Sunday 1 September 2024

Cybersecurity Assistance

There are two areas that I am particularly interested in. They are artificial intelligence (AI) and mainframe security. And IBM has just announced a generative AI Cybersecurity Assistant.

Worryingly, we know that ransomware malware is now available for people to use to attack mainframe sites – that’s for people who may not have a lot of mainframe expertise. It’s totally de-skilled launching a ransomware attack on an organization. We also know from IBM’s Cost of a Data Breach Report 2024 that organizations using AI and automation lowered their average breach costs compared to those not using AI and automation by an average of US$1.8m. In addition, organizations extensively using security AI and automation identified and contained data breaches nearly 100 days faster on average than organizations that didn’t use these technologies at all.

The survey also found that among organizations that stated they used AI and automation extensively, about 27% used AI extensively in each of these categories: prevention, detection, investigation, and response. Roughly 40% used AI technologies at least somewhat.

So that makes IBM’s new product good news for most mainframe sites. Let’s take a more detailed look.

Built on IBM’s watsonx platform, this new GenAI Cybersecurity Assistant for threat detection and response services, enhances alert investigation for IBM Consulting analysts, accelerating threat identification and response. The new capabilities reduce investigation times by 48%, offering historical correlation analysis and an advanced conversational engine to streamline operations.

That means IBM’s managed Threat Detection and Response (TDR) Services utilized by IBM Consulting analysts now has the Cybersecurity Assistant module to accelerate and improve the identification, investigation, and response to critical security threats. The product “can reduce manual investigations and operational tasks for security analysts, empowering them to respond more proactively and precisely to critical threats, and helping to improve overall security posture for client”, according to Mark Hughes, Global Managing Partner of Cybersecurity Services, IBM Consulting.

IBM’s Threat Detection and Response Services is said to be able to automatically escalate or close up to 85% of alerts; and now, by bringing together existing AI and automation capabilities with the new generative AI technologies, IBM’s global security analysts can speed the investigation of the remaining alerts requiring action. As mentioned earlier, the best figure they are quoting for reducing alert investigation times using this new capability is 48% for one client.

Cybersecurity Assistant cross-correlates alerts and enhances insights from SIEM, network, Endpoint Detection and Response (EDR), vulnerability, and telemetry to provide a holistic and integrative threat management approach.

By analysing patterns of historical, client-specific threat activity, security analysts can better comprehend critical threats. Analysts will have access to a timeline view of attack sequences, helping them to better understand the issue and provide more context to investigations. The assistant can automatically recommend actions based on the historical patterns of analysed activity and pre-set confidence levels, which can reduce response times for clients and so reduce the amount of time that attackers are inside an organization’s network. By continuously learning from investigations, the Cybersecurity Assistant’s speed and accuracy is expected to improve over time.

The generative AI conversational engine in the Cybersecurity Assistant provides real-time insights and support on operational tasks to both clients and IBM security analysts. It can respond to requests, such as opening or summarizing tickets, as well as automatically triggering relevant actions, such as running queries, pulling logs, command explanations, or enriching threat intelligence. By explaining complex security events and commands, IBM’s Threat Detection and Response Service can help reduce noise and boost overall security operations centre (SOC) efficiency for clients.

Anything that can accelerate cyber threat investigations and remediation has got to be good, which this product does using historical correlation analysis (discussed above). Its other significant feature is its ability to streamline operational tasks, which it does using its conversational engine (also discussed above).

There really is an arms race between the bad actors and the rest of us. Anything that gives our side an advantage, no matter how briefly that might be for, has got to be good. Plus, it provides a stepping stone to the next advantage that some bright spark will give us. No-one wants their data all over the dark web, and few companies can afford the cost of fines for non-compliance as well as court costs and payments to people whose data is stolen.

Sunday 18 August 2024

The cost of a data breach 2024 – part 2

Last time, we looked at the highlights of IBM’s Cost of a Data Breach Report 2024. We saw that the average cost of a breach was US$4.88m, with the average cost of a malicious insider attack costing US$4.99m. Also, the average time to identify and contain a breach was 258 days, which is lower than previous years, but still a very long time.

