In three or four years, ‘we won’t even talk about AI’
In general, there’s a very positive view of AI in tech. In a lot of other
industries, there’s some uncertainty, some trepidation, some curiosity. But
part of our pulse survey said about three out of four tech workers are using
AI on a daily basis. So, the adoption in this portfolio of companies is higher
than most, and I’d also said most employers and workers have a very good idea
that AI is going to improve their business and their work. ... “I view AI
skills as adjacent, additive skills for most people — aside from really
hardcore data scientists and AI engineers. This is how most people will work
in the new world. Generally, it depends. Some organizations have built whole,
distinct AI organizations. Others have built embedded AI domains in all of
their job functions. It really depends. There’s a lot of discussion around
whether companies should have a chief AI officer. I’m not sure that’s
necessary. I think a lot of those functions are already in place. You do need
someone in your organization who has a holistic view of the positive sides of
this and the risks associated with this.”
The AI Balancing Act: Innovating While Safeguarding Consumer Privacy
There are two sides to every coin. While AI can further compliance efforts, it
can also create new privacy and security challenges. This is particularly true
today, amid an ongoing global effort to strengthen data privacy laws. 71% of
countries have data privacy legislation, and in recent years, this has evolved
to encapsulate AI. In the EU, for instance, approval has been secured from the
European Parliament around a specific AI regulatory framework. This framework
imposes specific obligations on providers of high-risk AI systems and could
ban certain AI-powered applications. The fact is, AI-powered technology is
immensely powerful. But, it comes with complex challenges to data privacy
compliance. A primary concern here relates to purpose limitation, specifically
the disclosure provided to consumers regarding the purpose(s) for data
processing and the consent obtained. As AI systems evolve, they may find new
ways to utilise data, potentially extending beyond the scope of original
disclosure and consent agreement. As such, maintaining transparency in AI
operations to ensure accurate and appropriate data use disclosures is
critical.
Is biometric authentication still effective?
With the rapid advancement and accessibility of technologies, the efficacy and
security of biometric authentication methods are under threat. Fraudsters are
using spoofing techniques to replicate or falsify biometric data, such as
creating synthetic fingerprints or 3D facial models, to fool sensors, mimic
legitimate biometric traits and gain unauthorized access to secured services.
... Unlike traditional biometric authentication, which relies on static
physical attributes, behavioral biometrics verify user identity based on
unique interaction patterns, such as typing rhythm, mouse movements and
touchscreen interactions. This shift is essential because behavioral
biometrics offer a more dynamic and adaptive layer of security, making it
significantly harder for fraudsters to replicate or mask. ... With data
scattered across different systems, it’s challenging to correlate information,
connect the dots and identify overarching patterns of bad behavior. A
decentralized approach causes businesses to overlook crucial fraud indicators
and struggle to respond effectively to emerging threats due to the lack of
visibility and coordination among disparate fraud prevention tools.
Practical strategies for mitigating API security risks
Identity and access management is crucial for a complete API security
strategy. IAM facilitates efficient user management from creation to
deactivation and ensures that only authorized individuals access APIs. IAM
enables granular access control, granting permissions based on specific
attributes and resources rather than just predefined roles. Integration with
security information and event management (SIEM) systems enhances security by
providing centralized visibility and enabling better threat detection and
response. AI and machine learning are revolutionizing API security by
providing sophisticated tools that enhance design, testing, threat detection,
and overall governance. These technologies improve the robustness and
resilience of APIs, enabling organizations to stay ahead of emerging threats
and regulatory changes. As AI evolves, its role in API security will become
increasingly vital, offering innovative solutions to the complex challenges of
safeguarding digital assets. AI in API security goes beyond the limitations of
human or rule-based interventions, enabling advanced pattern recognition and
automating security audits and governance for greater defense against evolving
threats.
The evolution of the CTO – from tech keeper to strategic leader
CTOs have experienced a huge shift in how they are positioned in the
workplace. They are no longer part of a small-medium size team that operates
separately from the rest of the business; they are the key to tangible
business growth and perhaps one of the most crucial parts of a leadership
team. The main duty of CTOs is to maintain – and where available, to modernise
– tech, and to decide when something has kicked the bucket and no longer has a
purpose. These things require people power, specialist skills and money.
Needless to say, the investment in the role is vital. Tech leaders often feel
burnt out, or worried that they don’t have the resources and support needed to
do their job well. ... The saying goes, “You can never set foot in the same
river twice,” and the same is true for leaders in tech – everything evolves
from the moment you start working on a project. There is much to appreciate
about technology that remains stable and adaptable when changes are necessary
during development. Today, innovative CTOs are on the lookout for software
solutions that come with the flexibility of making that important U-turns if
ever needed.
