The initiative will prioritize three main areas: ensuring safe systems and technologies, promoting sustainable applications and transformation, and contributing to resilient governance and regulation.
The alliance aims to accelerate the development of ethical guidelines and governance frameworks for generative AI and maximize the economic and social value it can create.
The World Economic Forum invites stakeholders from various sectors, including businesses, academia and regulatory bodies, to contribute their expertise and insights to the initiative.
The World Economic Forum (WEF) has launched the AI Governance Alliance in bid to accelerate the development of ethical guidelines and governance frameworks for generative AI and maximse the economic and social value it can create.
The alliance will provide guidance on the responsible design, development and deployment of artificial intelligence systems and prioritise three main areas – ensuring safe systems and technologies, promoting sustainable applications and transformation, and contributing to resilient governance and regulation.
Moreover, the alliance aims to address today’s most critical issues as humanity approaches a potentially transformative socio-economic era.
A significant stride
“The AI Governance Alliance marks a significant stride towards responsible and ethical advancements in generative AI technology. Given its potential to transform businesses and societies, it is crucial that generative AI be developed and deployed with an unwavering focus on societal progress and human-centric principles,” Jeremy Jurgens, Managing Director at the World Economic Forum, said.:
By bringing together influential regional voices and multiple stakeholders globally, the alliance seeks to harness the benefits of generative AI systems and technologies while ensuring equitable and sustainable global impacts.
“As a society, we must be clear-eyed about both the promise and the perils of generative AI and work together to ensure AI is always in service to humanity. The AI Governance Alliance is an important forum to bring together perspectives from around the world, connecting industry, governments and civil society to better answer how we can govern AI responsibly and do so at the pace of technological change,” Brad Smith, Vice-Chair and President of Microsoft, said.
Stakeholders invited
The World Economic Forum invites stakeholders from various sectors, including businesses, academia and regulatory bodies, to contribute their expertise and insights to the initiative.
Kent Walker, President, Global Affairs of Google and Alphabet, said that the alliance will help ensure that AI is developed and used boldly and responsibly.
“We look forward to engaging with governments and civil society to establish 21st-century frameworks for 21st-century technologies. We’re seeing remarkable technological advances, and we welcome the AI Governance Alliance’s plans to further opportunity, responsibility and security – working together to build AI that helps everyone.”
Nick Clegg, President, Global Affairs, Meta Platforms, said that it’s vital that powerful new technologies are developed openly, not just behind-closed-doors in Silicon Valley.
Realizing the immense potential of generative AI while mitigating the risks will take hard work and a spirit of “openness and collaboration” across the tech industry, governments and civil society.
“AI technologies are quickly reshaping our world. We have an opportunity to create ethical guardrails and policy frameworks that will inform how generative AI is designed and deployed. The World Economic Forum is creating the AI Governance Alliance to address responsible generative AI, and IBM looks forward to contributing our own expertise to this work” Gary Cohn, Vice Chairman, IBM, said.
The greatest challenge that humanity will face over the next decade is the ability to tell fact from fiction, reality from fantasy and information from disinformation; everything else is predicated on that.
It is inevitable that states, activists, and advanced threat actors will also leverage the power of AI to turbocharge disinformation campaigns.
Security leaders should initiate conversations across IT, OT, PR, Marketing and other internal teams to make sure they know how to collaborate effectively when disinformation is discovered.
Sometimes when you tell the truth, it is really hard to be believed. That’s why Large Language Models like ChatGPT play fast and loose with it.
We have awoken in the world of Generative Adversarial Networks (GAN), Large Language Models, and scientific crises of confidence (the proposed 6 -month moratorium on training new LLMs), almost as if we have no idea how we got here, or what the implications may be.
The central objective in a GAN learning model is one of manufacturing credibility. The “generator” learns to generate credible data; the “discriminator” attempts to distinguish the fake from the real. Truthfulness and accuracy are second order considerations if they even figure at all.
Rik Ferguson
In addition, as the public become more aware of the prevalence and possibilities of AI, it will become steadily easier to dismiss the truth as fake; something that runs with the grain of current social trends of scepticism and dismissal of “experts”.
The greatest challenge that humanity will face over the next decade is the ability to tell fact from fiction, reality from fantasy and information from disinformation; everything else is predicated on that.