This time, I wanted to drill down a bit further into the report. For example, it tells us that AI and automation are transforming the world of cybersecurity. Worryingly, they make it easier than ever for bad actors to create and launch attacks at scale. On the plus side, they also provide defenders with new tools for rapidly identifying threats and automating responses to those threats. The report found these technologies accelerated the work of identifying and containing breaches and reducing costs.

The report also found that the number of organizations that used security AI and automation extensively grew to 31% in this year’s study from 28% last year. Although it’s just a 3-percentage point difference, it represents a 10.7% increase in use. The share of those using AI and automation on a limited basis also grew from 33% to 36%, a 9.1% increase.

The report also found that the more organizations used AI and automation, the lower their average breach costs were. Organizations not using AI and automation had average costs of US$5.72m, while those making extensive use of AI and automation had average costs of US$3.84m, a savings of US$1.8m.

Another plus found by the report was that organizations extensively using security AI and automation identified and contained data breaches nearly 100 days faster on average than organizations that didn’t use these technologies at all.

Among organizations that stated they used AI and automation extensively, about 27% used AI extensively in each of these categories: prevention, detection, investigation, and response. Roughly 40% used AI technologies at least somewhat.

When AI and automation were used extensively in each of those four areas of security, it dramatically lowered average breach costs compared to organizations that didn’t use the technologies in those areas. For example, when organizations used AI and automation extensively for prevention, their average breach cost was US$3.76m. Meanwhile, organizations that didn’t use these tools in prevention saw US$5.98m in costs, a 45.6% difference. Extensive use of AI and automation reduced the average time to investigate data breaches by 33%m and to contain them by 43%.

 

Even after a breach is contained, the work of recovery goes on. For the purposes of the report, recovery meant: business operations are back to normal in areas affected by the breach; organizations have met compliance obligations, such as paying fines; customer confidence and employee trust have been restored; and organizations have put controls, technologies and expertise in place to avoid future data breaches. Only 12% of organizations surveyed said they had fully recovered from their data breaches. Most organizations said they were still working on them.

Among the organizations that had fully recovered, more than three-quarters said they took longer than 100 days. Recovery is a protracted process. Roughly one-third of organizations that had fully recovered said they required more than 150 days to do so. A small share, 3%, of fully recovered organizations were able to do so in less than 50 days.

 

This year’s report found most organizations reported their breaches to regulators or other government agencies. About a third also paid fines. As a result, reporting and paying fines have become common parts of post-breach responses. Most organizations reported the breach within a few days. Over half of organizations reported their data breach in under 72 hours, while 34% took more than 72 hours to report. Just 11% were not required to report the breach at all. More organizations paid higher regulatory fines, with those paying more than US$50,000, rising by 22.7% over last year, and those paying more than US$100,000, rising by 19.5%.

 

About 40% of all breaches involved data distributed across multiple environments, such as public clouds, private clouds, and on premises. Fewer breaches in the study involved data stored solely in a public cloud, private cloud, or on premises. With data becoming more dynamic and active across environments, it’s harder to discover, classify, track, and also secure.

Data breaches solely involving public clouds were the most expensive type of data breach, costing US$5.17m, on average, a 13.1% increase from last year. Breaches involving multiple environments were more common but slightly less expensive than public cloud breaches. On-premises breaches were the least costly.

The more centralized control organizations had over their data, the quicker on average they could identify and contain a breach. Breaches involving data stored solely on premises took an average of 224 days to identify and contain, 23.3% less time than data distributed across environments, which took 283 days. The same pattern of local control and shortened breach life-cycles showed up in the comparison between private cloud architectures and public cloud architectures.

The average cost of a data breach involving shadow data was US$5.27m, 16.2% higher than the average cost without shadow data. Breaches involving shadow data took 26.2% longer on average to identify and 20.2% longer on average to contain than those that didn’t. These increases resulted in data breaches lasting an average lifecycle of 291 days, 24.7% longer than data breaches without shadow data.

While shadow data was found in every type of environment – public and private clouds, on premises and across multiple environments – 25% of breaches involving shadow data were solely on premises. That finding means shadow data isn’t strictly a problem related to cloud storage.

