Why a Chief Cyber Resilience Officer is Essential in 2024
“We'll see the role popping up more and more as an operational outcome within
Security programs and more of a focus in business. In the wake of the pandemic
and macroeconomic conditions and everything, what business leader isn’t thinking
about business resilience? So, cyber resilience tucks nicely into that.” On the
surface, the standalone CISO role isn’t much different because it serves as the
linchpin for securing the enterprise. There are many different flavors of CISO,
with some being business-focused, says Hopkins, whose teams take on more
compliance tasks as opposed to more technical security operations. Other CISOs
are more technical, meaning they’ll monitor threats in the environment and
respond accordingly, while compliance is a separate function. However, the stark
differences between the two roles lie in the mindset, approach, and target
outcome for the scenario. The CCRO’s mindset is “it’s not a matter of if, but
when.” So, the CCRO’s approach is to anticipate cyber incidents and make
incident response preparations that will mitigate material damage to a business.
They act as a lifeline. This approach is arguably the role’s most quintessential
attribute.
How To Sell Enterprise Architecture To The Business
The best way to win buy-in for your enterprise architecture (EA) practice is to
know who your stakeholders are and which of them will be the most receptive to
your ideas. EA has a broad scope that impacts your entire business strategy
beyond just your application portfolio, so you need to adapt your presentations
to your audience. Defining the specific parts of your EA practice that matter to
each stakeholder will keep your discussion relevant and impactful. Put your
processes in the context of the stakeholder's business area and show the
immediate value you will create and the structure that you have in place to do
so. You can even offer to help install EA processes into other teams' workflows
to help improve synergy with their toolsets. Just ensure that you highlight the
benefits for them. Explaining to your marketing team how you plan to optimize
your organization's finance software is not going to engage them. However,
showcasing the information you have on your content management systems and MQL
trackers will catch their interest. Once a group of key stakeholders are
on-board with your EA practice, you will have a group of EA evangelists and a
selection of case studies that you can use to win over more and more
stakeholders.
Quantum Breakthrough: Unveiling the Mysteries of Electron Tunneling
Tunneling is a fundamental process in quantum mechanics, involving the ability
of a wave packet to cross an energy barrier that would be impossible to overcome
by classical means. At the atomic level, this tunneling phenomenon significantly
influences molecular biology. It aids in speeding up enzyme reactions, causes
spontaneous DNA mutations, and initiates the sequences of events that lead to
the sense of smell. Photoelectron tunneling is a key process in light-induced
chemical reactions, charge and energy transfer, and radiation emission. The size
of optoelectronic chips and other devices has been close to the sub-nanometer
atomic scale, and the quantum tunneling effects between different channels would
be significantly enhanced. ... This work successfully reveals the critical role
of neighboring atoms in electron tunneling in sub-nanometer complex systems.
This discovery provides a new way to deeply understand the key role of the
Coulomb effect under the potential barrier in the electron tunneling dynamics,
solid high harmonics generation, and lays a solid research foundation for
probing and controlling the tunneling dynamics of complex biomolecules.
UK Intelligence Fears AI Will Fuel Ransomware, Exacerbate Cybercrime
“AI will primarily offer threat actors capability uplift in social
engineering,” the NCSC said. “Generative AI (GenAI) can already be used to
enable convincing interaction with victims, including the creation of lure
documents, without the translation, spelling and grammatical mistakes that
often reveal phishing. This will highly likely increase over the next two
years as models evolve and uptake increases.” The other worry deals with
hackers using today’s AI models to quickly sift through the gigabytes or even
terabytes of data they loot from a target. For a human it could take weeks to
analyze the information, but an Al model could be programmed to quickly pluck
out important details within minutes to help hackers launch new attacks or
schemes against victims. ... Despite the potential risks, the NCSC's report
did find one positive: “The impact of AI on the cyber threat will be offset by
the use of AI to enhance cyber security resilience through detection and
improved security by design.” So it’s possible the cybersecurity industry
could develop AI smart enough to counter next-generation attacks. But time
will tell. Meanwhile, other cybersecurity firms including Kaspersky say
they've also spotted cybercriminals "exploring" using AI programs.
Machine learning for Java developers: Algorithms for machine learning
In supervised Learning, a machine learning algorithm is trained to correctly
respond to questions related to feature vectors. To train an algorithm, the
machine is fed a set of feature vectors and an associated label. Labels are
typically provided by a human annotator and represent the right answer to a
given question. The learning algorithm analyzes feature vectors and their
correct labels to find internal structures and relationships between them.
Thus, the machine learns to correctly respond to queries. ... In
unsupervised learning, the algorithm is programmed to predict answers
without human labeling, or even questions. Rather than predetermine labels
or what the results should be, unsupervised learning harnesses massive data
sets and processing power to discover previously unknown correlations. In
consumer product marketing, for instance, unsupervised learning could be
used to identify hidden relationships or consumer grouping, eventually
leading to new or improved marketing strategies. ... The challenge of
machine learning is to define a target function that will work as accurately
as possible for unknown, unseen data instances.
How to protect your data privacy: A digital media expert provides steps you can take and explains why you can’t go it alone
The dangers you face online take very different forms, and they require
different kinds of responses. The kind of threat you hear about most in the
news is the straightforwardly criminal sort of hackers and scammers. The
perpetrators typically want to steal victims’ identities or money, or both.
