Cybersecurity has reached a tipping point. After decades of private-sector organizations more or less being left to deal with cyber incidents on their own, the scale and impact of cyberattacks means that the fallout from these incidents can ripple across societies and borders.
Now, governments feel a need to “do something,” and many are considering new laws and regulations. Yet lawmakers often struggle to regulate technology — they respond to political urgency, and most don’t have a firm grasp on the technology they’re aiming to control. The consequences, impacts, and uncertainties on companies are often not realized until afterward.
In the United States, a whole suite of new regulations and enforcement are in the offing: the Federal Trade Commission, Food and Drug Administration, Department of Transportation, Department of Energy, and Cybersecurity and Infrastructure Security Agency are all working on new rules. In addition, in 2021 alone, 36 states enacted new cybersecurity legislation. Globally, there are many initiatives such as China and Russia’s data localization requirements, India’s CERT-In incident reporting requirements, and the EU’s GDPR and its incident reporting.
Companies don’t need to just sit by and wait for the rules to be written and then implemented, however. Rather, they need to be working now to understand the kinds of regulations that are presently being considered, ascertain the uncertainties and potential impacts, and prepare to act.
What We Don’t Know About Cyberattacks
To date, most countries’ cybersecurity-related regulations have been focused on privacy rather than cybersecurity, thus most cybersecurity attacks are not required to be reported. If private information is stolen, such as names and credit card numbers, that must be reported to the appropriate authority. But, for instance, when Colonial Pipeline suffered a ransomware attack that caused it to shut down the pipeline that provided fuel to nearly 50% of the U.S. east coast, it wasn’t required to report it because no personal information was stolen. (Of course, it is hard to keep things secret when thousands of gasoline stations can’t get fuel.)
As a result, it’s almost impossible to know how many cyberattacks there really are, and what form they take. Some have suggested that only 25% of cybersecurity incidents are reported, others say only about 18%, others say that 10% or less are reported.
The truth is that we don’t know what we don’t know. This is a terrible situation. As the management guru Peter Drucker famously said: “If you can’t measure it, you can’t manage it.”
What Needs To Be Reported, by Whom, and When?
Governments have decided that this approach is untenable. In the United States, for instance, the White House, Congress, the Securities and Exchange Commission (SEC), and many other agencies and local governments are considering, pursuing, or starting to enforce new rules that would require companies to report cyber incidents — especially critical infrastructure industries, such as energy, health care, communications and financial services. Under these new rules, Colonial Pipeline would be required to report a ransomware attack.
To an extent, these requirements have been inspired by the reporting recommended for “near misses” or “close calls” for aircraft: When aircraft come close to crashing, they’re required to file a report, so that failures that cause such events can be identified and avoided in the future.
On its face, a similar requirement for cybersecurity seems very reasonable. The problem is, what should count as a cybersecurity “incident” is much less clear than the “near miss” of two aircraft being closer than allowed. A cyber “incident” is something that could have led to a cyber breach, but does not need to have become an actual cyber breach: By one official definition, it only requires an action that “imminently jeopardizes” a system or presents an “imminent threat” of violating a law.
This leaves companies navigating a lot of gray area, however. For example, if someone tries to log in to your system but is denied because the password is wrong. Is that an “imminent threat”? What about a phishing email? Or someone searching for a known, common vulnerability, such as the log4j vulnerability, in your system? What if an attacker actually got into your system, but was discovered and expelled before any harm had been done?
This ambiguity requires companies and regulators to strike a balance. All companies are safer when there’s more information about what attackers are trying to do, but that requires companies to report meaningful incidents in a timely manner. For example, based on data gathered from current incident reports, we learned that just 288 out of the nearly 200,000 known vulnerabilities in the National Vulnerability Database (NVD) are actively being exploited in ransomware attacks. Knowing this allows companies to prioritize addressing these vulnerabilities.
On the other hand, using an overly broad definition might mean that a typical large company might be required to report thousands of incidents per day, even if most were spam emails that were ignored or repelled. This would be an enormous burden both on the company to produce these reports as well as the agency that would need to process and make sense out of such a deluge of reports.
