When cloud AI lands you in court
In a recent legal ruling against Air Canada in a small claims court, the
airline lost because its AI-powered chatbot provided incorrect information
about bereavement fares. The chatbot suggested that the passenger could
retroactively apply for bereavement fares, despite the airline’s bereavement
fares policy contradicting this information. ... In the Air Canada case, the
tribunal called it a case of “negligent misrepresentation,” meaning that the
airline had failed to take reasonable care to ensure the accuracy of its
chatbot. The ruling has significant implications, raising questions about
company liability for the performance of AI-powered systems, which, in case
you live under a rock, are coming fast and furious. Also, this incident
highlights the vulnerability of AI tools to inaccuracies. This is most often
caused by the ingestion of training data that has erroneous or biased
information. This can lead to adverse outcomes for customers, who are pretty
good at spotting these issues and letting the company know. The case
highlights the need for companies to reconsider the extent of AI’s
capabilities and their potential legal and financial exposure to
misinformation, which will cause bad decisions and outcomes from the AI
systems.
Rackspace’s MD on addressing the shortage of senior, mid-level cybersecurity talent
The Data Security Council of India (DSCI) predicts that local demand for
cybersecurity professionals will reach a million positions in 2025 if the
cybersecurity ecosystem continues its rapid growth. While both the government
and private enterprises are taking steps to increase the number of individuals
pursuing careers in cybersecurity, its impact will not be felt immediately,
especially at the higher levels. As experienced professionals retire or move
into more advanced roles, the industry may face a shortage of individuals with
the necessary expertise and experience to fill their positions. While the
increase in new graduates entering the field can fill up entry-level roles, it
will take more time for them to gain the necessary experience and
qualifications for senior and mid-level cybersecurity positions. Organisations
will need to be innovative and creative in ensuring their cybersecurity
posture in the face of a talent crunch. They will need to utilise and refine
their strategies for attracting and retaining top talent, as well as
upskilling existing employees, by leveraging the latest technological trends
for more efficient cybersecurity practices.
What are the main challenges CISOs are facing in the Middle East?
The skills challenge is likely going to be key as a result of the rise of
disruptive technologies such as Generative AI. They will be a reshaping of the
entire global workforce and skills to adequately deal with cybersecurity
issues will be in short supply. The other critical challenge that will be
faced has to do with regulatory changes as nation-states seek to protect their
citizens from cyberattacks. This typically adds to the overall costs of cyber
compliance. Lastly, cybercrime will also rise especially on digital platforms
as people transact virtually. Cybersecurity Ventures expects damage costs from
cybercrime to increase by about 15% each year over the next 3 years. ... The
human resource base is very key both for cybersecurity professionals and the
general employee. In cybersecurity, precedence is always provided for the
protection of human life before anything else. It is therefore important to
ensure that people are equipped with adequate and relevant knowledge about how
to identify indicators of attacks and remain alert for such attacks ... The
financial services sector also relies on proprietary technology hence any
cyber-attacks on such could lead to huge losses and reputational damage. The
sector also holds customer data and intellectual property which is typically
very sensitive information and held on trust.
Practical steps on carbon accounting for data centers
Measuring the carbon and material cost of our equipment is done through
lifecycle assessment (LCA). This is done by disassembling products, looking at
the material content, and giving each part of this an environmental weight.
This is based on where and how they were sourced and what impacts these
processes have. Measuring impact using the LCA method involves drawing
boundaries, making assumptions, and using estimates. These estimates are
shared on platforms like EcoInvent, which give specialists shortcuts on
materials and good ideas on how to fill gaps. When you read reports from
manufacturers, they will state where they assume the product was delivered,
where it was assembled, how long it was in use, where the materials were
mined, and potentially how and where it was destroyed. They need to do this
because different locations will have slightly different sets of environmental
risks. There are a lot of variables in play. Because of this, there is wide
variance between LCAs from different manufacturers of very similar
products.
Incorporating AI and automation into cyber risk management
AI-powered systems can significantly enhance organisational cyber defence
capabilities through advanced threat detection, predictive analytics, and
real-time monitoring. Next-generation AI-driven tools enable organisations to
establish intelligent, secure, and automated systems capable of real-time
threat detection, prevention, and prediction. AI models can be trained to
identify anomalies in system behaviour, serving as an effective means of
detecting potential cyber risks. This capability proves invaluable in
recognizing potential security breaches or operational failures. Moreover,
AI-powered threat intelligence contributes to identifying emerging threats,
facilitating the development of proactive mitigation strategies. Ensuring
compliance with IT regulations, such as the General Data Protection Regulation
(GDPR) and Payment Card Industry Data Security Standard (PCI DSS), is achieved
through the continuous monitoring capabilities of AI tools. These tools not
only streamline compliance efforts but also enhance accuracy and
efficiency.
