Tech Features
Prioritizing Data Security in the Age of Generative AI
By Samer Diya, META Vice President at Forcepoint
In today’s rapidly evolving technological landscape, the integration of generative AI brings with it a wave of innovation and potential. From revolutionizing creativity, enhancing productivity and generally helping people and businesses work even more effectively the implications of technologies powered by AI are vast and far-reaching. However, amidst the excitement lies a pressing concern: the cybersecurity risks that AI can pose to our data.
As security leaders and their teams embrace generative AI for everything from speeding up administrative tasks to pushing strategy into action, the business imperative to prioritize data security everywhere is clear. Generative AI systems, with their ability to process vast amounts of data, present a double-edged sword for companies. While they offer unprecedented capabilities, they also introduce significant security vulnerabilities. Many tools can collect, store and process large amounts of data from various sources – including user prompts. Consider a scenario where an employee may inadvertently disclose sensitive information (such as unreleased financial statements or intellectual property) through a seemingly innocuous prompt. Tools like ChatGPT or Copilot could leak that proprietary data while answering the prompts of users outside of the organization – not only exposing the organization to third-party risks but also amplifying the potential for data leaks.
The AI Transformation & Data Security
The digital transformation ushered in a new era, but a more profound revolution is upon us: the AI transformation. AI is rapidly reshaping entire industries, and data security is no exception. Businesses must adapt their security strategy to accommodate this, as generative AI risks are revealing themselves as multi-faceted threats that stem from how users inside and out of the organization interact with the tools. And amid all of the opportunities presented by these new technologies, the reality is that AI is further amplifying the need for robust data security controls.
Embracing innovation while alleviating the security risks of generative AI broadly lies in three key pillars: employee awareness, security frameworks, and technological solutions.
- Employee Education: Educating employees on the safe handling of sensitive information is paramount. It can be easy for employees to overlook or not even think about data risks when using AI tools, so by raising awareness about the risks associated with generative AI and implementing clear guidelines for data usage, businesses can mitigate the likelihood of accidental data exposure. Security leaders must ensure employees understand what information can and can’t be shared with AI tools, while also informing users of the risk in malware and phishing campaigns that can result from generative AI.
- Security Frameworks: Developing company-wide guidelines or frameworks on working with approved AI tools and eliminating shadow IT usage of AI can help users make the right decisions from the start. At a global level, establishing best practices for AI is a challenge because of how quickly the technology is continuing to develop, but a number of countries are continuing to develop frameworks and guidelines.
- Prioritizing Data Security Everywhere: Securing data wherever it resides is a business imperative today. Traditional Data Loss Prevention (DLP) capabilities are super powerful for their intended use cases, but with data moving to the cloud and dispersed amongst tools, it is now clear that DLP capabilities also need to evolve while extending abilities and coverage. Cloud-native DLP solutions offer a holistic approach to data security, ensuring compliance and protection across diverse environments. By prioritizing unified enforcement to extend data security across key channels, cloud-native DLP streamlines out-of-the-box compliance and provides enterprises with industry-leading cybersecurity wherever data resides – essential for safeguarding the AI era.
Additionally, leveraging innovations such as Data Security Posture Management (DSPM) solutions further enhance data protection capabilities. The sheer volume and complexity of data can be overwhelming – but AI-powered DSPM solutions such as Forcepoint DSPM equip businesses with unmatched accuracy to help security leaders identify and remediate data risks proactively, bolstering their security posture in real-time. At Forcepoint, our commitment to data security extends beyond mere protection – it’s about empowering organizations to thrive in an era of unprecedented digital transformation.
A Unified Approach
Platforms that combine technologies like DSPM and DLP into a unified solution that prioritizes data security everywhere are ideal – bridging security capabilities wherever data resides. At Forcepoint, our Data-first approach to security offers a comprehensive solution for securing data across all channels – enabling organizations to confidently integrate generative AI with full, real-time visibility and control.
Establishing security frameworks that prioritize data security everywhere is integral for organizations looking to navigate the AI transformation with confidence. The advent of generative AI heralds a new era of innovation and possibility, but, with great power comes great responsibility – and it’s incumbent upon businesses to prioritize data security in this evolving landscape. By embracing a proactive approach to cybersecurity and leveraging innovative solutions, organizations can unlock the full potential of generative AI while safeguarding their most valuable asset – their data.
Tech Features
How Cyber Risks Have Become Business Risks
By Alain Sanchez, EMEA CISO, Fortinet.
