A free-market litigation group urged the U.S. Supreme Court on Tuesday to overturn the Federal Communications Commission’s fee system to support telecom subsidies, comparing the regime to an out-of-control IRS with unbridled taxing powers. source

The mission of aligning Cerealto’s IT with business objectives is the ongoing responsibility of CIO Juan Manuel García Dujo. After more than a decade leading the digital transformation and cybersecurity initiatives of the services company, he’s managed to forge a synergy where tech and information security are established as fundamental pillars for business success. His mission, after all, has always been to turn tech into an enabler that drives business objectives, and never treat it as an end in itself. “Technology must be agile, easy, and secure so people can extract the greatest value from it,” he says. This approach has led him to oversee strategic projects with key tech providers, and foster continuous innovation in the organization — and all of this with the purpose of ensuring Cerealto remains at the forefront in a constantly evolving digital environment. The framework of a digital strategy Under García Dujo’s leadership is the technological layer that must be organized to deliver measurable successes, which includes other aspects such as infrastructure, applications, and IT services. “We’re an industrial company, which can be a handicap since we manufacture food products, so the focus is on customer service and production, and how technology can help,” he says. In this sense, one of the main lines of the transformation plan he’s structured is to fit tech in as a catalyst for the business. “We want to provide solutions that add value to the organization.” source

Managed detection and response (MDR) — without a doubt — has successfully claimed the crown of all managed security services for making and keeping clients happy. Clients are far happier with MDR services than they ever were with legacy managed security service provider (MSSP)-style security services. MDR vendors have higher customer retention, wallet retention, growth, and margin compared to their MSSP predecessors. Now that MDR is an established market beginning to struggle with services bloat, the next set of choices for providers and customers is on the horizon (and in the pitch deck). That’s why it’s important for buyers and users of MDR services to understand the direction of the provider they work with and which services will deliver value in the near and long term. We recently published a new report, Choose Your Own MDR Adventure Amid Ever-Expanding Services, to guide security buyers through the available options and help them make informed investment decisions for their security services. For this research, we surveyed and spoke with MDR providers, buyers, and users to identify which services augmented MDR, which ones made sense to “sole source,” and which services were designed to please investors and shareholders … but not customers. We classified what service providers offer — or plan to offer — into three categories: Adjacent MDR services destined to disrupt Adjacent MDR services destined to distract Adjacent MDR services destined to self-destruct Read on to learn about each of these. Adjacent MDR Services Destined To Disrupt These services naturally augment MDR. Incentives align with these services by making the service delivery experience better for users and providers. Two of the services we put in this category are automation and exposure management. The benefits of automation are obvious: More automation equals more throughput, more bandwidth to focus on things that matter, and service delivery scale for providers. The key here is that providers are helping their clients automate, not just demanding that they automate. Exposure management gives much-needed context about the technology estate, detection surface, and attack surface for providers and their customers. Services in this area can help improve — and demonstrate — overall security posture across the service, driving real