Mega breaches, characterized by more than 1 million compromised records, are relatively rare. The average cost of all mega breach size categories was higher this year than last. The jump was most pronounced for the largest breaches, affecting between 50 million and 60 million records. The average cost increased by 13%, and these breaches were many times more expensive than a typical breach. For even the smallest mega breach – 1 million to 10 million records – the average cost was nearly nine times the global average cost of US$4.88m.

 

Key factors that reduced costs of a data breach included employee training and the use of AI and machine learning insights. Employee training continues to be an essential element in cyber-defence strategies, specifically for detecting and stopping phishing attacks. AI and machine learning insights closely followed in second place.

The top three factors that increased breach costs in this analysis were security system complexity, security skills shortage, and third-party breaches, which can include supply chain breaches.

 

70% of organizations in the study experienced a significant or very significant disruption to business resulting from a breach. Only 1% described their level of disruption as low. The average breach costs were higher when business disruption was greater. Even organizations that reported low levels of disruption incurred average data breach costs of US$4.63m. For organizations that reported very significant disruptions, average costs were 7.9% higher, at US$5.01m.

Most organizations said they planned to increase prices of goods and services following a data breach. 63% of organizations surveyed planned to pass the costs on to customers, a 10.5% increase.

 

This is a report that not only the IT team need to read, but also the chief financial officer because it will be that person who will be responsible for paying company money for the ransom, the fines for lack of compliance, and any court settlements to people whose data has been stolen.

Sunday 11 August 2024

The cost of a data breach 2024

I do seem to be banging on about security recently, but it really is so important. No-one wants to find that their personally identifiable information has been stolen and is currently being shared all over the dark web. And no-one wants to find that their mainframe or other platforms have had all their data stolen and they are looking at massive fines, compensation payments, and loss of customers and future revenue.

But, how do you know exactly how bad things are out there? How do you find out how much it is costing organizations that have been hacked and faced a ransom payment. One answer is the Cost of a Data Breach Report 2024 from IBM. Their headline statistic is that the global average cost of a data breach in 2024 is US$4.88m, which is a 10% increase over last year and the highest total ever. The USA had the highest average data breach cost at US$9.36m. Other countries in top 5 were the Middle East, Germany, Italy, and Benelux (Belgium, the Netherlands, and Luxembourg).

The report also identifies an issue with shadow data, saying that it is involved in 1 in 3 breaches. They suggest that the proliferation of data is making it harder to track and safeguard. Slightly better news is the finding that US$2.22m is the average cost saving for organizations that used security AI and automation extensively in prevention versus those that didn’t.

The USA had the highest average data breach cost at US$9.36m. Other countries in top 5 were the Middle East, Germany, Italy, and Benelux.

Looking in more detail at the report, we find that more than half of breached organizations are facing high levels of security staffing shortages and it’s getting worse. The issue shows a 26.2% increase from the previous year. In cash terms, that corresponded to an average US$1.76m more in breach costs. The report goes on to say that even as 1 in 5 organizations say they used some form of gen AI security tools, which are expected to help close the gap by boosting productivity and efficiency, this skills gap remains a challenge.

Many organizations trust their all the employees, and yet the report says that the average cost of a malicious insider attack is now US$4.99m. The report says that compared to other vectors, malicious insider attacks resulted in the highest costs but were only 7% of all breach pathways. Other expensive attack vectors were business email compromise, phishing, social engineering, and stolen or compromised credentials.

Phishing and stolen or compromised credentials ranked among the top 4 costliest incident types. Compromised credentials topped initial attack vectors. Using compromised credentials benefited attackers in 16% of breaches. Compromised credential attacks can also be costly for organizations, accounting for an average US$4.81m per breach. Phishing came in a close second, at 15% of attack vectors, but in the end cost more, at US$4.88m. Gen AI may be playing a role in creating some of these phishing attacks. For example, gen AI makes it easier than ever for even non-English speakers to produce grammatically correct and plausible phishing messages.

Watching TV and movies might make you think that breaches are usually discovered fairly promptly and dealt with the next day. Sadly, the report found that breaches involving stolen or compromised credentials took the longest to identify and contain of any attack vector. That was 292 days. Similar attacks that involved taking advantage of employees and employee access also took a long time to resolve. For example, phishing attacks lasted an average of 261 days, while social engineering attacks took an average of 257 days.