Information and the ways in which it is delivered, whether through social networks, social engineering, fake news, or more obvious propaganda, could just as easily be our downfall as our saviour.
Sam Altman, the CEO of OpenAI, has been outspoken about the inherent risks in sudden rise of AI, most recently calling for an “IAEA for superintelligence”, an international authority empowered to inspect systems, require audits and test compliance.
Regulatory and legislative efforts, focused primarily on data privacy and security, algorithmic transparency, accountability and permitted use-cases, are already well underway in the European Union, Canada, the United States and to a certain extent have already passed into law in China, although this regulation will not apply to the Chinese government.
Who will win the AI race?
Both China and Russia have made no secret of their desire to “win the AI race” with current and pledged investments ranging from hundreds of millions to billions of dollars in AI research and development.
While companies like OpenAI, IBM and Apple might be top of mind when asked to name the major players in artificial intelligence, we should not forget that for every Amazon there’s an Alibaba, for every Microsoft a Baidu, and for every Google a Yandex.
Many of the innovations in the global AI space share similar aims, methodologies, and training sets, but not all motivations are created equal. In February of 2023, a Belarussian hacker group called “Cyberpartisans” shared more than two terabytes of data leaked from Roskomnadzor, Russia’s media regulator.
This leak clearly demonstrates the extent to which AI is already being used to monitor, censor and shape public opinion and repress freedom of expression in Russia.
AI development has been on a relatively slow burn since 1951, when Marvin Minsky built the first randomly wired neural network learning machine (SNARC). Over the past 20 years, Machine Learning has seen constant innovation in cybersecurity, initially for detecting spam and classifying websites and later for the detection of exploits, malware and suspicious activity.
Recent innovations in AI have been focused particularly in the areas of Generative Adversarial Networks (GAN) and Natural Language Processing/Generation (NLP/NLG), meaning that AI can now synthesise faces, voices, moving images and text.
Through these media it can also create “knowledge”, emulate character traits, and even create physical objects through recently released text to 3D print generators.
Positive potential
All of this technology, aside from its positive potential will also hugely benefit the propagandist and the conspiracy theorist. At its most benign it will be used to fuel doubt and destroy credibility and at its worst it will be used to create, sustain and amplify an entirely false image of reality.
An image with an explicitly malicious agenda. Cybercriminals are already taking advantage of the abundance of, and ease of access to, these technologies to enable non-consensual sexual fakes, fraud and even kidnapping scams.
It is inevitable that states, activists, and advanced threat actors will also leverage the power of AI to turbocharge disinformation campaigns.
Imagine an exponential increase in the volume and quality of fake content, the creation and automation of armies of AI-driven digital personae replete with rich and innocent backstories to disseminate and amplify it, and predictive analytics to identify the most effective points of social leverage to exploit to create division and unrest.
The ability to spot and deter AI-powered disinformation campaigns necessitates active critical thinking skills from security teams, beyond those used in merely a technical lens to monitor networks and analyse collected data.
Disinformation operates in a technical and psychological way, which is why security leaders need to implement the following into their risk management programs:
Harness the power of AI
Investigate how your own defenses could benefit from the data collection, aggregation and mining possibilities offered by AI. Just as a would-be attacker begins with reconnaissance, so too can the defender.
Ongoing monitoring of the information space surrounding your organisation and industry could serve as a highly effective early warning system.
Empower employee mindsets
Most employees should be aware of the processes and regulations they need to be following, but attackers like to use social engineering, pretexting and “position authority” to persuade them to operate outside their normal constraints.
Because employees generally want to do what’s best for their company and please their bosses at the same time, it can be a real conflict of interest when an employee is asked to do something questionable.
Rather than rewarding successful shortcuts, security leaders and executives need to create a mindset of accountability in their employees that questions obscure data or directions and acts as the first line of defense against disinformation.
Employees need to have the power and confidence to say “no” to anyone when being asked to go outside the process— without fear of repercussion— even if they are talking to the CEO.
False news scenario
Part of disinformation’s effectiveness comes from its “shock factor.” The (false) news can be so critical, and the danger can seem so imminent, that it can cause people to react in less coordinated ways unless they prepared for the exact situation in advance.