benefit for clients. Adjacent MDR Services Destined To Distract These services “fit” with MDR by seemingly producing value but, in reality, deliver less value due to scope limitations inherent in the service or in the relationship with the client. In other words, the MDR provider lacks enough visibility, context, information, and permission to drive meaningful change. It’s not that these services are bad, per se; it’s that they require significantly more effort from all parties involved to produce valuable outcomes. Two of the services we list in this category include risk dashboards and legacy vulnerability risk management. Risk dashboards — not posture dashboards — are the realization of video game-style microtransactions to cybersecurity to make the “line go up” (or down). These services give you an abstracted “risk score” based on your current environment that you can improve. This is often accomplished through purchasing additional features and functions of your existing products or services. These dashboards don’t so much track how much risk you’ve reduced as much as give a visual representation of how much your spending has increased with this provider. Vulnerability risk management (aka managed vulnerability scanning) is an MSSP oldie but goodie. It was often the next service purchased by MSSP clients one year into the relationship. The problem with this service is that confirmation of successfully executed scans is already available through vulnerability risk management platforms. Additionally, API integrations bring in scanning data to MDR providers without you paying more for a special service dedicated to it, especially when you don’t control patching. This is as close to the old-school “alert factory” services of MSSPs as you can get, unfortunately. Adjacent MDR Services Destined To Self-Destruct The final category includes services that fail to complement MDR in meaningful ways by trying to be all things to all clients. One challenge that MSSPs faced is they became a “portfolio vendor” of a bunch of services that didn’t have much to do with each other. Security teams run identity and access management technologies and manage firewalls. But doing one doesn’t necessarily make the other better. MSSPs went to market with this approach, and some MDR providers are now making that same mistake, creating a mishmash of semi-related services that fail to improve — or even coexist — with one another. Two of the services we identified in this category include virtual CISOs and security engineering (managed firewall). Virtual CISOs as an offering doesn’t make sense, as CISOs are a target buyer for MDR and most CISOs aren’t terribly interested in hiring their replacement. As a result, these services are primarily aimed at small organizations or those without a dedicated security team. In those scenarios, a virtual CISO may make sense. Otherwise, virtual CISOs lack all the things a CISO needs to be effective: constant communication, relationships, and a fundamental understanding of the political environment with senior leadership in a company. This service simply doesn’t make the core functions of detection and response better — and that’s why people buy MDR. Security engineering — aka managed firewall — does perform tasks such as blocking command-and-control communications to stop malware beaconing or data exfiltration. But the same can be done via integrations, APIs, and automation. Security doesn’t need to perform “managed change control” on these devices to accomplish those activities. In a world of Zero Trust, secure access service edge, and Zero Trust network access, you can work with providers that really understand networking to manage these devices. But those providers often don’t have expertise in detection and response, and if they do, their service delivery organizations aren’t integrated well enough to deliver meaningful improvements in each service. If you need a great router person, go to a telecom. If you need a great detection and response person, go to an MDR provider. For the full report and

