Tech Risk Reading Picks

1. 6 real world AI cybersecurity applications: Artificial intelligence (AI) is revolutionizing cybersecurity through various applications like BurpGPT for web application testing, EPSS for vulnerability prioritization, Blink Copilot for workflow automation, VirusTotal Code Insight for threat analysis, HackerOne's Hai for vulnerability management, and Tenable's EscalateGPT for IAM security testing. These tools leverage AI to automate tasks, prioritize threats, and enhance detection and response capabilities. Despite the benefits, integrating AI requires careful consideration of security measures and skill development to mitigate risks and fully realize its potential in safeguarding digital environments. [more]

2. Apple AI: Apple's strategy for securing customer data in AI applications revolves around a proprietary infrastructure featuring Apple Silicon chips with integrated security measures. This approach ensures that AI queries from Apple devices are processed securely within Apple's Private Compute Cloud, where data remains encrypted and inaccessible to Apple, emphasizing both privacy and liability protection. In contrast, competitors like Microsoft, Intel, AMD, and Nvidia rely on partnerships and diverse technologies, which can introduce complexities and potential vulnerabilities in securing AI data. Apple's closed ecosystem with a clean-slate approach to chip design provides a potential framework that could set a standard for data protection in the expanding landscape of AI-driven technologies. [more]

3. OpenAI issue: OpenAI has recently faced significant security challenges. Firstly, their ChatGPT Mac app initially stored user conversations in plain text, making them vulnerable to unauthorized access. After public scrutiny, OpenAI added encryption to address this issue. Secondly, a 2023 hacking incident exposed vulnerabilities in their internal messaging systems, leading to concerns about overall cybersecurity (even of today). The fallout included internal disagreements and the departure of a manager who raised security concerns. These incidents highlight OpenAI's struggles in maintaining robust security practices and managing internal breaches effectively, raising questions about their ability to protect user data and maintain organizational integrity as they continue to expand their AI technologies. [more]

4. Rise in ransom: In the first half of 2024, ransomware attacks have seen a significant rise in extortion demands, averaging over $5.2 million per incident. The highest demand reached $100 million following an attack on India's Regional Cancer Center, with other notable targets like UK's Synnovis and Canada's London Drugs facing demands of $50 million and $25 million, respectively. Despite a decrease in the number of attacks compared to the previous year, the impact remains severe, with private businesses reporting 29.7 million compromised records, governments 52,390, and healthcare sectors 5.4 million. The trend signals increasing financial and data security challenges, necessitating strengthened cybersecurity measures across industries. [more]

5. Advancement in Quantum: Recent advances in quantum cryptography have upended traditional assumptions about information security. Initially based on computational hardness assumptions, quantum cryptography, pioneered by Bennett and Brassard in the 1980s, promised perfect security without relying on these assumptions. However, by the late 1990s, it was shown that certain cryptographic tasks couldn't achieve this security without computational complexity. Fast forward to recent years: William Kretschmer's 2021 research demonstrated that distinguishing between similar quantum states could be inherently difficult, even with powerful computational oracles. This discovery suggests that quantum cryptography might remain secure even in scenarios where classical cryptographic methods fail, challenging conventional understandings of information security and prompting further exploration into the unique computational properties of quantum information. [more]

6. Quantum future: Quantum computing will inevitably render most encryption vulnerable. There is a need for immediate action from businesses to mitigate future risks. Brierley underscores the transformative potential of quantum computers, noting their significant advancements in problem-solving capabilities and their wide-ranging implications, both positive and negative. The discussion calls for proactive collaboration and ethical considerations to ensure a secure digital future amidst rapid technological evolution. [more]

7. 2024 State of Cloud Security: The 2024 State of Cloud Security report highlights significant concerns among enterprises regarding misconfigurations and limited visibility in cloud environments. Only a minority manage their own infrastructure, with many opting for hybrid models and outsourcing to address proficiency gaps. This creates a burgeoning market for managed services providers (MSPs) and managed security service providers (MSSPs) offering advanced cloud security solutions. Key priorities for organizations include enhancing access controls, identity management, and encryption, while leveraging AI and managing third-party risks to navigate the complexities of multi-cloud deployments and address evolving security threats effectively. [more]

8. State of OT Security: The Palo Alto Networks report on the State of OT Security reveals a concerning landscape marked by frequent and impactful cyber attacks on operational technology (OT) systems. Despite previous assumptions of immunity, Indian industries face an average of four cyber attacks daily, leading to significant operational disruptions for nearly a quarter of affected entities. There is a critical need for enhanced incident response preparedness, with only half of organizations confident in their response plans. Adoption of advanced technologies like AI and cloud computing is slow despite high awareness of their importance. Friction between OT and IT teams further complicates cybersecurity efforts, highlighting the imperative for unified strategies and Zero Trust principles to safeguard against evolving threats and ensure resilience in digital operations. [more][more-2]

9. Loyalty points under attack: There is a rise in cyberattacks targeting hotel and airline loyalty accounts, driven by criminals exploiting weak passwords and stolen credentials from other breaches. As credit card fraud becomes harder due to improved security, loyalty accounts have become a lucrative target for selling points or redeeming them fraudulently. Airlines and hotels, slow to adopt robust security measures like multi-factor authentication, are seeing increased account takeovers. This trend highlights a significant shift in cybercrime tactics and underscores the need for stronger account protections in loyalty programs to mitigate financial losses and protect consumer data. [more][more-2]

10. Web3 Cryptospace Spotlight

    1. Web3 losses $572.7M through hacks and fraud: In the second quarter of 2024, the cryptocurrency industry saw a sharp rise in losses from hacks and fraud, totaling $572.7 million, more than double compared to the same period in 2023. Centralized finance (CeFi) platforms accounted for $401.4 million of these losses, while decentralized finance (DeFi) platforms lost $172.1 million, marking a 25% decrease from the previous year. The largest incidents included the $305 million theft from DMM Bitcoin and a $55 million cyberattack on Btcturk, which together comprised over 60% of the quarter's losses. Overall, 2024 has seen cumulative losses of $920.9 million, highlighting ongoing security challenges and the imperative for comprehensive safeguards across the crypto ecosystem. [more]

    2. Bitcoin vulnerability disclosure policy: Bitcoin Core developers have introduced a new "critical bug" disclosure policy to improve communication about security vulnerabilities. Historically, Bitcoin Core has been criticized for poor transparency regarding bugs, leading users to believe it is bug-free, which is not accurate. The new policy aims to categorize vulnerabilities into four severity levels: low, medium, high, and critical. It will standardize disclosure processes, encourage responsible vulnerability reporting, and emphasize the importance of updating to the latest Bitcoin Core versions for security. The initiative has received positive feedback from the community for addressing past transparency issues. [more]