Clear as mud: global rules around AI are starting to take shape but remain a little fuzzy
There is some subjectivity within the EU efforts, as “high risk” is defined as able to cause harm to society, which could receive wildly different interpretations. That said, the effort comes from the right place, which is to protect and ensure the “fundamental rights of EU citizens.” The EU Council views the act as designed to stimulate investment and innovation, while at the same time, carving out exceptions for “military and defense as well as research purposes.” This perspective is not much different from the one the industry offered up in 2022 before the US Senate during discussions on the challenges of security, cybersecurity in the age of AI. At that hearing, two years ago, the Senate was urged not to stifle innovation as adversaries and economic competitors in other nations were not going to be slowing down their innovation. ... When I asked Price for his thoughts on the US position around global AI that many nations should work together to ensure safety without hampering evolution, he agreed that “security considerations must remain at the forefront of these discussions to ensure that widespread AI adoption does not inadvertently amplify cybersecurity risks.”
Turning Compliance Into Strategy: 4 Tips For Navigating AI Regulation
For Chief Strategy Officers (CSOs), helping their organizations to understand and adapt to AI regulation is essential. CSOs can play a key role in guiding their organizations to turn compliance into strategy ... Establish effective governance frameworks that align with the AI Act’s requirements. This framework should include clear policies on data usage, transparency, accountability and ethical AI practices, as well as implementing AI-driven technologies, to help manage risks. Additionally, developing a governance structure that includes roles and responsibilities for AI oversight, and working with operational leaders to embed governance practices into day-to-day business operations can support the company’s long-term success and ethical reputation. ... Companies that form strategic partnerships are better positioned to stay competitive in the market, helping them navigate regulations like the AI Act. By combining the unique strengths of each partner, business leaders can develop more robust and scalable solutions that are better equipped to handle the nuances of regulations. ... The EU AI Act marks a significant shift in the regulatory landscape, challenging businesses to rethink how they develop and deploy AI technologies.
‘Harvest now, decrypt later’: Why hackers are waiting for quantum computing
The “harvest now, decrypt later” phenomenon in cyberattacks — where attackers
steal encrypted information in the hopes they will eventually be able to
decrypt it — is becoming common. As quantum computing technology develops, it
will only grow more prevalent. ... The average hacker will not be able to get
a quantum computer for years — maybe even decades — because they are
incredibly costly, resource-intensive, sensitive and prone to errors if they
are not kept in ideal conditions. To clarify, these sensitive machines must
stay just above absolute zero (459 degrees Fahrenheit to be exact) because
thermal noise can interfere with their operations. However, quantum computing
technology is advancing daily. Researchers are trying to make these computers
smaller, easier to use and more reliable. Soon, they may become accessible
enough that the average person can own one. ... The Cybersecurity and
Infrastructure Security Agency (CISA) and the National Institute of Standards
and Technology (NIST) soon plan to release post-quantum cryptographic
standards. The agencies are leveraging the latest techniques to make ciphers
quantum computers cannot crack.
AI-driven demand forecasting ensures we’re ‘game-ready’ by predicting user behaviour and traffic
At Dream Sports, AI and machine learning are central to enhancing user
experiences, optimising predictions, and securing our platform. AI-driven
demand forecasting ensures we’re “game-ready” by predicting user behaviour and
traffic for smooth gameplay during peak times. With over 250 million users,
our ML systems safeguard platform integrity, detecting and preventing
violations to ensure fair play. We also leverage ML to personalise user
experiences, optimise rewards programs, and use causal inference for
data-driven decisions across game recommendations and contest management.
Generative AI initiatives include developing an AI Coach and enhancing user
verification and customer success systems. Our collaboration with Columbia
University’s Dream Sports AI Innovation Centre advances AI/ML applications in
sports, focusing on predictive modelling, fan engagement, and sports tech
optimisation. This partnership, alongside internal initiatives, helps us lead
in reshaping sports technology with more immersive, personalised experiences
through the rise of generative AI.
5 things your board needs to know about innovation and thought leadership
The most successful organizations have a programmatic approach to managing
innovation and thought leadership, which helps them build organizational
competency over time in both disciplines. How it’s structured is less
important since it can be centralized, decentralized, or hybrid, but having a
defined program with a mission, vision, strategy, and operating plan at a
minimum is critical. As an example, the US Navy set a vision for 2030 related
to the future of naval information warfare, creating a Hollywood-produced
video, which became a north star for the organization, unlocking millions in
funding for AI. The focus and types of innovation and thought leadership you
pursue are important, too. In addition to an internal and client-facing focus,
have a known set of innovation enablers you plan to pursue such as data and
analytics, automation, adaptability, cloud, digital twins and AI, but be open
to adding others as needed. The same is true for your editorial calendar for
thought leadership and the topics you plan to address. And hear out new
thought leadership topics that may come from left field, which could benefit
customers. In addition, keep the board appraised on your multi-year innovation
journey, goals and objectives.
