By Tom Zanki ( January 1, 2025, 8:01 AM EST) — Capital markets attorneys are preparing to advise more companies toward initial public offerings in 2025, given evidence that a rising number of candidates are joining the pipeline in expectation of a long-awaited resurgence in new listings…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Annual report includes a five-year look at the relationship between religion-related government restrictions and social hostilities in each country This is the 15th in a series of annual reports by Pew Research Center analyzing the extent to which governments and societies around the world impinge on religious beliefs and practices. This analysis was produced by Pew Research Center as part of the Pew-Templeton Global Religious Futures project, which analyzes religious change and its impact on societies around the world. Funding for the Global Religious Futures project comes from The Pew Charitable Trusts and the John Templeton Foundation (grant 63095). This publication does not necessarily reflect the views of the John Templeton Foundation. To measure global restrictions on religion in 2022 – the most recent year for which data is available – the study rates 198 countries and territories by their levels of government restrictions on religion and social hostilities involving religion. The new study is based on the same 10-point indexes used in the previous studies. The Government Restrictions Index (GRI) measures government laws, policies and actions that restrict religious beliefs and practices. The GRI comprises 20 measures of restrictions, including efforts by governments to ban particular faiths, prohibit conversion, limit preaching or give preferential treatment to one or more religious groups. The Social Hostilities Index (SHI) measures acts of religious hostility by private individuals, organizations or groups in society. This includes religion-related armed conflict or terrorism, mob or sectarian violence, harassment over attire for religious reasons and other forms of religion-related intimidation or abuse. The SHI includes 13 measures of social hostilities. To track these indicators of government restrictions and social hostilities, researchers combed through more than a dozen publicly available, widely cited sources of information, including the U.S. State Department’s annual “Reports on International Religious Freedom” and annual reports from the U.S. Commission on International Religious Freedom (USCIRF), as well as reports and databases from a variety of European and United Nations bodies and several independent, nongovernmental organizations. (Refer to the Methodology for more details on sources used in the study.) To learn more about the analysis for understanding the relationship between GRI and SHI scores, read the Methodology. Since 2007, Pew Research Center has analyzed religious restrictions in nearly 200 countries and territories around the world with two measures that are related but that also are very different: the Government Restrictions Index (GRI) and the Social Hostilities Index (SHI). The GRI measures restrictions by governments that can target people for their religious beliefs, as well as incidents in which governments use religious justifications to harass, intimidate or restrict people. The SHI, on the other hand, looks at religion-related hostilities by nongovernmental actors (i.e., private individuals and social groups). In 2022, the global median scores on both indexes stayed the same as they were in 2021, at 3.0 out of 10.0 on the Government Restrictions Index (its peak level) and at 1.6 out of 10.0 on the Social Hostilities Index. This is the Center’s 15th annual study of restrictions on religion. Before examining the 2022 findings in detail, we begin by examining the general relationship, in all countries, between levels of government restrictions and levels of social hostilities over the last five years of the study (2018 through 2022). In simple terms, the question we are asking is: Do countries in which government authorities pressure religious groups also tend to be places in which social groups and individuals are hostile toward religious groups? Similarly, do countries with relatively few government restrictions on religion also tend to be places with relatively few social hostilities involving religion? For the most part, the answer is yes: Government restrictions and social hostilities tend to go hand in hand. Over the five-year period, roughly three-quarters of all countries had either “high” or “very high” levels of both kinds of restrictions, or they had “low” or “moderate” levels of both kinds of restrictions. However, there are a sizable number of exceptions: About a quarter of all countries were in the high/very high range on one index and the low/moderate range on the other index. Here is a breakdown: 62% of the countries and territories analyzed (123 out of 198 studied) had low or moderate GRI scores and SHI scores, on average, from 2018 through 2022. For example, South Korea, Canada and the United States are among these countries. 12% (or 24 countries) had high or very high GRI scores and SHI scores, on average, in the same five-year period. Egypt and India are among these countries. 16% (or 32 countries) had high or very high GRI scores but had low or moderate SHI scores. China and Cuba are among these countries. 