Recent Cyber Incidents, New Regulations and the Impact of AI in the Industry: August Cyber News Bytes

MOVEit Cyber Incident Shakes Industry

An alarming cyber event has shaken MOVEit, a widely-used file-sharing tool renowned for its file encryption and secure data transfer capabilities. Uncovered almost two months ago, the zero-day vulnerabilities cyber security incident is one of the most significant cyber security incidents of 2023. Although the severity of the event continues to unfold, over 400 organizations and 22 million individuals worldwide have been impacted by cyberattacks exploiting the security flaw. The sectors bearing the brunt of the impact span a range of industries, including finance, insurance, public administration, educational services and information.

Multiple class action suits have already been initiated against Progress Software and organizations that have been breached. The MOVEit cyberattack has shown the importance for all companies and institutions to continue to review and update their cybersecurity controls, including the need for quick detection and response in the event of a cyberattack as new threats continue to evolve.

IBM’s 2023 Cost of a Data Breach Report

An annual study conducted by Ponemon Institute, along with IBM’s funding and analysis, reports how early detection and AI can significantly reduce the impact and cost of a breach. Over the past year, the average cost per incident was $4.4M. In a recent article from IT Brew, Charles Henderson, global head of IBM X-Force said, “by adopting the right technologies and strategies, business can reduce detection time and cost.” Security AI and automation had the biggest impact on an organization’s ability to speed the identification and containment process for a breach and led to the biggest cost savings.

SEC Reporting Update

Following a new regulation approved by the Securities and Exchange Commission, publicly traded enterprises must now disclose “material cybersecurity incidents” within a span of four business days upon identification. However, what qualifies as “material” has not been defined.  A recent article from Baker Donelson discusses the requirements under the new ruling and how companies should proceed. For instance, organizations will need to report on the “nature, scope, and timing” of the incident and will be required to provide information pertaining their cybersecurity risk management, strategy, and governance on an annual basis. 

ChatGPT Credential Theft

Generative AI continues to permeate all aspects of modern life, as the technology has proven to provide opportunities to enhance existing practices and create meaningful efficiencies for the user. However, like many other technological advancements, there are unintended risks associated. An example of such risks is reviewed in the recent TechTarget blog, discussing the alarming trend of compromised ChatGPT credentials. Understanding that broader use of such technology will likely continue to be adopted, it’s imperative that business proactively explore the potential exposures they face and implement a strong governance structure to monitor and manage. 

To subscribe to the Cyber News Bytes newsletter, please click here.