Daily Tech Digest - April 08, 2024

Streamlining application delivery and mitigating risks for critical infrastructure

The emphasis on cloud and edge computing introduces challenges in orchestrating seamless application delivery—the initial hurdle in effectively packaging applications for efficient deployment, installation, and execution across various computing environments. For instance, food delivery platforms, such as Zomato or Swiggy, require timely system updates for operational efficiency. The second challenge involves addressing latency and distribution unreliability, especially in scenarios where data transfer delays or inconsistent connectivity may impede the seamless and efficient distribution of applications across networks. Therefore, reliability in application upgrades becomes imperative to counter potential disruptions caused by device issues. The third challenge involves maintaining application reliability, which requires continuous performance monitoring. ... The interconnectedness of supply chain applications necessitates a proactive approach to managing complexities, such as addressing software risks. It involves creating a comprehensive bill of materials and recognising dependencies crucial for bundling software into devices or applications.  

How can the energy sector bolster its resilience to ransomware attacks?

For energy companies, this means undertaking systematic vulnerability assessments and penetration testing, with a specific focus on applications that interface between IT and OT systems. It also requires adopting a comprehensive security strategy that includes routine security monitoring, patch management and network segmentation, and implementing rigorous incident reporting and response. Once the fundamentals are in place, energy providers should explore more advanced technologies and automation opportunities that can help reduce the time between detection and response, such as AI-powered tools that can actively monitor the network in real-time to detect anomalies and predict potential threat patterns. ... In addition to technological defenses, organizations should also focus on the human element as phishing and social engineering attacks keep targeting employees and third-party contractors and continue to be effective methods for initial intrusion. Training programs that enhance employee awareness of these and other tactics are essential, while regularly updated sessions can help staff identify and respond to potential threats thereby reducing the likelihood of a successful attack.

Implementing AI Ethics in Business Strategy

In the realm of AI ethics, monitoring and evaluation play a crucial role in ensuring continuous improvement and alignment with ethical standards. By consistently monitoring the outcomes of AI algorithms and evaluating their impact on various stakeholders, organizations can proactively identify ethical concerns and take corrective actions. This dynamic approach not only mitigates potential risks but also fosters a culture of transparency and accountability within the business. Ethical considerations should be integrated into all stages of AI implementation, from design to deployment. Continuous monitoring allows organizations to adapt to changing ethical landscapes, emerging risks, and evolving regulations. ... Emphasizing ethical practices in business is not just a moral obligation but a strategic imperative for long-term success. In today’s interconnected world, consumers are becoming increasingly conscious of the companies they support, favouring those that demonstrate a commitment to ethical values. By prioritizing ethics in decision-making processes and embracing transparency, businesses can build trust with their stakeholders and create sustainable relationships that drive growth.

The 6 Traits You Need To Succeed in the AI-Accelerated Workplace

AI copilots can provide valuable support, but humans need to exercise critical thinking skills to interpret data, make decisions and solve complex problems effectively. For any area of study, there are various levels of understanding. The very basic is "You don't know what you don't know," then comes "You know what you don't know," next up is "You have the knowledge necessary to interact," and the final level is "You are the subject matter expert."  ... Modern-day knowledge workers need to adapt to new technologies and workflows quickly. As a great horse rider becomes one with the animal, their movements are synchronized naturally. In the same sense, modern-day knowledge workers need to become one with AI assistants/bots and synchronize and adapt their style and pace of work with all the latest tools and technologies being introduced. ... Resilience is the most important quality amid this mist of future job landscapes. It is the best quality an employee can have. It will equip one with the mental fortitude to embrace innovation, learn new skills, and confidently navigate unfamiliar territories.

Speaking Cyber-Truth: The CISO’s Critical Role in Influencing Reluctant Leadership

It’s not just about pointing out the problems, the CISO must also be a problem-solver. They must work collaboratively with other leaders to find ways to enable the business while protecting it — providing insights and recommendations that allow others to make informed decisions based on the company’s risk appetite and strategic direction. But the effectiveness of a CISO is not just measured by the absence of breaches; it’s their ability to enable the business to take calculated risks confidently. The CISO must work to ensure that cyber security is built into the DNA of every project. They must advocate and champion secure-by-design principles to ensure that security is not an afterthought but a fundamental component of every initiative. By forcing organizations to acknowledge and address cyber risks proactively, CISOs not only protect the enterprise but also contribute to its resilience and long-term success. CISOs also face the issue of risk prioritization. In an ideal world, every vulnerability would be patched, every threat neutralized, every alert investigated. However, resources are constrained, investments are finite, and not all risks are created equal. 