Cyber risk is business risk. Anything that threatens IT threatens the company. We have become extremely dependent upon our digital assets. As a result, business leaders need to realize the magnitude of the change. The essence of what visionaries have shared with me in the last couple of months shows how much cybersecurity is now a permanent topic of discussion among chief information security officers (CISOs) and their corporate leadership.
Assessing Cyber Risks
Perhaps the most crucial role of the CISO is to rank cyber risks by order of actual impact.
Part of this assessment requires understanding the priorities inside the organization’s value chain and securing them accordingly. The second challenge is to look beyond the organization and see how outside forces may impact it. And among these external forces, we find the compliance framework. These new laws and regulations are necessary.
This very duality, good and complex, challenges many IT departments. They must ask themselves: How do we integrate legal considerations into what used to be a pure technological battlefield? The solution is to start from the top. The board of directors should always have this duality in mind. The more directors know about cyber risks and government regulations, the better. Consider the European Union’s Digital Operations Resilience Act (DORA). This legislation is focused on the European banking and financial system.
Mitigate Risks
In the past, resilience was more of a technical concept. It was about bringing back the servers. Today, it is a legal requirement documented by an auditable plan. We have moved from a series of technical steps to a contractual re-establishment of critical services.
Four types of considerations underpin these plans:
- • Prioritized recovery: A very delicate ranking that can only be established through a regular exchange between the board and the operations team. The board’s sign-off is crucial here. Otherwise, who would ever qualify their own activity as noncritical? However difficult to establish, this ranking is truly a fascinating exercise that brings the CISO and team to the heart of the business.
- • Defending strategies: Assessing the right combination of products, services, staffing, and processes is crucial. Less is more in this matter. After years of accumulation, cyber officers have realized the hard way that a maelstrom of products and vendors was not very efficient. The next era of security will happen via convergence, not addition.
- • Offer options: This is about providing information and an array of solutions in which, ultimately, the board makes the call. It is part of the CISO’s job to offer scenarios as a series of documented steps: investment 1, timeline 1, benefits 1, and risk 1. Then, the CISO can suggest a second and a third sequence of the above. Choosing how to proceed is the board’s job. This way, the CISO becomes an empowered execution lever for a consensual decision instead of being pinpointed as the only one to blame for the results.
- • Executive leadership: The CISO needs to report directly to the CEO, otherwise the job is a “widow maker.” The consequences of unclear or diluted support go beyond the discomfort of the position; the survival of the company is at stake. In 2024 and beyond, submitting cybersecurity to any other consideration than the company strategy is a major governance mistake. Like the Titanic shipbuilders who traded rescue boats for rooms on the sundeck.
Cybersecurity is not only about avoiding icebergs. It is a holistic approach that embraces all the active and passive security dimensions into one integrated platform. Holistic here does not mean monopolistic. Legacy, old-school, best-of-breed, and point solutions are facts of life. However, the number of technologies, vendors, processes, and the magnitude of digital transformations call for simplification. Too often, this maelstrom turns into major incidents that operate as wake-up calls. Then the question is not about the 1 million dollars we did not spend, but about the 100 million dollars we just lost.
Tech Features
Provisioning and Deprovisioning – A Guide to Stronger Identity and Access Management
By: Christopher Hills, Chief Security Strategist, BeyondTrust
Across the Middle East, CIOs and CISOs huddle together to determine ways of making their organizations more secure so that digitalization can align with the vision of business leaders. No enterprise can afford to shut itself off from the digital economy. Whether it operates locally, regionally or globally, a business must build trust. And to do that, it must master the art of identity management. Therefore, it must understand the importance of provisioning and deprovisioning.
Provisioning is the name we give to the granting of privileges. This is a more granular process than onboarding, in which a new user account is created. Each user may have privileges granted at any time. And we should remember that not all users are humans — employees, contractors, customers, and so on. Privileges may be assigned to service accounts, machinery, and other resources. The purpose of provisioning is to maintain access while accounting for security and compliance standards.
To meet modern security standards, however, deprovisioning is just as important. Again, this does not just occur during offboarding. Privileges can be revoked all the time. Not because of a loss of trust in the person or asset that held them, but because it is best practice. Effective provisioning and deprovisioning is the foundation of a robust identity-centric security solution.
Covering the bases
Both are important. Overprovisioning can lead to a junior employee or overlooked service having unnecessary privileges, and under-deprovisioning can lead to a range of invisible issues such as unmonitored or orphaned accounts, or stale privileges. Special care must also be taken when adding or removing accounts to user groups — which carry with them a predetermined set of privileges —because these actions amount to provisioning and deprovisioning.
