Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Technology
Apple Google GPT-4 Microsoft OpenAI Technology

OpenAI: Turning Into Healthcare Company?


GPT-4 for health?

Recently, OpenAI and WHOOP collaborated to launch a GPT-4-powered, individualized health and fitness coach. A multitude of questions about health and fitness can be answered by WHOOP Coach.

It can answer queries such as "What was my lowest resting heart rate ever?" or "What kind of weekly exercise routine would help me achieve my goal?" — all the while providing tailored advice based on each person's particular body and objectives.

In addition to WHOOP, Summer Health, a text-based pediatric care service available around the clock, has collaborated with OpenAI and is utilizing GPT-4 to support its physicians. Summer Health has developed and released a new tool that automatically creates visit notes from a doctor's thorough written observations using GPT-4. 

The pediatrician then swiftly goes over these notes before sending them to the parents. Summer Health and OpenAI worked together to thoroughly refine the model, establish a clinical review procedure to guarantee accuracy and applicability in medical settings, and further enhance the model based on input from experts. 

Other GPT-4 applications

GPT Vision has been used in radiography as well. A document titled "Exploring the Boundaries of GPT-4 in Radiology," released by Microsoft recently, evaluates the effectiveness of GPT-4 in text-based applications for radiology reports. 

The ability of GPT-4 to process and interpret medical pictures, such as MRIs and X-rays, is one of its main uses in radiology. According to the report, "GPT-4's radiological report summaries are equivalent, and in certain situations, even preferable than radiologists."a

Be My Eyes is improving its virtual assistant program by leveraging GPT-4's multimodal features, particularly the visual input function. Be My Eyes helps people who are blind or visually challenged with activities like item identification, text reading, and environment navigation.

Many people have tested ChatGPT as a therapist when it comes to mental health. Many people have found ChatGPT to be beneficial in that it offers human-like interaction and helpful counsel, making it a unique alternative for those who are unable or reluctant to seek professional treatment.

What are others doing?

Both Google and Apple have been employing LLMs to make major improvements in the healthcare business, even before OpenAI. 

Google unveiled MedLM, a collection of foundation models designed with a range of healthcare use cases in mind. There are now two models under MedLM, both based on Med-PaLM 2, giving healthcare organizations flexibility and meeting their various demands. 

In addition, Eli Lilly and Novartis, two of the biggest pharmaceutical companies in the world, have formed strategic alliances with Isomorphic Labs, a drug discovery spin-out of Google's AI R&D division based in London, to use AI to find novel treatments for illnesses.

Apple, on the other hand, intends to include more health-detecting features in their next line of watches, concentrating on ailments like apnea and hypertension, among others.


Read more »
Userfriendly Update
Android Chrome History Clean History Cyberattacks CyberCrime Cybersecurity Google Histrory Browsing Privacy Userfriendly Update

User-Friendly Update: Clear Your Chrome History on Android with Ease

 


As part of its commitment to keeping users happy, Google Chrome prioritizes providing a great experience – one of the latest examples of this is a new shortcut that makes it easier to clear browsing data on Android. 

Chrome has made deleting users' browsing history on Android a whole lot easier after a new update was released today that makes erasing their browsing history much easier. With this update, there's now an option to clear browsing data from the overflow menu in the overflow section of the window, which houses all the most common actions such as the New tab, History, Bookmarks, and many other helpful functions. 

With just a single tap on the shortcut, users get an interface that clearly shows what's being disabled. Users can choose from preset timeframes like "Last 15 minutes" or "Last 4 weeks" depending on what their privacy preferences are. 

For the extra picky folks out there, users can also toggle specific types of data such as browsing history, cookies, and cached images by clicking the "More options" button. Google's Search history can easily be deleted by either forgetting to turn on Incognito mode or simply preferring to clean up old data. 

To erase your Google Search history, simply log in to your Google Account, and click Delete history. Google will then save the search history in your Google account, which is accessible from a separate place. 

Even though Chrome is one of the most popular and well-known web browsers out there, it has some drawbacks, such as a tendency to track your activity across devices even when you are incognito. However, it does have its perks, such as picking up where you left off from your computer to your smartphone. 