The good news is that the average time to identify and contain a breach fell to 258 days, reaching a 7-year low, compared to 277 days last year. The report points out that this global average of mean time to identify (MTTI) (194 days) and mean time to contain (MTTC) (64 days) excludes Benelux because, as a new region in the study, it was having outsized influence and skewed results much more than the average.

Ransomware victims that involved law enforcement ended up lowering the cost of the breach by an average of nearly US$1m, although that excludes the cost of any ransom paid. Involving law enforcement also helped shorten the time required to identify and contain breaches from 297 days to 281 days.

The industrial sector experienced the costliest increase of any industry, rising by an average US$830,000 per breach over last year. This cost spike could reflect the need for industrial organizations to prepare for a more rapid response, because organizations in this sector are highly sensitive to operational downtime. However, the time to identify and contain a data breach at industrial organizations was above the median industry, at 199 days to identify and 73 days to contain.

Healthcare is still the costliest in terms of a data breach at US$9.77m, but that was down from US$10.93 in 2023. Financial is the second costliest sector at US$6.08m this year, with Industrial third with an average cost of US$5.56m.

Nearly half of all breaches (46%) involved customer personal identifiable information (PII), which can include tax identification (ID) numbers, emails, phone numbers, and home addresses. Intellectual property (IP) records came in a close second (43% of breaches). The cost of IP records jumped considerably from last year, to US$173 per record in this year’s study from US$156 per record in last year’s report.

The costs from lost business and post-breach response rose nearly 11% over the previous year, which contributed to the significant rise in overall breach costs. Lost business costs include revenue loss due to system downtime, and the cost of lost customers and reputation damage. Post-breach costs can include the expense of setting up call centres and credit monitoring services for impacted customers, and paying regulatory fines.

Worryingly, 45% of all breaches were caused by IT failures or human error. The breakdown is 23% are due to IT failure and 22% are due to human error.

Interestingly, security teams and their tools detected breaches 42% of the time. Benign third parties detected the breach 34% of the time, and attackers themselves identified the breach 24% of the time. Security teams are getting better at discovering breaches because the 2023 figure for identification was 33% of the time. When a breach was disclosed by an attacker, the average cost was US$5.53m. However, when a security team identified a breach, the average cost was US$4.55m.

Even so, no-one can be complacent. It’s still taking a long time to detect a breach. It’s still costing companies a lot of money. More needs to be done to protect individual’s data, don’t you think?

It’s a really useful report by the Ponemon Institute for IBM.

There will be more details from the report next time.

Sunday 4 August 2024

Perhaps not the best way to deal with a data leak

I’ve written and spoken about security many times, but usually I have been suggesting to people what they might consider doing or not doing in order to keep their data safe. Even if everyone took my advice, I would still be worried whether they were completely secure because it’s a continual arms race between the hackers and the large organizations that use mainframes to maintain their security and keep their data safe. New software updates are installed that might contain previously-unknown backdoors. Patches to lock those back doors aren’t always installed quickly enough, so bad actors can use them. Staff members still click on attachments to emails that trigger malware, or they click on links and receive unexpected drive-by malware on their laptops. And there are numerous other ways that the bad actors can get onto your mainframe including, probably, new ones that most of us haven’t heard of yet!

But once you have been hacked, once the bad actors have accessed your computers, exfiltrated your data, encrypted your copy of the data, and left a ransom demand, what should you do? Let’s take a look at how one company dealt with a massive loss of data. It’s been in the news, so I don’t feel I need to keep its name secret, it’s NTT Data Romania.

NTT – Nippon Telegraph and Telephone – was established as a state monopoly in 1952 to take over the Japanese telecommunications system that was being operated by AT&T. NTT was privatized in 1985 to encourage competition in the country's telecom market.

NTT Data is a Japanese multinational information technology service and consulting company that originated in 1988. It is a partly-owned subsidiary of NTT. It acquired Keane Inc in 2010 and Dell Services in 2016, and other international companies. NTT Data mainly services non-NTT Group companies. NTT Data Romania was formed in 2000.

That’s a little bit of the company’s history. So, why am I discussing it as something we could all learn from in terms of a cyberattack?

