source

Where would the world be without APIs? There would likely be a lot less connected and software releases flowing like molasses. Developers use APIs to add capabilities to their apps quickly, though the grab-and-go approach is unwise when it comes to AI.  “While many developers are proficient in embedding AI into applications, the challenge lies in fully understanding the nuances of AI development, which is vastly different from traditional software development,” says Chris Brown, president of professional services company Intelygenz. “AI is not just another technical component. It’s a transformative tool for solving complex business challenges.”  Jason Wingate, CEO of Emerald Ocean, a technology and business solutions company focused on product innovation, brand development and strategic distribution also believes that while APIs make embedding AI seem as simple as calling a function, many developers do not understand how models work and their risks.   “Several major companies in 2023 and early 2024 had their chatbots compromised through prompt injection. Users sent prompts like ‘Ignore previous instructions’ or ‘Forget you are a customer service bot,’ causing the AI to reveal sensitive information,” says Wingate. “This happened because developers didn’t implement proper guardrails against prompt injection attacks. While much of this has been addressed, it showcases how unprepared developers were in using AI via APIs.”  Related:Let’s Revisit Quality Assurance Timothy E. Bates, professor of practice, University of Michigan and former Lenovo CTO, also warns that most developers don’t fully grasp the complexities of AI when they embed it using APIs.   “They treat it as a ‘plug-and-play’ tool without understanding the intricacies of the underlying models, such as data bias, ethical implications and dynamic updates by AI providers. I’ve seen this firsthand, especially when advising organizations where developers inadvertently introduced vulnerabilities or misaligned features by misusing AI,” says Bates.   An organization can miss opportunities due to a lack of knowledge, which results in poor ROI.  “AI should be tested in sandbox environments before production. [You also need] governance. Establish oversight mechanisms to monitor AI behavior and outcomes,” says Bates. “AI usage should be [transparent] to end users, maintaining trust and avoiding backlash. Combining developers, data scientists and business leaders into cross-functional teams ensures AI aligns with strategic goals.”  Ben Clayton, CEO of forensic audio and video analysis company Media Medic has also seen evidence of developer struggles firsthand.  Related:Soft Skills, Hard Code: The New Formula for Coding in the AI Era “Developers need a solid grasp of the basics of AI — things like data, algorithms, machine learning models, and how they all tie together. If you don’t understand the underlying principles, you could end up using AI tools in ways that might not be optimal for the problem you’re solving,” says Clayton.  “For example, if you’re relying on a model without understanding how it was trained, you might be surprised when it doesn’t perform as expected in real-world scenarios.”  Technology Is Only Part of the Picture  A common challenge is viewing AI as a technological solution rather than a strategic enabler.   “Organizations often falter by embedding AI into their operations without clearly defining the business problem it is solving. This can result in misaligned goals, poor adoption rates and systems that fail to deliver ROI,” says Intelygenz’s Brown. “AI implementation must start with a clear business case or IT improvement objective whether it’s streamlining operations, optimizing network performance, or enhancing customer experience. Without this foundation, AI becomes a costly experiment instead of a transformative solution.”  Chris Brown, Intelygenz Gabriel Zessin, software architect at API solution provider Sensedia, agrees.  Related:Is Open Source a Threat to National Security? “In my opinion, although most developers are proficient in API integrations, not all of them understand AI well enough to use it effectively, especially when it comes to embedding AI to their existing applications. It’s important for developers to set the expectations of what can be achieved with AI for each company’s use case alongside the business teams, like product owners and other stakeholders,” says Zessin.   Data  AI feeds on data. If the data quality is bad, AI becomes unreliable.  “[S]ourcing the correct data is often challenging,” says Josep Prat, engineering director of streaming services at AI and data platform company Aiven. “External influences such as data sovereignty and privacy controls affect data harvesting, and many databases are not optimized properly. Understanding how to harvest and optimize data is key to creating effective AI. Additionally, developers need to understand how AI models produce their outputs to use them effectively.”  Probabilistic Versus Deterministic  Traditionally, software developers have been taught that a given input should result in a certain output. However, AI tends to be probabilistic, which is based on the likelihood something will happen. Deterministic, on the other hand, assures an outcome based on previous results. “Instead of a guaranteed answer, [probabilistic] offers confidence levels at about 95%. And keep in mind, what works in one scenario may not work in another. These fundamentals are key to setting realistic expectations and developing AI effectively,” says Sri (Srikanth) Hosakote, chief development officer and co-founder at campus network-as-a-service (NaaS) Nile. “I find that many organizations successfully adopt AI by working directly with customers to identify pain points and then developing solutions that address those issues.”  Have a Feedback Loop and Test  APIs simplify AI integration, but without understanding the role of feedback loops, developers risk deploying models without mechanisms to catch errors or learn from them. A feedback loop ensures that when the AI output is wrong or inconsistent, it’s flagged, documented, and shared across teams.   “[A feedback loop] prevents repeated use of flawed models, aligns AI performance with user needs and creates a virtuous cycle of improvement,” says Robin Patra, head of data at design-build construction company ARCO Design/Build. “Without such systems, errors may persist unchecked, undermining trust and user experience.”  It’s also wise to involve stakeholders who can provide feedback about the AI outputs, such as whether the prediction is accurate, the recommendation relevant or a fair decision.  “Feedback isn’t just about a single mistake. It’s about identifying

