Scientia offers original research that can provide clients with deeper insights and better understanding of a problem. We are committed to providing simple and elegant solutions to real world problems that can be implemented swiftly and economically, We believe in economy of action, time and resources when we propose a solution that is based on research and data.
Scientia believes in offering multiple approaches to solving any problem that a client brings to us. The main reason to provide more than one approach is to bring multiple perspectives to the clients who would then be better placed to choose the optimal approach.
There is an old adage in the field of Information Security. The world is divided into two sets of organisations - one that know that they have been hacked, one that don't know they have been hacked.
Mythos has made organisations realise how AI has made it easy to find vulnerabilities and develop exploits. The threat of Zero days was always present and this threat was something organisations prepared for. So, why has Mythos created a large scale panic that has put government military and corporates across the world on such a high level of alert?
The key differentiator has been the speed with which Mythos and similar tools help even "script kiddies" or novices develop an advanced exploit. Governments and organisations that are regularly targetted by a state actor from North Korea or China or Russia are deeply concerned about the developing situation. If one sees how AI has been harnessed by amateurs to develop proofs for mathematical problems that stayed unsolved for decades, it seems almost trivial that AI tools can develop and weaponise zero day exploits. The sheer veolocity with which attacks can be unleashed can put a huge strain on SOCs and developers that are almost always playing catch up. SOCs in their current form are simply unprepared to counter these threats.
It is important for organisations to understand that solutions can be developed to counter these threats and there is no reason to believe that these threats cannot be mitigated or countered. While concerns are justified, panic is definitely not justified. We look at a few solutions in this research paper that can help detect and prevent compromises.
Countries are increasingly feeling threatened by the fact that they are not in control of data, software, hardware or the results in the age of AI. Organisations that had transitioned to cloud based applications had already seen the threat of where their data was at rest and where data was being processed and where the applications' code was being run.
With the passing of the CLOUD Act by the United States Government and the UK-US CLOUD pact, the sovereignity question is no longer moot. It is apparent that organisations have to obey the governments of the countries where they want to do business. The control may not be as much as what China exerted over Chinese firms, but the threat remains.
Countries and organisations can protect sensitive information and data even while they leverage AI to develop and deliver projects at scale. In our new research paper, we look at how sovereignity and privacy can be enforced even while new data centres are being developed that may be answerable to the contradictory laws and regulations of multiple countries.
The threat of malicious actors entering the supply chain to compromise security of organisations has been known for a long time. Military and governments' response was to develop solutions in a closed and highly restricted environment where a high level of control was possible. The increasing use of open source libraries which were deemed safe(r) due to their open source nature and hardware sourced from multiple entities has opened new threat vectors. Organisations and enterprises cannot afford to be work in closed environments while the field of technology is changing swiftly. Opting out of the global supply chain of hardware and software will increase the risk of them becoming obsolete.
Our research paper this week looks at recent supply chain threats that have involved state actors and high value targets. We propose certain solutions to counter such threats and yet be a part of the global supply chain.