10% (or 19 countries) had low or moderate GRI scores but were in the high or very high range of SHI scores. Brazil and the Philippines are among these countries. Most countries that had high or very high GRI scores nevertheless had low or moderate SHI scores (32 of 56 countries, or 57%). Researchers looked at mean (i.e., average) GRI and SHI scores over the most recent five years of the study (2018-2022). This multiyear analysis reduces the impact of the year-to-year fluctuations that occur in the index scores of many individual countries, and thus offers a more stable set of scores. Background on the study Since 2007, Pew Research Center has been tracking restrictions on religion on two 10-point indexes: The Government Restrictions Index (GRI): Government restrictions on religion include laws, policies and actions that regulate or limit religious beliefs and practices. They also include policies that single out religious groups or ban particular beliefs or practices; the granting of benefits to some religious groups but not others; and bureaucratic rules that require religious groups to register to receive benefits. The Social Hostilities Index (SHI): Social hostilities include actions by private individuals or groups that target particular religious groups, often minorities. They can involve religion-related harassment, mob violence, terrorism and militant activity, as well as hostilities over religious conversions or the wearing of religious symbols and clothing. Countries with low or moderate

When you migrate to UCaaS (Unified Communications as a Service), voice, video, messaging, and collaboration tools are combined into a single cloud-based platform. Employees can sign into a one service for all communications, which is more efficient and easier to secure. But migrating from a legacy system isn’t easy. Downtime, data transfer challenges, and frustrated customers can turn an upgrade into a headache. With the right strategy, though, you can work with a good UCaaS provider to ensure a seamless migration — avoid interruptions, confusion, and angry calls from lost customers. 1 RingCentral RingEx Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Medium, Large, Enterprise Features Hosted PBX, Managed PBX, Remote User Ability, and more 2 Talkroute Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Call Management/Monitoring, Call Routing, Mobile Capabilities, and more UCaaS migration challenges Migrating from a legacy system Moving from an older legacy system usually entails issues with compatibility, integration, and data migration. Some of the common problems include: Incompatibility with cloud systems: Older PBX systems and analog devices often lack the integrations needed for modern UCaaS platforms. Hardware dependency: Proprietary hardware ties businesses to outdated vendors and complicates upgrades. Network limitations: Legacy routers and switches may not support the bandwidth or QoS requirements for seamless VoIP and video communication. Device overload or redundancy: Separate tools for conferencing, faxing, and voicemail can create inefficiencies when consolidating systems. Security vulnerabilities: Outdated devices may lack encryption or modern security protocols, posing risks during the migration process. To mitigate these issues, businesses should carefully evaluate their current infrastructure and make any necessary updates before migrating to UCaaS. They should also work closely with their chosen provider to verify which devices will work and which must be upgraded before deployment. Here is a list of some of the equipment that may throw a curveball during your UCaaS migration: Analog desk phones: Older phones using copper wiring may need replacement with VoIP-compatible models. PBX systems: On-premises systems often lack the features or integrations required for UCaaS platforms. DECT phones: Wireless handsets designed for legacy systems may not support modern VoIP protocols. Pagers: Standalone paging devices require consolidation into UCaaS to streamline internal communication. PA systems: Public address systems may need upgrades to integrate with cloud-based UC platforms. Fax machines: Physical fax devices often require a cloud-based fax solution to ensure compatibility. Video conferencing equipment: Older hardware tied to proprietary platforms may not integrate with UCaaS video tools. Routers and switches: Legacy network devices can bottleneck bandwidth, affecting UCaaS performance. Call recording systems: Outdated recording hardware may not align with cloud-based call management. Specialized industry devices: Tools like intercom systems in healthcare or retail handheld scanners might need reconfiguration or replacement. Some of this equipment may work with an adapter, such as a VoIP gateway to support analog phones, or a fax ATA that supports a multifunction printer. Have the specs for technology like pagers, PA systems, and DECT devices on hand for discussions with vendors. The key is finding out early on in the process what you are going to be able to keep using, and what needs to be fully replaced. If you discover late in the process that something won’t work, it will be much more complicated and costly to make a change. Migrating from another cloud phone system Many VoIP (Voice over Internet Protocol) phone service providers offer unified communications services, but sometimes they don’t support all of the channels and technology that a business requires — so businesses are forced to migrate to UCaaS. For more info, see this post about the differences between UCaaS vs VoIP and when each one works best. The good news is that moving from a cloud phone system to UCaaS is often more straightforward than transitioning from a legacy system. But it’s not without its challenges. Adding messaging, video, and collaboration tools requires careful planning to avoid disruptions and ensure a smooth transition. Here are some common challenges people encounter during this type of UCaaS migration: Feature overlap and redundancy: Businesses may already use separate tools