Eileen Yam and Giancarlo Pasquini contributed to this chapter. Five years after the pandemic began, Americans largely see COVID-19 through the rear-view mirror. Overall, they don’t feel the virus is nearly as much of a danger as they did in 2020. Still, deep political divides persist about the disease. Democrats and Republicans aren’t on the same page about how seriously we should be taking COVID-19 today. And the two parties hold different views on how well public health authorities and elected officials handled the pandemic. Jump to read about views of COVID-19 today, including: Do Americans still see COVID-19 as a major threat? | How dangerous is COVID-19, and how seriously should we take it? Jump to read about views on protecting others, including: What steps should people take to protect others when they’re sick? | How often do Americans wear masks? Jump to read about past and future responses to health emergencies. Looking back: How do Americans think the country responded to the COVID-19 pandemic? | Looking ahead: How do Americans feel we would respond to a future health emergency? Do Americans still see COVID-19 as a major threat? The COVID-19 pandemic was the deadliest in U.S. history. And many experienced the virus firsthand: In our survey, 63% of American adults say that since February 2020, they tested positive for the virus, were told by a health care provider they had it or are pretty sure they had it. With the public health emergency phase now behind us, we asked Americans if they feel the virus poses a threat today. About one-in-five Americans say the coronavirus today is a major threat to the health of the U.S. population as a whole. This is down from a high of 67% in July 2020. A larger share of Democrats and independents who lean Democratic (29%) than of Republicans and GOP leaners (13%) still see COVID-19 as a major public health threat. But now that the overall threat perception has dropped, the partisan gap is far less dramatic than it was in July 2020 (then 85% among Democrats, 46% among Republicans). The share of Americans who say the coronavirus is a major threat to their personal health follows a similar pattern: There’s been an overall decline in the share of Americans who say this. And the partisan gap is less pronounced now that overall threat perception has dropped substantially. (Refer to the appendix for details.) How dangerous is COVID-19, and how seriously should we take it? During the pandemic, scientists sounded alarms about how COVID-19 could be more lethal than a cold or flu. But there was fierce debate and widespread confusion about how severe the virus was, and what people should do about it. How do Americans feel today about COVID-19’s severity, and how people should respond to it? Overall, 56% of Americans say COVID-19 is worse than a cold or flu, compared with 40% who say COVID-19 is no worse than these other illnesses. A small majority (56%) says COVID-19 isn’t something we need to worry about much. Still, about four-in-ten (39%) say we’re not taking it seriously enough. When it comes to testing for COVID-19, nearly two-thirds (63%) say people should take a test when they feel sick, compared with a third who say there is no point in doing this. Differences by party Republicans and Democrats differ dramatically in how they view COVID-19 today, with Democrats much more concerned about it. About three-quarters of Democrats (76%) say COVID-19 is worse than a cold or flu, compared with 36% of Republicans who say this. On the question of how worrisome the virus is, we see a similar partisan gap: About three-quarters of Republicans (76%) say COVID-19 isn’t something we need to worry about much, while 36% of Democrats say the same. When it comes to whether people should test themselves for COVID-19 when they feel sick, a large majority of Democrats (83%) say people should test. But Republicans are much more split. About half (52%) say there’s no point in testing, while 44% say people should test. Many Americans grappled with rapidly shifting health guidelines throughout the pandemic. Today, similar shares of both parties say they’re pretty clear on what the guidelines are for someone who gets COVID-19 (61% of Democrats, 56% of Republicans). But substantial minorities of both Democrats (36%) and Republicans (41%) say they are not sure what the current guidelines are. Differences by race and ethnicity Early in the pandemic, COVID-19’s health toll was especially heavy among Black and Hispanic adults. And in 2024, larger shares of Black (75%) and Hispanic Americans (64%) than White (51%) respondents say COVID-19 is worse than a cold or flu. This gap is driven by the much smaller shares of White Republicans who hold this view (33%). When we look just among Democrats, the racial and ethnic divide nearly vanishes: 80% of Black Democrats, 77% of Hispanic Democrats and 77% of White Democrats say COVID-19 is worse than a cold or flu. What steps should people take to protect others when they’re sick? The Centers for Disease Control and Prevention (CDC) guidelines spell out several steps people can take to slow the spread of COVID-19 and other illnesses. Some of these guidelines – such as wearing a mask – became politically charged during the pandemic. Five years later, how do Americans feel about taking measures to prevent the spread of illness? We asked Americans how important it is for people to take five different actions when feeling sick. About three-quarters (74%) say it is extremely or very important for people with cold-like symptoms to avoid contact with vulnerable people, such as older people and pregnant women. Of the five actions we asked about, this is the one that respondents deem most important. Just 6% say this is not too or not at all important. Americans feel much less strongly about other steps people can take to prevent spreading illness. Just under half (47%) of Americans say it is extremely