Having said that, there are times when users want to be able to wipe the slate clean. The Google Chrome web browser on a user's phone hoards information from every site that they visit, and most of it lodges in their phone's cookies and cache for far longer than necessary.

Keeping some data in cookies and caches indeed helps websites load quickly. This is an excellent feature, but it might not be as useful as it seems. Some of the information that lurks in those digital corners might even invade users' privacy. This means that users should keep their cache clean by giving it a clean scrub now and then so they do not have any problems. 

The new shortcut is designed to help users make that task easier. It is clear that Google Chrome is dedicated to improving its user experience, and the new shortcut that the tech giant has launched to clear browsing data on Android is a good reflection of their commitment to user satisfaction. 

Users can now easily manage their privacy preferences and delete their browsing history with one simple tap, thanks to the simplified process accessible from the overflow menu. Users can control their digital footprint more effectively by having the option to customize the timeframes and types of data that they use. 

Chrome is undeniably a very popular browser, but there are times when privacy concerns might arise, so this update provides users with a convenient way to control their browsing data. The new shortcut makes it easy for users to clear their Google Search history or maintain their cache on their devices with ease, and it ensures a smooth transition between devices while respecting their privacy preferences as well. 

There is a sense of privacy paramount in a digital environment, so Google Chrome's commitment to providing users with tools that allow them to manage their online footprint shows how committed it is to stay at the forefront of user-centric browsing. 

The user interface also evolves in response to the advancement of technology, and Chrome's latest update illustrates the fact that Google is dedicated to providing a browser that is not only powerful but also prioritizes user privacy and control.
Read more »
political cyber attack
anti-Hezbollah message Beirut airport hack cyber intrusion Cyber Security incident Lebanon tensions political cyber attack

Cyber Intruders Disrupt Operations at Beirut International Airport

 

 
Over the weekend, the Flight Information Display Screens at Beirut's international airport fell victim to a hacking incident that not only showcased politically motivated messages but also temporarily disrupted baggage inspection, according to local media reports.

The hackers seized control of the screens at Beirut-Rafic Al Hariri International Airport, replacing the usual plane departure and arrival information with a statement accusing Hezbollah, the Iran-backed militant group based in Lebanon, of leading the country into conflict with Israel. A segment of the message directed blame at Hezbollah, stating, "You bear your responsibility and its consequences, Hezbollah."

Airport authorities disclosed that the cyber attack briefly interfered with the passenger baggage inspection system. However, they emphasized that the flight schedule remained unaffected. Additionally, hackers reportedly sent fake messages to some passengers on behalf of Middle East Airlines, a claim promptly refuted by the airline.

Recent heightened tensions between Lebanon and Israel, marked by frequent exchanges of fire, further amplify the significance of the cyber incident. In a recent Israeli strike on Lebanon, a senior commander in Hezbollah's elite forces was reportedly killed. Israeli officials had previously expressed a preference for restoring security without engaging in a full-scale war with Hezbollah, though readiness for such action was affirmed if necessary.

Attribution for the airport hack points to two domestic hacker groups: The One Who Spoke, a relatively unknown entity, and Soldiers of God, a Christian group previously associated with campaigns against the LGBTQ+ community in Lebanon. The latter group denied involvement. However, reports suggest that "external parties" could be behind the attack, utilizing the names of Lebanese hacker groups to either conceal their identity or incite tension. Some believe that local hackers might lack the requisite technology and capabilities for such an attack.

An anonymous security source, speaking to a Lebanese TV channel, raised the possibility of Israel's involvement as a potential culprit behind the cyber attack. Lebanon's Minister of Public Works and Transportation, Ali Hamieh, provided updates during a press conference on Monday, revealing that approximately 70% of the compromised airport screens had resumed normal operations. As a precautionary measure, the airport was disconnected from the internet to mitigate further damage. The country's security services are actively investigating the hack, with Hamieh anticipating a conclusive determination on whether the breach is internal or external in the coming days.
Read more »
Threat Intelligence
CloudSEK Cookies Exploit Cyber Security Google Threat Intelligence

Hackers Find a Way to Gain Password-Free Access to Google Accounts


Cybercriminals find new ways to access Google accounts

Cybersecurity researchers have found a way for hackers to access the Google accounts of victims without using the victims' passwords.

