BetaNews Staff

In the era of digital transformation, national security faces complex and multifaceted challenges. To address these challenges, the Department of Defense (DOD) is taking a vigilant approach to fortify the security of cloud infrastructure.

This approach seamlessly aligns with overarching national cybersecurity initiatives, which are focused on countering a multitude of emerging threats in the age of automation. Collaboratively, the DOD and other government agencies are dedicated to strengthening the ever-evolving cloud ecosystem, while navigating an increasingly intricate threat landscape.

Continue reading →

Without intending to be trite, there is a very important role that experience plays in the mitigation of risk. Experience comes into play when you are tasked with prioritizing risks. If you have zero experience in cybersecurity risk management, two critical vulnerabilities have equal weight and importance. But not all critical vulnerabilities can or will be weaponized and exploited. And not all critical vulnerabilities will result in a breach or security incident. This is the difference between a priori (independent from any experience) vs a posteriori (dependent on empirical evidence) vulnerability management.

To be effective at mitigating risk, we need to find ways to make intelligent use of experience in running infosec programs. We need to use not just our own experience, but also the experience of others. This is a form of collective resilience that is crucial to defending against nation states, organized crime and, like it or not, bored teenagers attacking and breaching companies just for the lulz like LAPSUS$. This piece aims to help identify some ways in which we can better prioritize our efforts.

Continue reading →

OpenAI held its first dev day conference last week, and announcements there made huge waves in technology and startup circles. But it’s enterprises that should be paying attention, and here’s why:

OpenAI made significant improvements to ChatGPT -- ones that address critical flaws that made it unsuitable for enterprise use cases because the results were inaccurate, non-credible and untrustworthy. What’s changed is that OpenAI has integrated retrieval augmented generation (RAG) into ChatGPT.

Continue reading →

APIs are unseen. They are not typically a technology that end users interact with directly and are somewhat hidden from their day-to-day activities. Therefore, user understanding of API vulnerabilities and the impact an API security incident could have, when it comes to data breaches, is often lacking.

While data breaches are big news, what regularly isn’t reported is the way in which some of these incidents happen. But the reality is that for many data breaches, the weak links, more often than not, are APIs and improper security around those APIs.

Continue reading →

We’re nearly one year on since ChatGPT burst onto the scene. In a technology world full of hype, this has been truly disruptive and permanently changed the way we work. It has also left IT departments scrambling to keep up – what are the risks of using AI? Can I trust the apps with my data?

Should we ban altogether or wait, and see? But if we ban it, is there a risk of being left behind as other companies innovate?

Continue reading →

Over the past year, we have seen generative AI and large language models (LLMs) go from a niche area of AI research into being one of the fastest growing areas of technology. Across the globe, around $200 billion is due to be invested in this market according to Goldman Sachs, boosting global labor productivity by one percentage point. That might not sound like much, but it would add up to $7 trillion more in the global economy.

However, while these LLM applications might have potential, there are still problems to solve around  privacy and data residency. Currently, employees at organisations can unknowingly share sensitive company data or Personal Identifiable Information (PII) on customers out to services like OpenAI. This opens up new security and data privacy risks.

Continue reading →

Network management and security should go hand in hand. However, making these services work has become more complicated and riskier due to the growth of the public cloud, the use of software applications, and the need to integrate different solutions together.

This complex network security domain requires more skilled cybersecurity professionals. But as this need becomes obvious, so does the glaring skills gap. In the UK, half of all businesses face a fundamental shortfall in cybersecurity skills, and 30 percent grapple with more complex, advanced cybersecurity expertise deficiencies.

Continue reading →

Every organization in the 21st century understands that keeping proprietary data safe is crucial to its success. However, while business leaders tend to believe their current security products and policies are truly secure, breaches continue to climb. It is clear that despite an ever-increasing number of companies maintaining formalized security programs and annually increasing security budgets, there are gaps that continue to go unnoticed and unaddressed.

Through hundreds of assessments and breach analyses, we have concluded there are eight common weaknesses that most commonly enable threat actors to penetrate organizations’ security armor, move through networks to elevate privileges, and ultimately allow them to compromise defenses. These weaknesses are continuously probed by threat actors, and while they may seem secure at deployment, they often are not; and even if initially secure, they frequently become obsolete due to missed updates, upgrades, changes to the enterprise environment, and evolving threat tactics. A frequent misconception is that security products and processes can be set and then forgotten; but since threat actors’ tactics evolve at an alarming pace, security controls must also be continually adjusted to ensure that organizations’ security armor continues to envelop and protect. In the absence of continuous evolution, the armor and its contents become vulnerable and, often, more at risk due to a false sense of security.

Continue reading →

I’ve led security functions and established cybersecurity board reporting processes for over 25 years. The relationship between CEOs and CISOs has always held contradictions and the decisions around when to disclose a breach have always been hard. But the recent developments involving the SEC and SolarWinds is a regulatory game-changer for the CISO community. Still, I think we’ll all ultimately come out OK from this if we behave ethically.

New ethical lines are being drawn very quickly and publicly as teams figure out the lines between good judgment and fraud. I have no intention of moralizing here about the SEC’s allegations against SolarWinds and their CISO. Rather, I’d like to shine a light on the underlying principles of disclosure that have served as my own ethical compass, and which I think remain unchanged.

Continue reading →

Most digital transformations fail. As a global entrepreneur and former software implementation consultant for Fortune 500 companies, I know that a digital initiative doesn’t end after a platform goes live. Digital change has a huge impact on our employees, who interact with about 13 applications 30 times per day to be successful in their jobs.

When trying to get employees to embrace new technology and tools, leaders say their biggest challenge is hard-to-use applications with a high learning curve (68 percent). It is, therefore, not surprising that many employees’ responses to digital transformation follow a process similar to the Kubler-Ross Stages of Grief. In the context of software adoption, we can think of this in terms of the associated Kubler-Ross Change Curve.

Continue reading →

With the rapid proliferation of Generative AI (GenAI), developers are increasingly integrating tools like ChatGPT, Copilot, Bard, and Claude into their workflows. According to OpenAI, over 80 percent of Fortune 500 companies are already using GenAI tools to some extent, whilst a separate report shows that 83 percent of developers are using AI-tools to speed up coding.

However, this enthusiasm for GenAI needs to be balanced with a note of caution as it also brings a wave of security challenges that are easily overlooked. For many organizations, the rapid adoption of these tools has outpaced the enterprise's understanding of their inherent security vulnerabilities. This would yield a set of blocking policies for example, Italy had at one point this year completely blocked usage of GPT, which is never the answer.

This misalignment could not only compromise an organization’s data integrity but also impact its overall cyber resilience. So, how should AppSec teams, developers, and business leaders respond to the security challenges that accompany the widespread use of GenAI?

Continue reading →

Business intelligence (BI) was once heralded as a technology that would democratize data, enabling everyone to become more productive and make better decisions. Today, though, analysts in the BI space like to share the same (and possibly apocryphal) statistic: The global business intelligence adoption rate is only 26 percent.

If only 26 percent of potential users ever access BI, something is broken. Why is access so poor? What can developers and engineers do to make BI achieve its full potential?

Continue reading →

Modern security teams need a 360-degree perspective if they are to successfully deal with all the risks they face. As well as protecting networks and data from external threat actors, organizations must also look at the risks posed by insiders -- a major security problem that brings a unique set of challenges.

Indeed, the issues associated with insider threats are growing to near ubiquitous levels. According to recent industry research, three-quarters of organizations say insider attacks have become more frequent, with more than half experiencing an insider threat in the last year. A major part of the challenge is identifying where the threats are coming from, given that employees and contractors already have varying levels of permitted access to systems. While the motivation for insiders can be malicious, employee errors can also result in hugely damaging security breaches.

Continue reading →

New technologies debut almost every day. This constant barrage of novel tools creates a perpetual cycle of overshadowing -- someone is always introducing a new technology that eclipses the previous innovation, and then something even newer comes out, and the cycle repeats itself. However, OpenAI’s ChatGPT broke that cycle.

Since ChatGPT’s debut in late 2022, the generative AI tool has exploded in popularity. It took just two months for the platform to reach 100 million users, a speed that shattered the previous record for fastest-growing app. The creators of ChatGPT expect the tool to generate $200 million this year and project that number will grow to $1 billion next year. Other businesses, like Google and Grammarly, are taking note. Both of these organizations have developed their own generative AI tool to enhance their business operations.

Continue reading →

Data science and AI leaders are rushing to accelerate new technology adoption. According to Forrester, generative AI alone will see an average annual growth rate of 36 percent for the next seven years, taking 55 percent of the AI software market. The analyst firm also estimates that by 2030, $79 billion will be spent annually on specialized generative AI applications and $42 billion will be spent annually on generalized generative AI use cases. 

Even if Forrester is off by a few billion dollars, moving fast is still critical to achieving success, but so is having an optimal AI strategy. Leaders must ensure that practitioners have the technology they need to innovate. At the same time, they must ensure innovation does not exceed budgets or introduce new risks. 

Continue reading →