Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber risks. Show all posts

Generative AI Has an Increasing Effect on the Workforce and Productivity

In a recent report published by KPMG, it was revealed that an overwhelming 97% of participants anticipate a significant or exceedingly substantial influence of generative AI on their respective organizations within the upcoming 12 to 18 months. Furthermore, the survey highlights that generative AI has secured its position as the foremost burgeoning enterprise technology. 

A notable 80% of respondents are of the opinion that this technology will instigate major upheavals in their industry, while an impressive 93% are convinced of its potential to deliver substantial value to their business operations. Generative AI, a facet of artificial intelligence, encompasses systems within machine learning. 

These systems possess the ability to produce diverse content forms—ranging from text, and images, to code—usually prompted by user input. This breed of AI models finds growing integration within various online utilities and chatbots. Users can engage by typing inquiries or directions into designated input spaces. 

Consequently, the AI model then undertakes the task of crafting responses akin to human communication. Among the participants, 62% indicated that their organizations were presently engaged in the application of generative AI. 

Additionally, 23% mentioned that they were in the initial phases of exploring its potential, while 14% revealed they were contemplating its integration. This implies that only a minimal 1% falls within the category of having either disregarded generative AI after assessment or possessing no intentions to employ it whatsoever. 

A noteworthy observation is that individuals not in IT leadership roles exhibited a higher tendency (73%) to report active utilization of generative AI, compared to IT leaders (59%). This suggests a realm of experimentation that transcends the boundaries of the IT department. Furthermore, enterprises boasting 5,000 or more employees displayed a greater likelihood (69%) of adopting the technology, in contrast to smaller counterparts (57%). 

A significant majority of U.S. executives, comprising 66%, emphasized that the introduction of generative AI into their operations would entail a dual approach: the recruitment of fresh talent and the upskilling of current employees. Notably, a substantial 71% of these executives envision the imperative need for the IT/Tech department to actively hire and provide training to their workforce to ensure seamless integration of generative AI. 

Throughout the implementation phase, executives hold the view that a certain skill set will emerge as paramount. Specifically, proficiency in domains such as AI, machine learning (ML), natural language processing (NLP), text-to-speech, and speech-to-text capabilities are anticipated to take precedence. In the realm of the financial services sector, opinions were equally divided regarding this matter. On the contrary, the retail industry appears to harbour a penchant for risk-taking, as evidenced by 60% of respondents indicating that being overly cautious holds a more significant peril. 

Meanwhile, those entrenched in the technology domain lean towards prudence, with 58% expressing the belief that rapid progression carries a greater potential hazard. Expanding the analysis, enterprises boasting 5,000 employees or more emerge as the most cautious contenders, with a substantial 75% indicating that erring on the side of moving too swiftly constitutes the primary concern. 

In contrast, smaller businesses find their concerns leaning toward the opposite end, with approximately 62.8% perceiving sluggishness as the most prominent threat. Interestingly, a noticeable discrepancy emerged between non-IT leaders and their IT counterparts in terms of the progress made in shaping generative AI policies and guidelines. 

A substantial 65% of non-IT leaders were actively engaged in this endeavour, whereas only 42% of IT leaders exhibited the same inclination. Likewise, a similar pattern emerged when considering the identification of practical use cases, with 59% of non-IT leaders ahead of their IT counterparts at 38%. 

Delving deeper into specific industries, the retail sector took the lead in the pre-existing identification of use cases, boasting a notable 49%. This positioned them ahead of the technology and manufacturing domains, both standing at 42%, while the financial services industry trailed with 32% in terms of this proactive readiness.

CISOs Leading Cyber Risk Engagement with C-Suite & Board

 

In a significant move to enhance cybersecurity measures, the Securities and Exchange Commission (SEC) has recently approved new regulations. These rules mandate that public companies must promptly disclose any cybersecurity breaches within a strict four-day timeframe. Additionally, the SEC requires these companies to elevate their Board's proficiency in handling cyber risk and overseeing cybersecurity matters. 

The proposal for these regulations was initially introduced in 2022, and the final decision was reached in July 2023, marking a crucial step in bolstering cybersecurity practices in the corporate sector. Over time, computing technologies have witnessed an extraordinary exponential growth through distinct eras. 

