3 Interesting Articles

One Year of ChatGPT: The Impact of Generative AI on Cybersecurity
Infosecurity Magazine: OpenAI’s ChatGPT, launched a year ago, has notably impacted the cybersecurity landscape. Cybercriminals have used ChatGPT mainly for sophisticated social engineering campaigns, while its application in malware development remains limited due to practical challenges and restrictions set by AI tool creators. However, the potential for increased use of AI in cybercrime activities is significant. On the defensive side, organizations are rapidly integrating generative AI, using it to enhance cybersecurity and other operations. This adoption is driven by heightened customer awareness and the democratization of AI technology. Despite its advantages, concerns about data privacy and potential leaks have arisen, highlighting the need for clear usage policies and staff education. Looking forward, the role of generative AI in both offensive and defensive cyber strategies is expected to grow significantly. It is particularly likely to advance social engineering tactics and automate routine cybercriminal tasks. On the defense front, AI could significantly improve investigation and response automation. Regulatory measures, like the EU’s AI Act, are being introduced to manage the use of these technologies, indicating a trend towards more global regulations in this field.

Okta Hack Update Shows Challenges in Rapid Cyber Disclosures
WSJ ($): Okta is postponing product updates and internal projects for 90 days to focus on enhancing its security following a significant data breach. This breach, disclosed in an SEC filing, involved the theft of names and email addresses of all Okta’s commercial users. While the breach did not impact federal system users or Auth0 support users, the stolen data could potentially be used for targeted social-engineering attacks. This recent incident follows previous breaches, including one in March 2022 affecting over 300 customers and another involving the use of Okta administrator accounts in attacks at MGM Resorts International and Caesars Entertainment. These events underscore the challenges companies face with new SEC rules mandating prompt cyberattack disclosures and highlight concerns about Okta’s security measures and crisis communication.

23andMe: Data Breach Was a Credential-Stuffing Attack
Dark Reading: In October, DNA testing company 23andMe experienced a data breach, leading to unauthorized access of 7 million people. The breach, revealed through a Dark Web post by the perpetrator, was found to be a credential-stuffing attack, where stolen usernames and passwords from other sites were used to access 23andMe accounts. Compromised data included ancestry and health information, as well as files from the DNA Relatives feature. The company has since contained the threat actor’s activity, notified affected individuals, enforced password changes, and added two-step authentication. As a result of the breach, 23andMe faces class action claims and anticipates spending $1 to $2 million in related expenses.

2 Stats You Should Know

Data breaches and data loss (40%); identity-based threats, such as malware and phishing (38%); and generative AI (29%) are viewed as the biggest cybersecurity threats over the next 12 months. (source)

50% of organizations said they spend 6-10% of their revenue on compliance costs. (source)

1 More Thing

Warm Hanukkah Wishes from TalPoint

In these challenging times for our Jewish friends and community, the light of Hanukkah shines as a beacon of hope and resilience. As the menorah is lit and the Festival of Lights is observed, let us all be inspired by the enduring spirit of unity and strength.

We wish you and your loved ones a Hanukkah filled with joy, peace, and a renewed sense of hope. May this festive season bring us all closer together and illuminate the path to brighter days.