Sunday, March 30, 2025

How To Unravel The Complexities Of A DLP Rollout: 4 Golden Tips

 


In every business, data is the lifeblood that makes it work and keeps thriving.  After all, with all of it, you will be able to keep detailed tabs on your customer’s buying habits, which will enable you to  fine tune your future product and service offerings to them. 

But equally important, data will allow you to see just how your competition is doing, and with the help of Generative AI, detailed recommendations can provide as to how you can even beat them in the end.

But, to use an analogy, data is also the heart that pumps to keep it moving, just like in the human body.  If it stops, of course not only will you go into cardiac arrest, but you can also possibly even die.  The same is true for data also as it relates to a business.  The moment that is gone, either intentionally or not, all processes and operations will come to a complete slowdown.

In the world of Cybersecurity,  this is known as a “Data Exfiltration Attack”, and the ways to mitigate are known as “Data Loss Prevention” or also known as “DLP” for short.  But however, implementing this kind  of solution is by no means an easy task, and in fact,  it can be quite difficult to accomplish. 

Here are five  keyways in which you can make a smoother transition to it, and get the best results possible:

1)     Find The Right Tool:

If most of your IT and Network  Infrastructure is already based in the Cloud (such as that of Microsoft Azure), then you will be automatically provided with the tools to implement a solution to protect your data from security breaches.  But, the key thing that you must remember here is that you must configure it for your own environment and requirements.  All that you will have in Azure are just the default settings, and this only provides a minimal level of security, at best.  A good example of this is the Purview DLP solution.  While it may look easy to install, you really must take your time and understand each step that you are going through.  It is also a good idea to document all of this, so that you will be able to rebuild the solution in case you are ever hit with a security breach.

2)     Do Things in Phases:

Whenever your IT Security team sees a DLP solution that is SaaS based, the thoughts for a quick deployment come into mind.  However, if you are a CISO, you need to convey to them the huge risks that are inherent if this approach is undertaken. Therefore, you need to convey to them in ever so clear terms that the rollout should be done gradually, or in distinct phases.  Remember, if your Cloud deployment is very large in Microsoft Azure, you will have a lot more to worry about.  For instance, there will be all those endpoints that your employees have which have all kinds of data that are stored in them.  You will also need to make sure that whatever DLP solution that you decide upon will be compatible with them also.  The rule of thumb here is to evaluate the solution in a sandboxed environment first, before it is rolled out into the production environment.  Also,  give yourself a timeline of months, not days or weeks  before full deployment can be achieved.

3)     Communications Is Key:

In the end, to make your DLP solution to work fully operational, you need to have the buy in from all the relevant stakeholders, which includes your employees.  Remember, it is human nature to stick with the status quo, and to resist any type or kind of change.  But, this can be alleviated if you keep an open line of communication with them from the very beginning.  The last thing they will want is a huge surprise.  But just as much as you are communicating with them, you also need to reciprocate and address whatever concerns they may have about the roll out.  Probably one of the biggest issues will have been how their own data will be protected during  the transition.  This is something that you must be crystal clear about, and what steps are being taken to ensure that those data sets are safe.  In this regard, it would be very prudent to have a line of communications that is open 24 X 7 X 365, by phone and email.  But even  more importantly, do not shrug off any queries that are presented to you.  You must resolve them quickly and appropriately.

4)     Start Small:

Once you have deemed that your DLP solution has initially rolled out successfully, give it some time first to prove its worth to the company.  For instance, there could very well be kinks and issues that need to be ironed out.  Once you are confident of it, then you can build or scale up from there.  In other words, start planning to climb Mt. Everest, a few steps at a time, not how you are going to reach the top in one fell swoop.

My Thoughts on  This:

Sooner or later,  you will have to implement DLP solution for your business.  Hopefully the steps that have just been outlined will make it that much easier in the actual rollout of it. But also, keep the one goal in mind:  You want to mitigate the risk of a Data Exfiltration Attack from happening to you. 

Remember, in the end, it can only take seconds to lose a customer, but months to get a new one.  And, it can take even longer to build back up the brand reputation that you have worked so hard to create over the years.

Sunday, March 23, 2025

We Need More Women In Cyber!!!

 


Just some time ago, I wrote a blog about the disparaging work gap that exists in Cybersecurity today.  For example, there are many jobs that are available, but hiring managers are having a tough time trying to fill those particular roles.  A fair question to as now is:  “Given the current economic climate, and if the Cyber job market is hot, why aren’t they being filled quickly?” 

The answer to this question is that the hiring manager or recruiter is trying to find that “cookie cutter” candidate.  Unfortunately, this person does not exist, even if they do at all, it would be an exceedingly rare instance. 

From what I have seen, nobody wants to give the younger crowd a chance to prove themselves.  This could be the recent college graduate, or even a mid-seasoned worker who is transitioning over to Cybersecurity.  The bottom line of all of this is it is completely wrong.

Hiring managers need to look at the person, and not just as another piece of paper.  Heck, if I were hiring somebody, one of the key things that I would look for is their level of passion and dedication.  If they exhibit strong traits in these two areas, the chances would be good if I hired them.

So, this brings up yet another point.  And that is, the lack of women that are in Cybersecurity, and especially those that are in managerial roles or even in the C-Suite.  In my 16+ years of being in Cybersecurity, I have known less than five women that have been in it.  Only one had a managerial title, and only one had the guts to start her own Cyber consulting gig. 

Consider some of these stats:

*IT Security teams that are made up with at least 30% women will have 40% fewer security breaches.

*Back in  2023, the Cyber workforce was 5.5 million strong…of that, only 24% were women.

*For the thirty and age bracket, women made up only 26% of that segment of the Cyber workforce.

*In the UK, in 2024, only 17% of the total Cyber workforce was made up of women.

*Women make up less than 17% of all the CISO roles in the Fortune 500.

*Only 3% of them fill the exact same role (CISO) in the UK.

*Women in Cyber face 15% pay cut when compared to their male counter parts.

*46%  of women  in Cyber hold some sort of advanced degree (like an M.S or a Ph.D.), whereas only 35% of their male counter parts have one.

*50% of women in Cyber have faced a complete lack of support of support from their male colleagues.

*19% of women in Cyber have experience some kind of “gender incident”, whereas only 1% of their male colleagues have experienced it.

(SOURCE :  https://www.darkreading.com/cybersecurity-operations/are-we-closing-gender-gap-cybersecurity)

 My Thoughts on This:

Yes, after you review the above stats, it is a horrible situation.  The bottom line is women need to be given that chance to prove themselves.  I am not saying that they must be treated in any unique way, but hiring managers should at least give them that opportunity to prove what they can do.  Heck, I have even experienced this myself many times in the past.  Every time I would get turned down from a from a tech writing job, it all came down to just one little bit of experience that I did not have. 

In fact, I even asked one hiring manager:  “Are you going to diss me with my 16+ years of tech writing experience with just one little hang up”?  When it comes to this, the fault is entirely upon the hiring manager.  They have a wide latitude of discretion when it comes to the level of risk that they want to take on when hiring a candidate.  So in this regard, they are taking a very micro view of their candidate poll, which is very unfortunate.

For instance, what if that one person who had that little bit of experience did not turn out to be such a stellar employee?  Remember, when it comes to gauging experience in a candidate, look at the whole picture.  Technical skills can be learned!!!! 

Personally, I think, women would make much better managers or CISOs than males would.  In my professional world, I have had both male and female bosses.  Personally, my experience with the latter has been far superior to the former.  For example, when I had open heart surgery, my boss was so understanding and patient with me when I was trying to recover and when I was back on the job. 

But in the end, it is Corporate America that must make the push into hiring more women in Cyber.  Unfortunately, the climate may not be so great right now, taking any sort of DEI initiative might be frowned upon.  But, keep in mind that this only affects primarily the federal workforce, and not the private sector one.  So, the C-Suite must take this risk.

It is also especially important to keep that the Cyber Threat Landscape is changing on a minute by minute by basis.  True, more heads are better, but this also includes having a mixture of people of diverse backgrounds and genders. 