Risk assessment is more than a box-checking exercise. The right framework is an essential part of proactive risk management designed to protect against data breaches or prevent non-compliance with regulations. CSO recently explored six popular risk assessment frameworks, including COBIT, NIST Risk Management Framework, and ISO/IEC 27001. Want to know what your peers are using and how they approach risk management? Register now for the IT Governance, Risk & Compliance summit, a virtual conference taking place March 6. Offered free for qualified IT and security professionals, the event will tackle a range of issues including risk frameworks, AI data governance, the changing regulatory environment, and AI ethics. source

The first incremental update to Apple’s iOS 18.3 may drop next week, both 9to5Mac and MacRumors predict. Both sites monitor the devices used by their visitors to track waves of updates. It’s normal for Apple to release minor fixes after the launch of a new version, and iOS 18.3.1 is likely to include the same. However, the new release gained some unlikely buzz because of a TikTok rumor related to an optional satellite connectivity feature. What will be included in iOS 18.3.1? Apple has not released details about iOS 18.3.1; however, it is likely the update will include bug fixes, security patches, and quality-of-life upgrades. The first update after a release, such as iOS 18.2.1, often contains these small tweaks rather than introducing major new features. Since iOS 18.3 enables automatic activation of Apple Intelligence on iPhone 15 Pro and newer models, iOS 18.3.1 may include refinements to Apple’s generative AI features as well. iOS 18.3 resolved bugs in Genomji, HealthKit, and the Writing Tools API. Users can check for available software updates by going to Settings > General > Software Update on their Apple devices. Must-read Apple coverage When will iOS 18.3.1 be released? MacRumors suggested that iOS 18.3.1 will likely drop “within the next few weeks.” The next version, iOS 18.4, is expected to be available for beta testing in March, potentially bringing  enhanced generative AI features for Siri, new emoji, and security and privacy updates as Apple fine-tunes its integration with OpenAI’s ChatGPT. Does iOS 18.3 automatically connect to Starlink? No, iOS 18.3 does not automatically link devices to Starlink, the Elon Musk-run satellite connectivity service. In early February, an inaccurate rumor spread around TikTok that downloading iOS 18.3 would give Starlink automatic access to Apple phones. While iOS 18.3 does include a network setting that allows optional Starlink access, it is only available to T-Mobile customers participating in a beta program. This functionality is part of a T-Mobile Starlink partnership, not a direct Apple-Starlink integration. Apple’s satellite Emergency SOS feature, which works only when no cellular or Wi-Fi network is available, remains separate from Starlink services and unchanged in iOS 18.3. source

In today’s unstable market driven by shifting buyer expectations and AI disruption, strong processes are an organization’s lifeline, ensuring predictability, consistency, and scalability, yet many organizations overlook their importance. Investing in process improvement isn’t a nice-to-have — it’s essential. It boosts innovation, creates competitive differentiation, improves efficiency, cuts waste, and makes an organization agile. B2B leaders and operations teams must embrace process improvement as a strategic lever that drives predictable and sustainable growth, builds operational resilience, and delivers exceptional customer experiences. Though many organizations experience growth and profitability without process rigor, weak processes create chaos, which isn’t scalable. In Forrester’s Revenue Operations Survey, 2024, 88% of B2B operations professionals agree that their executives value and invest in process optimization — but only 38% think that their processes are flexible enough for fast response when conditions change. Process is how organizations institutionalize consistent behaviors to make sure the company does what it intends. Absence of process undermines the experience of customers and employees by treating each situation as a one-off, producing an uncontrolled variety of outcomes and opening the door for finger-pointing. Good process creates predictability and consistency, allowing for scale. Despite being fundamental to B2B success, process is often overlooked because: It’s not considered a strategic investment. Organizations optimize for efficiency, not outcomes. Internal culture and perception affect process adoption. In addition, the way that most organizations measure process improvement inhibits future investment in process initiatives. Traditional process metrics focus on efficiency and cost reduction rather than strategic outcomes, leading to a narrow view of process value. This measurement approach shifts focus away from process initiatives, often pushing them aside for quicker revenue-generating tasks. Process improvements have an indirect impact on revenue, so the immediate financial benefits may not be evident. This oversight can result in missed opportunities for long-term growth, innovation, and competitive advantage. So what can B2B organizations do about it? Leverage the Forrester B2B Process Value Architecture, a multidimensional approach to defining process value. By using this approach to reevaluate how they define process value, organizations will better appreciate the critical role of process in: Boosting efficiency with greater capacity and velocity. Strengthening stakeholder value by driving collaboration, alignment, and satisfaction. Enhancing effectiveness to achieve consistency, business outcomes, and reduced waste. Achieving sufficiency by balancing resources for optimal outcomes. Mitigating risk by ensuring compliance and standards. Building operational resilience by enhancing transparency, adaptability, and scalability.   Find answers on how to unlock the full potential of process across your B2B functions in the full report, which dives deeper into each process value category. To learn even more, join us at Forrester’s B2B Summit North America from March 31 to April 3, 2025, in Phoenix. We have keynote, breakout, workshop, and roundtable sessions focused on process optimization and how to act, ensuring that all go-to-market efforts are being executed as efficiently and effectively as possible. source

