November 15, 2024
Unlike conventional ransomware that targets individual computers or on-premises servers, attackers are now setting their sights on cloud infrastructures that host vast amounts of data and critical services. This evolution represents a new frontier in cyber threats, requiring Indian cybersecurity practitioners to rethink and relearn defence strategies. Traditional security measures and last year’s playbooks are no longer sufficient. Attackers are exploiting misconfigured or poorly secured cloud storage platforms such as Amazon Web Services (AWS) Simple Storage Service (S3) and Microsoft Azure Blob Storage. By identifying cloud storage buckets with overly permissive access controls, cybercriminals gain unauthorised entry, copy data to their own servers, encrypt or delete the original files, and then demand a ransom for their return. ... Collaboration and adaptability are essential. By understanding the unique challenges posed by cloud security, Indian organisations can implement comprehensive strategies that not only protect against current threats but also anticipate future ones. Proactive measures—such as strengthening access controls, adopting advanced threat detection technologies, training employees, and staying informed—are crucial steps in defending against these evolving attacks.
There are many use cases that show how AI increases the speed and convenience of payment processing. For instance, Apple Pay now offers biometric authentication, which uses AI facial recognition and fingerprint scanning to authenticate users. This enables mobile payment customers to use quick and secure authentication without remembering passwords or PINs. Similarly, Apple Pay’s competitor, PayPal, uses AI for real-time fraud detection, employing ML algorithms to monitor transactions for signs of fraud and ensure that customers’ financial information remains secure. ... One issue is AI systems rely on massive amounts of data, including sensitive data, which can lead to data breaches, identity theft, and compliance issues. In addition, AI algorithms trained on biased data can perpetuate those biases. Making matters worse, many AI systems lack transparency, so the bias may grow and lead to unequal access to financial services. Another issue is the potential dependence on outside vendors, which is common with many AI technologies. ... To reduce the current risks associated with AI and safely unleash its full potential to improve payment processing, it is imperative for organizations to take a multi-layered approach that includes technical safeguards, organizational policies, and regulatory compliance.
The goal of advising on ethics is not to create a service desk model, where colleagues or clients always have to come back to the ethicist for additional guidance. Ethicists generally aim for their stakeholders to achieve some level of independence. “We really want to make our partners self-sufficient. We want to teach them to do this work on their own,” Sample said. Ethicists can promote ethics as a core company value, no different from teamwork, agility, or innovation. Key to this transformation is an understanding of the organization’s goal in implementing AI. “If we believe that artificial intelligence is going to transform business models…then it becomes incumbent on an organization to make sure that the senior executives and the board never become disconnected from what AI is doing for or to their organization, workforce, or customers,” Menachemson said. This alignment may be especially necessary in an environment where companies are diving head-first into AI without any clear strategic direction, simply because the technology is in vogue. A dedicated ethicist or team could address one of the most foundational issues surrounding AI, notes Gartner’s Willemsen. One of the most frequently asked questions at a board level, regardless of the project at hand, is whether the company can use AI for it, he said.
Recommended by LinkedIn
Inclusive data governance processes involve multiple stakeholders, giving equal space in this decision making to diverse groups from civil society, as well as space for direct representation of affected communities as active stakeholders. This links to, but is an idea broader than, the concept of multi-stakeholder governance for technology, which first came to prominence at the international level, in institutions such as the Internet Corporation for Assigned Names and Numbers and the Internet Governance Forum. ... Involving the public and civil society in decisions about data is not cost-free. Taking the steps that are needed to surmount the practical challenges, and skepticism about the utility of public involvement in a technical and technocratic field, frequently requires arguments that go beyond it being the right thing to do. ... The risks for people, communities and society, but also for organizations operating within the data and AI marketplace and supply chain, can be reduced through greater inclusion earlier in the design process. But organizational self-interest will not motivate the scope or depth that is required. Reducing the reality and perception of “participation-washing” means requirements for consultation in the design of data and AI systems need to be robust and enforceable.
If cloud customers spend too much money, it’s usually because they created cost-ineffective deployments. It’s common knowledge that many enterprises “lifted and shifted” their way to the clouds with little thought about how inefficient those systems would be in the new infrastructure. ... Purposely or not, public cloud providers created intricate pricing structures that are nearly incomprehensible to anyone who does not spend each day creating cloud pricing structures to cover every possible use. As a result, enterprises often face unexpected expenses. Many of my clients frequently complain that they have no idea how to manage their cloud bills because they don’t know what they’re paying for. ... Cloud providers often encourage enterprises to overprovision resources “just in case.” Enterprises still pay for that unused capacity, so the misalignment dramatically elevates costs without adding business value. When I ask my clients why they provision so much more storage or computing resources beyond what their workload requires, the most common answer is, “My cloud provider told me to.” ... One of the best features of public cloud computing is autoscaling so you’ll never run out of resources or suffer from bad performance due to insufficient resource provisioning. However, autoscaling often leads to colossal cloud bills because it often is triggered without good governance or purpose.
Testing software before you encounter failure rates is key, but never should you be exposed to failure rates with this level of real world impact. Whether it’s due to third party systems or the companies themselves, their brand will be the one in tatters due to the end customer experience. Enter Change Management and the possibility for, if done right, the prevention of these kinds of enormous IT failures. ... The ever-evolving nature of technology, including cloud scaling, infrastructure as code, and frequent updates such as ‘Patch Tuesday’ means that organisations must constantly adapt to change. However, this constant change introduces challenges such as “drift”—a term that refers to the unplanned deviations from standard configurations or expected states within an IT environment. Think of it like a pesky monkey in the machine. Drift can occur subtly and often goes unnoticed until it causes significant disruptions. It also increases uncertainty and doubt in the organisation making Change Management and Release Management harder, creating difficulties to plan and execute changes safely. ... To be effective, Change Management needs to be able to detect and understand drift in the environment to have a full understanding of Current State, Risk Assessment and Expected Outcomes.