The clock is ticking: while Fortune 500 companies find one serious vulnerability every 12 hours, it takes attackers less than 45 minutes to do the same as they scan the vastness of the internet for vulnerable business assets.
Making matters worse, bad actors are multiplying, highly skilled IT professionals are a scarce resource, and the demand for contactless interactions, remote work arrangements, and agile business processes continues to expand cloud environments. This all puts an organization’s attack surface—the sum total of the nooks and crannies hackers can pry into—at risk.
“We’ve seen a pretty steady set of attacks on different sectors, such as health care, transportation, food supply, and shipping,” says Gene Spafford, a professor of computer science at Purdue University. “As each of these has occurred, cybersecurity awareness has risen. People don’t see themselves as victims until something happens to them—that’s a problem. It’s not being taken seriously enough as a long-term systemic threat.”
Organizations must understand where the critical entry points are in their information technology (IT) environments and how they can reduce their attack surface area in a smart, data-driven manner. Digital assets aren’t the only items at risk. An organization’s business reputation, customer allegiance, and financial stability all hang in the balance of a company’s cybersecurity posture.
To better understand the challenges facing today’s security teams and the strategies they must embrace to protect their companies, MIT Technology Review Insights and Palo Alto conducted a global survey of 728 business leaders. Their responses, along with the input of industry experts, provide a critical framework for safeguarding systems against a growing battalion of bad actors and fast-moving threats.
The vulnerabilities of a cloud environment
The cloud continues to play a critical role in accelerating digital transformation—and for good reason: cloud offers substantial benefits, including increased flexibility, huge cost savings, and greater scalability. Yet cloud-based issues comprise 79% of observed exposures compared with 21% for on-premises assets, according to the “2021 Cortex Xpanse Attack Surface Threat Report.”
“The cloud is really just another company’s computer and storage resources,” says Richard Forno, director of the graduate cybersecurity program at the University of Maryland, Baltimore County. “Right there, that presents security and privacy concerns to companies of all sizes.”
Even more concerning is this: 49% of survey respondents report more than half of their assets will be in the public cloud in 2021. “Ninety-five percent of our business applications are in the cloud, including CRM, Salesforce, and NetSuite,” says Noam Lang, senior director of information security at Imperva, a cybersecurity software company, referring to popular subscription-based applications handling customer relationship management. But while “the cloud provides much more flexibility and easy growth,” Lang adds, “it also creates a huge security challenge.”
Part of the problem is the unprecedented speed at which IT teams can spin up cloud servers. “The cadence that we’re working at in the cloud makes it much more challenging, from a security perspective, to keep track of all of the security upgrades that are required,” says Lang.
For example, Lang says, in the past, deploying on-premises servers entailed time-consuming tasks, including a lengthy buying process, deployment activities, and configuring firewalls. “Just imagine how much time that allowed our security teams to prepare for new servers,” he says. “From the moment we decided to increase our infrastructure, it would take weeks or months before we actually implemented any servers. But in today’s cloud environment, it only takes five minutes of changing code. This allows us to move the business much more quickly, but it also introduces new risks.”
Download the full report.
This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.
How do I know if egg freezing is for me?
The tool is currently being trialed in a group of research volunteers and is not yet widely available. But I’m hoping it represents a move toward more transparency and openness about the real costs and benefits of egg freezing. Yes, it is a remarkable technology that can help people become parents. But it might not be the best option for everyone.
Read more from Tech Review’s archive
Anna Louie Sussman had her eggs frozen in Italy and Spain because services in New York were too expensive. Luckily, there are specialized couriers ready to take frozen sex cells on international journeys, she wrote.
Michele Harrison was 41 when she froze 21 of her eggs. By the time she wanted to use them, two years later, only one was viable. Although she did have a baby, her case demonstrates that egg freezing is no guarantee of parenthood, wrote Bonnie Rochman.
What happens if someone dies with eggs in storage? Frozen eggs and sperm can still be used to create new life, but it’s tricky to work out who can make the decision, as I wrote in a previous edition of The Checkup.
Meanwhile, the race is on to create lab-made eggs and sperm. These cells, which might be made from a person’s blood or skin cells, could potentially solve a lot of fertility problems—should they ever prove safe, as I wrote in a feature for last year’s magazine issue on gender.
