Information Week

This summer, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) released a joint advisory on Iran-based threat actors and their role in ransomware attacks on organizations in the US and other countries around the globe.   With the US presidential election coming to a close, nation state activity from Iran could escalate. In August, Iranian hackers compromised Donald Trump’s presidential campaign. They leaked compromised information and sent stolen documents to people involved in Joe Biden’s campaign, CNN reports.   What are some of the major threat groups associated with Iran, and what do cybersecurity stakeholders need to know about them as they continue to target US organizations and politics?   Threat Groups  A number of advanced persistent threat (APT) groups are affiliated with the Islamic Revolutionary Guard Corps (IRGC), a branch of the Iranian armed forces. “[Other] relatively skilled cyber threat actor groups … maintain arm’s distance length from the Iranian government,” says Scott Small, director of cyber threat intelligence at Tidal Cyber, a threat-informed defense company. “But they’re … operating pretty clearly on behalf [of] or aligned with the objectives of the Iranian government.”   Related:2024 Cyber Resilience Strategy Report: CISOs Battle Attacks, Disasters, AI … and Dust These objectives could be espionage and information collection or simply disruption. Hack-and-leak campaigns, as well as wiper campaigns, can be the result of Iranian threat actor activity.  And as the recent joint advisory warns, these groups can leverage relationships with major ransomware groups to achieve their ends.   “Look at the relationships [of] a group like Pioneer Kitten/Fox Kitten. They’re partnering and collaborating with some of the world’s leading ransomware groups,” says Small. “These are extremely destructive malware that have been extremely successful in recent years at disrupting systems.”  The joint advisory highlights Pioneer Kitten, which is also known by such names as Fox Kitten, Lemon Sandstorm, Parisite, RUBIDIUM, and UNC757, among others. The FBI has observed these Iranian cyber actors coordinating with groups like ALPHV (also known as BlackCat), Ransomhouse, and NoEscape. “The FBI assesses these actors do not disclose their Iran-based location to their ransomware affiliate contacts and are intentionally vague as to their nationality and origin,” according to the joint advisory.   Many other threat groups affiliated with Iran have caught the attention of the cybersecurity community. In 2023, Microsoft observed Peach Sandstorm (also tracked as APT33, Elfin, Holmium, and Refined Kitten) attempting to deliver backdoors to organizations in the military-industrial sector.   Related:Juliet Okafor Highlights Ways to Maintain Cyber Resiliency MuddyWater, operating as part of Iran’s Ministry of Intelligence and Security (MOIS), has targeted government and private sector organizations in the oil, defense, and telecommunications sectors.   TTPs   The tactics, techniques, and procedures (TTPs) leveraged by Iranian threat actor groups are diverse. Tidal Cyber tracks many of the major threat actors; it has an Iran Cyber Threat Resource Center. Small found the top 10 groups his company tracks were associated with approximately 200 of the MITRE ATT&CK techniques.   “Certainly, this is just one data set of known TTPs, but just 10 groups being associated with about a third of well-known TTPs, it just demonstrates … the breadth of techniques and methods used by these groups,” he says.   The two main avenues of compromise are social engineering and exploitation of unpatched vulnerabilities, according to Mark Bowling, chief information, security, and risk officer at ExtraHop, a cloud-native cybersecurity solutions company.   Social engineering conducted via tactics like phishing and smishing can lead to compromised credentials that grant threat actors system access, which can be leveraged for espionage and ransomware attacks.   Related:Beyond the Election: The Long Cybersecurity Fight vs Bad Actors Charming Kitten (aka CharmingCypress, Mint Sandstorm, and APT42), for example, leveraged a fake webinar to ensnare its victims, policy experts in the US, Europe, and Middle East.   Unpatched vulnerabilities, whether directly within an organization’s systems or its larger supply chain, can also be a useful tool for threat actors.   “They find that vulnerability and if that vulnerability has not been patched quickly, probably within a week, an exploit will be created,” says Bowling.  The joint advisory listed several CVEs that Iranian cyber actors leverage to gain initial access. Patches are available, but the advisory warns those will not be enough to mitigate the threat if actors have already gained access to vulnerable systems.   Potential Victims   Who are the potential targets of ongoing cyber campaigns of Iran-based threat actors? The joint advisory highlighted defense, education, finance, health care, and government as sectors targeted by Iran-based cyber actors.   “What is … the case with a lot of nation-state-sponsored threat activity right now, it’s … targeting a little bit of anyone and everyone,” says Small.   As the countdown to the presidential election grows shorter, threat actors could be actively carrying out influence campaigns. This kind of activity is not novel. In 2020, two Iranian nationals posed as members of the far-right militant group the Proud Boys as a part of a voter intimidation and influence campaign. Leading up to the 2024 election, we have already seen the hack and leak attack on the Trump campaign.     Other entities could also fall prey to Iranian threat actor groups looking to spread misinformation or to simply create confusion. “It’s possible that they may target government facilities, state or local government, just to add more chaos to this already divided general election,” says JP Castellanos, director of threat intelligence for Binary Defense, a managed detection and response company.   Vulnerable operational technology (OT) devices have also been in the crosshairs of IRGC-sponsored actors. At the end of 2023, CISA, along with several other government agencies, released an advisory warning of cyber activity targeting OT devices commonly used in water and wastewater systems facilities.   In 2023, CyberAv3ngers, an IRGC-affiliated group, hacked an Israeli-made Unitronics system at a municipal water authority in Pennsylvania. In the wake of the attack, screens at the facility read: “You Have Been Hacked. Down With Israel, Every Equipment ‘Made In Israel’ Is CyberAv3ngers Legal Target.”  The water authority booster station

