The importance of people, process and expertise for cyber resilience in the AI age
No business is immune to the cyber threats that exist today, ranging from malicious software and ransomware to AI threats and more, which occur daily, weekly and often even more frequently than this. To counter them, companies must have strategies in place to minimize the potential damage of an attack by protecting data and putting plans in place to recover from a cyberattack as quickly and effectively as possible.
The increased adoption of AI by everyone from employees to cyber criminals is adding further risk and complexity to the security landscape. While cybercriminals are incorporating AI into their arsenal to enhance their attack strategies, employees are unwittingly helping these attackers gain their sought-after prize, data. Many employees today are experimenting with generative AI models to assist with their jobs, but many put vast amounts of data, ranging from personal details to company information, into these systems, often without the organization’s knowledge.
The critical intersection between AI and identity management
Today, almost every organization and most individuals are using or experimenting with Artificial Intelligence (AI). There are plenty of examples of how it is changing businesses for the better, from marketing and HR to IT teams. What was once computationally impossible, or prohibitively expensive to do, is now within reach with the use of AI.
According to Gartner, approximately 80 percent of enterprises will have used generative AI (GenAI) APIs or models by 2026. As AI drives value for organizations, it is fueling further demand and adoption.
Unmasking the impact of shadow AI -- and what businesses can do about it
The AI era is here -- and businesses are starting to capitalize. Britain’s AI market alone is already worth over £21 billion and expected to add £1 trillion of value to the UK economy by 2035. However, the threat of “shadow AI” -- unauthorized AI initiatives within a company -- looms large.
Its predecessor -- “shadow IT” -- has been well understood (albeit not always well managed) for a while now. Employees using personal devices and tools like Dropbox, without the supervision of IT teams, can increase an organization’s attack surface -- without execs or the C-suite ever knowing. Examples of shadow AI include customer service teams deploying chatbots without informing the IT department, unauthorized data analysis, and unsanctioned workflow automation tools (for tasks like document processing or email filtering).
Are you putting your business at risk by not patching these common vulnerabilities?
Patching is something that we all know we have to do. But it is easier said than done. In reality, patching can be hard due to problems around application compatibility, having adequate downtime windows, or more pressing business risks to manage. This can lead to some very serious software problems being left open and vulnerable to exploitation.
Here are three examples of common software vulnerabilities that existed for years with updates available, yet are still regularly targeted by threat actors.
AI-ttack of the Clones: The rise and risks of AI scams
Used for productivity, generative AI offers unprecedented potential to improve the performance and impact of modern software solutions. One of its major capabilities is that it lowers the barriers to entry for those without software development knowledge and experience. While this has its advantages, in the wrong hands, it can also be dangerous.
GenAI has also raised the stakes for those looking to protect users against social engineering, with increasingly sophisticated and compelling scams making it more difficult than ever to filter genuine communication from fake.
Confronting quantum computers' cryptanalysis concerns
The race to successfully build quantum computers is on. With the potential to solve all manner of problems for humanity, players across the globe -- from tech companies to academic institutions to governments -- have been busy investing significant resources into quantum computing initiatives for some years now.
But what are they exactly? A traditional (digital) computer processes zeros and ones, so called bits. These, to a first order approximation, are represented as on/off electrical signals. Quantum computers, on the other hand, leverage quantum mechanics to process information using quantum-bits or qubits, which can represent multiple states simultaneously. And it’s this capability that enables quantum computers to tackle computational tasks that are currently out of the question for classical computers - think factoring large numbers, simulating quantum systems, optimizing complex systems or solving certain types of optimization and machine learning problems.
Beyond the snapshot: Why continuous risk assessment is essential in today's threat landscape
Security vulnerabilities often lurk undetected within organizations, a consequence of gaps in traditional security assessments. These gaps can arise from missed systems during scans or the use of improper scanning techniques or technologies for specific systems.
To effectively manage risk, organizations need a comprehensive understanding of their security posture across the entire technology stack. This is where continuous risk assessment comes in -- it provides enhanced visibility, pinpointing vulnerabilities that periodic audits might miss and highlighting the limitations of traditional methods.
Combating small ransomware attacks
Ransomware attacks are so destructive that it’s easy to assume that all of them are large-scale in nature. However, this isn’t always the case, and ransomware gangs can do incredible amounts of damage with relatively small amounts of data. For example, an analysis carried out by Zerto of 116 globally diverse ransomware attacks spanning 43 different ransomware variants uncovered a median dataset size of just 183.5 GB.
