I'm a PhD biologist and I read @OpenAI's threat preparedness assessment plan for CBRN threats. It appears to be total nonsense designed without any input from a scientist. Here's why: #ai#artificialintelligence#airisk#aisafety
It is endlessly fascinating to me that so many #infosec professionals believe the primary threat to email security is theft during transmission, when in fact the primary threat is and has always been theft from the email server where the message ends up.
While I want my email to be e2e-encrypted what I really want is no one to ever ask me to send PII/PHI via email.
Too many infosec people are bad at #RiskAssessment.
I've heard so many of these types of comments over the past 3 years, I thought it was time to write a bit about how one big aspect of infection is a numbers game. /1
“Prolonged exposure in close proximity to someone with #COVID19 puts people at high risk of catching the disease, even if they’ve had both the disease and vaccinations against it, a study1 shows.
The study, reveals that the greater a person’s exposure to #SARSCoV2, the more vulnerable they are to infection, regardless of their vaccination status. This relationship has long been suspected, but the study is one of the first to document it.” @novid https://www.nature.com/articles/d41586-023-02715-1
Question for small business cybersecurity friends... for assessments and audits, are you seeing a lot of guidance and information regarding newer AI tech (like chatbots, unmanned vestibules, blah blah etc) and standards the small business should be adhering to?
What guidance/framework are you following/referencing when implementing this kind of tech, and how useful is it for small business specifically?
What role in your org is responsible for ensuring standards are met, or remediating audit findings pertaining to this?
(When I say small business for the purposes of this question I mean under 1k employees.)
"The simultaneous occurrence of rain-driven flooding & landslides, high-intensity winds, & multiple fires complicated emergency response. The compounding nature of the hazards produced during the Hurricane Lane event highlights the need to improve anticipation of complex feedback mechanisms among climate- & weather-related phenomena"
The #UK updated (and declassified portions) of its Risk Register...
possibility of a “catastrophic” pandemic as 5% to 25% likely in a 5-year period.
an attack on infrastructure, such as its energy network, with a “significant” impact as 5% to 25% likely within a 2-year period.
failure of the electric grid & a large-scale chemical, biological, nuclear or radiological attack are both assessed as 1% to 5% likely within 2-5 years.
most likely major risks, at greater than 25% chance in the next 2 to 5 yrs & “moderate” impact were terrorist attacks in public places, tech failure in the financial services industry, attack on a non-Nato ally, & disaster response overseas.
threat of a malicious drone attack rated “moderate” in impact, but only 0.2% to 1% likely in next 2 yrs.
Both artificial intelligence and climate change are rated as “chronic” risks along with antimicrobial resistance, & organised crime.
If a drone or terror attack are considered moderate impact, I'd say greater than 50% chance of a moderate impact climate disaster in the UK in the next 2-5 years.
Hacking Acute Care: A Qualitative Study on the Health Care Impacts of Ransomware Attacks Against Hospitals
My comment: This was a small-sample qualitative survey research study that generated some proactive recommendations for hospitals. If you don't have access to Annals of Emergency Medicine, there's a write-up of the research here:
I love it when NYS DFS and the NYS Attorney General's Office crack down on poor security.
Here's another enforcement action in the financial sector by NYSDFS. They have fined lender and mortgage service provider OneMain Financial Group $4.25 million dollars and of course, there's a corrective action plan: