Mass exploitation campaigns are the latest of many criminal innovations in 2023. Based on tracing ransom payments, they weren't very profitable. But ransomware actors do love their zero-days, said Allan Liska, principal intelligence analyst at Recorded Future.
Offensive security is transitioning from traditional penetration testing to a more continuous, technology-led approach, says Aaron Shilts, president and CEO at NetSPI. The security posture of organizations is constantly changing, making a point-in-time pen test less effective.
The enterprise adoption of AI-based large language models has created a new attack surface for adversaries to exploit, said Thomvest Ventures principal Ashish Kakran. A hacker who gains access to or tampers with the data that's been used to train the large language models could wreak a lot of havoc.
Cybersecurity professionals are stressed out, overworked, underpaid and working on short-staffed teams, said Candy Alexander, president of the ISSA International Board. She advised organizations to look for the right indicators of a good cybersecurity culture.
CrowdStrike has focused on bringing its extended detection and response technology to users with less expensive devices such as Chromebooks by adding support for Google's ChromeOS. The pact will give CrowdStrike clients greater visibility into the security posture and compliance of ChromeOS devices.
A top challenge businesses face is the lack of knowledge about what digital assets they have, making it difficult to protect them, respond to attacks, and collect evidence. External threat intelligence and attack surface management are colliding as companies look to respond effectively to threats.
The U.S. Federal Trade Commission is seeking tougher sanctions for Facebook after determining that several gaps exist in the company's compliance with a 2020 consent decree mandating privacy improvements. The company will have 30 days to respond and could challenge tougher privacy rules in court.
Artificial intelligence and machine learning are used extensively for detecting threats, but their use in other areas of security operations is less explored. One of the biggest opportunities for AI and ML in cyber is around investigating potential security incidents, said Forrester's Allie Mellen.
AI is a tool for augmenting humans rather than replacing them, and AI is far from surpassing human capabilities on a scalable level. Although AI can generate realistic images and believable text, it still has a long way to go in detecting anomalies, said Kyle Hanslovan, CEO of Huntress.
Artificial intelligence and machine-learning technology is vulnerable to cyberattacks due to a lack of security around the models themselves, said Mark Hatfield, founder and general partner at Ten Eleven Ventures. How do we identify and fix the potential risks of misuse that come with AI?
The speed at which we're seeing ransomware attacks has increased dramatically in the last couple of years - and it's only getting faster, warns Mary O'Brien, general manager, IBM Security. Ransomware deployment has increased from three months to four days on average.
Early-stage startups interested in the implementation of artificial intelligence are often concerned about the policies surrounding AI use. While some startups are looking at automating policies, others are building platforms to test the accuracy, integrity and robustness of AI models.
Generative AI has revolutionized the way people interact with chatbots. Ruby Zefo, chief privacy officer and ACG for privacy and cybersecurity at Uber Technologies, cited ChatGPT as an example of the need to conduct an "environmental scan" of both external and internal risks associated with it.
Pre-RSA social media gaming predicted it. Many predicted they would loath it. And it happened: Discussions at this year's RSA conference again and again came back to generative artificial intelligence - but with a twist. Even some of the skeptics professed their conversion to the temple of AI.
Organizations often face challenges when they aim to build sustainable security programs at scale. Anna Westelius, director of security engineering with Netflix, discussed the company's big infrastructure projects that give it more leverage over time than investing in manual processes.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.