This is where it can be incredibly helpful to do “pre-bunking” of the type of disinformation your company would most likely be targeted with.
This will psychologically pre-position your employees to expect certain anomalies and be more mentally prepared to act with the appropriate next steps, once they determine whether the threat is real or fake.
Coordinate incident response plans
Cyberattacks and breaches are already chaotic enough to analyse and mitigate. Uncoordinated efforts to respond to active threats, on top of that chaos, can leave one’s head spinning and result in mistakes or gaps in security responses.
Before letting it reach that point, security leaders should initiate conversations across IT, OT, PR, Marketing and other internal teams to make sure they know how to collaborate effectively when disinformation is discovered.
A simple example of this could be incorporating disinformation exercises into tabletop discussions or periodic team trainings.
Rik Ferguson is the Vice President of Security Intelligence at Forescout.
VR devices are expected to shoulder the majority of the decline, with projected shipments hovering around 6.67m units.
Apple, which is projected to launch a new product in 2023, is primarily targeted at developers, signifying an accompanying escalation in specifications, features, and, most importantly, cost.
Virtual Reality and Augmented Reality headsets are set to decline 18.2 per cent year on year to 7.45 million units this year due to weaker-than-expected sales of newly released high-end VR devices.
According to research firm TrendForce, VR devices are expected to shoulder the majority of this decline, with projected shipments hovering around 6.67 million units despite these premium devices offering enhanced features courtesy of advanced hardware and software, consumers are showing reluctance to shoulder the associated higher costs.
Instead they seem to be gravitating towards more budget-friendly models this year. Secondly, the shortage of appealing, new, cost-effective models in the market is exacerbating the downturn.
Meta Quest 2 continues to maintain its status as this year’s market-leading VR product as the release of Meta Quest 3 has been pushed back to 2024.
While shipments of AR devices are expected to remain stable, with projected shipments exceeding 780,000 units.
Pandemic-driven demand
AR devices experienced a significant surge in shipments during 2020 and 2021, fueled by pandemic-driven demand for remote communication solutions.
However, as the ramifications of the pandemic start to wane, this growth trajectory is showing signs of slowing down.
Although Apple is projected to launch a new product in 2023, this release is primarily targeted at developers, signifying an accompanying escalation in specifications, features, and, most importantly, cost.
This factor, coupled with anticipated production hurdles, is likely to restrict sales predominantly to pre-orders for this year. Shipment estimates are projected to fall short of 100,000 units, with total production potentially capped at 300,000 units.
Consequently, manufacturers are likely to pivot their sales strategies, shifting their focus to more cost-effective offerings.
Even though Apple’s latest offerings could stimulate some demand, the high price tags attached to these units continue to pose a significant barrier to broader market growth.
TrendForce posits that the trajectory of the VR and AR device market may encounter certain limitations between 2023 and 2025.
While affordable VR devices could pique the interest of mainstream consumers, the prospect of minimal profitability might dissuade manufacturers from substantial investment in the VR market in the immediate future.
A shift towards AR devices and their corresponding applications seems more probable. Nevertheless, the expansion of the AR device market hinges on a broader acceptance of consumer applications.
Therefore, TrendForce anticipates that a significant rise in the VR and AR market, potentially nearing a 40 per cent annual increase in shipments, might not be realised until 2025.
What shape and format the metaverse is going to evolve is going to be very interesting to see, Enjinstarter says.
AI will be a very crucial plugin to what happens in the metaverse.
Singapore-based startup aims to be the launchpad and incubator for metaverse, gaming, and entertainment experiences in the UAE.
Startup gets initial approval from Dubai’s Virtual Assets Regulatory Authority to offer its services in the region.
Will some big tech companies’ apparent withdrawal from metaverse plans paint a grim picture of the future of virtual worlds and will artificial intelligence (AI) emerge as a frontrunner in the tech race?
Metaverse is not dead, Vasseh Ahmed, Managing Director at Singapore-based Web3 launchpad and advisory company – Enjinstarter MENA, told TechChannel News but what shape and format it is going to evolve is going to be very interesting to see.
“We clearly know that Meta’s recent pivot away from its metaverse ambitions has led to raise critical questions about the concept’s viability. It is also important to understand that the metaverse is still in the early stages of development. It is like the internet in early 2000 compared to what the internet you see now,” he said.