Payroll documentation is more than just paperwork — it’s the backbone of your company’s compliance and efficiency. For HR professionals managing payroll across different regions, whether in a global company, a U.S.-only operation, or something in between, understanding which forms and records are required is essential. Getting employees paid at work while meeting tax, social security, and labor law obligations requires the right payroll documents. And with rules that vary from country to country — and even state to state — you need a reliable resource to help you through it all. This guide provides everything you need to ensure your payroll operations are compliant and efficient, no matter where your team is located. 1 Paycor Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees) Micro, Small, Medium Features API, Check Printing, Document Management / Sharing, and more 2 Velocity Global Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Employee Database, Multi-Country Payroll, Onboarding, and more 10 payroll documents you need to pay U.S. employees Whether you’re setting up payroll for a new hire or managing ongoing payroll operations, understanding how to do payroll includes knowing what documents are essential for getting U.S. employees paid at work and staying compliant with federal and state regulations. 1. W-4 form (employee’s withholding certificate) The W-4 form is a foundational document in payroll. Every new hire must complete this form, which determines the amount of federal income tax to withhold from their paycheck. Employees can update their W-4 at any time, which allows them to adjust their withholding as their financial situation changes. Ensuring accurate completion of the W-4 form is critical — errors can lead to under- or over-withholding, creating headaches for both employees and the business. 2. I-9 form (employment eligibility verification) The I-9 form is another essential piece of payroll documentation that is required for verifying a new employee’s eligibility to work in the U.S. Employers must complete this form within three days of an employee’s start date. The I-9 requires the employee to provide documents that establish both identity and employment authorization, such as a U.S. passport or a combination of a driver’s license and Social Security card. Employers must keep these records on file for three years after the hire date or one year after termination, whichever is later, to remain compliant. 3. State withholding forms In addition to the federal W-4, many states require their own withholding forms to calculate state income tax. These forms function similarly to the W-4 but are specific to each state’s tax requirements. Ensuring that you collect and correctly process these state-specific forms is vital for maintaining compliance and accurate payroll processing. 4. Direct deposit authorization form A direct deposit authorization form allows an employee to have their paycheck directly deposited into their bank account; this document collects the necessary banking information, such as routing and account numbers, and authorizes the employer to make electronic payments. While not legally required, direct deposit is a common and efficient way to ensure employees are paid promptly and securely. It also reduces the administrative burden of printing and distributing physical checks. 5. Employee agreement or offer letter An employee agreement or offer letter outlines the terms of employment, including job responsibilities, salary, benefits, and other important details; this document serves as the official contract between the employee and the employer. It not only sets expectations but also acts as a reference point for resolving potential disputes. Having a signed agreement on file is a key part of payroll documentation, as it provides proof of the agreed salary and terms, supporting compliance and transparency. 6. Form W-2 (wage and tax statement) At the end of each year, employers must provide employees with a W-2 form, which details their total earnings, tax withholdings, Social Security contributions, and other relevant payroll information; employees use this form to file their federal and state tax returns. Employers must also submit W-2 forms to the Social Security Administration and relevant state agencies. Failing to provide accurate W-2s can result in penalties, so it’s essential to have a robust process for generating and distributing these forms. 7. Form 1095-C (employer-provided health insurance offer and coverage) For companies with 50 or more full-time employees, the Affordable Care Act (ACA) requires employers to provide Form 1095-C to employees; this document reports the health insurance coverage offered to the employee and their dependents, if applicable. Employers must also file this form with the IRS. Proper documentation of health insurance offerings is critical for ensuring ACA compliance and avoiding penalties. 