17 countries adopt AI security guidance document || Upstream cyber attack on clients of legal tech service provider
CyberInsights #120 - AI security standards || A legal tech firm is a victim of a cyber attack, allegedly 80 clients cannot access their case files
You did not receive the newsletter last week. It’s been really busy and I had to miss this one. You will probably hear more about it in my memoirs 😊, should I get around to writing one.
BTW, I have written a book “Monkey Shakespeare Typewriter: Cybersecurity for Everyone” which is available on Amazon. I am toying with the idea of writing a fiction soon. But that’s enough blabber…
Collaboration among countries to adopt guidelines for secure AI system development
Developments in AI are faster than the proverbial speeding bullet. From Sam Altman being ousted and reinstated at OpenAI to adoption of AI secure development guideline by 17 countries, it’s all happening with AI.
AI risks are in addition to the traditional infosec risks. However, AI thinkers and regulators want to ensure that don’t repeat the mistake that infosec thinkers did back in the day - plug in infosec as an afterthought. Hence, a guideline on how to build secure AI systems.
The list of countries that are a part of this is on this website. [LINK]
The guideline is logically structured in 4 areas:
Download the PDF of the document here [LINK]
Take Action:
This guideline appears fairly simple. It is supposed to align closely with the NIST Secure Software Development framework, so if you are already following it, then the additional steps would be quite simple.
If you have an ecosystem that involves development or use of AI systems, this is a guideline worth reading.
Legal tech service provider in the UK faces a cyber attack
Allegedly, 80 Clients unable to access their case files and work has come to a halt
CTS, a UK based legal tech service provider that provides “Cloud and managed IT for law” was hit with a cyber attack. Read more about it here [LINK]
While there is no official release by CTS, this website reports that 80 clients are unable to continue their business. [LINK]
Take Action:
Supply Chain attacks are one of the prime attacks mentioned in the ENISA Threat Landscape report 2023.
First, have a supplier risk assessment process in place. For mission critical suppliers, have identified backups to be able to recover or continue operations within the RTO (recovery time objective).
The supply chain attacks that impact the most are:
Software vendors (like this attack)
Information Processing vendors
IT outsourcing vendors (infrastructure, software development, etc.)
Logistics Vendors
I may have missed many of them, but if your business depends on these vendors, your infosec teams and business continuity teams have to do a detailed assessment of their partner ecosystem.