Vasseh Ahmed, Managing Director ay Enjinstarter MENA.
The industry has just begun to create a fully functional metaverse right now, he said and with better hardware, better ideas and more development and especially funding, it will continue to grow.
“We are seeing a lot of adoption in retail and other sectors as well. It came from gaming and a very different kind of user base. We feel that there are plenty of opportunities to grow,” he said.
Enjinstarter, founded in 2021 by three entrepreneurs, primarily focused on gaming and entertainment metaverse projects and has done more than 70 projects to date. Out of that, 50 projects have used their platform to raise capital as well.
Sustainability initiatives
The startup is also exploring real utility space for the metaverse, with a focus on impact and sustainability initiatives to complement the UAE’s outlook toward building a strong sustainable future.
“Whether Meta wants to do one centralised platform for the whole world to participate, that is probably not going to happen. It will be several interoperable metaverses and you can have your metaverse,” Ahmed said.
Industry behemoths like Google, Apple and Amazon are prioritising AI-driven innovations toward the development of smarter, more efficient products and services and will that impact the metaverse?
Ahmed said that it is true that big tech giants are prioritising AI-driven innovations for a very long time and it has now come to the foray and the shift to AI is primarily driven by the recognition that AI has the potential to transform industries and add significant value for businesses and consumers alike.
However, he said that AI is a concept and has been there for a while and it wasn’t very hyped years ago and what brought AI to the mainstream has been ChatGPT or similar product.
“What has been the key to the success of ChatGPT is the easiness to use for anybody. What metaverse means a ChatGPT moment as well, if not into the mainstream? I feel that AI will be a very crucial plugin to what happens in the metaverse, in terms of education and awareness, etc.,” he said.
When asked whether startups can play a key role to strengthen the adoption of the metaverse, he said that think of OpenAI, a startup bought by Microsoft, and the age of experimentation by startups has not gone away and “we feel that good creative ideas will come out a lot from the startups who continue to experiment to build products. Eventually, if someone hits the jackpot, immediately it is bought by some big firms and it comes to the mainstream.”
Dubai: A strategic hub
Not all Web 2.0 companies are Web 3.0 savvy right now, he said and added that Web3 and Web 2 companies need to go hand in hand and “we call it Web 2.5. Things like ease of adoption, awareness and how to fund my wallet become easier, adoption can become better and mass adoption will take place.”
Asked why the startup has selected Dubai to be the regional headquarters, he said that the key reasons for them to come to Dubai are the focus from the government on a strategic level towards the adoption of blockchain and Web 3.0.
The Dubai Metaverse Strategy aims to turn Dubai into one of the world’s top 10 metaverse economies as well as a global hub for the metaverse community. The strategy aims to attract more than 1,000 companies in the fields of blockchain and metaverse and also promote Dubai’s ambitions to support more than 40,000 virtual jobs and add $4 billion to the emirate’s economy by 2030.
“There is a clear metaverse strategy around regulation and Dubai already has a strong regulatory regime around virtual assets. For us, it is important to be a regulatory institute to create trust and have our process in such a way to help protect our community from many things that happen. Once we get our licence, we hope to become the first regulatory launchpad in the world,” Ahmed said.
Regulations
Enjinstarter MENA has been granted initial approval by Dubai’s Virtual Assets Regulatory Authority (VARA), while it undertakes the in-depth process of applying for a full licence, in accordance with VARA requirements.
For the metaverse to be proactively and collaboratively addressed should there be a global regulatory body, for that he said regulations are coming everywhere.
In Europe, there are Markets in Crypto-Assets (MiCA) to govern the digital assets now and in the UAE, there is Mubadala and Abu Dhabi Global Market (ADGM) while the US, Hong Kong and some other countries are working on it.
“When there will be mass adoption, there will be some kind of consolidation towards it. The good thing about Web 3 is that all the data are available publicly on the chain and becomes very easy to track and trace,” Ahmed said.
According to McKinsey & Company, the metaverse is estimated to generate up to $5 trillion in global market impact by 2030 and already in 2022, investments into the metaverse doubled compared to the previous year, reaching over $120 billion.
“The mass adoption of metaverse will happen when regulatory framework and ease of adoption tools come in,” Ahmed said.