RansomHub, the ransomware group, claimed that they had exfiltrated (stolen) 230GB of sensitive data from the company during an attack that was first detected on 14 June. The bad actors set a ransom deadline of 5 July or else they would publish the data they had stolen.

So, what would your company do if it happened to you? Would you alert your chief financial officer to get ready to pay out a huge amount of money in compensation and fines? Or would you decide to keep quiet about everything? NTT DATA Romania officially denied that a ransomware attack took place. They said in a statement to Romania Journal, “No ransomware attack. While there has certainly been some suspicious activity detected relating to a legacy server, the quick response taken by our security team prevented any further damage.

“On 14th June, suspicious activity was detected by our security monitoring team on a legacy server, separate from our corporate network. We immediately activated our Incident Response protocols and rendered the entire environment completely inaccessible and inactive.

“Additional measures to mitigate any further risk and protect the data of our customers were also activated. At this time, there is no visibility that client data has been affected.

“We are conducting an in-depth investigation into the situation and take the security of our client data very seriously.”

Who, within an organization, do you think would decide to keep quiet about a ransomware attack? In this case, three internal messages were sent by the CEO, Maria Metz, on 17, 18, and 24 June. Apparently, the first message confirmed the penetration and compromise of several platforms and services, and asked employees not to come to the company's offices, because they wouldn’t be able to access the data networks. Employees were also asked not to tell anyone outside the company about this crisis, including customers, suppliers, partners, the press, or other people.

You might call me cynical, but I don’t think that plan is going to work, do you? People naturally talk – especially when everyone asks them why they’ve not gone into the office.

With what you’ve seen already, you’ll not be surprised that the company denied the severity of the situation. In response to that, the hackers posted samples of the data, which apparently includes accounting, financial planning, and internal documents of every type and purpose. There’s also personal and recruitment data, project and business data, backup files, client and financial data, as well as legal documents.

You might be thinking, “poor old NTT Data”, but NTT companies seem to be having a bad time recently. NTT West’s president Masaaki Moribayashi resigned in March, following the leak of data relating to 9.28 million customers, which became known in October last year. And now NTT Data Romania in June this year.

I guess no-one wants to publicize their failings, and organizations are the same. However, there comes a time when the optics of owning up and taking steps to remediate the problem and appease the customers whose data has been stolen seems a better approach than trying to deny anything happened and asking staff to keep silent. I’m sure any stranger standing in the middle of a local supermarket or bar could have gathered the who story quickly enough by listening to what people were chatting about.

The other thing is that if your organization is hacked and you fix the problem, and then tell every similar organization how they could be hacked and what they need to do to prevent the same problem occurring to them, you now seem like one of the good guys, don’t you think?

The NTT West hack was, it’s claimed, an inside job. If NTT Data Romania’s was also an inside job, it should make senior staff wonder about the culture within their organization, and the quality and dedication of the staff working for that organization – including in senior management. Customers of NTT Data Romania must be waiting to for their information to start turning up of the dark web, and are probably discussing with their lawyers what sort of compensation they should be demanding from the company. And at the back of their minds, they must be wondering, if NTT Data Romania is keeping quiet about something big like a data loss on this scale, what else is it not telling them?

Sunday 28 July 2024

Ransomware – some recent thoughts

Cybersecurity technology and information security company, Cisco Talos, recently published some interesting information on the tactics, techniques, and protocols (TTPs) used by the top 14 ransomware groups. Let’s see what we can learn from it.

Firstly, they looked at the steps in a ransomware attack, which won’t come as a surprise. The steps were:

  • Gain access to the targeted entity. Different techniques can be used, but the most common is social engineering, which usually involves sending emails containing malicious files or links that will run malware on the targeted system to targeted people. The malware allows the attacker to deploy more tools and malware to reach their goals, even bypassing multifactor authentication.
  • Scan Internet-facing systems for vulnerabilities or misconfigurations. Unpatched or legacy software is a particularly high risk.
  • Gain persistence. If the malware is identified and removed early on, the attack has failed. So, steps need to be taken to ensure permanence. With an attack on Windows, registry keys can be modified, or the malware can be auto-started at boot time. Local, domain, and/or cloud accounts can be created. On a mainframe, multiple copies of the malware might be stored, allowing a second copy to be activated if needed.
  • Network scanning to understand the infrastructure. This is where valuable data is identified. In addition, privilege levels need to be raised to administrator levels. On a mainframe, the order these two sub-steps would probably be reversed.
  • Data exfiltration. The valuable data, usually personally identifiable data, eg names, address, social security numbers, bank account details, etc, is then stolen. That might be the end of the attack.
  • Data encryption. Encrypting the data allows the bad actors to send a ransom to the organization that has been attacked. Unless the ransom is paid, the target organization won’t get the key to decrypt their data.

