Tag Archive for: question

New Report Explores Crucial Ransomware Question: To Pay Or Not To Pay? – Forbes



New Report Explores Crucial Ransomware Question: To Pay Or Not To Pay?  Forbes

Source…

Did U.S. hack China? NSA dodges question



American cyber officials are avoiding complaints from the Chinese government that the National Security Agency hacked into China’s sensitive networks and stole intellectual property.

Source…

Pen Testers Need to Hack AI, but Also Question Its Existence


Samsung has banned some uses of ChatGPT, Ford Motor and Volkswagen shuttered their self-driving car firm, and a letter calling for a pause in training more powerful AI systems has garnered more than 25,000 signatures.

Overreactions? No, says Davi Ottenheimer, the vice president of trust and digital ethics at Inrupt, a startup creating digital identity and security solutions. A pause is needed to develop better approaches to testing, not just of the security, but the safety of machine-learning and artificial-intelligence models. These include ChatGPT, self-driving vehicles, and autonomous drones.

A steady stream of security researchers and technologists have already found ways to circumvent protections placed on AI systems, but society needs to have broader discussions about how to test and improve safety, say Ottenheimer, who will give a presentation on the topic at the RSA Conference in San Francisco next week.

“Especially from the context of a pentest, I’m supposed to go in and basically assess [an AI system] for safety, but what’s missing is that we’re not making a decision about whether it is safe, whether the application is acceptable,” he says. A server’s security, for example, does not speak to whether the system is safe “if you are running the server in a way that’s unacceptable … and we need to get to that level with AI.”

With the introduction of ChatGPT in November, interest in artificial intelligence and machine learning — already surging due to applications in the data science field — took off. The eerie capabilities of the large language model (LLM) to seemingly understand human language and to synthesize coherent responses has led to a surge in proposed applications based on the technology and other forms of AI. ChatGPT has already been used to triage security incidents,  and a more advanced LLM forms the core of Microsoft’s Security Copilot.

Yet the generative pre-trained transformer (GPT) is just one form of AI model, and all of them can have significant problems with bias, false positives, and other issues.

Exploiting Robots Is Easy

These shortcomings, and a general lack of explainability in AI models, means that any model can be attacked in ways that the…

Source…

To pay or not to pay – that’s the question as ransomware attacks rise


THERE is rarely a day that goes by when there isn’t a major local, national or international story about a well know organisation being hit by a cyber attack that has huge potential to disrupt the business and damage their brand.

In the past few weeks alone we’ve seen Eurovision fans in a panic after Booking.com announced some of its hotel partners had been targeted by phishing scams; high street retailers WH Smith and JD Sports revealing that employee and customer data had been accessed by hackers; and perhaps most notably Royal Mail being hit with a huge ransomware demand by predominantly Russian speaking crime groups which had blocked access to critical files and stolen huge amounts of sensitive data.

It’s clear that the cyber threat continues to evolve and increase, and ransomware attacks are becoming particularly prevalent, with increased targeting of business and industry in Europe and the UK, often by ransomware groups influenced by geopolitical factors such as the Ukraine war.

But it’s not just the number of attacks increasing, we are now seeing is the criminal marketplace in cyber-crime continuing to mature and develop, much the same way a legitimate industry might. The deployment of access brokers and affiliate business models means this is a complex threat that cannot be easily defeated or disrupted.

For businesses and large public sector organisations the focus needs to be on how to protect themselves, prepare and have a plan in place to respond to an inevitable attack. This applies equally to businesses Northern Ireland as in any other location around the world.

Baseline protections of ISO governance, basic cyber essential certification or installation of firewalls and anti-virus protection are useful and beneficial but given that an attack of any scale will lead to a business crisis, it’s now important to go beyond that, with effective network monitoring and alerting, cyber incident response planning and exercises involving people at Board and executive level to make sure you are prepared to deal with all eventualities.

The response to a cyber attack is a…

Source…