BetaNews Staff

Unmasking the impact of shadow AI -- and what businesses can do about it

The AI era is here -- and businesses are starting to capitalize. Britain’s AI market alone is already worth over £21 billion and expected to add £1 trillion of value to the UK economy by 2035. However, the threat of “shadow AI” -- unauthorized AI initiatives within a company -- looms large.

Its predecessor -- “shadow IT” -- has been well understood (albeit not always well managed) for a while now. Employees using personal devices and tools like Dropbox, without the supervision of IT teams, can increase an organization’s attack surface -- without execs or the C-suite ever knowing. Examples of shadow AI include customer service teams deploying chatbots without informing the IT department, unauthorized data analysis, and unsanctioned workflow automation tools (for tasks like document processing or email filtering).

Continue reading

Are you putting your business at risk by not patching these common vulnerabilities?

System patching

Patching is something that we all know we have to do. But it is easier said than done. In reality, patching can be hard due to problems around application compatibility, having adequate downtime windows, or more pressing business risks to manage. This can lead to some very serious software problems being left open and vulnerable to exploitation.

Here are three examples of common software vulnerabilities that existed for years with updates available, yet are still regularly targeted by threat actors.

Continue reading

AI-ttack of the Clones: The rise and risks of AI scams

Used for productivity, generative AI offers unprecedented potential to improve the performance and impact of modern software solutions. One of its major capabilities is that it lowers the barriers to entry for those without software development knowledge and experience. While this has its advantages, in the wrong hands, it can also be dangerous.

GenAI has also raised the stakes for those looking to protect users against social engineering, with increasingly sophisticated and compelling scams making it more difficult than ever to filter genuine communication from fake.

Continue reading

Confronting quantum computers' cryptanalysis concerns

The race to successfully build quantum computers is on. With the potential to solve all manner of problems for humanity, players across the globe -- from tech companies to academic institutions to governments -- have been busy investing significant resources into quantum computing initiatives for some years now.

But what are they exactly? A traditional (digital) computer processes zeros and ones, so called bits. These, to a first order approximation, are represented as on/off electrical signals. Quantum computers, on the other hand, leverage quantum mechanics to process information using quantum-bits or qubits, which can represent multiple states simultaneously. And it’s this capability that enables quantum computers to tackle computational tasks that are currently out of the question for classical computers - think factoring large numbers, simulating quantum systems, optimizing complex systems or solving certain types of optimization and machine learning problems.

Continue reading

Beyond the snapshot: Why continuous risk assessment is essential in today's threat landscape

Security vulnerabilities often lurk undetected within organizations, a consequence of gaps in traditional security assessments. These gaps can arise from missed systems during scans or the use of improper scanning techniques or technologies for specific systems.

To effectively manage risk, organizations need a comprehensive understanding of their security posture across the entire technology stack. This is where continuous risk assessment comes in -- it provides enhanced visibility, pinpointing vulnerabilities that periodic audits might miss and highlighting the limitations of traditional methods.

Continue reading

Combating small ransomware attacks  

Ransomware Malware Cyber Attack

Ransomware attacks are so destructive that it’s easy to assume that all of them are large-scale in nature. However, this isn’t always the case, and ransomware gangs can do incredible amounts of damage with relatively small amounts of data. For example, an analysis carried out by Zerto of 116 globally diverse ransomware attacks spanning 43 different ransomware variants uncovered a median dataset size of just 183.5 GB.

When considered alongside a study carried out by Splunk, which says the average ransomware can encrypt a gigabyte of data in 47.7 seconds, the typical encryption detonation process for 183.5 GB of data would take nearly two and a half hours: That’s not very long at all.

Continue reading

What the EU AI act means for cybersecurity teams and organizational leaders

On March 13, 2024, the European Parliament adopted the Artificial Intelligence Act (AI Act), establishing the world’s first extensive legal framework dedicated to artificial intelligence. This imposes EU-wide regulations that emphasize data quality, transparency, human oversight, and accountability. With potential fines reaching up to €35 million or 7 percent of global annual turnover, the act has profound implications for a wide range of companies operating within the EU.

The AI Act categorizes AI systems according to the risk they pose, with stringent compliance required for high-risk categories. This regulatory framework prohibits certain AI practices deemed unacceptable and meticulously outlines obligations for entities involved at all stages of the AI system lifecycle, including providers, importers, distributors, and users.

Continue reading

A technical overview of Cisco IoT: Routing and switching

Cisco logo on laptop screen

The topical area of Cisco’s IoT (Internet of Things) offerings includes assorted types of wireless networking, and they consist of widely disparate requirements in different use cases such as “industrial networking.”

