15% of office workers use unsanctioned GenAI tools - Help Net Security

Rigid security protocols — such as complex authentication processes and highly restrictive access controls — can frustrate employees, slow productivity and lead to unsafe workarounds, according to Ivanti. When employees have unfettered access to GenAI tools and other advanced technologies, it can introduce challenges with data privacy, compliance, cyber risks, and copyrighted materials. “Companies should take steps to understand their employees’ workplace behaviors and adopt security measures that reduce the temptation for employees to sidestep protocols and use unsafe workarounds. Unapproved GenAI tools — just like any other shadow IT — introduce risk by expanding the organization’s attack surface without any oversight from security, potentially introducing unknown vulnerabilities that compromise an organization’s security posture. By focusing on UX in security measures, organizations can minimize the likelihood of employees bypassing established protocols and resorting to unsafe workarounds. DEX-informed security minimizes the need for employees to change their typical work behaviors. “Although harmless in the moment, employees typically opt for convenience and put security on the back burner,” said Mike Riemer, Field CISO, Ivanti. Yet, despite the significant contributions DEX tools can make to security, only 38% of companies consult the CISO for input on digital employee experience (DEX) strategy, investments, and planning. Employees may inadvertently enter sensitive company or customer data into GenAI tools. Yet, just 13% of security professionals say user experience (UX) for end users is a mission-critical priority when adopting cybersecurity tech interventions. Ivanti’s research shows that 81% of office workers report they have not been trained on GenAI and 15% are using unsanctioned tools. 32% of security and IT professionals have no documented strategy in place to address GenAI risks. Whether half of employees work remotely or just a small fraction do, there is still a profound need to ensure that the company supports all the ways employees work. Currently, most security professionals (89%) say they have invested in the right security-related UEM tools to automate security practices. 60% of executive leaders in 2024 believe employees need to be in the office to be productive, compared to 44% last year. Even if employers are pressuring employees back to the office, it does not mean remote working is no longer a priority or concern.

This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 03 Oct 2024 04:13:05 +0000


Cyber News related to 15% of office workers use unsanctioned GenAI tools - Help Net Security

Aim Security Raises $10M to Secure Generative AI Enterprise Adoption - PRESS RELEASE. TEL AVIV, Israel-(BUSINESS WIRE)-Aim Security, an Israeli cybersecurity startup offering enterprises a holistic, one-stop shop GenAI security platform, today announced $10 million in seed funding. Aim Security was founded by ...
9 months ago Darkreading.com
Flow Security Launches GenAI DLP - PRESS RELEASE. TEL AVIV, Israel, Nov. 30, 2023 /PRNewswire/ - Flow Security, the pioneering Data Security Lifecycle Platform, announced today its extension to GenAI Security with the launch of a new GenAI DLP module. This move makes Flow Security the ...
11 months ago Darkreading.com
Akto Launches Proactive GenAI Security Testing Solution - With the increasing reliance on GenAI models and Language Learning Models like ChatGPT, the need for robust security measures have become paramount. Akto, a leading API Security company, is proud to announce the launch of its revolutionary GenAI ...
8 months ago Darkreading.com
AI Market Research: The Pivotal Role of Generative AI in Cyber Security - What researchers are learning about GenAI and cyber security. Pair AI with cyber security and the possibilities are staggering. For many security professionals, it's a foregone conclusion that incorporating intelligence into cyber security will ...
5 months ago Blog.checkpoint.com
15% of office workers use unsanctioned GenAI tools - Help Net Security - Rigid security protocols — such as complex authentication processes and highly restrictive access controls — can frustrate employees, slow productivity and lead to unsafe workarounds, according to Ivanti. When employees have unfettered access to ...
1 month ago Helpnetsecurity.com
CVE-2024-26633 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
Cybersecurity for Remote Workers: Best Practices - In the current era of remote work, organizations worldwide face a critical concern: ensuring the cybersecurity of their remote workers. To address this issue, businesses must establish a robust cybersecurity framework that incorporates best practices ...
9 months ago Securityzap.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
GenAI Regulation: Why It Isn't One Size Fits All - With President Biden calling on Congress to pass bipartisan data privacy legislation to accelerate the development and use of privacy-centric techniques for the data that is training AI, it's important to remember that excessive regulation can stifle ...
7 months ago Cybersecurity-insiders.com
CVE-2024-26857 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
CVE-2024-35893 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
CVE-2024-47685 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use ...
2 weeks ago Tenable.com
Cisco Motific reduces GenAI security, trust, and compliance risks - Cisco announced Motific, Cisco's SaaS product that allows for trustworthy GenAI deployments in organizations. Born from Outshift, Cisco's incubation business, Motific provides a central view across the entire GenAI journey, empowering central IT and ...
9 months ago Helpnetsecurity.com
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
11 months ago Helpnetsecurity.com
CVE-2024-50083 - In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending ...
1 week ago Tenable.com
CVE-2024-26781 - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected ...
7 months ago Tenable.com
CVE-2023-52784 - In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. ...
5 months ago Tenable.com
CISOs Reconsider Their Roles in Response to GenAI Integration - Chief information security officers face mounting pressure as cyberattacks surge and complexities surrounding the implementation of GenAI and AI technologies emerge. The vast majority - 92% - of the 500 CISOs surveyed by Trellix admitted they are ...
5 months ago Securityboulevard.com
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
10 months ago Darkreading.com
CVE-2022-48956 - In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot ...
2 weeks ago Tenable.com
CVE-2024-50035 - In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is ...
2 weeks ago Tenable.com
Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Rapid GenAI adoption is the top-ranked issue for the next two years for legal, compliance and privacy leaders, according to Gartner. 70% of respondents reported rapid GenAI adoption as a top concern for them. Gartner experts have identified four key ...
10 months ago Helpnetsecurity.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
11 months ago Darkreading.com
CVE-2024-50033 - In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the ...
2 weeks ago Tenable.com
CVE-2024-26852 - In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ...
6 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)