Initially, we saw the dominance of centralized mainframes, which later gave way to microcomputers and personal computers (PCs) during the 1990s. The subsequent era was marked by the rise of the internet, followed by the revolutionary surge in mobile devices during the 2000s. As we moved into the 2010s, the expansion into cloud computing emerged as a pivotal trend, reshaping the landscape of technology and opening new possibilities for the future. 

Successful engagement with the C-suite hinges on establishing a clear and straightforward link between cyber risk and business risk. The key lies in presenting a comprehensive understanding of the severe implications that such attacks could have on essential business objectives. By doing so, organizations can foster a deeper appreciation of cybersecurity's critical role in safeguarding their core business interests. 

As cyber threats evolve, the regulatory environment surrounding cyber risk is also evolving. The recent implementation of new SEC regulations has spurred a transformation in boardrooms' approach to cyber resilience in the digital era. Recognizing the pressing need for proactive data protection and defense, boardrooms are now more committed than ever to providing organizations with the necessary resources to effectively safeguard their data and fend off cyber attacks. 

This shift marks a significant step towards fortifying organizations against the ever-changing cyber landscape. This paradigm shift is causing a ripple effect, leading to increased demand for insights and counsel from security leaders by their Boards. 

According to a recent CAP Group Study, a staggering 90% of companies listed in the Russell 3000 index lacked a single director possessing the required cyber expertise. Consequently, CISOs are now stepping into the spotlight and being tasked with establishing and maintaining open lines of communication throughout the boardroom. Their expertise and ability to bridge the knowledge gap are becoming pivotal in guiding organizations towards effective cyber risk management and resilience.

Protect Yourself from Healthcare Cyber Risks

 

It has become increasingly apparent in the past few years that technology has played a significant role to assist hospitals and patients in managing their interactions. This is at a time when healthcare systems are stretched to their limits. HMIS has been concerned with the issue of cyber security for quite some time. The use of Health information technology (HIT) in hospitals has made it possible for them to synchronize patient information safely and securely. 

Cyberattacks are no longer a thing of the past for organizations. A resilient business with superior risk management separates it from a data breach business.  

Many techniques can be used to ensure resilience, including meticulous calculations of all potential risks and implementing control measures to mitigate them if necessary. As a result of healthcare cybersecurity, services that protect patients' data and privacy from cyber threats and attacks are being adopted by healthcare organizations around the globe. 

A crucial factor for the success of healthcare is the safety of patient information, which means that all stakeholders must take every precaution to ensure that patient information remains sensitive. There is no doubt that healthcare cybersecurity threats extend internally and externally, which is why it is imperative to realize this. 

There has been a rapid evolution of hacking tactics used to exploit population fears. This was done to use the panic during the pandemic. Keeping up with the ever-evolving threats, especially in the healthcare sector, is made possible by cybersecurity best practices. 

The absence of a secure cybersecurity framework invites unwanted cyber threats, which can put the hospital and its patients at risk in terms of both financial and clinical risks. Cyber frauds, malware and ransomware attacks, phishing attacks, and other cyber scams are a few of the most common threats facing the healthcare industry. 

A Review of Common Health Cyber Risks 

As part of the healthcare system, hospitals also store patient health records that contain sensitive information. 

In addition, they received a large payment from the company. A cybercriminal who wants to steal money from a patient's account is eager to obtain payment details from the patient's account. They use them for identity theft and financial fraud, which enables them to steal money from the patient. 

Fraudulent emails 

As the name suggests, phishing refers to a process in which a threat actor appears as a legitimate entity or individual. This can trick you into divulging confidential data to them. To get access to your network, the attacker manipulates you into opening malicious content downloaded to your computer, tricking you into giving them access to your network by clicking on the content. When this type of writing is done, it will usually evoke the fear of missing out (FOMO) and a sense of urgency.

Healthcare organizations likely receive a tremendous amount of emails and messages since they cater to the public. There are many ways threat actors can pose as prospective patients or business partners to launch phishing attacks against them. 

Attacks by ransomware

It is well known that ransomware encrypts your computer and locks you out of your network in an attempt to take control of the system. They intend to encrypt your files in a way that makes them inaccessible without the key to decrypt them. You will then be asked to pay them a ransom to regain access to your system.