Any active account is a potential entry point, so it should come as no surprise that security best practice lies in minimizing the number of accounts and the access privileges they hold. If an account is no longer needed — an employee has resigned, a project has come to an end, or a range of other scenarios — then it should be disabled, deleted, or its rights downsized. Threat actors rely on organizations not following this simple practice.
Tools and tricks
Robust IAM will also include just-in-time (JIT) provisioning, which goes hand in hand with PoLP. When deprovisioning occurs, the timely revocation of access also occurs. Regularly reviewing and adjusting access rights is best practice because it prevents unnecessary permissions being exploited by malicious parties inside or outside the organization. All unused accounts should be placed in a disabled state and removed from all relevant security groups until such time as they can be reviewed and, if appropriate, deleted.
Identity and access management cannot be effective without the right tools to simplify provisioning and deprovisioning. This is because looking after the end-to-end lifecycle of identities, privileges, and entitlements is a complex task that has grown even more complex since the region’s mass migration to hybrid and multi-cloud environments. Identity management tools can streamline the creation, maintenance, and deletion of human and non-human accounts. Governance management tools enforce policies that limit access based on the assigned privileges. Lifecycle management tools are useful for ensuring (from onboarding to offboarding) that privileges always fit the role of an account owner. Privileged access management (PAM) enforces PoLP and provides a useful integration hub for other tools so that IT and security teams have single-pane control over everything that may impact identity security.
In a modern setting, provisioning and deprovisioning tools must offer automation and user behavior analytics, which means they must incorporate some flavor of AI or machine learning. To be consistent with the implementation of PoLP and other governance policies, variants of AI are necessary to minimize human error. Granting and revoking access rights in a company of even moderate size is a constant process that responds to changes in personnel and circumstances. While some of these situations may be subject to planning, others, such as real-time behavioral anomalies, are not. Threats can arise at a moment’s notice and only AI offers a practical option for timely response.
Be strong
Having established provisioning and deprovisioning as the keys to strong IAM, enterprises will find they can implement more effective lifecycle management of identities, privileges, and entitlements. As with any new measure, ongoing reviews will uncover any additional requirements, and adjustments can be made to cover new regulations, new assets, or new business models. As the identity landscape fluctuates, so should provisioning and deprovisioning strategies.
Define roles clearly. If an account owner does not need access to a resource, do not grant it (PoLP); and if they do, wherever possible, grant access only for as long as it is required (JIT). Disable and delete accounts where appropriate and monitor access across the entire ecosystem as often as is practical — quarterly or annually.
Following the guidance laid out here will strengthen your identity security posture. The modern threat actor is always on the lookout for gaps in your defenses. Unfortunately, these often take the shape of overprovisioned identities or abandoned accounts that have not been adequately addressed. The good news is that by applying the steps above, you can shore up defenses and protect the enterprise from the worst of the threats beyond its walls.
Features
Robust patch management. In the fight against ransomware, it’s time to get back to basics
By Saeed Abbasi, Product Manager, Vulnerability Research, Qualys Threat Research Unit (TRU)
In the Arab Gulf region, ransomware has become an epidemic. Since 2019, Saudi Arabia has been a top target for RansomOps gangs. And the GCC remained the most affected territory in the Middle East and Africa, as of 2023, showing a 65% increase over 2022 for instances of victims’ information being posted to data-leak sites. According to the Known Exploited Vulnerabilities (KEV) catalog, maintained by the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security, approximately 20% of the 1,117 exploited vulnerabilities are linked to known ransomware campaigns. Attackers have become more relentless and more sophisticated, just as regional security teams have become more overworked and overwhelmed by their new hybrid infrastructures.
In today’s climate, senior executives approach discussions about cyber risk with the expectation of hearing unfavorable news. Indeed, matters have escalated of late with the emergence of human-mimicking AI. We used to take comfort in the fact that at least artificial intelligence could not be creative like people could. But that was before generative AI came along and left us speechless — with delight or dread, depending on our day job. For security professionals, it is the latter because every new technology that arrives will eventually get exploited by threat actors. AI and its generative subspecies can make it easier to find vulnerabilities, which implies there will be a surge in the volume of zero-days. And GenAI can pump out convincing phishing content at a scale unreachable by human criminals.