Cloud utilization patterns continue to evolve as cloud providers introduce new capabilities and the competitive landscape evolves. Over time, businesses have been building a foundation for their future as they house more data, develop more cloud apps, and take advantage of services.  “We are going beyond the cloud adoption for cost benefits and cloud adoption for velocity benefits arguments. We are well into cloud adoption/XaaS adoption for innovation,” says Shriram Natarajan, director, digital business transformation, at technology research and advisory firm, ISG. Enterprises can realize a super-return on their digitization and automation investments. By layering in AI to learn from the meta-data of previously digitized processes, they can further squeeze efficiencies and [advance] human augmentation.”  Cloud-delivered services enable companies to experiment more freely and execute new ideas faster and more efficiently than if they had to invest the capital expenses and time to build out on-prem IT infrastructure from scratch.   “There are a wide range of cutting-edge cloud services being delivered from the cloud that are transforming the competitive landscape,” says David Boland, VP of cloud strategies at hot cloud storage company Wasabi Technologies, in an email interview. “These include generative AI services, AI classification and recommendation, edge computing and IOT, quantum computing, advanced cloud storage solutions and cloud-based data analytics.”  Related:Infrastructure Sustainability and the Data Center Power Dilemma However, many organizations struggle to fully realize their vision due to a variety of strategic, operational and technical challenges.   David Boland, Wasabi “One of the most common challenges is managing cloud costs. Organizations often underestimate how quickly costs can escalate due to hidden costs, that results in a lack of visibility into cloud spending. Without proper monitoring, cloud budgets can spiral out of control, reducing the cost-effectiveness of cloud services,” says Boland. “Additionally, many organizations fall victim to vendor lock-in, where they become too dependent on a single cloud provider’s proprietary technologies and tools. This limits flexibility and makes it difficult to switch providers or use a multi-cloud strategy, hindering innovation and negotiation power.”  AI Service Adoption is Rampant  Companies are increasingly becoming cloud-first, where everything from innovation to collaboration happens over a public or hybrid cloud. When companies harness the cloud, they can save on costly on-prem infrastructure, opening the door to investing in more strategic objectives like product innovation and global growth.  Related:Outage Bootcamp: How Resilient Is IT Infrastructure in 2024? “Without the power of the cloud, companies would have difficulty taking advantage of technologies like AI. Many of those services are cloud-based, which opens the door to advanced insights, automation and more creative ways to engage customers,” says Jean-Phillipe Avelange, CIO of intelligent Internet platform Expereo, in an email interview. “This is only possible when companies are doubling down on their cloud strategy.”  The key to using cloud effectively is developing clear objectives before adoption, mastering issues like privacy and security, and clearly understanding the impact on the workforce.   “Once those issues are resolved, AI can be used in many ways to increase productivity and develop never-before-realized insights into customers and the competitive landscape,” says Avelange. “However, we’re only at the beginning of this journey. Business and IT leaders and employees need to understand many facets of AI before they can consistently and effectively harness this technology.”  According to John Pettit, CTO at Google solution provider Promevo, AI and data analytics are critical to drive greater productivity across the stack.   Related:Cloud Strategy in the Wake of the CrowdStrike Outage “We’ve seen industry-tech startups challenging traditional business models by being more efficient and data-driven. These highly optimized business models require a lot of data and platforms that can scale with them,” says Pettit in an email interview.   According to Alex Perritaz, chief architect at high availability infrastructure provider InFlux Technologies, leading organizations use cloud computing to train the latest models, and innovation is mostly driven by AI.  “Using cloud solutions for these businesses makes sense as they don’t need to commit to setting up the infrastructure but can use as they go the latest GPUs to train the latest models with as many parameters as they can fit in, allowing the companies to [stay] flexible and agile in their workflow, and remain at the cutting edge for their offerings,” says Perritaz in an email interview. “Many people [were] caught up on the high demand for computing, so many purchased and set up large infrastructures and the latest hardware. As NVIDIA rolls out new generations, they must refresh their hardware to keep up with the latest models. The obvious answer to being the most competitive in the market regarding service offerings is the price and the capacity of the infrastructure to run the largest AI models.”  John Samuel, global CIO and EVP at CGS (Computer Generated Solutions) says innovation is predominantly driven by cutting-edge technologies such as augmented and mixed reality (AR/XR), AI and now GenAI.   “Without the power of cloud computing, the cost of adopting these technologies to drive innovation can become prohibitive,” says Samuel in an email interview. “Cloud computing also allows companies to be more agile and benefit from the innovations offered by SaaS providers, who use the cloud to deliver their services to clients. The cloud’s consumption-based cost model enables companies to pilot and test innovations without making significant investments in hardware, software, and the associated build costs of creating technology for innovation from scratch.”  Companies are lowering costs and improving competitiveness using self-service generative AI services and agent-assist tools.  “These technologies can also rapidly surface insights from data, giving companies a competitive edge by enabling data-driven, agile decision-making,” says Samuel.  Driving the Most Value  Today’s companies are using the cloud to become more agile, efficient, and secure. Cloud is capable of many things, from increasing data accessibility to scaling based on demand. Migrating to cloud enables companies to adjust to the changing dynamics within their operations. It also helps ensure everyone has the resources they need to do their jobs effectively.   “When employees are equipped with the necessary tools, they can focus on strategic

The next president will have a great say in a variety of issues related to broadband availability and services. He or she will establish funding priorities for broadband expansion to un- and under-served regions, direct (through various agencies) the allocation of spectrum for 5G and new satellite services, and more. Another factor to consider is that with recent presidents increasingly governing by executive orders, the next president will likely have a huge thumb on the scale with respect to broadband regulatory issues. What’s on the Line? Support for broadband expansion is something on which both candidates are remarkably aligned. Broadband is considered essential for the U.S. government and companies to innovate and compete in global markets.  However, Vice President Harris and former President Trump will likely take vastly different approaches to supporting broadband efforts. As we reported last week: Harris’s efforts will likely center on providing more government grants and public-private partnerships. And her administration would likely continue Biden’s drive to increase broadband access to rural areas through programs like BEAD.  Trump’s approach to broadband expansion and funding will likely embrace the principles of Project 2025 and other conservative thinking efforts that limit federal influence, support private deployment, and reduce regulations. For example, a Trump administration might seek tax incentives and private-sector partnerships to drive broadband infrastructure construction. Related:The Impact of the Presidential Election on Networks Divvying Up Spectrum Spectrum allocation is another area where both candidates will probably undertake initiatives to expand broadband access. One area where spectrum availability helps is with 5G services. During the past Trump administration, Ajit Pai, Federal Communications Commission Chairman, promoted plans to push more spectrum into the marketplace, promote 5G wireless infrastructure, and modernizing outdated regulations in the field. Harris might follow President Biden’s efforts, such as having the FCC explore ways to open up different spectral bands (e.g., the 42 GHz band) to support 5G fixed wireless access (FWA). Another area where the new spectrum helps is with emerging satellite broadband services. In September, the FCC opened 1300 megahertz of spectrum for non-geostationary orbit (NGSO) fixed-satellite service operations in the 17.3-17.8 GHz band. Satellite operators will use the extra spectrum to deploy advanced services, including high-speed internet access to unserved and underserved areas. In March, the FCC said it would allow SpaceX to use E-band frequencies between second-generation Starlink satellites and gateways on the ground. The move will allow SpaceX to improve the capacity of its Starlink broadband services. Given the close relationship between Trump and Elon Musk, it is likely a second Trump presidency would also focus on such efforts. Checks and Balances Still Exist Even though the next president will wield great power, there are judicial and Congressional aspects that will determine what actually gets done. For instance, presidential influence may be diminished thanks to the recent Supreme Court ruling that shifts power over federal regulations from agencies to judges. The party that controls Congress will have the ability to prioritize, direct, and fund legislative actions and confirm agency appointees. All Politics is Local No matter what is done at the federal level, local governments increasingly are getting their two cents worth in, too. For example, Florida’s Miami-Dade County has a straw poll measure on this year’s ballot related to the availability of free public Wi-Fi. A yes vote would expand free public Wi-Fi access countywide. In past years, placement of 5G cell towers got the attention of state governments. In 2023, the New York State Senate took up a bill that “prohibits the placement of 5G telecommunications towers within 250 feet of a business or residence in cities with a population of one million or more without the owner’s consent; requires community board approval and the completion of a city environmental quality review before the placement of any 5G tower can be approved.” (Senate Bill S5123 is still in committee.) And in 2021, then Governor Tom Wolf signed House Bill 1621 — the Small Wireless Facilities Deployment Act — into law. The law included new regulations for the deployment of small cells. A second area that is getting increased attention from the states is how to make up for funding cuts due to the lapsed Affordable Connectivity Program (ACP). The program provided monthly subsidies to 23 million households nationwide so that they could afford high-speed internet connections. It lapsed in May 2024. Since then, some state broadband offices and legislatures have been looking into ways to address the lack of funds. A Final Word It is safe to say that broadband will be a high priority in either presidential candidate’s administration. The two will take extremely different approaches, with Harris concentrating efforts on federal programs while Trump will look for private partnerships and fewer regulations. Control of the House of Representatives and the Senate, which are both in play, will have its own implications. The House will have the power to find programs through revenue bills. The Senate will get to confirm Presidential agency appointees. source

