Quote for the day:
“You don’t lead by pointing and telling people some place to go. You lead by going to that place and making a case.” -- Ken Kesey
9 things CISOs need know about the dark web
There’s a growing emphasis on scalability and professionalization, with
aggressive promotion and recruitment for ransomware-as-a-service (RaaS)
operations. This includes lucrative affiliate programs to attract technically
skilled partners and tiered access enabling affiliates to pay for premium tools,
zero-day exploits or access to pre-compromised networks. It’s fragmenting into
specialized communities that include credential marketplaces, exploit exchanges
for zero-days, malware kits, and access to compromised systems, and forums for
fraud tools. Initial access brokers (IABs) are thriving, selling entry points
into corporate environments, which are then monetized by ransomware affiliates
or data extortion groups. Ransomware leak sites showcase attackers’ successes,
publishing sample files, threats of full data dumps as well as names and stolen
data of victim organizations that refuse to pay. ... While DDoS-for-hire
services have existed for years, their scale and popularity are growing. “Many
offer free trial tiers, with some offering full-scale attacks with no daily
limits, dozens of attack types, and even significant 1 Tbps-level output for a
few thousand dollars,” Richard Hummel, cybersecurity researcher and threat
intelligence director at Netscout, says. The operations are becoming more
professional and many platforms mimic legitimate e-commerce sites displaying
user reviews, seller ratings, and dispute resolution systems to build trust
among illicit actors.CMMC Compliance: Far More Than Just an IT Issue
For many years, companies working with the US Department of Defense (DoD)
treated regulatory mandates including the Cybersecurity Maturity Model
Certification (CMMC) as a matter best left to the IT department. The prevailing
belief was that installing the right software and patching vulnerabilities would
suffice. Yet, reality tells a different story. Increasingly, audits and
assessments reveal that when compliance is seen narrowly as an IT
responsibility, significant gaps emerge. In today’s business environment,
managing controlled unclassified information (CUI) and federal contract
information (FCI) is a shared responsibility across various departments – from
human resources and manufacturing to legal and finance. ... For CMMC
compliance, there needs to be continuous assurance involving regularly
monitoring systems, testing controls and adapting security protocols whenever
necessary. ... Businesses are having to rethink much of their approach to
security because of CMMC requirements. Rather than treating it as something to
be handed off to the IT department, organizations must now commit to a
comprehensive, company-wide strategy. Integrating thorough physical security,
ongoing training, updated internal policies and steps for continuous assurance
mean companies can build a resilient framework that meets today’s regulatory
demands and prepares them to rise to challenges on the horizon.Beyond Burnout: Three Ways to Reduce Frustration in the SOC
For years, we’ve heard how cybersecurity leaders need to get “business smart”
and better understand business operations. That is mostly happening, but it’s
backwards. What we need is for business leaders to learn cybersecurity, and even
further, recognize it as essential to their survival. Security cannot be viewed
as some cost center tucked away in a corner; it’s the backbone of your entire
operation. It’s also part of an organization’s cyber insurance – the internal
insurance. Simply put, cybersecurity is the business, and you absolutely cannot
sell without it. ... SOCs face a deluge of alerts, threats, and data that no
human team can feasibly process without burning out. While many security
professionals remain wary of artificial intelligence, thoughtfully embracing AI
offers a path toward sustainable security operations. This isn’t about replacing
analysts with technology. It’s about empowering them to do the job they actually
signed up for. AI can dramatically reduce toil by automating repetitive tasks,
provide rapid insights from vast amounts of data, and help educate junior staff.
Instead of spending hours manually reviewing documents, analysts can leverage AI
to extract key insights in minutes, allowing them to apply their expertise where
it matters most. This shift from mundane processing to meaningful analysis can
dramatically improve job satisfaction.
7 legal considerations for mitigating risk in AI implementation
AI systems often rely on large volumes of data, including sensitive personal,
financial and business information. Compliance with data privacy laws is
critical, as regulations such as the European Union’s General Data Protection
Regulation, the California Consumer Privacy Act and other emerging state laws
impose strict requirements on the collection, processing, storage and sharing of
personal data. ... AI systems can inadvertently perpetuate or amplify biases
present in training data, leading to unfair or discriminatory outcomes. This
risk is present in any sector, from hiring and promotions to customer engagement
and product recommendations. ... The legal framework surrounding AI is evolving
rapidly. In the U.S., multiple federal agencies, including the Federal Trade
Commission and Equal Employment Opportunity Commission, have signaled they will
apply existing laws to AI use cases. AI-specific state laws, including in
California and Utah, have taken effect in the last year. ... AI projects involve
unique intellectual property questions related to data ownership and IP rights
in AI-generated works. ... AI systems can introduce new cybersecurity
vulnerabilities, including risks related to data integrity, model manipulation
and adversarial attacks. Organizations must prioritize cybersecurity to protect
AI assets and maintain trust.
