Daily Tech Digest - January 17, 2024

Improving Supply Chain Security, Resiliency

Regulatory compliance plays a vital role in how cybersecurity strategies are built: Compliance mandates like GDPR and the NIST Cybersecurity Framework provide foundations for data protection, access control, and incident response. “With these baselines in place, organizations can ensure that there is a certain level of security across all supply chain partners, which reduces the overall risk landscape,” Bachwani says. “Compliance also fosters a culture of security, which drives continuous improvement.” He adds that the pressure to meet regulatory standards necessitates ongoing risk assessments, proactive risk management practices, and regular vulnerability patching, which prioritizes cybersecurity in decision-making. “Regulatory frameworks often come with heavy fines and reputational damage for those who do not comply,” Bachwani notes. “This incentivizes everyone within the supply chain to prioritize cybersecurity and invest in robust safeguards.” Christopher Warner, senior security consultant at GuidePoint Security, says regulatory frameworks often specify security controls and standards that organizations must follow.

Quantum entanglement discovery is a revolutionary step forward

This discovery opens the door to new quantum communication protocols, utilizing topology as a medium for quantum information processing. Such protocols could revolutionize how we encode and transmit information in quantum systems, especially in scenarios where traditional encoding methods fail due to minimal entanglement. In summary, the significance of this research lies in its potential for practical applications. For decades, preserving entangled states has been a major challenge. The team’s findings suggest that topology can remain intact even as entanglement decays, offering a novel encoding mechanism for quantum systems. Professor Forbes concludes with a forward-looking statement, saying, “We are now poised to define new protocols and explore the vast landscape of topological nonlocal quantum states, potentially revolutionizing how we approach quantum communication and information processing.” ... It’s a physical process where pairs or groups of particles are generated, interact, or share spatial proximity in ways such that the quantum state of each particle cannot be described independently of the state of the others, even when the particles are separated by a large distance.

Staffing levels: are data centers at risk of unnecessary outages?

As for whether there were sufficient staff onsite during the Microsoft outage, and what should be the optimal number of staff present, John Booth, Managing Director of Carbon3IT Ltd, and Chair of the Energy Efficiency Group of the Data Centre Alliance, says it very much depends on the design and scale of the data center, as well as on the level of automation for monitoring and maintenance. Data centers are also often reliant on outsourced personnel for specific maintenance and emergency tasks and offer a 4-hour response. Beyond this, he suggests there is a need for more information to determine whether 7 staff were sufficient but admits that 3 members of staff are usually the norm for a night shift, “with perhaps more during the day depending on the rate of churn of equipment.” Davis adds that there is no reliable rule of thumb because each and every organization and site is different. However, there are generally accepted staff calculation techniques that can determine the right staffing levels for a particular data center site. As for the Microsoft incident, he’d need to formally do the calculations to decide whether 3 or 7 technicians were sufficient. It’s otherwise just a guess.

Projecting 2024 Cybertrends and C-Suite Responsibilities

Organizations must comply with various regulations and standards, such as the EU General Data Protection Regulation (GDPR), the US State of California Consumer Privacy Act (CCPA), the Payment Card Industry Data Security Standard (PCI DSS), and the US Health Insurance Portability and Accountability Act (HIPAA). Non-compliance can result in fines, legal action, or reputational damage. Compliance can be achieved if C-suite executives establish a compliance framework that requires them to assess and monitor their compliance status and implement necessary policies and procedures. They should also stay up to date on the changing regulatory and compliance landscape and engage with regulators and policymakers.The persistent cybersecurity skills gap is the shortage of qualified and experienced cybersecurity professionals on the job market. The cybersecurity skills gap can affect the ability of organizations to prevent, detect, and respond to cyberthreats. To help fill the skills gap, C-level executives should invest in the recruitment, retention, and development of their cybersecurity talent, and offer competitive compensation and benefits.

Here’s what you should look for in an OKR Management Tool

Communication is central to ensuring the success of any goal-setting framework. Make sure the technology you are leveraging allows the capturing of feedback, thoughts and comments on an ongoing basis. Using Keka’s OKR tool, teams can engage in meaningful discussions, share insights, and offer feedback directly on objectives and key results, fostering a culture of transparency and continuous improvement via the comments and 1 on 1 meeting feature. This functionality also empowers teams to set their own aligned goals, tailoring objectives to their unique strengths and challenges while still contributing to the larger organisational mission. ... Reminders about OKRs are highly advantageous as they keep objectives and key results at the forefront of individuals' and teams' attention, minimising the risk of goals becoming overlooked or forgotten during daily tasks. These reminders serve as nudges, encouraging consistent progress tracking, timely updates, and proactive adjustments. By maintaining goal visibility and urgency, this feature ensures that teams stay on track, deadlines are met, and alignment with broader strategic objectives remains strong, ultimately driving improved goal achievement and organisational success.

