How CISOs can turn around low-performing cyber pros
When facing difficulties in both their professional and personal lives, people
can start to withdraw and be less interested in contributing, even doing the
bare minimum. They might also make mistakes more often or miss deadlines, or
they can care less about how their colleagues or managers perceive their work.
Body language can also provide insight into an employee’s emotional state and
engagement level. When assigning tasks, Michelle Duval, founder and CEO at
Marlee, a collaboration and performance AI for the workplace, looks her
colleagues in the eyes. “Avoiding eye contact or visible sighing… are helpful
clues,” she says. ... When it comes to helping employees improve their
performance, the key point is to understand why they have problems in the first
place and act quickly. “The best coaching depends on what type of problem you’re
fixing,” says Caroline Ceniza-Levine, executive recruiter and career coach. “If
the employee’s work product is suffering, they may need more direction or skills
training. If the employee is disengaged, they may need help getting motivated –
in this case, giving them more information around why their work matters and how
important their contribution is may help.”
AI in Finserv: Predictive Analytics to Inclusive Banking
AI’s ability to synthesise vast amounts of data allows organisations to connect
data from previously disparate sources, and then analyse it to detect historical
patterns and deliver forward-looking insights. In the banking industry, this is
happening at both a high level through traditional data analysis, and,
increasingly, through more advanced AI tools including Natural Language
Processing (NLP) and Machine Learning (ML). As organisations continue gathering
these predictive analytics, many are also in the process of providing feedback
to their AI systems which will ultimately improve their predictive accuracy over
time. The main use case in which banks are currently seeing the biggest impact
from AI-powered predictive insights is in forecasting consumer behaviour. ...
AI-powered fraud detection algorithms can analyse vast amounts of transaction
data in real-time at a scale that’s unattainable by humans. The real-time nature
of these systems also allows organisations to prevent loss by intercepting
anomalous transactions before they’re settled. This scalable, automatic approach
also makes it easier for financial organisations to stay in compliance with
relevant anti-money laundering (AML) and anti-terrorist financing regulations
and avoid steep penalties.
Critical Software Must Drop C/C++ by 2026 or Face Risk
The federal government is heightening its warnings about dangerous software
development practices, with the U.S. Cybersecurity and Infrastructure Security
Agency (CISA) and the Federal Bureau of Investigation (FBI) issuing stark
warnings about basic security failures that continue to plague critical
infrastructure. ... The report also states that the memory safety roadmap
should outline the manufacturer’s prioritized approach to eliminating memory
safety vulnerabilities in priority code components. “Manufacturers should
demonstrate that the memory safety roadmap will lead to a significant,
prioritized reduction of memory safety vulnerabilities in the manufacturer’s
products and demonstrate they are making a reasonable effort to follow the
memory safety roadmap,” the report said. “There are two good reasons why
businesses continue to maintain COBOL and Fortran code at scale. Cost and
risk,” Shimmin told The New Stack. “It’s simply not financially possible to
port millions of lines of code, nor is it a risk any responsible organization
would take.” ... Finally, it is good that CISA is recommending that companies
with critical software in their care should create a stated plan of attack by
early 2026, Shimmin said.
Into the Wild: Using Public Data for Cyber Risk Hunting
.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
Threat hunting, on the contrary, is a proactive approach. It means that cyber
teams go out into the wild and proactively identify potential risks and threat
patterns, isolating them before they can cause any harm. A threat-hunting team
requires specific knowledge and skills. Therefore, it usually consists of
various professionals, such as threat analysts, who analyze available data to
understand and predict the attacker's behavior; incident responders, who are
ready to reduce the impact of a security incident; and cybersecurity
engineers, responsible for building a secure network solution capable of
protecting the network from advanced threats. These teams are trained to
understand their company's IT environment, gather and analyze relevant data,
and identify potential threats. Moreover, they have a clear risk escalation
and communication process, which helps effectively react to threats and
mitigate risks. Specialists often use a combination of tools that help in
threat hunting. ... Endpoint detection and response (EDR) systems combine
continuous real-time monitoring and collection of end-point data with a
rule-based automated response.
How to Keep IT Up and Running During a Disaster
Using IoT sensing technology can provide early warning of disaster events and
keep an eye on equipment if human access to facilities is cut off. Sensors and
cameras can be helpful in determining when it may be appropriate to switch
operations to other facilities or back up servers. Moisture sensors, for
example, can detect whether floods may be on the verge of impacting device
performance. ... In disaster-prone regions, it is advisable to proactively
facilitate relationships with government authorities and emergency response
agencies. This can be helpful both in ensuring continued compliance and
assistance in the event of a natural disaster. “There are certain aspects of
[disaster response] that need to be captured,” Miller says. “A lot of times in
crisis mode, that becomes a secondary focus. But [disaster management] systems
allow the tracking and the recording of that information.” Being aware of
deadlines for compliance reporting and being in contact with regulators if
they might be missed can save money on potential fines and penalties. And
notifying emergency response agencies may result in prioritization of
assistance given the economic imperatives of IT continuity.
