OpenAI’s safety oversight reset (what it means) – CyberTalk

OpenAI’s safety oversight reset (what it means) – CyberTalk

EXECUTIVE SUMMARY:

OpenAI is setting up a new safety oversight committee after facing criticism that safety measures were being deprioritized in favor of new and “shiny” product capabilities.

CEO Sam Altman and Chairman Bret Taylor will co-lead the safety committee, alongside four additional OpenAI technical and policy experts. Committee members also include Adam D’Angelo, the CEO of Quora, and Nicole Seligman, who previously served as general counsel for the Sony Corporation.

The committee will initially evaluate OpenAI’s existing processes and safeguards. Within 90 days, the committee is due to submit formal recommendations to OpenAI’s board, outlining proposed improvements and new security measures.

OpenAI has committed to publicly releasing the recommendations as a means of increasing accountability and public trust.

Addressing user safety

In addition to scrutinizing current practices, the committee will contend with complex challenges around aligning AI system operations with human values, mitigating potential negative societal impacts, implementing scalable oversight mechanisms and developing robust tools for AI governance.

AI ethics researchers and several of the company’s own employees have critically questioned the prioritization of commercial interests over detailed safety evaluations. The release of ChatGPT-4o has amplified these concerns, as ChatGPT-4o is significantly more capable than past iterations of the technology.

Major AI research labs (think Anthropic, DeepMind…etc) and other tech giants pursuing AI development will likely follow OpenAI’s lead by forming independent safety and ethics review boards.

AI and cyber security

The extremely fast development of versatile AI capabilities has led to concerns about the potential misuse of AI tools by those with malicious intent. Cyber criminals can leverage AI to execute cyber attacks, spread disinformation and to compromise business or personal privacy.

The cyber security risks introduced by AI are unprecedented, making solutions — like AI-powered security gateways that can dynamically inspect data streams and detect advanced threats — critically important.

Check Point Software has developed an AI-driven, cloud-delivered security gateway that leverages machine learning models to identify attempted exploitations of AI; deepfakes, data poisoning attacks and AI-generated malware, among other things. This multi-layered protection extends across networks, cloud environments, mobile devices and IoT deployments.

Protect what matters most. Learn more about Check Point’s technologies here. Lastly, to receive practical cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

How the Internet of Things (IoT) became a dark web target – and what to do about it – CyberTalk

By Antoinette Hodes, Office of the CTO, Check Point Software Technologies.

The dark web has evolved into a clandestine marketplace where illicit activities flourish under the cloak of anonymity. Due to its restricted accessibility, the dark web exhibits a decentralized structure with minimal enforcement of security controls, making it a common marketplace for malicious activities.

The Internet of Things (IoT), with the interconnected nature of its devices, and its vulnerabilities, has become an attractive target for dark web-based cyber criminals. One weak link – i.e., a compromised IoT device – can jeopardize the entire network’s security. The financial repercussions of a breached device can be extensive, not just in terms of ransom demands, but also in terms of regulatory fines, loss of reputation and the cost of remediation.

With their interconnected nature and inherent vulnerabilities, IoT devices are attractive entry points for cyber criminals. They are highly desirable targets, since they often represent a single point of vulnerability that can impact numerous victims simultaneously.

Check Point Research found a sharp increase in cyber attacks targeting IoT devices, observing a trend across all regions and sectors. Europe experiences the highest number of incidents per week: on average, nearly 70 IoT attacks per organization.

How the Internet of Things (IoT) became a dark web target – and what to do about it – CyberTalk

Gateways to the dark web

Based on research from PSAcertified, the average cost of a successful attack on an IoT device exceeds $330,000. Another analyst report reveals that 34% of enterprises that fell victim to a breach via IoT devices faced higher cumulative breach costs than those who fell victim to a cyber attack on non-IoT devices; the cost of which ranged between $5 million and $10 million.

Other examples of IoT-based attacks include botnet infections, turning devices into zombies so that they can participate in distributed denial-of-service (DDoS), ransomware and propagation attacks, as well as crypto-mining and exploitation of IoT devices as proxies for the dark web.