According to a research, hackers are already actively testing a potentially harmful type of malware that exploits third-party cookies to obtain unauthorized access to people's personal information.

When a hacker shared information about the attack in a Telegram channel, it was first made public in October 2023.

The cookie exploit

The post explained how cookies, which websites and browsers employ to follow users and improve their efficiency and usability, could be vulnerable and lead to account compromise.

Users can access their accounts without continuously entering their login credentials thanks to Google authentication cookies, but the hackers discovered a way of restoring these cookies to evade two-factor authentication.

What has Google said?

With a market share of over 60% last year, Google Chrome is the most popular web browser in the world. Currently, the browser is taking aggressive measures to block third-party cookies.

Google said “We routinely upgrade our defenses against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected.” “Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.”

What's next?

Cybersecurity experts who first found the threat said it “underscores the complexity and stealth” of modern cyber attacks.”

The security flaw was described by intelligence researcher Pavan Karthick M. titled "Compromising Google accounts: Malware exploiting undocumented OAuth2 functionality for session hijacking."

Karthick M further stated that in order to keep ahead of new cyber threats, technical vulnerabilities and human intelligence sources must be continuously monitored. 

“This analysis underscores the complexity and stealth of modern cyber threats. It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats. The collaboration of technical and human intelligence is crucial in uncovering and understanding sophisticated exploits like the one analyzed in this report,” says the blog post. 



Read more »
Privacy Regulations
AI Privacy AI Security Artificial Intelligence Character AI Privacy Privacy Policy Privacy Regulations

What are the Privacy Measures Offered by Character AI?


In the era where virtual communication has played a tremendous part in people’s lives, it has also raised concerns regarding its corresponding privacy and data security. 

When it comes to AI-based platforms like Character AI, or generative AI, privacy concerns are apparent. Online users might as well wonder if someone other than them could have access to their chats with Character AI. 

Here, we are exploring the privacy measures that Character AI provides.

Character AI Privacy: Can Other People See a User’s Chats?

The answer is: No, other people can not have access to the private conversations or chats that a user may have had with the character in Character AI. Strict privacy regulations and security precautions are usually in place to preserve the secrecy of user communications. 

Nonetheless, certain data may be analyzed or employed in a combined, anonymous fashion to enhance the functionality and efficiency of the platform. Even with the most sophisticated privacy protections in place, it is always advisable to withhold sensitive or personal information.

1. Privacy Settings on Characters

Character AI gives users the flexibility to alter the characters they create visibility. Characters are usually set to public by default, making them accessible to the larger community for discovery and enjoyment. Nonetheless, the platform acknowledges the significance of personal choices and privacy issues

2. Privacy Options for Posts

Character AI allows users to post as well. Users can finely craft a post, providing them with a plethora of options to align with the content and sharing preferences.

Public posts are available to everyone in the platform's community and are intended to promote an environment of open and sharing creativity. 

Private posts, on the other hand, offer a more private and regulated sharing experience by restricting content viewing to a specific group of recipients. With this flexible approach to post visibility, users can customize their content-sharing experience to meet their own requirements.

3. Moderation of Community-Visible Content 

Character AI uses a vigilant content monitoring mechanism to keep a respectful and harmonious online community. When any content is shared or declared as public, this system works proactively to evaluate and handle it.

The aim is to detect and address any potentially harmful or unsuitable content, hence maintaining the platform's commitment to offering a secure and encouraging environment for users' creative expression. The moderation team puts a lot of effort into making sure that users can collaborate and engage with confidence, unaffected by worries about the suitability and calibre of the content in the community.

4. Consulting the Privacy Policy

Users who are looking for a detailed insight into Character AI’s privacy framework can also check its Privacy Policy document, which caters for their requirements. The detailed document involves a detailed understanding of the different attributes of data management, user rights and responsibilities, and the intricacies of privacy settings.

To learn more about issues like default visibility settings, data handling procedures, and the scope of content moderation, users can browse the Privacy Policy. It is imperative that users remain knowledgeable about these rules in order to make well-informed decisions about their data and privacy preferences.