“IT Service Management Vendor Rankings, 2024 Edition“ Brought to you by TeamDynamix 2024 IT Service Management Vendor Rankings  Leveraging insights from the comprehensive ITSM Data Quadrants, this asset highlights the leading ITSM vendors in the current market. The report offers an in-depth look at vendors’ performance based on various criteria, providing you with a well-rounded perspective of your options. Key points include: -Ease of ESM expansion: Our report emphasizes the importance of scalability, ensuring that your ESM can grow seamlessly with your business.-Distinctive functionalities: Discover unique and innovative features that set top-performing ITSM vendors apart from the rest.-Tangible business value delivered by our platform: Understand the substantial benefits and ROI that these ITSM solutions can bring to your organization.-Shopping for a new ITSM platform for the future? This report outlines essential factors to consider when evaluating ITSM vendors, helping you find the right ITSM tool tailored to your business needs.  By examining these elements thoroughly, you can make a well-informed decision that supports both your current objectives and long-term goals. Offered Free by: TeamDynamix See All Resources from: TeamDynamix source

While the unemployment rate for IT professionals rose to 6% in August, up from 5.6% the prior month, the situation is far brighter for AI experts.  The AI job market has shown resilience and growth, especially in the first half of 2024, says Antti Karjalainen, an analyst with WilsonHCG, a global executive search and talent consulting firm. “Despite some fluctuations, the demand for AI professionals remains robust, driven by increased investments in AI technologies and projects,” he observes in an online interview.  Amazon currently leads the pack with 1,525 AI-related employees, primarily operating in the e-commerce and cloud computing sectors, according to data from WilsonHCG’s talent intelligence and labor market analytics platform. Meta follows closely with 1,401 employees, while Microsoft is next with 1,253 employees in AI-related roles. “As expected, Apple and Alphabet also have significant numbers with 1,204 and 970 employees, respectively,” Karjalainen notes.  TalentNeuron, a global labor market analytics provider, breaks down the market somewhat differently. “Globally, the top five AI employers are Google, Capital One, Amazon, ByteDance, and TikTok,” says David Wilkins, the firm’s chief product and marketing officer. “Of note, Amazon saw a 519% increase in AI job postings year-over-year, and Google saw a 367% increase,” he observes in an online interview. “Out of the top 20 AI employers, Reddit saw the largest year-over-year increase at 1,579%.”  Related:2024 InformationWeek US IT Salary Report: Profits, Layoffs, and the Continued Rise of AI While the US is a strong market for AI talent, there’s a significant shortage of AI specialists relative to the growing demand, Wilkins says. “So, companies, Google among them, have expanded overseas for talent.” TalentNeuron’s latest report on tech talent hubs found that demand growth is highest in emerging, lower-cost markets, such as the Indian cities of Pune and Hyderabad, as organizations seek to strategically place AI capabilities.  Sought-After Skills  The most sought-after skills in AI job postings, according to WilsonHCG data, include deep learning, machine learning model development, computer vision, generative AI, and natural language processing (NLP), Karjalainen says. “These skills are crucial for developing advanced AI systems and applications.” He adds that advanced algorithm development, model deployment and productionization (the process of turning a prototype into something that can be mass-produced), and AI-specific programming languages, such as TensorFlow, PyTorch, and Keras, are also highly valued by employers.  Related:Curtail Cloud Spend With These Strategies Many employers also value proficiency in programming languages, such as Python, MATLAB, C++, and Java, as well as data analysis and statistical modeling talents. “These skills are foundational for any AI-related role and are necessary for developing, testing, and deploying AI models,” Karjalainen says. Having the ability to work with large datasets, perform data mining, and apply statistical techniques is also crucial, he notes. “Employers are looking for candidates who can not only build AI models but also interpret and analyze the results to drive business decisions.”  Top Fields  WilsonHCG finds that the computer software industry leads with 4,135 AI professionals, indicating a strong demand for AI talent in software development and related services. Following closely is the IT and services sector, which employs 3,304 AI professionals. “This sector includes companies that provide IT consulting, system integration, and managed services, all of which are increasingly incorporating AI into their offerings,” Karjalainen says.  