I would suggest that the attackers might also look for links to other organizations. These supply-chain attacks allow the bad actors to use one attack to get into the systems of multiple organizations.

Cisco Talos does offer some suggestions of how to mitigate the threat of ransomware. These are:

  • Apply patches and updates to systems and software to reduce the risk of exploits being used to access a system.
  • Implement complex and unique password policies and multifactor authentication.
  • Harden the attack surface by disabling unnecessary services and features and limiting the number of public-facing Internet services as much as possible.
  • Segment networks using virtual local area networks (VLANs) or similar technologies. Isolating sensitive data and systems from other networks prevents lateral movements from an attacker.
  • Monitor endpoints using a security information and event management (SIEM) system, and use endpoint detection and response (EDR) or extended detection and response tools.

One of the big problems facing the IT security team is the number of people working from home. Indusface, an application security SaaS company, has suggested nine ways to protect company data for people working remotely. Here are their suggestions:

  1. Provide company devices. This allows organizations to fully manage and secure the devices used to access company data. The devices should be updated and encrypted with SSL certificates. If that’s not possible, home-workers should be given everything they need to secure their own devices, eg anti-malware software.
  2. Scan and penetration test applications. Pen testing protects against data breaches by simulating real-world attacks on systems and highlighting vulnerabilities including privilege escalation attacks. Where vulnerabilities are identified, appropriate defensive measures can be taken.
  3. Utilize virtual private networks (VPNs) across the business. VPNs are easy to implement and protect data that could otherwise be vulnerable to attacks over an open public network.
  4. Deploy a web application firewall (WAF). This will protect web applications from attacks. An AI/ML based WAF should detects anomalies and block illegitimate requests even if they are made through compromised employee credentials.
  5. Employ encryption software. Encrypting sensitive files means that were someone able to steal the files, they would not be able to access the data or content. Security policies should ensure that all remote workers know how to encrypt files and when it is necessary. Routine checks should ensure the policy is being followed.
  6. Strict password management. Hackers rely on weak passwords when brute forcing point of sale (PoS) terminals. Use automatic password generators to create safe and secure passwords, and ensure that passwords are unique and never duplicated across multiple accounts. For sensitive data, employees should always implement multi-factor authentication (MFA), requiring users to provide multiple methods of verifying their identity.
  7. Rigorous access controls. Organizations should apply the principle of least privilege when it comes to access control, ie allowing users access to only the specific assets that they require for their work. Access to files should be revoked as soon as it is no longer necessary, such as when an employee leaves, or a person’s involvement in a project is over.
  8. Provide employees with what they need. To make their jobs easier, remote workers may implement tools, systems, or habits that are not sanctioned by the company. This shadow IT could include using risky apps and tools, sending files through unsecure channels, or storing assets somewhere unprotected. Provide remote workers with all the tools they may need to do their job effectively and ensure that they are aware of all the approved platforms that they have access to.
  9. Fully prepare and train remote workers. Organizations can implement security strategies, but efforts will be futile unless remote workers fully understand what the procedures are and why they are important. Training staff regularly and testing the effectiveness of the training (eg phishing email simulations) is important.

There are some useful hints and tips there. Although they are mainly PC-based ideas, accessing the Windows infrastructure may be just a short-step away from accessing an organization’s mainframe.

