Cairo, Egypt - IBM announced the general availability (GA) of watsonx.governance in early December to help businesses automate AI lifecycle governance and proactively manage risk and compliance. This expands IBM’s industry-leading AI governance capabilities to help clients govern machine learning and generative AI tools, applications, and models in one place. Watsonx.governance is one of three software products in the IBM watsonx AI and data platform, along with a set of AI assistants designed to help enterprises scale and accelerate the impact of AI with trusted data. The platform also comprises the watsonx.ai next-generation enterprise studio for AI builders and the watsonx.data open, hybrid, and governed data store.   In the first release of watsonx.governance, clients using LLM models within watsonx.ai — including IBM-developed and various third-party models, such as Llama 2 and those from the Hugging Face community — will be able to govern them on the cloud. Consistent with IBM’s approach to open AI, IBM is expected to expand these capabilities in 1Q24 to allow clients to govern third-party AI models from any vendor — on cloud or on-premises — to orchestrate governance processes across their entire organizations. Watsonx.governance also can help clients facilitate compliance with internal policies, industry standards, current and future regulation. IBM believes in regulation at the use case level, with responsibilities on companies to operate trustworthy AI. To do this, there needs to be an understanding of how and with what data models are trained, how they arrive at their recommendations, and whether they are routinely screened for harmful bias. These priorities — transparency, explainability, safety and fairness — are the foundation of multiple proposals advancing worldwide for the regulation of AI. IBM watsonx.governance is designed to help clients manage their AI and prepare to meet those regulatory requirements head on.  IBM offers automated capabilities that cover all three major pillars of AI governance — lifecycle governance, risk management, and compliance. Expanded capabilities for LLMs include:  Monitor new LLM Metrics: Monitor and alert in both inputs and outputs of LLMs when pre-set thresholds are breached for quality metrics and drift, instances of toxic language — including hate, abuse, and profanity — and Personal Identifiable Information (PII).  Visibility into LLM development: Automatically collect information about the model building process, while explaining decisions to mitigate hallucinations and other new risks.  Transparency of AI Lifecycle for LLMs: Automatically document model facts across all stages of the lifecycle, monitor for drift for text models, and track health details such as data size, latency, and throughput to identify bottlenecks and compute intensive workloads.  Validation Tools for LLMs: Enable prompt engineers to map LLM outputs to provided context/reference data for Q&A use cases to determine whether the LLM is appropriately influenced by the reference data to help ensure it is relevant to the output.  IBM fosters open innovation and collaboration to help clients deploy AI in a transparent and responsible way. IBM Consulting helps clients scale responsible AI with both automated AI model governance and organizational AI governance that encompasses people, process and technology from IBM and strategic partners. Our consultants have deep skills in establishing organizational culture and accountability, AI ethics boards, training, regulatory and risk management and mitigating cybersecurity threats, all using human-centric design.IBM’s commitment to trust and transparency forms the foundation for its products. Recently, it announced intellectual property protection for its IBM-developed watsonx models. Watsonx.governance is a continued investment in helping to foster responsible AI practices across various business domains and industries.  

Dubai : United Arab Emirates: Today, the 2023 ACFE Fraud Conference Middle East kicked off, which is being hosted by the UAE under the patronage of the Ministry of Finance (MoF) and in cooperation with the Association of Certified Fraud Examiners (ACFE). The Conference will be held in Dubai on 8 and 9 May 2023 at Fairmont The Palm – Dubai. More than 300 anti-fraud leaders and experts from various sectors in the Middle East are participating in the conference to discuss the latest trends and tools used in the fields of fraud detection and prevention.Her Excellency Mariam Al Amiri, Assistant Undersecretary for Government Financial Management Sector at Ministry of Finance, delivered the opening speech, during which she welcomed the participants and thanked the ACFE for hosting this conference in the UAE and for their role in executing sustainable initiatives in secure business environments.Her Excellency Al Amiri noted that the online payments segment has made great strides since its inception back in the mid-1990s, and the rapid development of online banking, shopping, and other services, driven by technological advancements, has resulted in a significant rise in digital payments on all types of devices.Al Amiri mentioned that technological advancements and digital initiatives are providing fraudsters with new tools to penetrate defences, noting that over the