Will Rogue AI Become an Unstoppable Security Threat?
The rogue AI concept generally refers to AI systems that have been trained to
generate or identify opportunities to exploit code or system vulnerabilities and
then take some form of destructive action without human intervention, Saylors
says. That action could be the creation of code known to be vulnerable and
publishing it to a common code repository with the expectation it would be
exploited at a later date. It could also be the active exploitation of
vulnerabilities by the AI technology itself. The latter action is an extreme
example, Saylors says, and generally only a concern for governments or
high-profile enterprises, such as defense contractors and financial
institutions. “Such organizations already tend to be under constant attack from
well-funded APT groups,” he notes. Unfortunately, as sophisticated AI
technologies such as ChatGPT become widely available, they will be trained to
exploit code or system vulnerabilities. “I’m not saying ChatGPT, specifically,
will do this, but I’m suggesting that bad actors will clone this type of
technology and train it for nefarious use,” Saylors says.
Generative AI Will Transform Software Development. Are You Ready?
The coming convergence of generative AI and software development will have broad
implications and pose new challenges for your IT organization. As an IT leader,
you will have to strike the balance between your human coders—be they
professionals or cit-devs—and their digital coworkers to ensure optimal
productivity. You must provide your staff guidance and guardrails that are
typical of organizations adopting new and experimental AI. Use good judgment.
Don’t enter proprietary or otherwise corporate information and assets into these
tools. Make sure the output aligns with the input, which will require
understanding of what you hope to achieve. This step, aimed at pro programmers
with knowledge of garbage in/garbage out practices, will help catch some of the
pitfalls associated with new technologies. When in doubt give IT a shout. Or
however you choose to lay down the law on responsible AI use. Regardless of your
stance, the rise of generative AI underscores how software is poised for its
biggest evolution since the digital Wild West known as Web 2.0.
AI outcry intensifies as EU readies regulation
AI offers both the potential to grow the business and a significant risk by
eroding a company’s unique selling point (USP). While business leaders assess
its impact, there is an outcry from industry experts and researchers, which is
set to influence the direction future AI regulations take. In an interview with
the New York Times discussing his decision to leave Google, prominent AI
scientist Geoffory Hinton warned of the unintended consequences of the
technology, saying: “It is hard to prevent bad actors from doing bad things.”
Hinton is among a number of high-profile experts voicing their concerns over the
development of AI. An open letter, published by the Future of Life Institute,
has over 27,000 signatories calling for a pause in the development of AI, among
them Tesla and SpaceX founder, Elon Musk – who, incidentally, is a co-founder of
OpenAI, the organisation behind ChatGPT. Musk has been openly critical of
advancement such as generative AI, but he is reportedly working on his own
version. According to the Financial Times, Musk is bringing together a team of
engineers and researchers to develop his own generative AI system and has
“secured thousands of high powered GPU processors from Nvidia”.
Refined methodologies of ransomware attacks
“Rates of encryption have returned to very high levels after a temporary dip
during the pandemic, which is certainly concerning. Ransomware crews have been
refining their methodologies of attack and accelerating their attacks to reduce
the time for defenders to disrupt their schemes,” said Chester Wisniewski, field
CTO, Sophos. ... “With two thirds of organizations reporting that they have been
victimized by ransomware criminals for the second year in a row, we’ve likely
reached a plateau. The key to lowering this number is to work to aggressively
lower both time to detect and time to respond. Human-led threat hunting is very
effective at stopping these criminals in their tracks, but alerts must be
investigated, and criminals evicted from systems in hours and days, not weeks
and months. Experienced analysts can recognize the patterns of an active
intrusion in minutes and spring into action. This is likely the difference
between the third who stay safe and the two thirds who do not. Organizations
must be on alert 24×7 to mount an effective defense these days,” said
Wisniewski.
Automation: 3 ways it boosts productivity and reduces burnout
When we automate, we can carve out more time for the big stuff—and the more time
we spend on the big stuff, the more engaged we become. Engaged employees aren’t
just happier; they also create better customer experiences. Companies, in turn,
can charge more for their services. The bottom line: Higher engagement is a win
for everyone—companies, customers, and employees alike. To identify your most
meaningful work, ask yourself what you enjoy doing the most and what delivers
the most impact. For me, that’s writing and high-level strategizing. For a
journalist, it might be drafting compelling narratives. For a designer, it might
be brainstorming creative and beautiful ways to solve a customer’s problem. ...
The benefits of automation are multifold: It increases engagement and
productivity; it overcomes human limitations like the need to rest because with
automation you set it and forget it; it minimizes errors; and it establishes
processes that can be consistently refined. This list is not exhaustive. But
here’s the rub: Automation can’t be established in a vacuum.