International companies will also need to navigate the different reporting standards in the European Union, Australia, and elsewhere, including how quickly a report must be filed — whether that’s six hours in India, 72 hours in the EU under GDPR, or four business days in the Unites States, and often many variations in each country since there is a flood of regulations coming out of diverse agencies.
What Companies Can Do Now
Make sure your procedures are up to the task.
Companies subject to SEC regulations, which includes most large companies in the United States, need to quickly define “materiality” and review their current policies and procedures for determining whether “materiality” applies, in light of these new regulations. They’ll likely need to revise them to streamline their operation — especially if such decisions must be done frequently and quickly.
Keep ransomware policies up to date.
Regulations are also being formulated in areas such as reporting ransomware attacks and even making it a crime to pay a ransom. Company policies regarding paying ransomware need to be reviewed, along with likely changes to cyberinsurance policies.
Prepare for required “Software Bill of Materials” in order to better vet your digital supply chain.
Many companies did not know that they had the log4j vulnerability in their systems because that software was often bundled with other software that was bundled with other software. There are regulations being proposed to require companies to maintain a detailed and up-to-date Software Bill of Materials (SBOM) so that they can quickly and accurately know all the different pieces of software embedded in their complex computer systems.
Although an SBOM is useful for other purposes too, it may require significant changes to the ways that software is developed and acquired in your company. The impact of these changes needs to be reviewed by management.
What More Should You Do?
Someone, or likely a group in your company, should be reviewing these new or proposed regulations and evaluate what impacts they will have on your organization. These are rarely just technical details left to your information technology or cybersecurity team — they have companywide implications and likely changes to many policies and procedures throughout your organization. To the extent that most of these new regulations are still malleable, your organization may want to actively influence what directions these regulations take and how they are implemented and enforced.
Acknowledgement: This research was supported, in part, by funds from the members of the Cybersecurity at MIT Sloan (CAMS) consortium.
Revolutionizing Marketing: The Power of AI in the Digital Age
Embracing AI-Powered Marketing: Transforming Brands in the Digital Marketplace
In the crowded digital marketplace, standing out is challenging. Enter AI-powered marketing, a revolutionary upgrade transforming brands into digital powerhouses.
Hyper-Personalized Campaigns: Beyond Basic Personalization
Gone are the days of generic marketing. Today’s gold standard is AI-driven hyper-personalization. This approach uses customer data analysis to create deeply resonant, individualized marketing campaigns. With AI’s ability to segment audiences based on intricate criteria, including purchasing history and browsing behavior, your messages can hit the mark every time.
Enhanced Customer Journey Mapping
AI’s capabilities extend to mapping the entire customer journey. By predicting needs and preferences at each stage, AI aids in crafting narratives that guide customers from discovery to purchase, integrating your brand into their personal stories.
SEO Wizardry: Mastering Search Engine Dynamics
With ever-changing algorithms, SEO is a complex puzzle. AI serves as a sophisticated navigator, deciphering these changes through machine learning. It aids in keyword optimization, understanding search intent, and aligning content with search trends.
AI tools offer predictive SEO, anticipating search engine and user behavior changes. This proactive stance ensures your brand’s prominent visibility in search results, capturing the right audience at the right time.
Social Media Mastery: Crafting a Digital Narrative
AI transforms social media strategies from uncertain to precise. By analyzing vast social data, AI provides insights into resonating content.
AI analyzes performance data to recommend effective content types. This data-driven approach refines your social media content strategy.
AI examines user interaction nuances, understanding engagement patterns. It helps tailor interactions for maximum impact, including adjusting posting schedules and messaging for increased relevance.
Conclusion: Navigating the AI-Driven Marketing Landscape
AI-powered marketing is essential for thriving in the digital age, offering precision and personalization beyond traditional methods. For small businesses, it’s a chance to leverage AI for impactful, data-driven strategies.
As we embrace the AI revolution, the future of marketing is not just bright but intelligently radiant. With AI as your digital ally, your brand is equipped for a successful journey, making every marketing effort and customer interaction count.
