For anyone plugged into the blossoming world of artificial intelligence, you’ve probably heard of (or chatted with) ChatGPT. And for anyone curious about how AI feels about AI when it comes to cybersecurity, look no further.

Following a handful of barbs regarding Asimov’s Rules of Robotics, I asked ChatGPT if it could “write me an article about the role of AI in cybersecurity.” Here is what it said:

The Role of Artificial Intelligence in Cybersecurity

Artificial intelligence (AI) has the potential to revolutionize the field of cybersecurity, and it is already being used in a variety of ways to improve the security and integrity of computer systems and networks. Some of the ways in which AI is being used to enhance cybersecurity include:

Threat detection and prevention: AI can be used to analyze large amounts of data, including network traffic and user behavior, to identify and alert on potential threats. By using machine learning algorithms and other techniques, AI can help to identify patterns and anomalies that may indicate the presence of a security threat, and it can take automated actions to prevent or mitigate these threats.

Vulnerability management: AI can be used to identify and prioritize vulnerabilities in a network, and to suggest patches or other remediation measures to address them. By continuously monitoring networks and systems for vulnerabilities, AI can help organizations to stay ahead of potential security threats and to ensure that their systems are secure and compliant.

Password management: AI can be used to generate strong passwords and to detect and alert on suspicious login activity. By using advanced algorithms and machine learning techniques, AI can help to ensure that passwords are secure and that unauthorized access to systems is detected and prevented.

Phishing and spam detection: AI can be used to analyze emails and other communications for signs of phishing or spam, and to flag or block these messages. By using natural language processing and other techniques, AI can help to identify and filter out malicious communications, and to protect users from falling victim to these scams.

In addition to these specific applications, AI can also be used to improve the efficiency and effectiveness of cybersecurity operations more broadly. By automating tasks and providing actionable insights and recommendations to security professionals, AI can help to streamline and optimize security processes, and to free up human analysts to focus on more complex tasks.

While AI has the potential to significantly improve cybersecurity, it is important to carefully consider the risks and limitations of these technologies. There is a potential for AI to be misused or to introduce new security vulnerabilities, and it is important to ensure that these technologies are used in a responsible and ethical manner.

Overall, the role of AI in cybersecurity is likely to continue to evolve and expand in the coming years, and it will be an important tool in the fight against cyber threats. By leveraging the power of AI, organizations can improve the security of their systems and networks, and better protect themselves and their customers from cyberattacks.

###

Obviously, as an editor by trade, I prodded at the bot for its pro-AI bias, for which it profusely apologized and stated that it didn’t intend to offend.

Apart from this discussion, it was able to offer some insights on Zero Trust in government, but its primary shortfall is that its unable to draw any knowledge on current events as its cutoff is in 2021. Thus, any discussion on recent cyberattacks or up-and-coming methods are less than ideal. Per the bot, it utilizes data available on published sources and integrates algorithms and other data to offer information in a conversational tone. It’s quick to relinquish any possible opinions, and won’t just do whatever the user inputs. For example, I asked the bot to write about the Colonial Pipeline attack, but in the style of a children’s story — to which it chided me, as it would be inappropriate and irreverent to discuss a serious topic in such a manner.

As a matter of cybersecurity, ChatGPT certainly represents a fairly great threat in terms of the ability to utilize AI for rampant disinformation — an issue that has been widely reported toward the end of 2022. In an article on eSecurityPlanet, Robert Blumofe, who is the CTO and EVP at Akamai Technologies, is quoted citing the threat of this tech in phishing.

“The technology will enable attackers to efficiently combine the volume of generic phishing with the high yield of spear phishing,” he said in the article.  “On the one hand, generic phishing works at a massive scale, sending out millions of lures in the form of emails, text messages, and social media postings. But these lures are generic and easy to spot, resulting in low yield. On the other hand and at the other extreme, spear phishing uses social engineering to create highly targeted and customized lures with much higher yield. But spear phishing requires a lot of manual work and therefore operates at low scale. Now, with ChatGPT generating lures, attackers have the best of both worlds.”

What may be most interesting from a security perspective is the fact that the developers are now concerned with those who may use the AI for nefarious purposes. For example, when I asked the bot to generate a password reset email for a Twitter user, it cheerfully complied — with a content warning.

While there’s currently no telling where this technology might take cybersecurity, it’s clear that the developers are beginning to take the potential for abuse.

For anyone interested in delving deeper, the bot is available here. Share your chat highlights in the comments.

Is there a word for the week between Christmas and New Years where time seems to just move differently? Cyber experts know that hackers never take a week off – and in fact, tend to capitalize on these “quiet” times. Here are some of the latest security updates capping off the year.