As it was pointed earlier,  more women have advanced degrees than do males.  So why not hire more women onto your team, and bring this advantage to the table?  True, it may be “just academic knowledge”, but from the bigger picture, which is still another, unique perspective that can be brought about in case a security breach did happen.

Also, colleges and universities need to take a much more active part in encouraging women to at least explore the possibilities of a career in Cybersecurity.  I am also an adjunct instructor of Cyber at a local junior college, and the women who do sign up for my classes are all contemplating that as a potential career route.  I try to do my part and further grow that seed of curiosity.

Remember in the end, its not just about filling more jobs in Cyber.  It also means greater gender and racial diversification as well.

 

Sunday, March 16, 2025

The Non Political View Of Saving The US Healthcare Industry

 


As we all know, this great country of ours has been shaken from the bottom down  all the way to the top with our current presidential administration.  Yes, our Federal Government has been bloated for decades, but the approach that is being taken is a bit extreme. 

Cuts are being made all over with no thought in mind, and worse yet, the people who depend heavily upon Medicaid could see their benefits not only reduced but even cut all together. 

Even CISA, the main Cybersecurity Agency from within the Federal Government, is starting to see cuts and even starting to lay off hundreds of their own employees.  So, when you these two together, you see one horrible trend:  The healthcare industry here in the United States is now going to be even more vulnerable in the hands of the Cyberattacker.

Consider some of these stats:

*Health Tech Magazine predicted that 2025 will be the worst year ever for security breaches.

*According to the 2024 Ponemon Healthcare Cybersecurity Report, 92% of the organizations that are in or even affiliated with the healthcare industry were hit by a Threat Vector.

*In the report from IBM called the Cost of a Data Breach Report 2024”, it was estimated that each security breach cost a healthcare entity at least $4.88 million.

Of course, the healthcare industry has always been vulnerable to Cyberattacks, but it has now become even more pronounced as Generative AI and Machine Learning (ML) now start to take a permanent route in both automation and customer service.  You could very well be wondering at this point, what are the most persistent and deadliest Threat Vectors that are posed to the healthcare industry?  Here is a sample of them:

1)     Phishing:

Yes, this is deemed to be the oldest of all the Threat Vectors out there.  But given its age, the Cyberattacker of today is still able to is to take the signature profiles of old ones and create newer ones from that.  In other words, this is building a better mousetrap.  Look at these alarming stats:

Ø  According to the 2022 IBM X-Force Threat Intelligence Index, Phishing will “be a common tactic for hackers to use against the health sector." (SOURCE:  Biggest Cyber Threats to the Healthcare Industry Today)

 

Ø  According to the NIH National Library of Medicine in a one-month time, the average healthcare organization received Phishing 858,200 emails.  139,400 of them belonged to marketing, and 18,871 of them contained a malicious payload, such as an .XLS file containing a macro.

 

Ø  In a security breach on average, at least 2.6 million PII datasets are stolen from patients.  These include their confidential information, appointments with doctors, medical records, etc.

 

2)     Ransomware:

This is the kind  of Threat Variant where the Cyberattacker could lock up parts of the IT/Network Infrastructure of a healthcare organization and expect to pay a ransom (usually in a Bitcoin) for the victim to get their files unlocked.  Such is the case with Change Healthcare.  Over one hundred million patients had their PII datasets locked up from a Ransomware Attack, and in return, a $33  million ransom was paid to the Cyberattacking group. 

Then in just last month, the various blood banks located throughout the entire state of New York were hit by a Ransomware Attack, four hundred of them in total.

A recent study also found  that the malicious payloads in Ransomware Attacks can be delivered in one of three ways, or even with all of them:

Ø  Phishing based Emails.

Ø  Malvertising

Ø  Malicious attachments that were downloaded

For those of you may not know, Malvertising can be technically defined as follows:

“Malvertising or malicious advertising is a technique that cybercriminals use to inject malware into users' computers when they visit malicious websites or click on an ad online.”

(SOURCE:  What is Malvertising and how to prevent it? | Fortinet)

Finally, the average dollar amount of ransom  payments made by the healthcare industry was almost $2.56 million.