4 Lessons We Learned From The Change Healthcare Cyberattack

Given the massive scale of the Change Healthcare attack, it goes without saying that the aftermath has been chaotic. Providers and pharmacies were forced to expend time and resources on manual claims processing, and many continue to face payment delays that are hurting their cash flow. Change Healthcare’s parent company, insurance giant UnitedHealth Group, has faced widespread criticism for its handling of the attack. The American Hospital Association has been one of the biggest voices in this regard. In the organization’s March 13 letter to the Senate Finance Committee, the AHA wrote that UnitedHealth has done nothing to materially address “the chronic cash flow implications and uncertainty that our nation’s hospitals and physicians are experiencing” as a result of the attack. The long recovery time indicates a potentially poor business continuity plan (BCP), Kellerman noted. In his eyes, every healthcare organization needs a BCP in case of a potential cybersecurity event. “[The plan] should address business continuity in case of crisis or disaster, including backups and the ability to restore them in a timely manner. 

Is HR ready for generative AI? New data says there's a lot of work to do

The potential risks for AI in HR are rooted in a lack of trust and potential bias in AI delivering recommendations or suggestions based on models that may have been unintentionally trained on datasets that reinforce biases. Core HR functions could also be impacted by data compromises, AI hallucinations, bias, and toxicity. The common theme across all these areas of potential risk is the human steps that can mitigate them. AI adoption in HR is on the rise. Valoir research found that 50% of organizations are either currently using or planning to apply AI to recruiting challenges in the next 24 months, followed closely by talent management and training and development. ... Valoir recommends that HR leaders not only select vendors and technologies that can be trusted, but put in place the appropriate policies, procedures, safeguards, and training for both HR staff and the broader employee population. HR departments will need to consider how they communicate those policies and training to both their internal HR teams and the broader population.

The Complexity Cycle: Infrastructure Sprawl is a Killer

From imperative APIs that required hundreds of individual API calls to configure a system to today’s declarative APIs that use only one API call. It’s easier, of course, but only the interface changed. The hundreds of calls mapped to individual configuration settings still need to be made, you just don’t have do it yourself. The complexity was abstracted away from you and placed firmly on the system and its developers to deal with. Now, that sounds great, I’m sure, until something goes wrong. And wrong something will go; there’s no avoiding that either. Zero Trust has an “assume breach” principle, and Zero Touch infrastructure (which is where the industry is headed) ought to have a similar principle, “assume failure.” It’s not that complexity evolves. Complexity comes from too many tools, consoles, vendors, environments, architectures, and APIs. As an enterprise evolves, it adds more of these things until complexity overwhelms everyone and some type of abstraction is put in place. We see that abstraction in the rise of multicloud networking to address the complex web of multiple clouds and microservices networking, which is trying to unravel the mess inside of microservices architectures.

Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms

JSOutProx is well known in the financial industry. Visa, for example, documented campaigns using the attack tool in 2023, including one pointed at several banks in the Asia-Pacific region, the company stated in its Biannual Threats Report published in December. The remote access Trojan (RAT) is a "highly obfuscated JavaScript backdoor, which has modular plugin capabilities, can run shell commands, download, upload, and execute files, manipulate the file system, establish persistence, take screenshots, and manipulate keyboard and mouse events," Visa stated in its report. "These unique features allow the malware to evade detection by security systems and obtain a variety of sensitive payment and financial information from targeted financial institutions. JSOutProx typically appears as a PDF file of a financial document in a zip archive. But really, it's JavaScript that executes when a victim opens the file. The first stage of the attack collects information on the system and communicates with command-and-control servers obfuscated via dynamic DNS. 

Biggest AI myths in customer experience

Recent months have seen numerous examples of chatbots going rogue and tarnishing the reputation of the organisations that implemented them. From incorrect refund policies costing a Canadian airline hundreds of dollars to a parcel delivery firm swearing at customers, GenAI is not ready to take off the training wheels just yet. Large language models (LLMs) such as ChatGPT are subject to hallucinations which, without safeguards, could negatively impact the customer experience. Customers would quickly lose patience with brands if they were misled during interactions. A tool that should vastly improve first-contact resolution could achieve the opposite, with customers needing further support to correct previous mistakes. That said, it is possible to reduce the likelihood of egregious chatbot errors through appropriate optimisation techniques.  ... The implementation of AI in CX should be a gradual process. If phase one of AI development was to streamline communications before, during and after interactions, future phases should focus on expanding the scope of the contact centre, encompassing more traditionally back-office and professional roles and creating a hub for communications, relationship building and data orchestration.

Quote for the day:

"To have long-term success as a coach or in any position of leadership, you have to be obsessed in some way." -- Pat Riley

No comments:

Post a Comment