The New Normal in Disaster Recovery: Preparing for Ransomware Attacks Takes a New Approach
Early detection of ransomware can be difficult due to sophisticated malware that
operates stealthily, attacks occurring outside business hours, and the scale of
large, complex networks. Rapid containment prevents further spread but requires
quick decision-making to isolate systems without disrupting critical operations.
Tracing the initial point of entry and identifying all compromised systems is
complex and time-consuming but essential to prevent reinfection. Isolated
recovery environments (IREs) or cleanrooms provide secure, isolated environments
for data recovery and system rebuilding, designed to prevent reinfection during
the recovery process. ... To protect against data loss, organizations of all
types need to implement immutable and air-gapped backups using
write-once-read-many (WORM) technology and physically or logically isolating
backup systems from the main network. Increasing backup frequency and redundancy
is also advised, along with diversifying backup storage and maintaining multiple
versions of backups with appropriate retention policies.
Big Tech criticises EU’s AI regulation – is it justified?
An open letter singed by various Big Tech leaders – including Patrick Collison
and Meta’s Mark Zuckerberg – claims Europe is becoming less competitive and
innovative than other regions due to “inconsistent regulatory decision making”.
This letter follows a report from former Italian prime minister Mario Draghi,
which called for an annual spending boost of €800bn to prevent a “slow and
agonising decline” economically. But the Big Tech warning also follows issues
for these companies to train their AI models with the data of EU citizens using
their services. ... But the letter also says the EU’s current regulation means
the bloc risks missing out on “open” AI models and the latest “multimodal”
models that can operate across text, images and speech. The letter says
companies are going to invest heavily into AI models for European citizens, then
they need “clear rules” that enable the use of European data. “But in recent
times, regulatory decision making has become fragmented and unpredictable, while
interventions by the European Data Protection Authorities have created huge
uncertainty about what kinds of data can be used to train AI models,” the letter
reads.
Innovation: What is next?
Innovations in technology that prioritize environmental sustainability may
offer potential solutions. However, the solution is not as straightforward as
depending solely on temporary fixes and implementing a small number of
innovative strategies. The analysis shows India’s green technology potential
and innovation, particularly in wind, solar, geothermal, ocean, hydro,
biomass, and waste energy. However, patenting activity has plateaued in recent
years, indicating the need for a strategic approach to green technology
innovation in India. ... Increasing private sector investment confidence and
working with industry and universities can also make big changes. Moreover,
through the strategic utilization of geo-political advantages and the
establishment of a vibrant and cooperative environment, India has the
potential to significantly advance its green technology industry and make
substantial contributions to international endeavors aimed at addressing
climate change, all the while promoting economic development. ... Further,
deep-tech innovation and a focus on product creation in underserved markets
can turn out to be a game changer for India. According to Nasscom, the
start-up ecosystem will add 250 scale- ups in tech, logistics, automotive,
fintech, and health tech by 2025.
What Lawyers Want You to Know About NFTs
"To avoid legal trouble, sellers of NFTs should make sure that they either own
the copyright in the work of art associated with the NFT, or that they have
the permission of the copyright owner to make and sell NFTs of the artwork,”
says Tyler Ochoa, professor of law at Santa Clara University School of Law.
“They should also avoid incorporating any other works of art or any trademarks
that are owned by others. And if more than one person is involved in the
project, such as an artist and an entrepreneur, they should clearly specify
the rights and responsibilities of all parties to the project, and the
division of any profits, in a signed, written agreement.” ... Trademark
infringement is another significant concern. The Wright Law Firm’s Wright says
as illustrated in Hermès Int'l v. Rothschild, the creation and sale of
"MetaBirkins" NFTs, which depicted faux-fur versions of Hermès' Birkin
handbags, led to claims of trademark infringement, trademark dilution, and
cybersquatting. “[The Hermes Int’l v. Rothchild] case underscores the
potential for NFTs to infringe on existing trademarks, especially when they
replicate or closely imitate well-known brands without authorization,” says
Wright.
3 API Vulnerabilities Developers Accidentally Create
The problem with APIs isn’t so much that they’re hard to secure, but that they
are prolific and developers prioritize other tasks to testing and securing
APIs, she added. There are literally hundreds and thousands of API endpoints,
so it’s not surprising things get missed. ... But it’s also an IT cultural
problem that creates security problems. “At the end of the day, any developer
is going to value breaking down their product backlog and their sprint backlog
more than fixing vulnerabilities, because in the sprint, even in the waterfall
model of software engineering, the functionality is on completing features to
get a complete product,” Paxton-Fear said. “Fixing bugs isn’t given the same
priority. And this is how things get forgotten.” Instead, there needs to be
basic internal reviews where finding vulnerabilities is prioritized. And
security can’t be the Department of No, because that ends up in conflict with
developers instead of solving security problems. And IT organizations have to
stop prioritizing speed over security. “While you can get a solution that can
really help you manage it, if you don’t have the the teamwork and the culture
around security, it’s going to fail, just like anything else will,” she
said.