With 2,176 individuals working in the area, research organizations also have a significant number of AI professionals. This sector includes academic institutions, research labs, and private research firms focused on advancing AI technologies, Karjalainen says. Financial services, with 819 AI professionals, is yet another key sector, as banks, insurance companies and investment firms leverage AI for risk management, fraud detection, and customer service. Meanwhile, the internet industry, which includes companies providing online services and platforms, employs 635 AI professionals, reflecting the importance of AI in enhancing user experiences and optimizing operations.  Related:Forrester Speaker Sneak Peek: Analyst Jayesh Chaurasia to Talk AI Data Readiness Karjalainen says that other fields with significant AI employment include higher education (444 professionals), biotechnology (384 professionals), and mechanical or industrial engineering (378 professionals). The hospital and health care sector employs 324 AI professionals, highlighting the growing use of AI in medical diagnostics, treatment planning, and patient care. The automotive industry, with 320 AI professionals, is also a key player, particularly in the development of autonomous vehicles and advanced driver-assistance systems. Other important fields employing AI professionals include management consulting, electrical/electronic manufacturing, and semiconductors.  Salary Trends  WilsonHCG data shows that AI job postings consistently offer higher salaries than non-AI IT postings. For instance, in July 2024, the average advertised salary for AI jobs was $166,584, while for non-AI IT jobs the average was $110,005. The comparison represents a difference of $56,579, or 51.4%.  Looking at the annual median salary, AI jobs offer $150,018 compared to $108,377 for non-AI IT jobs, resulting in a difference of $41,641, or 38.4%, Karjalainen says. “This trend is consistent across various months, with AI job salaries consistently outpacing those of non-AI IT jobs by a substantial margin.”  Wilkins reports that top US AI employers offer a median base salary of $183,250, according to TalentNeuron salary data. The median base salary for US AI jobs overall is $143,000. In comparison, the US Bureau of Labor Statistics in May 2023 reported a median annual wage of $104,420 for computer and information technology occupations.  Overall, the data suggests that top AI employers generally pay more than other employers, particularly in the IT sector, Karjalainen says. “This higher compensation reflects the specialized skills and expertise required for AI roles, as well as the high demand for AI talent in the job market”  Talent Hubs  According to WilsonHCG statistics, California’s San Francisco-Oakland-Hayward, metro area has 10,740 AI professionals, making it the leading AI talent hub. In second place with 5,422 AI professionals is the New York-Newark-Jersey City-NY-NJ-PA region. “This area is a significant center for finance, media, and technology, attracting a diverse range of AI talent,” Karjalainen notes. The Seattle-Tacoma-Bellevue, Washington metro area, with 3,139 AI professionals, is another key location, driven by the

In today’s fast-paced digital landscape, cloud services have become essential for organizations looking to accelerate business innovations and limit downtime. With these opportunities, however, businesses face the challenge of balancing cost savings with security — two priorities often seen as opposing forces.   While cutting costs is tempting, especially in times of economic uncertainty, the risks of inadequate security can far outweigh the immediate savings. A single breach can lead to financial losses, reputational damage, and hefty regulatory penalties, making security investments a strategic imperative rather than an optional expense.  Navigating Cost and Security  In Q2 2024, global spending on cloud infrastructure services grew 19% year over year to reach $78.2 billion, according to Canalys. This expansion reflects a growing reliance on cloud services as organizations seek flexibility, scalability, and operational efficiency. While the market continues to offer significant opportunities for cost optimization, it also introduces various new security challenges that businesses must confront.  Emerging trends like serverless computing and containerization drive cost savings by reducing infrastructure overhead and improving the efficiency of cloud environments. Serverless architectures, for example, allow businesses to operate without the need to manage physical servers, reducing the total cost of ownership. Containerization, similarly, enhances application portability and deployment speed, allowing businesses to optimize resources and scale more effectively.  Related:Infrastructure Sustainability and the Data Center Power Dilemma However, with these benefits come potential vulnerabilities. While eliminating the need to manage infrastructure, serverless computing can expose organizations to security risks if the infrastructure is not properly configured. Misconfigured serverless environments can lead to data breaches, unauthorized access or service disruptions. Such issues will likely negate initial cost savings. Similarly, while offering agility, containerization introduces risks related to container isolation and management, as vulnerabilities in one container could potentially compromise others.  In addition to the technical security challenges, organizations must navigate an increasingly complex regulatory environment when adopting cloud solutions. Data protection laws such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States impose strict requirements on how businesses handle and secure personal data. Non-compliance with these regulations can result in substantial fines and penalties, making robust security measures non-negotiable for companies operating in regulated industries.  Related:Outage Bootcamp: How Resilient Is IT Infrastructure in 2024? Balancing Priorities  In reality, businesses should not view cost savings and security as opposing forces. By adopting a thoughtful approach, organizations can create a cloud strategy that achieves both. To effectively navigate this balance, consider the following five key strategies.  