Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

Steps forward

 

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

By Byron V. Acohido

Achieving “digital trust” is not going terribly well globally.

Related: How decentralized IoT boosts decarbonization

Yet, more so than ever, infusing trustworthiness into modern-day digital services has become mission critical for most businesses. Now comes survey findings that could perhaps help to move things in the right direction.

According to DigiCert’s 2024 State of Digital Trust Survey results, released today, companies proactively pursuing digital trust are seeing boosts in revenue, innovation and productivity. Conversely, organizations lagging may be flirting with disaster.

“The gap between the leaders and the laggards is growing,” says Brian Trzupek, DigiCert’s senior vice president of product. “If you factor in where we are in the world today with things like IoT, quantum computing and generative AI, we could be heading for a huge trust crisis.”

DigiCert polled some 300 IT, cybersecurity and DevOps professionals across North America, Europe and APAC. I sat down with Trzupek and Mike Nelson, DigiCert’s Global Vice President of Digital Trust, to discuss the wider implications of the survey findings. My takeaways:

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

By Zac Amos

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions.

Related: The security case for AR, VR

AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms. This helps them improve their performance over time by gaining data from interactions.

In 2022, 88% of users relied on chatbots when interacting with businesses. These tools saved 2.5 billion work hours in 2023 and helped raise customer satisfaction to 69% for $0.50 to $0.70 per interaction. Forty-eight percent of consumers favor their efficiency prioritization.

News alert: Kiteworks named as a founding member of NIST’s new AI safety consortium – ‘AISIC’

San Mateo, Calif., Feb. 13, 2023 – The U.S. White House announced groundbreaking collaboration between OpenPolicy and leading innovation companies, including Kiteworks, which delivers data privacy and compliance for sensitive content communications through its Private Content Network.

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Artificial Intelligence Safety Institute Consortium (AISIC) will act as a collaborative platform where both public sector and private sector leading organizations will provide guidance on standards and methods in the development of trustworthy AI.

The Kiteworks platform provides customers with a Private Content Network that enables them to employ zero-trust policy management in the governance and protection of sensitive content communications, including the ingestion of sensitive content into generative AI (GenAI).

Kiteworks unifies, tracks, controls, and secures sensitive content moving within, into, and out of organizations. With Kiteworks, organizations can significantly improve risk management and ensure regulatory compliance on all sensitive content communications.

News alert: Aembit, Crowdstrike partner to help companies tighten security of IAM workload access

Silver Spring, Maryland, Jan. 30, 2024 — Aembit, the Workload Identity and Access Management (IAM) platform that enables DevOps and security teams to discover, manage, enforce and audit access between workloads, today announced the availability of a new integration with the industry-leading CrowdStrike Falcon® platform to give enterprises the ability to dynamically manage and enforce conditional access policies based on the real-time security posture of their applications and services. This integration signifies a significant leap in Aembit’s mission to empower organizations to apply Zero Trust principles to make workload-to-workload access more secure and manageable.

Workload IAM transforms enterprise security by securing workload-to-workload access through policy-driven, identity-based, and secretless access controls, moving away from the legacy unmanaged, secrets-based approach.

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

By Byron V. Acohido

Notable progress was made in 2023 in the quest to elevate Digital Trust.

Related: Why IoT standards matter

Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be.

We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving. This is because the hyper interconnected, highly interoperable buildings, transportation systems and utilities of the near future must necessarily spew forth trillions of new digital connections.

And each new digital connection must be trustworthy. Therein lies the monumental challenge of achieving the level of  Digital Trust needed to carry us forward. And at this moment, wild cards – especially generative AI and quantum computing — are adding to the complexity of that challenge.

I had the opportunity to sit down with DigiCert’s Jason Sabin, Chief Technology Officer and Avesta Hojjati, Vice President of Engineering to chew this over. We met at DigiCert Trust Summit 2023.

We drilled down on a few significant developments expected to play out in 2024 and beyond. Here are my takeaways:

DEEP TECH NEWS: Sophos X-Ops advances threat intelligence sharing to the next level

By Byron V. Acohido

Threat intelligence sharing has come a long way since Valentine’s Day 2015.

Related: How ‘Internet Access Brokers’ fuel ransomware

I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies.

Obama’s clarion call led to the passage of the Cybersecurity Information Sharing Act, the creation of Information Sharing and Analysis Organizations (ISAOs) and the jump-starting of several private-sector sharing consortiums.

Material progress in threat intel sharing, indeed, has been made. Yet, there remains much leeway for improvements. I had the chance to discuss this with Christopher Budd, director of Sophos X-Ops, the company’s cross-operational task force of security defenders.

Budd explained how Sophos X-Ops is designed to dismantle security silos internally, while also facilitating

Black Hat Fireside Chat: Why using ‘Clean Code’ is paramount in speedy software development

By Byron V. Acohido

Clean Code’ is a simple concept rooted in common sense. This software writing principle cropped up some 50 years ago and might seem quaint in today’s era of speedy software development.

Related: Setting IoT security standards

At Black Hat 2023, I had the chance to visit with Olivier Gaudin, founder and co-CEO, and Johannes Dahse, head of R&D, at SonarSource, a Geneva, Switzerland-based supplier of systems to achieve Clean Code. Olivier outlined the characteristics all coding should have and Dahse explained how healthy code can be fostered. For a drill down, please give the accompanying podcast a listen.

Responsibility for Clean Code, Olivier told me, needs to be placed with the developer, whether he or she is creating a new app or an update. Caring for source code when developing and deploying applications at