e360 Blog

The State of Enterprise IT Security Podcast - S1 EP. 13: Credo AI's Risk Management, OT Cyberattack Impact, Atlassian's Critical Patch

Written by Brad Bussie | Mar 25, 2024 6:27:46 PM

Overview:

In this insightful episode of the State of Enterprise IT Security Edition, Brad Bussie, e360's Chief Information Security Officer, unveils pivotal strategies and updates that are shaping the cybersecurity landscape. You will gain an understanding of Credo.ai's innovative approach to mitigating generative AI risks, the critical importance of securing operational technology (OT) from cyberattacks, and the latest patches for Atlassian's software vulnerabilities. Furthermore, Bussie explores generative AI's recommendations for safeguarding sensitive information, providing a comprehensive guide to enhancing your organization's cybersecurity posture. This episode is a must-listen for technology leaders seeking actionable insights and solutions to today's most pressing security challenges.

Listen to the Episode:

 

Watch the Episode:

Key Topics Covered:

  1. Credo AI's Role in Managing Generative AI Risks

    • Credo.AI empowers enterprises to address challenges associated with generative AI, including bias, security vulnerabilities, and compliance issues. The platform is celebrated for its innovative approach to AI governance, highlighting the importance of preemptive measures in data governance and tool selection to safeguard against potential risks.
  2. Cyberattacks on Operational Technology (OT) Operations

    • With a significant number of organizations experiencing shutdowns due to cyberattacks on OT, the conversation underscores the vulnerabilities in systems that control physical processes and infrastructure. Bussie provides insights into strategies for securing OT, including network mapping, zero trust frameworks, and robust security controls, to mitigate revenue loss and reputational damage.
  3. Atlassian's Security Patches

    • The discussion covers Atlassian's response to critical vulnerabilities in its Bamboo, BitBucket, Confluence, and Jira products, specifically focusing on a severe SQL injection issue. Bussie stresses the importance of timely updates to these platforms to protect against unauthorized access and data exposure.
  4. Generative AI's Security Recommendations

    • Bussie explores how consulting with generative AI can offer valuable strategies for preventing the misuse of sensitive and personally identifiable information (PII). The AI's advice encompasses developing clear data handling policies, implementing data loss prevention measures, continuous employee training, and using encrypted communication to enhance security.

Links Referenced:

 

Timestamps:


[00:57.3] - Credo AI's Risk Management
[04:13.6] - OT Cyberattack Impact
[08:04.7] - Atlassian's Critical Patch 

 

Read the Transcript:


All right.

Hey, everybody. I'm Brad Bussie, Chief Information Security Officer here at e360. Thank you for joining me for the State of Enterprise IT Security Edition. This show makes IT security approachable and actionable for technology leaders. I'm happy to bring you three topics this week:

  1. How Credo AI is empowering enterprises to manage the risks of generative AI.
  2. The fact that one in four organizations shut down OT operations due to cyberattacks.
  3. Atlassian's critical vulnerability patches in Bamboo Data Center and Server.

So, let's get started.

First up, we're discussing how Credo.AI is empowering enterprises to manage the risks of generative AI. As organizations rush to pilot and implement Gen AI tools, CIOs and CISOs are concerned about monitoring and measuring our products and systems for issues like bias, security gaps, and lack of compliance with company or industry policies and regulations. This also includes ensuring data governance, to make certain what we give Gen AI access to in the first place is appropriate.

Credo AI has recently been recognized among the world's 50 most innovative companies for tackling the AI governance issue head-on. They've designed a cloud-based tool to manage the risks of Gen AI tools against data leakage, toxic outputs, and security vulnerabilities. The company's founder, a veteran of the Microsoft AI division, brings valuable experience to securing AI. She highlighted how governance can accelerate innovation when applied correctly to AI, promoting a "measure twice, cut once" approach starting with data governance.

Next, we're looking at how one in four organizations have had to shut down OT operations due to cyberattacks. OT, or operational technology, involves the hardware and software that monitors and controls devices, processes, and infrastructure, typically in an industrial setting. The compromise of OT systems can lead to significant revenue loss and damage to an organization's reputation. Strategies for enhancing OT security include robust network mapping, continuous monitoring, and implementing a zero-trust framework.

Lastly, we cover Atlassian's announcement of patches for critical vulnerabilities in Bamboo, BitBucket, Confluence, and Jira products. A particularly severe SQL injection issue, identified as CVE-2024-1597, posed a significant risk, highlighting the need for immediate patching to protect environments from unauthorized access.

I also took a unique approach in this episode by consulting various generative AI platforms for advice on securing organizations and preventing the misuse of company information and PII in Gen AI. The AIs suggested developing clear policies, implementing technical controls like data loss prevention, educating employees, and using encrypted communication channels. This comprehensive approach can significantly reduce the risk of sensitive information misuse in generative AI platforms.

Thank you for joining me, and I look forward to the next time on the State of Enterprise IT Security Edition.