Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: NIST Program Assesses How AI Systems Will Behave in the Real World, While FBI Has Troves of Decryption Keys for LockBit Victims

NIST Program Will Assess How AI Systems Will Behave in the Real World

Check out the new ARIA program from NIST, designed to evaluate if an AI system will be safe and fair once it’s launched. Plus, the FBI offers to help LockBit victims with thousands of decryption keys. In addition, Deloitte finds that boosting cybersecurity is key for generative AI deployment success. And why identity security is getting harder. And much more!

Dive into six things that are top of mind for the week ending June 7.

1 - NIST program will test safety, fairness of AI systems

Will that artificial intelligence (AI) system now in development behave as intended once it’s released or will it go off the rails?

It’s a critical question for vendors, enterprises and individuals developing AI systems. To help answer it, the U.S. government has launched an AI testing and evaluation program.

Called Assessing Risks and Impacts of AI (ARIA), the National Institute of Standards and Technology (NIST) program will make a “sociotechnical” assessment of AI systems and models.

That means ARIA will determine whether an AI system will be valid, reliable, safe, secure, private and fair once it’s live in the real world.

“In order to fully understand the impacts AI is having and will have on our society, we need to test how AI functions in realistic scenarios – and that’s exactly what we’re doing with this program,” U.S. Commerce Secretary Gina Raimondo said in a statement.

The program, now in version 0.1, goes beyond assessments of system performance and accuracy, and aims instead at measuring what NIST calls “technical and societal robustness.” Its evaluations will include model testing, red teaming and field testing.

To get more details, check out:

For more information about ethical and secure AI systems:

2 - FBI has thousands of LockBit decryption keys, urges victims to reach out

Victims of the LockBit ransomware-as-a-service group should contact the FBI’s Internet Crime Complaint Center (IC3), because the agency has more than 7,000 LockBit decryption keys.

Using the keys, the FBI “can help victims reclaim their data and get back online,” FBI Cyber Division Assistant Director Bryan Vorndran said this week at a conference in Boston.

The FBI was part of a multinational operation dubbed Cronos that severely disrupted LockBit in February and yielded an initial batch of more than 1,000 decryption keys.

 

FBI has thousands of LockBit decryption keys, urges victims to reach out

 

The LockBit ransomware variant has been used in more than 2,400 attacks globally, including more than 1,800 in the U.S., resulting in billions of dollars in damages, Vorndran said.

As part of Operation Cronos, investigators discovered that the LockBit group and its affiliates held on to ransomed data even after receiving payment and claiming to have deleted it.

To get more details, check out: 

For more information about ransomware prevention, trends and best practices:

3 - Deloitte: Cybersecurity key to GenAI’s success

For their generative AI deployments to succeed, organizations must simultaneously beef up three critical technology areas, including cybersecurity.

That’s according to Deloitte’s “State of Generative AI in the Enterprise” report for Q2, based on a survey of almost 2,000 business and technology leaders whose organizations are advanced AI users.

The other two areas are data management and cloud consumption, according to Deloitte, which forecasts that enterprise spending on generative AI will increase by 30% this year. 

“These three capabilities, each important in their own right, form a constellation that can create even greater impact—in this case, as enablers of gen AI,” reads a Deloitte article about the report.

 

Deloitte: Cybersecurity key to GenAI’s success

 

To get more details, check out:

4 - IDSA: Securing identities gets more challenging

Is securing identities at your organization becoming more complex and a higher priority, as identity incidents rise? If so, you’re not alone. 

In the past year, 90% of U.S. organizations suffered an identity-related incident, with 84% reporting a direct business impact, according to the Identity Defined Security Alliance’s “2024 Trends in Identity Security” study, which surveyed 521 identity and security pros at U.S. organizations with more than 1,000 employees.

"We continue to see that securing these identities remains a significant challenge, and security outcomes remain a large work in progress,” reads the report.

Key findings from the report include:

  • Organizations where managing and securing identities is the top priority of their security programs grew from 17% last year to 22%. It’s a top 3 priority in 73% of organizations, up from 61% in 2023.
  • Managing identity sprawl is a major focus for 57% of respondents.
  • The most common identity-related incident faced by respondents was phishing (cited by 69%).
  • Most respondents (96%) expect that AI will help their organizations secure their identities, especially for identifying anomalous behavior and assessing alert severity.

And what was the top barrier to securing identities? A very complex tech environment.

 

IDSA: Securing identities gets more challenging

(Source: Identity Defined Security Alliance’s “2024 Trends in Identity Security,” May 2024)

To get more details, read:

For more information about identity and access management (IAM) security, check out these Tenable resources:

5 - McKinsey: Inaccuracy tops orgs’ GenAI concerns

Over the past year, organizations have become more worried about the erratic information produced by their generative AI systems, viewing it now as a key risk they must manage.

That’s according to the “McKinsey Global Survey on AI,” which polled almost 1,400 respondents representing a broad range of roles, industries, company sizes and experience.

“Inaccuracy – which can affect use cases across the gen AI value chain, ranging from customer journeys and summarization to coding and creative content – is the only risk that respondents are significantly more likely than last year to say their organizations are actively working to mitigate,” reads the McKinsey report about the survey.

McKinsey: Inaccuracy tops orgs’ GenAI concerns

Almost a quarter of respondents using generative AI said their organizations have suffered a negative impact from the inaccuracy of their generative AI systems. That ranks inaccuracy at the top of generative AI risks with negative consequences, followed by cybersecurity, explainability and intellectual property infringement.

Other study findings include:

  • 65% of organizations polled are using generative AI “regularly,” almost double the percentage from last year’s survey.
  • Concrete benefits from generative AI use include lower costs, especially for human resources; and revenue boosts, particularly in supply chain management.
  • Respondents are using a mix of commercial off-the-shelf generative AI tools (53%), and custom-built in-house systems (47%).

To get more details, check out the McKinsey report “The state of AI in early 2024: Gen AI adoption spikes and starts to generate value.”

For more information about inaccuracy issues in generative AI systems:

VIDEO

Why AI hallucinations are here to stay (TechTalk)

6 - Tenable poll takes the pulse of cloud sec strategies

During our recent webinar “Secure Your Cloud-Native Applications: 5 Key Considerations for Improving the Impact and Efficiency of Your Efforts,” we polled attendees about the environments they secure and about their cloud security program management. Check out what they said!

Tenable poll takes the pulse of cloud sec strategies

(56 webinar attendees polled by Tenable, May 2024) 

Tenable poll takes the pulse of cloud sec strategies

(88 webinar attendees polled by Tenable, May 2024)

To learn about how to boost the security of your cloud-native applications in hybrid and multi-cloud environments, tune into the on-demand webinar “Secure Your Cloud-Native Applications: 5 Key Considerations for Improving the Impact and Efficiency of Your Efforts.”

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.