past years, there has been a major increase in fraud cases worldwide, with consumers reportedly losing billions of dollars, especially in the Middle East.Al Amiri said: “Fraud poses a serious threat to us all. If we want to protect our economies, we need to work hand in hand to combat fraud, and that’s why we are here today. We have gathered to explore the best means of detecting and preventing fraud, as well as ways to raise the levels of compliance and internal control in an optimal manner. This is in addition to discussing ways of consolidating integrity in the public and private sectors in the Middle East, as well as the best practices and global issues that have emerged in light of the developments the world is witnessing in the fields of finance, technology, and sustainability.”Al Amiri added: “If we want to make our region secure for regional and international investors, we must collaborate to foster a transparent environment. I am proud to come from a country that has been a frontrunner in this field. Since its establishment, the UAE has positioned itself as a business hub. Our country has always been keen on devising strategies to make doing business easier, attract foreign investors, and diversify sources of the national income, and we are equally dedicated to combating fraud, money laundering, and corruption in order to create a secure investment climate.”Al Amiri noted that UAE government entities are developing and implementing nationwide initiatives to raise awareness about fraud detection and prevention, such as the National Fraud Awareness Campaign that was launched to protect consumers from financial cybercrime and fraud. The campaign went a long way in educating the public about fraud and the means of preventing it. “At the Ministry of Finance, we take our role in safeguarding the business climate very seriously. This falls within our remit to regulate all financial services as per the highest standards of quality, efficiency, and transparency. It is also part of our ongoing endeavours to strengthen the UAE’s competitiveness in the fiscal and economic field,” she added.Al Amiri stated: “The Ministry of Finance deploys the best modern financial systems to reduce fraud, through systems that define financial and administrative powers, the policies followed in establishing and monitoring accounts with banks, and the powers to sign and approve financial payments. This is inline with our commitment to apply best practices that reduce the risks of fraud. Despite the widespread use of digital technology and its risks, it has contributed in some way to reducing the occurrence of fraud and exploitation of individuals, through strict and meticulous regulatory systems."Al Amiri noted that the Ministry of Finance has developed the anti-fraud manual in 2018 to combat fraud in the federal government with the aim of enhancing transparency and integrity as well as reducing corruption, and the manual is implemented by all federal entities. Also, she mentioned that the ministry holds training workshops on an annual basis for all federal entities on enhancing the application of the anti-fraud manual in the federal government.Al Amiri also noted that the ministry established a secure and confidential communication channel that can be accessed by all our stakeholders. Through the channel, they can report any cases of corruption or other violations that have occurred or are planned at the ministry without any fear of retaliation.At the end of her speech, Al Amiri stressed the UAE’s commitment to supporting the region’s ongoing efforts to combat fraud and maintain the stability and integrity of the fiscal systems. Al Amiri said: “Together, we can promote accountability and transparency in the public and private sectors and create a secure business environment to boost prosperity across the region. Today and tomorrow, we look forward to discussing ways of safeguarding our investment climate, and sharing our experience and expertise to help reduce fraud cases in the Middle East.”Bruce Dorris, President and CEO of Association of Certified Fraud Examiners (ACFE) said, “We greatly appreciate the support and partnership with the UAE Ministry of Finance for our eighth Middle East Fraud Conference. With new fraud threats arising everyday, it is important to have events like this one to learn from financial crime experts and one another so that we can prevent these frauds from greatly impacting our businesses and governments. The Ministry of Finance has demonstrated their commitment to the anti-fraud community by being a part of this conference.”The first day of the conference included two panel discussions; the first was titled “Operational shifts and their impacts on the financial industry”, and the second was titled “Managing fraud risks in sustainability initiatives”. Additionally, a panel session was held on the evolution of fraud in the global financial market, in addition to an optional session on how to pass the CFE exam.On the second day, a symposium will be held under the title “Harnessing the power of fraud technology” in addition to a panel discussion titled “Navigating fraud-related compliance and ethics challenges”. Moreover, there will be a workshop on Fraudsters’ modus operandi and the differences between “traditional” fraud and cyberfraud.