AI: Your Small Business Ally in a Digital Age
In the ever-evolving landscape of modern commerce, small business owners find themselves at a crossroads of opportunity and obsolescence. Enter Artificial Intelligence (AI) – once the exclusive domain of tech behemoths, it now stands as the great equalizer, offering small businesses a competitive edge previously unthinkable. The emergence of AI as a wingman for small businesses is not just a fleeting trend but a fundamental shift in how entrepreneurs can leverage technology to revolutionize their operations.
The 24/7 Customer Service Hero: Chatbots
In the digital storefront, customer service is the heartbeat of business survival and success. Chatbots emerge as the indefatigable heroes of this domain. Envision a customer service agent that never clocks out an entity that requires no sleep or sustenance yet delivers consistently and instantaneously. These AI-driven chat interfaces embody the essence of your brand’s voice, capable of handling a barrage of customer queries with a speed that outpaces the swiftest of typists. They are the embodiment of efficiency – ensuring that customer satisfaction is not just met but exceeded around the clock.
Unearthing Market Treasures: Data Dive
AI’s prowess in pattern recognition has catapulted data analytics into a realm once considered the stuff of science fiction. Small business owners armed with AI tools can sift through vast swathes of data to extract actionable insights. These algorithms act as modern-day oracles, predicting market trends, discerning customer behaviors, and offering sales forecasts with remarkable accuracy. Equipped with: this knowledge, small businesses, can navigate the market with the foresight and precision of an experienced captain steering through foggy seas.
Personalization at Scale: Customize Like a Boss
The age-old business mantra of the customer is king is given new potency with AI’s personalization capabilities. Tailoring the customer experience is no longer a luxury but a necessity. AI enables small businesses to offer bespoke experiences to consumers, making them feel like the sole focus of their attention. It’s personalization executed with such finesse that customers are left marveling at the thoughtfulness and individual attention, fostering loyalty and establishing deep-rooted brand connections.
Offloading the Mundane: Task Slayers
Repetitive tasks are the bane of creativity and innovation. AI steps in as the ultimate task slayer, automating routine chores that once consumed disproportionate amounts of time. From scheduling appointments to managing inventory, AI liberates entrepreneurs from the drudgery of administrative duties, freeing them to refocus on the creative and strategic endeavors that propel business growth.
Mastering Social Media: Social Savants
Social media – the pulsing vein of modern marketing – demands astuteness and agility. AI emerges as the savant of social media, capable of demystifying platform algorithms to optimize content delivery. It knows the optimal times to post, the types of content that resonate with audiences, and the strategies that convert passive scrollers into engaged customers. By automating your social media presence, AI transforms your brand into an online sensation, cultivating a digital community of brand ambassadors.
The Verdict: Embracing AI
For a small business owner, AI is not about an overnight overhaul but strategic integration. The goal is to start small, allowing AI to shoulder incremental aspects of your business, learning and scaling as you witness tangible benefits. The transition to AI-enablement does not necessitate a background in technology; it requires a willingness to embrace change and a vision for the future.
In summary, as the digital revolution marches forward, AI stands ready to partner with small businesses, providing them with tools once deemed the province of giants. This partnership promises to elevate the small business landscape, ushering in an era of democratized technology where every entrepreneur can harness the power of AI to write their own David vs. Goliath success story. AI, the once-distant dream, is now the most loyal wingman a small business can enlist in its quest for growth and innovation.
Apple’s October Scary Fast Event: Everything revealed about the new MacBook Pro, iMac and M3 chips
It’s time for another Apple event, with a spooky twist. The company announced a surprise “Scary Fast” event last week, prompting the rumor mill to speculate that Apple would be revealing new chips to power a new lineup of Macs.
As our resident Apple expert Brian Heater wrote, a new 24-inch iMac and a MacBook Pro refresh would be the most likely new announcements to expect from the October event, and as it turns out, he was spot-on. Apple’s new M3 chip lineup was the focal point of the event, powering each of the devices Apple showcased in their half-hour prerecorded event that had some fog, some bats and ominous choir music…but no big surprises for those following the rumor mill.
Since the event kicked off off at the uncharacteristically late time of 8pm ET / 5pm PT, so you might have missed out out on the reveals while putting the finishing touches on your Halloween decorating, or watching Monday Night Football. No judgement, we’re here to recap everything the October Apple event showcased in one spot.