Adapting To Software Testing's Future: Success Factors
Risk-based testing is a strategic approach that prioritizes testing efforts
based on the potential risk of failure and its impact on the project or
business. By identifying the most critical areas of the application in terms
of functionality, user impact, and likelihood of failure, teams can allocate
their limited testing resources more effectively. ... Test selection
techniques, such as test case prioritization and minimization, help teams
focus on the tests that are most likely to detect defects. Prioritization
involves ordering test cases so that those with the highest importance or
likelihood of finding bugs are executed first. Minimization seeks to reduce
the number of test cases to a necessary subset, eliminating redundancies
without sacrificing coverage. ... By automating repetitive and time-consuming
tests, teams can significantly reduce the time required for test execution.
Automation is particularly effective for regression testing, where the same
tests need to be run repeatedly against successive versions of the software.
Automated tests can be executed faster and more frequently than manual tests,
providing quicker feedback and freeing up human testers to focus on more
complex and exploratory testing tasks.
5 Tips for Developer-Friendly DevSecOps
Many security tools are built for security professionals, so simply bolting
them onto existing developer workflows can create friction. When looking to
integrate a new tool into the SDLC, consider extracting the desired data from
the security tool and natively integrating it into the developer’s workflow —
or even better, look to a tool that’s already embedded within the flow. This
reduces context switching, and helps developers detect and remediate
vulnerabilities earlier. Additionally, leveraging AI tools within integrated
development environments (IDEs) streamlines the process further, allowing
developers to address security alerts without leaving their coding
environment. ... A barrage of alerts, especially false positives, can erode a
developer’s trust in the tool and compromise their productivity. A
well-integrated security tool should have an alert system that surfaces
high-priority alerts directly to developers — for example, alert settings
based on custom and automated triage rules, filterable code scanning alerts
and the ability to dismiss alerts contribute to a more effective alert system.
This ensures developers can swiftly address urgent security concerns without
being overwhelmed by unnecessary noise, and helps to ultimately clean up an
organization’s security debt.
Leveraging automation for enhanced cyber security operations
A practical approach to refining automation logic involves leveraging
experiences from cyber exercises, penetration tests or red teaming. Analyzing
the defensive strategies of the “blue team” during various attack scenarios
helps identify their response algorithms and steps. This process starts with
differentiating between true and false positive alerts, identifying hacker
attributes and evaluating compromised resources. Such insights enable the
automation of defenses by validating logged events, ensuring a more effective
and streamlined response to modern cyber threats. The first step in enhancing
incident response is to automate the collection of contextual data that
informs decision-making. This includes information about the particular
machine or another asset involved in the security incident, user account
details and intelligence on external threat elements like domain names. This
foundational data is important for understanding the scope and impact of
security incidents, enabling quicker and more effective responses. If an
attack still evolves, the context gathered initially assists in correlating
future defensive measures with a pre-established hypothesis regarding the
attack’s propagation.
Innovation in IT: A Blueprint for Digital Evolution
/dq/media/media_files/18F9HIFV7UTU6ncsQjpM.png)
Success requires a methodical approach. Digital Business Methodology (DBM)
provides insight into the "What" that shapes your approach, with the "How"
contingent on tools, ecosystem, leadership support, and team skill set. DBM is
a comprehensive strategy that empowers companies to embrace and implement
digital business practices. It provides a well-defined path orchestrating
data, technology, and personnel alignment. This approach yields results across
the enterprise, emphasizing speed, consistency, and scalability through an
outcome-driven, incremental process. This methodology's core is a
business-led, agile digital culture focused on achieving bite-sized outcomes
essential for accelerating business growth. Under the DBM umbrella, businesses
lead in collaboration with key stakeholders throughout the entire process,
from ideation to deployment. The primary focus lies in simplifying end-to-end
workflows and establishing a single source of truth (SSOT). This guided and
adaptable ideation-to-deployment ecosystem facilitates seamless collaboration
among business owners, engineers, analysts, scientists, and operational teams,
driving innovative solutions and achieving desired outcomes.
The Psychology of Cybersecurity Burnout
The cybersecurity landscape is incredibly complex, and the cybersecurity
procedures implemented by a given organization are likely to vary
significantly. However, a number of factors have emerged as being likely
contributors to this mental health phenomenon. ... Anticipating developing
threats is a further problem. Staff simply don’t have time to stay on top of
the news and devise procedures that can deal with novel ransomware attacks or
whatever else may be brewing in the attack space. “If I don’t get on top of
this, it’s gonna be a problem for me and my team,” Gartland says. “So, we’re
just trying to figure out: How do I learn something on the weekend or late at
night?” Cybersecurity professionals must be highly attentive to their work and
conspicuous failures can often be traced to a single error, increasing the
burden of responsibility on even low-level employees. The vigilance required
of the job is equivalent to that required of air traffic controllers and
medical professionals. People who strongly identify with those
responsibilities are more likely to suffer burnout due to intense internal
motivation to fulfill them even when it is not realistic.
Quote for the day:
"Go as far as you can see; when you
get there, you'll be able to see farther." -- J. P. Morgan
No comments:
Post a Comment