This is grossly negligent. You could even say it is intention, if Ivanti promised you up-to-date software.
Ivanti‘s VPN recently caught attention due to critical vulnerabilities and related #security breaches. Turns out they implemented 10+ years old software libraries.
Now:
– Require up-to-date #software from your #digital supply chain by contract
– Analyse your systems for the #SBOM of your tools, e.g. using our PwC Deutschland and Tanium approach
– Throw out vendors that do not comply repeatedly. Create market pressure
– and of course: be effective in emergency patching
Himanshu Chaudhary and I are happy to support.
In his talk, Sanofi CEO Paul Hudson says there is a big issue of people screaming „Governance!“ as a first response to AI.
And he is right, there is a conflict of interest between short #innovation cycles and deep control. In general, we tend to build our #governance, esp. in #cyber, in a way that we are asking a lot from #business and not supporting the business in their implementation efforts.
With a clear security operating model, we can enable the #security organization to deliver clear services to the #organization. For #cybersecurity of #AI, we do not have to reinvent the wheel. It is all there in your ISMS and operating model.
https://podcasts.apple.com/de/podcast/ted-talks-daily/id160904630?i=1000643689964
On November 30, 2023, the EU Council and European Parliament reached a provisional agreement on the #Cyber #Resilience Act (#CRA). The CRA will set EU-wide #cybersecurity standards for the design, development, production and distribution of these products.
The CRA is part of a broader #EU #strategy to protect the EU #economy and #society from cyber threats, including the Network and #Information Systems Directive (NIS-2), #Digital Operational Resilience Act (DORA), #AI Act, Critical Entities Resilience Directive (CER) and Regulation of Machinery 2023/1230.
The CRA will impact the global cybersecurity of digital products, as it will create a common and consistent framework for the EU market. The CRA will also increase #consumer #trust and confidence in the digital economy.
If you are a manufacturer, importer or distributor of connected products in the EU market, you should prepare for the CRA by:
– Assessing the impact on your products. Review your product portfolios to identify which products will be affected by the CRA. Consider the product features and uses, such as the ability to communicate with other products or components, the intended use and client industries, the B2C versus B2B market, the #security functionality and the use in critical #infrastructure and industrial environments.
– Documenting your assessments. If you determine that a product is exempt from the CRA, document the basis for your conclusion and be ready to respond to regulatory inquiries. Determine whether the product can be used for different purposes or in different industries that are not exempt. In those cases, the CRA will apply.
– Developing a compliance readiness plan. Plan for the necessary infrastructure, tools, processes and capabilities to meet the CRA requirements. For planned products, implement security by design. Monitor products throughout their life cycle to report security incidents. Revisit your supplier agreements for product components and revise them to impose flow-through terms.
This is not new anymore, but I wanted to say a few words on passwords. We have seen some news on password related #cyber attacks lately.
1) Sure, passwords (alone) are not state of the art anymore.
2) But it cannot be the users fault if a password is hacked. Users are not #security aware and we cannot ask that of the broader #public (think about your parents!).
3) Our (German) legislation is flawed. If you went into a house with the key in the door, this is still against the law. In #cybersecurity it is only breaking the law if „the attacker circumvented security mechanisms“. Hence we need to regard even the dumbest clear text password as a security measure in order to get legal hold on attackers.
4) However, with 2) and 3) in mind, companies who do not implement secure access should be held responsible.
Eventually, the solution is manifold. The access security must fit to the user group and offering best security while keeping #usability in mind. It can include not only MFA but also notifications on access events, proper requirements to passwords, simple password management and #biometrics.
According to a survey by PwC, 25% of CEOs plan to reduce their #workforce by at least 5% in 2024 due to generative artificial intelligence (#AI). This could potentially affect around one million people in Germany alone. Comparatively, the recent wave of tech industry layoffs worldwide resulted in around 260,000 job losses. This indicates the significant impact that AI #transformation is expected to have on #jobs and the #economy, happening not in five years, but within the next year.
#pwc PwC Deutschland
https://www.pwc.com/gx/en/issues/c-suite-insights/ceo-survey.html
In the current political situation, #misinformation is a large #risk we face. In the next ten years, #climate change could unite us, as even the biggest sceptics can’t deny the effects.
The potential risk from #cyber insecurity also rises in my opinion, but is lower only relative to the #environmental risks. Meaning that the overall risk exposure rises.
https://www.weforum.org/global-risks/reports/
In business innovation, a significant conflict often arises between the proactive cybersecurity approach of ‘Security by Design’ and the rapid pace of business growth. PwC Global Risk Survey delineates four business mindsets – Innovators, Disrupters, Defenders, and Pragmatists – each facing this challenge differently.
1. Innovators and Disruptors, driven by risk appetite, seek to rapidly integrate new #technologies and #processes. Their focus on swift, transformative #innovation can sometimes be at odds with the more methodical approach required for comprehensive cybersecurity.
2. Defenders and Pragmatists emphasize stability and #risk mitigation, aligning more naturally with Security by Design. However, even they can find this approach slowing down their adaptation to market changes and new opportunities.
The core conflict lies in the perceived impedance of ‘Security by Design’ on business agility and #growth. Security measures, while vital, can be seen as a bottleneck, potentially slowing down #development processes and hindering quick #market responses.
To resolve this, #cybersecurity teams must evolve from gatekeepers to enablers, offering #secure infrastructures that support and accelerate business #operations rather than restrict them. The goal is a seamless integration of security in the #business lifecycle, fostering an environment where innovation thrives within a framework of robust #security.
https://www.pwc.de/de/managementberatung/risk/global-risk-survey.html
The narrative that individual actions are the primary solution to this global #climate crisis echoes the strategy of the fossil industry in promoting the carbon footprint concept. This approach, while encouraging personal responsibility, subtly deflects attention from the more impactful, systemic changes that are crucial.
In this context, the role of individuals in combating #climatechange can be seen as important but ultimately limited, much like employees in a #business who follow best practices but don’t control the overall #strategy. The real power for substantial change lies within larger systems and infrastructures, such as #energy production, #transportation, and industrial processes.
