Daily Tech Digest - January 06, 2024

FTC offers $25,000 prize for detecting AI-enabled voice cloning

Through the Voice Cloning Challenge, the FTC aims to find a solution that can identify cases of voice cloning with the help of generative AI. The agency calls it “an exploratory challenge” that could potentially provide a direction for the risk mitigation effort. The winning proposal will receive $25,000 and the runner-up will get $4,000. There are up to three honorable mentions, each awarded with $2,000. On January 2nd, the agency started accepting submissions via this portal and will receive ideas for 10 days, until January 12, 08:00 PM EST. Submissions must include a one-page overview of the proposal and a detailed description of up to 10 pages. Participants may also include a video to show how their idea works. All submissions will be judged based on their practical feasibility, impact on corporate accountability and burden on the consumer, and resilience to rapid technological advancements in the field. Should the challenge fail to yield any effective defense ideas, FTC notes that the effort will serve as an early warning for policymakers and would highlight the need for more stringent regulations on the use of AI technology.

Building a Great Security Operations Center

Without a defined SOC strategy, security leaders may struggle to prioritize resources. A strategy provides direction based on various inputs such as the threat landscape, regulatory requirements and threat assessments specific to the organization. In the context of an SOC, the primary objective of the SOC strategy should be to avoid a situation where the cost and effort is high and the value and return on investment (ROI) is low. The aim of the SOC strategy is to ensure that the SOC effectively fulfils its function and, in doing so, helps the organization to fulfil its overall business objectives. A well-architected SOC provides a positive ROI by minimizing potential financial losses due to cyberincidents. At the same time, an SOC enhances an organization’s ability to detect and respond to cyberthreats in real time, safeguarding sensitive data and protecting the organization’s reputation. Therefore, compliance, ROI and risk reduction are interconnected. Although it is easy to get carried away with generic cybersecurity use cases, the development of business-aligned use cases is what separates average SOCs from great SOCs.

Is the vCISO Model Right for Your Organization?

It's getting harder to justify not having a CISO, so many businesses that have never had one are filling the gap with a virtual CISO (vCISO). A vCISO, sometimes referred to as a fractional CISO or CISO-as-a-service, is typically a part-time, outsourced security expert who helps businesses protect their infrastructure, data, personnel and customers. Depending on the needs of the company, vCISOs can work on-site or remotely, for the long term or short term. There are plenty of reasons why companies are going the vCISO route. Sometimes it's an internal crisis where a company's CISO has unexpectedly resigned and the board needs time to find a permanent new one. Other times it revolves around new regulatory or business requirements or a cybersecurity framework the company needs to adhere to, like NIST's Cybersecurity Framework 2.0. Sometimes a board member used to being briefed by the CISO may request a vCISO. "A smaller company might need a CISO but just a few days a week, and that type of delivery model is perfect for a vCISO," says Russell Eubanks, a vCISO who is also on the faculty of IANS Research and an instructor with SANS Institute.

Generative AI and Data Management: Transforming B2B Practices

Generative AI’s future in data management and analytics shines with promising trends to redefine data analysis methodologies. These trends encompass enhanced augmentation, deeper understanding and explanation, and the democratization of data analysis, presenting a transformative shift in how organizations harness data for insights and decision-making. Generative AI is poised to transcend traditional data visualization, evolving to augment the entire data analysis workflow. This evolution encompasses automated data exploration, hypothesis generation, data storytelling, and predictive analytics. AI’s capability to suggest patterns, relationships, and anomalies and generate comprehensive reports promises to revolutionize data-driven decision-making. The future of Generative AI goes beyond reporting events, delving into causality and explanations. The upcoming trends include causal inference, counterfactual analysis, and the integration of Explainable AI (XAI). These advancements ensure a profound understanding of underlying causes behind observed trends and transparent insights for users.

4 Strategies for Migrating Monolithic Apps to Microservices

For many organizations, taking a lift-and-shift approach is the first step for migrating monolithic applications to Kubernetes and microservices. This involves directly lifting the monolith onto hardware hosted in the cloud, and then gradually breaking down the app into microservices. However, the lift-and-shift philosophy has its challenges, as organizations must refactor monoliths to optimize them for the cloud. Therefore, it’s often more cost-effective to refactor an application service by service into a containerized architecture. ... Dependencies within monolithic apps are deeply intertwined. These close relationships among components are one of the driving forces behind the move to Kubernetes and microservices, as they hinder flexible changes and deployment. When migrating an application to a microservices architecture, it’s important for teams to understand all dependencies among services and to reduce and streamline them as much as possible. Asynchronous messaging is key, allowing services to communicate by sending and receiving messages using queues. 

