[08-17-23] Join us tomorrow for “Hacking Conferences” (copy 01)

Join us tomorrow for “Hacking Conferences”

August 18, 2023

CISO Series

Super Cyber Fridays!

Join us TOMORROW, Friday [08-18-23] for “Hacking Conferences”

Hacking Conferences

Please join us on Friday, August 18, 2023 for Super Cyber Friday.Our topic of discussion will be “Hacking Conferences: An hour of critical thinking about shaking up the old format of in-person events.”We’re going to focus on smaller conferences with this discussion, not huge expos like Black Hat and RSA.Joining me for this discussion will be:

  • Gianna Whitver, co-founder and CEO, Cybersecurity Marketing Society

  • Tom Hollingsworth, organizer, Tech Field Day

Defense in Depth

Security Concerns with ChatGPT

Security Concerns with ChatGPT

Users have tried to upload sensitive company information and PII, personally identifiable information, into ChatGPT. Those who are successful getting the data in, have now made that data free to all. Will people's misuse of these generative AI programs be our greatest downfall to security and privacy?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us is our special guest Suha Can, CISO, Grammarly.

Right now there is a dearth of experience and tooling around ChatGPT.In some ways, ChatGPT falls victim to the most common security failure, people. "Poor human judgment is the problem. Nothing’s changed,” said Theo Nassiokas of Let's Go Cyber. What makes ChatGPT remarkable is its wide breadth as an application, everyone wants to use it. "Breaches aren’t just happening in enterprises. There is no gatekeeper stopping consumers using it,” said author Rachael Greaves of Castlepoint Systems"

ChatGPT offers the lure of increased productivity.Like PDF converters and other online tools in the past, employees are always looking for ways to increase productivity. When someone is breathing down your neck, security considerations often go out the window. "With the pressure of short deadlines and fast performance it's easy to see why those not as security conscious are opting for these solutions. Its very difficult to mitigate even with training," said Louis Thomas of ADP

These new technologies are just tools.Misusing a tool to knowingly upload sensitive data is a classic insider threat issue, not a problem with the tool, to paraphrase Nicholas S. of PCG Cyber. Rather than locking down employees from using these tools, provide a space for safe experimentation. “Encourage learning with an envelope of acceptable use. It doesn't need to be perfect. Set out guardrails until you have a policy," said Matthew Newman of TechInnocens.

Start integrating ChatGPT into your risk framework."The only way to secure information is to not release it. When anyone else knows, risk is there," said Matthew Smith of Lumify Group. ChatGPT doesn’t put data at any more risk, but users lack the context and experience to know its implications. Ultimately as large language model tools become more common in the enterprise, many organizations will shift away from free tools to ones better tailored for their security posture. 

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Opal

Opal

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy Group.

Thanks to this week's headlines sponsor, Veza

Veza

Sponsored Content!

Understanding Your SaaS Responsibilities

Understanding Your SaaS Responsibilities

Even though going to the cloud isn’t new, organizations often don’t know their responsibilities across various services. It doesn’t help that this changes based on what service they’re using, whether IaaS, PaaS, or SaaS.

David Cross, CISO, Oracle SaaS Cloud, broke down the responsibilities organizations still hold when using a SaaS solution. Organizations still need to manage identity when using SaaS, looking at logs and implementing secure ways of accessing SaaS apps. Data inside apps also falls within an organization’s purview. The first step to making sure you’re meeting your responsibilities is talking to your SaaS provider, and possibly looking to partner with an MSP.

Cyber chatter from around the web...

Jump in on these conversations 

"Need to spend 500K by end of week…" (

)

"Should developers/software engineers have local admin to their work laptops (particularly if working in a regulated industry)?" (

)

"CISO describes encryption as 'overrated' on LinkedIn" (

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

  • [08-18-23] Hacking Conferences

and register for them all now!

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.