Because healthcare organizations possess ransomware-sensitive data, they are prone to ransomware attacks. In most cases, attackers would prefer to pay up than allow their confidential information to be compromised or exposed. 

Increasing Supply Chain Vulnerability

Attacks on supply chains may come from any one of the multiple areas that are part of and contribute to it. Health insurance companies work with a wide range of suppliers and partners who provide them with products and services that enable them to operate effectively. Several third parties have been granted authorization access to their network so that they can make their operations seamless. 

Health organizations can do one of the most important things to stay on top of these threats. Getting your healthcare system's cybersecurity up to speed is essential if you want to ensure its integrity.

1. Staff Cyber Security Training

A robust technical control system can make it much more challenging for unauthorized people to gain access to your systems which is why it is beneficial to put in place such controls. Social engineers circumvent system safeguards by using phishing and spoofing. These tactics take advantage of users' lack of security awareness. All employees are required to undergo cybersecurity training so they know what to do to prevent data loss or theft. 

2. User Access Controlled 

Hackers are often pictured congregating in dark underground rooms and huddled close together when hacking. 

Your systems are constantly penetrated and decrypted to compromise your privacy. There are, however, some exceptions to this rule, such as most successful attacks coming through a system's front door i.e. by attempting to access the system through an authenticated user account. You need to define the different roles each employee within your organization plays. This will enable you to create a system access control policy that is feasible to implement within your organization. This information should already be available in the human resources department.

3. A Depth Approach to Security 

A security software maker cannot guarantee 100 percent that their application will prevent hacks with their application for the duration of its use. There are several levels of security that you need to have, and that's why you need them. Getting around one will not give an attacker access to your data, even if they manage to circumvent one successfully. There are several security measures you can take to keep intruders out of your network. These measures include a firewall, an anti-virus program, and a whitelist of approved applications. 

Since this is the same as the different forms of security you might install in your own home, it does not seem a big deal that there are different types of security. Lighting, door locks, alarms, security cameras, guard dogs, and security guards are some of them that can be installed to improve security around homes.

4. Recovery of Lost Data 

Among the reasons why cyberattacks are carried out is the theft of personal data, which is a common occurrence. An infection caused by a virus as well as a DDoS attack can cause disruptions to your work. While DDoS attacks and malware infections have the potential to corrupt your data and render it unusable, they aren't likely to overtly steal information. The loss of your data is much more devastating than having it accessed unauthorized by someone else. As with hackers gaining access to patient data, it can not only damage your reputation, but it can also cripple your operations to the extent that it can bring down your entire company and public image.

How Often do Developers Push Vulnerable Code?

In a recent Research Synopsys stated that 48% of organizations deliberately push vulnerable code in their application security programs due to time constraints. The survey has been published after a thorough investigation conducted on more than 400 U.S.-based developers who work at organizations where they currently have CI/CD tools in place. 

The survey report named “Modern Application Development Security” examined to what extent threat security teams understand modern development and deployment practices, and where security controls are required to lower the risk. 

Following the survey, 60% of respondents mentioned that their production applications were exploited by OWASP top-10 vulnerabilities in the past 12 months. 42% of developers push vulnerable code once per month. 

The research stated that certain organizations knowingly push vulnerable codes without a thorough understanding of the security risks that they are taking. Employees think that it does not come into their bucket of responsibility to fix the code before the immense pressure. 

29% of developers within their organization lack the knowledge to mitigate issues. Developers play a very important role in application security, but the report stated that they lack the skills and training. Nearly one-third (29%) of respondents express that developers within their organization lack the knowledge to mitigate issues identified by their current application security tools. Further, the report said that Developers fix only 32% of known vulnerabilities. 

The researchers have also given solutions to fix the vulnerabilities efficiently. A third of vulnerabilities are noise. To reduce false-positive vulnerabilities, scans must have access to all of the required data so that security tools can accurately research whether vulnerability exists. Reducing security noise will allow developers to address security issues confidently and on time. 

Following the research, Tromzo CTO Harshit Chitalia said, “These findings show that developers regularly ignore security issues, but can we really blame them? Security teams are bombarding them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before…” 

“…If we want developers to truly implement security, we must make it easy for them. This means integrating contextual and automated security checks into the SDLC so we can transition from security gates to security guardrails,” he further added,