for messaging or video that duplicate UCaaS capabilities. User training and adoption: Employees used to simpler systems might need support learning new features. Data integration and migration: Moving call logs, contacts, and voicemail between systems can be complex. Network optimization: UCaaS places greater demands on bandwidth and network quality compared to a cloud phone system. Customization adjustments: Replicating workflows and customizations from the cloud phone system may require extra configuration. There are obvious benefits to consolidating different communication tools, such as messaging, video conferencing, and collaboration, which were previously handled by separate systems. But it requires careful planning to avoid redundancy, ensure smooth integration, and ensure that all employees are comfortable using the new platform. Check out our white paper: Welcome to the UCaaS Era Preparing for a smooth UCaaS migration Set some goals so you’re sure of a smooth transition for your team and customers. Essential points to consider include: Making sure your timeline is comprehensive and specific. Adding milestones and deadlines for each phase of the project. Assigning responsibilities to team members, such as data mapping and system testing. Planning for roadblocks or unexpected challenges. Setting up regular communication sessions with your UCaaS provider. Next, it’s time to assess your current communications infrastructure. Some of the things to look for in your audit are: How many employees and devices use the system. The type and frequency of communication used, such as voice, video conferencing, and messaging. Your current system functionalities and which ones are in use. Current system limitations. All the hardware and software you use to keep your system running. Any licenses and subscriptions you might need to upgrade or renew. Finally, identify recurring sources of friction that might negatively impact your migration process. Common pain points could include: Low quality for calls. Lack

Last year, Spain’s tourism sector, its economic growth engine, reached historical levels, contributing nearly €187 billion (about $195 billion) to its GDP thanks in part to the fruits of digitalization. Technology, says Soltour CIO Miguel Abril, has taken on a fundamental role, transforming not only the customer experience through personalization and operational efficiency, but also the way in which consumers plan, book, and enjoy their trips. However, he adds, the maturity varies in one of the most consolidated verticals at a national level. “The big players, such as OTAs [Online Travel Agencies], are advancing in their adoption of new technologies, taking advantage of AI and big data tools, while other actors are in earlier stages of integration,” he says. Referring to the latest figures from the National Institute of Statistics, Abril highlights that in the last five years, technological investment within the sector has grown more than 40%. “This reflects the growing dependence on digital solutions to maintain competitiveness,” he says.  source

COMMENTARY Israel’s electronic pager attacks targeting Hezbollah in September highlighted the dangerous ramifications of a weaponized supply chain. The attacks, which leveraged remotely detonated explosives hidden inside pager batteries, injured nearly 3,000 people across Lebanon, as a worst-case reminder of the inherent risk that lies within global supply networks. The situation wasn’t just another doomsday scenario crafted by financially motivated vendors hoping to sell security products. It was a legitimate, real-world byproduct of our current reality amid the escalating proliferation of adversarial cybercrime. It also underscored the dangers of relying on third-party hardware and software, with roots back to foreign countries of concern — something that happens more often than one might expect. For example, on Sept. 12, a US House Select Committee Investigation revealed that 80% of the ship-to-shore cranes at American ports are manufactured by a single Chinese government-owned company. While the committee did not find evidence that the company used its access maliciously, the vulnerability could have enabled China to manipulate US maritime equipment and technology in the wake of geopolitical conflict.  As nation-state actors explore new avenues for gaining geopolitical advantage, securing supply chains must be a shared priority amongst the cybersecurity community in 2025. Verizon’s “2024 Data Breach Investigations Report” found that the use of zero-day exploits to initiate breaches surged by 180% year-over-year — and among them, 15% involved a third-party supplier. The right vulnerability at the wrong time can put critical infrastructure in the crosshairs of a consequential event. Implementing impactful supply chain protections is far easier said than accomplished, due to the complexity, scale, and integration of modern supply chain ecosystems. While there isn’t a silver bullet for eradicating threats entirely, prioritizing a targeted focus on effective supply chain risk management principles in 2025 is a critical place to start. It will require an optimal balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation. Rigorous Supplier Validation: Moving Beyond the Checkboxes Whether it’s cyber warfare or ransomware, modern supply chain attacks are too sophisticated for organizations to fall short on supplier validation. Now is a vital time to move beyond self-reported security assessments and vendor questionnaires and migrate toward more comprehensive validation processes that prioritize regulatory compliance, response readiness, and secure-by-design. Ensuring adherence to evolving industry standards