The looming battle over where generative AI systems will run
What is becoming more apparent is that the location where most generative AI
systems will reside (public cloud platforms versus on-premises and edge-based
platforms) is still being determined. Vellante’s article points out that AI
systems are running neck-and-neck between on-premises and public cloud
platforms. Driving this is the assumption that the public cloud comes with some
risk, including IP leakage, or when better conclusions from your data appear at
the competition. Also, enterprises still have a lot of data in traditional data
centers or on edge computing rather than in the cloud. This can cause problems
when the data is not easily moved to the cloud, with data silos being common
within most enterprises today. AI systems need data to be of value, and thus it
may make sense to host the AI systems closest to the data. I would argue that
data should not exist in silos and that you’re enabling an existing problem.
However, many enterprises may not have other, more pragmatic choices, given the
cost of fixing such issues.
Quantum Computing: Australia’s Next Great Tech Challenge & Opportunity
One of the big opportunities for Australia in this space will be its close
relationship with the United States. Because of the sheer value of quantum
computing research and technology across both military and civilian IP, nations
tend to be more circumspect about sharing information in comparison to
conventional technology. The downside to this is that it means the U.S. isn’t
able to draw on the same global pool of talent that it’s used to. A shortage of
talent isn’t such a major issue in regular computing fields because global
talent tends to pool and openly share information. ... “As other nations push
forward, Australia risks missing out on the potential economic benefits,” a
report by the University of Sydney notes. “We could also lose talented workers
to countries that are investing more in quantum research. “Projects like the
ambitious attempt to build the world’s first complete quantum computer aim to
provide local opportunities and funding alongside their top-line goals.
Moreover, Australia has a responsibility to ensure quantum technologies are
developed and used ethically, and their risks managed.”
Q&A: An Introduction to Streaming AI
Streaming AI is about continuously training ML models using real-time data,
sometimes with human involvement. The incoming data streams from many sources
are analyzed, combined with contextual information, and matched against features
that carry condensed information and intelligence specific to the given problem.
ML algorithms continually generate these features using the most current data
available. On the other hand, as noted earlier, generative AI focuses on
generating responses based on a “seed” and then a pattern for finding the next
thing to tack on. This works to generate content that conforms to certain
parameters the model has “learned.” It is bounded, but not in a way that the
boundaries can be easily understood. Until the recent rise of LLMs, considerable
effort was invested in making ML models explainable to humans. The question was:
how does the model arrive at its result? The “I have no idea” response is hard
for humans to accept. In the made-up legal case citations example, the LLM
program generated a motion that argued a point, but when asked to explain or
validate its path, it just made some stuff up.
CISO’s role in cyber insurance
Enter cyber insurance, a safety net that offers organisations a way to mitigate
the financial impact of these cyber incidents. However, navigating the complex
landscape of cyber insurance is no small feat. This is where the Chief
Information Security Officer (CISO) comes into play. As the vanguard of an
organisation’s cybersecurity efforts, the CISO not only ensures that digital
fortresses are robust but also plays a pivotal role in the realm of cyber
insurance. Their expertise and insights are instrumental in assessing risks,
selecting the right coverage, and ensuring that the organisation gets the most
out of its policy. In essence, the CISO bridges the gap between the technical
world of cybersecurity and the financial realm of insurance, ensuring that
businesses are both well protected and well insured. ... As the primary
custodian of an organisation’s cybersecurity posture, the CISO is responsible
for conducting a thorough risk assessment. This involves identifying potential
vulnerabilities, assessing the potential impact of different types of cyber
incidents, and estimating the financial costs associated with these
incidents.
Bolstering Africa’s Cybersecurity
In recent weeks and months, we have seen opportunities arise, often provided by
academia and government, to improve cyber education. However, some parts of
Africa are still without decent levels of electricity. So, is the dream of cyber
education for all unattainable? ... Despite this, Africa-based data
security analysts point out that a dearth of qualified technicians coupled with
a lack of investment in cybersecurity has been the direct contributor to a
growth in the amount and scale of successful cyberattacks. In fact, according to
research from IFC and Google, Africa’s e-economy is expected to reach $180
billion by 2025, but its lack of security support could halt that growth. Most
of these campaigns are based upon spam or phishing efforts derived from
information garnered from open source intelligence (OSINT), which is often more
effective against a remote workforce that may be more exposed to attack
techniques while outside of the technical and administrative controls of
traditional office work.
