November 7, 2023
In this Episode:
Edwin Kwan: Okta has suffered yet another data breach, this one affecting their employees’ personal information.
Olimpiu Pop: Even though there was always the choice, open-source versus closed-source, now, again, the world is at a turning point. Will you embrace open or closed?
Ian Garrett: How has ransomware impacted zero-trust adoption? With the rising threat of ransomware attacks, organizations have turned to the adoption of zero-trust and network segmentation strategies to counter these threats
The Stories Behind the Cybersecurity Headlines
Okta Suffered Data Breach Impacting Their Employees
This is Edwin Kwan from Sydney, Australia.
The Cloud Identity and Access Management Solutions Provider has suffered a series of data breaches in recent years, with the most recent being in October 2023- where attackers stole sensitive customer information, including cookies and session tokens. Some of their impacted customers from that exposure included CloudFlare and 1Password.
This latest breach was due to a security incident with one of their third-party providers. That third party is RightWay Healthcare, and it provides healthcare coverage for Okta employees and their families. Around 5,000 current and former employees had their personal information impacted by this breach. The information included full names, social security numbers, and health or medical insurance plan numbers.
While there has been no evidence that the personal information has been misused, those who were impacted had been offered two years of credit monitoring, identity theft protection, and fraud protection services.
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/okta-hit-by-third-party-data-breach-exposing-employee-information/
BigCode a Project With a Mission: Build State of the Art LLM Coding Models That Are Open
Open-source has grown rapidly in the last decades. Now according to the State of the Software Supply Chain Report, it reached 96% of the whole software built.
2022 brought two new parameters in an already complex ecosystem, generative AI and regulatory legislation. The latter wants to enforce rules to make cyberspace safer, mainly by pushing for more transparency and responsibility in the software industry. GenAI is a snowball that is growing faster than anybody could have anticipated.
When talking about code generation, models were trained on open-source code made available on the web, and now it provides it through tools and models that are closed-source. OpenAI and GitHub Copilot are both involved in a legal battle about code generated without giving credit to the authors.
But do we have alternatives? It seems so, and almost as usual with open-source, the alternatives are even better. The big code project is a project that wants to do exactly that. Provide open-source large language models that perform optimally and can be used by anybody.
The effort is a joint venture of HuggingFace and ServiceNow. Their officially declared mission is to support AI researchers to work together on the development of state-of-the- art code, LLMs, and collaborate on the research topics such as:
– Constructing a representative evaluation suite for code LLMs, covering a diverse set of tasks and programming languages.
– Developing new methods for faster training and inference of LLMs.
– The legal, ethics, governance, and safety aspects of code LLMs.
Starcoder is a product of this effort, but its technicalities are a story for another day.
The resources and transcripts are available on 505updates.com.
Olimpiu Pop, reported from Transylvania, Romania.
– Hugging Face: https://huggingface.co/bigcode
– The New Stack: https://thenewstack.io/copilot-lawyers-checking-claims-against-other-ai-companies/
Rising ransomware attacks drive zero trust adoption
How has ransomware impacted zero-trust adoption? With the rising threat of ransomware attacks, organizations have turned to the adoption of zero-trust and network segmentation strategies to counter these threats. A recent report by Akamai highlights the doubling of ransomware attacks over the past two years and the slow adoption of segmentation measures.
Hey folks, this is Ian Garrett in Arlington, Virginia.
The State of Segmentation 2023 report by Akamai reveals a concerning trend in the world of cybersecurity. Ransomware attacks, including both successful and unsuccessful attempts, have doubled over the past two years. The average number of attacks per country surveyed increased from 43 in 2021 to 86 in 2023.
This surge in ransomware threats has prompted organizations to rethink their security strategies. The study underscores the critical role of network segmentation in thwarting ransomware attacks. 93 percent of all respondents consider segmentation vital in their cybersecurity framework. However, the deployment of segmentation measures has been sluggish. In 2023, only 30 percent of organizations have implemented segmentation across more than two critical business areas.
Network segmentation is recognized as a key element of zero-trust security strategies. Globally, most respondents aim to implement microsegmentation, which offers granular protection for application workloads. However, the adoption of segmentation measures has been slow, despite an increase in network segmentation projects initiated in recent years.
Organizations face challenges when implementing network segmentation. Common obstacles include a lack of skills or expertise, performance bottlenecks, and compliance requirements. Despite these challenges, the percentage of organizations with segmented business critical applications and servers has increased in recent years.
To implement effective segmentation strategies, organizations should prioritize understanding their key processes and data assets. It’s crucial to start the segmentation process by considering how to protect these critical assets. Rather than approaching segmentation with a network-centric mindset, it’s more effective to focus on controlling access to vital data, which then informs a broader network architecture.