Multiple SD-WAN vendors can complicate move to SASE
The walls between networking and security teams must come down to deliver
cloud-based security and network services across today’s sophisticated networks.
“The opportunity to leverage a cloud-based architecture to enforce security
policies to distributed locations and remote workers is the real value of SASE.
It offers management efficiencies, it supports a modern workforce, and it
supports an important integration between the network and security teams,” IDC’S
Butler says. “In today’s world, when you have so many people working from home
and so many distributed applications, a cloud-based security approach is really
appealing.” As the market continues to evolve, vendors are boosting their
capabilities – networking vendors are acquiring or developing security
capabilities to offer SASE, and security providers are augmenting their product
portfolios with advanced networking capabilities to offer SASE. That aligns with
adoption trends; a majority (68%) of 830 respondents to an IDC survey said they
would like to use the same vendor for their SD-WAN and security/SASE
solution.
Decoding AI: Insights and Implications for InfoSec
AI is wonderfully adept at narrow tasks, but it is clueless beyond its
specific training. It’s like a super-specialist who can thread a needle
blindfolded but can’t understand why it shouldn’t sew its own fingers
together. Say we task an AI with making a company network as secure as
possible. It might suggest shutting down the network, preventing user access
or even blocking external dataflows because, hey, it’s technically efficient!
... AI could reshape the world of cybersecurity in unimaginable ways, making
our lives easier and more efficient. However, it is essential to bear in mind
that AI, despite its remarkable abilities, is essentially a tool. It lacks the
human touch—our capacity for intuition, empathy and understanding that extends
beyond the data. AI will undoubtedly keep improving, but it is on us to guide
its evolution in a way that respects our shared humanity and safeguards our
values. So, the next time you see a headline touting the latest AI
breakthrough, take a moment to appreciate the amazing technology—but remember
that it’s not quite as “intelligent” as it might seem.
Sarah Silverman sues OpenAI, Meta over copyright infringement in AI training
The suits, filed last week in federal district court in San Francisco, argued
that Microsoft-backed OpenAI and Meta didn’t have permission to use copyright
works by Silverman and two other authors, Christopher Golden and Richard
Kadrey, when it used them to train ChatGPT and Meta's LLaMA (Large Language
Model Meta AI). It asks for injunctions against the companies to prevent them
from continuing similar practices, as well as unspecified monetary damages.
The heart of the lawsuit, according to the complaint, is OpenAI’s use of a
data set called BookCorpus, which it said was created in 2015 for the purpose
of large language model training. Much of BookCorpus, the plaintiffs say, was
copied from a site called Smashwords, a host for self-published novels, which
were under copyright. Additionally, the complaint alleges that there is no way
that the book-based data sets used to train OpenAI came entirely from legal
sources, as no legal databases offer enough content to account for the size of
the “Books1” and “Books2” sets.
Law firms under cyberattack
As the UK National Cyber Security Centre (NCSC) noted in a recent report
focusing on cyber threats to the legal sector, law firms handle sensitive
client information that cybercriminals may find useful, including exploiting
opportunities for insider trading, gaining the upper hand in negotiations and
litigation, or subverting the course of justice. The potential consequences of
such breaches can be severe, as the disruption of business operations can
incur substantial costs. Ransomware gangs specifically target law firms to
extort money in exchange for allowing the restoration of business operations.
In 2020, the Solicitors Regulation Authority (SRA) published a cybersecurity
review revealing that 30 out of 40 of the law firms they visited have been
victims of a cyberattack. In the remaining ten, cybercriminals have directly
targeted their clients through legal transactions. “While not all incidents
culminated in a financial loss for clients, 23 of the 30 cases in which firms
were directly targeted saw a total of more than £4m [$5m+] of client money
stolen,” the SRA noted.
7 IT consultant tricks CIOs should never fall for
Making a business case - Consultants love this one. It’s where the CIO engages
them to build the business case for a pet project or priority — not to
determine whether there’s even a business case to be made. To make one,
starting with the predetermined answer and working backward from there,
employing such questionable practices as cherry-picked data, one-sided
analyses, inappropriate statistical tests, and selective anecdotes to name a
few, defining and justifying a strategic program whose success depends on …
surprise! … a major engagement for the consultant’s employer. ... Win,
then hire - This is less common for delivery teams than the consultants
whose work resulted in the win that created the need for the delivery team,
but still … Few consultancies keep a bench of any size. As a result, winning
an engagement is often far more stressful than losing one, because after
winning an engagement the consultancy has no more than a month or so to hire
the staff needed to execute the engagement, familiarize the newly hired staff
with the methodology and practices the engagement calls for, and build a
working relationship with their new managers.