1. Conduct comprehensive risk assessments  Before selecting a cloud provider, organizations should assess their specific security risks and compliance requirements. This evaluation will help identify areas where cost savings can be safely realized without compromising critical security measures. A thorough risk assessment ensures that organizations allocate resources appropriately, investing in security where needed most.  2. Leverage managed services  For organizations lacking the resources or in-house expertise to manage complex cloud environments, partnering with managed service providers (MSPs) can offer a cost-effective solution. MSPs specializing in cloud infrastructure can offer targeted services like cloud migration support, security management, and optimization of cloud-native tools, all of which help to secure the environment while minimizing operational costs.  Related:Cloud Strategy in the Wake of the CrowdStrike Outage 3. Implement continuous monitoring  To balance cost and security, organizations must maintain vigilant oversight of their cloud services. Continuous monitoring allows businesses to detect vulnerabilities early, optimize resource usage and ensure cost efficiencies. Regularly reviewing cloud resource usage also allows businesses to optimize spending on storage and computing resources, combining security with cost efficiency.  4. Optimize cloud security configurations  Cloud misconfigurations can lead to vulnerabilities, such as leaving sensitive data in unprotected storage buckets. Regular reviews and automated tools designed for cloud environments can help ensure security settings, such as access to control lists and encryption policies, are properly configured and updated. By ensuring configurations are correct and aligned with best practices, businesses can prevent incidents that may incur hefty fines or recovery costs.  5. Invest in employee training  Training should focus on the unique security challenges of cloud environments, such as identity and access management, shared responsibility models, and how to manage cloud resources securely. Ensuring employees understand these cloud-centric security aspects reduces human errors that could expose vulnerabilities. Furthermore, a well-trained workforce can leverage cloud resources more effectively, maximizing the return on cloud investments.  Looking Ahead  The tension between cost savings and security is not just a technical issue; it is a strategic imperative for organizations to navigate in the digital era. As cloud adoption continues to accelerate, businesses must carefully maintain this delicate balance to ensure their bottom line and security posture remain strong.  Organizations can achieve the best of both worlds by adopting a cloud strategy that incorporates risk assessments, continuous education, and effective resource allocation.  source

Approximately 15% to 20% of people are neurodivergent, and that percentage could be even higher in STEM fields. Neurodiversity is a broad term that includes many different conditions: autism spectrum disorder (ASD); attention-deficit/hyperactivity disorder (ADHD); and dyslexia, to name just a few.   As cybersecurity stakeholders continue to discuss filling the talent gap and tackling today’s security challenges, neurodiverse talent is a valuable resource. But attracting and working with this talent requires leaders to recognize the different needs of neurodivergent people and to foster work environments that make the most of their skills.   Neurodiversity as an Asset  Many major companies, such as Microsoft and SAP, recognize the value of neurodiverse talent and have formal recruiting programs. Jodi Asbell-Clarke, PhD, heard firsthand from companies with these kinds of hiring initiatives as she conducted research for her book on teaching neurodivergent people in STEM.   “I expected to hear something like, ‘Oh, the CEO’s nephew was autistic, and we wanted to do the right thing. I expected to hear things about philanthropy and equity, and that w as not what I heard at all,” Asbell-Clarke, a senior leader and research scientist with TERC, a nonprofit focused on advancing STEM education, told InformationWeek. “They were saying it’s because the talent. ‘We consider neurodiversity in our workforce our competitive advantage.’ These are the most persistent and creative and systematic problem solvers.”   Related:2024 InformationWeek US IT Salary Report: Profits, Layoffs, and the Continued Rise of AI How can that talent be put to work in the cybersecurity workforce?   Ian Campbell was diagnosed with major depressive disorder and generalized anxiety early in his life. Then, at the start of the pandemic, he was diagnosed as autistic. Cybersecurity was not his first career. He was providing tech support for the US House of Representatives before he made the switch to security. Currently, he is a senior security operations engineer at DomainTools, a domain research service company.   Throughout his career, Campbell has found hyperfocus to be one of his strengths. “Scrolling through tens of thousands of things, of log files, hyper-focusing on that, and being able to intuitively pattern match or detect pattern deviations was a huge benefit in both tech support and security,” he says.   Megan Roddie-Fonseca, senior security engineer at cloud monitoring as a service company Datadog, is autistic and has ADHD. She shares how productivity is one of her biggest strengths.   “I find efficient ways to do things,” she says. “I use that efficiency to be able to tackle tasks … in a way that some people might not get the same amount of work done in the same amount of time.”  Related:Curtail Cloud Spend With These Strategies Challenges in the Workplace  While awareness of neurodiversity, and the nuance within that very broad term, is growing, there are still plenty of potential challenges in the workplace.   