Proactive, not reactive: the path to ensuring operational resilience in cybersecurity
Operational resilience goes beyond ensuring business continuity by mitigating
disruptions as and when they occur. Resilience needs a proactive approach to
maintaining stable and reliable digital systems, regardless of the severity of
threat incidents. This "bankability" (excuse the pun) of the financial system
is critical to preserving public trust and confidence in the global financial
system. Given the interconnectedness of financial firms with external third
parties, any plan for operational resilience needs to address multiple lines
of communication, automated systems of interactions and information sharing,
and a growing attack surface. ... The dependence of the financial sector on
the telecom and energy industries, and the increasingly global nature of the
sector means that operational resilience exercises need to not just be
cross-border, but cross-sector too. Today, national or even global-level
threats are a reality, emphasizing the need to include government partners in
the exercises. After all, protecting critical private infrastructure
safeguards a nation's financial stability.
Black-Box, Gray Box, and White-Box Penetration Testing: Importance and Uses
Grey-box penetration testing can simulate advanced persistent threat (APT)
scenarios in which the attacker is highly sophisticated and operates on a
longer time scale (CISA, 2023). In these types of attacks, the threat actor
has collected a good deal of information about the target system—similar to a
gray-box testing scenario. Grey-box penetration testing allows many
organizations to strike the right balance between white-box and black-box
testing. ... The main disadvantage of gray-box testing is that it can be too
“middle-of-the-road” when compared with black-box or white-box testing. If
organizations do not strike the right balance during gray-box testing, they
may miss crucial insights that would have been found with a different
technique. ... Black box, grey box, and white box testing are all valuable
forms of penetration testing, each with its own pros, cons, and use cases.
Penetration testers need to be familiar with the importance and use cases of
each type of test to execute them most efficiently, using the right tools for
each one.
The arrival of genAI could cover critical skills gaps, reshape IT job market
While genAI offers the promise of clear business benefits, education is key
and collaboration with cybersecurity and risk experts is needed to help
establish an environment where the technology can be used safely, securely,
and productively, according to Emm. Hurdles to adopting AI persist. Those
issues include high costs, uncertain return on investment (ROI), the need to
upskill entire staffs, and potential exposure of sensitive corporate data to
unfamiliar automation technology. Few organizations, however, have put
appropriate safeguards in place to guard against some of genAI's most
well-known flaws, such as hallucinations, exposure of corporate data, and data
errors. Most are leaving themselves wide open to the acknowledged risks of
using genAI, according to Kaspersky. For example, only 22% of C-level
executives have discussed putting rules in place to regulate the use of genAI
in their organizations — even as they eye it as a way of closing the skills
gap. Cisco CIO Fletcher Previn, whose team is working to embed AI in back-end
systems and products, said it's critical to have the policies, security, and
legal guardrails in place to be able to "safely adopt and embrace AI
capabilities other vendors are rolling out into other people’s tools.
State of Serverless Computing and Event Streaming in 2024
Traditional stream processing usually involves an architecture with many
moving parts managing distributed infrastructure and using a complex stream
processing engine. For instance, Apache Spark, one of the most popular
processing engines, is notoriously difficult to deploy, manage, tune and debug
(read more about the good, bad and ugly of using Spark). Implementing a
reliable, scalable stream processing capability can take anywhere between a
few days and a few weeks, depending on the use case. On top of that, you also
need to deal with continuous monitoring, maintenance and optimization. You may
even need a dedicated team to handle this overhead. All in all, traditional
stream processing is challenging, expensive and time consuming. In contrast,
serverless stream processing eliminates the headache of managing a complex
architecture and the underlying infrastructure. It’s also more cost effective,
since you pay only for the resources you use. It’s natural that serverless
stream processing solutions have started to appear.
The Glaring Gap in Your Cybersecurity Posture: Domain Security
Because domain names are used for marketing and brand initiatives, security
teams may feel that protecting online domain names falls under the marketing
or legal side of the business. Or, they may have left domain protection in the
hands of their IT department. But, if organizations are unfamiliar with who
their domain registrars even are, chances are they are unaware of the policies
the registrars use and the security measures they have in place for branded,
trademarked domains. Domain security should be an essential branch of
cybersecurity, protecting brands online, but it is not always the highest
priority for consumer-grade domain registrars. Unfortunately, adversaries are
privy to the growth in businesses’ online presence and the often minimal
attention given to domain security, leading them to take a special interest in
targeting corporate and/or government domain names that are left exposed.
Organizations will continue to find themselves in the path of a perfect storm
for domain and DNS attacks and potential financial or reputational devastation
if they continue to allow the build-up of blind spots in their security
posture.
