Earlier this year, National Public Data (NPD) experienced a significant data breach. A hacker stole and posted for sale a database that allegedly contained data from 2.9 billion individuals.
NPD, a data broker that collects information used in background checks, became subject to class action lawsuits, as well as state and federal government investigations. On. Oct. 2, Jerico Pictures, Inc., doing business as National Public Data, filed for Chapter 11 bankruptcy.
NPD’s general liability policy will not provide any coverage, which means full financial responsibility falls to the data broker. It faces an onslaught of class action lawsuits in several states. The US House Committee on Oversight and Accountability is investigating the breach.
Could more companies find themselves in financial precarity following big breaches? “I think yes, we're going to see more and more cases where companies can't survive such a breach,”
Steve Cobb
, CISO at SecurityScorecard, a cybersecurity ratings, response, and resilience company, tells InformationWeek.
Quantifying cyber risk is also essential for organizations to understand what kind of insurance coverage they need and how much. Cobb encourages enterprise leaders to pull their cyber insurance policies, examine them for potential gaps, and start discussions with their insurance brokers.
You already know that every day at InformationWeek brings expert insights and advice to help today’s IT leaders identify the best strategies and tools to drive their organizations forward.
That means original reporting from our team of journalists and unique commentary you won’t see anywhere else! But in case you missed them, here are some of our other must-read favorites from this week:
AI revolutionizes sales by enhancing traditional selling methods and introducing new capabilities, says
Bob Seaton
, CTO advisor and solutions architect at technology consulting firm Built.
"It builds upon established data science techniques, offering advanced customer segmentation, rapid industry insights, and streamlined training processes," he explains in an online interview.
AI's sales effectiveness hinges on its ability to harness vast amounts of data. "AI's power lies in its speed and capacity to identify trends at an unprecedented scale," Seaton says. It allows business leaders to recognize patterns hidden in their data, ask more insightful questions, and accelerate growth with targeted actions.
An AI sales tool's effectiveness can be evaluated by measuring increases in revenue and net promoter score, reduction in customer complaints, and related metrics that typically constitute key performance indicators, says
Pranav Gupta
, a senior data scientist at home improvement retailer Lowe's Companies, Inc..
By adopting monitoring tools, regular maintenance, and automated incident response systems, organizations can significantly cut down on unplanned outages and recovery time.
“It’s essential to recognize that quick response to outages depends on having clear communication channels and effective collaboration between operations and security teams,” says
Derek Ashmore
, application transformation principal at Asperitas Consulting, in an email interview.
Mean time between failures (MTBF) and mean time to repair (MTTR) are critical for understanding how often things break and how fast they can be fixed. Incident response time is also crucial, as quicker reactions reduce the impact of outages, while system uptime is a central measure of reliability.
In addition to automation, Ashmore predicts AI’s use in failure prediction will grow and become ubiquitous in IT. “It will expand beyond simple machine learning prediction algorithms and provide self-learning, enabling us to predict failures in situations that have yet to be seen,” he says.
While the need for endpoint security is clear, that’s only part of the puzzle. Inadvertent mistakes, lack of cybersecurity knowledge, faulty configurations and momentary lapses cause cybersecurity incidents to arise that could have been prevented or minimized.
“I think we need to be very cognizant of the security principles that come into play in a cloud environment. Things like role-based access, least privilege, allowing people in the organization the ability to do things that may present risk to us, like creating a computer, a server and exposing it to the internet, adding services that are public exposed, or creating a storage bucket that we put that in that's exposed to everyone on the internet by default,” says
Steve Cobb
, CISO at cybersecurity ratings, response and resilience company SecurityScorecard.
It’s important for CISOs to have knowledge of and visibility into every asset in their company’s tech stack, though some CISOs see room for improvement.
Interdepartmental communication and the plethora of tools available help organizations protect themselves from cyberattacks, but nothing is 100% effective, people are easy to deceive, and bad actors are becoming more sophisticated.
The New York Times sent a cease-and-desist letter to Amazon-backed Perplexity, demanding the AI startup stop the use of its content, according to a report from The Wall Street Journal.
