Quantcast
Channel: Tenable Blog
Viewing all articles
Browse latest Browse all 1935

Cybersecurity Snapshot: As AI Worries Spike, Experts Send Secure AI Advice to the White House, Capitol Hill 

$
0
0

Learn all about the recommendations the NAIAC made to the U.S. government for responsible AI. Plus, employees go gaga over ChatGPT, while cyber teams get tasked with securing it. Also, we look at cloud IAM challenges and how to tackle them. And much more!

Dive into six things that are top of mind for the week ending June 30.

1 – AI advisory group submits annual report to Biden, Congress

Set up federal AI leadership roles. Launch AI research and development initiatives. Provide AI training to civil servants. Boost funding for AI programs.

Those are just a few of the 24 recommendations that the U.S. National Artificial Intelligence Advisory Committee (NAIAC) made in its first annual report to the White House and to Congress.

NAIAC, created in May 2022 and consisting of 26 AI experts, organized the 89-page report under four main themes:

  • Leadership in trustworthy AI
  • Leadership in research and development
  • Support and opportunity for the U.S. workforce
  • International collaboration
AI advisory group submits annual report to Biden and Congress

“This report frames AI as a technology that requires immediate, significant, and sustained government attention. The U.S. government must ensure AI-driven systems are safe and responsible, while also fueling innovation and opportunity at the public and private levels,” the report reads.

To get more details, check out:

2 – Employees: I want my ChatGPT

Organizations, and quite prominently their cybersecurity teams, are scrambling to figure out if and how to use generative AI tools like ChatGPT securely, lawfully and responsibly. And what do employees think? Most are all for the ultra-popular and deeply controversial chatbot.

According to a survey of 9,305 U.S. professionals from job search website Glassdoor, a resounding majority of respondents – 80% – said they oppose bans or restrictions on ChatGPT at their workplace.

Employees clamor for ChatGPT

The survey, conducted by Glassdoor’s Fishbowl social networking unit, also found that ChatGPT gets the most love from folks in advertising, marketing, consulting and healthcare. Meanwhile, legal teams are less enthused.

For more information about the secure use of generative AI tools like ChatGPT in the workplace, check out these Tenable blogs:

3 – CISA’s SCuBA project releases cloud app security docs

Cyber teams tasked with protecting cloud apps, listen up: the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released this week two guides from its Secure Cloud Business Applications (SCuBA) project. SCuBA’s goal is to help civilian federal agencies secure their cloud apps and their data via secure configurations – and the advice is also relevant for private-sector companies.

CISA’s SCuBA project releases cloud app security docs

These are the two new documents published by SCuBA:

  • Extensible Visibility Reference Framework (eVRF) Guidebook, which explains the eVRF framework and comes with workbooks for the Google Workspace and Microsoft 365 suites
  • Technical Reference Architecture (TRA) document, a guide for adopting technology for cloud deployment, secure architecture and zero trust frameworks

“These resources will help organizations address cybersecurity and visibility gaps that have long hampered our collective ability to adequately understand and manage cyber risk,” CISA Executive Assistant for Cybersecurity Eric Goldstein said in a statement.

To get more details, check out: 

For more information about cloud app security, check out these Tenable blogs:

VIDEO

Tenable Cloud Security Coffee Break: Web app security

4 – NCC Group: Ransomware attacks spike

Ransomware attack victims ballooned in May, growing by 24% compared with April and by 56% with May 2022, according to data from the NCC Group’s Threat Intelligence team.

The main reason behind the upsurge was the threat activity from 8base, a new ransomware player that uses a double extortion strategy, NCC Group said in its “Monthly Theat Pulse” report for May.

Ransomware attacks spike says NCC Group

Lockbit 3.0 actors were responsible for the most attacks (18%), although the loosely-coupled group experienced a drop of 27% in attacks compared to April. 8base accounted for 15% of attacks, of which more than half were aimed at companies in the industrial sector.

“We continue to see heightened levels of ransomware activity in 2023, as each passing month surpasses the volume of attacks witnessed during the same period in the previous year,” Matt Hull, Global Head of Threat Intelligence at NCC Group, said in the report.

To get all the details, read the full report

For more information about ransomware protection:

VIDEO

Anatomy of a Threat: MOVEIt (Tenable)

5 – CSA’s top cloud IAM challenges

The Cloud Security Alliance’s Identity and Access Management Working Group has ranked the top 10 challenges in cloud identity and access management. Here’s a quick peek at five of them, along with CSA recommendations.

  • Managing identities across multiple cloud environments. The CSA recommends adopting an IAM system that can support multiple cloud environments and provide a single source of truth for identity data.
  • Ensuring compliance with regulations and standards. Look for an IAM system capable of enforcing the regulations and standards that impact your IAM strategy, such as GDPR, PCI DSS and HIPAA, the CSA suggests.
  • Managing non-human identities. Your IAM system must manage identities not only for your users but also for applications, services and APIs.
  • Managing identities for external third parties. Make sure your IAM solution lets you manage identities outside of your organization’s boundaries, such as external users, partners and suppliers who need access to your systems and data.
  • Managing identities for IT/OT systems. The IAM system must manage identities for IT/OT systems that are located on-premises but that interface with cloud-based systems.
The top IAM security challenges

To get all the details, check out: 

For more information securing IAM in the cloud:

6 – U.K.’s cyber agency updates risk management guidance

The U.K. National Cyber Security Centre (NCSC) this week announced its first update to its cyber risk management guidance in five years. So what’s new? Here are some highlights.

UK cyber agency updates risk management guidance
  • An eight-step cybersecurity risk management framework designed to help organizations understand what’s the best approach to adopt
  • A cybersecurity risk management “toolbox” that includes:
    • Component-driven and system-driven approaches
    • Qualitative and quantitative risk management information
    • Threat modeling
    • Attack trees
    • Cybersecurity scenarios
  • A “basic” method for risk assessment and management aimed at newbies to the topic and at organizations with simple needs

To get all the details, read the announcement “New techniques added to the NCSC’s ‘risk management toolbox” and check out the updated framework.


Viewing all articles
Browse latest Browse all 1935

Trending Articles