What is pretexting? Definition, examples, and attacks
There are two main elements to a pretext: a character, played by the scam
artist; and a plausible situation, in which the character needs or has a right
to specific information. For instance, because errors can arise with automatic
payment systems, it’s plausible that a recurring bill payment we’ve set up
might mysteriously fail, prompting the company we owe to reach out as a
result. An attacker taking on the character of a helpful customer service rep
reaching out to help us fix the error might ask for bank or credit card
information as the scenario plays out to gain the information necessary to
steal money from our accounts. ... Often lumped under the heading pretexting,
tailgating is a common technique for getting through a locked door by simply
following someone who can open it inside before it closes. It can be
considered pretexting because the tailgater often adopts a persona that
encourages the person with the key to let them into the building — for
instance, by wearing a jumpsuit and claiming they’re there to fix the
plumbing, or by carrying a pizza box they say must be delivered to another
floor.
Post-Digital Transformation: How to Evolve Beyond Initial Tech Adoption
Digital transformation often brings a cultural shift, as companies adopt new
technologies that change how they operate. However, many organizations stop
short of building a fully agile and adaptable culture. In a post-digital
world, agility becomes a crucial differentiator. Technology is evolving faster
than ever, and customer expectations are constantly changing. Businesses need
to foster a culture where rapid experimentation, quick decision-making, and
the ability to pivot are embedded in daily operations. This culture must
extend across the entire organization, from leadership to frontline employees.
To do this, companies can adopt agile methodologies, break down silos between
departments and encourage cross-functional teams to collaborate. By creating
an environment where employees are empowered to innovate and experiment
without fear of failure, businesses can stay ahead of the curve. ... One of
the most significant outcomes of digital transformation is the wealth of data
that businesses now have access to. But collecting data is not
enough—companies must be able to turn that data into actionable insights.
The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks
AI-produced deepfakes and AI-improved phishing are a bigger problem. Deepfakes
come in two varieties: voice and image/video; both of which are now rapidly
improving commodity outputs from readily available gen-AI models – and neither
of which is easy to detect by either humans or technology. ... The security
industry is not waiting for the dam to break. There have been numerous new
startups in 2024 all working on their own solution on how to detect AI and
deepfake attacks, while existing firms have refocused on deepfake detection.
Pindrop is an example of the latter. In July 2024, it raised $100 million in
debt financing primarily to develop additional tools able to detect deepfake
voice attacks. Deepfake voice is the easiest deepfake to produce, the most
employed, and the easiest to detect. This is because there are subtle audible
clues that a voice is not human generated that can be detected by technology
if not by the human ear. The danger exists where that detection technology is
not being used. The same can be said for the current generation of AI-enhanced
polymorphic malware detection systems: they can work, but only where they are
being used.
Traditional CX on Deathbed as AI Agents Thrive
AI agents are an indispensable part of modern CX strategies, enabling
real-time personalization, proactive engagement and outcome tracking. This
shift toward automation is key to reducing operational costs as AI agents are
made to handle tasks such as ticket routing, knowledge base management and
first-contact resolutions. Eighty-six percent of CX leaders predicted that CX
will be "utterly transformed" over the next three years. Human agents will be
able to pick complex conversations from an AI agent, who will already have the
details regarding the issue, and the customer will no longer need to repeat
themselves. AI will instead act as their copilot, shifting human roles toward
"expertise-based work, away from routine tasks." Recognizing the evolving
trend, Salesforce, a leader in AI integration, has introduced Agentforce, a
"proactive, autonomous application that provides specialized, always-on
support to employees or customers." Agentforce uses machine learning to deploy
autonomous bots for routine customer service tasks. With AI agents, the
company aligns its customer service efforts with business outcomes such as
increased sales conversions or customer retention, which is directly tied to
pricing.
Striking the balance between cybersecurity and operational efficiency
Security supports the business, the controls are aligned and make perfect
sense, their implementation is smooth, they are behind the scenes, and you can
always get help quickly. In case of an accident, you can move to either the
left, or the right, so you actually have more options than on any of the other
lanes, so this is quite flexible as well. You can see where I am going with
this, right? Similarly you need to be flexible with your cybersecurity
strategy – develop your long term strategy, and start executing it – but use
tactics to do so – when it aligns well with a business opportunity, the
chances to succeed are far greater than when to do so during the middle of a
business disruption. Learn to leverage the upcoming situations as great
opportunities for your long-term advancement of the security strategy. ... It
is important to understand that there are plenty such frameworks, and
guidelines – just imagine in a short blast: ISO27XXX, NIST-800-XXX, NIST CSF,
CIS, COBIT, COSO, ITIL, PCI, OWASP, plus a plethora of others, plus all the
regulations. Further, the majority of these frameworks are quite similar when
you actually break them down, with quite some overlap, but also serious gaps
otherwise.
Quote for the day:
"The mediocre leader tells. The good
leader explains. The superior leader demonstrates. The great leader
inspires." -- Gary Patton
No comments:
Post a Comment