|
|
|
|
|
Security Leaders Wrestle with Spending Cuts, AI Questions
|
|
|
|
|
|
Hello. Cybersecurity leaders are having to do their share of belt tightening, as companies deal with revenue dips, inflation and continuing economic uncertainty. That's tough for a department unaccustomed to hearing "no."
As Fedex's global CISO, Gene Sun, put it at the WSJ Pro Cybersecurity Forum on Wednesday: "The company’s revenue is pretty flat. The cybersecurity budget has to come in line with that as well."
Sun and Gatha Sadhir, global CISO at cruise company Carnival, offered smart tactics to curb cyber spending. Read our story.
Also at the forum, talk of AI abounded—where it works, where it doesn't and how to know. Rob Duhart, deputy CISO of Walmart, gave us a glimpse of how his cybersecurity group uses home-grown AI tools and his views on generative AI bots like OpenAI's ChatGPT. Reporter James Rundle has the details here.
Scroll down for insights on using AI to counter the scarcity of cyber talent from Kathy Hughes, CISO of hospital operator Northwell Health, and David Reber, security chief at trillion-dollar AI tech company Nvidia.
And more news below.
|
|
|
|
CONTENT FROM OUR SPONSOR: Netscout |
|
100% Increase in DDoS Attacks Against India
DDoS attacks have nearly doubled in India since the beginning of 2023 and have been fueled by hacker groups Anonymous Sudan and Killnet. These attacks have largely targeted airports, among other key industries throughout the nation.
Read More
|
|
|
|
|
|
|
AI and the Cyber Talent Gap
|
|
With a global shortage of skilled cybersecurity workers, companies need to make the most out of their security teams and replace some repetitive functions with AI tools, chief information security officers said during a panel at the WSJ Pro Cybersecurity Forum on Wednesday.
Hospital operator Northwell Health looks for AI tools that can supplement what employees do, and in some cases reassign employees to more urgent tasks, said CISO Kathy Hughes.
|
|
|
PHOTO: THE WALL STREET JOURNAL
|
|
|
Over time, AI will replace entry-level cybersecurity roles, such as level-one analysts in security operations centers, Hughes said. “It’s going to become more of a juggling game to make sure you have the right people in the right place at the right time,” she said.
|
|
|
“Using AI to do that I think is really going to help us achieve that goal,” she said.
OpenAI’s generative AI chatbot ChatGPT is already useful in testing companies’ defenses and simulating certain kinds of cyberattacks, since hackers also use the tool to write phishing lures, said David Reber, chief security officer and head of product security at graphics-chip maker Nvidia.
AI tools will continue to get better at combing network activity to pick out cyber threats and identify which corporate systems could be affected, he said. Employees, though, are still better at making decisions once an AI tool flags an anomaly, he said.
|
|
|
PHOTO: THE WALL STREET JOURNAL
|
|
|
“Where it’s in a questionable area or you don't have all the facts to make the decision, that’s where we see the human can make the decision quicker or more effectively,” he said.
|
|
|
Generative AI tools, which took off only in the last several months, need careful testing because it isn’t always clear what kind of data they were trained on or how, exactly, they come to conclusions, he said.
Northwell’s Hughes agreed. “There is currently, and will be for quite some time, always a human that's going to be required to parse through data, look at data and make decisions,” she said.
– Catherine Stupp
|
|
|
|
PHOTO: OCTAVIO JONES/GETTY IMAGES
|
|
|
Hack at Florida elections office: An intrusion into the network of the Hillsborough County Supervisor of Elections Office exposed data about 58,000 voters, the office said Wednesday. The hacker copied a voter-registration list and didn't access the registration system itself or the county's ballot tabulation system. (Tampa Bay Times)
|
|
|
Cyber espionage group targets Southeast Asia, Europe. A hacking group with ties to Asia has targeted government agencies and educational institutions in a bid to gather sensitive documents, according to Singapore-based cybersecurity company Group-IB. Hallmarks of the group, called Dark Pink, have been spotted at government bodies in Brunei and Indonesia and an academic facility in Belgium, among other locations. (Bloomberg)
|
|
|
78%
|
Gross margin on CrowdStrike's cybersecurity-services subscriptions in its latest quarter, reported on Wednesday.
|
|
|
|
|
|
PHOTO: JOHN G MABANGLO/SHUTTERSTOCK
|
|
|
Meta asks federal court to block FTC in a privacy proceeding the agency launched May 3. The FTC accused Meta of violating a $5 billion privacy settlement from 2019 and sought to add new prohibitions, such as a ban on the company profiting off data it collects about young users. Meta argued in its motion the agency can’t unilaterally change the original settlement. (WSJ)
|
|
|
Amazon settles complaints over Ring surveillance, use of children’s voice recordings. The company agreed Wednesday to pay $30.8 million to settle claims that it improperly retained children’s Alexa voice recordings and allowed employees of its Ring video doorbell unit to surveil customers.
-
One Ring employee viewed thousands of video recordings of female users of security cameras that surveilled bedrooms and other intimate spaces in their homes, the Federal Trade Commission said in a complaint. Amazon agreed to pay $5.8 million to settle the Ring complaint, the FTC said.
-
Separately, Amazon agreed to pay a $25 million penalty for keeping children’s voice and geolocation data for years in violation of the federal Children’s Online Privacy Protection Act, known as COPPA, the FTC said. (WSJ)
|
|
|
|
|
|
|
|