Neurodivergent people face the tricky question of disclosure. Should they tell their managers and coworkers about their diagnoses? Neurodiversity is more openly discussed, but that doesn’t mean there aren’t people who will misunderstand or react to disclosure negatively.  “A lot of people I know who are neurodivergent … haven’t come out as neurodivergent because they don’t want to be seen that way,” says Campbell. “They don’t want, frankly, their careers limited by someone who has a poor view of neurodivergence.”   The decision to conceal neurodivergent traits, known as masking, can be a difficult undertaking.   “Masking … is basically suppressing your own neurodivergent urges and needs for the sake of function in a world that’s not built for us, and masking is incredibly tiring,” says Campbell.   The decision to disclose or not is a personal choice, one that is likely influenced by the level of support people can expect from a workplace.   Related:Forrester Speaker Sneak Peek: Analyst Jayesh Chaurasia to Talk AI Data Readiness The way people communicate at work, for example, can potentially lead to misunderstandings. One study using the classic game of telephone — a group passes information to one another down a line of several people — illustrates these potential challenges.    The study broke its subjects into three groups of people: autistic, non-autistic, and mix of both. The first two groups exhibited the same skill level relating to information transfer. But communication problems arose in the mixed group.   In a cybersecurity workplace, neurotypical and neurodiverse people are going to need to find ways to communicate with one another effectively. Some work environments will foster opportunities to learn how to best build those communication pathways. Some won’t.   The physical aspects of the work environment can also be a challenge for neurodivergent people who have sensory processing issues. The lighting and sound levels of an office, for example, can result in sensory overwhelm for some people.    Hiring and Supporting Neurodiverse Talent   Enterprises can attract neurodiverse talent through formal hiring programs or by working with external organizations, such as Specialisterne. Regardless of the approach, partnered or solo, hiring managers and cybersecurity team leaders need to evaluate and adapt their strategies.   During the interview process, Asbell-Clarke recommends matching that short experience to the work you hope to see in the actual work environment. If you are hiring someone who will be conducting highly detailed work under time constraints, mirror that process when evaluating candidates.   “If you want to see people’s best problem-solving, give them the time and space to solve a task and then ask them about how they did it,” she says.   In the cybersecurity work environment, managers will find that getting the best work from their neurodivergent workers will require varying approaches.   “Neurodiversity is this massive spectrum,” says Jackie McGuire, senior security strategist at Cribl, a unified data management platform. “It can be confusing as a manager because you can have two team members who are on exact opposite ends of that spectrum who need completely polar opposite things.”  For example, one neurodivergent person may thrive in a structured environment, while another may do their best work with a high degree of freedom. Additionally, the ways neurodivergent people best

This slideshow isn’t about kid’s stuff like how many companies are STILL using Microsoft Word macro-enabled templates like it’s a thrice-shouted Beetlejuice dare. Oh no, these are the hardcore terrors that really happened in 2024, many of which are still scaring the bejesus out of people now. And probably will continue into 2025, too. Some scary stuff is as sticky as melted Halloween chocolates.  Read on if you dare. Then lock the doors and pay your software developers and cybersecurity people more!   source

No technology in history has achieved an adoption curve that rivals generative AI (GenAI). Already, organizations use it for everything from chatbots and content creation to product design and software development. The technology boosts efficiency, trims costs, and unlocks innovation.  Yet for all the gains there’s still a good deal of pain. Too often, generative AI systems do not recognize basic facts and information that humans take for granted. For example, they might misinterpret or misclassify events and produce flawed output, struggle to generate desired content, or fall short on more complex tasks that require a combination of text, audio, and video.   That’s where multimodal AI enters the equation. “Multimodal AI models are trained with multiple types of data simultaneously, such as images, video, audio, and text. This enables them to create a shared data representation that improves performance for different tasks,” explains Arun Chandrasekaran, distinguished VP and analyst for artificial intelligence at Gartner.  Adds Scott Likens, US and global chief AI engineering officer at PwC: “Multimodal AI can tackle more complex challenges, create more personalized experiences, and help companies adapt more effectively. It’s about versatility and deeper insights, which are crucial to staying ahead.”  Related:IT Pros Love, Fear, and Revere AI: The 2024 State of AI Report Multimodal AI potentially touches chatbots, data analytics, robotics, and numerous other areas. According to research conducted by Gartner, only about 1% of companies were using the technology in 2023 but the figure is projected to jump to 40% by 2027. The technology will have a “transformational” impact on the business world, Gartner reports. “It enables use cases that previously weren’t possible,” Chandrasekaran says.  AI Comes to its Senses  What makes multimodal AI so appealing — and powerful — is its ability for AI to act more like a human being because it understands the world better. “Traditional machine learning uses a specific training set to predict output,” states Matthew Kropp, a partner and managing director at Boston Consulting Group. “Later, you look for ways to adjust the weights in the model. Multimodal AI expands the training data in the pursuit of more realistic results.”  