Dubai: Netskope, a leader in Secure Access Service Edge (SASE), today unveiled new research confirming that attackers are finding new ways to evade detection and blend in with normal network traffic using HTTP and HTTPS to deliver malware. In its latest Cloud & Threat Report: Global Cloud and Web Malware Trends, Netskope identified that on average, five out of every 1,000 enterprise users attempted to download malware in Q1 2023, and new malware families and variants represented 72% of those malware downloads.Social Engineering and Search Engine Data Voids on the RiseIn the research, Netskope uncovered that nearly 10% of all malware downloads in Q1 were referred from search engines. These downloads mostly resulted from weaponized data voids, or combinations of search terms that have very few results, which means that any content matching those terms is likely to appear very high in the search results. This represents just one of many social engineering techniques that attackers are accelerating.Social engineering as a whole continues to dominate as a leading malware infiltration technique with attackers abusing not only search engines, but email, collaboration apps, and chat apps to trick their victims. As the top two malware types, Trojans accounted for 60% of malware downloads in Q1 and phishing downloads accounted for 13%.Evaluation of Primary Communication Channels for AttackersFor the first time in its quarterly cloud and threat reporting, Netskope analyzed attacker communication channels. Researchers found that attackers, in order to consistently evade detection, have used HTTP and HTTPS over ports 80 and 443 as their primary communication channel. In fact, of the new malware executables analyzed by Netskope that communicated with external hosts, 85% did so over port 80 (HTTP) and 67% did so over port 443 (HTTPS). This approach enables attackers to easily go unnoticed and blend in with the abundance of HTTP and HTTPS traffic already on the network.Additionally, to evade DNS-based security controls, some malware samples sidestep DNS lookups, instead reaching out directly to remote hosts using their IP addresses. In Q1 2023, most malware samples that initiated external communications did so using a combination of IP addresses and hostnames, with 61% communicating directly with at least one IP address and 91% communicating with at least one host via a DNS lookup.“Job number one for attackers is finding new ways to cover their tracks as enterprises put more resources into threat detection, but these findings indicate just how easy it still is for attackers to do so in plain sight,” said Ray Canzanese, Threat Research Director, Netskope Threat Labs. “As attackers gravitate towards cloud services that are widely used in the enterprise and leverage popular channels to communicate, cross-functional risk mitigation is more necessary than ever.”Extended Look into Global Cloud and Web Malware TrendsOther notable findings uncovered by Netskope’s research team include:55% of HTTP/HTTPS malware downloads came from cloud apps, up from 35% for the same period one year earlier. The primary driver of the increase is an increase in malware downloads from the most popular enterprise cloud applications, with Microsoft OneDrive tracked as the most popular enterprise app by a wide margin.The number of applications with malware downloads also continued to increase, reaching a high of 261 distinct apps in Q1 2023.Only a small fraction of total web malware downloads were delivered over web categories traditionally considered risky. Instead, downloads are spread out among a wide variety of sites, with content servers (CDNs) responsible for the largest slice, at 7.7%.As enterprises work to defend against the onslaught of malware, cross-functional collaboration across multiple teams is required, including network, security operations, incident response, leadership, and even individual contributors. Some of the additional steps organizations can take to reduce risks include:Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your networkEnsure that security controls recursively inspect the content of popular archive files and that high-risk file types are thoroughly inspectedConfigure policies to block downloads from apps that are not used in your organization to reduce risk surface.Get the full Netskope Cloud & Threat Report: Global Cloud and Web Malware Trends here.For more information on cloud-enabled threats and our latest findings from Netskope Threat Labs, visit Netskope’s Threat Research Hub.

Cisco Talos, one of the world’s largest private threat intelligence teams released its latest quarterly report that examines incident response trends and global cyber threats.Key findings:For the first time since compiling these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this quarter.The education sector was the most targeted by attackers this quarter, closely followed by the financial services, government, and energy sectors, respectively. For the first time since Quarter 4 2021, the telecommunications sector was not the top-targeted vertical. While the reason for the education sector being more frequently targeted this quarter is unknown, this is a popular time of year for adversaries to target education institutions as students and teachers have returned to school.Q3 was also characterized by previously seen high-profile ransomware variants such as Hive and Vice Society and a new ransomware family (Black Basta) that first emerged in April 2022 and had yet to be observed in incident response engagements.Cisco Talos also continued to observe threats that have been consistently present in previous quarters, including phishing and Business Email Compromise (BEC), attempts to exploit weaknesses or vulnerabilities in public-facing applications, and insider threats.Within enterprises, the lack of Multi-Factor Authentication (MFA) remains one of the biggest obstacles to corporate security, according to the report. Nearly 18% of engagements either had no MFA or only had it enabled on a handful of accounts and critical services, allowing the cybercriminal to log in and authenticate.Commenting on the report’s findings, Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA, Cisco, said: “Today, more than ever, in an increasingly connected and digital age, cybersecurity is of the utmost importance. As enterprises and governments across the region seek to safeguard their data and businesses, Cisco continues to support our customers, helping drive rapid detection and protection against cyber risks.”He added: ‘Security is a game of data. The more insights we have into the threat landscape, the better our telemetry is, the higher the likelihood of being able to prevent security incidents. When a breach occurs, our capabilities can detect, respond and remediate threats as fast as possible.”More information is available on Cisco Talos' Quarterly Report: Incident Response Trends in Q3 2022 blog.