My Thoughts on This:

After reading all of this, anybody is wondering, what can I do to protect myself?  Well, the answer comes from two fronts.  The first one is on the healthcare industry itself.  Here are some things that they need to do:

Ø  Deploying Generative AI powered EDR and XDR solutions to all the endpoints that are issued to the healthcare workers.  Note that endpoint is a general term that refers to tablets, laptops, smartphones, etc.

 

Ø  Follow a regular schedule of deploying software patches and updates.  This also includes firmware.

 

Ø  Make use of Multifactor Authentication (MFA).  This is where at least three or more differing authentication mechanisms are used to confirm the identity of the person in question.

 

Ø  If passwords are still a key credential, then  make use  of a Password Manager.  These software applications can create long and complex passwords on an automated basis.

 

Ø  Make sure that you have a strong Security Policy that is being enforced.  But even more importantly, make sure that you have Incident Response/Disaster Recovery/Business Continuity Plans in place, and that they are rehearsed on a regular basis.

As for  you, I am assuming the patient always keep checking  both your bank credit card accounts at least twice a day to make sure that there is no fraudulent activity that has occurred.  Many healthcare organizations now even offer your own personal patient portal,  where you can access pretty much the same kind of information and data that your doctor can.  Keep checking this also on a regular basis to make sure that there is no fraudulent activity here wither.

Finally, to view the report from the:

Ø  Ponemon Institute, click here:  http://cyberresources.solutions/Blogs/Ponemon_HC_Report.pdf

 

Ø  CISA, click here:  http://cyberresources.solutions/Blogs/CISA_HC_Report.pdf

 

Ø  IBM, click here:  http://cyberresources.solutions/Blogs/IBM_Report.pdf

 

Ø  NIH, click here:  http://cyberresources.solutions/Blogs/NLM_HC_Report.pdf

Sunday, March 9, 2025

The Cyber Recession That Is About To Happen In 2025

 


In the past few weeks, I have written a lot about Generative AI, so today, I am going to break from it and talk about something else that is also equal, if not more important in Cybersecurity.  To start off with, we all know that the United States economy is starting to slow down. 

A lot of this can be attributed to the massive number of layoffs that have occurred within the Federal Government, and because of the uncertainty of the tariffs, which have wreaked havoc on our own financial markets. 

To make matters even worse, the overall job growth is also starting to slow down, something that we have not seen in quite some time.

But despite all of this, there is still a silver lining:  The demand and creation for jobs in Cybersecurity still remains strong, however, there are more jobs available than what people can fill.   Consider some of these key statistics:

*According to the ISC2 in their report entitled the “2024 Cybersecurity Workforce Study”, there will be need to 3.4 million Cyber professionals to keep up with the demand. 

*According to Cyber Seek, there were  457,433 cybersecurity job openings from August 2023 to September 2024, but barely any of them were filled.

Yes, this gap is very alarming.  Here are some reasons cited for this trend:

*The Cyber Threat Landscape is constantly changing, in fact even by the minute.  Thus, trying to find the right workers with the exact skillset that is needed is very difficult to do.  In fact, according to a recent report from IBM, over 60% of businesses have failed to find the candidate that they were looking for, simply because they did not have the skills needed.

*A lot of the focus on Cyber jobs has been on offensive roles, such as being a Penetration Tester.  But the way that technology is evolving today, many companies are now resorting  to automated Penetration Testing, versus doing it the traditional ways.  So the demand now are for those candidates that have defensive oriented skills sets, such as being a part of the IT Security team.  But many of the people that have had these roles tend to burn out very quickly, because they are completely inundated with tasks, or the simply are suffering from what is known as “Alert Fatigue”.

*The dawn of the data privacy laws has now created a new demand for Cyber professionals that also have a legal background.  Unfortunately, there are very few people who have this precise skillet.  But, there is a new trend that is also emerging, and that is the need .  what is known as a “Chief Data Privacy Officer”.  Personally, I do not know of anybody who has filled this kind of role, but they seem to be out there.