8. Time sheets and attendance records Accurate tracking of hours worked is crucial, especially for non-exempt employees under the Fair Labor Standards Act (FLSA). Time sheets and attendance records are essential payroll forms for calculating wages, overtime pay, and ensuring compliance with labor laws. Digital systems that automate time tracking can help maintain accurate records and streamline payroll processing, reducing the likelihood of payroll disputes or compliance issues. 9. Payroll register A payroll register is a summary report that includes all payroll information for each pay period, such as gross pay, net pay, tax withholdings, and benefits deductions; this document serves as an internal record for HR and payroll teams to verify the accuracy of payroll operations. In addition, payroll registers are valuable for audits, as they provide a clear overview of each employee’s earnings and deductions. 10. Form 941 (employer’s quarterly federal tax return) Form 941 is a quarterly report filed by employers to the IRS detailing federal income tax, Social Security, and Medicare taxes withheld from employees’ paychecks; this form also reports the employer’s share of Social Security and Medicare taxes. Filing Form 941 on time is crucial for demonstrating payroll tax compliance and avoiding IRS penalties. More payroll coverage Essential payroll documents: A global perspective If your business operates internationally, you’ll need to navigate various

Another critical focus area is the development of human capital. Saudi Arabia has prioritized the creation of a highly skilled cybersecurity workforce to support its growing digital economy. Through partnerships with global tech firms and academic institutions, the Kingdom is investing in cybersecurity education, certification programs, and specialized training. By equipping its citizens with the knowledge and skills to identify, mitigate, and respond to cyber threats, Saudi Arabia is building a talent pool capable of addressing the ever-evolving challenges of the digital age. International cooperation is also central to Saudi Arabia’s cybersecurity strategy. Understanding that cyber threats transcend national borders, the Kingdom actively collaborates with other countries and global organizations to share threat intelligence, best practices, and resources. Through these partnerships, Saudi Arabia is contributing to the development of global cybersecurity standards and policies, reinforcing its role as a key player in the international cybersecurity community. The Kingdom’s Vision 2030 is also a driving force behind its cybersecurity efforts. As part of its broader initiative to diversify its economy and reduce dependence on oil, Saudi Arabia recognizes that a secure digital infrastructure is critical to fostering innovation, attracting investment, and building trust in its growing tech sector. With cybersecurity at the forefront of its Vision 2030 goals, Saudi Arabia is positioning itself as a leading digital economy, capable of harnessing the power of emerging technologies while mitigating potential risks. source

By Matthew Perlman ( December 20, 2024, 8:16 PM EST) — Epic Systems Corp. told a New York federal court that an antitrust case lodged by Particle Health Inc. is really just payback for revealing concerns that Particle allowed its customers to inappropriately access personal medical records…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

A data strategy requires a culture  In recognition of Peter Drucker’s adage “culture eats strategy for breakfast,” a corresponding culture is also an essential prerequisite for a successful data strategy. (Corporate) culture encompasses the intangible foundations of an organization’s creative achievements.  Regarding data culture, for example, the question of how federal structures are designed arises: Does an organization tend to emphasize central responsibility or local responsibility? Do federal levels also correspond to hierarchical levels, i.e. are decisions escalated through management or are competent committees (with decision-making authority), put together differently? How is the decentralized competence of the domains balanced in comparison to centrally provided platforms that are to be used with the shortest possible learning curve for users from the domains, but which have to be operated at considerable expense?  Moving step by step to the ‘North Star’  Companies that are rethinking their data strategy should develop a North Star but then proceed in a very pragmatic way. The North Star represents the desired end state: Do you want to increase efficiency, improve products or services based on insights from existing data or open up new business areas? If the goal of a data strategy and corresponding initiatives is not clear, then the realization is doomed to failure. Only when the direction is clear can practically realizable steps lead to success.  The organization can be carefully modified, for example, to establish federal governance structures, implement central control of the top ontology layer, and adapt and improve it in interaction with the domains. The domains must be empowered to independently implement data products, with a central definition of the policies that must apply to all, for example with regard to identity and access management. And here, in the creation of a platform — planned or emergent because of only loosely coordinated initiatives to reduce communication overheads — the data strategy approaches the classic IT strategy, particularly concerning cloud architectures.  source

