logo
#

Latest news with #maliciousactors

China warns of security risks from bad actor ‘back doors' in imported chips, smart devices
China warns of security risks from bad actor ‘back doors' in imported chips, smart devices

South China Morning Post

time3 days ago

  • South China Morning Post

China warns of security risks from bad actor ‘back doors' in imported chips, smart devices

China's top anti-spying agency has urged citizens to beware of data leakage through deliberately designed or maliciously embedded 'technical back doors' in chips and smart gadgets produced overseas, warning of risks to national security The Ministry of State Security said on its official social media page on Monday that imported chips, software and smart devices for critical sectors might feature embedded 'exploits' or access points at the initial design stage. These would allow malicious actors to bypass security controls and gain unauthorised access to systems, potentially causing severe data breaches, it cautioned. 'The security of hi-tech devices and information systems directly concerns national security. Citizens must remain vigilant,' the ministry said. 03:25 New CIA videos seek to lure Chinese officials to leak secrets to US New CIA videos seek to lure Chinese officials to leak secrets to US A technical back door is a software tool that allows developers to debug and patch vulnerabilities efficiently. However, it may also pose significant risks, including data theft and information leakage. Malicious actors could exploit these covert access points to remotely activate cameras or microphones, or command background processes to collect and 'exfiltrate' or steal specific data, the ministry said. Manufacturers could also illegally invade devices through after-sales services, software update channels, by compromising open-source code repositories or tampering with code during supply chain operations, it added. Beijing places a strong emphasis on national security in the intelligence and cyber domains, and the ministry's warning underscores heightened vigilance over risks from foreign technology supply chains amid geopolitical tensions with the United States and state surveillance fears.

Developer Loses $500,000 While Coding in Cursor : Malicious Cursor IDE Extension Exposed
Developer Loses $500,000 While Coding in Cursor : Malicious Cursor IDE Extension Exposed

Geeky Gadgets

time15-07-2025

  • Geeky Gadgets

Developer Loses $500,000 While Coding in Cursor : Malicious Cursor IDE Extension Exposed