The major shifts required to meaningfully address climate change need to happen at a larger scale – through #policy changes, industry #transformation, and international agreements. In this light, the focus on individual #carbon footprints can be seen as a clever deflection, shifting the burden of action away from those entities (like the fossil fuel #industry) that have the most significant impact on #emissions and thus the greatest potential for reducing them.
Navigating #cyber #risk #management is about balancing specified risks with the readiness to face unpredictable Black Swan events, utilizing innovative technologies and maintaining strategic agility to adapt to the ever-evolving cyber landscape. In this pursuit, the essence lies in transforming uncertainty into a catalyst for growth and #resilience.
Our Strategy& Digital Auto Report 2023 showcases the large OEMs and their #technology partners for Front-end, operating system and compute platform.
While Android front-end seems to be present in the largest share of the market, there is more diversity on the OS level. For compute, Qualcomm is present in many cars of the different OEMs. But we must notice who is not on the list: Tesla (and BYD and many others). With strong self-built technology (chips & #software), this strategy is different from the others. Yet, the Tesla Model Y is the most popular EV worldwide by far according to the sales numbers.
https://www.strategyand.pwc.com/de/en/digital-auto-report/volume2.html
Want to get rid of #cars ?
The two things that will lead to heavy decrease in cars on the road are #autonomousdriving and #sharedmobility
Cars are insane in a matter of energy per person per kilometer for #mobility.
Cars are the reason for so much space covered with concrete.
Cars cause severe accidents.
But we will not be able to forbid them in the next decades.
But with automated vehicles and a good sharing platform that maximizes use time per car, we will decrease the number of cars largely. The car will then pick you up when you need it. And it will do it cheaper and more comfortable than any car could today.
When moving to #renewable #energy, we can potentially reduce the fleet of sea vessels by more than a third! In other words: only oil tankers represent 28.6% of vessels, plus gas, plus coal.
Renewable energies reduce #emissions from the #maritime sector, reduce congestion on harbors and ease #trade for other sectors.
The vulnerabilities exposed in widely-used libraries like des #log4j highlight a crucial concern: even past breaches can have ripples in our #digital#ecosystem. A single weak link in a software component can trigger #security aftershocks and massive #economic implications. It stands as a testament that the code we’ve come to trust can, at times, betray us.
This is where the Software Bill of Materials (#SBOM) steps in as a beacon of clarity. It offers a transparent inventory of all software components. In a landscape where age-old vulnerabilities can suddenly resurface, the SBOM isn’t a luxury—it’s an imperative.
As we continue building on layers of #software, it’s imperative to ask: Are we fully aware of the legacy we’re inheriting?
With our partners Cybellum for #iot and embedded firmware, and Tanium with their enterprise-wide endpoint management, we at PwC Deutschland tackle these economic risk and work towards a more #resilient#economy overall.
In the shadow of #digital giants, the need for decisive #regulatory action has never been clearer.
We see a roadmap emerging. It’s time for #regulations that:
Promote Interoperability: Let #platforms communicate, ensuring users aren’t trapped in one #ecosystem.
Uphold #Data Mobility: Guarantee that businesses and users can shift their data seamlessly across services.
Ensure Algorithmic Clarity: Hold platforms accountable for transparent decision-making algorithms.
In the wake of discussions about #digital ownership, an even larger elephant enters the room: the monopolistic dominance of major digital platform operators, such as Microsoft, Amazon Web Services (AWS), ServiceNow and others. As businesses increasingly rely on a handful of these giants for everything from #data storage to R&D, we find ourselves in a paradox. On one hand, these platforms offer unmatched efficiency and capabilities. On the other, their overwhelming presence narrows the digital playing field, potentially stifling competition and #innovation. With every integration, are businesses fortifying these digital empires inadvertently? It’s vital for companies to deliberate: In our quest for #digitaltransformation, are we empowering #monopolies at the expense of diverse, competitive #ecosystems?
As businesses integrate more with third-party #platforms and services, where does dependency end and autonomy begin? We’re navigating an era where many core operations, from #data storage to R&D, rely heavily on external ecosystems. While these partnerships can drive efficiency and innovation, they also introduce challenges around control, #security, and costs. Businesses must ask: Are we truly harnessing these tools, or are we becoming tools of them? As we push the boundaries of #innovation, let’s also ensure we retain command of our #digital destinies.
In today’s #digital age, do companies truly ‘own’ their operations anymore? As we offload #data to the #cloud, rely on third-party #software, and even let external platforms handle our R&D, the line between ownership and dependency blurs. We might own the hardware, but do we own the thoughts? When #innovation exits our developers’ brains and enters a third-party environment, where does ownership truly lie? It’s time for businesses to re-evaluate their digital dependencies. #DigitalOwnership#BusinessInnovation
As we move into an era of growing #AI adoption, a strategic approach is vital for integrating AI securely into our organizations. Here’s a #CISO guideline to become AI-ready from a #cybersecurity standpoint:
1. Gather an Overview: Understand the AI use cases across your organization, categorizing them by public vs private models, data criticality, user base, involved third parties, and AI-based decision-making.
2. Business Impact Analysis: Design an analysis focused on AI threats, faulty outputs, model, and access leakage. Consider the potential consequences and formulate responses.
3. Engage with Business Units: Collaborate with the teams using AI to align on #risk and responsibility. Open communication here is key.
4. Build a Control Catalog: Create a well-defined catalog to assess AI use cases within your organization. This systematic approach ensures that every AI implementation aligns with company standards.
5. Develop Training Materials: Craft general and specific training materials to equip your teams with the knowledge to handle AI securely.
6. Guidance on AI Services: Instead of forbidding AI services like #ChatGPT, guide your team to those that align with your company’s #security protocols. Prohibiting all AI services could drive employees to untrustworthy alternatives.
Becoming AI-ready is not just a technological shift; it’s about alignment, understanding, and collaboration across the entire organization. By taking these steps, we can harness the power of AI while maintaining security and #trust.
By taking on the #bigtech, the European Unions Digital Markets Act might be doing more than just democratizing #digital domains – it’s potentially decentralizing #cyber risks. Think about it: by breaking the gatekeepers’ stronghold, we’re diluting the potential of a single point of failure.
