'Shadow AI' could lead to a wave of insider threats

No Comments
Insider threat

Poor data controls and the advent of new generative AI tools based on Large Language Models (LLMs) will lead to a spike in insider data breaches over the coming year, says cybersecurity company Imperva.

As LLM-powered chatbots have become more powerful, many organizations have implemented complete bans or restricted what data can be shared with them. However, since an overwhelming majority (82 percent) have no insider risk management strategy in place, they remain blind to instances of employees using generative AI to help them with tasks.

"Forbidding employees from using generative AI is futile," says Terry Ray, SVP, data security GTM and field CTO at Imperva. "We’ve seen this with so many other technologies -- people are inevitably able to find their way around such restrictions and so prohibitions just create an endless game of whack-a-mole for security teams, without keeping the enterprise meaningfully safer."

Previous research from Imperva on the biggest data breaches of the last five years found that 24 percent were due to human error (defined as the accidental or malicious use of credentials for fraud, theft, ransom or data loss). However, insider threats are consistently not prioritized by businesses, with 33 percent saying they don't see them as a significant threat.

"People don't need to have malicious intent to cause a data breach," continues Ray. "Most of the time, they are just trying to be more efficient in doing their jobs. But if companies are blind to LLMs accessing their backend code or sensitive data stores, it's just a matter of time before it blows up in their faces."

Imperva says it's crucial for organizations to discover and have visibility over every data repository in their environment so that important information stored in shadow databases isn't being forgotten or abused. Once they have an inventory, the next step is to classify every data asset according to type, sensitivity, and value to the organization. Businesses also need to implement data monitoring and analytics capabilities that can detect threats such as anomalous behavior, data exfiltration, privilege escalation, or suspicious account creation.

Image Credit: LeoWolfert/Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

TUXEDO Stellaris 17 (Gen6): A high-performance portable Linux workstation

New solution helps companies prepare for 90-day TLS standard

Get 'Enterprise Transformation to AI and the Metaverse' (worth $59.99) for FREE

Best Windows apps this week

All you wanted to know about passkeys but were afraid to ask

Microsoft tells users 'if you want to fix 0x80070643 errors, you'll have to do it yourself'

Identity and permissions present a major security challenge

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.1

75 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

23 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.