XDR helps enterprises better detect, investigate and respond to the broadest range of advanced threats, across the extended enterprise.
For businesses and government entities alike, XDR is essential for protecting against advanced threats and ensuring the security of critical data and infrastructure.
Cyberattacks have grown in intensity, sophistication and frequency over the past 12 months, with malicious actors benefitting from growing geopolitical conflicts, economic uncertainty, and rapid digitization.
Additionally, threat actors have started blurring the lines between traditional IT attacks and emerging OT/IoT threats.
Security Operations Centre (SOC) teams face a daily barrage of incomplete or inaccurate alerts that very often lack vital contextual information, many of them false positives.
Visibility is the key challenge
As a result, analysts can miss critical threats or take longer to investigate and respond to them, increasing the risk of a breach. In fact, a recent survey by Forrester Consulting revealed that the typical SOC receives over 11,000 alerts per day, or 450 alerts per hour, many of them low fidelity, low confidence alerts, and false positives.
Visibility remains the core enterprise security challenge; to see the status of all connected devices across your enterprise, not limited solely to traditional IT devices.
Rik Ferguson, VP of Security Intelligence, Forescout.
Every organisation relies upon technology to run its day-to-day- operations, and with increasing attack complexity, cybersecurity solutions have also evolved to detect, prevent, and respond to these threats.
One such solution is XDR (Extended Detection and Response) which helps enterprises better detect, investigate and respond to the broadest range of advanced threats, across the extended enterprise.
The importance of XDR lies in its ability to provide a more holistic approach to cybersecurity, refined with context to eliminate noise, allowing organisations to better protect themselves against advanced threats.
Automating manual tasks
The true value of an XDR solution lies in its ability to ingest telemetry and data from across the entire enterprise: cloud, campus, remote, data centre and OT environments, and every managed and unmanaged connected device.
XDR converts telemetry and daily logs into high-fidelity, SOC-actionable probable threats. By automating many of the manual tasks involved in threat detection and response, XDR lessens the risk and magnitude of a successful attack or data breach and eliminates virtually all alert “noise.”
This enables SOC teams to detect, investigate and respond to the broadest range of advanced threats from across the entire enterprise more quickly and more effectively.
In addition to businesses, XDR is also critical for government entities. Government agencies are often targeted by advanced threat actors seeking to steal sensitive information or disrupt critical infrastructure. XDR improves the security effectiveness of government networks and systems, ultimately protecting national security and public safety.
Threat detection is almost entirely data- and rules-driven. More data does not necessarily mean better detection. But better data and data science most certainly do.
Providing holistic approach
The breadth of data – from the device types that characterise your extended enterprise – and the way these sources are processed and managed determines the breadth of threats that can be detected and the quickest time to investigate and respond to them.
XDR automatically enriches and normalises key data, correlating signals to produce a small number of high-fidelity, high-confidence detections that truly warrant analyst investigation.
It simplifies and accelerates complex investigation and threat-hunting processes with more complete, accurate information and contextual data.
Forescout XDR is an open XDR that works with the security solutions you have already invested in increase the value of your existing security investments.
It ingests data from any managed or unmanaged connected device, supports more than 170 vendor data sources, and 12 EDR solutions (including those from Crowdstrike, VMware Carbon Black, SentinelOne, Microsoft, and Trend Micro), along with other leading security, infrastructure, enrichment, application, and cloud sources, as well as Forescout solutions.
Most XDRs normalise data to enable analysis but stop there. Forescout XDR enforces a common information model (CIM) to normalise ingested data, but that is just the starting point.
That normalised data is then auto-enriched at line speed with user info, IP attribution, geolocation, critical asset information, and more. This significantly enhances the value of the data for correlation, detection, investigation, and threat-hunting purposes.
XDR is more than an emerging cybersecurity buzzword; it is already a critical cybersecurity solution, providing a more holistic approach to threat detection and response.
By consolidating multiple security technologies into a single platform, XDR provides organisations with a comprehensive view of their security posture and improves the efficiency of security operations.
For businesses and government entities alike, XDR is essential for protecting against advanced threats and ensuring the security of critical data and infrastructure.
By Rik Ferguson is the Vice President of Security Intelligence at Forescout.