The CISO’s guide to accelerating quantum-safe readiness

With a dynamic perspective of their enterprise-wide cryptographic usage, CISOs can begin the work of cybersecurity risk assessments. This step involves working with cybersecurity and privacy managers to prioritize sensitive and critical data sets most at risk from “harvest now, decrypt later” attacks and with the highest business value and impact. To translate these insights into a quantum-safe strategy, security leaders should evaluate the business relevance in relation to the complexity of mitigation for specific assets so that they can plan their quantum-safe transition in a way that optimizes performance, compatibility and ease of integration. ... The final step in the journey to quantum-safe security is the transformation of cryptographic infrastructure to incorporate quantum-resistant cryptography. Before deploying quantum-safe solutions to their stack, security leaders should equip their teams with the tools and education to test the new cryptographic protocols and evaluate the potential impact on systems and performance. Quantum-safe solutions that can be updated without having to overhaul their cybersecurity infrastructure will help CISOs establish crypto-agility and ensure they can proactively and seamlessly address potential quantum vulnerabilities.

Magic Keyboard vulnerability allows takeover of iOS, Android, Linux, and MacOS devices

“The user does not have to have a keyboard paired with their phone already. And as long as Bluetooth is enabled on the Android device, at any time the phone is on them, and Bluetooth is on, the attacker can then force pair an emulated keyboard with the Android device and inject keystrokes, including at the lock screen.” Newlin then turned to Linux. “It turns out that the Linux attack is very, very similar,” he said. “On Linux, as long as the host is discoverable and connectable over Bluetooth, the attacker can force-pair a keyboard and inject keystrokes without the user’s confirmation. And so, this is distinct from Android in that the device has to be not only connectable but also discoverable and connectable on Linux for the attack.” Linux fixed this bug in 2020 but left the fix disabled by default. ... Newlin encourages security researchers to continue probing Bluetooth flaws. “I think it’ll probably be a while [before the full extent of Bluetooth flaws is known] because it will take the community actually fleshing these out and identifying all these additional effective systems beyond what I’ve seen myself,” he said.

How Edge Analytics Can Deliver the Competitive Edge Your Business Needs

Traditional data analytics models struggle to keep up with all the data that’s being generated. Traditional data analytics is also no match for today’s data velocity. As the speed at which data is created continues to grow, there will be an even greater need for real-time processing. The interpretation and application of real-time analytics can vary based on the specific industry and its requirements. Real-time analytics is a broad concept that is adapted to suit the needs of different industries and sectors. ...  By addressing these traditional data analytics challenges, edge analytics is becoming more prominent. It’s a natural progression -- taking data and business where they need to go now. ... Businesses can move faster with edge analytics because of its reduced latency. This is possible because edge analytics processes data closer to where it was generated, so organizations get data insights quicker. Reduced latency is particularly critical for applications that require real-time response such as battlefield scenarios, fraud detection, and supply chain management. Because edge analytics reduces the data load on the network, it also saves energy, reduces carbon emissions, and helps organizations meet their sustainability goals to protect the planet.

How OpenAI plans to handle genAI election fears

For its part, OpenAI said ChatGPT will redirect users to CanIVote.org for specific election-related queries. The company is also focusing on enhancing the transparency of AI-generated images using its DALL-E technology with plans to incorporate a "cr" icon on such photos, signaling they are AI-generated. The company also plans to enhance its ChatGPT platform by integrating it with real-time global news reporting, including proper attribution and links. The news initiative is an expansion of an agreement made last year with the German media conglomerate Axel Springer. Under that deal, ChatGPT users gain access to summarized versions of select global news content from Axel Springer's various media channels. ... There's no universal rule for how genAI should be used in politics. Last year, Meta declared it would prohibit political campaigns from using genAI tools in their advertising and mandate that politicians reveal any such use in their ads. Similarly, YouTube said all content creators must disclose whether their videos contain "realistic" but altered media, including those created with AI.

Storytelling for CIOs: From niche to bestseller

“For a CIO, or anyone in a senior position with responsibility for data, the best way to succeed is to make projects come to life,” says Caroline Carruthers, formerly a pioneering chief data officer at Network Rail, which manages train stations and infrastructure in the UK, and now CEO of data consultancy Carruthers and Jackson. “You can give people all the dashboards, charts and figures in the world, but it’s when you help them understand the thinking behind what you do and bring it to life that you get the buy-in you need.” Often, CIOs use stories as a form of Esperanto or a translation layer. “I always find there’s benefit in using a story to help my audience understand what can sometimes be very technical concepts that I’m trying to communicate to non-technical people,” says Adam Miller, CIO of UK insurer, Markerstudy Group. “Get the story right, then people understand the plan and you’ve a much better chance of them buying in. I also find that a good story is just as important for highlighting the impact of inaction too, which can often be the easiest option for people to take.”

Quote for the day:

"Leadership Seductions are behaviors or attitudes in which we become 'stuck'" -- Catherine Robinson-Walker

No comments:

Post a Comment