Breaking Down Data Silos With Real-Time Streaming
Traditional "extract, transform, load" and "extract, load, transform" data
pipelines have historically been the primary method for moving data into
analytics. But analytics consumers have often had limited control or influence
over the source data model, which is typically defined by application
developers in the operational domain. Data is also often stale and outdated by
the time it arrives for processing. "By shifting data processing and
governance, organizations can eliminate redundant pipelines, reduce the risk
and impact of bad data at its source, and leverage high-quality, continuously
up-to-date data assets for both operational and analytical purposes," LaForest
said. Real-time data streaming is especially crucial in sectors such as
finance, e-commerce and logistics, where even a few seconds of delay can
negatively impact customer satisfaction and profitability. ... Real-time data
streaming is emerging as the foundation for the next wave of AI innovation.
For predictive AI and pattern recognition, data needs to be available in real
time to drive accurate, immediate insights. Real-time data pipelines are
essential for enabling AI systems to deliver smarter, faster insights and
drive more accurate decision-making across the enterprise.
Is now the right time to invest in implementing agentic AI?
What makes agentic AI autonomous or able to take actions independently is its
ability to interpret data, predict outcomes, and make decisions, learning from
new data — unlike traditional RPA, which falters when encountering unexpected
data, said Cameron Marsh, senior analyst at Nucleus research. This adaptive
nature of agentic AI, according to Chada, can help enterprises increase
efficiency by handling complex, variable tasks that traditional RPA can’t
manage, such as the roles of a claims adjuster, a loan officer, or a case
worker, provided that it has access to the necessary data, workflows, and
tools required to complete the task. ... Some platform vendors are already
offering low-code and no-code agent development and management platforms, but
these are limited in their functionality to building simple agents or
modifying templates for agents built by the vendors themselves, analysts said.
“Creating more complex agents, specifically ones that require customized
integrations and nuanced decision-making abilities still demands some
technical understanding of data flows, machine learning model tuning, and API
integrations,” Futurum’s Hinchcliffe said, adding that there is a learning
curve on these platforms and that the migration journey could be resource
intensive.
How open-source MDM solutions simplify cross-platform device management
Few MDM solutions effectively address the challenge of device diversity, as
most are designed to manage specific hardware or software platforms. This
limitation forces businesses to juggle multiple solutions to cover their
entire device ecosystem. Open-source MDM solutions, however, offer flexible,
modular architectures that adapt to various operating systems and device
types. Open standards and extensible APIs ensure cross-platform compatibility,
from mobile devices to servers to IoT endpoints. Unified management interfaces
abstract platform complexities, providing consistent administration across
diverse devices, while collaboration with open-source communities broadens
device support. These approaches simplify management for IT teams in
heterogeneous environments, reducing the need for multiple specialized
solutions. ... An effective MDM solution enhances device management in remote
locations by enabling developers and administrators to create lightweight
agents for low-bandwidth environments and implement platform-agnostic policies
for diverse ecosystems. With custom scripts and modular components, businesses
can tailor management workflows to align with specific operational demands,
ensuring seamless integration across various environments.
4 Essential Strategies for Enhancing Your Application Security Posture
Whatever the cause, the torrent of false positives wastes time, lowers
security team morale, and obscures real threats. As a result, risks of a major
oversight increase, and response time to actual threats slows, leading to
undetected breaches, data loss, financial damage, and erosion of customer
trust. ... To successfully implement shifting left, AppSec must deliver
solutions that eliminate the burden of manual security tasks. The ASPM
strategy is to integrate tools directly into the development environment to
make security checks a seamless part of the development workflow. Such
integrations would provide real-time feedback and actionable security
guidance, minimizing disruptions and significantly enhancing productivity. ...
One of the biggest challenges in AppSec today is tool sprawl. The wide array
of tools promising to plug different security gaps burdens security teams with
a complex security ecosystem that locks critical data into tool-specific
silos. This data fragmentation makes it impossible for security teams to gain
a holistic view of the security environment, leading to confusion and missed
vulnerabilities when insights from one tool don’t correlate with insights from
another.
How a classical computer beat a quantum computer at its own game
Confinement is a phenomenon that can arise under special circumstances in
closed quantum systems and is analogous to the quark confinement known in
particle physics. To understand confinement, let's begin with some quantum
basics. On quantum scales, an individual magnet can be oriented up or down, or
it can be in a "superposition"—a quantum state in which it points both up and
down simultaneously. How up or down the magnet is affects how much energy it
has when it's in a magnetic field. ... Serendipitously, IBM had, in their
initial test, set up a problem where the organization of the magnets in a
closed two-dimensional array led to confinement. Tindall and Sels realized
that since the confinement of the system reduced the amount of entanglement,
it kept the problem simple enough to be described by classical methods. Using
simulations and mathematical calculations, Tindall and Sels came up with a
simple, accurate mathematical model that describes this behavior. "One of the
big open questions in quantum physics is understanding when entanglement grows
rapidly and when it doesn't," Tindall says.
Quote for the day:
"The meaning of life is to find your
gift. The purpose of life is to give it away." -- Anonymous
No comments:
Post a Comment