Daily Tech Digest - December 04, 2023

Proactive, not reactive: the path to ensuring operational resilience in cybersecurity

Operational resilience goes beyond ensuring business continuity by mitigating disruptions as and when they occur. Resilience needs a proactive approach to maintaining stable and reliable digital systems, regardless of the severity of threat incidents. This "bankability" (excuse the pun) of the financial system is critical to preserving public trust and confidence in the global financial system. Given the interconnectedness of financial firms with external third parties, any plan for operational resilience needs to address multiple lines of communication, automated systems of interactions and information sharing, and a growing attack surface. ... The dependence of the financial sector on the telecom and energy industries, and the increasingly global nature of the sector means that operational resilience exercises need to not just be cross-border, but cross-sector too. Today, national or even global-level threats are a reality, emphasizing the need to include government partners in the exercises. After all, protecting critical private infrastructure safeguards a nation's financial stability.

Black-Box, Gray Box, and White-Box Penetration Testing: Importance and Uses

Grey-box penetration testing can simulate advanced persistent threat (APT) scenarios in which the attacker is highly sophisticated and operates on a longer time scale (CISA, 2023). In these types of attacks, the threat actor has collected a good deal of information about the target system—similar to a gray-box testing scenario. Grey-box penetration testing allows many organizations to strike the right balance between white-box and black-box testing. ... The main disadvantage of gray-box testing is that it can be too “middle-of-the-road” when compared with black-box or white-box testing. If organizations do not strike the right balance during gray-box testing, they may miss crucial insights that would have been found with a different technique. ... Black box, grey box, and white box testing are all valuable forms of penetration testing, each with its own pros, cons, and use cases. Penetration testers need to be familiar with the importance and use cases of each type of test to execute them most efficiently, using the right tools for each one.

The arrival of genAI could cover critical skills gaps, reshape IT job market

While genAI offers the promise of clear business benefits, education is key and collaboration with cybersecurity and risk experts is needed to help establish an environment where the technology can be used safely, securely, and productively, according to Emm. Hurdles to adopting AI persist. Those issues include high costs, uncertain return on investment (ROI), the need to upskill entire staffs, and potential exposure of sensitive corporate data to unfamiliar automation technology. Few organizations, however, have put appropriate safeguards in place to guard against some of genAI's most well-known flaws, such as hallucinations, exposure of corporate data, and data errors. Most are leaving themselves wide open to the acknowledged risks of using genAI, according to Kaspersky. For example, only 22% of C-level executives have discussed putting rules in place to regulate the use of genAI in their organizations — even as they eye it as a way of closing the skills gap. Cisco CIO Fletcher Previn, whose team is working to embed AI in back-end systems and products, said it's critical to have the policies, security, and legal guardrails in place to be able to "safely adopt and embrace AI capabilities other vendors are rolling out into other people’s tools.

State of Serverless Computing and Event Streaming in 2024

Traditional stream processing usually involves an architecture with many moving parts managing distributed infrastructure and using a complex stream processing engine. For instance, Apache Spark, one of the most popular processing engines, is notoriously difficult to deploy, manage, tune and debug (read more about the good, bad and ugly of using Spark). Implementing a reliable, scalable stream processing capability can take anywhere between a few days and a few weeks, depending on the use case. On top of that, you also need to deal with continuous monitoring, maintenance and optimization. You may even need a dedicated team to handle this overhead. All in all, traditional stream processing is challenging, expensive and time consuming. In contrast, serverless stream processing eliminates the headache of managing a complex architecture and the underlying infrastructure. It’s also more cost effective, since you pay only for the resources you use. It’s natural that serverless stream processing solutions have started to appear. 

The Glaring Gap in Your Cybersecurity Posture: Domain Security

Because domain names are used for marketing and brand initiatives, security teams may feel that protecting online domain names falls under the marketing or legal side of the business. Or, they may have left domain protection in the hands of their IT department. But, if organizations are unfamiliar with who their domain registrars even are, chances are they are unaware of the policies the registrars use and the security measures they have in place for branded, trademarked domains. Domain security should be an essential branch of cybersecurity, protecting brands online, but it is not always the highest priority for consumer-grade domain registrars. Unfortunately, adversaries are privy to the growth in businesses’ online presence and the often minimal attention given to domain security, leading them to take a special interest in targeting corporate and/or government domain names that are left exposed. Organizations will continue to find themselves in the path of a perfect storm for domain and DNS attacks and potential financial or reputational devastation if they continue to allow the build-up of blind spots in their security posture.