This is not the first time the iconic publication has lashed out at an AI firm. Last year, it filed a lawsuit against ChatGPT parent OpenAI over the firm’s alleged use of millions of articles in model training. While OpenAI said the training constituted legal fair use of published content, the company set out to forge several large media content deals.
The Times says Perplexity found a workaround for its anti-scraping and anti-bot measures. The paper alleges “unlawful use” of its articles and demands to know how and why Perplexity still cites the publication.
Daniel Colson
, co-founder and executive director of the AI Policy Institute, says NYT’s complaint against Perplexity illustrates a need for stronger AI regulations.
“Perplexity’s approach is a prime example of the ‘move fast and break things’ mentality that is all too common among Silicon Valley startups, prioritizing rapid innovation over potential legal obstacles,” Colson tells InformationWeek in an email interview.
Commentary of the Week
Story by
Sarah Gray
Key Points:
This rise in vulnerability exploitation comes at a time when patching has become more complicated than ever. With the prevalence of hybrid roles, IT teams manage more devices, including those purchased by employees, in locations around the globe.
Being able to execute the SSVC framework efficiently would require a nimble team that can handle vulnerability management from the discovery stage up until the remediation stage.
Following CISA’s framework for prioritization may feel like an impossible task, but the right autonomous solutions make this a reality by empowering IT and security to track, attend, and act at the pace today’s threat environment requires.
There can be ways to further AI’s use that include best practices, without putting privacy at risk or stirring other fears.
Lawmakers at the state, national, and international levels continue to draft policy meant to ensure public safety, protect privacy and ownership of original content, fight misinformation, and a plethora of other concerns AI now raises.
Are there uses for AI that do not raise concerns of risk to the public, disruption of society, or harm to creatives behind original content?
While the skills necessary at any point in time may vary among companies, there are a few technical skills every employee should possess.
“Every employee should be knowledgeable about email, such as setting email signature, adding an account, disable photos in mails, send mass emails, etc. Crafting a presentation [using] Google Slides or PowerPoint is crucial in modern workspaces), sharing and backing [up] files, running updates, and setting antivirus software to protect their computers and delicate professional data,” says
Biljana Rakic
, VP of human capital at SaaS company CAKE.com.
Project management tools have become essential tools in a lot of industries. She also recommends knowing how to use Canva or photo editing for social because they could be a great addition to a resume.
The following slideshow reveals more skills all employees should have.
Cyber incident responders need all the help they can get.
AI could provide some of that help to IT cybersecurity teams, but it can also lend attackers a helping hand. In this virtual event, learn how CISOs can leverage AI's greatest security strengths, avoid the pitfalls, and find out what the threats today actually are -- not just the hype.
Topics Include:
Where to start when looking at AI risk assessment
How today's security teams can get ahead of attackers using AI
There is little to no consensus when it comes to cyber resilience, not on how to do it and not on how to define it.
Errors/misconfigurations and equipment degradation caused as many significant disruptions as cyberattacks and third-party cyber incidents, and natural disasters are the top cause of significant issues.
InformationWeek embarked on this research to try to decode current cyber resilience trends. Our survey allowed us to gain insights into what today’s cybersecurity professionals think about cyber resilience today.
Here are some key findings:
Companies are defining “cyber resilience” in a wide variety of ways. Half (48%) of respondents include “maintaining trust with stakeholders” as part of their definition.
Despite the need to redistribute IT budget funds to cover unexpected new technology costs like GenAI, about one-quarter (24%) devote 25% or more of their IT budget to cybersecurity.
One-quarter of respondents (24%) said they do not have a cyber incident response plan at all.
Errors/misconfigurations (18%) and equipment degradation (15%) caused as many significant disruptions as cyberattacks (15%) and third-party cyber incidents (15%).
Download this InformationWeek report today to learn more about risk and response initiatives, cyber liability insurance, the effects of GenAI and much more.
This is just a taste of what’s going on. If you want the whole scoop, then register for one of our email newsletters, but only if you’re going to read it. We want to improve the sustainability of editorial operations, so we don’t want to send you newsletters that are just going to sit there unopened. If you're a subscriber already, please make sure Mimecast and other inbox bouncers know that we’re cool and they should let us through.
And if you’re thinking about subscribing, then maybe start with the InformationWeek in Review; it only arrives on our new look Saturdays.