must be a foundational driver of any supplier validation strategy. Is your supplier positioned to meet the European Union’s Digital Operational Resilience Act (DORA) and Cyber Resilience Act (CRA) regulations? Are they aligned with the National Security Agency’s CNSA 2.0 timelines to defend against quantum-based attacks? Do their products possess the cryptographic agility to integrate the National Institute of Standards and Technology’s (NIST’s) new Post-Quantum Cryptography (PQC) algorithms by 2025? These examples are all important value drivers to consider when selecting a new partner. Chief information security officers (CISOs) should still push further by mandating actual evidence of cyber resilience. Conduct annual on-site security audits for suppliers that assess everything from physical security measures and solution stacks to IT workflows and employee training programs. In addition, require your suppliers to provide quarterly penetration testing reports and vulnerability assessments, then thoroughly review the documents and track remediation efforts. Equally crucial to rigorous validation is gauging a supplier’s incident response readiness via notification procedures, communication protocols, practitioner expertise, and cross-functional collaboration. Any joint cyber-defense strategy should also be underpinned by a shared commitment to secure-by-design principles and robust product security testing protocols that are integrated into supply chain risk assessments. Implemented during the early stages of product development, secure-by-design helps reduce an application’s exploit surface before it is made available for broad use. Product security testing provides a comprehensive understanding of how utilizing a particular product will impact your threat model and risk posture. Purposeful Data Exposure: Less Is Always More Less (access) is more when it comes to protecting data in supply chain environments. Organizations should be focused on adopting purposeful approaches to data sharing, carefully considering what information is truly necessary for a third-party partnership to succeed. Limiting the exposure of sensitive information to external suppliers via scaled zero-trust concepts will help reduce your supply chain attack surface exponentially, which in turn simplifies the management of third-party risk.  An important step in this process involves implementing stringent access controls that restrict credentials to only essential data and systems. Data aging and retention policies also play a crucial role here. Automating processes to phase out legacy or unnecessary data helps ensure that even if a breach occurs, the damage is contained and privacy is maintained. Leveraging encryptions aggressively across all data touchpoints accessible to third parties will also add an extra layer of protection for undetected breaches that occur throughout the wider supply chain ecosystem. Meticulous Preparation: Assumption of Breach Mindset As supply chain attacks accelerate, organizations must operate under the assumption that a breach isn’t just possible — it’s probable. An “assumption of breach” mindset shift will help drive more meticulous approaches to preparation via comprehensive supply chain incident response and risk mitigation. Preparation measures should begin with developing and regularly updating agile incident response processes that specifically cater to third-party and supply chain risks. For effectiveness, these processes will need to be well-documented and frequently practiced through realistic simulations and tabletop exercises. Such drills help identify potential gaps in the response strategy and ensure that all team members understand their roles and responsibilities during a crisis.  Maintaining an up-to-date contact list for all key vendors and partners is another crucial component to preparation. In the heat of an incident, knowing exactly who to call at Vendor X, Y, or Z can save precious time and potentially limit the scope of a breach. This list should be regularly audited and updated to account for personnel changes or shifts in vendor relationships. Organizations should also have a clear understanding of the shutdown and containment procedures for each critical application or system within their supply chain. While it’s impossible to predict every potential scenario, a well-positioned team armed with comprehensive response plans and intimate knowledge of their supply chain environment is far better equipped to combat adversarial threat actors. source

Emerging technologies like 5G, blockchain, and quantum computing will see increased investment in the region in the coming years. The rollout of 5G infrastructure will be a key enabler for IoT and smart cities, driving innovation in sectors like healthcare, autonomous vehicles, and industrial automation. Blockchain technology will continue to find applications in finance, supply chain management, and public services, with regulatory frameworks being developed to encourage its growth. Despite the promising outlook for technology in the Middle East, organizations will face significant challenges as they adopt new technologies. The skills gap, particularly in AI, cloud computing, and cybersecurity, remains a critical issue. Lalchandani stresses the need for ongoing training and upskilling to build a workforce capable of driving innovation and supporting technological advancements. In conclusion, the Middle East is poised for a technological revolution in 2025, with AI, cloud computing, cybersecurity, and IoT leading the charge. With the right investments, policies, and strategies in place, the region is on track to become a global leader in digital transformation. However, overcoming challenges such as workforce readiness, regulatory compliance, and cybersecurity risks will be critical to realizing this vision. source