Character AI's community norms, privacy controls, and distinctive features all demonstrate the company's commitment to privacy. To safeguard its users' data, it is crucial that users interact with these privacy settings, stay updated on platform regulations, and make wise decisions. In the end, how users use these capabilities and Character AI's dedication to ethical data handling will determine how secure the platform is.  

Read more »
IT Security
British Library Cyber Crime Data Breach Financial Exploit IT Security

British Library Braces for £7 Million Cyber Woes

 



The British Library faces a potential £7 million expenditure from a severe cyber attack that disrupted its website and internal WiFi in October. Perpetrated by the Rhysida group, the attackers demanded a £600,000 ransom, leading to the compromise of hundreds of thousands of files, including customer and personnel data, when the library refused to pay. 

Reports suggest the library plans to utilise approximately 40% of its reserves, around £6 to £7 million out of an unallocated £16.4 million, to rebuild its digital services. The final recovery costs are yet to be confirmed, and investigations are underway by the National Cyber Security Centre and cybersecurity specialists. 

In a recent post on social media, the library explained the ongoing challenges caused by the cyber attack. The incident affected the website, online systems, and some on-site services. The attack is confirmed as ransomware, raising concerns about the potential exposure of user data on the dark web. 

Working in conjunction with cybersecurity specialists and collaborating with the Metropolitan Police, the library anticipates a prolonged period for the thorough analysis of the breached data. Despite persistent issues with online systems, the library's physical locations remain accessible. To address user needs, a reference-only version of the primary catalogue is expected to be back online by January 15. 

Acknowledging the sustained patience and support from users and partners, Sir Roly Keating, the Chief Executive of the British Library, expressed gratitude. He highlighted the ongoing efforts to assess the impact of this criminal attack and implement measures for the secure and sustainable restoration of online systems. 

Providing a precise timeline for the restoration process is premature at this stage, but regular updates will be offered as progress is made in this critical endeavour. 

The primary motivation behind cyber attacks is financial gain. This criminal activity, aptly named ransomware, involves using malicious software to disrupt, damage, or gain unauthorised access to computer systems, compelling organisations and businesses to pay a ransom. 

While the Department for Digital, Culture, Media and Sport (DCMS) chose not to comment on the matter, a Government insider confirmed the expectation that the British Library would tap into its reserves for recovery. 

As the British Library deals with the consequences of this cyber attack, the challenges underscore the pervasive threat posed by ransomware, highlighting organisations must work on their resilience of digital fortifications and guard against the risks posed by such malevolent activities.


Read more »
Threat Intelligence
AI-Blockchain Blockchain Technology Data Safety Technology Threat Intelligence

Integrating the Power of AI and Blockchain for Data Security and Transparency

 

In an ever-changing digital landscape, providing strong data security and transparency has become critical. This article explores the dynamic interaction of two transformational technologies: artificial intelligence (AI) and blockchain. 

AI improves data security

Artificial intelligence (AI) is critical for enhancing data security via advanced technology and proactive techniques. Machine learning techniques offer real-time threat detection by recognising patterns and abnormalities that indicate potential security breaches. Predictive analytics assesses and anticipates threats, enabling proactive intervention. Furthermore, AI-driven anomaly detection improves the ability to quickly identify and respond to emerging security concerns. 

Blockchain, a transformational force, enables unparalleled data transparency. Its decentralised and irreversible ledger structure means that once data is recorded, it cannot be changed or tampered with, instilling trust in information integrity. Smart contracts, a critical component of blockchain technology, automate and transparently implement established rules, hence improving overall data governance. Blockchain provides a safe and transparent framework, making it an effective solution for industries looking to establish trust, traceability, and accountability inside their data ecosystems.

Synergies in AI and blockchain

The synergies between AI and Blockchain form a potent combination, tackling an array of data security and transparency concerns. AI's analytical capabilities strengthen blockchain functionality by allowing for advanced data analytics on a decentralised ledger. AI-powered algorithms help to detect trends, anomalies, and potential security threats within the blockchain network, hence strengthening overall security measures. Furthermore, AI-driven verification methods improve the accuracy and dependability of blockchain-stored data, increasing trustworthiness and transparency of information. This collaborative integration enables a more resilient and efficient approach to overseeing and safeguarding data in the digital era. 

