June 27, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Configuration problems are often the most significant risk to cloud data and the most often overlooked. Show me a breach, and I’ll show you something stupid that allowed it to happen. One recent example is a large car manufacturer that had more than two million customers’ data exposed due to misconfigurations in its cloud storage systems. Rarely are properly configured security systems bypassed to gain access to data. Often, storage systems are left exposed or databases need more encryption. ... Not only are APIs provided by the cloud vendors, APIs are also built into business applications. They provide “keys to the kingdom” and are often left as open access points to business data. Other emerging threats include the use of generative AI systems to automate fakery. As I covered here, these AI-driven attacks are occurring now. As bad actors get better at leveraging AI systems (often free cloud services), we’ll see automated attacks that can work around even the most sophisticated security systems. It will be tough to keep up with the new and innovative ways attacks can occur.
In a remote work setup, effective communication is paramount. Automation tools such as Slack and Microsoft Teams facilitate better communication by automating tasks like scheduling meetings, sending reminders and translating messages. These tools can also automate the process of organizing and archiving conversations, making it easier to retrieve information when needed. Additionally, they can automate the process of updating team members about project changes or important announcements. These features ensure that all team members are on the same page, enhancing collaboration, reducing the chances of miscommunication and ultimately leading to a more cohesive and efficient team. Automation in human resources (HR) is a game-changer in remote work settings. HR automation software can streamline recruitment, automating resume sorting, interview scheduling and follow-up emails. It can also enhance onboarding, automating welcome emails and account setups. Performance management can be improved with automated feedback collection and goal tracking.?
It’s easy to imagine a more iterative process that would tap in the power of multi-step prompting and chain of thought reasoning, techniques that research has shown can vastly improve the quality and accuracy of an LLM’s output. An AI system might review a question, suggest tweaks to the title for legibility, and offer ideas for how to better format code in the body of the question, plus a few extra tags at the end to improve categorization. Another system, the reviewer, would take a look at the updated question and assign it a score. If it passes a certain threshold, it can be returned to the user for review. If it doesn’t, the system takes another pass, improving on its earlier suggestions and then resubmitting its output for approval. We are lucky to be able to work with colleagues at Prosus, many of whom have decades of experience in the field of machine learning. I chatted recently with Zulkuf Genc, Head of Data Science at Prosus AI. He has focused on Natural Language Processing (NLP) in the past, co-developing an LLM-based model to analyze financial sentiment, FinBert, that remains one of the most popular models at HuggingFace in its category.
领英推荐
To support the data strategy set by the company’s chief data officer, the team needed to specify the capabilities required from a data platform with the company’s tech strategy, which is about being cloud-first. Stuart Toll, senior enterprise architect at LGIM, said that time to market, integration time and skills were among the criteria used to assess the data platform providers. For Toll, while LGIM could have probably made any data platform work, he said “we are an asset management firm”. “We buy where we can and only build to differentiate.” This influenced the company’s data integration strategy. LGIM did not want to be in the business of stitching lots of tools together, as Matt Bannock, head of data engineering at LGIM, explained. ... Bannock said that with some tools, IT departments need to spend time on data integration. “Being able to just start working with the data, start running the calculation and start generating the output is much more valuable to us than the potential half a percent advantage we could achieve if we created our own ecosystem,” he said. “There’s a lot of benefit in buying into an ecosystem.”
Look for candidates who possess a deep understanding of cybersecurity technologies, risk management frameworks, and regulatory compliance. Experience in managing security incidents, implementing security controls, and developing effective security strategies is also crucial. ... A CISO must understand the business landscape in which the organization operates. They should align security objectives with overall business goals and demonstrate a keen understanding of the organization’s risk appetite. A CISO with business acumen can effectively prioritize security investments, articulate the value of security measures to executive management, and build a security program that supports the organization’s strategic objectives. ... The field of cybersecurity is ever-evolving, with new threats emerging regularly. It is crucial for a CISO to stay up-to-date with the latest trends, technologies, and best practices in information security. Look for candidates who demonstrate a commitment to continuous learning, involvement in industry forums, and participation in relevant certifications and conferences.
CISOs must consider how to move away from passwords and adopt a zero-trust approach to identity security. Gartner predicts that by 2025, 50% of the workforce and 20% of customer authentication transactions will be passwordless. ... Identity threat detection and response (ITDR) tools reduce risks and can improve and harden security configurations continually. They can also find and fix configuration vulnerabilities in the IAM infrastructure; detect attacks; and recommend fixes. By deploying ITDR to protect IAM systems and repositories, including Active Directory (AD), enterprises are improving their security postures and reducing the risk of an IAM infrastructure breach. ... Attackers are using generative AI to sharpen their attacks on the gaps between IAM, PAM and endpoints. CrowdStrike’s Sentonas says his company continues to focus on this area, seeing it as central to the future of endpoint security. Ninety-eight percent of enterprises confirmed that the number of identities they manage is exponentially increasing, and 84% of enterprises have been victims of an identity-related breach.
Sales Associate at American Airlines
1 年Thanks for posting