Written by MJ Schwenger, Co-Chair of the CSA AI Governance and Compliance Working Group.Generative AI: Embracing Hallucinations for Responsible InnovationThis blog delves into the fascinating world of Generative AI (GenAI), acknowledging its revolutionary potential while addressing the inherent challenge of "hallucinations." It explores the technical underpinnings of these hallucinations and proposes a nuanced perspective, shifting the focus from criticizing AI to fostering collaborative inte ..read more

Originally published by MJD.Written by Shonda Knowles Elliott, CPA.In the digital age, where data is the new currency, businesses must prioritize the security and integrity of their clients' information. To demonstrate this, many organizations adhere to frameworks like SOC 2 (System and Organization Controls), developed by the American Institute of CPAs (AICPA). SOC 2 reports provide an independent auditor’s opinion on the design and operating effectiveness of a company’s information security ..read more

Originally published by CXO REvolutionaries.Written by Nat Smith, Senior Director, Product Management, Zscaler.Could you accurately and succinctly describe zero trust to your leadership team or board? During my five years as a VP analyst at Gartner, I witnessed executives struggle to convey the concept in business language, and it’s not entirely their fault; “Zero trust” rolls out the red carpet for misinterpretation and misrepresentation.Zero trust is a model for secure resource access. Gart ..read more

Originally published by Orca Security. Written by Roi Nisimi.On January 31st, Snyk unveiled the discovery of four novel container vulnerabilities that target the runC and BuildKit components within Docker container environments. The vulnerabilities were assigned CVEs with CVSS scores ranging from 8.6 to 10: CVE-2024-21626 in runC, and CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653 in BuildKit. While no active exploits have been detected yet, these vulnerabilities pose a significant risk b ..read more

Originally published by Tamnoon. Written by Michael St.Onge, Principal Security Architect, Tamnoon. Smooth remediation requires meticulous coordination across tools, teams, and schedules. The complexity and scale of the remediation process may suggest that only a manual or an automated process can deal with it. Ideally, an organization can leverage the best of each process where appropriate. With so many different dimensions to coordinate, intricate planning and cross-functional excellence is ..read more

Originally published by Reco.Written by Gal Nakash.On March 14, Microsoft made Copilot available to customers in their 365 environment. Originally designed to enable productivity, Copilot is an AI chatbot that allows any user to conduct research or create content. It has the ability to generate slide decks, create text in word files, analyze spreadsheets and more. It’s powerful. ‍Shared Organizational Data Is Now at Risk of Data LeakageIt also opens up new doors for threat actors to gain acce ..read more

Written by Uday Srinivasan, CTO, Acante.We previously discussed how the modern data stack has changed the threat landscape today. In part II, below, we outline exactly how security and data teams can enable modern data teams to innovate rapidly without compromising on the security and access governance of the enterprise data.The Need: A Data-centric Approach to SecurityHistorically, the term “data security” has been largely equated with encryption and similar control measures. However, with t ..read more

Originally published by InsiderSecurity.Data Breaches are an ever-present threat to enterprises in today’s connected world. Whether you are a small SME or a large multinational company, the risk of a data breach and the company becoming another headline is a constant concern for senior management. It is not just financial loss that worries management but the loss of reputation and customer trust that can take years to recover if a data breach happens. This article reviews seven key issues tha ..read more

Originally published by Schellman.Amidst the evolving patchwork of data protection and privacy legislation in the United States, privacy remains a top priority for organizations. But protecting privacy also requires resources, and while not all organizations have that much to spare, it is possible to make do with only a small, dedicated team.In this blog post, we’ll describe the common hurdles small privacy teams will face and how you can overcome them to set your organization up for long-ter ..read more

In today's digitally interconnected world, where cybercriminals continue to advance as technology does, understanding the landscape of cyber threats and vulnerabilities is crucial for both individuals and organizations. Below, we define seven fundamental terms and provide additional resources that will help you begin to better understand what cyber threats and vulnerabilities are and what you can do about them.1. ThreatAnything with the potential to cause harm to an information system in the ..read more