuring diverse properties, including linguistic intelligence, mathematical and logical reasoning, spatial reasoning, interpersonal and intrapersonal social intelligence, the ability to learn new skills, and creativity. However, they also acknowledge that it is impossible to enumerate all tasks achievable by a sufficiently general intelligence. “As such, an AGI benchmark should be a living benchmark. Such a benchmark should therefore include a framework for generating and agreeing upon new tasks,” they write.

Utilizing A Business Information Security Officer

Unfortunately, a majority of CISOs are spending their limited time firefighting issues rather than contributing to business strategy or forging relationships. This is where a business information security officer (BISO) can come in. According to Forrester, the BISO operates on behalf of the CISO, serving as an advisor and bridge to functional leaders. In other words, it’s a security role that puts business first. ... Security culture can be defined as the values, attitudes, customs, beliefs, and social behaviors that influence the security posture of an organization. It’s the stuff that drives secure behavior in employees (even when no one’s watching); it’s the security instinct that kicks in when someone sees something unusual or suspicious. Traditionally, most CISOs are not in close contact or communication with employees, and therefore, it is difficult for them to influence and promote a positive security culture. With the BISO role, it's different; since the BISO enjoys closer ties with various business groups and has a better understanding of employee requirements and sentiments, they are better positioned to influence culture change.

Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure

On the 11 companies that were successfully infiltrated, the threat actors executed malicious code to conduct reconnaissance of the firewall configurations and determine the next course of action. "This kind of coordination requires planning and resources," SektorCERT said in a detailed timeline of events. "The advantage of attacking simultaneously is that the information about one attack cannot spread to the other targets before it is too late." "This puts the power of information sharing out of play because no one can be warned in advance about the ongoing attack since everyone is attacked at the same time. It is unusual – and extremely effective." A second wave of attacks targeting more organizations was subsequently recorded from May 22 to 25 by an attack group with previously unseen cyber weapons, raising the possibility that two different threat actors were involved in the campaign. That said, it's currently unclear if the groups collaborated with each other, worked for the same employer, or were acting independently.

Demystifying Event Storming: A Comprehensive Guide to Understanding Complex Systems

Event Storming is a powerful and collaborative workshop-based technique used to gain a deep understanding of complex systems, processes, and domains. It was introduced by Alberto Brandolini, an expert in domain-driven design and Agile software development. Event Storming stands out as a versatile and practical approach that brings together stakeholders, domain experts, software developers, and business analysts to unravel the intricacies of a system. At its core, Event Storming is a visual modeling method that uses sticky notes and a large workspace, such as a wall or whiteboard, to represent various events and interactions within a system. These events can range from user actions, system processes, and domain events to business rules and policies. The workshop participants collaboratively contribute to this visual representation, creating a shared understanding of the system’s behavior and business processes. Event Storming starts with a domain description, then Big Picture. Big Picture Event Storming is the first step in understanding complex systems. 

Integration of Cybersecurity into Physical Security Realm

In this era of evolving cyber threats, integrating cybersecurity into physical security is not a choice but an organizational necessity. In most cases, physical security and cybersecurity work as two sides of the same backbone in the spectrum of security. Physical security protects tangible assets, such as buildings, equipment, and people, from physical threats. On the other hand, cybersecurity focuses on safeguarding digital assets, information, and systems from virtual threats, including hacking, malware, and data breaches. In this context, just as a backbone provides structural support to the body, the integration of cybersecurity into the realm of physical security offers a robust defense for an organization. This fusion of digital and physical security measures creates a comprehensive defense strategy which safeguards firm-specific assets, personnel, and data from various threats. This integrated approach ensures not only the protection of the physical infrastructure but also the prevention of unauthorized access, tampering, and disruptions caused by cyberattacks. It is paramount to understand how cybersecurity enhances physical security systems’ resilience.