Managing the integration of AI with Blockchain poses a number of issues and considerations. Ethical issues arise as AI algorithms make decisions, requiring evaluation to mitigate biases and ensure equality. Scalability concerns exist in blockchain networks, mandating solutions for increased transaction volume. Regulatory issues and compliance standards pose challenges, requiring a balance between innovation and adherence to legal frameworks.

The prospects for using blockchain technology and artificial intelligence (AI) to improve data security and transparency seem promising. As technology advances, it will probably enhance the complementary effects of these two revolutionary forces, increasing the limits of what is possible.

Challenges with integration 

Blockchain and AI integration is not without obstacles, though. As AI systems make decisions, ethical issues surface, requiring constant oversight to avoid prejudices and ensure fairness. Blockchain networks continue to face scalability issues, requiring solutions for increasing transaction volumes. Another level of complexity is added by regulatory compliance, which necessitates a careful balancing act between innovation and legal framework compliance. 

The future of AI and Blockchain in terms of data security and transparency is bright, notwithstanding these obstacles. It is likely that constant development will enhance the synergy between these revolutionary technologies, expanding the limits of what is feasible.
Read more »
Ransomware threats
Automotive Industry Cyber Attacks Ransomware attack Ransomware threats

Automotive Industry Under Ransomware Attacks: Proactive Measures

 
Ransomware has become a highly profitable industry, with major players like Conti Ransomware and Evil Corp leading the way. Although these entities are not publicly traded and do not report earnings to regulatory bodies like the SEC, it is estimated that ransomware payments reached around $450 million in the first half of the previous year. Shockingly, cyber-attacks are so lucrative that North Korea reportedly derives 50% of its foreign currency from cyber theft, as reported by Nikkei Asia. 

In 2021, automotive companies faced the highest number of cyber-attacks within the manufacturing sector, making up approximately one-third of all attacks, as highlighted in an industrial threat research report by IBM. A prevalent tactic employed by cybercriminals involves targeting the supply chains of automotive manufacturers through vulnerabilities in third-party vendors. 

In the list of industries facing ransomware attacks, the automotive sector ranked eighth out of 35, indicating a moderate vulnerability compared to others like technology, logistics, and transportation. It is less susceptible than some industries but more so than municipal and legal services. A 2021 Gartner report revealed that 71% of automotive Chief Information Officers (CIOs) planned to increase efforts in cybersecurity and information security that year compared to 2020. 

Cybersecurity experts note that the automotive industry's enthusiastic adoption of digitalization and automation in its operations has significantly increased productivity. However, this shift has also made organizations more susceptible to cyber-attacks due to the expanded digital footprint. 

Let’s Understand How Automobile Companies Can Protect Their System

The first step in safeguarding a car manufacturing company's systems is to understand the potential security risks and threats to their equipment. As technology advances, many companies are linking their older systems to the internet to collaborate with outside vendors. While it might take time for businesses to get used to this new security approach, there's a positive trend in increased awareness, making the industry safer. 

To protect against large-scale ransomware attacks, the automotive sector needs to take a proactive stance in detecting and addressing risks in their manufacturing environment. This shift towards a more proactive security strategy is crucial for preventing potential cyber threats and ensuring the safety of the organization's systems.
Read more »
Therapists bot
AI Chatbots AI technology Entertainment bot New Technology Technology Therapists bot

Character.ai's AI Chatbots Soar: Celebrities, Therapists, and Entertainment, All in One Platform

 

Character.ai, a widely recognized platform, allows users to construct chatbots resembling a diverse array of personalities, including the likes of Vladimir Putin, Beyoncé, Super Mario, Harry Potter, and Elon Musk. These chatbots, powered by the same AI technology as ChatGPT, have garnered immense popularity, with millions engaging in conversations with these AI personalities. Described as "someone who assists with life difficulties," the bot has gained popularity for its role in aiding individuals facing various challenges. 