4% browsing, 90% confidentiality, 6% anonymity

The dark web relies on an arsenal of tools and associated services to facilitate illicit activities. Extensive research has revealed a thriving underground economy operating within the dark web. This economy is largely centered around services associated with IoT. In particular, there seems to be a huge demand for DDoS attacks that are orchestrated through IoT botnets: During the first half of 2023, Kaspersky identified over 700 advertisements for DDoS attack services across various dark web forums.

IoT devices themselves have become valuable assets in this underworld marketplace. On the dark web, the value of a compromised device is often greater than the retail price of the device itself. Upon examining one of the numerous Telegram channels used for trading dark web products and services, one can come across scam pages, tutorials covering various malicious activities, harmful configuration files with “how-to’s”, SSH crackers, and more. Essentially, a complete assortment of tools, from hacking resources to anonymization services, for the purpose of capitalizing on compromised devices can be found on the dark web. Furthermore, vast quantities of sensitive data are bought and sold there everyday.

AI’s dark capabilities

Adversarial machine learning can be used to attack, deceive and bypass machine learning systems. The combination of IoT and AI has driven dark web-originated attacks to unprecedented levels. This is what we are seeing:

  • Automated exploitation: AI algorithms automate the process of scanning for vulnerabilities and security flaws with subsequent exploitation methods. This opens doors to large-scale attacks with zero human interaction.
  • Adaptive attacks: With AI, attackers can now adjust their strategies in real-time by analyzing the responses and defenses encountered during an attack. This ability to adapt poses a significant challenge for traditional security measures in effectively detecting and mitigating IoT threats.
  • Behavioral analysis: AI-driven analytics enables the examination of IoT devices and user behavior, allowing for the identification of patterns, anomalies, and vulnerabilities. Malicious actors can utilize this capability to profile IoT devices, exploit their weaknesses, and evade detection from security systems.
  • Adversarial attacks: Adversarial attacks can be used to trick AI models and IoT devices into making incorrect or unintended decisions, potentially leading to security breaches. These attacks aim to exploit weaknesses in the system’s algorithms or vulnerabilities.

Zero-tolerance security

The convergence of IoT and AI brings numerous advantages, but it also presents fresh challenges. To enhance IoT security and device resilience while safeguarding sensitive data, across the entire IoT supply chain, organizations must implement comprehensive security measures based on zero-tolerance principles.

Factors such as data security, device security, secure communication, confidentiality, privacy, and other non-functional requirements like maintainability, reliability, usability and scalability highlight the critical need for security controls within IoT devices. Security controls should include elements like secure communication, access controls, encryption, software patches, device hardening, etc. As part of the security process, the focus should be on industry standards, such as “secure by design” and “secure by default”, along with the average number of IoT attacks per organization, as broken down by region every week.

Functional requirements, non-functional requirements

Collaborations and alliances within the industry are critical in developing standardized IoT security practices and establishing industry-wide security standards. By integrating dedicated IoT security, organizations can enhance their overall value proposition and ensure compliance with regulatory obligations.

In today’s cyber threat landscape, numerous geographic regions demand adherence to stringent security standards; both during product sales and while responding to Request for Information and Request for Proposal solicitations. IoT manufacturers with robust, ideally on-device security capabilities can showcase a distinct advantage, setting them apart from their competitors. Furthermore, incorporating dedicated IoT security controls enables seamless, scalable and efficient operations, reducing the need for emergency software updates.

IoT security plays a crucial role in enhancing the Overall Equipment Effectiveness (a measurement of manufacturing productivity, defined as availability x performance x quality), as well as facilitating early bug detection in IoT firmware before official release. Additionally, it demonstrates a solid commitment to prevention and security measures.

By prioritizing dedicated IoT security, we actively contribute to the establishment of secure and reliable IoT ecosystems, which serve to raise awareness, educate stakeholders, foster trust and cultivate long-term customer loyalty. Ultimately, they enhance credibility and reputation in the market. Ensuring IoT device security is essential in preventing IoT devices from falling into the hands of the dark web army.