Instead of digitizing processes quickly, many companies in the manufacturing industry are standing still — and thus are in danger of falling further behind. source

DeepSeek: A New Model And New Hopes When DeepSeek released the open-source AI model, DeepSeek R1, with impressive performance and significantly lower training costs, it garnered immediate attention and rapid adoption. It has outperformed many, if not all, of its competitors’ latest models across many commonly used AI tests. Its model efficiency comes from several architectural choices such as the mixture-of-experts system, multi-head latent attention, memory compression, a mixed precision framework, and other optimization techniques. The infrastructure needed for inferencing with DeepSeek is far less than what its competitors use — useful deployments of DeepSeek can be done on consumer desktops and laptops. Microsoft announced DeepSeek R1 models for its Windows 11 Copilot+ PCs, and NVIDIA announced that its GeForce RTX 50 Series GPUs can run the DeepSeek family of models, as well. Key Takeaways: DeepSeek’s Promise Raises AI Aspirations This level of efficiency opens generative AI to a much broader audience. Organizations now have a choice to size up AI infrastructure that they can both acquire and afford for at least one generative AI model family. Tech executives: The bar to participating with generative AI has been set to a new low, and you no longer need to wait or spend enormous sums of money to begin. You no longer need bleeding-edge AI infrastructure (data center GPUs, AI servers, high-speed networks) to participate. Commonly available commodity IT infrastructure can suffice. This is not to say that having the latest GPU or 800-GbE network won’t provide benefits — they definitely will! source

In the last two years, growing concerns around the proliferation of and advances in deepfakes has raised concerns around their potential to impede adoption of facial and voice biometrics. Deepfakes are increasing because many organizations are migrating identity verification, authentication, and high-value, high-risk transactions (e.g., payments, taking out an insurance policy) to remote digital interactions, rendering traditional in-person vetting procedures obsolete. Meanwhile, there have been significant advances in computing power and deepfake generator algorithms. Deepfakes can cause fraud losses, data breaches, compliance issues, and reputational damage. Deepfakes are easier to generate than ever, more convincing than ever, and permeate across all channels (including call center, mobile app, and online web). Orgs need a strategy for defending against deepfakes because: People are highly susceptible to falling for deepfakes. A study sponsored by the UK’s Royal Society reports that “when individuals are given a warning that at least one video in a set of five is a deepfake, only 21.6% of respondents correctly identify the deepfake as the only inauthentic video, while the remainder erroneously select at least one genuine video as a deepfake.” Forrester expects that without warnings, the detection rates are even lower. Deepfakes affect not just authentication but authorization, too. Deepfakes permeate not just authentication but also onboarding and authorization of high-risk, high-value transactions. In 2024, an employee in an organization’s finance department mistakenly paid out $25 million to fraudsters after the fraudsters, who created a deepfake video of the chief financial officer, instructed him to do so. Deepfake creation has never been easier. It takes about 10 minutes to register for or optionally pay $10 to $20 (and decreasing over time) for GPU power, upload the victim/target’s video/audio, and upload the message (source) video/audio/text to Gooey.AI, Deepfakesweb.com, Deepgram.com, Wavel AI, and other online deepfake generation services. Mobile apps such as DeepFaceLab, Reface, and ZAO require no coding. All deepfakes are not malicious. Government agencies, airport authorities, and chatbot vendors have been creating deepfakes for legitimate purposes, often to create human-looking and -sounding bots with which customers can have natural, convenient, and familiar conversations. Protection against deepfakes takes many forms, from protecting the channel to understanding user behavior to looking at data artifacts in the deepfakes. Our just-published report, Detecting And Defending Against Deepfakes, discusses the most relevant methods that, when used in combination, help strengthen defenses against deepfakes, including spectral artifact analysis, liveness detection, behavioral analysis, and generative adversarial networks, as well as human training and processes that can assist in deepfake detection. If you are looking to better protect your organization from deepfakes, please read our report and schedule an inquiry or guidance session with us. source