How AIOps Is Transforming IT Operations Management
IT operations management has become increasingly challenging as networks have
become larger and more complex, with the introduction of remote workers and
the distribution of applications and workloads across networks. Traditional
operations management tools and practices struggle to keep up with the
ever-growing volumes of data from multiple sources within complex and
varied network environments. AIOps was designed to bring the speed, accuracy
and predictive capabilities of AI technology to IT operations. AIOps provides
contextually enriched, deep end-to-end, real-time insights that can be
proactively acted upon, according to Forrester. AIOps solutions use real-time
telemetry, developing patterns and historical operational data to perform
real-time assessments of what is happening, whether it has happened before or
not, what paths it might take, and what negative effects it might have on
business operations. ... A "digitally mature" organization has a much better
ROI on the AI investment. But because this is a "rolling target" and not
static, an organization's IT infrastructure "must be able to adapt and
change," Ramamoorthy said.
The cyber assault on healthcare: What the Change Healthcare breach reveals
Many security leaders report that they don’t have adequate resources to
implement the needed security measures because they’re often competing with
pricey life-saving medical equipment for the limited funds available to spend,
Kim says. Furthermore, he says their complex technology environments can make
applying and creating security in depth not only more challenging but more
costly, too. That, in turn, makes it less likely for CISOs to get the
resources they need. Security teams in healthcare also have more challenges in
updating and patching systems, Riggi explains, as the sector’s need for 24/7
availability means organizations can’t easily go offline — if they can go
offline at all — to perform needed work. Healthcare security leaders also have
a rapidly expanding tech environment to secure, as both more partners and more
patients with remote medical devices become part of the sector’s already
highly interconnected environment, says Errol S. Weiss, chief security officer
at Health-ISAC. Such expansion heightens the challenges, complexities and
costs of implementing security controls as well as heightening the risks that
a successful attack against one point in that web would impact many others.
Solar Power Installations Worldwide Open to Cloud API Bugs
"The issue we discovered lies in the cloud APIs that connect the hardware with
the user," both on Solarman's platform and on Deye Cloud, says Bogdan
Botezatu, director of threat Research and reporting at Bitdefender. "These
APIs have vulnerable endpoints that allow an unauthorized third party to
change settings or otherwise control the inverters and data loggers via the
vulnerable Solarman and Deye platforms," he says. Bitdefender, for instance,
found that the Solarman platform's /oauth2-s/oauth/token API endpoint would
let an attacker generate authorization tokens for any regular or business
accounts on the platform. "This means that a malicious user could iterate
through all accounts, take over any of them and modify inverter parameters or
change how the inverter interacts with the grid," Bitdefender said in its
report. The security vendor also found Solarman's API endpoints to be exposing
an excessive amount of information — including personally identifiable
information — about organizations and individuals on the platform.
6 hard truths of generative AI in the enterprise
“Not a week goes by without another new tool that is mind-blowing in its
abilities and potential future impact,’’ agrees David Higginson, chief
innovation officer and executive vice president of Phoenix Children’s
Hospital. But right now genAI “can really only be executed by a small number
of technology giants rather than being tinkered with at a local skunkworks
level within a healthcare organization,’’ he says. “Therefore, it feels as if
we are in a bit of a paused state waiting for established vendors to deliver
mature solutions that can provide the tangible value we all anticipated.” ...
The fundamental barriers to adopting genAI are the scarcity and cost of the
hardware, power, and data needed to train models, Higginson says. “With such
scarcity comes the need to prioritize which solutions have the broadest appeal
to the population and can generate the most long-term revenue,’’ he says. ...
While research and development continue to push the needle on what genAI can
do, “we know that data is a critical aspect to enabling AI solutions and we
also recognize that many organizations are uncovering the work it will take to
build the right data foundations to support scaled AI deployments,” says
Deloitte’s Rowan.
Investing in Capacity to Adapt to Surprises in Software-Reliant Businesses
A well-known and contrarian adage in the Resilience Engineering community is
that Murphy's Law - "anything that can go wrong, will" - is wrong. What can go
wrong almost never does, but we don't tend to notice that. People engaged in
modern work (not just software engineers) are continually adapting what
they’re doing, according to the context they find themselves in. They’re able
to avoid problems in most everything they do, almost all of the time. When
things do go "sideways" and an issue crops up they need to handle or rectify,
they are able to adapt to these situations due to the expertise they have.
Research in decision-making described in the article Seeing the invisible:
Perceptual-cognitive aspects of expertise by Klein, G. A., & Hoffman, R.
R. (2020) reveals that while demonstrations of expertise play out in
time-pressured and high-consequence events (like incident response), expertise
comes from experience with facing varying situations involved with "ordinary"
everyday work. It is "hidden" because the speed and ease with which experts do
ordinary work contrasts with how sophisticated the work is.
Quote for the day:
"True leadership must be for the
benefit of the followers, not the enrichment of the leaders." --
Robert Townsend
No comments:
Post a Comment