Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Composing song lyrics, writing code, securing networks — sometimes it seems like AI can do it all. And with the rise of LLM-based engines like ChatGPT and Google Bard, what once seemed like science fiction is now accessible to anyone with an internet connection. These AI advancements are top-of-mind for most businesses and bring up a lot of questions.

Data is expanding beyond environments, applications, and geographical boundaries. It is safe to say that we are currently experiencing the era of the Big Bang of Data. It is driving economies and industries. Organizations that can leverage data to its fullest potential take the helm of their industry, leading it peerlessly. However, with the proliferation of data comes increasingly serious risks to data security and privacy.

Compliance and security often go hand in hand as ideas that attempt to protect against cyber threats. While both compliance and security are designed to lower risk, they are not mutually inclusive—that is, not everything that is required for compliance will necessarily help with security, and not everything that bolsters security will necessarily put you in compliance.

Organizations utilize hundreds, sometimes thousands, of vendors to handle their day-to-day production, workflow, and business processes. With this many vendors, it’s easy for details to fall through the cracks and miscommunication to occur. Organizations often turn to vendor management systems to help manage multiple vendor relationships throughout a vendor lifecycle.

Identity and Access Management (IAM) is the name for any framework of technology, policies and processes that authenticate and authorize a user in order for that user to access and consume an organization’s resources. Managing user identities and granting appropriate user access helps protect your assets. These assets can include digital access to sensitive information, intellectual property, data and application workloads, network access or perimeter access to the physical data center location.

23andMe is a personal genome and biotechnology company that provides genetic reports to interested clients. 23andMe employs over 800 employees and operates in California. The company reported $299 million in revenues this year, but the figure will likely drop in the upcoming quarter; opportunists have accessed 23andMe’s systems, resulting in thousands of user records leaking online.

Last week in New York, I had the opportunity to attend a panel discussion hosted by SINET and moderated by Upendra Mardikar, the Chief Information Security Officer of TIAA. We discussed everything from security in DevOps, to AI’s pros and cons, and cybersecurity’s future. As long as the attack surface, API usage, and digital footprints increase, so will cyber risk.

This year for the 13th year in a row, the healthcare industry continues to experience the most expensive data breaches worldwide, at an average cost of nearly $11 million – double the cost for the next-highest industry, finance. That’s not surprising; ransomware attacks on hospitals and health systems are constantly in the news. Add to that the cybersecurity talent shortage, which is especially acute (pardon the pun) in the healthcare industry.