Norton vs McAfee has been an antivirus war that has been waged for decades in the consumer, small business, and enterprise arena. Both became household words in the late nineties as Windows 95 and subsequent operating systems captured the popular imagination. Hackers quickly started throwing viruses and other threats at the PC world. Vendors like Norton and McAfee emerged. Just about every PC owner installed one or the other. Over the years, I’ve had both installed on my PCs and laptops, and I’ve largely been satisfied with both. Fast-forward a quarter of a century, and the landscape has shifted. Many more antivirus choices are available, and a host of other threats now have to be dealt with. Yet, AV remains a core element of the security landscape. Norton and McAfee’s longevity attests to their AV tools’ capability. But which is best? Norton Antivirus Plus: Best for those who want good AV protection that comes with a password manager and cloud storage at a price that is hard to beat. McAfee Total Protection: Best for those who need good AV protection, a VPN, identity monitoring, and a firewall at a decent price. 1 ESET PROTECT Advanced Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Advanced Threat Defense, Full Disk Encryption , Modern Endpoint Protection, and more 2 ManageEngine Log360 Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Micro, Small, Medium, Large, Enterprise Features Activity Monitoring, Blacklisting, Dashboard, and more 3 Graylog Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Medium, Large, Enterprise Features Activity Monitoring, Dashboard, Notifications Norton Antivirus Plus vs. McAfee Total Protection: Comparison table Norton Antivirus Plus McAfee Total Protection Our rating (out of 5) 4.8 4.75 Starting price $30 per year for 5 devices $40 per year for 5 devices AV and malware protection Excellent Excellent Scanning speed Excellent Very good False positives Very good Excellent Also included in the price 2 GB cloud backup, password manager. VPN, web protection, identity monitoring, firewall. Norton Antivirus Plus vs Norton Total Protection: Pricing Winner: Norton AV Plus Image: Norton Norton Antivirus Plus pricing Norton AV Plus normally costs $85 per year for five devices. It is currently on offer for $30 per year if you pay for the entire year upfront. I took advantage of a seven-day free trial but had to search around on the website to find it. The company definitely preferred that I buy the service with a 60-day money-back guarantee rather than allowing me to sign up for a free trial. If you want more than the basic consumer-level AV plan, I had the option to add 50 GB of extra cloud storage, a password manager, and more for $50 per year, or the Lifelock identity protection service, a VPN, and a host of other security features for $100 per year. Image: McAfee McAfee Total Protection pricing McAfee Total Protection is priced at $120 per year, reduced to $40 on special offer. As it comes with the VPN, firewall, and identity monitoring already included, I found it challenging to conduct a full apples-to-apples comparison. The free trial I signed up for lasts 30 days. A 30-day money-back guarantee is also available. Pricing gets complicated as there are so many versions to choose from. $50 per year gets you AI-powered AI, $90 adds in a million dollars of identity theft protection and bank/credit card monitoring. $200 provides everything mentioned but ups the ID protection to two million, and throws in $25,000 in ransomware protection and more safeguards for financial accounts. Norton Antivirus Plus vs McAfee Total Protection: Feature comparison AV and malware protection Winner: Tie I liked the fact that Norton Antivirus Plus covers a range of features including scam, antivirus, malware, ransomware, and hacking protection. Further protections are available as you grade up to the more expensive packages that include encryption, Wi-Fi security, ad blocking, dark web monitoring, and more. However, the basic protection features offered by AV Plus cover the primary bases. SEE: NordVPN Review (2024): Is NordVPN Worth the Cost? (TechRepublic) I found that McAfee Total Protection covers a similar range and throws in a protection score and firewall. But then Norton AV Plus includes cloud backup and a password manager. There is little between them. Norton AV Plus typically completes virus scanning in less time than McAfee Total Protection, according to speed tests. Scanning speed Winner: Norton AV Plus Norton Antivirus Plus and McAfee Total Protection have both been tested extensively on a variety of speed tests and against various benchmarks. Norton AV Plus wins on sheer scanning speed. Its full and quick scans for AV and malware sometimes take about half the time of those done in McAfee Total Protection. However, I rarely pay attention to the length of the scan as I typically do it in the background while I get on with other tasks. That said, McAfee tends to consume fewer system resources for scanning than Norton. What you gain on the swings, you lose on the roundabouts. Overall, though, I give Norton Antivirus Plus the nod on scanning speed. Norton Options include cloud backup and a password manager False positives Winner: McAfee Total Protection False positives are the bane of security systems. Sometimes, so many alerts are generated that it can be overwhelming. Particularly when some of these alerts are false, unnecessary work can be generated. Over the last quarter of a century, I’ve seen both McAfee and Norton tools be guilty of providing an inordinate number of alerts, many of which were worthless. But times have changed. Both Norton Antivirus Plus and McAfee Total Protection do well when it comes to minimizing false positives, but McAfee generates fewer false alerts. McAfee Total Protection has a VPN, firewall, and