AI is a powerful tool for B2B go-to-market (GTM) teams, enabling them to analyze market and customer trends, personalize customer interactions, optimize sales strategies with unprecedented efficiency and accuracy, and more. With all the relentless buzz around AI, it’s easy to start with the tool and then go searching for a way to use it. The problem with that is you’re letting the technology, not your customers and your goals, drive your strategy. Set your company up for AI success by: Starting with clear goals and objectives. For technology to be valuable (i.e., have a measurable impact on the business), it must be acquired for a purpose. Purchasing and implementing AI isn’t a true measure of success. Be sure that you know why you’re onboarding AI. Be clear about what you’re looking for it to enable and what outcome you expect to receive. Any tool purchased without this direction can lead you away from ensuring that your resources and investments are providing value to your customers and your organization. Preparing your data. There’s a reason why sentiments such as “garbage in, garbage out” are a key part of AI conversations. AI is an amplifier. If you put good data into AI with the right direction, it will bring quality results. If you put bad data into AI, it will produce inaccurate insights and flawed outcomes. Investing time and effort into preparing your data for AI is crucial to ensure the accuracy and reliability of its outputs. To mitigate unnecessary risk for your company, also ensure that compliance is a part of the consideration. Educating your teams and leadership. It’s important to not just train your models but to train the resources that will be using the tools as well as your leaders. Technology is only valuable if it’s being used well. A successful AI deployment focuses on educating users so that they’re clear on what it is, how it impacts their work, how they can use it to do their jobs better, and what its limitations are. Being sure that your leadership is well informed on AI is important for driving the technical strategy; fostering AI adoption; helping manage risk; making better use of the insights to make informed decisions; and creating an AI-positive culture of innovation, continuous learning, and openness to change. Experimenting with pilots. We’ve all had experiences rolling out tech and then it doesn’t quite behave the way we thought it would. This can be very disruptive with large rollouts. It’s best practice for onboarding any technology (especially AI) to start with experiments and pilots, measure results, discover what works and what doesn’t, and optimize the tool and process before rolling it out broadly. Setting clear governance and guidelines. AI can introduce scenarios that require updates to corporate governance and policies. Work with your IT, data, and legal teams to ensure that governance policies are updated to account for these new scenarios and that the guidance is communicated and understood. Focus on areas such as AI ethics (making AI free from bias and aligning it with your company values), appropriate data access, and internal and external transparency regarding your AI usage. B2B GTM teams have a lot to consider before successfully selecting and onboarding AI, so let’s continue the conversation. Contact your Forrester account manager to set up a guidance session with me, and join me at B2B Summit North America, March 31 to April 3 in Phoenix, where I’ll be talking about how you can build trust with AI — for your company and your customers. source

Webinar platforms have come a long way since Microsoft first launched its video conferencing software NetMeeting in 1996, but the core idea remains unchanged. Today, webinars are versatile tools for training, education, communication, and marketing, enabling presenters to engage with audiences in real time through polls, surveys, and questions. Webinars excel at generating leads, raising awareness, teaching skills, and demonstrating products. Their direct-to-camera presentation feels authentic — even when pre-recorded — and helps brands build their presence. Despite their versatility, webinar software platforms are easy to use.  However, there are many different kinds of webinars you can host, so it’s important to be aware of the best practices of each. 1 RingCentral RingEx Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Medium, Large, Enterprise Features Hosted PBX, Managed PBX, Remote User Ability, and more 2 Talkroute Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Call Management/Monitoring, Call Routing, Mobile Capabilities, and more The only five types of webinars Here are the different types of webinars you’re going to see: Live webinars. On-demand webinars. Simulated live webinars. Hybrid webinars. Virtual workshop webinars. In case you’re wondering… Are webcasts a type of webinar? Not really. Webcasts are one-way broadcasts of audio and video content over the internet to a large audience. Webinars, on the other hand, are typically interactive and geared towards smaller groups. SEE: Learn more about the key differences between a webinar and webcast. With that out of the way, here are the all the different types of webinars. Live webinars Live webinars are real-time events, which means hosting them can sometimes feel daunting. At the same time, the live format comes with some distinct advantages. First of all, it’s the best type of webinar for audience interaction. Participants can ask questions, answer polls, and engage with the presenter and content as it’s coming in. This feels authentic