This article was originally published via the World Economic Forum and has been reprinted with permission.

For more Cyber Talk insights from Antoinette Hodes, please click here. Lastly, to receive stellar cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

Must-know insights when navigating the CISO career path – CyberTalk

Must-know insights when navigating the CISO career path – CyberTalk

EXECUTIVE SUMMARY:

The CISO career path is as exciting as it is fraught with perils. Modern CISOs exist at the intersection of technology, security and business strategy. The stakes are high and the simplest of initiatives can easily command commendation or crumble and collapse, ending in highly visible, catastrophic failures.

Succeeding within a CISO role requires a unique skill set and a unique blend of industry perspectives. In this article, we’ll highlight essential approaches for both aspiring and seasoned CISOs to pursue in setting themselves up for success.

CISO career path insights

Regardless of where you are along your CISO career path, enrich your everyday with these pragmatic insights. Ensure that you maintain and emphasize:

1. Agility in an evolving landscape

Cyber threats and technologies evolve at a mind-bending pace. For instance, as artificial intelligence and deepfake technologies are becoming increasingly prevalent, hackers are identifying new tactics that enable them to leverage the tools to disrupt new targets, at-scale. To that effect, enterprise CISOs need to adapt in conjunction with trends — all the while, taking resource availability and changing business needs into consideration.

2. Data-driven decision-making

As a CISO, you’re not only a guardian of data; you’re also a steward of resources. In turn, it’s imperative to communicate the return on investment (ROI) of security initiatives to senior management and stakeholders. Showcase how security measures have not only protected assets, but how they have also contributed to compliance and have positively shaped other aspects of the business.

3. Strategic communication

CISOs must be able to translate technical jargon into language that non-technical stakeholders can grasp. The ability to articulate the utility of security investments, corresponding risks and risks associated with lack of action is critical. It means a higher probability of gaining support and the resources required to truly advance security.

4. Cross-functional partnerships

Strong CISOs work cross-functionally with other departments, including IT, the legal department, and human resources, among others. In so doing, CISOs help ensure that cyber security initiatives are integrated into the fabric of the organization, rather than languishing as isolated efforts. This approach also increases overall business resilience.

5. Continuous learning

Ensure that you’re a member of any and all relevant information security trade associations and training organizations. For instance, the International Society of Forensic Computer Examiners (ISFCE) and The Scientific Working Group on Digital Evidence (SWGDE) can serve as good starting points. See a comprehensive list of cyber security industry associations here.

In addition to formal trade group participation, CISOs should maintain less formal channels for ongoing education purposes. CISOs should pursue industry publications, attend webinars, participate in cyber security conferences, and make connections with other people. For cyber security professionals, staying updated on emerging threats, technologies and regulations is a non-negotiable.

Further information

A savvy CISO not only secures networks and workloads, but also secures their own future. With that in mind, aim for personal growth, work to achieve extraordinary outcomes, and become an inspiring leader who can guide the next generation through effective CISO career path development.

For more CISO career path insights, please see our past coverage. Lastly, discover more timely insights and analyses when you sign up for the cybertalk.org newsletter.

How platformization is transforming cyber security – CyberTalk

How platformization is transforming cyber security – CyberTalk

With more than 15 years of experience in cyber security, Manuel Rodriguez is currently the Security Engineering Manager for the North of Latin America at Check Point Software Technologies, where he leads a team of high-level professionals whose objective is to help organizations and businesses meet their cyber security needs. Manuel joined Check Point in 2015 and initially worked as a Security Engineer, covering Central America, where he participated in the development of important projects for multiple clients in the region. He had previously served in leadership roles for various cyber security solution providers in Colombia.

In this insightful Cyber Talk interview, Check Point expert Manuel Rodriguez discusses “Platformization”, why cyber security consolidation matters, how platformization advances your security architecture and more. Don’t miss this!

