FTC offers $25,000 prize for detecting AI-enabled voice cloning
Through the Voice Cloning Challenge, the FTC aims to find a solution that can
identify cases of voice cloning with the help of generative AI. The agency calls
it “an exploratory challenge” that could potentially provide a direction for the
risk mitigation effort. The winning proposal will receive $25,000 and the
runner-up will get $4,000. There are up to three honorable mentions, each
awarded with $2,000. On January 2nd, the agency started accepting submissions
via this portal and will receive ideas for 10 days, until January 12, 08:00 PM
EST. Submissions must include a one-page overview of the proposal and a detailed
description of up to 10 pages. Participants may also include a video to show how
their idea works. All submissions will be judged based on their practical
feasibility, impact on corporate accountability and burden on the consumer, and
resilience to rapid technological advancements in the field. Should the
challenge fail to yield any effective defense ideas, FTC notes that the effort
will serve as an early warning for policymakers and would highlight the need for
more stringent regulations on the use of AI technology.
Building a Great Security Operations Center
Without a defined SOC strategy, security leaders may struggle to prioritize
resources. A strategy provides direction based on various inputs such as the
threat landscape, regulatory requirements and threat assessments specific to the
organization. In the context of an SOC, the primary objective of the SOC
strategy should be to avoid a situation where the cost and effort is high and
the value and return on investment (ROI) is low. The aim of the SOC strategy is
to ensure that the SOC effectively fulfils its function and, in doing so, helps
the organization to fulfil its overall business objectives. A well-architected
SOC provides a positive ROI by minimizing potential financial losses due to
cyberincidents. At the same time, an SOC enhances an organization’s ability to
detect and respond to cyberthreats in real time, safeguarding sensitive data and
protecting the organization’s reputation. Therefore, compliance, ROI and risk
reduction are interconnected. Although it is easy to get carried away with
generic cybersecurity use cases, the development of business-aligned use cases
is what separates average SOCs from great SOCs.
Is the vCISO Model Right for Your Organization?
It's getting harder to justify not having a CISO, so many businesses that have
never had one are filling the gap with a virtual CISO (vCISO). A vCISO,
sometimes referred to as a fractional CISO or CISO-as-a-service, is typically a
part-time, outsourced security expert who helps businesses protect their
infrastructure, data, personnel and customers. Depending on the needs of the
company, vCISOs can work on-site or remotely, for the long term or short term.
There are plenty of reasons why companies are going the vCISO route. Sometimes
it's an internal crisis where a company's CISO has unexpectedly resigned and the
board needs time to find a permanent new one. Other times it revolves around new
regulatory or business requirements or a cybersecurity framework the company
needs to adhere to, like NIST's Cybersecurity Framework 2.0. Sometimes a board
member used to being briefed by the CISO may request a vCISO. "A smaller company
might need a CISO but just a few days a week, and that type of delivery model is
perfect for a vCISO," says Russell Eubanks, a vCISO who is also on the faculty
of IANS Research and an instructor with SANS Institute.
Generative AI and Data Management: Transforming B2B Practices
Generative AI’s future in data management and analytics shines with promising
trends to redefine data analysis methodologies. These trends encompass enhanced
augmentation, deeper understanding and explanation, and the democratization of
data analysis, presenting a transformative shift in how organizations harness
data for insights and decision-making. Generative AI is poised to transcend
traditional data visualization, evolving to augment the entire data analysis
workflow. This evolution encompasses automated data exploration, hypothesis
generation, data storytelling, and predictive analytics. AI’s capability to
suggest patterns, relationships, and anomalies and generate comprehensive
reports promises to revolutionize data-driven decision-making. The future of
Generative AI goes beyond reporting events, delving into causality and
explanations. The upcoming trends include causal inference, counterfactual
analysis, and the integration of Explainable AI (XAI). These advancements ensure
a profound understanding of underlying causes behind observed trends and
transparent insights for users.
4 Strategies for Migrating Monolithic Apps to Microservices
For many organizations, taking a lift-and-shift approach is the first step for
migrating monolithic applications to Kubernetes and microservices. This
involves directly lifting the monolith onto hardware hosted in the cloud, and
then gradually breaking down the app into microservices. However, the
lift-and-shift philosophy has its challenges, as organizations must refactor
monoliths to optimize them for the cloud. Therefore, it’s often more
cost-effective to refactor an application service by service into a
containerized architecture. ... Dependencies within monolithic apps are deeply
intertwined. These close relationships among components are one of the driving
forces behind the move to Kubernetes and microservices, as they hinder
flexible changes and deployment. When migrating an application to a
microservices architecture, it’s important for teams to understand all
dependencies among services and to reduce and streamline them as much as
possible. Asynchronous messaging is key, allowing services to communicate by
sending and receiving messages using queues.