What if a single click could cost you half a million dollars? For one blockchain developer, this nightmare became a reality when a seemingly harmless coding extension in Cursor IDE turned out to be a cleverly disguised trap. The result? A staggering loss of $500,000 in cryptocurrency. This incident isn't just a cautionary tale—it's a wake-up call for developers everywhere about the hidden dangers lurking in trusted tools. In an era where open source ecosystems thrive on collaboration and innovation, the same openness can be weaponized by malicious actors. The question is: how can you protect yourself when even trusted platforms can be exploited? Java Brains unpacks the shocking details of how a polished, professional-looking extension turned into a developer's worst nightmare. You'll learn how attackers manipulated trust signals like download counts and reviews, exploited vulnerabilities in the Open VSX marketplace, and bypassed common security measures. More importantly, we'll explore practical steps to safeguard your work and assets, from scrutinizing extensions to isolating sensitive tasks. Whether you're a seasoned developer or just starting out, this story holds critical lessons about the balance between convenience and security in today's development environments. After all, in a world where a single misstep can cost you everything, vigilance isn't optional—it's essential. Malicious Extension Costs Developer What Happened? The developer, while working in Cursor IDE, installed an extension that appeared to offer Solidity language support. However, this seemingly legitimate extension concealed malicious code. Once installed, it executed a hidden PowerShell script that granted attackers remote access to the developer's machine. This unauthorized access enabled the attackers to steal cryptocurrency wallets and other sensitive information stored on the system. The extension appeared trustworthy due to its professional description and artificially inflated download counts, which gave the impression of widespread use and reliability. This deceptive presentation masked its true intent, leaving the developer unaware of the threat until the damage was already done. How Attackers Exploited the System The attackers used weaknesses in the Open VSX marketplace, a platform used by Cursor IDE and other VS Code forks for extensions. Their strategy involved exploiting trust mechanisms and marketplace vulnerabilities to distribute their malicious extension effectively. Here's how they executed the attack: Manipulated Rankings: The attackers exploited the marketplace's ranking algorithm to ensure their extension appeared prominently in search results, increasing its visibility to potential victims. The attackers exploited the marketplace's ranking algorithm to ensure their extension appeared prominently in search results, increasing its visibility to potential victims. Deceptive Presentation: They crafted a polished description and artificially inflated download numbers to create a false sense of credibility and trustworthiness. They crafted a polished description and artificially inflated download numbers to create a false sense of credibility and trustworthiness. Exploited Open Marketplace Weaknesses: The Open VSX marketplace lacks the stringent security measures found in Microsoft's proprietary Visual Studio Marketplace, making it easier for malicious actors to distribute harmful extensions without detection. These tactics allowed the attackers to bypass common trust indicators, such as download counts and ratings, which developers often rely on when selecting extensions. How a Malicious Cursor IDE Extension Stole $500,000 in Crypto Watch this video on YouTube. Uncover more insights about AI coding in previous articles we have written. Why Extensions Pose a Security Risk Extensions in integrated development environments (IDEs) like VS Code and its forks are designed to enhance functionality, often requiring significant system-level access. While this access is necessary for their operation, it also increases the potential for misuse. Developers typically assess extensions based on several factors, but these metrics can be misleading: Download Counts: High download numbers are often interpreted as a sign of popularity and reliability, but they can be artificially inflated. High download numbers are often interpreted as a sign of popularity and reliability, but they can be artificially inflated. Ratings and Reviews: Positive feedback can create a false sense of security, especially if reviews are fabricated or manipulated. Positive feedback can create a false sense of security, especially if reviews are fabricated or manipulated. Open source Transparency: While open source extensions are generally considered safer due to their transparency, they can still be compromised during the build or distribution process. This incident demonstrates how attackers can exploit these trust mechanisms, making it increasingly difficult for developers to distinguish between safe and malicious tools. How You Can Protect Yourself To safeguard against malicious extensions and reduce the risk of similar incidents, developers should adopt the following best practices: Verify Extensions: Whenever possible, test extensions in the official VS Code marketplace before using them in forks like Cursor IDE. Whenever possible, test extensions in the official VS Code marketplace before using them in forks like Cursor IDE. Scrutinize Publishers: Investigate the publisher's profile, history, and reputation to ensure they are legitimate and trustworthy. Investigate the publisher's profile, history, and reputation to ensure they are legitimate and trustworthy. Delay Adoption: Avoid installing newly published extensions until they have been thoroughly vetted by the developer community. Avoid installing newly published extensions until they have been thoroughly vetted by the developer community. Compartmentalize Work: Use isolated setups for sensitive tasks, and separate personal and professional environments to minimize exposure. Use isolated setups for sensitive tasks, and separate personal and professional environments to minimize exposure. Be Cautious: Refrain from installing extensions that seem suspicious, lack transparency, or fail to function as advertised. Refrain from installing extensions that seem suspicious, lack transparency, or fail to function as advertised. Understand Risks: Tailor your security practices to the sensitivity of the data or assets you handle, making sure that high-value resources are given extra protection. By implementing these measures, you can significantly reduce your vulnerability to malicious extensions and other security threats. Broader Lessons for the Development Community This incident highlights the urgent need for stronger security measures within open source extension marketplaces. While the open source model encourages innovation and collaboration, it also introduces risks that require proactive management. Developers must carefully weigh the convenience and functionality of extensions against the potential security threats they pose. The broader development community, including marketplace operators, must also take responsibility for improving security. Key actions that could enhance safety include: Enhanced Verification Processes: Implementing stricter vetting procedures for extensions to identify and remove malicious content before it reaches users. Implementing stricter vetting procedures for extensions to identify and remove malicious content before it reaches users. Improved Ranking Algorithms: Refining algorithms to prevent manipulation and ensure that trustworthy extensions are prioritized in search results. Refining algorithms to prevent manipulation and ensure that trustworthy extensions are prioritized in search results. Stronger Security Protocols: Introducing additional layers of security, such as automated code analysis and manual reviews, to detect and block harmful extensions. These steps are essential to reducing the risk of malicious extensions infiltrating open source ecosystems and compromising user security. Lessons for Developers The loss of $500,000 by a blockchain developer serves as a sobering reminder of the dangers posed by malicious extensions. As attackers continue to refine their methods, vigilance and informed decision-making are your best defenses. By adopting proactive security practices, scrutinizing third-party tools, and staying informed about potential threats, you can better protect your assets and data from similar risks. Media Credit: Java Brains Filed Under: AI, Top News Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.