Cloud Security Risk Prioritization is Broken. Here’s How to Fix It.
Business context is critical. It’s easy to understand, for example, a CVE in a
payment application is a high priority. Whereas, the same CVE in a search
application is low priority. Security programs must also take this into
account. Effective security paradigms understand which detected
vulnerabilities have the greatest business impact, so security teams aren’t
spending time prioritizing lower-risk vulnerabilities. Traditional security
applications run tests on code before it’s pushed. While this pre-production
testing is still a best practice, it misses how code interacts with the
environmental variables, configurations, and sensitive data it will coexist
with once deployed. This insight is essential when you’re working to
understand how a cloud-native application will function when live.
Technologies such as application security posture management (ASPM) facilitate
a more proactive approach by automating security review processes in
production and creating a live view of an application, its vulnerabilities,
and business risks. ASPM provides visibility into what’s happening in the
cloud, giving security teams a better understanding of application behavior
and attack surfaces so they can prioritize appropriately.
A Look Inside the World of Ethical Hacking to Benefit Security
While there can be many different siloes and areas of focus within the ethical
hacking community, enterprises tend to interact with these experts in a few
different ways. Penetration testing is a common connection between enterprises
and ethical hackers, often one driven by compliance requirements. Larger, more
mature organizations may employ penetration testers internally in addition to
contracting with third parties. While many organizations rely solely on third
parties. Enterprises may also engage ethical hackers to participate in red
teaming exercises, simulations of real-world attacks. Typically, these
exercises have a specific objective, and ethical hackers are free to use
whatever means available to achieve that objective. Hannan offers a physical
security assessment as an example of a red teaming exercise. “Walk into a
building, find an unlocked computer, and plug a USB device into the computer,”
he details. “That might be one of your objectives. How do you get into the
building? Do you impersonate a delivery person? Do you impersonate an HVAC
person? Do you just show up in a yellow vest and a hard hat and walk into the
building? That's left up to you.”
Offensive cyber operations are more than just attacks
AI is already transforming offensive cyber operations by expanding data
visibility and streamlining threat intelligence, which are critical for both
defensive and offensive purposes. AI enables faster decision-making and the
ability to predict and respond to threats more effectively. However, it also
empowers adversaries, allowing for more sophisticated attacks which could
include generating deepfakes, designing advanced malware, and spreading
misinformation at an unprecedented scale on social media
platforms. Quantum computing, while still in its early stages, poses a
significant long-term challenge. Its potential to break current encryption
methods could render many of today’s cybersecurity practices obsolete,
creating new vulnerabilities for exploitation. ... A key limitation is time.
Once a threat is identified, the race to harden systems and close
vulnerabilities begins. The longer it takes to respond, the more risk
organizations face. As threats become more sophisticated, defenders must
continuously adapt and anticipate new methods of attack, making speed,
agility, and proactive defense critical factors in minimizing exposure and
mitigating risk.
Quantum Risks Pose New Threats for US Federal Cybersecurity
Adversaries including China are investing heavily in quantum computing in an
apparent effort to outpace the United States, where bureaucratic red tape and
unforeseen costs could significantly hinder federal efforts to keep up.
"Upgrading this infrastructure isn’t going to be quick or cheap," said
Georgianna Shea, chief technologist of the Foundation for Defense of
Democracies' Center on Cyber and Technology Innovation. Testing for
quantum-resistant encryption could reveal compatibility issues with legacy
systems, such as increased power demands, reduced performance, larger key
sizes and the need to adjust existing protocols and application stacks for
keys and digital signatures, she told Information Security Media Group. The
Foundation for Defense of Democracies is set to release new guidance for CIOs
on Monday that will aim to lay out a road map for quantum readiness. The
report is structured as a six-point plan that includes designating a leader,
taking inventory of all encryption systems, prioritizing based on risk,
understanding mitigation strategies, developing a transition plan and
regularly monitoring and adjusting it as needed.
The Rise of Generative AI Fuels Focus on Data Quality
Traditionally, data quality initiatives have often been isolated efforts,
disconnected from core business goals and strategic initiatives. Some data
quality initiatives are compliance-focused, data cleaning, or departmental
efforts — all are very important but not directly tied to larger business
goals. This makes it difficult to quantify the impact of data quality
improvements and secure the necessary investment. As a result, data quality
struggles to gain the crucial attention it deserves. However, the rise of
GenAI presents a game-changer for enterprises. GenAI apps rely heavily on
high-quality data to generate accurate and reliable results. ... Organizations
need a new way to organize the data and make it GenAI-ready, making sure it is
continuously synced with the source systems, continuously cleansed according
to a company's data quality policies, and continuously protected. But the
solution extends beyond technology. Organizations must prioritize data quality
by establishing key performance indicators (KPIs) directly linked to GenAI
success, such as customer satisfaction, resolution rate, and response time.
Quote for the day:
“If you want to make a permanent
change, stop focusing on the size of your problems and start focusing on the
size of you!” -- T. Harv Eker
No comments:
Post a Comment