and keeps everyone involved — you’re not just telling your brand story, you’re inviting users into the conversation. Everyone says “create engaging content.” Well, a live webinar is actually engaging. People have to show up on time, and they may be on screen with other attendees. Live webinars help presenters connect with participants on a more personal level. Attendees can explain why they joined the webinar, what they hope to gain, their biggest fears about buying, and so on. You are not going to get that kind of connection by emailing someone a whitepaper. Some companies deliberately use live webinars as a community-building tool. For example, Adobe often holds live webinars to showcase new features for its creative software suite, deliver tutorials, and build a community of users around its products. SEE: Learn best practices for hosting an engaging webinar. On-demand webinars On-demand webinars are pre-recorded online presentations that users can watch anytime. This is more convenient for users than having to attend a live or simulated live webinar at a certain time. And it’s a lot easier for presenters to get their ideas in front of more people. Online learning platforms, business consultants, and software-as-a-service (SaaS) providers often have libraries of in-depth lessons, tutorials, and seminars as on-demand webinars. This is great for students, as many of them prefer to access lessons, tutorials, and seminars at their own pace and on their own schedule. Furthermore, many will want the ability to watch certain presentations multiple times. These benefits are typically only possible with on-demand webinars. Microsoft is a good example of a company that hosts a library of on-demand webinars to guide users through its products and services. These tutorials help individuals and businesses get the most out of their Microsoft products, and they may also contribute to building brand loyalty. On-demand webinars are a solid passive lead generation strategy — if you are creating any type of webinar content, there probably is not a big downside to publishing an on-demand option online. Download our free eBook: Attracting your Webinar Audience: A Guide to Lead Generation Simulated live webinars Simulated live webinars are pre-recorded presentations that go live at scheduled times. While these events don’t feature a live presenter, attendees can still participate in polls and surveys during the live presentation. They can help businesses reach audiences across multiple time zones. The pre-recorded format also means you can deploy the same content multiple times to different audiences. Simulated events are ideal when companies want to drive engagement without hosting live events. For instance, Amazon Web Services (AWS) uses simulated live webinars to teach users to leverage the power of its cloud technology. These technical workshops train users to deploy applications and use AWS tools. Hybrid webinars Hybrid webinars are a combination of live presentations and pre-recorded segments. This solution allows for the convenience of polished, pre-recorded content and facilitates interaction with audiences during live sections. With the right software and preparation, hybrid webinars can get the best of both worlds. It strikes a balance between flexibility and convenience. HubSpot does a decent job of using hybrid webinars to introduce new products and services. Its webinars balance managing the company’s messaging, building its community, and answering customer questions. Virtual workshop webinars Virtual workshop webinars entail group discussion and practical exercises. Usually, an instructor or subject matter expert leads these workshops, and they aim to give attendees hands-on experience with whatever the subject is that’s being presented. The virtual workshop webinar format is great because it allows participants to engage in interactive learning worldwide. Like many online course platforms, Coursera runs virtual workshop webinars on topics like programming and business development that you can access from anywhere. These workshops often include things like interactive coding challenges, group discussions, and other hands-on activities. The four standard webinar formats Most webinar software allows the following four formats for webinars: Single presenter. Panel discussion. Product demo. Q&A. Some webinar platforms allow you to mix formats. A panel

Artificial intelligence has come to the desktop. Microsoft 365 Copilot, which debuted last year, is now widely available. Apple Intelligence just reached general beta availability for users of late-model Macs, iPhones, and iPads. And Google Gemini will reportedly soon be able to take actions through the Chrome browser under an in-development agent feature dubbed Project Jarvis. The integration of large language models (LLMs) that sift through business information and provide automated scripting of actions — so-called “agentic” capabilities — holds massive promise for knowledge workers but also significant concerns for business leaders and chief information security officers (CISOs). Companies already suffer from significant issues with the oversharing of information and a failure to limit access permissions — 40% of firms delayed their rollout of Microsoft 365 Copilot by three months or more because of such security worries, according to a Gartner survey. The broad range of capabilities offered by desktop AI systems, combined with the lack of rigorous information security at many businesses, poses a significant risk, says Jim Alkove, CEO of Oleria, an identity and access management platform for cloud services. “It’s the combinatorics here that actually should make everyone concerned,” he says. “These