Pay with TRIO: The E-Commerce Breakthrough.: By Eli Talmor
Pay with TRIO: The E-Commerce Breakthrough.: By Eli Talmor

Finextra

time26-06-2025

  • Business
  • Finextra

Pay with TRIO: The E-Commerce Breakthrough.: By Eli Talmor

E-Commerce and Fraud: Lack of Trust. Online shopping offers unparalleled convenience, transforming how goods and services are purchased. This digital accessibility, however, also presents a fertile ground for fraudulent activities, impacting millions of individuals annually and resulting in significant financial harm. The sheer volume and speed of online transactions make them an attractive target for malicious actors, who constantly evolve their deceptive tactics. The global digital payment landscape is experiencing a period of explosive growth, with e-retail sales projected to approach $8 trillion by 2025. This rapid digital transformation, however, presents a significant paradox. While it undoubtedly offers unparalleled convenience and economic growth, it simultaneously creates an expanding attack surface for malicious actors, resulting in a concerning escalation in fraud losses. The inherent nature of online transactions, particularly the absence of a physical card, introduces higher fraud risks compared to traditional card-present scenarios. This structural difference makes Card-Not-Present (CNP) fraud a dominant concern, accounting for a substantial portion of all card fraud, exemplified by its 85.3% share in the UK. The very factors driving digital adoption thus amplify the necessity for robust security measures, initiating a continuous and dynamic contest between technological innovation and efforts to prevent fraud. The Significant Financial and Reputational Impact of Online Payment Fraud, Particularly from Stolen Payment Cards Online payment fraud poses a severe and multifaceted threat, resulting in substantial financial losses for both businesses and consumers globally. Projections indicate that global card fraud losses are anticipated to reach $40.53 billion by 2027, with e-commerce businesses alone facing an estimated $48 billion in losses to online payment fraud in 2023. The financial ramifications extend beyond direct monetary losses; for every $100 in fraudulent orders, businesses incur an additional $207 in indirect costs, encompassing chargeback fees, processing fees, and various operational overheads associated with fraud management. The United States, in particular, experiences exceptionally high rates of payment fraud, with reported losses increasing by 38% to $12.2 billion in 2024. Beyond the quantifiable financial damage, fraud severely erodes customer trust and significantly tarnishes brand reputation. A compelling study highlights this long-term impact, revealing that 47% of consumers would permanently cease shopping with a retailer following a data breach involving their payment card information. This observation underscores that fraud prevention strategies are not solely about protecting immediate revenue streams but are critically important for maintaining brand integrity and fostering customer loyalty, which represent intangible yet vital long-term assets. Businesses must therefore recognize that investments in robust security are fundamental to preserving their market standing and consumer relationships. Problem 1: Mistrust in Sellers. The Federal Trade Commission (FTC) alone documented nearly 266,000 cases of online shopping and negative review scams in 2023. Problem 2: Mistrust in Buyers. Businesses are losing money to Fraud-$10.6m average annual loss to fraud per merchant.. The latter sees the potential threats both from Consumers as well as Professional fraudsters. These threats include: Online payment fraud The use of stolen cards by fraudsters: A fraudster takes control of a credit or debit card account to make unauthorized transactions. Card-not-present fraud: An unauthorized person uses stolen card details to make online purchases. Card skimming: Devices capture card information at ATMs or point-of-sale terminals, such as at gas pumps. Chargeback fraud False claims for chargebacks by consumers: False claims for chargebacks, also known as chargeback fraud or friendly fraud, occur when consumers falsely dispute legitimate transactions with their credit card companies to get a refund while keeping the purchased goods or services. This