Network Tokenization and Digital Identities Are Quietly Transforming Payment Security

Digital identities, through biometric data and multi-factor authentication, fortify the security of transactions. This not only protects users from identity theft but also strengthens the overall trustworthiness of digital payment systems. “We never really thought about, what does it mean to identify a person on the internet in a way that is portable and doesn’t require you to rely on a single private platform,” Mike Brock, CEO of TBD, a business from Block focused on open-source decentralized technologies, told PYMNTS. Digital identities play a crucial role in meeting regulatory requirements. By providing a secure and traceable means of verifying user identities, businesses can navigate compliance challenges more efficiently, reducing the complexities associated with anti-money laundering (AML) and know your customer (KYC) processes. “Combating Online Fraud With Digital Identification,” a PYMNTS Intelligence and Prove collaboration, finds that security is highly important for 83% of consumers, while 53% say consistent experiences across different platforms have a very or extremely big impact on their trust in financial institutions.

AI governance outlook: A Global South perspective

An under-regulated path for AI and emerging technologies may bring diverse negative outcomes. These outcomes may lead to a rise in inequality, loss of privacy, and ethical transgressions. By contextualising this through understanding the history of the industrial revolutions that brought drastic changes in people's social and economic lives and prioritising moral concerns, the G20 and GPAI member states can reduce negative results that will arise without the right steering and regulation. Despite the G20's significant influence and GPAI’s members’ technical expertise, many member states face issues with the digital divide, especially the unequal distribution of advanced technologies and their benefits. The divide deepens as AI development, mainly in developed markets, widens the gap between these countries and their developing counterparts in AI research and development (R&D). As per the AI Index Fund 2023, private investments in AI from 2013-22 in the United States (US) (US$250 billion) outpaces that of other economies including India, Japan, the United Kingdom (UK) and most of the other G20 nations.

At What Point Is Digital Transformation A Success?

“Digital transformation” sounds like an expensive, laborious slog. The good news is that most companies are likely closer to succeeding at it than they think. Getting in shape and digital transformation have a lot in common: planning, persistence and patience—with a lot of pragmatism—are the keys to achieving your goals. ... When you are in a new fitness regimen, have you “failed” because you’ve only lost 10 pounds of your 20-pound goal? Of course not. You celebrate your progress, and you keep working at it. In a digital transformation, each company’s goals and starting points are unique to their particular circumstances. As a result, based on the clients I work with daily, there are many ways to measure progress. ... In building a great company or social sector enterprise, there is no single defining action, no grand program, no one killer innovation, no solitary lucky break, no miracle moment. Rather, the process resembles relentlessly pushing a giant, heavy flywheel, turn upon turn, building momentum until a point of breakthrough, and beyond.

How to prepare for increased oversight of cybersecurity

DORA, NIST 2.0 frameworks and the new SEC rules can help speed up this process. However, companies can also develop best practices to better implement board oversight of cybersecurity risk. First, covered entities must start planning now for the structural and cultural changes these rules and regulations will require—they will take time to implement. When done right, a risk management program will educate and empower company leaders to understand and confidently accept, mitigate or transfer risk. Second, to promote this strong governance at the C-Suite and board level, companies must educate their leadership on how to take a front seat around cyber strategy and governance. Rather than an insulated organizational function, cyber risk management should be informed by a company’s business strategies, compliance landscape, and risk culture. Finally, it will be critical for organizations to understand specific roles and responsibilities and to maintain regular lines of communications. In addition to the Board and other company leaders, security, communications, and legal teams should be involved in ongoing conversations around achieving a whole-of-business cyber governance strategy.

Optimizing PCI compliance in financial institutions

In practice, IT architectural patterns give architects the building blocks to design any IT solution. The architect chooses and orders the patterns available in the portfolio to meet the end goal. Having segmentation between infrastructure providing data processing and data storage is an example of a broad IT security architectural pattern. If the solution’s goal involves processing and storing data, the architect is constrained to place the pieces that will fulfill those tasks in the proper segments. Furthermore, if the operating system pattern is Linux Oracle Enterprise, the architect would use that pattern first in its design unless technical constraints made the consumption of this pattern suboptimal to accomplish the solution’s goal. All other needs, for example, authentication, encryption, log management, system configuration, would be treated the same—by using the architectural patterns available. The notion of pattern exists beyond IT in areas that a PCI security assessment touches, such as employee pre-employment practices, awareness security training, risk assessment methodology, or third-party service provider management.

Quote for the day:

"Give whatever you are doing and whoever you are with the gift of your attention." -- Jim Rohn

No comments:

Post a Comment