July 06, 2024

A CISO's Guide to Avoiding Jail After a Breach

The key to avoiding trouble as a security leader, Nall says, is awareness of three things: how government investigations work, how the government interacts with companies during the process, and the incentives companies have to resolve their cases in one way or another.?When push comes to shove, for example, companies will be pressured to name and shame individuals. In his proceedings, Sullivan's legal team painted a picture of a company (Uber) trying to rebrand itself, and holding him up as a lamb to the slaughter.?"It's very unfortunate because the consequences are faced by one individual, or a few individuals, although the ability to make sure that [an incident] doesn't happen is a community-based effort within organizations," says ArmorCode's Karthik Swarnam, formerly chief information security officer (CISO) of Kroger, DIRECTV, and TransUnion.?To avoid being singled out (and because it's good security practice),?CISOs should focus on building clear and robust lines of communication?that bring other board members into the cybersecurity decision-making process.

How Pearson’s CIO manages technical debt

Keen to address this, Wells and the Pearson technology working group, which includes tech leadership from across the brand’s different organizations, came up with 12 key attributes, including security and maintainability, to rate their technology assets in a consistent way. These tech debt audits provided a clearer picture of where their biggest risks were, which, in turn, allowed them to prioritize what needs to be addressed first. “We developed an algorithm to measure our different applications based on these 12 categories so we can eliminate technical debt via a more strategic and standardized approach,” she says, noting that the goal was to do away with any guesswork and make decisions based on opportunities and potential revenue risks. ... As part of the process, she and her team needed to get the various leaders from across the business on board by making sure they understood that technical debt isn’t just a technology problem. “We really had to communicate that this is a priority, but we couldn’t do so by only talking to them about technology,” she says.

Strategic alignment in the age of AI: The 7 foundations of competitive success

The strategy must align with the capabilities of the organization and the competitive reality of the environment. Such an alignment has never been more important, as artificial intelligence (AI) and other changes disrupt industries and sectors. Before rushing to adopt the latest AI tool, whether it is deep learning or large language models, organizations must assess whether the new tech is strategically aligned. ... Aligning people with the desired strategic position and vision for the organization is critical. In high-performing organizations, employees and members understand their strategic mission and vision and are dedicated to achieving it. They become acolytes of their leaders and passionate advocates for their organizations. They see how their role contributes to the strategy of the organization and execute with a sense of purpose and teamwork. How many of your employees can articulate how your AI efforts advance your strategy? ... In truth, strategic alignment may be rare. If you are fortunate, you can recall a situation where alignment occurred, allowing you and your organization to achieve incredible heights.?

The AI Revolution Will Not Be Monopolized

Open source in AI and machine learning is not just about software, it's about the synergy of code and data. The growing ecosystem of open-source models encompasses everything from code to data and weights, making powerful tools widely accessible. ... The term "large language models" (LLMs) is often used broadly and imprecisely, muddying discussions about their capabilities and applications. The distinction between encoder models and large generative models is therefore very important. Encoder models involve task-specific networks that predict structured data, while large generative models rely on prompts to produce free-form text, necessitating additional logic to extract actionable insights. ... Companies like OpenAI might dominate the market for user-facing products but not necessarily the AI and software components behind them. While user data is advantageous for improving human-facing products, it is less critical for enhancing the foundational machine-facing tasks. Gaining general knowledge doesn't require specific data, which is at the core of the innovation behind large generative models.

CISA Warns Chemical Facilities of Data Theft After Hacker Breached CSAT Security Tool via Ivanti

CISA says that all information in the CSAT tool was encrypted using AES 256 algorithm, and the keys were also inaccessible “from the type of access the threat actor had to the system.” The agency also found “no evidence of credentials being stolen.” However, impacted organizations should assume data theft “out of abundance of caution” and assume that “that this information could have been inappropriately accessed,” the agency said. The agency also stated that even without data theft, the intrusion “met the threshold of a major incident under the Federal Information Security Modernization Act (FISMA),” given the number of individuals and chemical facilities impacted. Subsequently, CISA directed impacted chemical facilities to maintain cyber and physical security measures to prevent potential attacks as a result of the cyber incident. Similarly, CISA encourages individuals who had CSAT accounts to reset their passwords for all online accounts that share the same password to prevent future password spraying attacks.

Autonomous Vehicles Can Make All Cars More Efficient

To illustrate how the technology works, the team installed a traffic signal along the demonstration pathway. Gankov says an actual traffic-light timer from a traffic-signal cabinet was connected to a TV screen, providing a visual for attendees. A dedicated short range communications (DRSC) radio was also attached, broadcasting the signal’s phase and timing information to the vehicle. This setup enabled the vehicle to anticipate the traffic light’s actions far more accurately than a human driver could. ... These autonomous driving strategies can lead to significant energy savings, benefiting not just the autonomous vehicles themselves, but also the entire traffic ecosystem. “In a regular traffic situation, autonomous vehicles operating in ecomode influence the driving behavior of all the cars behind them,” says Gankov. “The result is that even vehicles with Level 0 autonomy use fuel more sparingly.” ... Employing techniques like efficient highway merging were key strategies in their approach to making the most of each tank of fuel or battery charge.?

Read more here ...