On the other hand, the Psychologist bot stands out for its remarkable demand, surpassing that of its counterparts. This bot, designed to provide psychological insights and support, has captured the attention and interest of users, making it a notable choice within the realm of AI-driven conversation. In a little over a year since its inception, the bot has amassed a whopping 78 million messages, with 18 million exchanged just since November. 

The mind behind the account goes by the username Blazeman98. According to Character.ai, the website sees a daily influx of 3.5 million visitors. However, the platform did not provide details on the number of unique users engaging with the bot. The company from the San Francisco Bay area downplayed its popularity, suggesting that users primarily enjoy role-playing for entertainment. 

Among the most favoured bots are those embodying anime or computer game characters, with Raiden Shogun leading the pack with a whopping 282 million messages. Despite the diverse array of characters, few can match the popularity of the Psychologist bot. Notably, there are a total of 475 bots with names containing "therapy," "therapist," "psychiatrist," or "psychologist," capable of engaging in conversations in multiple languages. 

Among the available bots are those designed for entertainment or fantasy therapy, such as Hot Therapist. However, the ones gaining the most popularity are those focused on mental health support. For instance, the Therapist bot has garnered 12 million messages, while Are you feeling OK? has received a substantial 16.5 million messages. 

The person behind Blazeman98 is Sam Zaia, a 30-year-old from New Zealand. He did not plan for the bot to become popular or be used by others. According to Sam, he started receiving messages from people saying they found comfort in it and that it positively affected them. As a psychology student, Sam used his knowledge to train the bot. He talked to it and shaped its responses based on principles from his degree, focusing on common mental health conditions like depression and anxiety.
Read more »
SilverRAT
Cyberattacks CyberCrime Cybersecurity Digital Battlefields malware SilverRAT

Digital Battlefield: Syrian Threat Group's Sinister SilverRAT Emerges

 


There is a threat group known as "Anonymous Arabic" that released Silver RAT, a remote access Trojan (RAT) that can bypass security software and launch hidden programs quietly on the computer system. Cyfirma claims that the developers maintain a sophisticated and active presence on multiple hacker forums and social media platforms, as outlined by the cybersecurity company. 

Besides operating a Telegram channel offering leaked databases, carding activities, and more, these actors, who are thought to be Syrian in origin, are also linked to the development of another RAT which is called S500 RAT. 

An anonymous group known as Anonymous Arabic has developed a remote access trojan (RAT) called Silver RAT, which is designed for bypassing security software, launching hidden apps, and installing them in the background. 

As reported last week by cybersecurity firm Cyfirma, "the developer is active on multiple hacker forums and social media platforms, illustrating a sophisticated and active presence on those platforms," the report said. 

In addition, the actors, who are reportedly of Syrian origin and are linked to developing another RAT known as the S500 RAT, are also running a Telegram channel where they can distribute cracked RATs, leaked databases, carding activities, and Facebook bots (formerly Twitter bots) for sale. 

These activities are also part of the distribution of cracked RATs, leaked databases, and carding activities. The threat analysis published on Jan. 3 reveals that SilverRAT v1 is currently only available to users with Windows operating systems, however, it has destructive capabilities, such as the ability to destroy system restore points, as well as the ability to build malware for keylogging and ransomware attacks.

Researchers from Singapore-based Cyfirma stated this in their analysis. The Silver RAT v1.0 was observed in the wild in November 2023. It was discovered that the SilverRAT creators had also developed another product called the S500 RAT. Although SilverRAT is currently a Windows-based product, recent announcements have indicated that the developers are planning to release a new version that will be able to generate both Windows and Android payloads in the future. 

In addition to the destructive features included in Silver RAT v1.0, there are functions to destroy system restore points as well as a keylogger, UAC bypass, data encryption and data encryption. This Silver RAT was developed by Noradlb1, a hacker that has a well-earned reputation on prominent hacker forums including XSS, Darkforum, TurkHackTeam, and numerous others with an unquestionably respected reputation. 

First appearing on their Telegram channel, the RAT has since appeared on forums like TurkHackTeam and 1877. This project is by no means new. In October of 2023, Silver RAT was cracked and leaked on Telegram, and users are now sharing cracked versions of Silver RAT v1.0 on Telegram and GitHub to users who cannot afford RATs since it was not as effective as other well-known RATs like Xworm according to user conversations (however, there has been evidence that this may be less effective than other RATs). 

