Cybersecurity Newsletter

You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.

NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

• Cyber Bits & Bytes
• Early Warning - Video: A cyber-attack with COVID-like characteristics?
• Featured Article - 5 Astounding Reasons Why AI is Improving Cybersecurity
• Cyber Quote - Ted Bell on AI in Cyber Warfare
• Free Cybersecurity Resources - eBooks, tools, apps & services
• Trending Story - ChatGPT Gets an MBA
• Cybersecurity News Highlights
• Cyber Scam of the Week - r/Cybercriminals: Spear Phishing
• Social Posts of the Week

Cyber Bits & Bytes

6 dangerous cyber security vulnerabilities to watch for in 2023 - Read more in this Cybertalk.org article.

Avoiding vendor lock-in and the data gravity trap reported in InfoWorld. "One of the primary reasons companies fail to innovate is that they are locked into a specific vendor’s technology. Watch out for these pitfalls."

Backdoor deployment overtakes ransomware as top attacker action, from CSO Online.

As companies calculate cyber risk, the right data makes a big difference is the title of a really good read on VentureBeat. The article talks about the proposed U.S. Securities and Exchange Commission’s stronger rules for reporting cyberattacks will have ramifications beyond increased disclosure of attacks to the public. By requiring not just quick reporting of incidents, but also disclosure of cyber policies and risk management, such regulation will ultimately bring more accountability for cybersecurity to the highest levels of corporate leadership.

Early Warning

Video: A cyber-attack with COVID-like characteristics?

This is a really interesting video from the World Economic Forum from 2021, but it describes a cyber-attack that using artificial intelligence and now that AI is truly part of the mainstream it has more relevance.

Bad actors are increasingly using artificial intelligence to enhance their ability to better utilize threat vectors and make a bigger splash on growing attack surfaces for organizations around the world. These threats are taking on the characteristics of viruses and other genetic style invaders and it is truly scary. When watching this video take into account that AI's increasing use amongst bad actors and nation-states is creating a more sophisticated and threatening environment. This is bad news for us all.

Featured Original Article

5 Astounding Reasons Why AI is Improving Cybersecurity

AI in cybersecurity improves security posture

As more organizations engage in it to safeguard themselves against online attacks, artificial intelligence (AI) is quickly emerging as a critical cybersecurity tool. This is due to the fact that AI may dramatically improve an organization's capacity to identify, respond to, and recover from cyber threats.

AI systems can find trends and abnormalities that might point to a cyber-attack by evaluating vast amounts of data. This lets businesses to detect dangers considerably earlier than they might with conventional means, providing them a greater chance of averting or minimizing the impact of an attack. While there are many use-cases for artificial intelligence in cybersecurity here are a couple of the most popular ones.

Examples of how AI is being applied in cybersecurity

1. Threat identification and prevention

AI can be used to keep an eye on network traffic and spot any suspicious or unusual activities that might point to a cyber-attack. For instance, machine learning algorithms can be trained to spot patterns of activity that are typical of online attackers, like making several login attempts or using specific types of dangerous software. When such activity is discovered, AI systems can automatically take action to thwart the attack by blocking the offending traffic or shutting down the impacted services.

2. Fraud detection

AI can also be used to identify and stop fraud, such as the use of stolen credit card information or the establishment of phony accounts. For instance, machine learning algorithms can be trained on massive datasets of fraudulent behavior in order to identify patterns that may suggest a fraudulent transaction. When such conduct is discovered, AI systems can notify human analysts or initiate automatic action to stop the fraudulent activity from proceeding.

3. Vulnerability management

AI can assist organizations in locating and resolving system and network vulnerabilities. For instance, AI may be used to scan software for vulnerabilities, find weak passwords, and identify misconfigured systems that may be exploitable. Through continuous vulnerability monitoring, AI can assist organizations in proactively addressing possible issues before they can be exploited by attackers.

4. Cyber incident response

Organizations can utilize AI to assist in handling cyber incidents like malware or data breaches. As an illustration, AI may be used to evaluate vast amounts of data to determine the scale and impact of an incident and to suggest actions that should be taken to control the damage and stop future assaults. Additionally, AI can be used to automate some incident response operations, such as isolating damaged systems or restoring backups, freeing up others to work on more other tasks.

5. Automated response to cyberthreats

In certain specific circumstances, AI could be utilized to automatically respond to cyberthreats without human interaction. Using AI in this fashion needs to be heavily scrutinized and tested thoroughly. AI can also be used, for instance, to prevent malicious traffic from entering a network or to automatically shut down systems that are being attacked. This can speed up the response time to a cyber threat and lessen the possible harm that it might do.

