The recent validated what many of us in the industry already knew: Identity has become the leading attack vector. The 2024 report showed a 71% increase in valid identities used in cyberattacks year-over-year. What really puts it into perspective is the realization that you are just as likely to have your valid identity used in a cyberattack as you are to see a phishing attack in your organization. Hackers don’t hack in; they log in. The risk of valid identities being used as the entry point by bad actors is expected to continue with the ever-increasing applications and systems being added in t ..read more

IBM and AWS study: Less than 25% of current generative AI projects are being secured  The enterprise world has long operated on the notion that trust is the currency of good business. But as AI transforms and redefines how businesses operate and how customers interact with them, trust in technology must be built.   Advances in AI can free human capital to focus on high-value deliverables. This evolution is bound to have a transformative impact on business growth, but user and customer experiences hinge on organizations’ commitment to building secured, responsible, and trustworth ..read more

In November 2023, the California Privacy Protection Agency (CPPA) released a set of draft regulations on the use of artificial intelligence (AI) and automated decision-making technology (ADMT).  The proposed rules are still in development, but organizations may want to pay close attention to their evolution. Because the state is home to many of the world’s biggest technology companies, any AI regulations that California adopts could have an impact far beyond its borders.  Furthermore, a California appeals court recently ruled that the CPPA can immediately enforce rules as soon as the ..read more

Large language models (LLMs) may be the biggest technological breakthrough of the decade. They are also vulnerable to prompt injections, a significant security flaw with no apparent fix. As generative AI applications become increasingly ingrained in enterprise IT environments, organizations must find ways to combat this pernicious cyberattack. While researchers have not yet found a way to completely prevent prompt injections, there are ways of mitigating the risk.  What are prompt injection attacks, and why are they a problem? Prompt injections are a type of attack where hackers disguise ..read more

To foster innovation in fully homomorphic encryption (FHE), IBM® researchers have begun publishing challenges on the FHERMA platform for FHE challenges launched in late 2023 by Fair Math and the OpenFHE community. FHE: A new frontier in technology Fully homomorphic encryption is a groundbreaking technology with immense potential. One of its notable applications lies in enhancing medical AI models. By enabling various research institutes to collaborate seamlessly in the training process, FHE opens doors to a new era of possibilities. The ability to process encrypted data without decryption mark ..read more

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Even the world’s biggest businesses are not free from GDPR woes. Irish regulators hit Meta with a EUR 1.2 billion fine in 2023. Italian authorities are investigating OpenAI for suspected violations, even going so far as to ban ChatGPT briefly. Many businesses find it hard to implement GDPR requirements because the law is not only complex ..read more

Breach and Attack Simulation (BAS) is an automated and continuous software-based approach to offensive security. Similar to other forms of security validation such as red teaming and penetration testing, BAS complements more traditional security tools by simulating cyberattacks to test security controls and provide actionable insights. Like a red team exercise, breach and attack simulations use the real-world attack tactics, techniques, and procedures (TTPs) employed by hackers to proactively identify and mitigate security vulnerabilities before they can be exploited by actual threat actors. H ..read more

Today’s enterprises face a broad range of threats to their security, assets and critical business processes. Whether preparing to face a complex cyberattack or natural disaster, taking a proactive approach and selecting the right business continuity disaster recovery (BCDR) solution is critical to increasing adaptability and resilience. Cybersecurity and cyber recovery are types of disaster recovery (DR) practices that focus on attempts to steal, expose, alter, disable or destroy critical data. DR itself typically targets a wider range of threats than just those that are cyber i ..read more

For federal and state governments and agencies, identity is the crux of a robust security implementation. Numerous individuals disclose confidential, personal data to commercial and public entities daily, necessitating that government institutions uphold stringent security measures to protect their assets. This need for robust security underscored by Executive Order 14028, published in May 2021, calls for enhancing the nation’s cybersecurity posture. The executive order highlights the importance of securing digital assets and mitigating cyberthreats by emphasizing the modernization of identity ..read more

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age. Envisioned to comprehensively address information and communications technology (ICT) risk management in financial services, DORA aims to harmonize existing regulations across EU member states. It mandates that all financial institutions within its scope build the necessary digital operational resilience, emphasizing a tailored approach for each organization. Focusing on foundational capabilities To ad ..read more