February 24, 2025
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
AI models are beginning to hit the limits of compute. Model size is far outpacing Moore’s Law and the advances in AI training chips. Training runs for large models can cost tens of millions of dollars due to the cost of chips. This issue has been acknowledged by prominent AI engineers including Ilya Sutskever. The costs have become so high that Anthropic has estimated that it could cost as much to update Claude as it did to develop it in the first place. Companies like Amazon are spending billions to erect new AI data centers in an effort to keep up with the demands of building new frontier models. ... With a better foundational understanding of how AI works, we can approach AI model training and deployment in new ways that require a fraction of the energy and compute, bringing the rigor of other sciences to AI with a principles-first approach. ... By eschewing the inefficiencies and less theoretically justified parts of deep learning, we create a path forward to the next generation of truly intelligent AI, that we’ve seen surpasses the wall deep learning has hit. We have to understand how learning works and build models with interpretability and efficiency in mind from the ground up, especially as high-risk applications of AI in sectors like finance and healthcare demand more than the nondeterministic behavior we’ve become accustomed to.?
Various factors influence what type of CISO a company may need, says Patton, a former CISO now working as a cybersecurity executive advisor at Cisco. A large, older company with a big, complicated tech stack will need someone with different skills, experience, and leadership qualities than a cloud-native startup that’s rapidly growing and changing. A heavily regulated industry such as financial services, healthcare, or utilities needs someone steeped in how to navigate all the compliance requirements. ... The path professionals take to the CISO seat also influences what type or types of CISOs they tend to be, adds Matt Stamper, CEO, CISO, and executive advisor with Executive Advisors Group as well as a board member with the ISACA San Diego chapter. Different career paths forge different types of executives, he says. Those who advanced through technical roles typically retain a technology bent, while those who came up through governance and risk functions usually gravitate toward compliance-focused roles. ... “CISOs should and tend to lean into where they’re gifted,” says Jenai Marinkovic, vCISO and CTO with Tiro Security and a member of the Emerging Trends Working Group with the IT governance association ISACA.
With the nature of IOCs being subtle and intentionally difficult to detect, how do you know that your XDR is effectively knipping them all in the bud? You hope that it is, but security leaders are using continuous ransomware validation to get a lot more certainty than that. By safely emulating the full ransomware kill chain - from initial access and privilege escalation to encryption attempts - tools like Pentera validate whether security controls, including EDR and XDR solutions, trigger the necessary alerts and responses. If key IOCs like shadow copy deletion, and process injection go undetected, then that's a crucial flag to prompt security teams to fine-tune detection rules and response workflows. ... Here's the reality: testing your defenses once a year leaves you exposed the other 364 days. Ransomware is constantly evolving, and so are the Indicators of Compromise (IOCs) used in attacks. Can you say with certainty that your EDR is detecting every IOC it should? The last thing you need to stress about is how threats are constantly changing into something your security tools will fail to recognize and aren't prepared to handle. That's why continuous ransomware validation is essential. With an automated process, you can continuously test your defenses to ensure they stand up against the latest threats.
The DMA introduced unprecedented restrictions and requirements for companies designated as “gatekeepers” in the digital market. These companies must comply with a strict set of rules designed to prevent unfair business practices and ensure market accessibility for smaller competitors. The Act mandates various requirements including interoperability for core platform services, restrictions on personal data combination across services, and prohibition of self-preferencing practices in rankings and search results. “Big tech’s designated platforms can no longer unfairly promote their own products or services above yours (EU-based companies) in search results or ads,” one of the clauses of the DMA says pertaining to offering level playing. ... Meanwhile, the European Commission — where Ribera serves as the second-highest ranking official under President Ursula von der Leyen — maintains that these regulations are not targeted at US companies, according to the report. The Commission argued that the DMA is designed to ensure fair competition and consumer choice in digital markets, regardless of companies’ national origin. However, the predominance of US firms among those affected has intensified transatlantic tensions over digital policy.
"Security sits at the front and center of business innovations, especially in sectors like banking and finance, where protecting user data and privacy is paramount. Every sector has its own unique challenges and opportunities, making a sector-driven approach essential," said Sachin Tayal, managing director at Protiviti member firm for India. AI-powered fraud detection systems are now integral, using behavior biometrics and facial recognition to detect and mitigate threats such as UPI frauds. Decentralized finance is also gaining traction, with blockchain-based solutions modernizing core banking functions and facilitating secure, transparent digital transactions, the report found. ... The industrial manufacturing sector is embracing Industry 4.0, characterized by the convergence of AI, IoT and cloud technologies. The market is seeing a shift toward digital twins and real-time analytics to optimize production processes. The integration of autonomous mobile robots and collaborative robots, cobots, is enhancing efficiency and safety on the production floor, the report said. ... CIOs have their work cut out - innovate or risk getting redundant. "Technology is driving businesses today, and the transformative role of the CIO amid the rapid rise of AI and digital innovations has never been more critical. The CIO now wears many hats - CTO, CISO and even CEO - as roles evolve to meet the demands of a digital-first world," Gupta said.
One of the key things you must be aware of is your unconscious biases. Because we all have them. But being able to understand that and implement practices that challenge your assumptions, analysis and hypotheses is key to providing the best intelligence product. I think it’s a fascinating problem, particularly as it’s not necessarily something a SOC analyst or a vulnerability manager may consider, because it’s not really a part of their job to think that way, right? Fortunately, when it comes to working with the AI data, we can apply things like system prompts, we can be explicit in what we want to see as the output, and we can ask it to demonstrate where and why findings are identified, and their possible impact. Alongside that, I think the question also demonstrates the importance on why we as humans can’t forego things like training or maintaining skills. ... It’s also important that security continues to be a business enabler. There are times we interact with websites in countries that may have questionable points of view or human rights records. Does the AI block those countries because the training data indicates it shouldn’t support or provide access? Now some organisations will do domain blocking to an extreme level and require processes and approvals to access a website, it’s archaic and ridiculous in my opinion. Can AI help in that space? Almost certainly.?