These attacks take advantage of varying legal and cultural norms around the
world. Businesses and governments often offer to defend people from these
kinds of threats, without mentioning that they can pose threats of their
own. A second kind of threat comes from businesses that lurk in the cracks
of the online economy. Lax protections allow them to scoop up vast
quantities of data about people and sell it to abusive advertisers, police
forces and others willing to pay. Private data brokers most people have
never heard of gather data from apps, transactions and more, and they sell
what they learn about you without needing your approval. A third kind of
threat comes from established institutions themselves, such as the large
tech companies and government agencies. These institutions promise a kind of
safety if people trust them – protection from everyone but themselves, as
they liberally collect your data.
Pwn2Own 2024: Tesla Hacks, Dozens of Zero-Days in Electrical Vehicles
"The attack surface of the car it's growing, and it's getting more and more
interesting, because manufacturers are adding wireless connectivities, and
applications that allow you to access the car remotely over the Internet,"
Feil says. Ken Tindell, chief technology officer of Canis Automotive Labs,
seconds the point. "What is really interesting is how so much reuse of
mainstream computing in cars brings along all the security problems of
mainstream computing into cars." "Cars have had this two worlds thing for at
least 20 years," he explains. First, "you've got mainstream computing (done
not very well) in the infotainment system. We've had this in cars for a
while, and it's been the source of a huge number of vulnerabilities — in
Bluetooth, Wi-Fi, and so on. And then you've got the control electronics,
and the two are very separate domains. Of course, you get problems when that
infotainment then starts to touch the CAN bus that's talking to the brakes,
headlights, and stuff like that." It's a conundrum that should be familiar
to OT practitioners: managing IT equipment alongside safety-critical
machinery, in such a way that the two can work together without spreading
the former's nuisances to the latter.
Does AI give InfiniBand a moment to shine? Or will Ethernet hold the line?
Ethernet’s strengths include its openness and its ability to do a more than
decent job for most workloads, a factor appreciated by cloud providers and
hyperscalers who either don't want to manage a dual-stack network or become
dependent on the small pool of InfiniBand vendors. Nvidia's SpectrumX
portfolio uses a combination of Nvidia's 51.2 Tb/s Spectrum-4 Ethernet
switches and BlueField-3 SuperNICs to provide InfiniBand-like network
performance, reliability, and latencies using 400 Gb/s RDMA over converged
Ethernet (ROCE). Broadcom has made similar claims across its Tomahawk and
Jericho switch line, which use either data processing units to manage
congestion or handling this in the top of rack switch with its Jericho3-AI
platform, announced last year. To Broadcom's point, hyperscalers and cloud
providers such like AWS have done just that, Boujelbene said. The analyst
noted that what Nvidia has done with SpectrumX is compress this work into a
platform that makes it easier to achieve low-loss Ethernet. And while
Microsoft has favored InfiniBand for its AI cloud infrastructure, AWS is
taking advantage of improving congestion management techniques in its own
Elastic Fabric Adapter 2 (EFA2) network
The Evolution & Outlook of the Chief Information Security Officer
Beyond mere implementation, the CISO also carries the mantle of education,
nurturing a cybersecurity-conscious environment by making every employee
cognizant of potential cyber threats and effective preventive measures. As
the digital landscape shifts beneath our feet, the roles and
responsibilities of the CISO have significantly evolved, casting a larger
shadow over the organization’s operations and extending far beyond the
traditional confines of IT risk management. No longer confined to the realms
of technology alone, the CISO has become an integral component of the
broader business matrix. They stand at the intersection of business and
technology, needing to balance the demands of both spheres in order to
effectively steer the organization towards a secure digital future. ... The
increasingly digitalized and interconnected world of today has thrust the
role of the Chief Information Security Officer (CISO) into the limelight.
Their duties have become crucial as organizations navigate a complex and
ever-evolving cybersecurity landscape. Customer data protection, adherence
to intricate regulations, and ensuring seamless business operations in the
face of potential cyber threats are prime priorities that necessitate the
presence of a CISO.
To Address Security Data Challenges, Decouple Your Data
Why is this a good thing? It can ultimately help you gain a holistic
perspective of all the security tools you have in your organization to
ensure you’re leveraging the intrinsic value of each one. Most organizations
have dozens of security tools, if not more, but most lack a solid
understanding or mapping of what data should go into the SIEM solution, what
should come out, and what data is used for security analytics, compliance,
or reporting. As data becomes more complex, extracting value and aggregating
insights become more difficult. When you decide to decouple the data from
the SIEM system, you have an opportunity to evaluate your data. As you move
towards an integrated data layer where disparate data is consolidated, you
can clean, deduplicate, and enrich it. Then you have the chance to merge
that data not only with other security data but with enterprise IT and
business data, too. Decoupling the data into a layer where disparate data is
woven together and normalized for multidomain data use cases allows your
organization to easily take HR data, organizational data, and business logic
and transform it all into ready-to-use business data where security is a use
case.
Quote for the day:
“If my mind can conceive it, my
heart can believe it, I know I can achieve it!” --
Jesse Jackson