At recent partner training courses and presentations, Cisco summarized its product applications to various market niches. The following article offers a compiled summary of Cisco's IoT products, describing how they might be used and pinpointing why tech decision-makers should care about specific features.

Continue reading

It's time to get proactive on the UK's critical national infrastructure (CNI) security -- but where to start?

Risk dial

The critical national infrastructure that underpins the UK has undergone a tremendous amount of digital transformation in recent years. Areas like water treatment, energy and food production are still heavily reliant on operational technology (OT) systems that were often designed and implemented long before the digital revolution.

Digitizing these systems and connecting them to standard IT networks has allowed operators to boost efficiency and bring in practices like remote working and data collection that weren’t possible in an analogue environment.

Continue reading

How threat intelligence can improve vulnerability management outcomes

It might surprise you to know that more than 70 new vulnerabilities are published every day. And despite their risk-reducing value in helping SOC teams address these, vulnerability management solutions have drawbacks. Often, they only provide a snapshot of an organization’s vulnerabilities at a point in time. In fact, owing to their nature, vulnerabilities identified today may not exist tomorrow, or they may appear and disappear intermittently. This leaves security teams scrambling to understand not only what the risk is, but how it affects them and where they should start first with any remediation.

Often vulnerability management solutions struggle to support SOC teams effectively, meaning they face an uphill battle with fragmented tools and data silos. This in turn creates major challenges around alert fatigue and overloaded SOC teams who, despite all the tools available to them, end up undertaking manual investigations to determine the best response.

Continue reading

Software file converters: How they work and why you need them

In today's digital world, we deal with a vast array of file formats daily, from documents and images to videos and audio files. However, not all software or devices can open every document type, leading to compatibility issues. This is where file converter software comes into play, making our digital lives more convenient and efficient.

A file converter is a tool that allows you to convert one format into another. It acts as a digital translator, ensuring that your documents can be opened and used across different platforms, devices, and software applications. Whether you need to convert a Word document to PDF, an image from JPEG to PNG, or a video from AVI to MP4, a file converter software can handle the task seamlessly.

Continue reading

Human risk management automation can help beat burnout

Cyber criminals are relentlessly exploiting new technologies to improve their chances of success. As such, security professionals are feeling the pressure of keeping watch against these threats and trying to stay a step ahead of these criminals.

Yet, constantly remaining in a state of high alert is a formula for burnout, stress, and errors. But this doesn't have to be the case. Human risk management automation refers to the use of software tools to automate the processes of monitoring, reducing, and fixing workforce security risks. This can help ease the burden felt by security professionals and aid in improving overall security posture.

Continue reading

The psychological impact of phishing attacks on your employees

As we observe Stress Awareness Month, it's important to recognize the toll that phishing attacks can take on individuals and organizations. These attacks have become increasingly sophisticated and widespread, with a staggering 94 percent of organizations falling victim to successful phishing attacks. As cybercriminals continue to exploit human vulnerabilities through social engineering, the impact on employee stress levels is a growing concern that cannot be ignored.

The constant vigilance required to identify and avoid these attacks, along with the potential consequences of falling victim, can contribute to increased anxiety and decreased productivity in the workplace. Addressing this issue is of paramount importance, to protect both the wellbeing of employees and the security of sensitive information.

Continue reading

The increasing sophistication of synthetic identity fraud

AI-Fraud-hacker

Synthetic identity fraud is most commonly associated with fraud in banking or against credit unions but is often mistakenly overlooked in digital commerce. With fraudsters becoming cleverer about how they use synthetic identities, it’s a tactic that fraud fighters need to watch out for and guard against.

Synthetic identity fraud is when a fraudster takes a piece of real identifying information belonging to a legitimate individual and combines it with other identifying information that is either fake or real but belongs to someone else.

Continue reading

The NIST/NVD situation and vulnerability management programs

computer bug

In the infosec world we continually preach about “defense in depth,” or layered security. The idea is that if a defensive measure at one layer fails, there are additional layers behind it that serve as a safety net. An interesting application of these concepts comes in examining the data feeds that provide information to our security tools. If one of the feeds goes down, will our security tooling continue to work as expected?

This recently came to light when the National Institute of Standards and Technology (NIST) announced that it cannot keep up with the number of software bugs being submitted to the National Vulnerability Database (NVD). According to NIST itself, it has only analyzed roughly one-third of the Common Vulnerabilities and Exposures (CVEs) submitted this year. Since many organizations rely on NVD information in their vulnerability management programs, this is distressing news. For organizations in this situation, the question then becomes: How do we minimize the impact of the NIST backlog?

Continue reading

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.