Daily Tech Digest - May 05, 2024

Building Resilient and Secure FinTech Infrastructure: Strategies for DDoS Mitigation and Cybersecurity

Companies may have to pay anything from $1 million to over $5 million for every hour of downtime, not to mention any further fines, fees, or penalties under the law. It is in addition to higher DDoS security investments made after the fact and higher cyber insurance premiums. As a result, DDoS victims may have to pay for ransomware. However, this isn’t a fix. It does not ensure that a DDoS assault won’t occur again. FinTech businesses need to be proactive if they want total DDoS resilience. Regardless of the security services they use, organizations are extremely susceptible to denial-of-service (DDoS) assaults. The only way to withstand such attacks is to implement non-disruptive DDoS testing and obtain uninterrupted and comprehensive insight into the DDoS security posture. Continuous DDoS testing on live settings is necessary for FinTech firms and their DDoS protection vendors to identify vulnerabilities, prioritize remediation, and ensure that the solutions are applied appropriately. Staying ahead of the threat curve means taking a preventive rather than a reactive approach to safeguarding online services against DDoS attacks.

Data Governance Act: Understanding the Cross-Sectoral Instrument

The Data Governance Act sets out guidelines for the utilization within the EU for the data held by the public sector entities. This data is secured and protected for reasons such as commercial confidentiality, third-party intellectual property rights and the protection of personal data. While the Act does not explicitly detail the circumstances under which it is applied to the foreign organizations, there are several provisions which imply its extraterritorial implications. Any non-EU entity which provides services within the European Union and qualifies as a data altruism company or intermediary must appoint a legal representative in every member state it is operating in. ... The Act complements the Open Data Directive by addressing the re-use of the secured data which is not under the functions of the latter. It establishes several secured walls for the re-utilization of such data held by the public sector bodies including the governmental and other public sector entities. The Act does not obligate the public sector bodies to permit the reuse of data but sets conditions for any such authorization. 

Six Data Quality Dimensions to Get Your Data AI-Ready

Compliance: The degree to which data is in accordance with laws, regulations, or standards. How is the use of your data now changing? Do you need to uphold your data to higher standards and different requirements in these new use cases? Consider also: A true disruptor like GenAI may result in the need for new policy, and therefore, new regulation. Can you anticipate future regulation around AI usage given your industry and data? ... Accessibility: The ease with which data can be consulted or retrieved. Scalability and repeatability require consistent accessibility. Is your data reliably accessible by the right people and technologies? How accessible must it be? If your data was temporarily inaccessible, how damaging would that be? What is the acceptable threshold that would ensure your project will succeed? Access Security: The degree to which access to datasets is restricted. Consider the privileges and permissions to your data and the implications. Are you building an AI tool in-house or are you using a service? Which of your company’s data are you willing to provide third party access to? Ensure that you are not sharing data that you cannot or should not share. 

Want to drive more secure GenAI? Try automating your red teaming

When red-teaming GenAI, manual probing is a time-intensive but necessary part of identifying potential security blind spots. However, automation can help scale your GenAI red teaming efforts by automating routine tasks and identifying potentially risky areas that require more attention. At Microsoft, we released the Python Risk Identification Tool for generative AI (PyRIT)—an open-access framework designed to help security researchers and ML engineers assess the robustness of their LLM endpoints against different harm categories such as fabrication/ungrounded content like hallucinations, misuse issues like machine bias, and prohibited content such as harassment. PyRIT is battle-tested by the Microsoft AI Red Team. It started off as a set of one-off scripts as we began red teaming GenAI systems in 2022, and we’ve continued to evolve the library ever since. Today, PyRIT acts as an efficiency gain for the Microsoft AI Red Team—shining a light on risk hot spots so that security professionals can then explore them. This allows the security professional to retain control of the AI red team strategy and execution. 

A Novel AI Approach to Enhance Language Models: Multi-Token Prediction

The researchers behind this study propose a new technique called multi-token prediction. Instead of predicting one token (word) at a time, this method trains the model to predict multiple future tokens simultaneously. Imagine it like this: While learning a language, instead of guessing one word at a time, you’re challenged to predict entire phrases or even sentences. Sounds intriguing, right? So, how does this multi-token prediction work? The researchers designed a model architecture with a shared trunk that produces a latent representation of the input context. This shared trunk is then connected to multiple independent output heads, each responsible for predicting one of the future tokens. For example, if the model is set to predict four future tokens, it will have four output heads working in parallel. During training, the model is fed a text corpus, and at each position, it is tasked with predicting the next n tokens simultaneously. This approach encourages the model to learn longer-term patterns and dependencies in the data, potentially leading to better performance, especially for tasks that require understanding the broader context.