The word “platformization” has been thrown around a lot recently. Can you define the term for our readers?

Initially, a similar term was used in the Fintech industry. Ron Shevlin defined it as a plug and play business model that allows multiple participants to connect to it, interact with each other and exchange value.

Now, this model aligns with the needs of organizations in terms of having a cyber security platform that can offer the most comprehensive protection, with a consolidated operation and easy enablement of collaboration between different security controls in a plug and play model.

In summary, platformization can be defined as the moving from a product-based approach to a platform-based approach in cyber security.

How does platformization differ from the traditional way in which tech companies develop and sell products and services?

In 2001, in a Defense in Depth SANS whitepaper, Todd McGuiness said, “No single security measure can adequately protect a network; there are simply too many methods available to an attacker for this to work.”

This is still true and demonstrates the need to have multiple security solutions for proper protection of different attack vectors.

The problem with this approach is that companies ended up with several technologies from different vendors, all of which work in silos. Although it might seem that these protections are aligned with the security strategy of the company, it generates a very complex environment. It’s very difficult to operate and monitor when lacking collaboration and automation between the different controls.

SIEM and similar products arrived to try to solve the problem of centralized visibility, but in most cases, added a new operative burden because they needed a lot of configurations and lacked automation and intelligence.

The solution to this is a unified platform, where users can add different capabilities, controls and even services, according to their specific needs, making it easy to implement, operate and monitor in a consolidated and collaborative way and in a way that leverages intelligence and automation.

My prediction is that organizations will start to change from a best-of-breed approach to a platform approach, where the selection factors will be more focused on the consolidation, collaboration, and automation aspects of security controls, rather than the specific characteristics of each of the individual controls.

From a B2B consumer perspective, what are the potential benefits of platformization (ex. Easier integration, access to a wider range of services…)?

For consumers, the main benefits of a cyber security platform will be a higher security posture and reduced TCO for cyber security. By reducing complexity and adding automation and collaboration, organizations will increase their abilities to prevent, detect, contain, and respond to cyber security incidents.

The platform also gives flexibility by allowing admins to easily add new security protections that are automatically integrated in the environment.

Are there any potential drawbacks for B2B consumers when companies move towards platform models?

I have heard concerns from some CISOs about putting all or most of their trust in a single security vendor. They have in-mind the recent critical vulnerabilities that affected some of the important players in the industry.

This is why platforms should also be capable of integration through open APIs, permitting organizations to be flexible in their journey to consolidation.

How might platformization change the way that B2B consumers interact with tech companies and their products (ex. Self-service options, subscription models)? What will the impact be like?

Organizations are also looking for new consumption models that are simple and predictable and that will deliver cost-savings. They are looking to be able to pay for what they use and for flexibility if they need to include or change products/services according to specific needs.

What are some of main features of a cyber security platform?

Some of the main features are consolidation, being able to integrate security monitoring and management into a single central solution; automation based on APIs, playbooks and scripts according to best practices; threat prevention, being able to identify and block or automatically contain attacks before they pose a significant risk for an organization…

A key component of consolidation is the use of AI and machine learning, which can process the data, identify the threats and generate the appropriate responses.

In terms of collaboration, the platform should facilitate collaboration between different elements; for example sharing threat intelligence or triggering automatic responses in the different regions of the platform.

In looking at platformization from a cyber security perspective, how can Check Point’s Infinity Platform benefit B2B consumers through platformization principles (ex. Easier integration with existing tools, all tools under one umbrella…etc)?

The Check Point Infinity platform is a comprehensive, consolidated, and collaborative cyber security platform that provides enterprise-grade security across several vectors as data centers, networks, clouds, branch offices, and remote users with unified management.

It is AI-powered, offering a 99.8% catch rate for zero day attacks. It offers consolidated security operations; this means lowering the TCO and increasing security operational efficiency. It offers collaborative security that automatically responds to threats using AI-powered engines, real-time threat intelligence, anomaly detection, automated response and orchestration, and API-based third-party integration. Further, it permits organizations to scale cyber security according to their needs anywhere across hybrid networks, workforces, and clouds.