The result? A better distribution of #cyberrisks across the digital #ecosystem.
But here’s the catch: as power disperses, every player in the market will bear the mantle of #cybersecurity. It’s no longer just the responsibility of the titans; it’s on all of us.
Challenging gatekeepers is not just about competition; it’s about building a #resilient cyber community. We all need to keep our shields up and defenses strong. Because in this digital age, the weakest link can be anyone.
https://digital-markets-act.ec.europa.eu/about-dma_en
When we look at the number of vulnerabilities per vendor, we have to put that into perspective with the million lines of code or the number of software products that vendor offers.
Interesting to see the differences, e.g. between Microsoft and Apple. But again we have to be careful: #Microsoft draws largest parts of their market cap from software, while #apple higher market cap still does not indicate more lines of code.
Bad for Cisco as not pure software company and Adobe as the vulnerabilities per market cap are several times higher than Google or Microsoft.
Other factors could be researchers attention and legacy support, as Microsoft offers long support and Apple usually patches even relatively old devices.
Thanks Patrick Garrity 👾🛹💙 for this research!
#cybersecurity#digital#cyberresilience
In our pursuit of a secure #digital environment, we often concentrate on specific, well-defined risks. But what about those large-scale #cyber incidents that defy precise categorization?
Large-scale cyber risks are elusive and challenging to pin down in specific risk descriptions. Addressing every minute vulnerability as a business-threatening risk is impractical. However, ignoring the unpredictable and unforeseen can be perilous.
Enter the “Black Swan” of cyber #risk.
These are the incidents that aren’t typically foreseen by technical teams, the unexpected threats that don’t fit neatly into our conventional #risk assessments. They’re not the scenarios that unfold merely because a company chose to accept a risk rather than applying measures.
How do we handle this ambiguity?
Recognize the Unpredictable: Understanding that not all risks can be neatly quantified or categorized is the first step. We must be prepared for scenarios that fall outside standard expectations.
Build Resilience: Creating a robust system capable of withstanding unforeseen shocks is essential. This goes beyond specific technical measures and encompasses a broader organizational #resilience.
Foster Collaboration: Encourage continuous dialogue between technical teams, management, and other stakeholders. A diverse set of perspectives can provide a more comprehensive understanding of potential risks.
Embrace Continuous Learning: The cyber landscape is ever-changing. Regularly revisiting and updating risk assessments and strategies helps in adapting to new and unexpected threats.
#Cyber #riskmanagement is a complex process that involves various layers. Here are some considerations:
System Layer: Risks need to be clear and confined in scope. Identifying specific threats allows us to create relevant measures and prioritize effectively.
Organizational Layer: This is about recognizing #risk that could affect multiple systems, complete infrastructures, or organizational processes. Central #security teams can focus their efforts here to improve the company’s overall security.
Financial Layer: In this layer, connecting with financial risk management is vital. Building financial reserves for significant cyber events is essential. Smaller risks may be less relevant, as they don’t drastically affect operational costs. For larger risks, the specific vulnerability or technology gap is usually secondary to the broader business impact.
Die WirtschaftsWoche schreibt über eine Studie von Accenture, warum Europa bei technologischen Entwicklungen oft das Nachsehen hat.
– Wir werden die Autos aus China fahren
– Wir nutzen #IoT Geräte aus China
– Unsere Fabriken werden mit Robotern aus China produzieren
– Wir nutzen #Cloud Plattformen aus den USA
– Wir übermitteln unsere #Daten an digitale Services aus den USA
– Wir verlieren unsere Produktivität an #ki aus den USA
– Wir sind angewiesen auf #cybersicherheit aus den USA
Durch zunehmende #Automatisierung können wir Produktion zurückverlagern, bleiben aber Abhängig von der #robotik.
Durch die digitale Abhängigkeit von den USA betreffen uns dortige politische Entwicklungen, wie mögliche Überwachung und Eingriffe, Aufspaltungen oder Sicherheitsvorfälle direkt. Cyberangriffe gegen US-Unternehmen betreffen damit auch die deutsche Wirtschaft.
https://www.wiwo.de/29290224.html
The complexities of modern #cyber threats often outpace the average user’s understanding, making traditional user training and awareness programs only partially effective.
The responsibility of combating #cybercrime should not rest solely on the shoulders of the end-users. It is high time we acknowledge the necessity of a comprehensive strategy that involves law enforcement, regulatory frameworks, and vendor accountability.
From a police perspective, we must equip our forces with the tools and knowledge to fight cybercrime effectively. Simultaneously, it’s crucial to build a regulatory framework that holds vendors accountable for incidents caused by vulnerabilities in their products. By enforcing robust #security standards and penalizing non-compliance, we can create an environment where manufacturers are as dedicated to security as they are to #innovation.
By adopting a multi-faceted approach that includes law enforcement, regulation, and accountability, we can build a safer future for everyone in the digital age.
#CyberSecurity#IoT#Regulation#LawEnforcement
The “winner takes all” principle has long dominated the #digital markets. It’s a principle that has led to concentrated power and wealth among a handful of #tech giants, often at the expense of smaller players and healthy market competition.
An intriguing method to counter this monopoly is asset-based taxing, a strategy already existing for real estate by countries such as the Netherlands and France. The idea is to tax digital companies based on their assets in each country, fostering a more equitable distribution of the digital economy’s profits.
However, it’s crucial to recognize the international influence these tech companies as they are collecting vast amounts of #data and serving many of customers. Our tax models need to reflect this reality. They must incorporate not only the physical and digital assets these companies own, but also consider the data they collect and the number of customers they serve in each respective country.
By redefining how we tax digital companies, we can help ensure they contribute fairly to the economies they profit from. This approach goes a long way in promoting a more balanced and equitable digital economy, one where the winner doesn’t necessarily take it all.
Consider the humble turkey, contentedly nourished for 999 days. Yet, on the 1000th day, its peaceful existence is abruptly interrupted. A sole reliance on past experience blindsided the turkey to its fate.