Researchers are also working on ways to mature eggs from transgender men in the lab, which could allow them to store and use their eggs without having to pause gender-affirming medical care or go through other potentially distressing procedures, as I wrote last year.
From around the web
The World Health Organization is set to decide whether covid still represents a “public health emergency of international concern.” It will probably decide to keep this status, because of the current outbreak in China. (STAT)
Researchers want to study the brains, genes, and other biological features of incarcerated people to find ways to stop them from reoffending. Others warn that this approach is based on shoddy science and racist ideas. (Undark)
A watermark for chatbots can expose text written by an AI
For example, since OpenAI’s chatbot ChatGPT was launched in November, students have already started cheating by using it to write essays for them. News website CNET has used ChatGPT to write articles, only to have to issue corrections amid accusations of plagiarism. Building the watermarking approach into such systems before they’re released could help address such problems.
In studies, these watermarks have already been used to identify AI-generated text with near certainty. Researchers at the University of Maryland, for example, were able to spot text created by Meta’s open-source language model, OPT-6.7B, using a detection algorithm they built. The work is described in a paper that’s yet to be peer-reviewed, and the code will be available for free around February 15.
AI language models work by predicting and generating one word at a time. After each word, the watermarking algorithm randomly divides the language model’s vocabulary into words on a “greenlist” and a “redlist” and then prompts the model to choose words on the greenlist.
The more greenlisted words in a passage, the more likely it is that the text was generated by a machine. Text written by a person tends to contain a more random mix of words. For example, for the word “beautiful,” the watermarking algorithm could classify the word “flower” as green and “orchid” as red. The AI model with the watermarking algorithm would be more likely to use the word “flower” than “orchid,” explains Tom Goldstein, an assistant professor at the University of Maryland, who was involved in the research.
The Download: watermarking AI text, and freezing eggs
That’s why the team behind a new decision-making tool hope it will help to clear up some of the misconceptions around the procedure—and give would-be parents a much-needed insight into its real costs, benefits, and potential pitfalls. Read the full story.
This story is from The Checkup, MIT Technology Review’s weekly newsletter giving you the inside track on all things health and biotech. Sign up to receive it in your inbox every Thursday.
I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology.
1 Elon Musk held a surprise meeting with US political leaders
Allegedly in the interest of ensuring Twitter is “fair to both parties.” (Insider $)
+ Kanye West’s presidential campaign advisors have been booted off Twitter. (Rolling Stone $)
+ Twitter’s trust and safety head is Musk’s biggest champion. (Bloomberg $)
2 We’re treating covid like flu now
Annual covid shots are the next logical step. (The Atlantic $)
3 The worst thing about Sam Bankman-Fried’s spell in jail?
Being cut off from the internet. (Forbes $)
+ Most crypto criminals use just five exchanges. (Wired $)
+ Collapsed crypto firmFTX has objected to a new investigation request. (Reuters)
4 Israel’s tech sector is rising up against its government
Tech workers fear its hardline policies will harm startups. (FT $)
5 It’s possible to power the world solely using renewable energy
At least, according to Stanford academic Mark Jacobson. (The Guardian)
+ Tech bros love the environment these days. (Slate $)
+ How new versions of solar, wind, and batteries could help the grid. (MIT Technology Review)
6 Generative AI is wildly expensive to run
And that’s why promising startups like OpenAI need to hitch their wagons to the likes of Microsoft. (Bloomberg $)
+ How Microsoft benefits from the ChatGPT hype. (Vox)
+ BuzzFeed is planning to make quizzes supercharged by OpenAI. (WSJ $)
+ Generative AI is changing everything. But what’s left when the hype is gone? (MIT Technology Review)
7 It’s hard not to blame self-driving cars for accidents
Even when it’s not technically their fault. (WSJ $)
8 What it’s like to swap Google for TikTok
It’s great for food suggestions and hacks, but hopeless for anything work-related. (Wired $)
+ The platform really wants to stay operational in the US. (Vox)
+ TikTok is mired in an eyelash controversy. (Rolling Stone $)
9 CRISPR gene editing kits are available to buy online
But there’s no guarantee these experiments will actually work. (Motherboard)
+ Next up for CRISPR: Gene editing for the masses? (MIT Technology Review)
10 Tech workers are livestreaming their layoffs
It’s a candid window into how these notoriously secretive companies treat their staff. (The Information $)