CYBER PATROL Cybersecurity must-know vocabulary Data poisoning is a type of cyberattack where threat actors target training data for artificial intelligence (AI) and machine learning (ML) models. By adding corrupting training data, threat actors can manipulate models and cause them to learn incorrect behaviors. In one recent example, researchers at JFrog discovered more than 100 malicious AI/ML models in the Hugging Face AI platform. Endpoint detection and response (EDR) involves analyzing, monitoring and protecting endpoints like laptops, servers, smartphones and IoT devices. Large companies can have hundreds of thousands of endpoints spread across their distributed environments. EDR platforms scan for connected network devices and enable security administrators to set policies, monitor their usage and restrict access. Extended detection and response (XDR) goes a step beyond EDR by analyzing data from endpoints as well as networks, cloud systems, email systems and servers. XDR provides complete visibility across the attack surface and helps to eliminate silos and cybersecurity gaps. XDR is typically a better fit for large enterprises with multiple networks. General Data Protection Regulation (GDPR) is a framework established by the European Parliament in 2016 that requires businesses to protect the personal data and privacy of EU citizens for transactions occurring in and outside of EU member states. While the U.S. doesn’t have a federal data protection law like GDPR, several states have their own protection laws that determine how companies can access citizens’ data. Some examples include the California Consumer Privacy Act (CCPA), the Colorado Privacy Act (CPA) and the Virginia Consumer Data Protection Act (VCDPA). HIPAA (Health Insurance Portability and Accountability Act of 1996) is a federal law that protects personal health information (PHI) and medical records. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for updating HIPAA Privacy and Security Rules and ensuring that healthcare providers, health plans and clearinghouses remain compliant. Channel partners often encounter HIPAA when selling services like firewalls and SD-WAN solutions to companies that operate in the healthcare industry. Source: S&P Global; Weka Criteria Used in Selecting Third-Party Firms for Cybersecurity Source: CompTIA Access to threat intelligence Specific knowledge in a focused area of cybersecurity Broad knowledge across multiple domains of cybersecurity Clear remadiation policies in event of cybersecurity incident Excellence in core offering where security may be embedded Ability to perform cost/benefit analysis of initiatives Offer cybersecurity insurance 44% 43% 43% 41% 39% 38% 33% People Involved in Risk Management Discussions Source: CompTIA Technology staff CEO Mid-level technology management Mid-level business management Business staff Board of directors Third party firms Other technology executives CFO CISO CIO Other business executives 25% 22% 20% 20% 20% 19% 19% 13% Cybersecurity Changes in the Past Year Higher priority on determining proper reponse to incidents Greater focus on process improvement More diverse set of technology tools Greater focus on employee education 45% 40% 36% 35% Organizations find the early data steps of the AI life cycles as challenging as model building Source: S&P Global; Weka Proportion of respondents that identify AI life cycle stage as “most challenging” Data pre-processing Model build and deployment Criteria Used in Selecting Third-Party Firms for Cybersecurity Source: CompTIA 59% 41% Gathering/ sourcing data Preparing data Standardizing data Analyzing data Training a model Testing a model Deploying a model Access to threat intelligence Specific knowledge in a focused area of cybersecurity Broad knowledge across multiple domains of cybersecurity Clear remadiation policies in event of cybersecurity incident Excellence in core offering where security may be embedded Ability to perform cost/benefit analysis of initiatives Offer cybersecurity insurance 44% 43% 43% 41% 39% 38% 33% People Involved in Risk Management Discussions Source: CompTIA Technology staff CEO Mid-level technology management Mid-level business management Business staff Board of directors Third party firms Other technology executives CFO CISO CIO Other business executives 40% 36% 33% 29% 25% 22% 20% 20% 20% 19% 19% 13% 26 CHANNELVISION | SEPTEMBER - OCTOBER 2024
RkJQdWJsaXNoZXIy NTg4Njc=