This serves as a striking metaphor for #Cyber#RiskManagement. We can’t afford to base our #security strategies exclusively on historical data, such as assessments and certification. It’s not just about understanding our past; it’s about actively engaging with our present and strategically preparing for our future. We can do this by leveraging #threatintelligence and monitoring the progress pace towards our strategic objectives.
Furthermore, we should always be prepared for black swan events – rare but highly disruptive incidents that can significantly impact our operations. A proactive approach towards these unpredictable events helps strengthen our #resilience and fortify our cyber defenses.
In the wake of my previous discussion on the necessity of liability in #CyberSecurity, there are implications for #bigtech.
Companies like Microsoft, Google and major #SaaS operators face a large #risk. The call for accountability will require them to adapt their #business models to incorporate comprehensive liability protections. This isn’t a roadblock, but rather an opportunity to reassess and reinvent their cyber-risk strategies.
This shift in liability could also foster a more competitive market by favoring smaller vendors. By establishing the rule of law in cybersecurity, we level the playing field, encouraging #innovation and competition. This fights monopolies and stimulates the market in a way that benefits all players.
More importantly, it uncovers the inherent risks that big tech poses. Their widespread influence means that a single incident can have far-reaching consequences on a global scale. By factoring in liability, we can shed light on these risks, enabling customers to make informed decisions and ultimately leading to a more secure #digital ecosystem.
Do not buy into a subscription model where the service provider has practically no recurring cost to provide that service.
If you own a BMW Group car, don’t pay for heated seats monthly.
If you host #software yourself, license and subscription fees let providers lock you in on the cost.
If you customize heavily on platforms like ServiceNow and Salesforce , you end up paying #development and subscription.
Either way you need a quick exit strategy that you can truly execute.
In the evolving landscape of #CyberSecurity, it’s clear that we need more legal minds on board. As threats to #digital#infrastructure grow in sophistication, the focus must not only be on prevention but also on accountability.
With the escalation of #security breaches, there’s a pressing demand for clearly defined liability. This is where the intersection of law and cybersecurity becomes crucial. We need a system that acknowledges the harm caused by such incidents and, more importantly, holds the responsible parties accountable.
When fortifying your supply chain, don’t just tick the boxes for technical safeguards and certifications. We must also demand robust legal assurances. Establishing liability claims in the event of #cyber incidents at your suppliers and #technology platform operators is an imperative step towards ensuring #business continuity and #resilience.
One of the key elements driving Tesla’s success in the EV market is its ingenious pricing #strategy – from premium models to mass-market vehicles.
At the moment, electric #cars are piling up with over 90days of vehicles in stock. But not at #Tesla.
At the onset, Tesla’s focus was on creating high-end, luxury electric vehicles. This was not just a bid to carve out a unique niche in the automotive sector, but a strategic move to finance their development activities. Revenue from these high-priced models facilitated their ability to innovate and build their brand without the immediate pressure of mass-market competition.
However, in the next phase of their strategy, Tesla made a significant pivot. Recognizing the need for a broader market penetration to truly disrupt the industry, Tesla began developing more affordable models.
By continuously driving down prices, Tesla is creating a challenging landscape for traditional automakers. These manufacturers, faced with the task of transitioning to electric vehicle production, find it increasingly difficult to match Tesla’s prices without compromising their profit margins.
Observing Google Trends, one might infer a decrease in the buzz around Generative AI. However, this perceived decline doesn’t necessarily indicate a waning interest or relevance.
What we’re experiencing is a shift from the initial wave of fascination to a more pragmatic, integrated use of AI.
Despite the summer break potentially causing a brief dip in online engagement, the reality is that AI is becoming an increasingly indispensable part of our lives.
Going forward, we can expect to see a proliferation of AI applications. The UX is set to improve dramatically, transforming how we interact with #AI tools.
As LLMs need significantly more compute than search, every step forward is huge to competitively integrate #AI into #information retrieval.
As search is usually financed by ads, the compute cost for AI are higher and either require invest from the provider such as Google and Microsoft in Edge or a subscription as in #GPT premium.
Whoever manages to provide AI services within a pricing model that seems free for users (such as ads) will lead the market. Until then, getting the users only works with the financing power of big tech.
Also AI startups currently get insanely high financing because of required hardware invest. For a #business to leverage private models, compute cost are significant.
As I’m on vacation, just a few short conclusions from this European Union Agency for Cybersecurity (ENISA) report:
1. Every company needs a plan to deal with unpatched devices and have this #risk in their #riskmanagement.
2. We need application vendor guarantees for the length of the lifecycle and possibility to patch. Companies should have that in their contacts. These requirements should be respected by all business units that procure anything digital.
3. First step to vulnerability management is a working patch management. Without the latter, you will never achieve #cybersecurity.
https://www.enisa.europa.eu/publications/good-practices-for-supply-chain-cybersecurity
The surge in technological efficiency has the potential to abstract us further from our tasks, placing an increased emphasis on our roles as architects of our societal #future. A significant facet of this vision shaping is #regulation, which has gained prominence in recent times, as exemplified by the #AI Act.
Regulation isn’t just about creating constraints, it’s about designing strategic pathways for our future interactions and dependencies on technology. Technological breakthroughs should thus be harmonized with these regulatory frameworks, which includes ensuring appropriate financial support for regulatory entities.
Take the proposed AI Act as an example. It necessitates high-risk AI systems to undergo assessment and registration, a move aimed at bolstering accountability. Yet, the practicality of such measures remains open to discussion. Given that individuals could run an AI model on their private devices, the relationship between #technology usage and regulation becomes even more intricate.
Moreover, the act imposes significant responsibilities, causing a surge in effort for approval processes. This presents a pressing need to integrate technological practices and #regulatory checks seamlessly.
Our focus should be on constructing an environment where technology is a facilitator, and it is directed by a robust regulatory framework that not only protects our interests but also promotes #innovation. As we journey through this, we need to engage in continuous dialogue to strike the right balance.
The internet is not neutral. It is framed by digitally leading countries such as the US, and by those people and companies that make the most noise.
Generative #AI, trained on vast amounts of internet data, reflects the biases and frames of the digital content it was fed. Added to this, the prevalence of spam and bot activities further distorts the AI’s perception of ‘neutral’ content.