Compounding the last one even more, is that many companies hiring for that skillset also require an in-depth knowledge of the GDPR, CCPA, the NIST frameworks, and even the ISO standards.  Anybody who can do this will truly be a specialist in the core.

But it is not the hiring managers that are too solely to blame in this regard.  Evern the recruiters have played their fair share of misleading candidates to apply, and they never hear back from them again.  These are technically referred to as “Ghost Jobs”, as these are used to only create a pool of candidates for the recruiting agencies. 

Another complaint that candidates have about the recruiters is that the job postings that they apply to have extremely broad requirements.  But if they have the interview, they are completely shocked when the hiring manager lays out extremely specific requirements for the job. 

My Thoughts on This:

So now, you may very well be asking yourselves:  How can this situation be turned around?  It comes down to both the job candidate and the hiring manager.  Let’s start first with the former.  Assuming that this person will be getting some kind of degree, they should be encouraged to network with their instructors to find an internship of some sort. 

This is what I did when I was in college.  I met with a professor, and he connected me with The Andersons, a large grain company based in the Midwest.

Further, the students should also be asking their instructors about what kinds of specific courses they should be  taking.  For example, if they want to become a Malware Analyst, then they will have to take more quantitative oriented courses to build an analytical mindset. 

Also, the instructors need to take a more active role in encouraging their students to take entry level certs, such as the Certified in Cybersecurity from ISC2 or the Security+ from CompTIA.

Now, on the side of the employer.  In order to end this cat and mouse game of finding the right candidate (which they most likely will never find), they need to take the risk and try to hire somebody that has just entry level skills and train them up for the job. 

True, this could cost a little bit of money in the beginning, but these kinds of candidates will have a tendency to stay longer with the company, versus hiring somebody with the right skill set (and of course at a much higher salary), who probably will not stay around for very long, because they know that they are in demand.

In  the end, there will always be a need for Cyber workers, as threat variants will not fail to exist, and the Cyberattackers will only keep getting stealthier and more deadly in their attacks. If this jobs gap remains the way it is, there will be many more victims because of security breaches occurring in the end. 

Therefore, all three parties must make this happen:

Ø  The student wants a job in Cyber.

Ø  The recruiter in Cyber

Ø  The hiring manager that is trying to fill a Cyber position

Let us make this happen!!!

Sunday, March 2, 2025

3 Top Trends To Emerge From Generative AI Poisoning Attacks

 


It seems like that all the news headlines today in Cyber are all about Generative AI and its many different subsets, such as Large Language Models (also known as “LLMs”).  I have covered this topic very extensively in the four books that I have written about it, as well as in the white papers, articles and blogs that I have written for other people. 

But there is one area in which, unbelievably, I have touched upon, and that is the area of what is known as “AI Data Poisoning”. 

You may be wondering what it is, so here is a technical definition of it:

“Data poisoning is a type of cyberattack where threat actors manipulate or corrupt the training data used to develop artificial intelligence (AI) and machine learning (ML) models.”

(SOURCE:  What Is Data Poisoning? | IBM)

Remember, as I have written about in the past, what drives a Generative AI model is the data that is fed into it.  It can be easily compared to a car which needs gasoline to make it run and go places.  Likewise, it is the data that fuels the model and gives the momentum that it needs to produce an answer, or an output to the query that has been submitted to it.

But keep in mind that not just any output will do.  It must meet what the end user is looking for.  In order to make sure that this happens, whoever  is in charge of the model must make sure that the datasets that are fed into the model are cleansed and robust, as well as free from having any statistical outliers. 

Using our car for example again, you need to give the right kind of fuel so that the engine will not get damaged (for instance, you do not pump diesel fuel into a Honda).  The same is true of the Generative AI model.  It needs the right data to make its algorithms (which is its engine) work equally smoothly.

But Generative AI is a field that is changing on an almost daily basis.  Thus trying to deploy the latest Cybersecurity controls can be an almost. impossible task to accomplish.  The Cyberattacker is fully aware of this and knows the vulnerabilities that are present.  Thus, they launch what are known as Poisoning Attacks to insert fake data into the model. 