Threat actors now routinely employ double extortion techniques where data is stolen before it is encrypted, and the threat of leak is employed as secondary leverage. We are pitted against innovative and motivated criminals, who have learned to work together for significant financial gains, causing billions in damages.
A comprehensive understanding of the threat landscape, problems organisations are facing and definitive discussions taking place are fundamental if we are to have any success as security professionals.
Ransomware’s impact on organisations
Ransomware is still a big-ticket item when it comes to cybersecurity. It is the biggest, noisiest and most devastating attack facing businesses today.
The damage from successful attacks continues to grow, even prompting some insurance companies to comment that cyber could potentially become uninsurable.
The success of ransomware is down to the fact that it is so entrenched, organised, and embedded. As if the simple extortion based on encryption data weren’t enough, threat actors now routinely employ double extortion techniques where data is stolen before it is encrypted, and the threat of leak is employed as secondary leverage.
Criminals continue to innovate though and have gone on to add a third level of extortion: distributed denial-of-service (DDoS) if you do not pay and even quadruple extortion where they combe the stolen data for data of your customers, partners or employees and contact them directly, adding to the pressure.
In fact, in recent years, ransomware operators appear to be moving away from their established modus operandi where attacks on the availability of data (through encryption) are the primary lever of extortion.
The management of encryption and decryption keys, creation and maintenance of the cryptographic modules, and the testing necessary to ensure their robustness are a significant overhead for the attacker, and are proving to be not only costly, but largely unnecessary.
Attackers are rapidly migrating to a model where the theft and subsequent threat of data leak is now the primary methodology – low effort, greater leverage. This has given rise to exfiltration-only groups and has significant ramifications for defenders.
It is no longer enough to rely on being able to recover from backups, no matter how well-regimented your backup strategy. If nothing has been encrypted, there is nothing to recover!
Initial access vendors
We also have to deal with what the industry calls initial access vendors or brokers. A highly specialised and interrelated cybercriminal world comprises various actors, each operating within their own specialised niche, including the specialisation acquiring credentials for, or breaking into organisations, and then selling this access to willing buyers for unspecified purposes.
So, how do you protect your organisation? You make your data impossible to leak, very difficult to get to, and challenging to exfiltrate. This means that organisations must finally begin to deploy effective encryption of data at rest, in transit and even in use, across the board.
Encrypted data is impossible to leak. To render your precious data much more difficult to access and challenging to leak, effective, dynamic network segmentation is key.
Credential stuffing
Identify-based attacks were another prominent trend in 2022, which included not just phishing, credential stuffing, and password spraying, but also a new vector, known as Multi Factor Authentication (MFA) Fatigue.
Credential stuffing is when criminals get hold of your username and password and then try those credentials against every other service in case they have been reused, whereas password spraying is where lists of widely used passwords are tested against different services to see if they can work.
The MFA Fatigue attack was used against Cisco, IHG, Microsoft, and Uber last year, forming a very effective part of the attack chain.
This is a social engineering-based strategy where attackers, who already have the required username and password, repeatedly push second-factor authentication prompts to the target victim’s phone, or other registered device.
Overwhelmed by the volume of requests, they are banking on the victim confirming the authentication, just to make it stop. Should that be unsuccessful, they pretend to be a colleague from the victim’s own internal tech support and will give them a call.
They of course already know the annoying symptoms the victim is experiencing, giving the attacker a very credible pretext, they ask the victim to accept one last authentication and the problem will go away, which of course it does, and at this point it’s Game Over.
Today’s Security Operations Centre
The typical Security Operations Centre (SOC) of today is drowning in a huge volume of alerts. According to a recent survey by Palo Alto Networks, the average SOC team deals with over 11,000 alerts per day and keeps track of around 7 different threat intelligence feeds.
So, any enterprise dealing with that volume of alerts would need a SOC team of 687 people (3x229x8 hour shifts), just to keep up with the triage!
This is why we see the rise of technologies like XDR, and tools that are aimed at dealing with this deluge.
If data is the new oil…
All of this is today’s reality, and if data is the new oil, then algorithms are the new refineries. Oil is useless when it comes out of the ground, and data is useless unless we can refine it into something useful and powerful.
Rik Ferguson is the Vice-President of Security Intelligence at Forescout.