Consolidation will also improve the security posture through a consistent policy that’s aligned with zero trust principles. Finally, there is also a flexible and predictable ELA model that can simplify the procurement process.

How does the Check Point Infinity Platform integrate with existing security tools and platforms that CISOs might already be using?

Check Point offers a variety of APIs that make it easy to integrate in any orchestration and automation ecosystem. There are also several native integrations with different security products. For example, the XDR/XPR component can integrate with different products, such as firewalls or endpoint solutions from other vendors.

To what extent can CISOs customize and configure the Check Point Infinity Platform to meet their organization’s specific security posture and compliance requirements?

Given the modular plug and play model, CISOs can define what products and services make sense for their specific requirements. If these requirements change over time, then different products can easily be included. The ELA consumption model gives even more flexibility to CISOs, as they can add or remove products and services as needed.

How can platformization (whether through Infinity or other platforms) help businesses achieve long-term goals? Does it provide a competitive advantage in terms of agility, innovation and cost-efficiency?

A proper cyber security platform will improve the security posture of the business, increasing the ability to prevent, detect, contain and respond to cyber security incidents in an effective manner. This means lower TCO with increased protection. It will also allow businesses to quickly adapt to new needs, giving them agility to develop and release new products and services.

Is there anything else that you would like to share with Check Point’s thought leadership audience?

Collaboration between security products and proper intelligence sharing and analysis are fundamental in responding to cyber threats. We’ve seen several security integration projects through platforms, such as SIEMs or SOARs, fail because of the added complexity of generating and configuring the different use cases.

A security platform should solve this complexity problem. It is also important to note that a security platform does not mean buying all products from a single vendor. If it is not solving the consolidation, collaboration problem, it will generate the same siloed effect as previously described.

The future of AI and ML (in 2024) – CyberTalk

EXECUTIVE SUMMARY:

In businesses everywhere, mention of Artificial Intelligence (AI) simultaneously evokes a sense of optimism, enthusiasm and skepticism, if not a certain degree of fear. The AI robots are about to take control of the…sorry, wrong article.

The future of AI and ML in 2024

The rapid advancement of artificial intelligence has led to its widespread integration across industries and ecosystems, including those belonging to both cyber adversaries and cyber defenders.

Hackers hope to get a handle on AI in order to launch new threats at-speed and scale. According to experts, adversarial plans likely include phishing initiatives with ransomware payloads, deepfake scams that deceive executives, and malware scripts that are rewrites of existing threats, enabling the code to evade detection.

“Next year we’ll see more threat actors adopt AI to accelerate and expand every aspect of their toolkit,” says Check Point Threat Intelligence Group Manager, Sergey Shykevich.

AI as a double-edged sword

However, although hackers aim to use AI maliciously, AI is a double-edged sword, and research indicates that it will serve as a valuable force-multiplier for cyber security professionals in 2024 (and beyond). It will continue to transform threat identification, enhance organizations’ security posture, and lead to a safer cyber ecosystem across industries.

“Just as we have seen cyber criminals tap into the potential of AI and ML, so too will cyber defenders. We have already seen significant investment in AI for cyber security, and that will continue as more companies look to guard against advanced threats,” says Shykevich.

The key is leveraging AI’s strengths to counter its own weaknesses.

Leveraging AI’s strengths

Among cyber security professionals, artificial intelligence is often used at the “identification” stage of the SANS Institute’s well-known incident response framework. In other words, AI can help identify incidents in minutes, rather than in hours or days. AI can quickly parse through immense volumes of data to isolate patterns that point to the source and scope of a threat.

A truncated incident identification timeline can lead to faster breach containment, saving organizations on costs. The Cost of a Data Breach 2023 global survey has found that use of AI can speed up breach containment by 100 days (on average), and that AI and automation have delivered cost savings of nearly $1.8 million for individual organizations.