But it does not stop here.  They can also quite easily insert a malicious payload to serve two key purposes:

Ø  Launch another Supply Chain Attack (just as we saw with Solar Winds and Crowd Strike) that could have huge, cascading effects.

Ø  Launch a Data Exfiltration Attack to not only steal the legitimate datasets that are being used in the model itself, but also those datasets which reside in the IT and Network Infrastructure of a business entity.

So given all of this, there are now three trends that are expected to happen, at some point in time down the road, which are as follows:

1)     Back To Solar Winds:

Yes, I know I just mentioned this, but the kind of attack that can happen here to a Generative AI Model will be magnified by at least ten times because of a Poisoning Attack.  To put it another perspective, when the Solar Winds hack took place, there were about 1,000 victims.  Now, there could be at least 10,000 victims or even more, all over the world.  In this regard, the main point of insertion for a malicious payload would be LLM, if there is one that is present.

2)     The Role of the CDO:

This is an acronym that stands for the “Chief Data Officer”.  This job title can be compared to that of the CISO, but their focus is on the datasets that their company has and is currently using.  Up until now, their main tasks were to simply write the Security Policies that would help fortify the lines of defenses around a Generative AI model.  But with the advent of Data Poisoning, their role will now shift into hiring and managing a team of employees whose sole mission is the cleansing and optimization of the datasets before they are fed into the model.  Another key role for them here also is to make sure that whatever datasets they are using come into compliance with the data privacy laws, such as those of the GDPR and the CCPA.

3)     It is Going to Happen:

If Phishing has been around, so will Poisoning Attacks.  They will start to evolve this year and pick up steam later on.  But as companies keep using Generative AI, this will be a highly favored threat variant for the Cyberattacker.  In fact, according to a recent market survey that was conducted by McKinsey, over 65% of businesses today use Generative AI on a daily basis.  To see the full report, access the link below:

http://cyberresources.solutions/Blogs/Gen_AI_Report.pdf

My Thoughts on This:

I am far from being an actual Generative AI practitioner, but I would like to offer my opinion as to how you can mitigate the threat of a Poisoning Attack from impacting your business:

Ø  Generative AI models are not just one thing.  The model or models that it uses are connected to many other resources in the external world.  There are a lot of interconnectivities here, so I would recommend keeping a map or visual to keep track of all this and keep updating on a real-time basis as more connections are being made into it.  This will also give a clever idea as to where you need to exactly deploy your Cybersecurity controls in the Generative AI Ecosystem.

 

Ø  If you can, hire a CDO as quickly as you can.  You do not have to hire them as full-time employees, you can also hire them on a contract basis, to keep them affordable.  But you will need them ASAP if you are going to make use of Generative AI based models.

Poisoning Attacks are going to be around for a long time.  So, now is the time to get prepared!!!

Sunday, February 23, 2025

The Importance Of Separating The Logical And Emotional Aspects If You Are A Victim

 


Human beings have two basic instincts among all others:  Being a creature of habit, and wanting to forgive people if they have wronged you in some way, shape, or form.  I know for one I am a creature of habit.  The best example of this is just a few days ago. 

I recently traded in my 22-year-old Honda Civic and am now leasing Kia.  This is the first time that I have had a car with all the electronic gizmos in it.  I have always been an analog dashboard kind of person on my past cars, so there are times I have wished to have that back.

But I know I made the right decision and must get used to all these new fancy things.  In terms of forgiveness, well, I am also a pretty loving guy.  The best example of this is one of my best friends of over 40 years, and we have our major spats, and the most recent one, a few days ago about the current pollical climate.  But of course, being close friends for such a long time, we forgave almost immediately.

These two examples can also fire perfectly well in the world of Cybersecurity.  For example, suppose you have been a long-time customer of a major vendor.  All of a sudden, you have been informed that they have been impacted by a security breach.  Some of the first questions that you will ask are:

1)     How did it happen?

2)     How soon did you find out it happened?

3)     What steps have you taken to rectify the situation?

4)     MOST IMPORTANT:  How am I impacted?  Is my data safe?