 

Sunday 14 July 2024

Interesting browser updates

I was checking on Statcounter to see how popular different browsers were. I wasn’t surprised to see that Google’s Chrome was the most popular with nearly two-thirds (65.68%) of the market share. Safari came second with 17.96%, which probably gives an indication of the percentage of Macs, iPhones, and iPads in use out there. In third place is Edge. Everyone who has bought PC will have Edge as the default browser. To be honest, the first thing I do when I get a new laptop is download a different browser – and, judging by the figures, so do lots of other people. Firefox is fourth with 2.75%. I always used to use Firefox, and I liked using it. I just didn’t install it on my newest laptops. C’est la vie! I was surprised to see Samsung Internet in fifth place. I’d never considered using it, and I have a Samsung phone. It scored 2.58% of market share. Sixth was Opera with 2.26%.

Looking at figures for just North America, it came as no surprise to see Apple’s browser had nearly a third of the market share at 31.74%. Chrome had over half at 52.55%. In Europe, the figures were still in the same order, but Chrome had 61.89% of the market and Safari had 18.55%.

Still, whatever browser you choose, it’s still just a browser – and you only use it to access your webmail, or get to Amazon to do your shopping, or check your bank balance, book holiday, or go to a million other websites, don’t you?

Once you’ve personalized your browser, and got it to remember the user-id and password you use for the websites you visit frequently, and, especially, the ones you only visit once a year, you don’t really want to change it. After all, what extra could a different browser do?

I’ve just started using Opera, or Opera GX as it calls itself. Opera, the browser, has been around for 25 years and is available on laptops and mobile phones, and has recently had some new updates to its built-in artificial intelligence (AI) called Aria, which adds some interesting new features.

Firstly, it has the ability to turn text prompts and descriptions into unique images using the image generation model Imagen2 by Google. Aria identifies the user’s intention to generate an image based on conversational prompts. Users can also use the ‘regenerate’ option to have Aria come up with a new image. Aria allows each user to generate 30 images per day.

Secondly, Aria can now read answers out loud by using Google’s WaveNet model. It benefits those who normally use screen readers, like to multitask, or need to hear information instead of reading it. To get this to work, I was using the command line, I had to click on the speaker icon in the bottom right corner to have Aria read the text response. It was easy to pause the speaking by clicking the pause button that replaced the speaker icon. Clicking the speaker icon again restarted the dialogue.

Thirdly, it’s gaining contextual image understanding. They say that Internet users find themselves searching for information about something they saw just as often as for something they read or heard about. So, Aria is also gaining image understanding capabilities. This means that users can now upload an image to Aria. As part of the chat conversation, users can then ask the AI tool about it. For example, if the image is an unknown headset, Aria will identify its brand and model as well as provide some context about it. Or a user can take a picture of a maths problem and ask Aria how to solve it.

To get this to work I had to download the developer version of the browser and create an account, and sign in. Once I’d done that, I clicked on the ‘+’ button on the right of the chat input box, and then selected the ‘upload image’ option. The explanation of the context of the image was quite good.

As part of the update, the text-based chat experience with Aria has also been improved with the addition of two new functionalities: ‘Chat Summary’ and ‘Links to Sources’. The former provides users with a concise summary of an entire conversation with Aria, allowing them to recap the most important information. In the latter feature, Aria supplies the user with links to sources about the topic of the conversation, enabling them to get more context regarding their enquiry. In addition, the Aria command line in the browser can now be easily activated by pressing the ‘ctrl + /’ or ‘cmd + /’ button combination. This enables the user to open the additional floating window instead of using Aria from the extension page. There’s also a small icon on the left-hand side of the browser that opens up Aria.

Features that were already part of Opera GX that you might be interested in include: RAM, CPU, and network limiters, a built-in free VPN (virtual private network), Twitch and Discord integration (chat facilities used by gamers), and a built-in ad blocker

I’m quite enjoying using the browser. You might want to give it a try.

 

Sunday 30 June 2024

Mainframe security – there really is a war going on

In the mainframe world, everyone has been talking about security for a very long time. In fact, I’ve seen some people yawn as the topic of security comes up again – “been there, done that, got the T-shirt” they say. But it’s not that easy. Just because all the security you had in place last year seems to have worked, doesn’t mean that it is secure enough for this year. There is a veritable arms race going on and no-one can afford to be complacent.

When I say no-one, I mean no-one in an organization can be complacent, perhaps least of all the chief financial officer (CFO). It’s the CFO’s job to safeguard their organization’s reputation and to save their company money. That was the job of the CFO at the USA’s second biggest health insurer, Anthem, which was hacked in December 2014. Nearly ten years later, the substantial cost to the company is only finally becoming clear.

