By Christopher Cole ( February 10, 2025, 6:44 PM EST) — The nation’s telecommunications regulator will consider this month whether new rules are needed to cut the volume on blaring commercials that upset the relative calm of TV shows they accompany, according to a recent notice of proposed rulemaking…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

As spectators tuned in to Super Bowl LIX to indulge in American culture rife with consumerism, T. Swift, and rap feuds, the buzz was less around the game and more on determining who is pro football’s GOAT (greatest of all time). Kansas City Chiefs quarterback Patrick Mahomes had an unprecedented opportunity to win a third consecutive Super Bowl, the fourth in his young career, which raised questions from sports analysts of whether Mahomes was surpassing the legacy of another NFL GOAT, New England Patriots QB Tom Brady. It seemed like sports media had already declared Mahomes as the new GOAT, but first, Mahomes would have to win this year’s Super Bowl versus the Philadelphia Eagles to cement this status. That didn’t happen. Instead, a tough Eagles defensive front brought constant pressure that disrupted Mahomes, leading to several costly turnovers. The Chiefs could not overcome the Eagles’ preparation and the effectiveness of their defensive schemes, which validated Philadelphia’s defensive preparations. Validation showed its GOAT-head during the Super Bowl’s commercial breaks, with cybersecurity vendor Pentera’s ad about a half-goat/half-CISO that transformed from being his organization’s scapegoat to the cyber-greatest of all time. Becoming the cyber-GOAT, they say, requires continuous and proactive testing for vulnerabilities. Forrester’s proactive security research outlines visibility, prioritization, and remediation as the core principles of proactive security, with validation being a means to enhance accuracy and focus in prioritization. Vendors such as Pentera, XM Cyber, and Horizon3.ai provide validation that vulnerabilities are exploitable as a means to drive prioritization. Cyber threat exposure management is used by some vendors to describe this prioritization strategy. This is an unnecessary term in an already crowded world of cyber acronyms. Instead, organizations should focus on how to build proactive security programs with prescriptive, use-case centricity — using the three proactive principles to understand how organizations are gaining visibility, prioritizing exposures, and ultimately remediating them. Exposure management is a prioritization strategy and can be one of many prioritization strategies that organizations use. It maps exposures on an attack path and assesses the potential that an opponent could breach them — much like how Chiefs and Eagles head coaches Andy Reid and Nick Sirianni built out their Super Bowl game-day plans and playbooks. But you can only validate the effectiveness of offensive and defensive schemes in the game itself. In cybersecurity, this is how penetration testing and red teams provide singular, point-in-time validations. But now organizations are looking to do these continuously. This is where continuous security testing comes in, which we outlined in our recent report, Strengthen Proactive Security With Continuous Security Testing. Continuous security testing validates and proves that vulnerabilities are exploitable. There are many ways that continuous security testing can factor into remediation prioritization strategies today. Other options include breach and attack simulation, bug bounties, and penetration testing as a service, which all have different use cases and scopes (see image below). And while these are different options that factor into remediation prioritization, it’s likely that your organization will still utilize other prioritization methods such as CISA KEV, CVSS, and EPSS, depending on asset types and circumstances.   Should you do continuous security testing? Before jumping right in, we recommend that security and risk pros first assess how they are gaining visibility into assets and vulnerabilities — our first principle of proactive security. Next, teams should perform assessments of vulnerabilities with vulnerability scanning and combining their increasingly omnipresent sources of vulnerabilities. From there, teams can form their prioritization strategies. Consider exposure management as one of these and improve it with continuous security testing that validates that exposures are exploitable. But don’t forget remediation plans — this use case is often neglected in proactive platform companies (and why we expect to continue to see consolidation in the proactive security market, as companies such as Tenable acquire Vulcan Cyber to enhance remediation processes). Let’s talk! If you want to talk more about proactive security or continuous security, book time with me. source