5)     What kind of recourse are you going to offer me?

But no matter how much you try to find fault with and blame the vendor for what happened, the tendency to want to stick around with them still persists.  After all, it is going to take time to find  a new vendor, and time to get acclimated to the way they serve customers. 

And what if they are more expensive?  So now the feeling of being a “creature of habit” sets in, and in the end, you decide you want to still stick with the same vendor.  This is technically known as “Digital Forgiveness”.

But now there is a new psychological play here as well.  It is the phenomenon called “Risk Normalization”.  To put it simply, you further rationalize your decision to continue with the same vendor by further rationalizing this:  “Well, anybody can become a victim, I guess it was my turn now”.

Because of all the loyalty you have shown to the vendor, the tendency will now be for them, indirectly, to take advantage of you.  For example, there attitude could very well be now:  “Well if a security breach happens again, they will still probably stick around.  No need to beef up my lines of defenses even further”. 

But, taking this kind  of approach can have detrimental effects, which include the following:

1)     Trust:

Although you may have forgiven the vendor, it will still be a part that will be hidden in your memory.  So, if the vendor takes a complacent attitude with you, your level of trust with them can erode over time.  Not your loss, it will be theirs, because customers can easily be lost, but it can take an exceptionally long time to get a new one.

2)     Anxiety:

After a company has been hit by a security breach, the moral and ethical thing for them to do is to offer you some kind of recourse, most often which comes in the form of free credit reports and real time monitoring.  But they are not legally required to do this.  So, if nothing is offered to you, it is quite likely that a prominent level of feeling of anxiety will kick in.  For example, some of your most immediate fears will be:  “Will I become a victim of ID Theft”? 

3)     Goodwill:

If the vendor again becomes a victim of a security breach, your goodwill towards them will completely vanish, and at this time you will say:  “This is the straw that broke the camel’s back, I am finding a new vendor”. 

My Thoughts on This:

Although this is much easier said than done, if your vendor has been hit by a Cyberattacker, and you have become a victim, it is imperative to separate yourself from the emotional side, and take these solid steps:

Ø  After you have been notified, immediately demand to know what happened to your data, and what corrective measures have or are currently being taken to protect your datasets.

 

Ø  Immediately enable either 2FA or MFA on all your financial accounts, such as you are banking and credit card portals.  Keep checking them at least twice a day to make sure that there is no fraudulent activity.

 

Ø  Immediately contact the three credit bureaus (Equifax, TransUnion, and Experian) and put a freeze on your account.

 

Ø  Demand recourse, more than what the vendor has to offer.  If you can afford the legal expenses, even consider filing a lawsuit.

 

Ø  Remember in the end, that you are the customer.  In our capitalistic society, the “Customer Is King”.  So, wield these powers that you have, and try to find  a different vendor.  If you take this route, make sure you ask what steps are being taken to protect your data if you were to go with them.

Finally, you, the customer, also need to play a part in protecting your data.  For example, with the recent passages of the many data privacy laws, especially those of the GDRP and the CCPA, you now have the legal right to know explicitly know how your data is being stored, processed, and archived.  And, you can always ask to have your datasets deleted if at any time you are not feeling comfortable with the way it is being managed.

Sunday, February 16, 2025

A Fine Line Must Be Drawn In Generative AI Usage: The Banking Example

 


One common question that I get asked from time to time is what do Cyberattackers like to prey on?  In other words, who do they like to target?  To be honest, about anything and anybody can be a prime target.  But it all comes down to one key motivating factor:  MONEY, AND LOTS OF IT. 

Wherever there is a backdoor is open and $$$ is easy to smell, the Cyberattacker will make its prey.  It can happen in a lot of diverse ways, such as Social Engineering, Phishing (Business Email Compromise is a big one here), finding vulnerabilities in a web application, etc.

But one thing I can answer for sure is that an industry which is heavily targeted is the banking  one.  After all, once the Cyberattacker has access to the login info of the victim, all heck can break loose.  For example, they can initiate a fake transaction, open a fake debit card, or just do things the old-fashioned way:  just steal whatever money is in the victim’s account.