Forrester’s Keys To Taming ‘Jekyll and Hyde’ Disruptive Tech
“Disruptive technologies are a double-edged sword for environmental
sustainability, offering both crucial enablers and significant challenges,”
explained the 15-page report written by Abhijit Sunil, Paul Miller, Craig Le
Clair, Renee Taylor-Huot, Michele Pelino, with Amy DeMartine, Danielle Chittem,
and Peter Harrison. “On the positive side,” it continued, “technology
innovations accelerate energy and resource efficiency, aid in climate adaptation
and risk mitigation, monitor crucial sustainability metrics, and even help in
environmental conservation.” “However,” it added, “the necessary compute power,
volume of waste, types of materials needed, and scale of implementing these
technologies can offset their benefits.” ... “To meet sustainability goals with
automation and AI,” he told TechNewsWorld, “one of our recommendations is to
develop proofs of concept for ‘stewardship agents’ and explore emerging robotics
focused on sustainability.” When planning AI operations, Franklin Manchester, a
principal global industry advisor at SAS, an
analytics and artificial intelligence software company in Cary, N.C., cautioned,
“Not every nut needs to be cracked with a sledgehammer.” “Start with good
processes — think lean process mapping, for example — and deploy AI where it
makes sense to do so,” he told TechNewsWorld.5 Key Benefits of Data Governance
Data governance processes establish data ethics, a code of behavior providing a
trustworthy business climate and compliance with regulatory requirements. The
IAPP calculates that 79% of the world’s population is now protected under
privacy regulations such as the EU’s General Data Protection Regulation (GDPR)
and the California Consumer Privacy Act (CCPA). This statistic highlights the
importance of governance frameworks for risk management and customer
trust. ... Data governance frameworks recognize data governance roles and
responsibilities and streamline processes so that corporate-wide communications
can improve. This systematic approach sets up businesses to be more agile,
increasing the “freedom to innovate, invest, or hunker down and focus
internally,” says O’Neal. For example, Freddie Mac developed a solid data
strategy that streamlined data governance communications and later had the level
of buy-in for the next iteration. ... With a complete picture of business
activities, challenges, and opportunities, data governance creates the
flexibility to respond quickly to changing needs. This allows for better
self-service business intelligence, where business users can gather
multi-structured data from various sources and convert it into actionable
intelligence.Architecture Lessons from Two Digital Transformations
Cloud security in multi-tenant environments
The most useful security strategy in a multi-tenant cloud environment comes from cultivating a security-first culture. It is important to educate the team on the intricacies of the cloud security system, implementing stringent password and authentication policies, thereby promoting secure practices for development. Security teams and company executives may reduce the possible effects of breaches and remain ready for changing threats with the support of event simulations, tabletop exercises, and regular training. ... As we navigate the evolving landscape of enterprise cloud computing, multi-tenant environments will undoubtedly remain a cornerstone of modern IT infrastructure. However, the path forward demands more than just technological adaptation – it requires a fundamental shift in how we approach security in shared spaces. Organizations must embrace a comprehensive defense-in-depth strategy that transcends traditional boundaries, encompassing everything from robust infrastructure hardening to sophisticated application security and meticulous user governance. The future of cloud computing need not present a binary choice between efficiency and security. ... By placing security at the heart of multi-tenant operations, organizations can fully harness the transformative power of cloud technology while protecting their most critical assetsThis Big Data Lesson Applies to AI
Bill Schmarzo was one of the most vocal supporters of the idea that there were
no silver bullets, and that successful business transformation was the result of
careful planning and a lot of hard work. A decade ago, the “Dean of Big Data”
let this publication in on secret recipe he would use to guide his clients. He
called it the SAM test, and it allowed business leaders to gauge the viability
of new IT projects through three lenses.First, is the new project strategic?
That is, will it make a big difference for the company? If it won’t, why are you
investing lots of money? Second, is the proposed project actionable? You might
be able to get some insight with the new tech, but can your business actually do
anything with it? Third, is the project material? The new project might
technically be feasible, but if the costs outweigh the benefits, then it’s a
failure. Schmarzo, who is currently working as Dell’s Customer AI and Data
Innovation Strategist, was also a big proponent of the importance of data
governance and data management. The same data governance and data management
bugaboos that doomed so many big data projects are, not surprisingly, raising
their ugly little heads in the age of AI. Which brings us to the current AI hype
wave. We’re told that trillions of dollars are on the line with large language
models, that we’re on the cusp of a technological transformation the likes of
which we have never seen.
No comments:
Post a Comment