NoOps vs. ZeroOps: What Are the Differences?
ZeroOps works from the philosophy that a company’s IT team is uniquely
positioned to create innovation that services the organization — if it has time
to think, rather than constantly chasing tickets or dealing with upkeep, that
is. With more time free, IT teams might create new infrastructure that provides
enhanced performance for specific corporate applications or might suggest ways
in which current applications can be improved. The opportunities are limitless —
if only operations teams had the time to do what they need to be doing! And with
ZeroOps, they finally can. A ZeroOps provider works with the IT team to create
an environment that is ideally suited to the organization, but in which the
ZeroOps provider uses a combination of intelligent automation and remote support
to relieve the IT team of the general burden of ensuring the system runs
properly. Removing these burdens from a team’s shoulders allows them to place
focus back on where it should have been in the first place. In other words,
innovation and creation are actually possible again, instead of being bogged
down by the backlog of things to do to keep everything running.
Quantifying the Value of Data to Business Leaders
The ROI of data is frequently obscured when critical data points fail to form a
bigger picture, said Soares. For example, a modest profit from a particular
business asset might not be tracked against a long-enough timescale to warrant
its initial price tag. ... How is it possible to change business culture to
recognize the true value of data? Soares suggested that there is an ultimately
simple way to begin benchmarking across companies to assign data value without
resorting to “voodoo economics.” “The value of a company’s data divided by the
value of the company is what we call a data monetization index,” noted Soares.
“And we have another metric called intangible asset index.” Data-related
intangibles include customer data, employee data, reference data, reports,
critical data elements, and more. How does one identify a critical data element?
Soares estimates that roughly 10% of corporate data would fall under this
category, though this number is contextual: What may be critical for one
application may not be critical for another.
Does Your Organization Need a CISO or an External Advisor?
The question on every leader’s mind now is, what is the best way to prepare?
Should businesses hire a Chief Information Security Officer (CISO), or
incorporate an advisor to the organization's board? Based on our work, we have
several recommendations to navigate the best option for your organization:
Each business context requires a different cybersecurity strategy. Factoring
in the types of threats faced and their level of criticality is also key in
the decision-making process. The different types of threats may include
manufacturing facilities, high value IP (next generation tech, in particular
if related to communications or weapons), infrastructure (e.g., energy
generation or distribution), ransomware targets, and exploitation
opportunities. Being open to exploring hybrid models can be a way to avoid
missteps. What level of sophistication does your organization need in a CISO
or advisor? Companies with low threat levels (are there any left?) or limited
resources may want to rely on external vendors and advisors at early stages on
their cybersecurity journey, rather than hiring a CISO immediately.
4 strategies for embracing ‘Everywhere Work’ in 2023
“When it comes to how and where employees work – leaders who do not embrace
and enable flexibility where they can – also risk not reaping the benefits of
a more engaged, more productive workforce,” said Jeff Abbott, CEO at Ivanti.
Attracting and retaining the very best talent will always be an executive
priority, but the organisations that embrace an Everywhere Work mindset – and
supporting tech stack – will have a sustainable competitive advantage. There
has been a seismic shift in how and where employees expect to get work done
and it's imperative for leaders to break down culture and tech barriers to
enable it.” As employees strive to strike a balance between work and personal
life, they are pushing for new ways of working that help them reduce long
commutes and minimise the negative impact on their health and well-being.
Unfortunately, many employers are still hesitant to fully embrace virtual work
arrangements, treating them as temporary solutions that may be reversed in the
future. This reluctance to embrace remote work has led to widespread burnout
and disengagement among knowledge workers, particularly younger employees.
Introducing the Data Trust Index: A New Tool to Drive Data Democratization
Data quality frameworks have traditionally focused solely on technical data
quality dimensions; the Data Trust Index places a heavy emphasis on the social
trust component of confirmability to account for the emotional and cultural
factors that shape how people perceive and interact with data in their
organizations. The adoption and implementation of data quality frameworks have
typically been regarded as the necessary step for any organization wishing to
promote data democratization. Good quality data will increase use of the data,
or so the logic goes. Our conviction is that a data quality framework is only
the necessary first step, that true data democratization requires a holistic
approach that appeals to both the logical and emotional sides of people. The
Data Trust Index brings data trust out of the realm of sterile dashboards and
into something tangible that instills confidence in data and helps create a
culture of trust around data. We developed the critical components of the
Trust Framework (Credibility, Consistency, Confirmability) over many
conversations about what was working and what wasn’t for our clients seeking
benefits out of investments in data.
Quote for the day:
"To be successful, you have to have
your heart in your business, and your business in your heart." --
Thomas Watson, Sr.