Why Qubit Connectivity Matters
Of course, high-connectivity architectures are not without disadvantages. High
connectivity relies on the ability to shuttle qubits around, and shuttling
qubits carries several potential issues. Shuttling qubits can be a relatively
slow process compared to the speed of quantum gate operations. This can
increase the total computation time and reduce the number of operations that
can be performed before the qubits lose coherence. The process of moving
qubits introduces the risk of decoherence, which is the loss of the quantum
state due to interaction with the environment. Shuttling qubits also adds an
extra layer of complexity to the design of the computer, and this can be
challenging to implement, especially in a large-scale system. In summary,
qubit connectivity plays a vital role in the performance and functionality of
quantum computers. It impacts the implementation of quantum algorithms, the
creation of quantum entanglement, error correction, and the overall
scalability, speed, and efficiency of quantum computing systems. When one
considers the quantum modality of choice for their application, qubit
connectivity should be one of the factors taken under consideration.
Analysts: Cybersecurity Funding Set for Rebound
A lot of the optimism has to do with enterprises continuing to invest heavily
in cybersecurity, despite a slowdown in other expenditures. Market research
firm IDC expects that organizations will spend some $219 billion this year on
security products and services — or some 13% more than they did in 2022 — to
address threats, to support hybrid work environments, and to meet compliance
requirements. The areas that will receive the most spending are managed
security services, endpoint security, network security, and identity and
access management. "While the theme of conservatism and expectations for
continued headwinds have remained throughout the first half of the year, we do
expect to see strategic activity slowly begin to rebound in the second half of
2023 and into 2024," says Eric McAlpine, founder and managing partner of
analyst firm Momentum Cyber. Financing and M&A activity will both
eventually pick up as companies that were able to make do financially so far
begin to feel the need for fresh capital to fuel their business, he says.
Why Enterprises Should Merge Private 5G With Programmable Communications
5G private networks provide an opportunity to integrate the application and
the network so that the two can inform one another, allowing adjustments to be
made in real time. Businesses not only have an improved network with a private
cellular network, but they can also sync their applications with the network’s
performance, enabling multiple tasks to be completed based on network
performance at a specific moment. ... A new generation of digital engagement
providers is looking at how these communication platforms evolve into
platforms that integrate across a range of business processes. They are not
only leveraging robust voice, video and messaging solutions but also
introducing fully programmable computer vision and audio analytics solutions.
This combination of communications and AI-based media analytics and
programmability makes this evolved communications platform an ideal and
unexpected solution to Industry 4.0 business needs. New communication
platforms are focused less on meeting one business need but rather on the
integration of communications to evolve and inform applications, making
adjustments and building cost-effective efficiencies.
5 ways to prepare a new cybersecurity team for a crisis
Not all security incidents cause an enterprise-level crisis, and not all
crises are cyber-related. Natural disasters, product recalls, accidents, and
public relations debacles are all examples of non-cyber events that could have
a significant negative impact on an organization. So, in preparing a new
cybersecurity team for a crisis, it is important to define and rank--first, by
severity and then by likelihood--what precisely the business would define as a
security “crisis,” says John Pescatore director of emerging security trends at
the SANS Institute. “It is not the case that the top of the list will always
be something like ransomware,” Pescatore says. Sometimes, a crisis might have
nothing to do with cybersecurity, he notes. “For example, I remember hearing a
Boston-area hospital CIO talk about how they were bombarded with attempts to
get into hospital data after the [Boston Marathon] bombing because press
reports had noted the bombers went to that hospital.” Once the cybersecurity
team has an understanding of what would constitute a security crisis for the
company, create playbooks for the top handful of them.
Writing your company’s own ChatGPT policy
To help employees grasp and embrace key basics quickly, one useful starting
point can be signposting relevant parts of existing policies they can check
for best practices. Producing tailored guidance for an internal ChatGPT policy
is slightly more complex. To develop a truly all-encompassing ChatGPT policy,
companies will likely need to run extensive cross-business workshops and
individual surveys which enable them to identify, and discuss, every use case.
Putting in this groundwork, however, will allow them to build specific
directions which ultimately ensure better protection, as well as giving
workers the comprehensive knowledge required to make the most of advanced
tech. ... Explicitly highlighting threats and setting unambiguous usage
limitations is also just as critical to leave no room for accidental misuse.
This is particularly important for businesses where generative AI may be
deployed to streamline tasks that involve some level of PII, such as drafting
client contracts, writing emails, or suggesting which code snippets to use in
programming.
Quote for the day:
"Learning is a lifetime process, but
there comes a time when we must stop adding and start updating." --
Robert Brault