In response to this, most of the financial institutions based here in the United States have done an excellent job implementing safeguards to protect their customers.  I can even vouch for this for myself.  One time, I got a letter from my bank stating that my debit card got hacked into. 

I never even used it, but the moment they got whiff of a potential, fraudulent transaction, they cancelled it immediately.  Then one time, I logged into my checking account from my iPhone (which I hardly ever do), the bank blocked my access later, because a different IP address was detected.

But another area in banking which needs more attention paid to is that of the mobile apps that they create and deploy for their customers.  Consider these stats:

*Fraudulent activity will exceed $40 billion by 2027, which is a staggering 32% increase.

*Banking as a Service will also witness a 20% increase in attacks.

(SOURCE:  How Banks Can Adapt to the Rising Threat of Financial Crime)

In fact, the mobile app can be viewed as Banking as a Service tool.  After all, you can download it from an app store, such as Google or Apple.  In these cases, one of the easiest ways for the Cyberattacker to get into is to try to find a backdoor in the source code, especially in the API. 

As I have written before, many software developers use ones that are open sourced primarily because they are free to download and use, with no licensing fees involved.  Also, there are plenty of forums online in which help, and resources are available.

But the software developers who make use of these kinds of APIs do not check them to make sure that they have been updated.  Because of this, many backdoors can be left open for easy penetration by the Cyberattacker.  From here, they can manipulate the mobile app or even heist the source code to create a fake, this tricking and luring in their victims.

So how can a bank avoid this situation.  In a theoretical sense, the easy answer is that they should use their own IT Department to create it.  But, this can be a costly proposition, so many banks choose to outsource the development of it, in the name of saving money. 

While this can be a good thing, it also poses grave risks as well.  For example, what if they have hired a web development team, such as in India, and they are not properly vetted?

In this regard, the banks must take the vetting process very seriously.  They need to make sure that whoever they hire must meet strict security requirements that are at least on par or even greater than what the bank has in place. 

Further, the right controls must be put in place, in case any customer information and/or data is given for testing purposes.  In fact, the bank should take the initiative and responsibility to create a set of best practices and standards for their vetting process.

Another avenue that banks are looking at to further protect they are as a Service offerings is the use of Generative AI.  One of the best ways that this has been used is to quickly detect any form of abnormal behavior that falls out of the baseline profile of the customer.  

Once this has been captured, the Generative AI model will trigger the account to be blocked almost immediately.  Generative AI is also great when it comes to halting a wire transfer that looks fishy, such as the in the case of a Business Email Compromise Attack.

But with the good comes the bad.  For instance, a Cyberattacker can easily heist one of these models and modify it in a way that it will not detect fraudulent activity for a certain period of time.  Or worse yet, they can not only create a fake website,  but they can also Generative AI to create a Deepfake, which is a replication of a real person. 

They can use this to create a Digital Personality that the customer can interact with, but Social Engineering can be embedded here, so that a trusting dialog can be developed.  Once this has come to fruition, Digital Personality can then be manipulated to prey upon the vulnerable state of mind of the customer and con them into giving out their personal information and data.

My Thoughts on This:

IMHO, banks, no matter what their size or their geographic location is, there must be a fine line drawn as to how much Generative AI should be used.  Perhaps creating a set of best standards and practices would be great here, as to where it can and cannot be used.

In the end, it is extremely easy to get swept away by the glamor that Generative AI brings to the table,  but it is especially important to keep in mind, as in the case of the banks, that the human side is needed as well.

Back to my example again of my account being blocked.  Suppose the only way that it could be unblocked was by having a conversation with a Digital Person.  But for some reason, no matter how much I tried to convince it that it was me that was trying to log in, it still does not unblock it. 

But luckily after waiting for a few minutes, I was able to reach a real, live customer assistant to whom I explained the situation.  The next second, it was unblocked.

The equation for having a great level of security is to have a balance between technology and the human element.

How To Unravel The Complexities Of A DLP Rollout: 4 Golden Tips

  In every business, data is the lifeblood that makes it work and keeps thriving.   After all, with all of it, you will be able to keep deta...