WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

Focus More on Initial Root Causes of Cybersecurity Attacks

If you want to stop someone from breaking into your house, over and over, you need to focus more on how thieves break into houses (e.g., doors, windows, walls, roofs, garage, etc.) and less on what they do once they are in. Because if you do not focus on the entry points, what they take will just change over time.

In cybersecurity, there are 13 root (initial access) hacking causes. They are:

• Social Engineering
• Programming Bug (patch available or not available)
• Authentication Attack
• Malicious Instructions/Scripting
• Data Malformation
• Human Error/Misconfiguration
• Eavesdropping/MitM
• Side Channel/Information Leak
• Brute Force/Computational
• Network Traffic Malformation
• Insider Attack
• Third Party Reliance Issue (supply chain/vendor/partner/etc.)
• Physical Attack

Every hacking and malware attack I have seen over my 35-plus years in the cybersecurity industry falls into one of these categories. Different organizations have different categories and descriptions, but I have spent over 20 years seriously analyzing hacking root causes and know I have the best list.

But take any root initial access hacking classification list and use and analyze it to assess risk and risk mitigations. A lot of people focus too much on hacking outcomes, such as ransomware, credential theft or exfiltrated confidential information.

Outcomes do matter, especially for the damage and cost assessment portion of risk management, but if you want to stop cybercrime and lower risk overall, focus more on initial root causes.

It can be hard, especially if you are not in the cybersecurity field to tell the difference between initial root causes and outcomes of initial root causes. More organizations and reports in the cybersecurity industry get it wrong.

Many, for example, mix up phishing as a root cause as compared to ransomware or computer malware. Those last two things are a result of an initial root cause, not an initial root cause, as phishing is.

[CONTINUED] at the KnowBe4 blog with links:
https://blog.knowbe4.com/seven-critical-adjustments-needed-improve-cybersecurity-advice

Joint Guidance on Deploying AI Systems Securely

04/15/2024 08:00 AM EDT

Today, the National Security Agency’s Artificial Intelligence Security Center (NSA AISC) published the joint Cybersecurity Information Sheet Deploying AI Systems Securely in collaboration with CISA, the Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC-UK).

The guidance provides best practices for deploying and operating externally developed artificial intelligence (AI) systems and aims to:

• Improve the confidentiality, integrity, and availability of AI systems.
• Ensure there are appropriate mitigations for known vulnerabilities in AI systems.
• Provide methodologies and controls to protect, detect, and respond to malicious activity against AI systems and related data and services.

CISA encourages organizations deploying and operating externally developed AI systems to review and apply this guidance as applicable. CISA also encourages organizations to review previously published joint guidance on securing AI systems: Guidelines for secure AI system development and Engaging with Artificial Intelligence. For more CISA information and guidance on securing AI systems, see cisa.gov/ai.