How is your company managing its AI and ML initiatives?


Consider this shorter, many decision study and explain to us about your organization’s plans for synthetic intelligence and equipment studying.

How project managers are essential to AI deployment
Synthetic intelligence will induce a spike in undertaking administration jobs in the upcoming 3 decades, indicating the great importance of a challenge manager’s job in AI adoption.

When it arrives to synthetic intelligence (AI) and machine understanding (ML) initiatives, the biggest challenge for CXOs is just not essentially deployment, but alternatively, running these initiatives. 

For illustration, what do you foresee your AI/ML finances will search like? What small business spots are you making use of AI/ML in? How experienced is your upper administration about AI/ML? Occasionally even analyzing the manager of handling initiatives can come to be an problem. 

SEE: Controlling AI and ML in the business 2019: Tech leaders hope additional problem than past IT projects (TechRepublic Top quality)

TechRepublic Premium is carrying out a study to come across out how corporations are making certain prosperous AI and ML initiatives. If you’re acquainted with your company’s AI/ML programs, we want your feed-back. 

What are your significant fears about applying an AI/ML job? What actions are you using to assure good results for your AI/ML jobs?  Take the survey and let us know.

You may be requested 8 or fewer survey questions, additionally a few of demographic questions. Data from the survey: Running AI and ML in the organization 2020 will be used in an upcoming TechRepublic High quality report. 

Also see

silhouette of virtual human on circuit pattern technology 3d illustration

Image: Getty Images/iStockphoto



Source hyperlink

Continue Reading

Only 17% of global organizations are considered cyber resilience “leaders”


New Accenture study says organizations need to think beyond securing just their own enterprises and take better steps to secure their vendor ecosystems.

Why corporate boards are unprepared to handle cybersecurity risks
A new report recommends that corporate boards answer four key questions on a regular basis to guide cybersecurity governance.

Only 17% of organizations are performing as “leaders” when it comes to cybersecurity, according to a new report by Accenture Security.

The firm’s third State of Cyber Resilience survey defines leaders as high performers in at least three of four categories: stopping cyber attacks, finding breaches faster, fixing breaches faster, and reducing breach impact.

“The most surprising finding for us was just how much better the leaders in cyber resilience are doing versus the rest of the pack,” observed Ryan LaSalle, North America lead for Accenture Security. “We found that organizations with leading cybersecurity capabilities are nearly four times more effective than other companies at stopping cyber attacks and finding breaches faster.”

While the basics of cybersecurity are improving and most organizations are getting better at preventing direct cyberattacks, LaSalle said, their research shows that attackers have already moved their entry points to weaker targets. These include vendors and other third parties in a company’s supply chain, and indirect attacks against these weak links in the supply chain account for 40% of security breaches, he said.

SEE: Brute force and dictionary attacks: A cheat sheet (free PDF) (TechRepublic)

“For many businesses, this opens new battlegrounds even before an organization has mastered the fight in its own backyard,” LaSalle said. The challenge for CISOs is finding a balance between the right security investments and scaling and sustaining them across the entire business ecosystem, he said.

In fact, 69% of respondents said staying ahead of attackers is a constant battle and the cost is unsustainable, according to the Accenture report.

“But if investments in technology don’t hit the mark when it comes to defending against cyberattacks, C-suite executives are not only jeopardizing their operations and finances but their brands and reputations as well,” LaSalle noted.

Characteristics of cyber resilient leaders vs. non leaders

The key differences between leaders and non-leaders identified in the report:

  • Leaders focused more of their budget allocations on sustaining what they already have, whereas the non-leaders place significantly more emphasis on piloting and scaling new capabilities.
  • Leaders were nearly three times less likely to have had more than 500,000 customer records exposed through cyberattacks in the last 12 months (15% vs. 44%).
  • Leaders were more than three times as likely to provide users of security tools with required training for those tools (30% vs. 9%).

The study also found that more than four in five respondents (83%) believe that organizations need to think beyond securing just their own enterprises and take better steps to secure their vendor ecosystems.

Additionally, while cybersecurity programs designed to protect data and other key assets are only actively protecting about 60% of an organization’s ecosystem (which includes vendors and other business partners), 40% of breaches come through this route, he said

“There’s a deliberate process involved on the path to becoming more cyber resilient in 2020,” LaSalle said. CISOs and other security executives should focus on these main areas to become more cyber resilient:

  • Invest in speed-enabling technologies. Leaders in the Accenture study focus on technologies that provide the greatest benefit in achieving cybersecurity success. In particular, artificial intelligence and Security Orchestration, Automation, and Response (SOAR) technologies form the backbone of leaders’ investment strategies, he said. Leaders also know which technologies help to achieve a broader level of cybersecurity success by filling gaps in performance.
  • Drive value from investments. Leaders in our study scale investments more often (over half of security tools tested end up fully deployed across the organization), and as a result, their security teams are more effective and are able to protect more key assets. Leaders also train more, which makes them faster at discovering and fixing breaches and protecting more key assets, and they collaborate more, which helps them to protect more key assets and improve regulatory alignment–increasingly important with the growth in personal privacy legislation and the potential fines this poses.
  • Maintain existing investments. Leaders proved to focus more of their budget allocations on sustaining what they already have. They perform better at the basics: Only 15% of leaders have had more than 500,000 records exposed in the last year, compared to 44% of non-leaders.