The impact of these distortions becomes more pronounced when we consider the personalization algorithms used by many internet services. These algorithms are designed to deliver content tailored to our preferences, effectively creating a digital echo chamber that narrows our online experiences.
While personalization brings convenience, it may also limit our exposure to diverse ideas and perspectives.
One potential solution is to give users more control over the personalization of their digital experiences. Services could offer a ‘switch’, allowing users to turn off #personalization when they want a more unbiased view of the information landscape.
Imagine being able to adjust your algorithm to boost less popular or less heard voices. Such a feature could democratize our digital experiences, ensuring that the internet is a platform that truly reflects the #diversity of our world.
As we continue to navigate the digital age, we must strive for solutions that recognize the complexities of digital bias, and aim to create an internet that better serves all of its users. Let’s question, innovate, and drive change to build a more inclusive #digital #future.
In my previous post, I pondered about a unique metric: gauging the impact and usage time of various technologies and platforms we engage with daily.
Extending this thought, I propose a progressive regulatory idea – what if we linked regulatory oversight to this metric?
Picture a scenario where regulations cap the extent to which our personal data is utilized for targeted purposes, once a specific threshold of usage or interaction is crossed. Our digital lives are saturated with personalized experiences, underpinned by our own data. But what if we installed a digital speed-bump of sorts?
Conceptualize regulations stating, “Personal data cannot be employed for targeted #advertising beyond X hours of usage or Y level of interaction”. It’s a forward-thinking proposition, aiming to strike a balance in the data-driven digital world, and importantly, serve as a restraint on data monopolies.
Such regulations could mitigate the persistent deluge of personalized ads, bolster user #privacy, and foster a more equitable digital landscape. By doing so, we might disrupt unchecked #data monopolies, paving the way for a more balanced digital marketplace.
While the execution of such measures could be challenging, the principle of associating regulation with #technology usage merits our serious contemplation. In a dynamic #digital world, shouldn’t our laws be just as adaptable and representative?
51% of individuals under the age of 25 are utilising #ChatGPT, with a significant proportion using it primarily for educational purposes.
Why are students at the forefront of this #AI adoption trend?
An interesting perspective to consider is that students, unlike many professionals, aren’t paid by the hour. Their primary objective is to accomplish tasks or understand concepts as quickly and efficiently as possible. This goal aligns perfectly with the capabilities of AI, such as ChatGPT, which serves as an accelerator for achieving learning objectives.
This insight offers an intriguing implication for the broader #workforce. If we shifted our focus from time-based to results-based incentives, we could potentially unlock new levels of productivity.
In a results-based model, AI becomes an enabler rather than a threat, helping to streamline tasks, optimize workflows, and produce higher quality outputs faster. This transformation could not only increase #productivity, but also enhance job satisfaction by reducing repetitive tasks and creating more time for innovative and strategic work.
As we look to the future of work, rethinking our approaches to productivity and leveraging the potential of AI could pave the way for an era of unprecedented growth and innovation. #education#productivity#futureofwork
Technology is inextricably interwoven into the fabric of our daily lives. From the moment we wake up, to the moment we fall asleep, we’re interacting with some form of #technology. This led me to an interesting thought: what if we could measure the impact and usage time of different technologies and platforms per day?
Imagine having tangible #data showing us how much time we spend on various #digital platforms – #socialmedia, #productivity tools, #entertainment apps, etc.
Now extrapolate that data across a workforce, a city, or even a country. The insights could be invaluable!
We could identify patterns of use, understand productivity levels, gauge our reliance on different technologies, and more. It could even reveal the role of technology in mental health by correlating usage time with wellness metrics.
But more importantly, such data would provide a clear mirror of our digital habits and help us make more informed decisions about our relationship with technology. It’s a fascinating concept and worth pondering as we continually adapt to an increasingly digital world.
The World Economic Forum identified digital inequality as one of the major risks for society.
Picture our elderly population, who might not be as adept with the latest smartphones or complex digital interfaces. For them, the technology can often be more daunting than empowering. Here’s where AI can truly shine – think about voice assistants, which are becoming increasingly sophisticated.
As technology continues to evolve, it’s essential we make sure that all of us, regardless of our background or technical ability, have the opportunity to participate in this #digital transformation.
Digital inequality is not just about access to #technology, but also about the ability to use and benefit from it. This is where #AI is a game changer. AI has the potential to bridge this gap and help those who may not have advanced technical skills.
Think about the power of natural language processing (#NLP) and voice recognition technologies. These AI-driven capabilities are making it easier for everyone to engage with technology. These tools are democratizing access to technology.
Moreover, AI can assist in making complex tasks simpler. Whether it’s generating summaries of long documents, predicting trends from large datasets, or automating repetitive tasks, AI can help non-technical individuals perform tasks that would have traditionally required specialized technical skills.
But, while we leverage AI to bridge the digital divide, it’s equally important to address the ethical considerations associated with AI use. Issues such as #data #privacy, algorithmic bias, and transparency must be addressed to ensure that the benefits of AI are shared equitably.
Navigating today’s tumultuous #business environment demands more than mere adaptability – it requires built-in #resilience. Yet, the effectiveness of resilience programmes is contingent on several key aspects: integration, accountability, and enduring principles, as revealed in our recent PwC global crisis and resilience survey. Thanks Jörg Tüllner for developing these comprehensive results!
1. Embracing Integration: While resilience programmes have been in place for over five years in nearly two-thirds of businesses, they often operate in silos. PwC’s survey indicates a promising shift towards centrally coordinated, integrated resilience approaches tailored to an organization’s distinct needs. Such an approach, embedded across the business, facilitates swift identification and response to emerging risks, enabling not just rapid recovery but also the discovery of unforeseen opportunities birthed from disruptions.
2. Accountability and Proficiency: Leadership, specifically at the C-suite level, is instrumental in guiding resilience programmes. The survey reveals that 90% of businesses with such programmes have a C-level sponsor. However, the mantle of responsibility should not rest on one person alone. Few companies have designated a Chief Resilience Officer, a move that could streamline accountability and ensure comprehensive integration of resilience into all facets of business operations. Parallelly, investing in skill development and training is necessary to create a strong team capable of supporting an integrated resilience programme.