categorical risks exist in the larger [native language] model-based technology, and when you combine them with the sort of runtime security risks that we’ve been dealing with — and information access and auditability risks — it ends up having a multiplicative effect on risk.” Related:Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2 Desktop AI will likely take off in 2025. Companies are already looking to rapidly adopt Microsoft 365 Copilot and other desktop AI technologies, but only 16% have pushed past initial pilot projects to roll out the technology to all workers, according to Gartner’s “The State of Microsoft 365 Copilot: Survey Results.” The overwhelming majority (60%) are still evaluating the technology in a pilot project, while a fifth of businesses haven’t even reached that far and are still in the planning stage. Most workers are looking forward to having a desktop AI system to assist them with daily tasks. Some 90% of respondents believe their users would fight to retain access to their AI assistant, and 89% agree that the technology has improved productivity, according to Gartner. Bringing Security to the AI Assistant Unfortunately, the technologies are black boxes in terms of their architecture and protections, and that means they lack trust. With a human personal assistant, companies can do background checks, limit their access to certain technologies, and audit their work — measures that have no analogous control with desktop AI systems at present, says Oleria’s Alkove. Related:Delinea Joins CVE Numbering Authority Program AI assistants — whether they are on the desktop, on a mobile device, or in the cloud — will have far more access to information than they need, he says. “If you think about how ill-equipped modern technology is to deal with the fact that my assistant should be able to do a certain set of electronic tasks on my behalf, but nothing else,” Alkove says. “You can grant your assistant access to email and your calendar, but you cannot restrict your assistant from seeing certain emails and certain calendar events. They can see everything.” This ability to delegate tasks needs to become part of the security fabric of AI assistants, he says. Cyber-Risk: Social Engineering Both Users & AI Without such security design and controls, attacks will likely follow. Earlier this year, a prompt injection attack scenario highlighted the risks to businesses. Security researcher Johann Rehberger found that an indirect prompt injection attack through email, a Word document, or a website could trick Microsoft 365 Copilot into taking on the role of a scammer, extracting personal information, and leaking it to an attacker. Rehberger initially notified Microsoft of the issue in January and provided the company with information throughout the year. It’s unknown whether Microsoft has a comprehensive fix for the issue. Related:Citizen Development Moves Too Fast for Its Own Good The ability to access the capabilities of an operating system or device will make desktop AI assistants another target for fraudsters who have been trying to get a user to take actions. Instead, they will now focus on getting an LLM to take actions, says Ben Kliger, CEO of Zenity, an AI agent security firm. “An LLM gives them the ability to do things on your behalf without any specific consent or control,” he says. “So many of these prompt injection attacks are trying to social engineer the system — trying to go around other controls that you have in your network without having to socially engineer a human.” Visibility Into AI’s Black Box Most companies lack visibility into and control of the security of AI technology in general. To adequately vet the technology, companies need to be able to examine what the AI system is doing, how employees are interacting with the technology, and what actions are being delegated to the AI, Kliger says. “These are all things that the organization needs to control, not the agentic platform,” he says. “You need to break it down and to actually look deeper into how those platforms actually being utilized, and how do people build and interact with those platforms.” The first step to evaluating the risk of Microsoft 365 Copilot, Google’s purported Project Jarvis, Apple Intelligence, and other technologies is to gain this visibility and have the controls in place to limit an AI assistant’s access on a granular level, says Oleria’s Alkove. Rather than a big bucket of data that a desktop AI system can always access, companies need to be able to control access by the eventual recipient of the data, their role, and the sensitivity of the information, he says. “How do you grant access to portions of your information and portions of the actions that you would normally take as an individual, to that agent, and also only for a period of time?” Alkove asks. “You might only want the

The Human Rights Law Centre has released a new guide that empowers Australian tech employees to speak out against harmful company practices or products. The guide, Technology-Related Whistleblowing, provides a summary of legally protected avenues for raising concerns about the harmful impacts of technology, as well as practical considerations. SEE: ‘Right to Disconnect’ Laws Push Employers to Rethink Tech Use for Work-Life Balance “We’ve heard a lot this year about the harmful conduct of tech-enabled companies, and there is undoubtedly more to come out,” Alice Dawkins, Reset Tech Australia executive director, said in a statement. Reset Tech Australia is a co-author of the report. She added: “We know it will take time to progress comprehensive protections for Australians for digital harms –  it’s especially urgent to open up the gate for public accountability