The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.
Does AI like ChatGPT undermine cybersecurity?
ChatGPT has taken the world by storm over the past few months, and while users are finding new applications and use cases every day, so are hackers.
AI can be used to conduct phishing scams and write malicious code, granting threat actors more firepower. However, any advantage that AI affords hackers can also be used by security teams for good. As AI continues to evolve, we can expect to see AI tools designed specifically for SOC teams.
In the meantime, organizations would do well to train security teams on how to use AI tools. The Harvard Business Review shows you where to start.
Third-party breach revealed as initial vector for 3CX supply chain attack
VoIP developer 3CX was compromised by a supply chain attack targeting another company. A 3CX employee downloaded an outdated version of stock-trading software that contained a backdoor exploit that allowed hackers into the 3CX network, where they enjoyed wide lateral movement.
It’s the first incident where one supply chain compromise has been used to carry out another attack, but it won’t be the last. 3CX services over 600,000 clients, including American Express, BMW, and IKEA.
Securing the software supply chain is one of the top challenges in enabling digital trust. Read more about the investigation and what Keyfactor CSO Chris Hickman had to say about it on Enterprise Security Tech.
AI was a hot topic at RSA
Rohit Ghai, CEO of RSA Security, opened the conference with a talk about how AI can harden identity and access strategies and enable zero trust. AI would be vital, he said, in underpinning efforts to weave together the “identity fabric” to combat the escalating volume of AI-powered threats.
Leaders from CISCO also spoke about the ways in which AI could make the job of security analysts much easier, from investigating false positives to flagging suspicious emails and identifying holes in a network’s attack surface.
It appears AI won’t be a passing fad. To see how AI will continue to disrupt tech, business, and security, head over to SC Magazine.
RSA Cryptographer says quantum won’t be that big of a deal
Adi Shamir, the “S” in “RSA,” identified quantum computing as an item of concern for the security industry in the 90’s, along with cryptography and AI. While the latter have certainly claimed their spaces in the security world, Shamir predicts that the worries around quantum are overblown.
His argument: encryption is so ubiquitous that there’s too much for hackers to sort through. Speaking on the same panel as Shamir, British mathematician Cliff Cocks noted that China’s efforts toward quantum computing might work on smaller data sets but doubts their ability to function at a larger scale.
Still, more rigorous keys are never bad. Should we put quantum concerns on teh backburner for another 30 years? The Register has the full story.
Can AI solve the secure-by-design challenge?
Around 97% of applications are estimated to contain open-source code — an example of a risk that can be solved by AI. AI can allow developers to question code validity to GPT in an organic language format.
AI tools can also scan code for vulnerabilities at scale and learn to spot new vulnerabilities as they emerge. This can speed up the identification of issues like buffer overflows and injection attacks.
When paired with automation, AI can offer efficiencies by leaps and bounds. Check out VentureBeat to see how AI can help harden your security posture.
Keep up with the latest news in digital trust, PKI, machine identity management, and more by subscribing to The Source, Keyfactor’s monthly identity-first security newsletter.