PwC’s Likens compares multimodal AI to the human ability to multitask. “You can ask a question via audio and receive a written response or submit an image and then ask questions about it. The interoperability between mediums is seamless. For business leaders, that means making smarter decisions faster. You’re not just looking at text or just an image; you’re seeing the whole picture,” he says.  Related:Keynote Sneak Peek: Forrester Analyst Details Align by Design and AI Explainability The result is systems that are far better aligned to handle real world tasks — and tools that create more personalized experiences and deeper insights. For example, a chatbot might handle both text and images. This makes it possible for a user to describe a problem in words but also upload a photo of a broken product. A multimodal AI system might also understand video content and seamlessly extract cues that provide context — and answers.  The results can be impressive. Multimodal systems can introduce visual question-answering and even complex audio and video generation, Chandrasekaran explains. This includes creating AI podcasts and instructional materials. Organizations also are better equipped to tune into market and consumer sentiment through various types of data.  Over the next few years, the range of multimodal inputs will increase beyond text, images, and video, Chandrasekaran says. Systems are likely to incorporate a greater range of audio data, sensor and IoT data, log files, code snippets and more. This will boost the accuracy, contextual awareness, and overall utility of chatbots, robots, diagnostics systems, and predictive maintenance tools.  Related:Sidney Madison Prescott Discusses GenAI’s Potential to Transform Enterprise Operations Evolving Beyond the Bot  Multimodal models come with a major caveat: Stringing together a mélange of unimodal data models is not the same as constructing a purpose-built multimodal framework. “Multimodal data must be aligned and integrated. It is more complex because it has varying degrees of quality and comes in different formats than unimodal data,” Chandrasekaran explains.  Specific tools that aid in building multimodal frameworks are evolving rapidly. Cloud platforms AWS, Google, and Azure have introduced multimodal features into their toolkits. Pre-trained models like OpenAI’s CLIP (Contrastive Language-Image Pretraining) and BERT (Bidirectional Encoder Representations from Transformers) have appeared. And multimodal libraries and tools like MMDet (Multimodal Detection) and Hugging Face Transformers tie together diverse data sets.  CIOs and IT teams must take a hands-on approach to multimodal AI. An effective framework must fit an organization’s specific data and objectives, and data must be clean and clearly labeled. There’s also a need to address business risks that include data bias, privacy concerns, fairness standards, copyright concerns, and overall data accuracy. This requires appropriate training and evaluation techniques like cross-validation and accuracy metrics.  “Because multimodal AI involves diverse inputs — text, images, audio, and video — maintaining consistent data quality is key,” Likens notes. “Privacy concerns are equally critical, because multimodal data can reveal unintended patterns.” It’s also critical to keep humans in the loop. “Investing in responsible AI from the start helps companies manage risks, build trust, and stay ahead of government regulations,” he argues.  For now, organizations can benefit by reviewing applications, tools, and partners, Kropp says. This includes using open-source models and tools that help lower the entry barrier and reduce risks associated with major IT commitments. “Matching the model and the vendor with your desired use case is important. Different combinations result in different and potentially better results,” he notes.  Structural changes may also be in order, Chandrasekaran says. Among his suggestions? “Educate your AI team on multimodality, including the benefits and risks. Break up AI technical silos by encouraging AI experts to work on projects outside their area of technical specialization, such as natural language processing and computer vision. Expose AI teams to vendors that focus on multimodal models as part of the overall education process.”  Make no mistake, multimodal AI will emerge as a powerful force

“2024 IT Service Management Vendor Rankings“ Brought to you by TeamDynamix 2024 IT Service Management Vendor Rankings  Leveraging insights from the comprehensive ITSM Data Quadrants, this asset highlights the leading ITSM vendors in the current market. The report offers an in-depth look at vendors’ performance based on various criteria, providing you with a well-rounded perspective of your options. Key points include: -Ease of ESM expansion: Our report emphasizes the importance of scalability, ensuring that your ESM can grow seamlessly with your business.-Distinctive functionalities: Discover unique and innovative features that set top-performing ITSM vendors apart from the rest.-Tangible business value delivered by our platform: Understand the substantial benefits and ROI that these ITSM solutions can bring to your organization.-Shopping for a new ITSM platform for the future? This report outlines essential factors to consider when evaluating ITSM vendors, helping you find the right ITSM tool tailored to your business needs.  By examining these elements thoroughly, you can make a well-informed decision that supports both your current objectives and long-term goals. Offered Free by: TeamDynamix See All Resources from: TeamDynamix Thank you This download should complete shortly. If the resource doesn’t automatically download, please, click here. Thank you This download should complete shortly. If the resource doesn’t automatically download, please, click here. source