Network Tokenization and Digital Identities Are Quietly Transforming Payment Security
y
Digital identities, through biometric data and multi-factor authentication,
fortify the security of transactions. This not only protects users from
identity theft but also strengthens the overall trustworthiness of digital
payment systems. “We never really thought about, what does it mean to identify
a person on the internet in a way that is portable and doesn’t require you to
rely on a single private platform,” Mike Brock, CEO of TBD, a business from
Block focused on open-source decentralized technologies, told PYMNTS. Digital
identities play a crucial role in meeting regulatory requirements. By
providing a secure and traceable means of verifying user identities,
businesses can navigate compliance challenges more efficiently, reducing the
complexities associated with anti-money laundering (AML) and know your
customer (KYC) processes. “Combating Online Fraud With Digital
Identification,” a PYMNTS Intelligence and Prove collaboration, finds that
security is highly important for 83% of consumers, while 53% say consistent
experiences across different platforms have a very or extremely big impact on
their trust in financial institutions.
AI governance outlook: A Global South perspective
An under-regulated path for AI and emerging technologies may bring diverse
negative outcomes. These outcomes may lead to a rise in inequality, loss of
privacy, and ethical transgressions. By contextualising this through
understanding the history of the industrial revolutions that brought drastic
changes in people's social and economic lives and prioritising moral concerns,
the G20 and GPAI member states can reduce negative results that will arise
without the right steering and regulation. Despite the G20's significant
influence and GPAI’s members’ technical expertise, many member states face
issues with the digital divide, especially the unequal distribution of
advanced technologies and their benefits. The divide deepens as AI
development, mainly in developed markets, widens the gap between these
countries and their developing counterparts in AI research and development
(R&D). As per the AI Index Fund 2023, private investments in AI from
2013-22 in the United States (US) (US$250 billion) outpaces that of other
economies including India, Japan, the United Kingdom (UK) and most of the
other G20 nations.
At What Point Is Digital Transformation A Success?
“Digital transformation” sounds like an expensive, laborious slog. The good
news is that most companies are likely closer to succeeding at it than they
think. Getting in shape and digital transformation have a lot in common:
planning, persistence and patience—with a lot of pragmatism—are the keys to
achieving your goals. ... When you are in a new fitness regimen, have you
“failed” because you’ve only lost 10 pounds of your 20-pound goal? Of course
not. You celebrate your progress, and you keep working at it. In a digital
transformation, each company’s goals and starting points are unique to their
particular circumstances. As a result, based on the clients I work with daily,
there are many ways to measure progress. ... In building a great company or
social sector enterprise, there is no single defining action, no grand
program, no one killer innovation, no solitary lucky break, no miracle moment.
Rather, the process resembles relentlessly pushing a giant, heavy flywheel,
turn upon turn, building momentum until a point of breakthrough, and
beyond.
How to prepare for increased oversight of cybersecurity
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/archetype/EINOQ3JS4NCVRALXYXLGZV5CYM.jpg)
DORA, NIST 2.0 frameworks and the new SEC rules can help speed up this
process. However, companies can also develop best practices to better
implement board oversight of cybersecurity risk. First, covered entities must
start planning now for the structural and cultural changes these rules and
regulations will require—they will take time to implement. When done right, a
risk management program will educate and empower company leaders to understand
and confidently accept, mitigate or transfer risk. Second, to promote this
strong governance at the C-Suite and board level, companies must educate their
leadership on how to take a front seat around cyber strategy and governance.
Rather than an insulated organizational function, cyber risk management should
be informed by a company’s business strategies, compliance landscape, and risk
culture. Finally, it will be critical for organizations to understand specific
roles and responsibilities and to maintain regular lines of communications. In
addition to the Board and other company leaders, security, communications, and
legal teams should be involved in ongoing conversations around achieving a
whole-of-business cyber governance strategy.
Optimizing PCI compliance in financial institutions
In practice, IT architectural patterns give architects the building blocks to
design any IT solution. The architect chooses and orders the patterns
available in the portfolio to meet the end goal. Having segmentation between
infrastructure providing data processing and data storage is an example of a
broad IT security architectural pattern. If the solution’s goal involves
processing and storing data, the architect is constrained to place the pieces
that will fulfill those tasks in the proper segments. Furthermore, if the
operating system pattern is Linux Oracle Enterprise, the architect would use
that pattern first in its design unless technical constraints made the
consumption of this pattern suboptimal to accomplish the solution’s goal. All
other needs, for example, authentication, encryption, log management, system
configuration, would be treated the same—by using the architectural patterns
available. The notion of pattern exists beyond IT in areas that a PCI security
assessment touches, such as employee pre-employment practices, awareness
security training, risk assessment methodology, or third-party service
provider management.
Quote for the day:
"Give whatever you are doing and
whoever you are with the gift of your attention." -- Jim Rohn
