CS Jan-Feb 2024

More documents

Recommendations

Info

artificial intelligence Gareth Lockwood, Censornet: intelligent automation and integration are the keys to regaining control. David Mahdi, Transmit Security: the sheer scale and velocity of attacks will require organisations to start employing a holistic AI-based approach. prescriptive maintenance, customer experience or organisational insights, to name a few". From a people perspective, organisations will need a well-skilled workforce that adapts to new/different job roles and constant upskilling, she adds. "Processes will be automated where possible with use of AI, However, this will need to be balanced with the human touch, as well as privacy and ethical uses of data. Technology will evolve rapidly, requiring constant upskilling across the organisation. There will be an increased demand for security skills to keep data safe and specialist resources to ensure compliance as the regulatory environment changes. New roles will be created around AI and data specialist, for example, and the demand for the right skills will outstrip the market. It will be vital for organisations to put a learning and development programme in place to upskill/reskill the workforce and instil critical-thinking skills across all areas of the organisation and at all levels." Meanwhile, the regulatory environment for AI is evolving worldwide and will continue to do so as the global market adopts the technology. "Regulation is good and will provide the guardrails needed for organisations to innovate and create public trust by holding industries to account for being ethical, unbiased, and fair, whilst honouring data protection and privacy obligations," states Moody. DATA BIAS Among the potential threats of AI usage is data bias, points out John Farley, managing director, Cyber Practice, Gallagher, in which inaccurate or incomplete information in AI systems can lead organisations to make unfair or discriminatory assumptions. "Another risk is the potential for malicious actors to launch misinformation campaigns through AI tools. Organisations should also pay attention to privacy liability risks - laws related to collecting, storing and sharing personally identifiable information could apply to AI usage. "In addition, if intellectual property becomes part of AI learning models and ultimately their generated outputs, organisations may expose themselves to copyright, trademark and patent infringement litigation. And although regulation of AI usage is in its early stages, expect increased regulatory scrutiny from a variety of global regimes. Compliance requirements may extend to those contributing to AI development and to those using it to provide goods and services." Given these risks, he advises, any organisation embracing generative AI tools should consider implementing a formal risk management plan for AI usage. "Coordination is essential across a variety of organisational stakeholder groups, such as legal, compliance, human resources, IT and communications. When conducting a risk assessment, an organisation should create an inventory of its existing AI tools and systems, and determine whether they have dependencies that may heighten risk. An organisation should be aware of the exact data its AI tools can use and whether their usage could lead to potentially harmful outcomes. A risk assessment should also address an organisation's governance programmes toward AI usage, including documented policies and procedures. In addition, organisations should be familiar with contractual liability risks, if agreements with third parties provide AI system usage." And of course, adds Gallagher, "an organisation's risk management framework for AI should address the emerging regulatory landscape and corresponding compliance requirements". For more insights and views on AI, see page 31. 20 computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk
zero trust NO COMPROMISE ON TRUST MACMON SECURE IS ADAMANT THAT NO DEVICE, NOR USER, SHOULD BE TRUSTED UNTIL SECURE AUTHENTICATION HAS TAKEN PLACE External network access to company resources is the new normal these days, says macmon secure. "Devices access cloud services, email applications and other potentially confidential company resources from anywhere and at any time. Separating cybersecurity efforts by technology is no longer a sustainable approach. Companies need to develop new integrated strategies that combine IT, OT and IoT security efforts and maximise the use of all the company's cybersecurity resources. Developing a comprehensive security strategy that addresses the current and emerging risks of digitalisation has never been more urgent." ZERO TRUST NETWORK ACCESS (ZTNA) - SECURITY CONCEPT FOR IT AND OT NETWORKS "The Zero Trust Network approach puts a stop to the damage of the growing number of cyberattacks and is based on the philosophy that neither a device nor a user should be trusted until secure authentication has taken place," the company adds. "The focus of ZTNA is on resources - and not on traditional perimeter security at the interface between a private or corporate network and a public network such as the internet. The 'new workers', or external service providers, access tools and company data from anywhere, using devices and apps. With ZTNA, it is possible to guarantee data security in the long term and meet modern network security requirements." OVERVIEW & CONTROL IMPROVE SECURITY ZTNA offers several advantages for companies that want to improve their network security. "ZTNA provides greater flexibility and scalability for organisations that need to adapt to changing business requirements and digital transformation. The concept of ZTNA is based on restriction and monitoring: Network Access Control (NAC) solutions only allow defined devices access to the network, regardless of whether they are iPads, laptops, medical or technical devices. IT administrators always know which devices are logged into the local network and can permanently identify and monitor them thanks to the complete network overview. Any device that has no business in the network is denied access from the outset. "With the increasing networking of production systems, which in some cases extends into the office world, the complexity and vulnerability of networks is increasing. With ZTNA, unauthorized use of systems in administration and production is therefore virtually impossible." A leading NAC solution should fulfil two requirements, states macmon secure: a complete overview of which devices are in the IT and OT network, and where they are located. "The type of device, such as clients, printers, production systems, ATMs, medical or technical devices, should not matter. This means that only authorised resources can be operated in the network. An efficient solution should also offer a simple deployment and maintenance, support of the industry standard 802.1X and seamless integration with a wide range of third-party security solutions. This significantly increases IT and OT network security." Comments Christian Bücker, pictured left, Global Product Line Software, macmon secure: "Our solution is regularly rated very positively in tests and has received several awards from international trade journals. Our clients come from public sector, healthcare, financial services, science, research, telecommunications, trade, industry, transport or logistics. The acquisition by Belden in 2022 puts us in a truly unique position, as we combine IT expertise with OT experience on many levels. We are part of Belden's Industrial Automation Solution, a global organisation headquartered in the Stuttgart region that includes leading network and connectivity brands." www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security 21
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news Bernard Montell. HORNETSECURIT
Page 8 and 9: news Sukru Ilker Birakoglu. SUPPORT
Page 10 and 11: 2024 predictions THROUGH THE ‘LUR
Page 12 and 13: 2024 predictions Aaron Kiemele, Jam
Page 14 and 15: training SAFEGUARDING HR IN THE AGE
Page 16 and 17: cybersecurity THE TOP-LEVEL FIBRE B
Page 18 and 19: artificial intelligence AI - WHERE
Page 22 and 23: phishing PHISHING FOR THE ANSWERS D
Page 24 and 25: ansomware WE SHALL NOT BE MOVED! SE
Page 26 and 27: ansomware Raja Patel - Sophos: cybe
Page 28 and 29: attack… attack POINT OF IMPACT IN
Page 30 and 31: attack… attack Amit Sinha, DigiCe
Page 32 and 33: cybercrime STAYING ABOVE THE WATER
Page 34 and 35: cybercrime crisis is behind us, the
Page 36: Computing Security Secure systems,

CS Jan-Feb 2024

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?