practice exploits the chargeback system, designed to protect consumers from unauthorized or fraudulent transactions, for personal gain. Account takeover attacks Account takeover attempts by criminals: Account takeover (ATO) attempts involve criminals gaining unauthorized access to online accounts, often through stolen or compromised credentials. This type of fraud can lead to financial losses, identity theft, and reputational damage for both individuals and organizations. Supplier, partner & seller fraud Supplier fraud by criminals: Supplier fraud, also known as vendor fraud, is a type of fraud where criminals deceive businesses by impersonating legitimate suppliers or creating fake ones to steal money. This can involve sending fraudulent invoices, diverting legitimate payments, or using stolen identities to appear as a genuine supplier. These schemes can be sophisticated, involving detailed research into a company's procurement processes and even insider collaboration. Refund abuse False claims for refunds by consumers: Also known as return abuse, refund abuse is when a customer requests and receives a refund for a purchase they claim was incomplete or unsatisfactory. In essence, they are taking advantage of the merchant's returns policy and goodwill in order to benefit. Promo, voucher & policy abuse Promo abuse by consumers: Promo abuse by consumers refers to the act of exploiting promotional offers beyond their intended use, often by creating fake accounts or using multiple accounts to repeatedly redeem discounts and bonuses. This can involve taking advantage of sign-up incentives, referral bonuses, loyalty discounts, and other promotions designed to attract new customers or reward existing ones. There is a need to re-establish Trust between Buyers and Sellers. Stablecoins vs. Fiat for E-commerce. Pros and Cons. Stablecoins Pros. Stablecoin transactions are significantly faster than traditional methods, often confirmed in seconds or minutes. This near-instantaneous settlement drastically reduces delays, especially for high-volume or international transactions, leading to improved fulfillment speeds and higher customer satisfaction. Operating on blockchain networks, stablecoin payments are available 24/7, bypassing the limitations of traditional banking hours and weekend closures. Reduced Transaction Costs and Fees (including cross-border) Stablecoin transaction fees are typically much lower compared to those incurred with traditional payment methods like credit cards or wire transfers. For instance, while credit/debit card processing fees can range from 2% to 3%, stablecoin transfers can incur nominal fees of a few cents. Shopify's integration of USDC offers merchants their standard Shopify Payments rate, but with a rebate of up to 0.50% on USDC orders and no additional fees for international transactions. Stablecoins can eliminate foreign exchange and multi-currency conversion fees, either by allowing merchants to receive funds in their local currency without extra charges or by enabling them to hold USDC directly. A key financial benefit for merchants is the elimination of chargeback risks due to the irreversible nature of blockchain transactions. This contributes to more consistent cash flow and simplified financial planning. Traditional e-commerce payment methods, especially credit cards, impose significant transaction fees (1.5% to 3.5% per transaction) and carry the risk of chargebacks, which directly impact profit margins and financial planning. Stablecoins offer much lower transaction fees (a fraction of traditional fees) and eliminate chargeback risks. Specific examples, such as Compass Coffee aiming to save 3.75% on credit card fees and Shopify offering rebates on USDC orders, quantify these potential savings. The direct and quantifiable reduction in operational costs (lower fees, no chargebacks) provides a powerful and immediate financial incentive for e-commerce merchants to adopt stablecoins. For businesses, these economic efficiencies can outweigh some of the current complexities or consumer adoption challenges, making stablecoins a strategic choice for optimizing financial operations. Expanded Global Reach and Financial Inclusion Stablecoins facilitate fast, borderless payments, effectively bypassing the complexities and uncertainties of fluctuating exchange rates and reducing