Tag Archive for: Risks

How To Mitigate The Enterprise Security Risks Of LLMs

/in


Christopher Savoie, PhD, is the CEO & founder of Zapata AI. He is a published scholar in medicine, biochemistry and computer science.

Since ChatGPT came out last year, Large Language Models (LLMs) have been on the tip of every enterprise leader’s tongue. These AI-powered tools have promised to dramatically increase productivity by automating or assisting with the creation of marketing content, sales materials, regulatory documents, legal contracts and more—while transforming customer service with more responsive, human-like chatbots.

However, as these LLMs become increasingly integrated into business operations, enterprises should be aware of several potential security risks.

There are three layers to the security issues of LLMs.

1. Sharing sensitive data with an external LLM provider.

2. The security of the model itself.

3. Unauthorized access to sensitive data that LLMs are trained on.

Sharing Sensitive Data With External LLM Services

Back in May, Samsung was in the news for banning the use of ChatGPT and other AI chatbots after sensitive internal source code was shared with the service. Samsung feared the code could be stored on the servers of OpenAI, Microsoft, Google or other LLM service providers and potentially be used to train their models.

By default, ChatGPT saves users’ chat history and repurposes it to further train their models. It’s possible this data could then be exposed to other tool users. If you use an external model provider, be sure to find out how prompts and replies can be used, if they are used for training and how and where they are stored.

Many enterprises, particularly in regulated industries like healthcare or finance, have strict policies about sharing their sensitive data with external services. Sharing data with an externally hosted LLM provider is no exception. Even if data isn’t inadvertently shared with other users of these tools, customers have no recourse if the data they share with external LLM providers is hacked.

To avoid these risks entirely, enterprises should consider training and running their AI chatbot tools within their own secure environment: private cloud, on-premises—whatever the enterprise considers…

Source…

Mitigating Cyber Risks At Sea

/in


Cybercrime is a growing threat to all Internet-connected businesses. 2023 has seen a doubling in the growth of ransomware variants, with a staggering 67% of companies having been victims of such an attack. 93% of organizations have experienced an intrusion targeting their operational technology (OT) infrastructure between mid-2021 and mid-2022, with 83% falling victim to more than three attacks. Attacks like these cost an estimated $600 million in the first half of 2022.1

The rate of cybersecurity breaches in the maritime industry has mirrored this trend. Attempted attacks on maritime information systems rose by 400% in the first few months of the pandemic.2 A report by Cyberstar claims that in 2021, attacks targeting ships increased in frequency by 33%, which came on the heels of a 900% increase in cyber breaches on vessel and port systems in 2020.3

The commercial maritime industry has historically been more conservative than other industries and slower to adopt new and emerging technology, including cybersecurity measures. As a result, commercial fleets and operations have suffered some of the most prominent and costly cyber-attacks, including attacks on the port of Houston, Japan’s “K” line, DNV, Carnival Cruise Lines, and many more.

Attacks come in three basic formats:

  • Ransomware breaches:  Cybercriminals breach a company’s digital infrastructure and use malicious software to steal data or shut down all or part of its online systems and hold it for ransom.
  •  Man-in-the-middle intercepts: Increasingly popular among cybercriminals, a hacker intercepts a genuine supplier invoice email to a company and then uses it to trick that company into sending payments to a different bank account.
  •  Malware: Malware attacks are triggered when a user clicks on a link to a site containing malicious software (malware). This new code enters a company’s digital infrastructure and disrupts the network, potentially stealing or leaking information onto the dark web or locking genuine users out of their computer systems.

The International Maritime Organization (IMO) issued Resolution MSC.428 (98), which requires all vessels to include cyber risk management in their safety…

Source…

SolarWinds Misled Public on Risks Before Hack, SEC Claims (1)

/in


The Securities and Exchange Commission-bsp-bb-link> alleged on Monday that SolarWinds Corp.-bsp-bb-link> defrauded investors by downplaying security risks ahead of a hack of its software that rippled through computer systems across the US government and corporate America.

The SEC also accused the top information security official at SolarWinds, Tim Brown, of breaking securities rules in a lawsuit filed in federal court in Manhattan. The action is the first time the regulator has sued a computer security executive for a cybersecurity-related issue.

The SolarWinds hack was among the worst cyber breaches in history, affecting hundreds of public companies and numerous government agencies. …

Source…

Why Apple risks facing India’s scrutiny after ‘hacking’ allegations against Modi government

/in


(Getty)

(Getty)

India’s lawmakers could pull up Apple representatives after several politicians from the country’s opposition said they received alerts on their iPhones warning them of “state-sponsored” hacking.

Ministers of the Narendra Modi-led government on Tuesday said they will investigate the allegations and “get to the bottom of these notifications” after screenshots of the alert sent by the American tech giant went viral on social media.

While opposition politicians have accused the ruling Bharatiya Janata Party (BJP) administration of spying on rivals and critics ahead of national elections in 2024, it could be Apple that soon faces the scrutiny of the Indian government.

A parliamentary committee on information technology is considering summoning representatives of Apple India over the alerts sent to public figures, an unnamed official of the committee was quoted as saying by news agency ANI on Wednesday.

The committee’s secretariat expressed “deep concern” over the alerts and is treating the matter with the “utmost seriousness”, the official said.

A minister from the Modi government also said Apple should explain what the notification means, especially their claims about the security of their devices.

“After today’s ‘threat notifications’ being received by many people, including MPs, and those in geopolitics, we expect Apple to clarify the following… if its devices are secure, why these ‘threat notifications’ are sent to people in over 150 countries,” said Rajeev Chandrasekhar, the minister of state for electronics and information technology, on X/Twitter.

The BJP’s lawmakers have also rubbished allegations of hacking made by opposition politicians.

“Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID,” said a screenshot of the alert shared by opposition members.

“If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.

“While it’s possible this is a false alarm, please take this warning seriously,” it said.

The alerts were sent by…

Source…