Put guardrails around AI use to protect your org, but be open to changes

While a seasoned CISO might recognize that the output from ChatGPT in response to a simple security question is malicious, it’s less likely that another member of staff will have the same antenna for risk. Without regulations in place, any employee could be inadvertently stealing another company’s or person’s intellectual property (IP), or they could be delivering their own company’s IP into an adversary’s hands. Given that LLMs store user input as training data, this could contravene data privacy regulations, including GDPR. Developers are using LLMs to help them write code. When this is ingested, it can reappear in response to a prompt from another user. There is nothing that the original developer can do to control this because the LLM was used to help create the code, making it highly unlikely that they can prove ownership of it. This might be mitigated by using a GenAI license which helps enterprises to guard against their code being used as an input for training. However, in these circumstances, imposing a “trust but verify” approach is a good idea.

Why Generative AI Threatens Hospital Cybersecurity — and How Digital Identity Can Be One of Its Greatest Defenses

Writing convincing deceptive messages isn’t the only task cyber attackers use ChatGPT for. The tool can also be prompted to build mutating malicious code and ransomware by individuals who know how to circumvent its content filters. It’s difficult to detect and surprisingly easy to pull off. Ransomware is particularly dangerous to healthcare organizations as these attacks typically force IT staff to shut down entire computer systems to stop the spread of the attack. When this happens, doctors and other healthcare professionals must go without crucial tools and shift back to using paper records, resulting in delayed or insufficient care which can be life-threatening. Since the start of 2023, 15 healthcare systems operating 29 hospitals have been targeted by a ransomware incident, with data stolen from 12 of the 15 healthcare organizations affected. This is a serious threat that requires serious cybersecurity solutions. And generative AI isn’t going anywhere — it’s only picking up speed. It is imperative that hospitals lay thorough groundwork to prevent these tools from giving bad actors a leg up.

15 Essential Data Mining Techniques

The essence of data mining lies in the fundamental technique of tracking patterns, a process integral to discerning and monitoring trends within data. This method enables the extraction of intelligent insights into potential business outcomes. For instance, upon identifying a sales trend, organizations gain a foundation for taking strategic actions to leverage this newfound insight. When it’s revealed that a specific product outperforms others within a particular demographic, this knowledge becomes a valuable asset. Organizations can then capitalize on this information by developing similar products or services tailored to the demographic or by optimizing the stocking strategy for the original product to cater to the identified consumer group. In the realm of data mining, classification techniques play a pivotal role by scrutinizing the diverse attributes linked to various types of data. By discerning the key characteristics inherent in these data types, organizations gain the ability to systematically categorize or classify related data. This process proves crucial in the identification of sensitive information

SolarWinds lawsuit by SEC puts CISOs in the hot seat

Without ongoing, open dialogue between these leaders, it’s impossible to guarantee complete awareness of the range of complications associated with potential cyber risks. Now that we’ve seen how these risks can easily extend beyond security concerns and into catastrophic financial and legal issues, it’s important that conversations about these risks are not taking place exclusively among CISOs. The roles and responsibilities of CISOs and other C-Suite executives vary dramatically, which can naturally result in siloed processes and priorities. However, to ensure alignment and effectively protect an organization from data breaches and legal recourse alike, it’s imperative that business leaders learn to “speak the same language” and share information to align their efforts and goals. CFOs and CISOs must collaborate to evaluate the relationships between cybersecurity incidents and legal risks. We can facilitate this by leveraging cyber risk quantification and management tools, which congregate data to calculate, quantify and translate information about threats and vulnerabilities into lay terms and easily digestible data.

CTO interview: Greg Lavender, Intel

“Our confidential computing capability is also a privacy-ensuring capability,” says Lavender. “Europe is ahead in this area, with the notion of sovereign clouds. Intel partners with some of the European governments on sovereign cloud using Intel’s platforms for confidential computing. The privacy-preserving capabilities are built into these platforms, which beyond government, will also be useful in regulated industries like financial services, healthcare and telcos.” “We also see a convergence in AI that will open up a big market for our privacy-ensuring software and hardware,” says Lavender. “You spend a lot of time prepping your data, tagging your data, getting your data ready for training, usage or inference usage. You want to do that securely in a multi-tenant environment. Our platforms give you the opportunity to do your training securely between the CPU and the GPU, and then you can deploy it securely in the cloud or at the edge.” “I’m talking with a lot of CIOs about this technology, because data is now such a valuable thing. It’s what you use to train your models. You don’t want somebody else to get access to that data because then they can use it to train their models and offer competing services.”

Quote for the day:

"Success is the progressive realization of predetermined, worthwhile, personal goals." -- Paul J. Meyer

No comments:

Post a Comment