via whistleblowing.” Potential harms of technology an area of focus in the Australian market Australia has experienced relatively little tech-related whistleblowing. In fact, Kieran Pender, the Human Rights Law Centre’s associate legal director, said, “the tech whistleblowing wave hasn’t yet made its way to Australia.” However, the potential harms involved in technologies and platforms have been in the spotlight due to new laws by the Australian government and various technology-related scandals and media coverage. Australia’s ban on social media for under 16s Australia has legislated a ban on social media for citizens under 16, coming into force in late 2025. The ban, spurred by questions about the mental health impacts of social media on young people, will require platforms like Snapchat, TikTok, Facebook, Instagram, and Reddit to verify user ages. A ‘digital duty of care’ for technology companies Australia is in the process of legislating a “digital duty of care” following a review of its Online Safety Act 2021. The new measure requires tech companies to proactively keep Australians safe and better prevent online harms. It follows a similar legislative approach to the U.K. and European Union versions. Bad automation in tax Robodebt scandal Technology-assisted automation in the form of taxpayer data matching and income-averaging calculations resulted in 470,000 wrongly issued tax debts being pursued by the Australian Taxation Office. The so-called Robodebt scheme was found to be illegal and resulted in a full Royal Commission investigation. AI data usage and impact on Australian jobs An Australian Senate Select Committee recently recommended establishing an AI law to govern AI companies. OpenAI, Meta, and Google LLMs would be classified as “high-risk” under the new law. Much of the concerns involved the potential use of copyrighted material in AI model training data without permission and the impact on the livelihoods of creators and other workers due to AI. A recent OpenAI whistleblower shared some concerns in the U.S. Consent an issue in AI model health data The Technology-Related Whistleblowing guide points to reports that an Australian radiology company handed over medical scans of patients without their knowledge or consent for a healthcare AI start-up to use the scans to train AI models. Photos of Australian kids used by AI models Analysis by Human Rights Watch found that LAION-5B, a data set used to train some popular AI tools by scraping internet data, contains links to identifiable photos of Australian children. Children or their families gave no consent. Payout after Facebook Cambridge Analytica scandal The Office of the Australian Information Commissioner recently approved a $50 million settlement from Meta following allegations that Facebook user data was harvested by an app, exposed to potential disclosure to Cambridge Analytica and others, and possibly used for political profiling. Concerns over immigration detainee algorithm The Technology-Related Whistleblowing guide referenced reports about an algorithm being used to rate risk levels associated with immigration detainees. The algorithm’s rating allegedly impacted how immigration detainees were managed, despite questions over the data and ratings. More Australia coverage Australian tech workers have whistleblowing protections detailed The guide outlines in detail the protections potentially available to tech employee whistleblowers. For instance, it explains that in the Australian private sector, different whistleblower laws exist that cover certain “disclosable matters” that make employees eligible for legal protections. Under the Corporations Act, a “disclosable matter” arises when there are reasonable grounds to suspect the information concerns misconduct or an improper state of affairs or circumstances in an organisation. SEE: Accenture, SAP Leaders on AI Bias Diversity Problems and Solutions Public sector employees can leverage Public Interest Disclosure legislation in circumstances involving substantial risks to health, safety, or the environment. “Digital technology concerns are likely to arise in both the public and private sectors which means there is a possibility that your disclosure may be captured by either the private sector whistleblower laws or a PID scheme — depending on the organisation your report relates to,” the guide advised Australian employees. “In most cases, this will be straightforward to determine, but if not we encourage you to seek legal advice.” Australia: A testing ground for the ‘good, bad, and unlawful’ in tech Whistleblower Frances Haugen, the source of the internal Facebook material that led to The Facebook Files investigation at The Wall Street Journal, wrote a forward for the Australian guide. She said the Australian government was signaling moves on tech accountability, but its project “remains nascent.” “Australia is, in many respects, a testing centre for many of the world’s incumbent tech giants and an incubator for the good, bad, and the unlawful,” she claimed in the whistleblowing guide. SEE: Australia Proposes Mandatory Guardrails for AI The authors argue in their release that more people than ever in Australia are being exposed to the harm caused by new technologies, digital platforms, and artificial intelligence. However, they noted that, amidst the policy debate, the role of whistleblowers in exposing wrongdoing has been largely disregarded. Haugen wrote that “the depth, breadth, and pace of new digital risks are rolling out in real-time.” “Timely disclosures will continue to be vitally necessary for getting a clearer picture of what risks and potential harm are arising from digital products and services,” she concluded. source