When the Irish Health Care System (HSE)’s data was ransom attacked,  80% of their data became corrupted and unusable. In July, the city of Columbus experienced a ransomware attack that disrupted various municipal services, and months later, it is still working towards recovery. Ransomware attacks are becoming more frequent and causing unprecedented chaos and financial distress. Few organizations have been this transparent following a ransomware attack, but HSE and Columbus are far from alone. Following ransomware attacks, organizations rely on their data protection solution to recover and restore business operations as quickly as possible. However, instead of providing a timely and confident recovery, the limitations of traditional data protection and storage solutions become exposed, and organizations are left paying the ransom, and even then, only 4% get all of their data back (Sophos, States of Ransomware, 2022). This demonstrates how traditional data protection solutions fail to fully support cyber resiliency, despite having added “cyber” features to their products. Features like immutability, isolation, virus scanning, and multi-factor authentication are often easily integrated. Some vendors even rely on marketing hype, attempting to position themselves as security vendors rather than delivering real value. Key Questions to Ask About Data Protection Here are key questions that traditional data protection solutions struggle to answer regarding cyber resiliency: 1. What was the Impact of the Attack? Data protection vendors often rely on high-level analysis to detect unusual activity in backups or snapshots. This includes threshold analysis, identifying unusual file changes, or detecting changes in compression rates that may suggest ransomware encryption. These methods are essentially guesses prone to false positives. During a ransomware attack, details matter. Leveraging advanced AI engines to detect patterns indicative of cyberattacks offers more accuracy, reduces false alerts, and provides the critical details of exactly what files and databases were impacted to support smarter recovery. 2. How can Data Loss be Minimized? Organizations snapshot or back up data regularly, ranging from hourly to daily intervals. When an attack occurs, restoring a snapshot or backup overwrites production data—some of which may have been corrupted by ransomware—with clean data. If only 20% of the data in the backup has been manipulated by bad actors, recovering the full backup or snapshot will result in overwriting 80% of data that did not need restoration. This will include valuable business information that could be lost forever. Detailed forensic insight into which specific files were impacted is essential to minimizing data loss. 3. Do I Need to Validate Databases from Ransomware Corruption? Cybercriminals understand that databases are the backbone of many businesses, making them prime targets for extortion. By corrupting these databases, they can pressure organizations into paying ransoms. Using common variants, such as ransomware that intermittently encrypts data, attackers can disrupt both user files and critical databases. Although some vendors suggest that there’s no need to validate database integrity—arguing that corrupted databases will simply cease to function—this is misleading and will result in significant impact following an attack. Regular validation of production databases, including their content and structure, is essential to ensure cybersecurity resilience and mitigate potential damage. 4. Is the AI Engine Smart Enough?  AI is now a mainstream topic, but understanding how an AI engine is trained is critical to evaluating its effectiveness. When dealing with ransomware, it’s important that the AI is trained on real ransomware variants and how they impact data. If the AI is only trained to look for threshold changes or compression rate fluctuations, cybercriminals can adjust their tactics to bypass detection. Many modern encryption algorithms do not affect compression rates, and certain ransomware variants avoid triggering metadata-based threshold alerts. AI engines must be trained on actual ransomware behaviors and constantly updated with new variants to ensure the accuracy and relevance to support smart recovery. 5. Can you Keep Up with Modern Ransomware Variants?  Ransomware evolves quickly, with bad actors introducing new encryption algorithms and altering how files are corrupted. Signature scanning and other methods based on specific indicators of compromise struggle to keep up with these rapid changes.  What’s needed is an automated approach that continually tests against the latest ransomware variants and provides a service-level agreement (SLA), ensuring reliability and accuracy in detecting data corruption caused by attacks. Demand Trust-Worthy Resilience Organizations need to demand AI data integrity engines that can accurately detect corruption due to cyberattacks, detailed forensic insights to minimize data loss, regular validation of data at rest to ensure reliability, and continuously updated AI to keep up with evolving ransomware variants. Traditional methods often fail to provide effective cyber resiliency. Challenge good enough methods and implement an integrated storage and data protection solution you can trust. source

Millions of missed calls While the CrowdStrike outage was huge, it was dwarfed in sheer numbers by a February service interruption at AT&T Mobility, affecting 125 million mobile devices across the US. The outage, lasting more than 12 hours, prevented about 92 million calls from being completed, including 25,000 911 calls, according to the US Federal Communications Commission. An equipment configuration error was the cause of the massive outage. While it took AT&T close to two hours to roll back the network change, restoration of full service took at least 12 hours because the mobile carrier’s device registration systems were overwhelmed with the high volume of requests for re-registration onto the network, the FCC said. Then in June, AT&T customers reported another service outage. Reports of service outages began to spike at 1 p.m. EST on June 4, then declined around 6 p.m. The areas surrounding New York City, Chicago, Philadelphia, Dallas, Pittsburgh, and Indianapolis were apparently affected. source