One of the highlights of attending B2B Summit North America each year is getting to talk with Forrester clients and other marketing, sales, product, and customer success professionals. What I love most, though, is when I see people’s faces light up as a presenter describes a familiar challenge or a peer explains how they transformed their function to achieve game-changing results. There’s a palpable sense of energy and camaraderie. As one attendee put it, “Everyone is motivated to learn. There are many types of companies here, but we’re all trying to solve a lot of the same things and understand our buyers better.” To better understand what makes B2B Summit so special, we asked some past B2B Summit attendees what they have valued most about the event. Here are some of the recurring themes we heard. Industry-Leading Content “I have attended many marketing conferences, and Forrester’s B2B Summit is really a step above,” says attendee Jodi Lebow, vice president of the global demand center at Hexagon, an industrial technology company. “The content is at a higher level.” The content at our sessions and keynotes receives consistently high marks in the surveys we administer throughout the event. The concepts introduced, such as the importance of buying groups, inspire new ways of working. “I was fortunate to have attended last year’s event with a team of several colleagues, and we were able to real-time brainstorm how we can apply the lessons to our work,” says a vice president of marketing at an automotive goods company who has attended the event for the past several years. “The topics we heard were catalysts for us to have follow-up calls with analysts and dig deeper on several areas.” Unparalleled Networking Opportunities B2B Summit attendees tell us that they look forward to connecting with peers and gaining new perspectives. “I enjoy having the opportunities to meet with senior leaders from other companies who are facing challenges similar to mine,” says David Hamilton, CMO at SAP Concur. The event is also a place to rekindle connections made in previous years, notes Nikki Candito, vice president of integrated marketing at Anteriad: “I see some of my favorite people here every year.” Much of the networking happens at the B2B Summit Marketplace, a vendor showcase “that is second-to-none in getting me access to companies providing marketing technology solutions,” SAP Concur’s Hamilton says. He adds that he appreciates having one place to meet with vendors with which he already has long-standing relationships. Learning By Example Case studies held throughout B2B Summit provide a deep dive into how companies worked through a particular problem to realize results. Past attendees tell us that they appreciate the real-world examples and actionable steps to apply the learnings to their own processes. Attendees also find inspiration in our B2B Awards sessions, which spotlight how companies have aligned their marketing, sales, customer, and product functions or transformed a specific function to improve performance. “I learn a tremendous amount from the ROI Honors winners in seeing how other companies have implemented concepts,” says the marketing vice president at the automotive goods firm. “I find it invaluable to see their results and also learn what went well, what didn’t, and what they learned along the way. I always take this learning back to my organization.” Watch this space for our announcement of this year’s B2B ROI Honors and B2B Programs Of The Year Award winners in February. Dedicated Time With Analysts One-on-one sessions with analysts — private, 20-minute onsite sessions with our experts — continually rank among the most valued aspects of B2B Summit. But that’s just one of the ways for attendees to ask analysts questions and get tailored advice. The analyst-led roundtables and small workshops also give attendees plenty of opportunities to dig into their thorniest challenges with analysts. This year’s Summit will include a host of new analyst-facilitated roundtables and analyst-led workshops to accelerate more formalized networking and idea sharing. They will also allow attendees to begin applying Summit learnings to their challenges even before they return home. An Invigorated Sense Of Mission There’s an undeniable charge to the air throughout B2B Summit as it uniquely brings together the entire go-to-market team of marketing, sales, customer, and product leaders. Attendees leave feeling energized, aligned, and empowered to tackle their challenges and innovate, as they know they’ve acquired tools that will equip them to ignite meaningful change. “This whole event not only brought new ideas, but it really remotivated me to get out in front of things that I’ve been thinking about and gave me ideas on how other people are doing it,” says Jennifer Pesci-Kelly, senior director of institutional marketing at Cengage. “I would recommend B2B Summit to all other marketers.” Ready to gain insights, tools, and connections that elevate your game? Learn more about B2B Summit North America and register. source

By Christopher Cole ( February 10, 2025, 9:12 PM EST) — It could become tougher for the Federal Communications Commission to adopt new rules for the telecom industry under a bill Republicans have reintroduced that would require a congressional green light for major new regulations…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

