Back To Resource Center

Published: February 16, 2024

Security 3-2-1 Week of 2/16/24

By Annie articles

3 Interesting Articles

Microsoft, OpenAI say U.S. rivals use artificial intelligence in hacking
Washington Post ($): Adversaries of the U.S., including Russia and China, are leveraging advanced AI tools to enhance their hacking capabilities and identify new espionage targets, reveals a report from Microsoft and OpenAI. This is the first detailed account of elite government hacking teams employing LLMs for tasks such as improving programming, crafting phishing emails, and planning cyberattacks. The report links AI tool usage to Chinese hacking groups affiliated with the government and groups from Russia, Iran, and North Korea. Microsoft’s proactive measures have included revoking these groups’ access to ChatGPT-based tools and planning to alert other tool developers about the misuse. Despite not observing any major AI-driven attacks yet, Microsoft has noted preliminary activities like research into security vulnerabilities and reconnaissance of potential targets by these state-sponsored groups. For instance, a Russian GRU-linked team investigated satellite and radar technologies pertinent to Ukraine’s conflict, while North Korean hackers sought insights into military experts and vulnerabilities in Microsoft’s systems.

CISO and CIO Convergence: Ready or Not, Here It Comes
Dark Reading: The roles of CIOs and CISOs are increasingly converging, highlighting the critical role of cybersecurity in digital transformation and its ascent from operational to strategic importance. Historically, CIOs managed IT infrastructure and aligned IT with business goals, focusing on operational efficiency and cost control. However, the advent of digital transformation, cloud computing, and remote work has shifted their role towards harnessing technology for innovation. Conversely, CISOs, who once focused on compliance and defending against cybersecurity threats, are gaining visibility and becoming integral to operational decision-making alongside CIOs. This shift is driven by the need for enhanced digital security in the era of digital transformation, prompting closer collaboration between CIOs and CISOs. The future of these roles, whether they continue to merge or become distinctly separate functions focusing on risk management and technical security, depends on various factors including company size, industry, and digital transformation plans. This evolution underscores the necessity for alignment and collaboration between IT leaders to ensure successful digital transformation.

Bank of America notifies customers of third-party breach of ‘deferred compensation plans’
SC Media: Bank of America (BoA) notified customers of a data breach at Infosys McCamish Systems (IMS), a business partner, following a cyberattack claimed by the LockBit ransomware group. Sensitive customer information, including Social Security numbers, financial account details, and personal identification, was compromised, impacting over 57,000 individuals. This incident, revealed in February, involved data related to deferred compensation plans managed by BoA. The breach underscores the importance of third-party risk management and highlights the challenges in fully protecting against digital threats. Experts emphasize the need for stringent cybersecurity measures, including software bills of materials for better vulnerability management, improved third-party access controls, and proactive monitoring to prevent similar incidents. The financial sector’s strict data protection regulations further stress the necessity for compliance by third-party vendors, demonstrating the continuous threat cybercriminals pose by exploiting third-party vulnerabilities.

2 Stats You Should Know

Deepfakes — AI-generated replicas of a person’s likeness — could shatter confidence in face biometric authentication solutions for 30% of companies by 2026. (source)

Security researchers found a 198% increase in browser-based phishing attacks in the second half of 2023 and a 206% increase over the full year. (source)

1 More Thing

Hope everyone had a Happy Valentine’s Day!

Our large and diverse network of experts is here to help...

Charles M.

Principal

Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.

Ellen K.

GRC Expert

Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.

Zachary C.

Founder and CRO

Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.