news
Report finds AI development has security,
privacy and ethical blind spots
ecurity, privacy and ethics
are low-priority issues
for developers when
modelling their Machine Learning
(ML) solutions. This is according
to findings by O’Reilly, a leading
source for insight-driven learning on
technology and business, in its 2019
AI Adoption in the Enterprise survey.
S
Security is the most serious blind
spot. Nearly three-quarters (73%)
of respondents indicated they don’t
check for security vulnerabilities
during model building. More than
half (59%) of organisations also don’t
consider fairness, bias or ethical
issues during ML development.
Privacy is similarly neglected, with
only 35% checking for issues during
model building and deployment. projects are accurate and successful.
The majority (55%) of developers
mitigate against unexpected outcomes
or predictions, but this still leaves a large
number who don’t. Furthermore, 16% of
respondents don’t check for any risks at
all during development.
Instead, the majority of
developmental resources are focused
on ensuring Artificial Intelligence (AI) This lack of due diligence is likely due to
numerous internal challenges and factors,
but the greatest roadblock hindering
progress is cultural resistance, as
indicated by 23% of respondents.
The research also shows 19% of
organisations struggle to adopt AI
due to a lack of data and data quality
issues, as well as the absence of
necessary skills for development.
The most chronic skills shortages
by far were centred around ML
modelling and data science (57%).
NEW INTEROPERABILITY AND DATA SHARING
INITIATIVE AIMS TO THWART ATTACKS
T
he OASIS international consortium has announced
an industry initiative to bring interoperability and data
sharing across cybersecurity products.
With initial open source content and code contributed by
IBM Security and McAfee, and formed under the auspices of
OASIS, the Open Cybersecurity Alliance (OCA) brings together
organisations and individuals from around the world to develop
open source security technologies which can freely exchange
information, insights, analytics and orchestrated responses.
The aim is to simplify the integration of security technologies
across the threat lifecycle – from threat hunting and detection,
to analytics, operations and response – so that products can
work together out of the box.
The purpose of the OCA is to develop and promote sets
of open source common content, code, tooling, patterns
and practices for interoperability and sharing data among
cybersecurity tools.
To learn more, visit opencybersecurityalliance.org
According to industry analyst firm, Enterprise Strategy Group,
organisations use 25 to 49 different security tools from up to
10 vendors on average, each of which generates siloed data.
Connecting these tools and data requires complex integrations,
taking away from time that could be spent hunting and
responding to threats. To accelerate and optimise security for
enterprise users, the OCA will develop protocols and standards
which enable tools to work together and share information
across vendors.
www.intelligentciso.com
|
Issue 19
7