New M3 chips
The “scary fast” part of the Apple event, as expected, are the new M3 chips. Apple has announce a M3, M3 Pro and M3 Max, which will be included in Apple’s new 24-inch iMac, MacBook Pros.
This time around, Apple has placed an emphasis on graphical horsepower, with hardware-accelerated ray tracing, mesh shading and Dynamic Caching, which Apple claims “dramatically increases the average utilization of the GPU” by allotting exact amount of local memory to given tasks. These new chips were frequently benchmarked against their M1 predecessor, with Apple claiming the M3 renders at 2.5x the speed of the M1 and its CPU is 30% faster than the M1.
New MacBook Pro models
Yes, the new 14-inch and 16-inch MacBook Pros come with upgraded internals, but the first thing you might notice is the new color: Space Black. Beneath that color, you’ll find that new line of M3 chips. The 14-inch MacBook Pro can contain any of the trio, while the 16-inch model will only come with the M3 Pro or M3 Max chips.
As we’ve noted, the M3 chips packed into both models are putting an emphasis on getting the most out of the new GPU, though Apple also boasts that both form factors’ battery can last 22 hours on a single charge.
Both are available for preorder tonight, with the 14-inch MacBook Pro starting at $1,599 and going to $1,999 with the M3 Pro. The baseline 16-inch MacBook Pro goes for $2,499 and the pricing for the M3 Max chip upgrade for both models has yet to be disclosed.
And that space black color is exciting news for any Mac fan still pining for the 2006 MacBook, whose dark tone hadn’t been replicated in the MacBook iterations that followed, even those Midnight MacBook Airs.
New M3 iMac
Apple’s iMac line is getting a colorful refresh, with an added M3 chip to add horsepower to the palette change. Apple is sticking with the 24-inch form factor, and upgrading the screen with a 4.5K retina display, 1080p FaceTime camera and a six-speaker system supporting Dolby Atmos and Spatial Audio. The new iMac will be available for preorder with green, yellow, orange, pink, purple, blue and silver options starting tonight.
The $1,299 baseline comes with a 8-core GPU and 8-core CPU, with a $1,499 version upgrading you to a 256 SSD.
An sneaky iPhone showcase
You may not have noticed it, but at the very end of the event, Apple dropped a quick note on the stream: “This event was shot on iPhone and edited on Mac.” It’s a bit of a victory lap, but as our other Apple expert Darrell Etherington notes, it’s a pretty impressive flex for Apple to shoot its half-hour hardware showcase entirely on a phone.
Recap the full Scary Fast event
If you want to just dive right in and experience the October event all over again or for the first time, you can catch the entire archive via the YouTube embed below right on Apple’s website.
Kim Magdalein w/Magdalein Financial, Interviewed on the Influential Entrepreneurs Podcast: How Social Security Planners of America Helps Advisors Reimagine SS for Clients
PDQ Electric Shines in the Vegas Business Spotlight: A Journey of Success and Resilience
Kim Magdalein w/Magdalein Financial, Interviewed on the Influential Entrepreneurs Podcast: How Social Security Planners of America Helps Advisors Get Clients w/ Seminars
Hiring a Remote Worker? It Takes More Than an Internet Connection
Flexible, shorter-term apartment startups gain more traction
Six Office Remodels That Will Help Improve Work Culture
Growing a Business5 days ago
2023’s Festive Formula: Small Business Success in the Extended Holiday Season
Growing a Business7 days ago
Unlock the Power of Email: 2023’s Ultimate Guide to Personalized Marketing Mastery
News6 days ago
Flamingo Marketing Strategies Named “Most Outstanding Marketing Agency 2023 – Warwickshire” in Midlands Enterprise Awards
News6 days ago
GRAND IPR® Unveils Game-Changing Blueprint to Empower Graphic Designers
News4 days ago
News7 days ago
Suzanna Kennedy Releases “Sacred Union: Ascending to a 5D Paradise” – A Guide to Self-Realization
News5 days ago
Award Winning Therapist and Recording Artist Judith Pinkerton Makes the Healing Power of Music Therapy More Accessible to All
News5 days ago
Windermere Real Estate’s Phil Dwyer Shares Insights and Success Stories on the Vegas Business Spotlight Podcast