With many aspects of performance, upfront clarity is needed about the target, standard, and minimum acceptable levels. General criteria such as “5 SMART Objectives” etc Risk constraining top performers or providing insufficient clarity to poor performers or those in developmental stages. General organisation-wide processes should be seen by managers as minimum requirements, not the best. Expectations should be calibrated for fairness at this stage—like setting a handicap before the metaphorical contest begins, not after the contest has ended. Monitoring and measuring is about ensuring that both the manager and the employee are engaged in monitoring and measuring all key aspects of performance (WHAT, HOW, and GROWTH). Only then will each individual receive sufficient, timely, and useful feedback to support improvement. This element also ensures that future assessment can be evidence-based. Enabling and enhancing is the key to performance management and oftentimes given insufficient attention. We know that every interaction between a manager and a member of staff can have a significant impact on that individual’s motivation and performance. 

“The speed of AI development is incredibly exciting, as the finance industry stands to benefit in several ways. But we’d be naive to think such rapid technological change cannot outstrip the speed at which regulations are created and implemented. “Ensuring AI is adequately regulated remains a huge challenge. Regulators can start by developing comprehensive guidelines on AI safety to guide researchers, developers and companies. This will also help establish grounds for partnerships between academia, industry and government to foster collaboration in AI development, which brings us closer to the safe deployment and use of AI. “We can’t forget that AI is a new phenomenon in the mainstream, so we must see more initiatives to educate the public about AI and its implications, promoting transparency and understanding. It’s vital that regulators make such commitments but also pledge to fund research into AI safety and best practices. To see AI’s rapid acceleration as advantageous, and not risk reversing the fantastic progress already made, proper funding for research is non-negotiable.”

This time around, though, Midnight Blizzard didn’t have to build a sophisticated hacking tool. To attack Microsoft, it used one of the most basic of basic hacking tricks, “password spraying.” In it, hackers type commonly-used passwords into countless random accounts, hoping one will give them access. Once they get that access, they’re free to roam throughout a network, hack into other accounts, steal email and documents, and more. In a blog post, Microsoft said Midnight Blizzard broke into an old test account using password spraying and then used the account’s permissions to get into “Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, Legal, and other functions,” and steal emails and documents attached to them. The company claims the hackers initially targeted information about Midnight Blizzard itself, and that “to date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.” As if to reassure customers, the company noted, “The attack was not the result of a vulnerability in Microsoft products or services.”

Good decisions rely on shared data, especially the right data at the right time. Sometimes, the challenge is that the data itself often raises more questions than it answers. This trend will continue to worsen before it improves, as disjointed data ecosystems with disparate tools, platforms, and disconnected data silos become increasingly challenging for enterprises. This is why the concept of a data fabric has emerged as a method to better manage and share data. Data fabric’s holistic goal is the culmination of data management tools designed to manage data from identification, access, cleaning, and enrichment to transformation, governance, and analysis. That is a tall order and will take several years to mature before adoption happens across enterprises. Current solutions were not fully developed to deliver all the promises of a data fabric. In the coming year, organizations will incorporate knowledge graphs and artificial intelligence for metadata management to improve today’s offerings, and these will be a key criterion for making them more effective. Semantic metadata will enable decentralized data management, following the data mesh paradigm. 

The “Creatorverse” work environment fosters creativity and collaboration through its blend of virtual work and state-of-the art physical workspaces, Wenhold says. “All of this keeps our culture alive and keeps Business Technology a destination department,” he adds. An obsessive focus on simplicity anchors the belief and value system underpinning IT culture at the Pacific Northwest National Laboratory (PNNL), according to Brian Abrahamson, associate lab director and chief digital officer for computing and IT. For years, the lab struggled under the weight of decentralized IT and government standards and regulations, which complicated procedures and spurred too many overly complex systems that didn’t talk to one another. Under Abrahamson’s direction, the IT organization spent the past decade embracing human-centered design principles, delivering mobile accessibility, and creating personalized and effortless consumer-grade experiences designed to create connections among scientists and give them ready access to a workbench primed for scientific discovery.

