May 01, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Unfortunately, the attack surface problems of perimeter-based architectures go well beyond the above, and that is because of firewalls and VPNs. These tools are the means by which castle-and-moat security models are supposed to defend hub-and-spoke networks but using them has unintended consequences. Firewalls and VPNs have public IP addresses that can be found on the public internet. This is by design so that legitimate, authorized users can access the network via the web, interact with the connected resources therein and do their jobs. However, these public IP addresses can also be found by malicious actors who are searching for targets that they can attack in order to gain access to the network. In other words, firewalls and VPNs give cybercriminals more attack vectors by expanding the organization’s attack surface. Ironically, this means that the standard strategy of deploying additional firewalls and VPNs to scale and improve security actually exacerbates the attack surface problem further. Once cybercriminals have successfully identified an attractive target, they unleash their cyberattacks in an attempt to penetrate the organization’s defenses.?
We deploy things, we see things catch on fire and then we try to mitigate the fire. But if we only observe the latest stages of the development and deployment cycle, it’s too late. We don’t know what happened in the build phase or the test phase, or we have difficulty in root cause analysis or due to increases in mean time to recovery, and also due to missed optimization opportunities. We know our CI pipelines take a long time to run, but we don’t know what to improve if we want to make them faster. If we shift our observability focus to the left, we can address issues before they escalate, enhance efficiency by cutting problems in the process, increase the robustness and integrity of our tests, and minimize costs and expenses related to post-deployment and downtime. ... This is a really exciting time for the observability community. By getting data out of our CIs and integrating it with observability systems, we can trace back to the logs in builds, and see important information — like when the first time something failed was — from our CI. From there, we can find out what’s producing errors, in a way that’s much better pinpointed to the exact time of their origin.
Fueling the rise of data breach misinformation is the speed at which fake data breach reports are spread online. In a recent blog post, Hunt wrote: “There are a couple of Twitter accounts in particular that are taking incidents that appear across a combination of a popular clear web hacking forum and various dark web ransomware websites and ‘raising them to the surface,’ so to speak. Incidents that may have previously remained on the fringe are being regularly positioned in the spotlight where they have much greater visibility.” “It’s getting very difficult at the moment because not only are there more breaches than ever, but there’s just more stuff online than ever,” Hunt says.? ... “We need to get everything out from in the shadows,” Callow says. “Far too much happens in the shadows. The more light can be shone on it, the better. That would be great in multiple ways. It’s not just a matter of removing some of the leverage threat actors have. It’s also giving the cybersecurity community and the government access to better data. Far too much goes unreported.”?
领英推荐
From my perspective of a consistent interest in seeking industry expertise for guidance and mentorship in cyber security there is currently both a good news and bad news story. There are some strong examples out there, like Women in Cybersecurity, but I think women can be reluctant to join them because they don’t want to be different to their male counterparts and want to be part of an inclusive operating structure such as Tech Channel Ambassadors recently established to address this significant gap in the sector Personal mentorship can drive really positive change, and it’s certainly had a strong influence on my career. There’s still a shortfall in organised mentor programmes with businesses, but I see a lot of talented people identifying that gap and reaching out to support those starting out in their careers more proactively, which is fantastic. It’s important to realise that mentors don’t need to be within the same company or even the same industry. I’m currently mentoring one person within Sapphire and six others outside the company. Meanwhile, I’ve had four incredible mentors myself—and one of them is a CEO in the fashion industry.?
Persuasion can be rational or manipulative — the difference being the underlying intent. The end game for both is delivering information in a way that will likely shape, reinforce or change a person’s behaviors, beliefs or preferences. But while rational gen AI delivers relevant facts, sound reasons or other trustworthy evidence with its outputs, manipulative gen AI exploits cognitive biases, heuristics and other misrepresenting information to subvert free thinking or decision-making, according to the DeepMind researchers. ... AI can build trust and rapport when models are polite, sycophantic and agreeable, praise and flatter users, engage in mimicry and mirroring, express shared interests, relational statements or adjust responses to align with users’ perspectives. Outputs that seem empathetic can fool people into thinking AI is more human or social than it really is. This can make interactions less task-based and more relationship-based, the researchers point out. “AI systems are incapable of having mental states, emotions or bonds with humans or other entities,” they emphasize.?
lthough it is not yet law, many observers are optimistic that the APRA will move forward due to its bipartisan support and the compromises it reaches on the issues of preemption and private rights of action, which have stalled prior federal privacy bills. The APRA contains familiar themes that largely mirror comprehensive state privacy laws, including the rights it provides to individuals and the duties it imposes on Covered Entities. This article discusses key departures from state privacy laws and new concepts introduced by the APRA. ... The APRA follows most state privacy laws with a broad definition of Covered Data, including any information that “identifies or is linked or reasonably linkable, alone or in combination with other information, to an individual or a device that identifies or is linked or reasonably linkable to one or more individuals.” The APRA would exclude employee information, de-identified data and publicly available information. Only the California Consumer Privacy Act (CCPA) currently includes employee information in its scope of covered data.