When considered alongside a study carried out by Splunk, which says the average ransomware can encrypt a gigabyte of data in 47.7 seconds, the typical encryption detonation process for 183.5 GB of data would take nearly two and a half hours: That’s not very long at all.
What the EU AI act means for cybersecurity teams and organizational leaders
On March 13, 2024, the European Parliament adopted the Artificial Intelligence Act (AI Act), establishing the world’s first extensive legal framework dedicated to artificial intelligence. This imposes EU-wide regulations that emphasize data quality, transparency, human oversight, and accountability. With potential fines reaching up to €35 million or 7 percent of global annual turnover, the act has profound implications for a wide range of companies operating within the EU.
The AI Act categorizes AI systems according to the risk they pose, with stringent compliance required for high-risk categories. This regulatory framework prohibits certain AI practices deemed unacceptable and meticulously outlines obligations for entities involved at all stages of the AI system lifecycle, including providers, importers, distributors, and users.
A technical overview of Cisco IoT: Routing and switching
The topical area of Cisco’s IoT (Internet of Things) offerings includes assorted types of wireless networking, and they consist of widely disparate requirements in different use cases such as “industrial networking.”
At recent partner training courses and presentations, Cisco summarized its product applications to various market niches. The following article offers a compiled summary of Cisco's IoT products, describing how they might be used and pinpointing why tech decision-makers should care about specific features.
It's time to get proactive on the UK's critical national infrastructure (CNI) security -- but where to start?
The critical national infrastructure that underpins the UK has undergone a tremendous amount of digital transformation in recent years. Areas like water treatment, energy and food production are still heavily reliant on operational technology (OT) systems that were often designed and implemented long before the digital revolution.
Digitizing these systems and connecting them to standard IT networks has allowed operators to boost efficiency and bring in practices like remote working and data collection that weren’t possible in an analogue environment.
How threat intelligence can improve vulnerability management outcomes
It might surprise you to know that more than 70 new vulnerabilities are published every day. And despite their risk-reducing value in helping SOC teams address these, vulnerability management solutions have drawbacks. Often, they only provide a snapshot of an organization’s vulnerabilities at a point in time. In fact, owing to their nature, vulnerabilities identified today may not exist tomorrow, or they may appear and disappear intermittently. This leaves security teams scrambling to understand not only what the risk is, but how it affects them and where they should start first with any remediation.
Often vulnerability management solutions struggle to support SOC teams effectively, meaning they face an uphill battle with fragmented tools and data silos. This in turn creates major challenges around alert fatigue and overloaded SOC teams who, despite all the tools available to them, end up undertaking manual investigations to determine the best response.
Software file converters: How they work and why you need them
In today's digital world, we deal with a vast array of file formats daily, from documents and images to videos and audio files. However, not all software or devices can open every document type, leading to compatibility issues. This is where file converter software comes into play, making our digital lives more convenient and efficient.
A file converter is a tool that allows you to convert one format into another. It acts as a digital translator, ensuring that your documents can be opened and used across different platforms, devices, and software applications. Whether you need to convert a Word document to PDF, an image from JPEG to PNG, or a video from AVI to MP4, a file converter software can handle the task seamlessly.
Human risk management automation can help beat burnout
Cyber criminals are relentlessly exploiting new technologies to improve their chances of success. As such, security professionals are feeling the pressure of keeping watch against these threats and trying to stay a step ahead of these criminals.
Yet, constantly remaining in a state of high alert is a formula for burnout, stress, and errors. But this doesn't have to be the case. Human risk management automation refers to the use of software tools to automate the processes of monitoring, reducing, and fixing workforce security risks. This can help ease the burden felt by security professionals and aid in improving overall security posture.
The psychological impact of phishing attacks on your employees
As we observe Stress Awareness Month, it's important to recognize the toll that phishing attacks can take on individuals and organizations. These attacks have become increasingly sophisticated and widespread, with a staggering 94 percent of organizations falling victim to successful phishing attacks. As cybercriminals continue to exploit human vulnerabilities through social engineering, the impact on employee stress levels is a growing concern that cannot be ignored.
The constant vigilance required to identify and avoid these attacks, along with the potential consequences of falling victim, can contribute to increased anxiety and decreased productivity in the workplace. Addressing this issue is of paramount importance, to protect both the wellbeing of employees and the security of sensitive information.
© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.