Financial institutions handle sensitive consumer data every day, which is a responsibility integral to maintaining the trust consumers place in banks, credit unions, and similar entities. Safeguarding this data is not only a critical duty but also subject to rigorous regulation. The gravity of this responsibility is underscored by the potential ramifications of cyber incidents, which not only jeopardise consumer information but also strain a financial institution’s technological infrastructure. The fallout may include financial losses, reputational damage, and legal consequences. While many organisations have existing cybersecurity plans and incident response programs, the focus in 2024 is expected to shift towards rigorous testing. The dynamic nature of cybersecurity threats necessitates a proactive approach to ensure these plans and programs remain effective in the face of evolving challenges. Financial institutions may increasingly turn to external consultants for assistance in developing cybersecurity incident response policies or reviewing existing plans to ensure alignment with regulatory requirements.

There’s an opportunity to help business stakeholders advance their technical acumen and use the dialog to develop a shared understanding of problems, opportunities, and solution tradeoffs. Humberto Moreira, principal solutions engineer at Gigster, says, “The opportunity to interact directly with technologists can also give business stakeholders a useful peek behind the curtain at how tools they use every day are developed, so this meeting of the minds can be mutually beneficial to these two groups that don’t always communicate as well as they should.” ... Engineers must recognize the scale and complexity of automation before jumping into solutions. Following one user’s journey is insufficient requirements gathering when re-engineering a complex workflow involving many people and multiple departments using a mix of technologies and manual steps. Technology teams should follow six-sigma methodologies for these challenges by documenting process flows, measuring productivity, and capturing quality defect metrics as key steps to developing business acumen before diving into automation opportunities.

It was clear from the moment it arrived on the scene that generative AI’s proficiency with natural language was a gamechanger, opening up this technology to legal professionals in a way that simply wasn’t possible in the past. Additionally, as time goes on, generative AI is able to work with larger and larger blocks of text. The days when the generative AI models could only handle 1000 words are in the rearview mirror; they can now handle 200,000 words. ... The best bet here is to look for vendors with an in-depth understanding of daily legal workflows combined with an understanding of which areas would actually benefit from AI as a way to streamline, accelerate, or otherwise enhance those workflows. After all, some workflows just need some Excel rules or some other “low tech” solution – while others scream out for the efficiency that AI can bring. Established vendors with domain expertise will understand these nuances. ... An old adage in Silicon Valley famously advises companies to “move fast and break things.” There was a little bit of that mindset over the past year, as firms jumped into generative AI because it was the technology of the moment, and no one wanted to seem like they were behind the curve for such a groundbreaking new technology.

In today’s digital world, hackers are a constant threat to the security of sensitive data found in legal proceedings. Even law firm computer systems can be vulnerable to a hacker attack. Hackers who harbor malicious intent could then turn around and take advantage of the stolen data, using it to steal others’ identities, commit financial fraud, or even worse. ... Law firms and attorneys are responsible for keeping client data safe and meeting privacy regulations. Not doing so results in liability lawsuits, charges of professional malpractice, and even the loss of customer confidence. Implications springing from data breaches in law don’t stop there, however. Lawsuits brought by affected individuals or regulatory bodies are a potential legal consequence of data breaches. These lawsuits can bring huge penalties for damages; they have sunk even the most inveterate firm. Legal professionals involved in a data breach also may face professional sanctions, potentially including suspension or revocation of their licenses. Ethically, the mishandling of sensitive data goes against the principles of client confidentiality and trust. 

Given the vast amount of cybercrime intelligence data generated daily, it is crucial for security teams to effectively prioritize the information they use for decision-making. ⁤⁤ To do this, I recommend security teams conduct regular risk assessments that should consider the organization’s risk profile, considering historical data and similar companies in their industry. ⁤ ⁤Once the risk profile is created, security teams can leverage the most suitable threat intelligence feeds and sources. ⁤ ⁤Evaluation of these risks should not be static but rather a continuous process that allows teams to regularly review and update their priorities based on the evolving threat landscape.  ... To have a balance between gathering cybercrime intelligence and respecting privacy and adhering to legal considerations, organizations need to follow strict legal compliance, including data protection laws. Organizations should also minimise the collection of sensitive information and focus only on essential data, and establish clear ethical guidelines for their intelligence gathering activities.