Everything Can Change: The Co-Evolution of the CMO and the CISO
Organizations with an established partnership between the CISO and CMO tend to
outperform their competitors. This collaboration allows for a cohesive approach
to risk management and brand protection, resulting in increased customer trust
and loyalty. Organizations that view the CISO purely as a technical operational
leader often struggle with cybersecurity initiatives and fail to align security
measures with business goals. This approach limits the potential for strategic
contributions from the CISO in driving revenue growth and defending value. On
the other hand, organizations that integrate the CISO into the go-to-market
strategy leverage their expertise to address security concerns proactively,
enhancing customer trust and differentiating themselves from competitors. By
combining security practices with marketing efforts, these organizations can
communicate their commitment to data protection and establish a competitive
advantage in terms of trustworthiness. Effective CISOs have a seat at the
executive table, allowing them to more directly align security initiatives with
business outcomes.
Machine unlearning: The critical art of teaching AI to forget
Machine unlearning is the process of erasing the influence specific datasets
have had on an ML system. Most often, when a concern arises with a dataset, it’s
a case of modifying or simply deleting the dataset. But in cases where the data
has been used to train a model, things can get tricky. ML models are essentially
black boxes. This means that it’s difficult to understand exactly how specific
datasets impacted the model during training and even more difficult to undo the
effects of a problematic dataset. OpenAI, the creators of ChatGPT, have
repeatedly come under fire regarding the data used to train their models. A
number of generative AI art tools are also facing legal battles regarding their
training data. Privacy concerns have also been raised after membership inference
attacks have shown that it’s possible to infer whether specific data was used to
train a model. This means that the models can potentially reveal information
about the individuals whose data was used to train it.
Unit Tests Are Overrated: Rethinking Testing Strategies
Unit tests fare much more poorly with this metric than most people realize. The
first problem is that they often don’t provide useful information about the
actual state of the system under review. When unit tests are written as
acceptance tests, they are often intricately coupled with the specific
implementation. They will only fail if the implementation changes, not when
changes break the system (e.g., verifying the value of a class constant). Using
acceptance tests as regression tests must be done intentionally and
thoughtfully, deleting everything that does not provide useful information about
the system’s behavior. Another major problem with unit tests is that to test the
inputs of one method, you often need to mock out the responses from other
methods. When you do this, you are no longer testing the system you have, you
are testing a system that you assumed you had in the past. The system can break
and a unit test will not fail because it had an assumption that an input would
be received that the real-world system no longer supplies.
The vital role the CISO has to play in the boardroom
Cybersecurity risk management and information governance are complex and gritty
subjects which can be hard to follow for the uninitiated. Boardrooms aren’t the
place for the ins and outs of the issue at hand. Learning to communicate
effectively is possibly the single most important skill for aspiring and
ambitious CISOs. Throughout history, great leaders have demonstrated an
excellent ability to communicate, bringing people on a journey with them and
gathering support along the way. This is not about dumbing down or glossing over
the important parts. Rather, it’s about honing a fundamental business skill:
being able to make a compelling argument clearly and concisely. You need to be
able to translate critical cybersecurity information into business objectives.
Cybersecurity risk management is a regulated requirement. Board directors,
officers and senior management can be held liable for the decisions they make
around cybersecurity risks and incidents. Clear and effective communication is
critical in supporting organisations to make the right decisions that could be
later relied upon to protect its people.
3 strategies that can help stop ransomware before it becomes a crisis
Without an incident response plan in place, companies typically panic, not
knowing who to call, or what to do, which can make paying the ransom seem like
the easiest way out. With a plan in place, however, people know what to do and
will ideally have practised the plan ahead of time to ensure disaster recovery
measures work the way they're supposed to. ... Having multiple layers of
defense, as well as setting up multifactor authentication and data encryption,
are fundamental to cybersecurity, but many companies still get them wrong.
Stone recently worked with an educational organization that had invested
heavily in cybersecurity. When they were hit by ransomware, they were able to
shift operations to an offline backup. Then the attackers escalated their
demands -- if the organization didn’t pay the ransom, their data would be
leaked online. “The organization was well prepared for an encryption event,
but not prepared for the second ransom,” Stone says. “There was actual
sensitive data that would trigger a number of regulatory compliance
actions.”
Quote for the day:
"Added pressure and responsibility
should not change one's leadership style, it should merely expose that which
already exists." -- Mark W. Boyer