overall transactional complexity. This capability significantly broadens a business's potential international market reach. They enable businesses to engage with a vast global audience of cryptocurrency users, estimated at over 400 million worldwide. Stablecoins offer a faster and more cost-effective solution for cross-border remittances, promoting greater financial inclusion for populations who are unbanked or underbanked, particularly in developing economies. Real-world examples include Mercado Libre using USDC to pay suppliers in Brazil and Mexico, which streamlined payments and reduced costs compared to traditional bank transfers. SpaceX also leverages stablecoins to repatriate funds from Starlink sales in countries with highly volatile local currencies, such as Argentina and Nigeria, demonstrating their utility for wealth preservation Cross-border payments and remittances through traditional fiat systems are often characterized by high fees (6-10% for remittances), slow settlement times (1-3 days), and limited accessibility, especially in developing economies with underdeveloped banking infrastructure. Stablecoins drastically cut remittance costs (to less than 1%), enable instant transfers, and provide USD-pegged stability in volatile markets. They offer a digital alternative for the unbanked, allowing for USD-denominated accounts globally. The impact of stablecoins extends beyond mere transactional efficiency; they are fundamentally reshaping financial access and economic resilience in emerging markets. By offering a stable, globally accessible digital currency, stablecoins provide a practical and often superior alternative to volatile local fiat currencies and expensive, slow traditional cross-border services. This empowers individuals and businesses in these regions to participate more effectively in the global digital economy, fostering financial inclusion and potentially driving grassroots economic growth by bypassing legacy banking bottlenecks. This points to a significant socio-economic transformation, not just a technological upgrade. Blockchain-Enabled Security and Transparency Payments conducted via stablecoins, leveraging blockchain technology, inherently provide a degree of transparency and enhanced fraud protection. Transactions are encrypted and verifiably recorded on an immutable public ledger. Issuers of stablecoins typically aim to provide transparency regarding the assets backing their tokens, which is intended to foster trust and confidence among users. For instance, Circle, the issuer of USDC, is known for providing monthly attestation reports from independent accounting firms, which enhances perceived transparency. While the underlying blockchain technology offers inherent transparency for transaction records, the actual transparency and trustworthiness of stablecoins, particularly fiat-backed ones, are not automatically guaranteed. They heavily depend on the issuer's commitment to verifiable proof of reserves and adherence to evolving regulatory standards. Research highlights "Transparency Concerns," noting that some stablecoin issuers have failed to provide sufficient proof of valid audits for their reserves, leading to a degree of mistrust. Recognizing this gap, regulatory bodies are increasingly demanding audited reserves. For example, the EU's Markets in Crypto Assets Regulation (MiCA) specifically mandates that issuers of e-money tokens and asset-referenced tokens maintain reserves to fully back stablecoins, manage them properly, and ensure redeemability at face value. This suggests that "blockchain transparency" is a necessary but insufficient condition for overall stablecoin transparency; robust regulatory oversight and consistent, independent auditing of reserves are equally, if not more, critical for building widespread user confidence and mitigating systemic risks. Comparative Transaction Costs and Speeds: Comparative Transaction Costs and Speeds Stablecoins Cons: Consumer Protection: Fiat (credit card) vs. Stablecoin. It is obvious that stablecoin offers a great advantage in terms of transaction cost and speed will lag behind fiat in terms of fraud protection. It is therefore only natural to incorporate stablecoins into Pay with TRIO, thus offering unprecedented transaction cost, speed, and fraud protection for buyers and Sellers worldwide. Pay with TRIO offers:

Don't be a victim! FBI warns iOS, Android users about the latest scam
Don't be a victim! FBI warns iOS, Android users about the latest scam

Phone Arena

time17-05-2025

  • Phone Arena

Don't be a victim! FBI warns iOS, Android users about the latest scam

The latest warning from the FBI for iOS and Android users comes in the form of a Public Service Announcement. The warning says that since last month, malicious actors have impersonated senior US officials to target individuals. Many of those targeted are current or former senior US federal or state government officials themselves. The FBI suggests that if you receive a message from someone claiming to be a senior US official, "do not assume that it is authentic." These attacks have come in the form of fake texts, a practice known as "smishing," and via fake AI-generated phone calls, which is a practice known as "vishing." These texts and calls claim to come from senior US officials and try to cozy up with the targets to gain a rapport with the attackers and their victims. Earning that trust goes a long way toward helping the attackers convince their victims that they need to be sent their personal data, including the credentials they use to sign into personal accounts including banking apps, securities apps, crypto wallets, and other higher sensitive accounts accessible via the target's mobile devices. -FBI Using smishing, vishing, and spear phishing (which is the use of malicious emails to trick the victim into revealing personal data), the threat actor introduces malware or includes hyperlinks with the malicious text that will send the victim to a site controlled by the threat actor that steals usernames and passwords. Smishing attacks generate phone numbers that are used by the attacker to call. The attacker will pretend to be a business associate or a relative to engage with the target and collect log-in credentials. At the top of this story, we told you that the FBI is concerned with the latest smishing and vishing attacks, and victims are receiving texts and AI voice messages that claim to be from senior US officials. The FBI suggests that the first thing you should do if you receive one of these calls or texts is to verify the person and organization that allegedly sent you the text or phone call. The FBI suggests that before responding, research the originating number, organization, and/or person purporting to contact you. Then, independently identify a phone number for the person and call to verify their authenticity." The FBI also says, "Carefully examine the email address; messaging contact information, including phone numbers; URLs; and spelling used in any correspondence or communications. Scammers often use slight differences to deceive you and gain your trust. For instance, actors can incorporate publicly available photographs in text messages, use minor alterations in names and contact information, or use AI-generated voices to masquerade as a known contact." Take a long look at any images and or videos sent to you for "subtle imperfections." Hands or feet could be distorted in AI-generated images, and you might catch irregular facial features, unrealistic accessories such as glasses or jewelry, shadows that look fake, unnatural movements in videos including lags between mouth movement and the words being said. Try to distinguish between a real call and an AI-generated call. If you can't judge the authenticity of a message from someone trying to reach out to you, you can call the FBI for help. In addition, the FBI says that you should not share sensitive information or an associate's contact number with people you've only met online or on the phone. The same applies when it comes to sending cash, gift cards or cryptocurrency. Do not send these items to people you've only met online or on the phone. Do not click on any links found on texts or emails you have received. Additionally, "Never open an email attachment, click on links in messages, or download applications at the request of or from someone you have not verified." Also, you should set up two-factor authentication on all apps that allow it. Never disable it, and never disclose the code to anyone.

AI's Blind Spot Is The Link Between Data Security And Reliable Outputs
AI's Blind Spot Is The Link Between Data Security And Reliable Outputs