That cyberattack saw 79 million individual's personal information compromised. Firstly, Anthem agreed to pay $115 million to those people whose information was potentially stolen. The plaintiffs’ case was that Anthem should pay their costs of checking whether the exfiltrated data was being used nefariously by anyone else. Then in 2020, Anthem agreed to pay $16 million to the US Department of Health and Human Services, Office for Civil Rights (OCR) and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. Also in 2020, the company paid $39.5 million as part of a settlement with US states attorneys general from 44 states and Washington, DC. On top of that, there may well have been payments by Anthem for the ransom, and for technical experts to try and resolve the attack. All-in-all, a hefty pay out for any organization.

And that wasn’t a one-off attack. According to the Cost of a Data Breach Report from IBM Security, the average cost of a data breach is US$4.45 million. For companies, like Anthem, in the healthcare sector, the average cost of a data breach was US$10.93 million.

In the UK just recently, hospitals and GP practices found Russian hackers had infiltrated and rendered unusable the IT systems of Synnovis, a company that analyses blood tests. That led to hospitals having to cancel operations etc. From personal experience, I know of a small web design and hosting company that says its web sites are under constant attack. And I know of local secondary schools that have been attacked.

Everywhere and everyone that has any kind of tech is currently under attack. And, they need to do their bit in the arms race that’s taking place between us – I’m assuming we’re the good guys are reading this – and the people who are trying to hack your system.

Oxford Capital recently sent out a press release reminding us that the World Economic Forum has shown that ransomware attacks have increased by nearly 300%, with over 50% of these attacks specifically targeting small businesses. Oxford Capital then highlighted the top AI security threats organizations need to be prepared to combat. They were:

  • AI-powered phishing attacks using AI to create highly-convincing and personalized emails. These attacks are designed to deceive employees into revealing sensitive information or downloading malicious software.
  • Automated vulnerability exploits. Hackers are using AI to scan for and exploit vulnerabilities in software systems at an unprecedented speed and scale. That’s why installing patches is such a priority.
  • Deep fake scams are where cybercriminals use AI to create realistic audio and video impersonations of company executives. These deepfakes can be used to manipulate employees into transferring funds or sharing confidential information.
  • AI-driven ransomware allows attackers to efficiently target, copy, and encrypt critical business data. 
  • Malicious AI bots can be used to conduct malicious activities such as credential stuffing, where bots attempt to gain access to accounts using stolen credentials. 
  • Weak passwords are a major cybersecurity threat because they can be easily guessed or cracked, allowing unauthorized access to sensitive information.

The suggested solutions given by Oxford Capital include:

  • Strong password policies. If you don’t already do this, use complex passwords and update them regularly.
  • Multi-factor authentication (MFA) requires a user to present two (or more) items or factors to an authentication mechanism before they are given access.
  • Regularly update software to ensure that the latest security patches are installed and no easy-access back doors (vulnerabilities) are anywhere on your system.
  • Employee training. I’ve been part of this kind of exercise where you give everyone in your organization training to recognize phishing attacks and other cyber threats, and then later test random attendees. Even so, you still find staff click on your dodgy email. Therefore, I would suggest that training is ongoing.
  • Use robust cybersecurity measures. They recommend users invest in comprehensive security solutions to detect and respond to threats efficiently. I would suggest mainframe-related products like File Integrity Monitoring (FIM) from MainTegrity to provide not only protection, but also early warning if some kind of attack is taking place, as well as automation to suspend jobs and users until you’re sure they really are allowed to do what they seem to be doing to your mainframe.

The list might have added using air-gapped hardware to protect back-ups from being overwritten. As well as routinely protecting data in transit from being stolen.

What I’m suggesting is that everyone needs to take steps to protect whatever data they have on their computing platforms, including the cloud, and people with the most to lose, like mainframers, need to absolutely keep one step ahead in the data security arms race. And the CFO, and other top execs, need to make sure the IT team have everything they need in order to do that. After all, it’s those top execs who will be paying for it if mainframe security isn’t as good as it needs to be.