Ronda Swaney – WindowsTechs.com

GenAI: The next frontier in AI security threats

Posted on April 3, 2024 by Ronda Swaney

Threat actors aren’t attacking generative AI (GenAI) at scale yet, but these AI security threats are coming. That prediction comes from the 2024 X-Force Threat Intelligence Index. Here’s a review of the threat intelligence types underpinning that report. Cyber criminals are shifting focus Increased chatter in illicit markets and dark web forums is a sign […]

The post GenAI: The next frontier in AI security threats appeared first on Security Intelligence.

Continue reading GenAI: The next frontier in AI security threats→

How AI can be hacked with prompt injection: NIST report

Posted on March 19, 2024 by Ronda Swaney

The National Institute of Standards and Technology (NIST) closely observes the AI lifecycle, and for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, NIST defines […]

The post How AI can be hacked with prompt injection: NIST report appeared first on Security Intelligence.

Continue reading How AI can be hacked with prompt injection: NIST report→

Why keep Cybercom and the NSA’s dual-hat arrangement?

Posted on September 11, 2023 by Ronda Swaney

The dual-hat arrangement, where one person leads both the National Security Agency (NSA) and U.S. Cyber Command (Cybercom), has been in place since Cybercom’s creation in 2010. What was once touted as temporary 13 years ago now seems established. Will the dual-hat arrangement continue? Should it? Experts have discussed the pros and cons of both […]

The post Why keep Cybercom and the NSA’s dual-hat arrangement? appeared first on Security Intelligence.

Continue reading Why keep Cybercom and the NSA’s dual-hat arrangement?→

The Forrester Consulting TEI of Guardium Data Protection study: 5 data security lessons

Posted on August 8, 2023 by Ronda Swaney

Practicality and simplicity: That’s what data security analysts want most from their data protection tools. That’s the essence we gleaned from the Forrester Consulting Total Economic Impact (TEI) study commissioned by IBM for its IBM Security Guardium Data Protection product. The TEI study focuses specifically on Guardium Data Protection, but its interviews with security professionals […]

The post The Forrester Consulting TEI of Guardium Data Protection study: 5 data security lessons appeared first on Security Intelligence.

Continue reading The Forrester Consulting TEI of Guardium Data Protection study: 5 data security lessons→

A History of Ransomware and the Cybersecurity Ecosystem

Posted on June 19, 2023 by Ronda Swaney

The number and complexity of cybersecurity tools have grown at a dizzying pace in recent decades. As cyber threats like ransomware became more numerous and complex, antivirus and threat management tools expanded to meet these challenges. Security experts now often find themselves with too many choices and a market too rich with options. Choosing, running […]

The post A History of Ransomware and the Cybersecurity Ecosystem appeared first on Security Intelligence.

Continue reading A History of Ransomware and the Cybersecurity Ecosystem→

ChatGPT and the Race to Secure Your Intellectual Property

Posted on June 13, 2023 by Ronda Swaney

ChatGPT reached 100 million users in January 2023, only two months after its release. That’s a record-breaking pace for an app. Numbers at that scale indicate that generative AI — AI that creates new content as text, images, audio and video — has arrived. But with it comes new security and intellectual property (IP) issues […]

The post ChatGPT and the Race to Secure Your Intellectual Property appeared first on Security Intelligence.

Continue reading ChatGPT and the Race to Secure Your Intellectual Property→

Security Awareness Training 101: Which Employees Need It?

Posted on June 9, 2023 by Ronda Swaney

To understand why you need cybersecurity awareness training, you must first understand employees’ outsized roles in security breaches. “People remain — by far — the weakest link in an organization’s cybersecurity defenses,” noted Verizon on the release of their 2022 Data Breach Investigations Report (DBIR). They elaborate that 25% of all breaches covered in the […]

The post Security Awareness Training 101: Which Employees Need It? appeared first on Security Intelligence.

Continue reading Security Awareness Training 101: Which Employees Need It?→

Will Commercial Spyware Survive Biden’s Executive Order?

Posted on June 6, 2023 by Ronda Swaney

On March 27, 2023, reports surfaced that 50 U.S. government employees had been targeted by phone spyware overseas. On the day of that report, President Joe Biden signed an executive order to restrict federal agencies’ use of commercial spyware. The timing of the order was linked to this specific phone-targeting exploit. But spyware infiltration of […]

The post Will Commercial Spyware Survive Biden’s Executive Order? appeared first on Security Intelligence.

Continue reading Will Commercial Spyware Survive Biden’s Executive Order?→

2022 Industry Threat Recap: Finance and Insurance

Posted on March 30, 2023 by Ronda Swaney

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. […]

The post 2022 Industry Threat Recap: Finance and Insurance appeared first on Security Intelligence.

Continue reading 2022 Industry Threat Recap: Finance and Insurance→

With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job

Posted on February 24, 2023 by Ronda Swaney

Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security Teams and Hackers What made this exposure so damaging was how widespread this piece of […]

The post With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job appeared first on Security Intelligence.

Continue reading With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job→