Bridging the expectation-reality gap in machine learning

The engineers who wrangle company data to build ML models know it’s far more complex than that. Data may be unstructured or poor quality, and there are compliance, regulatory, and security parameters to meet. There is no quick-fix to closing this expectation-reality gap, but the first step is to foster honest dialogue between teams. Then, business leaders can begin to democratize ML across the organization. Democratization means both technical and non-technical teams have access to powerful ML tools and are supported with continuous learning and training. Non-technical teams get user-friendly data visualization tools to improve their business decision-making, while data scientists get access to the robust development platforms and cloud infrastructure they need to efficiently build ML applications. At Capital One, we’ve used these democratization strategies to scale ML across our entire company of more than 50,000 associates. When everyone has a stake in using ML to help the company succeed, the disconnect between business and technical teams fades. So what can companies do to begin democratizing ML? 

Generative AI Solution Architecture for Complex Enterprises

Generative AI tends to be non-deterministic (running it multiple times even with the same input may result in different behaviour each time it is run). Therefore, how we design, manage and test it needs different thinking from more traditional deterministic technologies. As with machine learning in general, maths and algorithms that are inaccessible to the average person (without knowledge of statistics and data science) create issues in understanding and transparency. Add to this the complexity of enterprise architecture (business, data, applications and applications) in modern organisations, and explainability becomes even more difficult. This non-deterministic behaviour also creates consistency, reliability and repeatability challenges. ... Scaling systems powered by machine learning is challenging. Creating an algorithm in a lab environment that comes up with an answer in several hours is OK for a one-off exercise, but simply won’t cut it for real-time customer interaction at scale. It won’t simply be the performance of the ML models; how you integrate these models with enterprise data stores and systems of record will also impact performance. 

Why cyber war readiness is critical for democracies

We can’t talk about the war in Ukraine and not mention cyber attacks aimed at disrupting operational technology (OT) used by companies that are part of the country’s critical infrastructure (CI). In his talk, Ferguson briefly passed through the known attacks that hit CI entities with OT-specific malware, starting with Stuxnet in 2010 and ending with CosmicEnergy in 2023. Some of the attacks are believed to be the work of the US and Israel (Stuxnet), cybercriminals or are still unattributed (the destructive 2014 attack against a steel plant in Germany). But the rest, he noted, are all believed to have been mounted by Russian state-backed attackers. And, he says, they are getting better at it. Mirroring the development of attacks against IT systems, they have recently begun exploiting legitimate tools found in OT environments, so they don’t need to develop customized malware. Many attackers are scanning for OT-specific protocols and probing OT devices, Ferguson noted. While their actual exploitation hinges on the skills of the attackers, some modes of attack are available to those who are less skilled, but eager. 

Unpatched Critical Vulnerabilities Open AI Models to Takeover

The risk is not theoretical: Large companies have already embarked on aggressive campaigns to find useful AI models and apply them to their markets and operations. Banks already use machine learning and AI for mortgage processing and anti-money laundering, for example. While finding vulnerabilities in these AI systems can lead to compromise of the infrastructure, stealing the intellectual property is a big goal as well, says Daryan Dehghanpisheh, president and co-founder of Protect AI. "Industrial espionage is a big component, and in the battle for AI and ML, models are a very valuable intellectual property asset," he says. "Think about how much money is spent on training a model on the daily basis, and when you're talking about a billion parameters, and more, so a lot of investment, just pure capital that is easily compromised or stolen." Battling novel exploits against the infrastructure underpinning natural-language interactions that people have with AI systems like ChatGPT will be even more impacting, says Dane Sherrets, senior solutions architect at HackerOne.

How to prepare for anything

In Latin, Audi means listen (translated from German horch, which is also the name of Audi’s founder, August Horch). And that is exactly what Mohr decided to do: listen to the questions he and his team were asking themselves. Mohr chose a human approach to understanding how change comes about. It revolves around understanding and embracing the five levels or shades of uncertainty on the journey toward transformation: wonder, skepticism, curiosity, doubt, and creativity. ... “We needed to understand what really matters to our people in order to initiate meaningful change,” Stine Thomssen, who is part of Mohr’s leadership team, recalls. Understanding what really matters to your employees requires insight into their ways of thinking and talking about their everyday practice. This calls for a systematic approach of tapping into the questions people are asking one another in your organization. In the case of the paint shop, it involved setting up several workshops and using a digital platform to engage employees in peer-to-peer conversations about the future. 

Quote for the day:

''The manager asks how and when, the leader aks what and why.'' -- Warren Bennis

No comments:

Post a Comment