3. Panoramic Outlook Aided by Technology: Successful resilience planning hinges on a comprehensive understanding of the organization’s risk landscape. Mapping the intricate network of critical business services within and beyond the company paves the way for defining the required level of resilience. Technology is vital in this process, offering the much-needed “panoramic view” and helping businesses to anticipate #risk and respond confidently.
Get our survey here: https://www.pwc.de/de/forensic-services/global-crisis-survey.html
In the realm of #cybersecurity, adopting a multi-disciplinary #riskmanagement model is no longer a luxury – it’s a necessity. This approach views #risk from multiple dimensions, including financial, competitive advantage, ESG, and #regulatory considerations. It goes beyond traditional IT risk to make #security risk tangible and relevant to #business stakeholders.
Consider your organization’s assets – not just IT assets like servers, applications, and databases, but also business processes. These are the foundation of your operations, and understanding how they interact and depend on each other can help you identify potential risk points. Once you have this understanding, you can map your #cyber solutions based on their coverage of these IT and business assets.
But this is only half the equation. The other half is about accountabilities. In this model, the security function provides feasible solutions, and the business acts as the internal service customer. This service-oriented approach to cybersecurity helps bridge the gap between the business and technical sides of your organization, enabling you to address gaps in your cybersecurity posture more effectively.
At PwC Cyber, Risk and Regulatory, we’ve seen firsthand the impact of this approach. We’ve implemented service-oriented security functions and operating models for several clients, linking them directly to the security architecture. This method ensures that cybersecurity investments are more precisely allocated, resulting in improved risk mitigation.
The dynamic expansion of the #cybersecurity market continues to reflect our evolving global #risk landscape. In this context, it’s critical for businesses to understand that their #cyber investments need to be well-calibrated and aligned to the real-world risks they face.
A significant risk could be a cyber incident resulting in a prolonged downtime, which could rapidly drain a company’s liquidity. Companies must ensure that they have a robust #BusinessContinuityPlan in place, which includes measures to mitigate such high-impact #security threats.
But how can businesses be sure that they’re investing in the right places to mitigate these risks? One approach is to measure the coverage of security solutions in your security landscape. This involves understanding the reach and effectiveness of your current security measures and identifying areas where coverage may be lacking.
For a more holistic approach, consider implementing a multi-disciplinary #riskmanagement model. This should involve a multidimensional view on asset coverage, security solution, process and technology use, and accountabilities. Such a comprehensive approach can help you identify and address gaps in your cybersecurity posture.
At PwC Cyber, Risk and Regulatory, we specialize in developing comprehensive security architectures and operating models that directly link to risk and facilitate intelligent investment allocation.
The growth and dynamics of the #cybersecurity market serve as a mirror, reflecting the global #risk landscape. The expansion of this market is not merely a commercial phenomenon but rather a response to the escalating cybersecurity threats that permeate our interconnected world.
This interplay between #investment and risk mitigation forms the crux of the cybersecurity narrative. With the surge in potential risk vectors, businesses are necessitated to escalate their #security investments. This isn’t solely about risk reduction but extends to ensuring #business continuity, safeguarding valuable #digital assets, and fortifying the bond of #trust with customers.
As organizations digitize their operations and data proliferates across various platforms, the cybersecurity risk matrix becomes more intricate. The potential impact and probability of #cyber incidents are accelerating, driven by increasingly sophisticated threat actors and expanding attack surfaces. Consequently, organizations are compelled to augment their cybersecurity investments, driving demand for innovative solutions and specialized services.
When a company invests in cybersecurity, it’s a tangible demonstration of their awareness and understanding of the digital risks they face. However, investment alone is not sufficient. It’s critical that the level of investment aligns with the magnitude of the risk. A misalignment could indicate a potential underestimation or misunderstanding of the risk.
This underscores the importance of mapping security programs directly to risk mitigation. Every cybersecurity initiative, #technology investment, or policy should be traceable back to the risks it’s designed to mitigate. It’s not just about having security measures in place; it’s about having the right measures to address the specific threats your organization faces.
The evolving digital landscape and the increasing economic implications of #cybersecurity vulnerabilities demand a shift in the role of the CISO and the broader security function. #security is no longer just about technical defenses; it’s about economically-sound decision-making and strategic engagement with other #business functions.
As CISO, one must be attuned not only to the technical dimensions of cybersecurity but also to its economic realities. Each #technology or #software comes with its own set of potential vulnerabilities and associated costs – from monitoring and patching to potential operational disruptions in the event of a breach. These ‘security costs’ must be integrated into the overall cost structure of technology use.
This more economically-minded approach to cybersecurity necessitates active engagement with other key functions, particularly with the CFO. The CISO and the CFO must collaborate to ensure the company’s financial #resilience in the event of a cybersecurity incident. This includes planning for potential costs, ensuring adequate financial runway, and even leveraging efficient security processes for competitive advantage.
#Cybersecurity vulnerabilities, especially in widely-used #software, can pose significant economic challenges. Their impact extends beyond the immediate cost of remediation in individual companies, creating a ripple effect across the entire economy.
When such vulnerabilities emerge, the process of identifying, patching, and implementing mitigation efforts necessitates the mobilization of resources across the entire affected landscape. This collective response, involving countless hours of work, substantial investments in #technology, and even potential operational disruptions, can lead to considerable economic costs on a macro scale.
Swift and efficient response to these vulnerabilities, facilitated by real-time threat intelligence and regular incident response exercises, is crucial to limit these economy-wide impacts. #Threatintelligence allows companies to proactively anticipate and counter threats, while incident response exercises enhance organizational readiness and agility in the face of potential breaches.
By measuring the vulnerabilities inherent in each technology, we can factor in a ‘security cost’ for that technology. This cost includes not only the potential remediation efforts but also the time and resources spent on monitoring, patching, and updating to protect against threats. This approach provides a more comprehensive understanding of the true economic cost of a technology, allowing for more informed decision-making and risk management.