The U.K.’s office of the Home Secretary has allegedly asked Apple to provide a backdoor into any material any user has uploaded to iCloud worldwide, The Washington Post reported on Feb. 7. Anonymous sources provided The Washington Post the information and expressed concerns about tech companies being leveraged for government surveillance. Apple has not commented; however, in March, the company provided a statement to Parliament on the occasion of receiving notice of a potential request, saying “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.” Must-read security coverage UK government request falls under 2016 law enforcement act The office of the Home Secretary acted under the U.K. Investigatory Powers Act of 2016, which enables law enforcement to force companies to comply with demands for access if that access is part of a search for evidence. Specifically, the office served Apple with a technical capability notice. A consultant advising the U.S. government on matters related to encryption called the U.K.’s request “shocking,” according to The Washington Post. “If implemented, the directive will create a dangerous cybersecurity vulnerability in the nervous system of our global economy,” Meredith Whittaker, president of the encrypted messenger nonprofit organization Signal, told The Washington Post. SEE: Security professionals in the UK can watch the Cyber Monitoring Centre’s new cyber attack rating system, but its information may be too broad and too late for practical use. Advanced Data Protection comes under fire again The possible backdoor means the U.K. government could access information uploaded by personal and business users deploying Apple products, even if Apple itself can’t see that information due to the encryption applied to some of its cloud storage. Specifically, the order would give the U.K. an opening into information covered under Apple’s Advanced Data Protection, an optional security layer introduced in 2022. If the U.K. does get its backdoor, Apple could shut down the Advanced Data Protection service. The FBI under President Donald Trump’s first administration protested Advanced Data Protection for similar inaccessibility reasons the U.K. is now seeking to circumvent. On the other hand, tech companies like Apple allege a backdoor would be used by criminals or by authoritarian governments against their citizens. Advanced Data Protection for iCloud is available to Apple users at no additional cost. It can be set up using a recovery contact or key on top of a standard, updated Apple Account’s two-factor authentication. “Most” Apple users don’t activate Advanced Data Protection, The Washington Post said. source

By Jon Hill ( February 7, 2025, 8:29 PM EST) — The Consumer Financial Protection Bureau has told a Washington, D.C., federal judge that its acting director will review and could rescind the agency’s recent order subjecting Google’s payment arm to supervision, securing a pause of the tech giant’s lawsuit against the order…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

In some instances, it can be rather easy to spot traces of artificial intelligence at work — especially if there are common “tells” that surface in its use. Generative AI, at least for now, can be prone to produce illustrations that feature similar visual styles that repeat with each creation. What happens when companies rely on the results of AI’s work, and their rivals work with the same algorithms? Does the innovation and edge AI promises disappear? Or are there ways companies can differentiate how they use AI to stand out in the market? As InformationWeek kicks off “The Cost of AI series,” this episode of DOS Won’t Hunt brought together Andy Boyd, chief product officer with Appfire; Amol Ajgaonkar, CTO of product innovation with Insight; Mike Finley, CTO and co-founder for AnswerRocket; Kashif Zafar, CEO of Xnurta; and James Newman, head of product and portfolio marketing for Augury. The podcast panel discussed what happens if companies start to look like they are just copying each other when they use AI, what the ROI is for AI, and how organizations can differentiate what they get out of AI? Listen to the full podcast here. source

By Todd Itami ( February 6, 2025, 3:10 PM EST) — The e-discovery industrial complex will be transformed by generative artificial intelligence sometime soon.[1] Our current paradigm of data handling will vanish and be replaced by fully integrated enterprise solutions…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

I look forward to attending the Artificial Intelligence Action Summit in Paris, France, next week. After the two previous summits hosted at Bletchley Park in the UK (November 2023) and in Seoul, South Korea (May 2024), French President Emmanuel Macron has decided to host a new AI Action Summit, cochaired with India, on February 10–11 in Paris. Who will attend, and what’s on the agenda? 60 heads of state and government, including US Vice President JD Vance, European Commission President Ursula von der Leyen, Chinese Vice Premier Ding Xuexiang, and Indian Prime Minister Narendra Modi Hundreds of scientists, experts, and academic reseachers, including four Nobel Prize winners and four Turing Award winners More than 300 AI firms and enterprises, with dedicated business meetings and events at Station F Hundreds of side events, with a very rich agenda open to civil society and NGOs, including a cultural weekend Full details of the agenda are here. Why is this event important? Forrester has already shared its perspectives on the disruptive nature of AI and generative AI:   Generative AI will reshape our lives and impact businesses. See the Forrester report, The Generative AI Advantage. AI and the environment are complexly intertwined. While AI has significant potential to help mitigate the environmental crisis, today’s AI tech — especially genAI — has a huge impact on climate change and water resources. We explain how in the Forrester report, How AI Will Accelerate The Green Market Revolution. There’s stronger emphasis on the importance of trust and ethics when leveraging AI technology. See the Forrester blog, Trusted AI Begins And Ends With Alignment. AI represents more than just an industrial and technological revolution. It has the potential to bring about a profound paradigm shift in our society and in how we relate to knowledge, work, information, culture, and even language. Some claim that AI is just mathematics and doesn’t require any regulation at all. Others consider that the European Commission is killing innovation by regulating AI too tightly. Let’s face it: AI is such a complex topic, with so many political, societal, and environmental consequences, that it deserves a more nuanced debate. That’s what the Summit will try to establish — maintaining a dialogue on global governance in an increasingly fragmented world. What should attendees expect? In my opinion, the Summit is first and foremost a diplomatic move that aims at facilitating the convergence of AI governance, generating debate on the impact of AI on society, and establishing thought leadership on AI’s latest developments. It is likely that no major announcement will be made, but what really matters is creating conditions for continuous dialogue on AI global regulation. It is also worth noting that 50 innovative AI for Good projects have been selected and will receive support, communication, and funding at the AI Action Summit; see the full list here. Last but not least, President Macron’s diplomatic move also aims to showcase France’s capabilities and assets in the global AI race to make sure that France remains one of the leading global destinations for foreign investments in artificial intelligence: Excellence in AI and mathematical research with well-known AI scientists such as Yann LeCun (2018 Turing Award winner and chief AI scientist at Meta) Several AI research hubs and decision-making centers that involve global leaders A vibrant AI ecosystem, with more than 1,000 AI startups having raised €1.9 billion in 2024, including Mistral AI and its large language model Powerful computing centers, both public (Jean Zay/GENCI) and private (Scaleway, OUTSCALE, and OVH) Decarbonized electricity source