Forbes

time06-05-2025

  • Business
  • Forbes

AI's Blind Spot Is The Link Between Data Security And Reliable Outputs

Artificial Intelligence AdobeStock_265251947 Artificial intelligence has brought tremendous change across a range of industries, super-charging productivity, speed and decision-making. However, the advances and success of AI innovation depend squarely on data security. Without secure and trusted data, AI can be susceptible to breaches, downtime, system outages, bias, misuse, and loss of public trust. Large datasets which AI models are trained on often contain personal health, finance, or identity data. This could have serious consequences if accessed by malicious actors. The models and training data itself are also valuable intellectual property that could be a major loss if hacked. Meanwhile, cybersecurity threats are growing as the result of powerful AI-based attacks, geopolitical attacks, ransomware and other attacks. Some 87% of security professionals said that their organization has faced AI-based cyberattacks in the last year. Of course, AI is a double-edged sword and can also be used for good to identify and defend against said attacks. Cyber-attacks and data loss can be devastating in terms of financial and reputational damage, but downtime and system outages can also compromise the security of AI systems and impact their performance. Some 74% of technology professionals said a loss of data would be catastrophic for their business, according to a recent report. Challenges such as model inversion, model extraction and insecure data storage and transfer have led to regulation of data privacy and security requiring specific protections to maintain compliance. 'Building trust unlocks the full potential of agentic AI modules,' said Octavian Tanase, chief product officer at Hitachi Vantara. 'With a proactive approach to cyber resiliency, human-centered policies and new AI security tools, organizations can ensure that their data is a source of AI innovation, trust and growth.' For AI applications such as agentic AI modules, data security ensures that their outputs are high quality. Without strong protections such as zero-trust architecture, intrusion detection and immutable storage, attackers can use malicious data to poison data or exploit models during inference. However, only 38% of respondents are enhancing their training data quality to explain their AI outputs, according to a recent layered report. And 24% do not even review the datasets they use to train AI models for quality, while 37% do not tag their data. Layered Security Hitachi Vantara Innovative agentic AI modules require not only product innovation but building trust from users, partners, and stakeholders. Without this trust, stakeholders will be less likely to participate in data sharing and collaboration which is essential for model training and ecosystem growth. When any data loss, compromise or breach occurs, it affects public confidence and can cause reputational harm to specific applications as well as the broader perception of AI. 'Traditional reactive approaches to cybersecurity are not sufficient in this new environment,' Tanase said. 'Instead, technology professionals should be proactive for data protection: a zero-trust architecture mindset and a layered approach to address technical and strategic considerations.' Technical safeguards can provide a foundation for comprehensive data security. First, replication through synchronized copies of data in dispersed locations give protection so that critical applications stay operational and available. As part of replication, backup, and recovery act as a critical safety net, so that systems can be quickly restored in the event of failure, cyberattack, data loss or corruption. To guard against data breaches, access controls provide user roles and permissions with granular controls to restrict data access, which reduces the risk of unauthorized entry. To enforce this access, network security such as firewalls, zero-trust architecture and intrusion detection systems block unauthorized traffic and access. Even if data is accessed, immutable storage guarantees that data cannot be changed for a period of time. This produces a tamper-proof copy for recovery that protects against attackers altering critical data as well as any unexpected system outages. Furthermore, data encryption adds another layer of fortification by rendering data unreadable by unauthorized individuals even if they steal data. RWTH Aachen University, which teaches over 47,000 students, wanted to standardize reliable, immutable backup storage for 29 universities in its system. The University chose Hitachi Vantara for its scale and features across six locations and over 72 storage nodes. In addition to technology tools, securing AI data today requires a focus on the central role of humans. Some 39% of business owners believe that AI needs human oversight, while 34% say AI needs more disclosure and transparency on the data it uses, according to a recent Prosper Insights & Analytics survey. To achieve this, leaders must instill a culture of awareness and accountability to drive collaboration between IT, security teams and business units. Encouraging continuous learning, improvement and knowledge sharing is essential. Data governance is critical in establishing clear policies and procedures for data classification, access control and usage. Accountability is essential so that data security is maintained for teams, tools, and vendors across the AI lifecycle of data sourcing, preprocessing, model training and deployment. Prosper - Concern About Recent Developments in Artificial Intelligence Prosper Insights & Analytics Fortunately, AI itself can play a critical role in data protection, providing significant new advances for defense. Automated threat detection can scan and monitor vast data stores to identify anomalies and suspicious activities in real-time. 'AI can make threat detection faster while also taking automated pre-defined actions to limit the damage, from isolating devices to halting traffic,' Tanase said. 'With these automated systems, executives can have the peace of mind that their systems can take immediate actions, while also notifying them of any potential incidents.' AI can also be used to anonymize sensitive data while ensuring compliance with data privacy regulations. Finally, predictive security analytics use algorithms to learn from past security incidents and historical data, detect patterns and anomalies — then anticipate and help prevent threats before they occur. Comprehensive data security is vital to the development of AI innovation. Leaders can set up their organizations for success by proactively investing in technology including AI-based options to improve protection. At the same time, building an internal culture of ownership and awareness based on data governance is a foundation. With these steps, organizations can build trust and safeguard AI innovation over the long term.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store