Another benefit of AI in cybersecurity is that it may help businesses improve their overall security posture. By continuously analyzing data and spotting possible dangers, AI can help firms detect and fix vulnerabilities before they are used by attackers. Additionally, it has the potential to drastically lower expenses for businesses and boost ROI. Numerous cybersecurity tasks can be automated to assist reduce the need for expensive human labor. By identifying and responding to cyber threats more quickly and effectively, AI can help businesses avoid expensive data breaches and downtime.

AI in cybersecurity is still maturing

The application of AI to cybersecurity is still a work in progress, and there are still many challenges to overcome. For instance, false positives in AI systems can result in unneeded disruptions or other unexpected effects. Additionally, there is a chance that AI systems could be utilized for harmful purposes by attackers, fooled by them, or subjected to exploitation or deception. Despite these difficulties, however, there are appealing potential advantages to employing AI in cybersecurity, and the trend is expected to continue for the foreseeable future.

Ethics in AI is important

The likelihood of unfair or biased decision-making is another potential drawback of utilizing AI in cybersecurity. For instance, if an AI system is trained on a biased or unrepresentative dataset, it may make judgments that are unfairly skewed against particular groups of individuals. It's crucial to carefully plan and train AI systems to make sure they are impartial and fair in order to reduce this risk.

The requirement for regular updates and enhancements of the algorithms and models utilized is a further difficulty posed by the use of AI in cybersecurity. AI systems must be able to adapt and learn in order to keep up with the continuously evolving strategies and methods used by cyber attackers.

A governance framework is key to proper use

Using AI governance frameworks and rules is one technique to guarantee the ethical application of AI in cybersecurity. These frameworks can assist companies in identifying and reducing potential dangers related to the use of AI, as well as in ensuring that AI systems are used in a transparent, equitable, and moral manner.

AI becoming an important part of every industry

AI can significantly benefit an organization’s cybersecurity initiatives. By detecting risks more quickly and correctly, responding to cyber-attacks more effectively, and enhancing overall security posture, artificial intelligence can help enterprises protect themselves from cyber risks while reducing costs and resource usage. However, it is important that AI is used in a responsible and ethical manner, in order to maximize the benefits and minimize any potential negative consequences. By carefully considering the risks and benefits of using AI in cybersecurity, and by following best practices and guidelines for the responsible use of AI, organizations can effectively leverage the power of AI to improve their cybersecurity posture. Any organization seeking to better its cyber defense should consider investing in AI for cybersecurity.

Read more from the original post

Cyber Quote

Free Resources

• eBook: "9 Things Leaders Should Know About Cyber Insurance"

• CISA Releases ESXiArgs Ransomware Recovery Script

• SANS Security Policy Templates

• Web Security Academy - Free, online web security training

• CISA - Free Cybersecurity Tools and Services

• At Bay - Free Cyber risk Calculator

Trending Story

ChatGPT Gets an MBA

The AI-powered chatbot did better than expected on a Wharton exam. That’s something to get excited about, says the professor behind the experiment.

BloombergDimitra Kessenides

Other Bytes

Council Post: Why Cybersecurity Frameworks Alone Won’t Stop The Next Major Breach

A risk-based approach to cybersecurity gives defenders a never-before-achievable understanding of their continuously expanding attack surface.

ForbesGidi Cohen

SecurityScorecard Research Shows 98% of Organizations Globally Have Relationships With At Least One Breached Third-Party

Information Services Sector Has 2.5 Times the Number of Third-Party Relationships than the Overall Average; Finance Sector Claims the Fewest…

SecurityScorecard

Cyber Scam of the Week

r/Cybercriminals: Spear Phishing

Reddit, a popular online community, was the latest victim of a spear phishing attack. Spear phishing is a targeted email attack that looks like it’s from a trusted source, but it’s actually from cybercriminals in disguise.

In this recent attack, a cybercriminal set up a fake website designed to steal login credentials. Then, the cybercriminal sent phishing emails to Reddit employees. The emails prompted employees to visit the fake website and enter their credentials. Through this attack, the cybercriminal was able to access sensitive information from Reddit and steal internal company data.

Follow the tips below to stay safe from similar scams:

Make sure that the sender is actually who they say they are. If the sender claims to be someone you know, reach out to them in person or by phone to verify.
Remember that spear phishing attacks can happen to anyone. Think before you click, and never click a link in an email that you aren’t expecting.
Be careful with the information you share about yourself online. Cybercriminals can use this information to target you in phishing attacks.

This Cyber Scam is provided by our sponsors: Netsync & KnowBe4

Cybersecurity Social

Just a couple of interesting social posts

Did someone forward this email to you? Awesome! You can sign up here and not miss a week of the Morning Boot curated cybersecurity newsletter from Mark Lynd

You received this email because you signed up on our website, attended one of our events, or made a purchase from us. If you do not wish to receive this newsletter anymore, you can unsubscribe here.