View this email in your browser

CISO Series Podcast
Who Owns AI Risk? NOT IT!

As an emerging technology, there are a lot of questions about who owns the risk inherent with new AI and LLM-based tools. But even though this technology offers exciting new possibilities, haven’t we dealt with this issue before? Whether it’s the cloud or mobile devices, why are we relitigating this conversation with AI?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Our sponsored guest is Jason Clark, chief strategy officer, Cyera.

Does AI require new security measures? 

Who owns the risk in emerging AI systems remains a critical issue. According to Stanford's AI Index Report, 89 percent of respondents believe developers of foundational models are responsible for mitigating associated risks. With that expectation, how do organizations prepare for inevitable AI expansions? We’re seeing success with adapting traditional cybersecurity practices into AI, so it’s important to integrate AI into regular business operations rather than viewing it as a distinct entity requiring separate resources. AI risk ownership should follow a shared responsibility model similar to cloud services. While AI security roles might be beneficial in the short term, they should eventually be integrated into broader security strategies.

Meeting the new SEC requirements

There’s a lot of ambiguity surrounding the SEC's new cybersecurity incident reporting requirements, which mandate reporting "material" incidents. The term "material" has created widespread confusion due to its vague definition, leading companies to overreport incidents and overwhelm the SEC, noted Robert Lemos at Dark Reading. The issue stems from the SEC's broad language. Materiality requirements in other industries, like finance, are much more well-defined. Companies need defined processes and legal involvement to determine materiality for themselves. Despite the turbulent initial phase, this regulatory push is ultimately beneficial for transparency and industry standards.

Empowerment through data security

Data security should go beyond preventing unauthorized access to include empowering employees with controlled data access. Organizations can lean too much on Data Loss Prevention (DLP) solutions without understanding data's location and importance, rather than developing a more mature and integrated data security program. Empowering data security requires discovering, classifying, governing, and protecting data throughout its lifecycle. AI is revolutionizing data security by making it possible to identify and classify data accurately and efficiently, turning what was once an impossible problem into a manageable task. This advancement allows companies to better protect their data and also opens up new opportunities for business innovation and cost savings. 

Upskilling with Gen AI?

We’ve been hearing about the cybersecurity skills gap for years. Does Gen AI offer a bridge for entry-level SOC analysts, suggested Maria Korolov in CSO Online. While there is no shortage of enthusiasm for Gen AI, its practical integration into daily workflows remains a challenge. Current tech could allow for quick summarization of large data sets, or handling repetitive tasks where humans often become inefficient. Organizations should look at how AI can significantly enhance the efficiency of SOC analysts and streamline compliance-related tasks.

Listen to the full episode over on our blog or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to BadThingsDaily on X for providing our “What’s Worse” scenario.

Listen to the episode.

Thanks to our podcast sponsor, Cyera

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Securing Identities in the Cloud…

"We’ve seen a number of high profile incidents and on the rise recently where people just take credentials online or they guess credentials, and they just spray them across that attack surface and login. So, actually having an understanding of what the health and the hygiene of those identities look like as well is important from a visibility perspective." - Adam Bateman, CEO, Push Security

Listen to full episode of "Securing Identities in the Cloud."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Programming Note!
Happy 4th of July!

Just a quick programming note! In observance of Independence Day there will be no Super Cyber Friday or Week In Review shows this week! Also, there will be no Cyber Security Headlines show on Thursday, July 4th, but we will have return with a daily morning edition of Cyber Security Headlines on Friday, July 5th.

Thanks to our Cyber Security Headlines sponsor, Demoed

Super Cyber Fridays!
Join us, Friday [07-12-24], for "Hacking the Materiality of a Data Breach"

Join us Friday, July 12, 2024, for “Hacking the Materiality of a Data Breach: An hour of critical thinking about when a breach is material or not.”

It all begins at 1 PM ET/10 AM PT on Friday, July 12, 2024 with guests Jason Clark, Chief Strategy Officer, Cyera and a special guest (that means we’re still in booking mode). We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Cyera

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.