But in a break with tradition, I offer good news. In the daily struggle with ransomware threats, the answer lies in the daily fundamentals of IT admin. Patch management is the keystone of cyber resilience. As each vulnerability becomes known and fixes are released, that dreaded countdown begins again. Whether threat actors have beaten vendors to the punch by publishing an exploit before the patch was released or not, organizations must be prepared to act strategically when fixes become available. It may be that a patch fixes an error that poses no risk to the enterprise, in which case patching would not have much impact on reducing cyber risk. Hence, organizations need to look at prioritizing patching the assets that cause the most existential risk to the company, maximizing their patch rate (a measure of how effectively vulnerabilities are addressed) and minimizing their mean time to remediation (MTTR) for such “crown jewel” assets.
Windows mean doors
The Qualys Threat Research Unit (TRU) uses these metrics often in anonymized studies of organizations’ cyber-readiness. Our 2023 Qualys TruRisk Research Report found that weaponized vulnerabilities are patched within 30.6 days in 57.7% of cases, whereas attackers typically publish exploits for the same flaws inside just 19.5 days. That 11-day window is where our concerns should be concentrated. It should spur us to revisit patch management and — if we have not already — to integrate it into our cybersecurity strategy so we can start to close our open doors to attackers.
If we imagine a graph of MTTR plotted against patch rate for every vulnerability, then we can imagine four quadrants, defined by combinations of “high” or “low” for our two metrics. Our sweet spot is in the bottom righthand corner, where patch rate is high and MTTR is low. We could call this quadrant, the “Optimal Security Zone”. If a vulnerability is in this zone, we are unfazed by it. It is low-risk because it is patched and resolved quickly. In the top right, we find that patch rate is still high, so we call this the “Vigilant Alert Zone”, but incidents take a longer time to remediate (high MTTR). But while this is a higher source of concern, it is less worrying than if a vulnerability falls in the bottom left quadrant — the “Underestimated Risk Zone”. Here, we find overlooked vulnerabilities (low patch rates) but unexpectedly short remediation times. These flaws can quickly become risks if left unaddressed. Finally, we come to our red-flag quadrant, the “Critical Attention Zone” (top left), where vulnerabilities have low patch rates and take a long time to resolve.
Combining metrics like this can give us important crossover information that allows us to triage our patch management effectively. By exploring the critical areas first, we can examine overlooked vulnerabilities and discover either that they pose little threat and are less of a source of concern, or that they could lead to a ransomware incident, in which case they become a top priority on our to-do list. With RansomOps groups now leveraging advanced automation tools, the importance of optimal patch management cannot be overstated. Ensuring that systems are updated and secure is critical to prevent potential vulnerabilities.
Action stations
Starting today, then, GCC organizations should look to their vulnerability management strategy and determine an approach that is able to stand up to armies of threat actors, working as a unified industry, equipped with advanced AI, to disrupt, disable, and damage the region’s innovative spirit. We all need to make sure that our vulnerability gaps are closed and our defenses tightened against these malicious actors. Technical and business stakeholders must collaborate on crafting roadmaps that make sense to their operational uniqueness.
The hope remains that one day, cyber criminals, a persistent threat today, will be effectively countered by innovative security technologies. However, we must confront the fact that attackers are becoming more sophisticated, their campaigns are escalating in scope, and the resources available for cybersecurity defense are often constrained.
The solution does not lie in an unknowable panacea, but in the day-to-day fundamentals — robust patch management that uses the four-quadrant principle and aims for the highest possible patch rate and the shortest possible resolution time. The top practitioners in any field — sports, business, the arts — will always extol the virtues of the fundamentals. If it works for them, then why not for us? So, let’s get back to basics and send the ransomware actor packing.
-
Tech News2 months ago
Denodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
Tech Interviews6 months ago
Navigating the Cybersecurity Landscape in Hybrid Work Environments
-
Features4 months ago
Security in the Cloud Age: Combating Risks with Hybrid Cloud Solutions
-
Tech News6 months ago
Brighton College Abu Dhabi and Brighton College Al Ain Donate 954 IT Devices in Support of ‘Donate Your Own Device’ Campaign
-
Tech Features3 months ago
The Middle East to Lead with Next-generation Mission Critical Communication Advancement
-
Automotive7 months ago
Al-Futtaim Automotive Builds On 23-Year Legacy of Trust & Leadership in UAE’s Pre-Owned Car Market to Sell Over 25,000 Used Vehicles in 2023
-
Tech News9 months ago
Senet enters MENA’s Competitive Gaming Scene with ‘skill-to-earn’ Platform
-
Tech Features8 months ago
How Telecommunications Providers Can Best Tackle DDoS Attacks