**Strike While the Iron is Hot.** As an executive, your aim is to harness the efficiency gains promised by AI. And there’s no time like the present. We are in the midst of an #AI revolution, where AI is not just a value add-on, but a fundamental driver of #business growth. However, we’re facing an equally significant challenge – unfettered use of AI. When employees resort to using AI with business data on private devices to circumvent corporate restrictions, the potential for misuse looms large. The answer isn’t to inhibit AI, but to channel its use effectively and responsibly.
**Train to Gain.** By embedding comprehensive AI #training within our organization, we can ensure that every employee not only uses these tools, but uses them securely and effectively. This is not a one-off IT exercise, but an ongoing endeavor to create a workforce adept at responsibly leveraging AI for maximum productivity gains.
**Robust Governance is a Non-negotiable.** Building secure AI usage involves not just recognizing where AI is being used, but also providing secure, corporate-sanctioned alternatives. An AI provisioning process should be established, which evaluates both the potential risks and benefits of each AI application. This process can serve as our litmus test, steering us towards the ethical, secure use of AI.
**Control is Key.** As we incorporate AI into our business operations, it is crucial to continually evaluate and validate AI outputs. Establishing rigorous control mechanisms that assess the potential business impact of AI-related errors can ensure the reliability of our #data and the integrity of our operations.
**AI: An Opportunity and a Responsibility.** The confluence of AI and business is here. It promises an era of unprecedented #growth and transformative potential. However, with these possibilities come responsibilities. The onus is on us to effectively train our workforce, to robustly govern AI usage, and to maintain meticulous control over AI outputs.
Let’s seize this defining moment in #business history. Let’s not just harness the power of AI, but do so in a way that aligns with our principles and safeguards our operations. The #future isn’t just about leveraging AI; it’s about guiding its use responsibly, strategically, and immediately. The clock is ticking. The time to act is now.
For your impression: this post was generated using GPT4!
In today’s increasingly interconnected #digital ecosystem, #cybersecurity vulnerabilities pose significant risks not just on a technical level but also in an economic context. These vulnerabilities, if exploited, can affect a broad spectrum of stakeholders – from individual users to multinational corporations, and even to the overall stability of our domestic economies.
Consider this: when a #security vulnerability affects a #software that is widely used across industries, it is no longer a single company’s issue. It becomes a collective problem that requires concerted efforts to rectify. Each affected organization would have to invest time, resources, and manpower to mitigate the #risk, patch the vulnerability, and potentially recover from a security breach. This can quickly escalate to significant economic costs when the software in question is embedded in numerous companies’ digital infrastructure.
Regulators and policy-makers must recognize this reality and adapt accordingly. The economic impact of cybersecurity vulnerabilities should be a key component in policy discussions, alongside traditional considerations like #privacy and #data protection. It’s not just about making our systems safer; it’s about safeguarding the economic health and #resilience of our businesses, industries, and nations.
By viewing cybersecurity through this economic lens, we can better identify the true scale and impact of these vulnerabilities, ultimately leading to more effective and efficient policies, regulations, and mitigation strategies.
#ai such as OpenAI ChatGPT or Google Bard is great for it’s mistakes! When the AI fails to meet my expectations in generating output that aligns with my intended thoughts, I experiment with various prompts and offer further guidance to the AI. If the resulting output continues to deviate from my desired direction, it serves as an indication that either I am mistaken or the model has not fully understood the specific concept I’m trying to convey. This circumstance highlights the potential of my idea and enables me to differentiate between original thinking and mere repetition of information sourced from the internet.
In today’s fast-paced #business landscape, two essential pillars hold the key to long-term success: #resilience and #trust. These two interconnected elements are vital for organizations to thrive amidst constant #change while also navigating the delicate balance between agility and control.
Resilience refers to an organization’s ability to adapt to change, maintain liquidity, and foster agile structures. It also means possessing the fortitude to cope with failures and emerge stronger. Trust, on the other hand, is built on a foundation of transparency, governance, and effective #risk management.
To foster resilience and trust within our organizations, we must embrace the following principles:
1. Strategic Awareness: Stay informed about the latest technological breakthroughs and industry trends. Understand how these innovations can impact your business and be prepared to adapt your strategies accordingly.
2. Agility with Accountability: Encourage a culture of adaptability and innovation, while ensuring clear lines of responsibility and accountability. This empowers teams to explore new ideas while maintaining a strong sense of ownership and purpose.
3. Transparent Communication: Openly share information about organizational decisions, challenges, and successes. This fosters a sense of trust among employees, customers, and partners, creating a shared understanding of the organization’s goals and values.
4. Robust Governance: Implement comprehensive governance frameworks that balance the need for speed and adaptability with the necessity of maintaining control and managing risk. This ensures that the organization can pivot quickly while safeguarding its assets and reputation.
5. Continuous Learning: Cultivate a learning mindset within the organization to learn from both successes and failures. Encourage the sharing of knowledge and insights, fostering an environment that supports growth, adaptability, and resilience.
6. Collaborative Risk Management: Involve all stakeholders in the risk management process, promoting a sense of shared responsibility for identifying, assessing, and mitigating risks. This ensures a more comprehensive approach to risk management and helps to build trust.
By integrating resilience and trust into the fabric of our organizations, we can strike the delicate balance between agility and control, driving sustainable #growth in a constantly changing business environment.
As the adoption of #AI accelerates across industries, it’s crucial for #business leaders to understand the converging landscape of public AI models. The key differentiator between these models lies in the value of training data, which will position private AI models as core assets for many businesses in the future. In the face of this transformative shift, organizations must focus on #resilience and #trust to harness the full potential of AI-driven innovation.
Here’s how business leaders can adapt to the evolving AI landscape, create value from private models, and build resilience and trust within their organizations:
1. Leverage Public Models: Understand the capabilities of public AI models built on shared #data resources. Use these models as a foundation to accelerate AI adoption and experimentation within your organization, while staying informed about the latest advancements.
2. Invest in Private Models: Recognize the value of your organization’s unique training data, and invest in developing private AI models tailored to your specific needs. By leveraging proprietary data, your organization can create AI models that provide a competitive advantage and drive value across various business functions.