Put guardrails around AI use to protect your org, but be open to changes
While a seasoned CISO might recognize that the output from ChatGPT in response
to a simple security question is malicious, it’s less likely that another
member of staff will have the same antenna for risk. Without regulations in
place, any employee could be inadvertently stealing another company’s or
person’s intellectual property (IP), or they could be delivering their own
company’s IP into an adversary’s hands. Given that LLMs store user input as
training data, this could contravene data privacy regulations, including GDPR.
Developers are using LLMs to help them write code. When this is ingested, it
can reappear in response to a prompt from another user. There is nothing that
the original developer can do to control this because the LLM was used to help
create the code, making it highly unlikely that they can prove ownership of
it. This might be mitigated by using a GenAI license which helps enterprises
to guard against their code being used as an input for training. However, in
these circumstances, imposing a “trust but verify” approach is a good idea.
Why Generative AI Threatens Hospital Cybersecurity — and How Digital Identity Can Be One of Its Greatest Defenses
Writing convincing deceptive messages isn’t the only task cyber attackers use
ChatGPT for. The tool can also be prompted to build mutating malicious code
and ransomware by individuals who know how to circumvent its content filters.
It’s difficult to detect and surprisingly easy to pull off. Ransomware is
particularly dangerous to healthcare organizations as these attacks typically
force IT staff to shut down entire computer systems to stop the spread of the
attack. When this happens, doctors and other healthcare professionals must go
without crucial tools and shift back to using paper records, resulting in
delayed or insufficient care which can be life-threatening. Since the start of
2023, 15 healthcare systems operating 29 hospitals have been targeted by a
ransomware incident, with data stolen from 12 of the 15 healthcare
organizations affected. This is a serious threat that requires serious
cybersecurity solutions. And generative AI isn’t going anywhere — it’s only
picking up speed. It is imperative that hospitals lay thorough groundwork to
prevent these tools from giving bad actors a leg up.
15 Essential Data Mining Techniques
The essence of data mining lies in the fundamental technique of tracking
patterns, a process integral to discerning and monitoring trends within data.
This method enables the extraction of intelligent insights into potential
business outcomes. For instance, upon identifying a sales trend, organizations
gain a foundation for taking strategic actions to leverage this newfound
insight. When it’s revealed that a specific product outperforms others within
a particular demographic, this knowledge becomes a valuable asset.
Organizations can then capitalize on this information by developing similar
products or services tailored to the demographic or by optimizing the stocking
strategy for the original product to cater to the identified consumer group.
In the realm of data mining, classification techniques play a pivotal role by
scrutinizing the diverse attributes linked to various types of data. By
discerning the key characteristics inherent in these data types, organizations
gain the ability to systematically categorize or classify related data. This
process proves crucial in the identification of sensitive information
SolarWinds lawsuit by SEC puts CISOs in the hot seat
Without ongoing, open dialogue between these leaders, it’s impossible to
guarantee complete awareness of the range of complications associated with
potential cyber risks. Now that we’ve seen how these risks can easily extend
beyond security concerns and into catastrophic financial and legal issues,
it’s important that conversations about these risks are not taking place
exclusively among CISOs. The roles and responsibilities of CISOs and other
C-Suite executives vary dramatically, which can naturally result in siloed
processes and priorities. However, to ensure alignment and effectively protect
an organization from data breaches and legal recourse alike, it’s imperative
that business leaders learn to “speak the same language” and share information
to align their efforts and goals. CFOs and CISOs must collaborate to evaluate
the relationships between cybersecurity incidents and legal risks. We can
facilitate this by leveraging cyber risk quantification and management tools,
which congregate data to calculate, quantify and translate information about
threats and vulnerabilities into lay terms and easily digestible data.
CTO interview: Greg Lavender, Intel
“Our confidential computing capability is also a privacy-ensuring capability,”
says Lavender. “Europe is ahead in this area, with the notion of sovereign
clouds. Intel partners with some of the European governments on sovereign
cloud using Intel’s platforms for confidential computing. The
privacy-preserving capabilities are built into these platforms, which beyond
government, will also be useful in regulated industries like financial
services, healthcare and telcos.” “We also see a convergence in AI that will
open up a big market for our privacy-ensuring software and hardware,” says
Lavender. “You spend a lot of time prepping your data, tagging your data,
getting your data ready for training, usage or inference usage. You want to do
that securely in a multi-tenant environment. Our platforms give you the
opportunity to do your training securely between the CPU and the GPU, and then
you can deploy it securely in the cloud or at the edge.” “I’m talking with a
lot of CIOs about this technology, because data is now such a valuable thing.
It’s what you use to train your models. You don’t want somebody else to get
access to that data because then they can use it to train their models and
offer competing services.”
Quote for the day:
"Success is the progressive
realization of predetermined, worthwhile, personal goals." --
Paul J. Meyer