NO NEW PATIENTS: A New Jersey hospital halted patient admissions due to “an IT security issue” – which is currently under investigation, according to NJ.com. CentraState Medical Center in Freehold diverted all new and incoming patients, though patient care had not been adversely affected, according to the report. The story…

AMONG OTHER DISRUPTIONS FOR THE WEEK: We’ve got the closing of the Harrington Raceway & Casino in Delaware due to a “temporary disruption.” Bristol Community College in Massachusetts has shut down campus internet access thanks to a breach. Plus, Howard Memorial Hospital down in Arkansas just had a breach that may impact patient and employee security and confidentiality.

IMAGINE PAYING $44 BILLION FOR THIS:  If you missed it, Piers Morgan’s Twitter account was really, really hacked over the Christmas holiday, and many are confident that his and other high-profile user data was leaked in a June 2021 bug. By July of 2022, Twitter insiders came to find that this bug was exploited to the tune of 400,000,000 users’ data. All this based on research from Israeli cyber-intelligence firm Hudson Rock, as reported by The Guardian.

TIKTOK’S FINAL COUNTDOWN: Leaving out the obvious cultural decay that TikTok has reaped upon America’s youth, the security threat it brings should be enough to concern any fairly savvy lawmaker. Governors across the United States have announced bans on the use of this app for state employees, and a ban was also included in the massive $1.7 trillion spending bill for all government-issued devices… making it, likely, possibly, the least expensive line item on the bill. Broader story from Stateline.org.

LOOKING FOR THE BEST RECAP OF 2022?: KrebsonSecurity celebrated 13 years in business earlier this week – no small feat in a dynamic industry like this one. To celebrate, the site posted a full year-in-review – definitely an ideal read for putting your arms around the biggest stories in security for 2022. Remember when Norton was installing crypto-mining software on customers’ computers? Yeah, that was this year.

Hackers Don’t Take This Week Off: Wee …

Industry News Posted by Jen Greco on Dec 30, 2022

We may be living in strange times, but that text message you received last week from yourself probably didn’t pass the smell test for most cybersecurity professionals.

In case you missed it, a large number of Verizon customers got texts from their own phone numbers over the last few weeks. The compelling message? It’s a heads up that your March bill was paid, and a link for you to claim a “free gift.” Obviously, the gift likely anything but free.

SMS scams – or smishing – is costly for those who fall victim – in 2020, Americans lost $86 million on text message scams, according to the Federal Trade Commission and the AARP. The average individual loss was $800 in 2020 (that’s roughly $880 in 2022 dollars).

“As part of a recent fraud scheme, bad actors have been sending text messages to some Verizon customers which appear to come from the customers’ own number. Our company has significantly curtailed this current activity, but virtually all wireless providers have faced similar fraudulent activity in recent months,” Verizon said in a statement sent to Fox News.

Verzion doesn’t seem to think the Russians are behind this one, according to the same statement, where they also mentioned that they’re working closely with law enforcement to remedy the issue. That said, the author of this article from The Verge reported that the link in the message seemed to point back to a  Russian state TV network.

This seems to be a result of those robocalls going unanswered, thanks to aggressive phone spam filters offered by mobile carriers, according to Verizon. It’s not so easy to block your own number from spamming you.

“Just as Verizon continues to combat robocalls on behalf of our customers — 20 billion blocked to date — we are working diligently to crack down on pesky spam texts and have put a number of tools in place to prevent them from ever reaching you,” the company said in a press release.

If you’re a Verizon customer tackling these spam texts, they tell you not to delete it (full disclosure: this author deleted it immediately). If you get it, copy the message and text it to “SPAM” (that’s #7726 on your touchtone).

For now, the best move would be to follow the sage advice from AARP:

1. Don’t respond – not even with a STOP.
2. Don’t click links and don’t open attachments.
3. Filter and block spammy messages.

Also, don’t forget to ask yourself why you’d be texting yourself with a free gift – instead, treat yourself to the joy of outsmarting yet another cyber criminal.

Note to Self: Smishing Schemes Are on the R …

Hot Topics in Cybersecurity Posted by Jen Greco on Apr 4, 2022

Mayor Castor, State CIO Grant Join Public Officials, FBI and US Secret Service Agents to Educate Local Leaders on Current Trends

Data Connectors, representing the largest cybersecurity community in North America, confirmed details of the Tampa Cybersecurity Conference on March 15. This first-of-its-kind gathering brings together federal, state, and local organizations with top private-sector executives from area businesses and public-sector leaders of regional municipalities.