Uncomplicating the complex: How Spanner simplifies microservices-based architectures

Sharding is a powerful tool for database scalability. When implemented correctly, it can enable applications to handle a much larger volume of read and write transactions. However, sharding does not come without its challenges and brings its own set of complexities that need careful navigation. ... Over time, database complexity can grow along with increased traffic, adding further toil to operations. For large systems, a combination of sharding along with attached scale-out read replicas might be required to help ensure cost-effective scalability and performance. This combined dual-strategy approach, while effective in handling increasing traffic, significantly ramps up the complexity of the system's architecture. The above illustration captures the need to add scalability and availability to a transactional relational database powering a service. ... We want to emphasize that we’re not arguing that Spanner is only a good fit for microservices. All the things that make Spanner a great fit for microservices also make it great for monolithic applications.

VPNs aren't invincible—5 things a VPN can't protect you from

A VPN can deter a hacker from trying to intercept your internet traffic, but it cannot prevent you from landing on a scam website yourself or sharing your personal details with someone on the web. Also, thanks to AI-powered tools, attackers can craft increasingly convincing messages at high speed. This means phishing attacks will keep happening in the future. The good news is that, despite how well-made the messages are, you can always spot a scam. As a rule of thumb, if something is too good to be true it generally is—so, beware of grand promises. ... While a VPN keeps you more anonymous online, preventing some forms of tracking, it only works at a network level. Tracking cookies, though, are stored directly on your web browser. Hence, VPNs aren't much of a help against such trackers. To mitigate the risks, I recommend clearing the internet cookies on your devices on a regular basis. ... As we have seen, VPNs are not a magic wand that'll magic away cyber threats and danger. Nonetheless, this software still protects you from a great deal of risks and strongly enhances your digital posture—so, all in all, VPNs are still vital pieces of security equipment.

Top Digital Transformation Themes and EA Strategies

Enterprise Architects (EAs) face significant challenges in engaging business stakeholders. One of the main difficulties is shifting the perception of the EA platform from a tool imposed by the EA team to a collaborative instrument that benefits the entire business. EA teams also have a tendency to focus inwardly, leaning on technical architectural terminology and objectives that other business units may not understand or resonate with. ... Architects often struggle to communicate the ROI of Enterprise Architecture or link architectural initiatives and value directly to the business's overarching goals and metrics. A common hurdle is the traditional IT-centric approach of EA, which may not align with the dynamic needs of the business. ... The segregation of data into siloes hampers transparency and makes it difficult to achieve a comprehensive overview of the organization’s data landscape. So when architects try to bring all this information together, the complexity often results in bottlenecks as they struggle to manage and govern IT effectively. This severely limits the potential for insights and efficiency across the organization. 

How To Build a Scalable Platform Architecture for Real-Time Data

Many platforms enable autoscaling, like adjusting the number of running instances based on CPU usage, but the level of automation varies. Some platforms offer this feature inherently, while others require manual configuration, like setting the maximum number of parallel tasks or workers for each job. During deployment, the control plane provides a default setting based on anticipated demand but continues to closely monitor metrics. It then scales up the number of workers, tasks or instances, allocating additional resources to the topic as required. ... Enterprises prioritize high availability, disaster recovery and resilience to maintain ongoing operations during outages. Most data-streaming platforms already have robust guardrails and deployment strategies built in, primarily by extending their cluster across multiple partitions, data centers and cloud-agnostic availability zones. However, it involves trade-offs like increased latency, potential data duplication and higher costs. Here are some recommendations when planning for high availability, disaster recovery and resilience.

How will AI help democratise intelligence in algorithmic trading? Here are 5 ways

AI has played a significant role in making algorithmic trading more accessible to the masses. The emergence of open AI sources like ChatGPT, and open source AI models like Llama 3 has made AI technology available to anyone with an internet connection at a mere $20 a month or so cost. This has led traders to gain access to algorithms, creation of algorithms, that were previously only available to large institutions. Additionally, many platforms have made it possible for traders to automate their trades without requiring coding knowledge, thanks to the contribution of AI in algo trading. ... Algorithms powered by market research and AI can significantly reduce trading errors caused by emotions and impulsive decisions. Traditional trading methods rely heavily on expertise, intuition, and precision, whereas AI-powered algorithms eliminate the need for these factors and enhance the accuracy, efficiency, and overall performance of trades. These algorithms can be customised to fit various market situations, whether it's a stable or volatile market.

Quote for the day:

"Courage doesn't mean you don't get afraid. Courage means you don't let fear stop you." -- Bethany Hamilton

No comments:

Post a Comment