A cyber attack hit an Australian user every second in 2024, marking a staggering twelvefold increase from the previous year. This surge contributed to a global cybersecurity crisis, where 5.6 billion accounts were compromised worldwide, equating to 176 breaches per second, according to Surfshark. The global total represents a nearly eightfold surge from 2023 when only 23 accounts were compromised per second. Australia’s data breach epidemic Australia recorded 47 million data breaches last year, up from 2023’s 4.1 million, making it the eleventh most affected country worldwide, according to Surfshark. On a per capita basis, 1,785 Australian accounts were breached per 1,000 residents, far exceeding New Zealand’s 779 per 1,000. Surfshark, a cybersecurity firm, analysed attack data from 29,000 publicly available databases to put together its 2024 data breach recap. SEE: Phishing Emails in Australia Rise by 30% “On a global scale, 285 accounts are breached per 100 people on average,” Emilija Kucinskaite, senior researcher at Surfshark, said in a press release. “However, in Australia, this number goes up to 732 per 100 people. Statistically speaking, an average Australian has been affected by data breaches around 7 times.” A total of 554.5 million personal records belonging to Australians have been exposed since 2004, consisting of email addresses, passwords, phone numbers, credit card details, IP address, and other sensitive information. On average, each email address was breached with three additional pieces of sensitive data. Indeed, over the last decade, 192.5 million Australian user accounts across different platforms have been compromised, and 106.9 million of these were accompanied with passwords. This put 56% of breached users in danger of account takeover, Surfshark found, potentially resulting in identity theft, extortion, and other cyber crimes. The exposed user accounts also consisted of 49 million unique Australian email addresses. Must-read security coverage A costly and growing threat In 2024, the average cost of a data breach in Australia reached a record high of AUD $4.26 million (USD $2.77 million), representing a 27% increase since 2020. This rise is attributed to: More phishing attacks Longer breach detection times Increasing cybersecurity skills shortages The growing sophistication of cyber threats Furthermore, the Office of the Australian Information Commissioner found that the number of notifiable data breaches in the first six months of 2024 (527) was 9% higher than the same period in 2023 and marked the largest number since 2020. Major cyber attacks that hit Australia Several high-profile breaches contributed to record-breaking figures. In April, MediSecure, an electronic prescriptions provider, suffered a ransomware attack compromising the personal and health data of approximately 12.9 million Australians. SEE: National Public Data Breach: 134 Million Unique Emails Leaked February saw 122 million individuals affected by a data leak at B2B demand generation company DemandScience, which, according to Surfshark, included 1.2 million Australians. Then, in May, IT provider Outabox suffered a breach affecting about one million patrons of New South Wales and Australian Capital Territory clubs. The world’s largest compilation of passwords to be leaked online was also discovered last year, containing 9,948,575,739 unique plaintext entries. The credentials were discovered in a file named “rockyou2024.txt” that was posted on a popular hacking forum on July 4, 2024. Cybersecurity in 2024: a growing battlefield The rising threat of cyber attacks is not an Australia-specific problem, with the barrier to entry for hackers being lowered by the accessibility of AI. The top five countries for breach volume, from highest to lowest, are China, Russia, the U.S., France, and Germany. The top three accounted for 46% of the world’s data breaches. Experts warn that without significant action, exposure to cyber risks will only intensify in 2025. source