September 23, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | BU Soft Tech | itTrident | Former Sr. VP & CTO of MF Utilities
There is some subjectivity within the EU efforts, as “high risk” is defined as able to cause harm to society, which could receive wildly different interpretations. That said, the effort comes from the right place, which is to protect and ensure the “fundamental rights of EU citizens.” The EU Council views the act as designed to stimulate investment and innovation, while at the same time, carving out exceptions for “military and defense as well as research purposes.” This perspective is not much different from the one the industry offered up in 2022 before the US Senate during discussions on the challenges of security, cybersecurity in the age of AI. At that hearing, two years ago, the Senate was urged not to stifle innovation as adversaries and economic competitors in other nations were not going to be slowing down their innovation. ... When I asked Price for his thoughts on the US position around global AI that many nations should work together to ensure safety without hampering evolution, he agreed that “security considerations must remain at the forefront of these discussions to ensure that widespread AI adoption does not inadvertently amplify cybersecurity risks.”
For Chief Strategy Officers (CSOs), helping their organizations to understand and adapt to AI regulation is essential. CSOs can play a key role in guiding their organizations to turn compliance into strategy ... Establish effective governance frameworks that align with the AI Act’s requirements. This framework should include clear policies on data usage, transparency, accountability and ethical AI practices, as well as implementing AI-driven technologies, to help manage risks. Additionally, developing a governance structure that includes roles and responsibilities for AI oversight, and working with operational leaders to embed governance practices into day-to-day business operations can support the company’s long-term success and ethical reputation. ... Companies that form strategic partnerships are better positioned to stay competitive in the market, helping them navigate regulations like the AI Act. By combining the unique strengths of each partner, business leaders can develop more robust and scalable solutions that are better equipped to handle the nuances of regulations. ... The EU AI Act marks a significant shift in the regulatory landscape, challenging businesses to rethink how they develop and deploy AI technologies.?
The “harvest now, decrypt later” phenomenon in cyberattacks — where attackers steal encrypted information in the hopes they will eventually be able to decrypt it — is becoming common. As quantum computing technology develops, it will only grow more prevalent. ... The average hacker will not be able to get a quantum computer for years — maybe even decades — because they are incredibly costly, resource-intensive, sensitive and prone to errors if they are not kept in ideal conditions. To clarify, these sensitive machines must stay just above absolute zero (459 degrees Fahrenheit to be exact) because thermal noise can interfere with their operations. However, quantum computing technology is advancing daily. Researchers are trying to make these computers smaller, easier to use and more reliable. Soon, they may become accessible enough that the average person can own one. ... The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) soon plan to release post-quantum cryptographic standards. The agencies are leveraging the latest techniques to make ciphers quantum computers cannot crack.?
领英推荐
At Dream Sports, AI and machine learning are central to enhancing user experiences, optimising predictions, and securing our platform. AI-driven demand forecasting ensures we’re “game-ready” by predicting user behaviour and traffic for smooth gameplay during peak times. With over 250 million users, our ML systems safeguard platform integrity, detecting and preventing violations to ensure fair play. We also leverage ML to personalise user experiences, optimise rewards programs, and use causal inference for data-driven decisions across game recommendations and contest management. Generative AI initiatives include developing an AI Coach and enhancing user verification and customer success systems. Our collaboration with Columbia University’s Dream Sports AI Innovation Centre advances AI/ML applications in sports, focusing on predictive modelling, fan engagement, and sports tech optimisation. This partnership, alongside internal initiatives, helps us lead in reshaping sports technology with more immersive, personalised experiences through the rise of generative AI.
The most successful organizations have a programmatic approach to managing innovation and thought leadership, which helps them build organizational competency over time in both disciplines. How it’s structured is less important since it can be centralized, decentralized, or hybrid, but having a defined program with a mission, vision, strategy, and operating plan at a minimum is critical. As an example, the US Navy set a vision for 2030 related to the future of naval information warfare, creating a Hollywood-produced video, which became a north star for the organization, unlocking millions in funding for AI. The focus and types of innovation and thought leadership you pursue are important, too. In addition to an internal and client-facing focus, have a known set of innovation enablers you plan to pursue such as data and analytics, automation, adaptability, cloud, digital twins and AI, but be open to adding others as needed. The same is true for your editorial calendar for thought leadership and the topics you plan to address. And hear out new thought leadership topics that may come from left field, which could benefit customers. In addition, keep the board appraised on your multi-year innovation journey, goals and objectives.?
Business context is critical. It’s easy to understand, for example, a CVE in a payment application is a high priority. Whereas, the same CVE in a search application is low priority. Security programs must also take this into account. Effective security paradigms understand which detected vulnerabilities have the greatest business impact, so security teams aren’t spending time prioritizing lower-risk vulnerabilities. Traditional security applications run tests on code before it’s pushed. While this pre-production testing is still a best practice, it misses how code interacts with the environmental variables, configurations, and sensitive data it will coexist with once deployed. This insight is essential when you’re working to understand how a cloud-native application will function when live. Technologies such as application security posture management (ASPM) facilitate a more proactive approach by automating security review processes in production and creating a live view of an application, its vulnerabilities, and business risks. ASPM provides visibility into what’s happening in the cloud, giving security teams a better understanding of application behavior and attack surfaces so they can prioritize appropriately.?