Following the leak of the latest version of Silver RAT, which is free to use for malicious purposes, the developer of Silver RAT intends to release new versions of the RAT to combat the problem. It appears that the developer, known as Anonymous Arabic, is strongly supportive of Palestine, as their Telegram posts indicate.

In addition, members of this group are active on several platforms, such as social media sites, development platforms, underground forums, and Clearnet websites. They are likely involved in the dissemination of malware via these platforms. For organizations to respond to this potential threat, they must develop stronger defence mechanisms to adequately guard against it. 

Recommendations for Management 


Developing and communicating an incident response plan that outlines steps that can be taken if a device is compromised is an important part of preparing for an incident. An essential part of this strategy would be the isolation of the device, the notification of relevant parties, and the mitigation of the situation. 

Support for Users: provide users with a clear route to report suspicious activity, unusual behaviour, or potential security incidents by providing them with a clear channel to do so. Be sure to explain to them the importance of reporting such incidents as soon as possible. 

Regularly backing up the device's data to a secure location is an important step in keeping the device secure. A data loss incident caused by a security breach can be mitigated to the extent that the impact will be reduced.
Read more »
virtual CISO
Compliance Cyber Risk Cyber Security Cybersafety outsourced security Risk Management strategic planning Technology virtual CISO

Embracing the Virtual: The Rise and Role of vCISOs in Modern Businesses

 

In recent years, the task of safeguarding businesses against cyber threats and ensuring compliance with security standards has become increasingly challenging. Unlike larger corporations that typically employ Chief Information Security Officers (CISOs) for handling such issues, smaller businesses often lack this dedicated role due to either a perceived lack of necessity or budget constraints.

The growing difficulty in justifying the absence of a CISO has led many businesses without one to adopt a virtual CISO (vCISO) model. Also known as fractional CISO or CISO-as-a-service, a vCISO is typically an outsourced security expert working part-time to assist businesses in securing their infrastructure, data, personnel, and customers. Depending on the company's requirements, vCISOs can operate on-site or remotely, providing both short-term and long-term solutions.

Various factors contribute to the increasing adoption of vCISOs. It may be prompted by internal crises such as the unexpected resignation of a CISO, the need to comply with new regulations, or adherence to cybersecurity frameworks like NIST's Cybersecurity Framework 2.0 expected in 2024. Additionally, board members accustomed to CISO briefings may request the engagement of a vCISO.

Russell Eubanks, a vCISO and faculty member at IANS Research, emphasizes the importance of flexibility in vCISO engagements, tailoring the delivery model to match the specific needs of a company, whether for a few days or 40 hours a week.

The vCISO model is not limited to smaller businesses; it also finds applicability in industries such as software-as-a-service (SaaS), manufacturing, industrial, and healthcare. However, opinions differ regarding its suitability in the heavily regulated financial sector, where some argue in favor of full-time CISOs.

Key responsibilities of vCISOs include governance, risk, and compliance (GRC), strategic planning, and enhancing security maturity. These experts possess a comprehensive understanding of cyber risk, technology, and business operations, enabling them to orchestrate effective security strategies.

Experienced vCISOs often play advisory roles, assisting CEOs, CFOs, CIOs, CTOs, and CISOs in understanding priorities, assessing technology configurations, and addressing potential cybersecurity vulnerabilities. Some vCISOs even assist in defining the CISO role within a company, preparing the groundwork for a permanent CISO to take over.

When seeking a vCISO, companies have various options, including industry experts, large consulting firms, boutique firms specializing in vCISO services, and managed services providers. The critical factor in selecting a vCISO is ensuring that the candidate has prior experience as a CISO, preferably within the same industry as the hiring company.

The process of finding the right vCISO involves understanding the company's needs, defining the scope and outcome expectations clearly, and vetting candidates based on their industry familiarity and experience. While compatibility with the company's size and vertical is essential, the right vCISO can outweigh some of these considerations. Rushing the selection process is discouraged, with experts emphasizing the importance of taking the time to find the right fit to avoid potential mismatches.
Read more »
Subscribe to: Comments (Atom)