To better keep pace with the leaders in the report, CISOs and security executives should push management to formulate security investment plans that align with company strategy and its value chain, LaSalle said. They should go beyond technological investment and also reevaluate their security training programs and ensure that the company is investing in its people, he advised.

The study polled more than 4,600 enterprise security practitioners globally in companies with revenues of $1 billion or more.

Also see

istock-958122884.jpg

Image: NicoElNino, Getty Images/iStockphoto



Source link

Continue Reading

Get TechRepublic Top 5 as a podcast


TechRepublic Leading 5 with Tom Merritt is now accessible as a podcast on Stitcher, Spotify, Google Play, and Apple Podcasts.

&#13
Immediately after far more than 100 episodes, award-successful tech qualified Tom Merritt has protected a ton of floor on his clearly show TechRepublic Best 5. From ransomware and AI to blockchain and cloud stability, Tom has saved company execs up to speed on the latest tech traits. And now there is a new way to get Tom’s insights…as a podcast. Just about every week, you can read Tom’s Best 5 lists on TechRepublic as an post, view his video clips on the TechRepublic Best 5 YouTube channel, or hear to brand name new TechRepublic Leading 5 podcast although you are on the go.&#13

&#13
More TechRepublic Prime 5 &#13



Supply url

Continue Reading

Report: 9 times out of 10, hackers can attack website visitors


A Positive Technologies study finds 82% of web application vulnerabilities lie in the source code.

The top 5 web application security risks
Spreading awareness of these risks within your organization can help create a culture of more secure code.

A recent report from Positive Technologies studied web application vulnerabilities and found that more than half of all sites have high-risk vulnerabilities.

The company’s “Web Application Vulnerabilities and Threats: Statistics for 2019” report found signs that companies are beginning to prioritize security but are still failing to do everything necessary when protecting web applications and users. 

Nine times out of 10, hackers are able to easily attack website visitors and 82% of web application vulnerabilities lie in the source code. 

SEE: 10 dangerous app vulnerabilities to watch out for (free PDF) (TechRepublic Premium)

Many of the attacks highlighted in the report include stealing credentials in phishing attacks, infecting computers with malware or redirecting users to hacker-controlled sites.

Companies were also failing to adequately protect their web applications with multi-factor authentication, still relying on password-only authentication that could be easily bypassed. 

“Password-only authentication is a contributing factor in most authentication attacks. Lack of two-factor authentication makes attacks very easy,” said Evgeny Gnedin, head of information security analytics at Positive Technologies.

“Users tend to use weak passwords, which makes matters even worse. Bypassing access restrictions usually leads to unauthorized disclosure, modification, or destruction of data,” Gnedin said. 

Positive Technologies assessed 38  fully functional web applications in 2019 and said that while there had been a steady decrease in the percentage of web applications with severe vulnerabilities, the security of most web applications is still poor. 

The company’s research found the average number of vulnerabilities per application has fallen by a third compared to 2018 and companies are taking security more seriously in not just public-facing web applications but in their internal ones, too.

Financial institutions had the highest web application security ratings in the study while state institutions had the lowest scores.

The report said 16% of applications contain vulnerabilities that allow attackers to take full control of the system and half of web sites in production had high-risk vulnerabilities. On average, each system contained 22 vulnerabilities, four of which were of high severity. One out of five vulnerabilities has high severity, according to the Positive Technologies report. 

“The percentage of production systems with high-risk vulnerabilities declined: 45% in 2019 compared to 71% in 2018. But this is still higher than in 2017, when the equivalent figure was 25%. The last five years show a reduction in the percentage of sites containing severe vulnerabilities. This is an encouraging sign consistent with an overall improvement in security,” the report said.

“Unauthorized access to applications is possible on 39% of sites. In 2019, full control of the system could be obtained on 16% of web applications. On 8% of systems, full control of the web application server allowed attacking the local network.”

Almost 70% of web applications were vulnerable to breaches of sensitive data, with most of the data containing personal information or credentials. 

In terms of commonly found vulnerabilities and attacks, the Positive Technologies report said security misconfigurations, cross-site scripting and broken authentication were the main concerns for most web applications.

One out of every five applications that Positive Technologies researchers tested had vulnerabilities that allowed cybercriminals to attack a user session.

The most common high-risk vulnerability was broken authentication, which was found in 45% of web applications.

According to the company’s research, almost a third of such vulnerabilities consist of failure to properly restrict the number of authentication attempts and an attacker could exploit this to bruteforce credentials or access the web application.

In one particular instance, the report notes that one of the applications could be accessed with administrator rights after only 100 attempts.

“As a general recommendation, web applications should sanitize all user input that is subsequently displayed in a browser, including HTTP request header fields such as User-Agent and Referer. Potentially unsafe characters that can be used in HTML page formatting must be replaced with their non-formatting equivalents. We also recommend using modern web application firewalls, since they are able to block cross-site scripting,” the Positive Technologies report noted.

“In a targeted attack against a company, web application vulnerabilities can help with gathering data about the company’s internal network, such as the structure of the network segments, ports, and services. In many cases, hackers can even access internal network resources and the confidential data stored there,” the report added.

As suggestions, the study says companies should train developers in a variety of secure development methods while giving them tools for automated source code analysis and web application firewalls as preventative measures.

Also see

Flat illustration of security center. Lock with chain around lap

Image: Lucy2014, Getty Images/iStockphoto



Source link

Continue Reading