“In the coming year, we must innovate faster than the threats we face to stay one step ahead. Let’s harness the full potential of AI for cybersecurity,” says Shykevich.

Enhancing cyber security posture

In terms of bolstering an organization’s overall security posture, because AI can learn from past threats, AI can vastly improve threat detection capabilities. Using historical data, machine learning algorithms can track patterns and actually develop adaptive, new threat detection methods, making cyber breaches more difficult for adversaries to execute over the long-term.

AI can also automate repetitive tasks, eliminating human error and enabling humans to take on higher-level work. Beyond that, AI can improve the accuracy of decision-making, elevating the competence levels of cyber security teams.

All of these actions, among others, enable AI-powered solutions (and AI-focused security staff) to protect people, processes and technologies better than otherwise possible via traditional cyber security tools. AI is becoming and will continue to establish itself as an invaluable asset within the cyber security landscape.

That said, “In general, while organizations have found that AI is sexy, that doesn’t mean that we need to use AI everywhere. We need to be careful. We need to use it when it’s relevant, and not when it’s irrelevant,” cautions Check Point’s Global CISO emeritus and Field CISO for the EMEA region, Jonathan Fischbein.

A safer cyber ecosystem at-large

AI-based cyber security solutions are becoming increasingly critical components of cyber security stacks, and they’re not only strengthening individual organizations’ security – they’re able to help strengthen third-party security, ultimately strengthening the security of the supply chain and that of industry ecosystems at-large.

Policy makers around the world are convening to address the risks associated with AI and automated systems, working to ensure the security of divergent industries – from critical infrastructure to healthcare –  and protection for those who they serve. “There have been significant steps in Europe and the US in regulating the use of AI,” says Shykevich.

AI is fostering new types of partnerships between humans and machines, which allow for outsized cyber security outcomes – ones that amount to more than the sum of their parts.

Rapid change and growth

In the next few months, industry analysts anticipate continued evolution of AI-based cyber security capabilities, along with creative new use-cases for corresponding applications and code.

AI’s meteoric rise across the past decade, which has massively accelerated within the past year, signals its incredible potential to reshape the cyber landscape. Despite some degree of risk, artificial intelligence presents promise and hope for digital security like never before.


For further information about AI, ML and cyber security, please see the following resources

  • Explore the advantages of implementing AI within cyber security – Learn more
  • For more in-depth AI and cyber security insights, check out this whitepaper – Download now
  • Discover ThreatCloud AI, the brain behind Check Point’s best security – Product information

What is Cryware? What Microsoft wants you to know right now

Microsoft warns of “Cryware” infostealing malware that targets cryptocurrency wallets. What is Cryware? Cryware attacks lead to the irreversible theft of virtual currencies through fraudulent transfers to adversary controlled wallets. Cryware information stealers collect and exfiltrate data directly from “hot” wallets or online cryptocurrency wallets. Due to the fact that hot wallets are […]

Robin Hood ransomware demands goodwill ransom for charity

By Edwin Doyle, Global Security Evangelist, Check Point Software. GoodWill ransomware forces victims to record acts of kindness and to then publish corresponding content on social media. GoodWill ransomware In traditional ransomware attacks, the ransomware operators hold files or networks hostage in exchange for a ransom. They demand anywhere from hundreds to millions of dollars […]

US military pioneers Metaverse experiences that are amazingly sophisticated

The US military is creating its own version of the Metaverse. For years, militaries around the globe have used augmented reality (AR) and virtual reality (VR) to provide weapons training, equipment training and flight training for soldiers. Such tools can reduce costs associated with preparing soldiers for ‘live’ conditions, and lead to stronger […]

Interview with Tamas Kadar, CEO and Co-Founder of SEON

About Tamas Kadar: Tamas Kadar is an entrepreneur and former founder of Central Europe’s first crypto exchange. When his enterprise was targeted by fraudsters, he pivoted to offering fraud prevention technology. His newest firm, SEON, now protects 5000+ companies worldwide and raised the largest ever Series A funding in Hungary. In this exclusive Cyber Talk interview, […]