Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT Leaders. Show all posts
Work Management
Business Security Cyber Security Generative AI IT Leaders Work Management

IT Leaders Raise Security Concerns Regarding Generative AI

 

According to a new Venafi survey, developers in almost all (83%) organisations utilise AI to generate code, raising concerns among security leaders that it might lead to a major security incident. 

In a report published earlier this month, the machine identity management company shared results indicating that AI-generated code is widening the gap between programming and security teams. 

The report, Organisations Struggle to Secure AI-Generated and Open Source Code, highlighted that while 72% of security leaders believe they have little choice but to allow developers to utilise AI in order to remain competitive, virtually all (92%) are concerned regarding its use. 

Because AI, particularly generative AI technology, is advancing so quickly, 66% of security leaders believe they will be unable to stay up. An even more significant number (78%) believe that AI-generated code will lead to a security reckoning for their organisation, and 59% are concerned about the security implications of AI. 

The top three issues most frequently mentioned by survey respondents are the following: 

  • Over-reliance on AI by developers will result in a drop in standards
  • Ineffective quality checking of AI-written code 
  • AI to employ dated open-source libraries that have not been well-maintained

“Developers are already supercharged by AI and won’t give up their superpowers. And attackers are infiltrating our ranks – recent examples of long-term meddling in open source projects and North Korean infiltration of IT are just the tip of the iceberg,” Kevin Bocek, Chief Innovation Officer at Venafi, stated. 

Furthermore, the Venafi poll reveals that AI-generated code raises not only technology issues, but also tech governance challenges. For example, nearly two-thirds (63%) of security leaders believe it is impossible to oversee the safe use of AI in their organisation because they lack visibility into where AI is being deployed. Despite concerns, fewer than half of firms (47%) have procedures in place to ensure the safe use of AI in development settings. 

“Anyone today with an LLM can write code, opening an entirely new front. It’s the code that matters, whether it is your developers hyper-coding with AI, infiltrating foreign agents or someone in finance getting code from an LLM trained on who knows what. We have to authenticate code from wherever it comes,” Bocek concluded. 

The Venafi report is the outcome of a poll of 800 security decision-makers from the United States, the United Kingdom, Germany, and France.
Read more »
security threat
Cyber Security Data Management Data Safety IT Leaders security threat

Over Fifty Percent Businesses Feel Security Element is Missing in Their Data Policy

 

These days, the average business generates an unprecedented amount of data, and this amount is only expected to increase. 

According to a new report from Rubrik Zero Labs, this makes data security - an absolute must for any successful business - a Herculean task that will only become more difficult. 

The company discovered that a typical organisation's data has grown by nearly half (42%) in the last 18 months. Overall, data from SaaS grew the most (145%), followed by cloud (73%), and on-premises endpoints (20%). A typical organisation has 240 backend terabytes (BETB) of data volume, which Rubrik expects to increase by 100 BETB in the next year and by 7x in the next five years. 

Outpacing security practises 

A significant portion of this data is classified. Global organisations have an average of 24.8 million sensitive data records, with 61% storing them in multiple locations (cloud, on-premises, and SaaS). Only 4% have secure data storage facilities. 

Over fifty percent (53%) lost sensitive information in the last year, with 16% experiencing multiple data loss incidents in the previous year. The majority of the time, organisations would lose personally identifiable information (38%), company financial information (37%), and authentication credentials (32%). 

Worryingly, two-thirds of respondents (66%) said their company's data is increasing faster than their ability to control it. Almost every company (98%) have visibility issues, and two-thirds (62%) have difficulty complying with laws and regulations. More than half (54%) have only one senior executive responsible for data security.

According to the report, there is a notable disparity between the perceptions of IT leaders in India and security. Of them, 49% believe that their organization's data policy lacks security, and 30% believe that their organisation faces a significant risk of losing sensitive data in the next 12 months. 

As per the report, 34% of Indian IT leaders believe that their organization's data is at greater risk from malicious hackers, and 54% of them admit that their capacity to handle data security risks has not kept up with the increasing amount of data. 

Rubrik commissioned the study, which was carried out by Wakefield Research among more than 1,600 IT and security decision-makers at firms with 500 or more employees. Half of those polled were CIOs and CISOs, while the other half were Vice Presidents and directors of IT and security. According to the statement, the survey supplemented Rubrik telemetry by examining more than 5,000 clients from 22 industries and 67 countries. 

The report, according to Abhilash Purushothaman, Vice-President & General Manager, Rubrik (Asia), serves as a wake-up call for Indian IT leaders. It highlights the greater risks for private data, particularly in the face of rapidly changing, sophisticated ransomware attacks, he added.
Read more »
Phishing emails
Cyber Fraud insider data breaches IT Leaders Phishing emails

Insider data breaches : a big concern say 97% of IT leaders


According to a survey by Egress, a shocking 97% of IT leaders said insider breach is a big concern. 78% think employees have put the company's data in jeopardy accidentally while 75% think they (employees) put data at risk intentionally. And asking about the consequences and implication of these risk, 45% said financial damage would be the greatest.


Egress surveyed more than 500 IT leaders and 5000 employees from UK, US and Benelux regions. The survey showed serious incompetence of IT sector in handling data and their own security as well as employee confusion about data ownership and responsibility.

On the question of how they manage insider data breach and security measures they use, half of IT leaders said they use antivirus software to detect phishing attacks, 48% use email encryption and 47% use secure collaboration tools. And 58% , that is more than half relied on employee reporting than any breach detecting system.

Egress CEO, Tony Pepper says that the report shows the ignorance of IT leaders towards insider breaches and the lack of risk management on their part.
 “While they acknowledge the sustained risk of insider data breaches, bizarrely IT leaders have not adopted new strategies or technologies to mitigate the risk. Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable. “The severe penalties for data breaches mean IT leaders must action better risk management strategies, using advanced tools to prevent insider data breaches. They also need better visibility of risk vectors; relying on employees to report incidents is not an acceptable data protection strategy.”

Misdirected and phishing emails are top cause of insider data breaches- 

Misdirected and phishing emails are top cause of accidental insider data breaches as 41% of employees who leaked data said they did it because of phishing emails and 31% said they sent the information to the wrong individual by email.

 Tony Pepper adds;
“Incidents of people accidentally sharing data with incorrect recipients have existed for as long as they’ve had access to email. As a fundamental communication tool, organizations and security teams have weighed the advantages of efficiency against data security considerations, and frequently compromise on the latter. 
“However, we are in an unprecedented time of technological development, where tools built using contextual machine learning can combat common issues, such as misdirected emails, the wrong attachments being added to communications, auto-complete mistakes, and employees not using encryption tools correctly. Organizations need to tune into these advances to truly be able to make email safe.”
Read more »
Subscribe to: Posts (Atom)