The agenda includes Tampa Mayor Jane Castor, Florida State Chief Information Officer Jamie Grant, senior officials from the Tampa Field Offices of the United States Secret Service and the Federal Bureau of Investigation (FBI), the Florida Attorney General’s Office, alongside Chief Information Security Officers (CISOs) and other cybersecurity leaders from over 200 area businesses.

“The City of Tampa’s unique role as home to MacDill Air Force Base and Central Command means that we are very cognizant of the need to protect our critical infrastructure against attacks. We continue to work closely with the Department of Homeland Security, other government agencies and peers to participate in a whole-of-community approach to build and sustain security prevention and protection capabilities. The new reality is that both government and private networks are being attacked daily. That means we all have to be diligent and adapt to technology and education. Our cyber security safeguards are ongoing, with each employee having a role to play in protecting our cyber infrastructure,” Castor said.

The Conference features live expert panel discussions, networking opportunities, and informative presentations from leading cybersecurity solution providers. Honored guests on the agenda include:

• Jane Castor: Mayor for the City of Tampa
• Jamie Grant: Florida’s State Chief Information Officer (CIO)
• Sanjay Virmani: Acting Special Agent in Charge, FBI Tampa Field Office
• Richard Dean: Asst. Special Agent in Charge, US Secret Service – Tampa Field Office
• Jeremy Rodgers: CISO, State of Florida
• Ramin Kouzehkanani: Chief Information & Innovation Officer, Hillsborough County
• Martin Zinaich: CISO, City of Tampa
• Jason Manar: CISO, Kasteya

US Secret Service and FBI representatives will participate in panel discussions, and touch on the importance of public-private partnership to overcome the threats faced by businesses in the region. Keynotes include:

• Jason Menar, the Chief Information Security Officer for Kaseya, who has the unique experience of having investigated the company’s 2021 data breach as an FBI agent, and
• Florida State CIO Jamie Grant, who will talk about his organization’s progress building the Florida Digital Service.

The Conference will be held in downtown Tampa Marriott Water Street on Tuesday, March 15 with sessions starting at 9 a.m. Qualified professionals can obtain Continuing Professional Education (CPE) credits for participation.

Conference registration information can be found at: dataconnectors.com/tampa

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live Conferences, Web Briefings, and regular communications.

As Cybersecurity Threats Related to Russia- …

Press Releases Posted by Jen Greco on Mar 7, 2022

67% of first-year costs follow, as hospitals work to resurrect systems and operations. These expenses include making legal, technical, and regulatory amends, notifying and communicating with affected patients, and heightening data security following the incident. On top of these expenses, more money is lost as hospital business decreases as a result of waning customer trust, damage to their reputation, and system shutdowns during reparation. After hospitals find themselves on a steady path to recovery, small to medium medical organizations have spent 5% of their yearly revenue, which on average, totals to $2.5 million.

An additional layer of data security may be the answer to fears and ignite preventative action. Blockchain, defined as, “a distributed ledger for recording transactions and tracking assets”, can secure healthcare data and shield against breaches. Wearable and remote monitors, telehealth, gamification, and health data NFTs are a few blockchain tools that can make a world of difference.

Wearable and remote devices include narcolepsy, blood pressure, seizure, pulse, sleep apnea, and diabetic monitors among others. These devices can be connected to databases that retain each individual’s recorded information. Healthcare personnel can retrieve patient data as it’s being recorded, patients can have more personalized care, and paramedics can better treat patients according to recent data when they arrive. With better security, less errors in data reporting, and longer-lasting technologies, these devices offer many benefits that can aid both data safety and the productiveness of patient-professional relationships.

Telehealth on its own poses notable risks, as few fully-fleshed out regulations and protocols regarding the storage and distribution of data exist and personal information can be shared with marketers and other parties without consent. By implementing blockchain, telehealth security heightens and becomes more dependable. Blockchain can infuse secure storage systems for medical records and compile data to give medical professionals a more comprehensive account of patient history.  By augmenting customer trust in the system and providing more efficient forms of data exchange, adding blockchain components to telehealth could be another guard against data breaches.

Gamification and health data NFTs go hand-in-hand. With gamification, patients are more focused through strategies that facilitate orientation toward their health-related objectives and openness to adopting new skills and habits. Those who attend doctor’s appointments, complete surveys, take prescriptions, and abide by doctor’s orders are rewarded with cryptocurrency tokens. Medical professionals, in turn, minimize losses as a result of improved, motivated outcomes. 

NFTs for health data describes the utilization of non-fungible tokens to protect an individual’s health record, guarding against theft and fraud. Patients benefit from increased control over their data, the possibility of gaining a profit from sharing select data with third parties, and being able to verify the legitimacy of personal information. 

