Feeling overwhelmed by the monumental task of staying on top of not only the physical but the cyber side of your organization’s security stance? You likely aren’t alone. Then on top of knowing what is going on in your own organization, the fast-shifting regulatory world of both cyber and AI can be another headache.
A recent report from Swimlane found that more than 90 percent of organizations have re-evaluated their cybersecurity strategies in the past year as a result of new regulations, with more than half of them completely reconsidering their strategies as a result. While just over a third did realize budget increases, only 40 percent felt confident that their organization possessed the necessary resources, personnel and tools to fully comply with regulations.
Beyond regulatory compliance concerns, another study by Deep Instinct found that a whopping 97 percent of security experts worry about AI-related security attacks and related cybersecurity strategies emerging to face those attacks. The report also found that the increase in AI-powered threats prompted three-quarters of respondents to adjust their security strategies in the past year.
There is some positive news related to some of the latest technology and the threats they can pose.
On the cybersecurity front, however. CISA recently announced that its Secure by Design pledge has amassed buy-in from 68 leading software manufacturers, who have voluntarily pledged to deliver measurable progress towards seven key goals with the intent of securing critical infrastructure. According to a CISA release, those goals are:
- Exhibit actions taken to increase the application of multi-factor authentication throughout the manufacturer’s products.
- Reduce default passwords throughout the manufacturer’s products.
- Demonstrate a measurable reduction in one or more vulnerability classes throughout the manufacturer’s products.
- Increase the security patches installed by customers.
- Release a vulnerability disclosure policy (VDP) that allows for public testing, commits to not take legal action against those who follow the VDP in good faith, presents a clear process for reporting vulnerabilities, and allows for public discussion of vulnerabilities.
- Demonstrate transparency in reporting vulnerabilities by ensuring every Common Vulnerabilities and Exposures (CVE) record includes accurate Common Weakness Enumeration (CWE) and Common Platform Enumeration (CPE) fields. Furthermore, issue CVE reports in a timely manner.
- Increase the customer’s ability to collect evidence of cybersecurity intrusions that impact the manufacturer’s products.
Meanwhile, on the AI front, the OpenAI Board has formed a Safety and Security committee to provide suggestions on decisions for all Open AI projects. The first task will be to develop processes and safeguards for review within 90 days (by end of July) for full review by the board.
Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, told Security Magazine, “As AI innovation continues to unfold at a rapid pace, we hope to see similar commitments for data science and data integrity. Data integrity, testing, evaluation and verification, as well as accuracy benchmarks, are key components in the accurate and effective use of AI. Encouraging diversity of thought in AI teams is also crucial to help combat bias and harmful training and/or output. Most importantly, AI should be used responsibly, safely and securely. The risk AI poses is often in the way it is adopted.”
Finally, when it comes to cloud-based systems — an increasingly popular option for many companies — a recent Veeam Software report found the desire to integrate cyber technologies with data protection and backup, along with improved protection of cloud-hosed workloads are top drivers for organizations to consider cloud-hosted or cloud-managed services.
That report also highlighted the many roles that are involved in data protection, including IT operations, managed BaaS or DRaaS teams, backup teams, workload administrators, and trusted resellers/integrators. On average, organizations have 2.3 roles dedicated to ensuring backups and 1.8 roles responsible for restoration. This demonstrates the importance of having expertise and judgment in data recovery processes.
In other words, it truly does take a village.