3. Foster Data Excellence: Ensure the quality, accuracy, and relevance of your organization’s training data. High-quality data is essential for building effective AI models and maximizing their potential as core business assets.
4. Promote Resilience: Embrace agile structures and maintain liquidity to adapt to the rapidly changing AI landscape. Encourage your teams to learn from successes and failures and be prepared to pivot strategies as needed to stay competitive.
5. Build Trust through Transparency and Governance: Implement robust governance frameworks that ensure responsible AI adoption and ethical use of AI technologies. Transparent communication about AI-driven initiatives and their impact on the organization will foster trust among employees, customers, and partners.
6. Strengthen Cybersecurity: As AI models become core business assets, securing them against threats is crucial. Prioritize #cybersecurity measures to protect your AI models, intellectual property, and customer trust.
The rapid advancements in #AI have made it abundantly clear: #business leaders must stay informed and agile in the face of technological disruptions that impact their industries. Today’s competitive landscape requires us to embrace these innovations rapidly, but with the proper governance and #cybersecurity measures in place.
#Technology disruptions present both opportunities and risks. As business leaders, it is our responsibility to leverage these cutting-edge technologies for #growth and competitive advantage while mitigating the risks that come with them.
Integrating AI and other emerging technologies into our operations requires a strategic approach that focuses on three key aspects:
1. Proactive Awareness: Stay informed about the latest technological breakthroughs and industry trends. Understand how these innovations can impact your business and be prepared to adapt your strategies accordingly.
2. Rapid Implementation: Embrace the agility required to adopt and integrate new technologies into your organization swiftly. Time is of the essence in today’s fast-paced business environment, and a delay in incorporating these advancements could mean losing out to competitors.
3. Robust Governance and #security: Implement strong governance frameworks to ensure the responsible and ethical use of new technologies. Prioritize cybersecurity measures to protect your organization’s digital assets, intellectual property, and customer trust.
Remember, technology disruptions can be a double-edged sword. Seizing opportunities without proper governance and cybersecurity can expose your organization to significant #risks . As business leaders, let’s lead by example and commit to embracing #innovation while keeping security and governance at the core of our operations, ensuring a prosperous and secure #future for our organizations.
https://www.pwc.com/crisis-resilience
Orqa FPV had a #cybersecurity incident with their VR glasses. The bootloader included a timebomb that exploded last Saturday. The code was introduced by an external developer and the purpose was to request a “license fee” aka #ransomware .
This is maybe the first ransomware in a product firmware ever. As the effect is directly visible to customers, the pressure is high and no way to cover up.
And it comes another way: The product breaks, and the attacker offers a fix. This fix could as well be malicious so that the attacker can infiltrate the customer devices.
This very strongly shows the importance of product and software #security . Manage your providers, do code reviews and documentation, do testing and simulations, know your SBOM and raise the awareness of developers.
In #cybersecurity , compliance and technical #security can be viewed as two sides of the same coin. To create a robust and resilient cybersecurity strategy, it’s vital to integrate the goals and initiatives of both aspects.
Practical Steps for Integration:
– Establish clear and shared goals for compliance and technical security teams.
– Develop a unified cybersecurity strategy that incorporates both compliance requirements and real-world security scenarios.
– Encourage ongoing communication and collaboration between teams to address concerns and share insights.
– Leverage compliance certifications as a foundation for continuous improvement in technical security.
– Continuously evaluate and adapt your organization’s security posture to stay ahead of the evolving threat landscape and regulatory environment.
By treating #compliance and technical security as interconnected components, your organization can ensure regulatory requirements are met and strengthen defense against evolving #cyber threats.
My colleague Dr. Oliver Hanka had a talk in the #automotive cybersecurity forum regarding this topic.
As the #aviation industry grows, finding the right green premium for #sustainable aviation fuel (SAF) is essential for a greener future. SAF, which reduces carbon emissions by up to 80%, is currently more expensive than traditional fuel.
One way to encourage SAF adoption is to provide passengers with the choice to contribute partially to green fuel with each flight ticket. Determining the optimal green premium involves studying consumer behavior and striking a balance between environmental benefits and ticket affordability.
Incredible to see how the #technology build on another and enables further developments. In the next decades, we will build on
#crispr gene editing to drastically improve #food production and fight hunger.
mRNA vaccine to fight diseases such as cancer and increase our healthy lifespan.
#AI to increase efficiency and move us away from full #employment targets
Great vision Google Cloud! Let’s make a strategic #cybersecurity imperative for each of Google’s #cloud predictions:
1. Usability must come with #security by default and transparency on how #data it’s processed, including algorithmic editorial decisions.
2. SBOM and #software diligence is key, #penetrationtesting is the verification. Secure #development environments and code repositories are the basis.
3. Security operations must provide intensive and accurate information in order to let humans take the right decisions. Uniformly covering the different asset classes leads to platforms and integrated tooling.
4. Train people to securely and responsibly use #AI for their job. Invest in AI decision reinforcement and monitor output quality.
5. + 6. Build tools to validate the integrity of data, keep confidentiality in large data sets with varying sensitivity. Design need to know user access for #bigdata and AI.
7. Implement strong #cloudsecurity posture management and validate infrastructure security and attack surface.
8. Measure the impact of security settings and features on resource use. Integrate security information and event management with other #dataanalytics.
9. Design efficient exit strategies and migration plans that cover security requirements for cloud providers. Make sure your data is secure wherever it is hosted.
10. Validate application security and carefully select development platforms that include security functionality out of the box.
I am a bit shocked seeing the differences in the proportions between electrified #transport and #renewableenergy investments, comparing China, US to Germany, France, UK, Italy.
Is this related to lobby work of the #automotive industry?
When we invest more in #renewables this will bring down the energy cost and indirectly benefit the electrified transport anyway. And we would actually bring down the CO2 footprint of electric cars, by making our #energy mix green.
And it is also a question of social justice. Cheap green energy benefits everyone and makes many products cheaper.
https://www.weforum.org/agenda/2023/02/low-carbon-investment-record-2022