December 06, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
It’s no secret that collecting sensitive information comes with risks, says Alan Brill, senior managing director of the cyber risk practice, at business advisory firm Kroll. “You may be collecting information that's covered by laws or regulations, whether you know it or not,” he warns. “Collecting data that you don’t actually need in order to perform a business process represents 100% risk and 0% value.” Enterprise leadership has to recognize that collecting unneeded information, or information that's not used for intended purposes, can be an actual danger to the organization. “This decision should not be delegated solely to IT leaders,” Brill says. ... The fastest way to identify confidential and unnecessary data is by using advanced data loss prevention (DLP) capabilities to search for specific patterns, such as email addresses, phone numbers, protected health information, and personally identifiable information (PHI/PII) data types, says Doug Saylors, a cybersecurity partner with global technology research and advisory firm ISG. Another protection measure, aimed at limiting traffic visibility, is to require remote workers to use VPN connections whenever linking to the enterprise network, he adds.
Increasing volumes of data, and different types of data, are being used to train ML models. This is the second key trend Saha identified. Organizations are now building models that have been trained on structured data sources such as text, as well as unstructured data types including audio and video. Having the ability to get different data types into ML models has led to the development of multiple services at AWS to help in training models. One such tool that Saha highlighted is SageMaker Data Wrangler, which helps users process unstructured data using an approach that makes it practical for ML training. AWS also added new support for geospatial data in SageMaker this week at the re:Invent conference. ... The final key trend that will drive ML forward is democratizing the technology, making tools and skills accessible to more people. “Customers tell us that they … often have a hard time in hiring all the data science talent that they need,” Saha said. The answers to the challenge of democratization, in Saha’s view, lie in continuing to develop low-code and use case-driven tools, and in education.
For many SMEs, cuts to cybersecurity budgets may feel justified due to a lack of breaches encountered in the past. However, the reality is those defences are why they’ve never had an attack. You wouldn’t get rid of a house alarm because you’ve never been burgled. Cybersecurity should be no different. Organisations may also think they can do away with security measures because they’re too small – that they’re not a juicy enough target. But the opposite can be true. Hackers can see smaller businesses as easy prey that won’t have the same calibre of defence as a large corporation – and more likely to give in to demands too. ... When thinking about cybersecurity, another area that is often overlooked is the possibility of human error. While the risk of an employee retaining data accidentally can be just as serious as an external hacker, preventing accidental breaches shouldn’t cost the earth and there are simple ways to minimise the chance of one happening. Regular training is the most effective ways to prevent a slip-up and will empower staff to stay on top of new threats. It’s important, however, that this training is targeted and being applied in the right areas.
Recommended by LinkedIn
Undoubtedly, people across organizations have expectations of “leaders.” In a general sense, they expect them to lead. In my experience, this entails a diverse set of expectations from various people within a collective or shared context. The most common expectations I’ve come across are providing answers and clarity, guidance, context, direction and vision, structure, and accountability. Think of how expectations are entangled with the framing of leadership. People seem to have different specific needs to take steps toward something and make progress. My experience is that a person’s historical experiences significantly influence their needs, which vary with context. People’s awareness about themselves, a specific situation, and others vary. So what people think is needed is sometimes not relevant or appropriate. These are some reasons I’ve found the specifics of leadership challenging, to say the least. Some of the sources that I’ve found particularly helpful when managing these challenges—understanding individual and contextual needs—are SCARF by David Rock and Wardley Mapping.
Researchers demonstrated how such an attack would work in a POC focused on the PyTorch open source framework, showing also how it could be broadened to target other popular ML libraries, such as TensorFlow, scikit-learn, and Keras. Specifically, researchers embedded a ransomware executable into the model's weights and biases using a technique akin to steganography; that is, they replaced the least significant bits of each float in one of the model's neural layers, Janus says. Next, to decode the binary and execute it, the team used a flaw in PyTorch/pickle serialization format that allows for the loading of arbitrary Python modules and execute methods. They did this by injecting a a small Python script at the beginning of one of the model's files, preceded by an instruction for executing the scrip, Janus says. "The script itself rebuilds the payload from the tensor and injects it into memory, without dropping it to the disk," she says. ... The resulting weaponized model evades current detection from antivirus and endpoint detection and response (EDR) solutions while suffering only a very insignificant loss in efficacy, the researchers said.
A successful migration — like a house renovation — begins with an analysis of your current environment. Knowing how DNS/DHCP functions in your environment, as well as identifying adjacent technologies and integrations, security posture, and business processes is a necessary step. It won’t prevent all surprises during migration, but it can help. Next, outline and explore the challenges related to your current network architecture. Stakeholders should arrive with a vision of their ideal infrastructure. What things do they not want to see in their new network? What do they want to prevent, improve, and optimize — and how do they expect the cloud to help? Resilience drives many enterprises to cloud migration. This might occur after crippling outages that disrupt user experiences and business operations. But the hunt for efficiency and new IT initiatives that can reduce service level agreements are also factors. There’s another often-ignored factor that can derail cloud migrations: not including the right stakeholders. In an on-premises environment, the main stakeholders were the data center or network team. Successful cloud migrations demand inclusion.