Blockchain is being adopted into systems by both long-standing and up-and-coming healthcare companies, as they improve services and transactions and guard against the toll that data breaches can take on any organization. Learn more about blockchain and health to see how it can secure your service and operations too.

INFOGRAPHIC: A Line of Defense for Healthcare

Infographics Posted by Jen Greco on Mar 2, 2022

In a summer that’s been somewhere in between pandemic panic and the return to real life, there have still plenty of reasons to celebrate. In the Data Connectors Cybersecurity Community, we’re excited to see so many of our members making big moves and advancing their careers over the last few months.

OUR SPEAKERS AND THOUGHT-LEADERS

We’re excited to see Lester Godsey, CISO for Maricopa County, Arizona, has been appointed the Interim Program Chair for the Arizona Chapter of InfraGard. Lester has been featured previously as a keynote speaker and CISO panelist at several Virtual Cybersecurity Summits. 

One of our featured CISOs Krista Arndt is now the Director of Security Risk & Compliance for Voyager. Krista is an active member of FS-ISAC, ISACA, and Infraguard and mentors other women interested in building a career in cybersecurity. When off the clock, Krista takes her affinity for overcoming challenges to the race track, where she competes in a national drag racing series and uses her racing as a forum to advocate for autism awareness.

Cyber expert Jeff Horne announced his new position as Head of Security at Skydio. Jeff is well known for his insight in interviews for numerous news channels and publications, speaking roles at various security conferences, as well as authoring several vulnerability disclosures and patents.

CISO RoundTable regular Hadas Cassorla has been named the CISO at M1 Finance. She has built corporate security offices from ground-up and help develop them into departments of Security as a Service. When not managing security, Hadas works as an improvisational actor and corporate trainer, teaching companies how to get to “yes” and stay on course in a fast-changing world where the unexpected happens every day.

Previous keynote speaker and CISO panelist Naomi Buckwalter announced the launch of her non-profit organization, the Cybersecurity Gatebreakers Foundation. She has over 20 years’ experience in IT and Security, and has held roles in Software Engineering, Security Architecture, Security Engineering, and Security Leadership. As a cybersecurity career adviser and mentor for people around the world, her passion is helping people get into cybersecurity.

Community member and featured speaker Eric Yancy is now the Information Security Officer for the City of Denton, Texas. Eric retains multiple information security credentials including Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified Cloud Security Knowledge (CCSK), Certified Information Systems Auditor (CISA) and two National Security Agency certifications on Information Security Assessments.

Recently featured on a CISO RoundTable, Randall Frietzsche started his new position as Head Program Tutor – Cybersecurity: Managing Risk in the Information Age at Harvard University. Fritz is very involved in the Information Security industry, as a speaker, blogger and mentor. Fritz is a Distinguished Fellow with the Information Systems Security Association (ISSA) and was the President of the Louisville, KY ISSA chapter for 8 years.

Featured expert Trey Guinn was promoted to the role of Field Technologist for the Office of the CTO at Cloudflare, one of our Community Partners. His key areas of focus are network security, identity management, and modern cloud computing architectures such as Zero Trust and SASE. Trey has worked in network architecture roles for over 20 years across a range of industries from multinationals to one room startups in the United States, New Zealand, and the Netherlands.

Recent CISO RoundTable panelist Douglas Brush has stepped into an additional role as a cybersecurity tutor at Harvard University. Douglas is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cyber security, incident response, digital forensics, and information governance. His full-time job is that of Global Advisory CISO for Splunk.

OTHER MOVES IN OUR COMMUNITY

• Jason Alexander has expanded his role at VCU Health to include both the VP and CISO titles.
• Mike Phillips is now the Chief Information Officer and Deputy Director for Air, Space and Cyberspace Operations for the United States Air Force.
• Gram Ludlow is now the CISO for Marriott Vacations Worldwide.
• Arthur Braunstein is now the Chief Revenue Officer at Great Horn.

LIFE UPDATES

Extra congratulations to former FBI Agent and Community Thought Leader Michael F.D. Anaya and his wife welcomed their third child earlier this summer. Michael has been speaking, writing and sharing his knowledge on cybersecurity across a variety of media.

Have you recently changed jobs or gotten a promotion – or, have you added a new executive to your team? We’d love to share it. Email marketing@dataconnectors.net and use the subject line “On the Move” to be included in our next edition of this post.

Cybersecurity Pros On the Move: Summer 2021

Hot Topics in Cybersecurity Posted by Jen Greco on Aug 11, 2021