ChatGPT isn’t really artificial intelligence, making your digital transformation safe, ransomware continues
By John Bruggeman, virtual Chief Information Security Officer, CBTS
ChatGPT isn’t really artificial intelligence
ChatGPT is getting a lot of attention, and it’s well earned. It’s a very fun tool that can create a poem, a short story, a disclaimer, computer code, or even a computer security policy, from a few basic questions or prompts.
Back in December, I was curious to see how good this generative pretrained transformer, the GPT in ChatGPT was, so I tested it out.
I asked ChatGPT to create a disclaimer for a mandatory office party.?In less than 60 seconds it created a workable disclaimer that looked very similar to other disclaimers I’ve read over the years (yes, I read the disclaimer).
Great, that’s got to be artificial intelligence, right?
Ah, not so fast Skipper.
What ChatGPT and similar tools are is something different than what I think of when I hear the phrase 'artificial intelligence'.?They are large language models (LLMs), which I tend to think of as an expert system. Expert systems were all the rage back in the late ’70s and ’80s but fell out of favor as the phrase artificial intelligence started to take over.
An LLM breaks a sentence or paragraph down into chunks of text, even chunks of words, and then looks for patterns in the text to see what words tend to be grouped together, and what words follow other words.?
Like, if you type in “Dear Mom, how are you feeling today?”, the tool will “learn” from the big data lake of words that after you type, “how are you” that “feeling” is very likely the next word.
If you feed an LLM all the data in Wikipedia, you’re going to have a pretty big data set that will have lots and lots of words and phrases, which is great. You can use that big pool of data to do a lot of predictions. It’s not intelligent, but it is pretty cool.
To me, AI would be capable of writing a poem after looking at a picture of the sun setting over a mountaintop or the ocean.?Or writing a play about the birth or death of a star athlete or politician, without a prompt that says, “Write a play about Michael Jordan and how great a player he was at basketball but not baseball, in the style of William Shakespeare.”
ChatGPT and other tools can, and will, be used to write really convincing phishing e-mails and write very effective malware. Then Proofpoint, Mimecast, Abnormal, and other e-mail security gateway vendors will train their LLMs to spot these new and better phishing e-mails. Microsoft, Sentinel One, Trend Micro, and Crowdstrike will train their tools to spot this new malware.
Cybersecurity is an arms race. It always has been and always be. With tools like ChatGPT, the pace and cost will increase, and we have to be prepared.
I see tools like ChatGPT as great assistants, that will augment the routine things we do and give us more time to do value-added things, like look for new opportunities, develop new, creative solutions to complex problems, and discover new areas where we can help our companies grow and thrive.?
If you want to read a short description of how LLMs work, you can read this short article from the New York Times.
Making your digital transformation safe
I recently wrote a short article for Forbes magazine Technology Council on digital transformation and the need to keep security part of that journey.
Digital transformation is the process of updating legacy applications to modern, secure, cloud-first systems.
There are a lot of elements to a digital transformation program, but a key element is to make sure that as you move your legacy applications from the back office to the Cloud, you do so securely.
Making a secure transition to the Cloud is possible, but you need to have your security team or leader at the table when you start the process. That is where CBTS comes in.?Engaging our security team early in the process means your data is protected as the data is moved from the on-prem server to the Cloud.
What to do?
Are you thinking about migrating that legacy application from the back-office server to a cloud solution??If you are, make sure you have someone from our security team at the table. CBTS has the skills to help make that migration smooth, safe, and secure.
Ransomware and cybersecurity attacks continue to increase
I’ve heard from a few customers that ransomware seems to be going away, or more accurately, they don’t hear about ransomware or cybersecurity attacks as much as they did in the past.
Well, bad news folks. Ransomware and cybersecurity attacks continue to plague companies, both large and small, around the world.
Over the last two months, I have been on several calls with CBTS customers who have been hit with ransomware. Sometimes the outcomes are painful, sometimes they are annoying, and sometimes they are devastating.
One customer ignored our advice and the air-gapped backup* they thought would protect them didn’t work as advertised.
(*An air-gapped backup is a backup, on tape or disk, that is not connected to the main network, which protects the backup from infection.)
Another customer who did follow our advice and used our Backup as a Service was able to quickly recover.
To get an idea of the size and industries targeted by these criminal organizations, below is a list of some of the big names from last month that experienced a cybersecurity incident:
What to do?
It almost goes without saying nowadays that you need to have security solutions in place to protect yourself from a ransomware attack. But how do you decide what's effective for your organization and what isn't? Here are three short questions you want to ask.
1) Do you have good backups? Have you tested them? Do you keep a copy of your backups offsite?
2) How long can you run your business without using a computer?
3) What is the most critical function for your business??Can you do that function without a computer or computer system for an hour, a day, or a week?
Once you get the answers to those questions, you can start a longer conversation about how CBTS can help your company stay safe and secure with a security program assessment, network assessment, or other security engagement.
You can read more about it here in a CBTS blog post about becoming ransomware proof.
About the author
John Bruggeman is a veteran technologist, CTO, and CISO with nearly 30 years of experience building and running enterprise IT and shepherding information security programs toward maturity. He helps companies, boards, and C-level committees improve and develop their cybersecurity programs, create risk registers, and implement compliance controls using industry-standard frameworks like CIS, NIST, and ISO.
Interesting article. Thank you for the rundown clarification.
Business Development Rep (BDR) | Loocey
1 年Add me [email protected]
Business Development Rep (BDR) | Loocey
1 年Add me [email protected]
Dedicated Husband | Problem Solver | Girl Dad x 3 | Outdoorsman | Digital Transformation Advisor | GLOBAL Resource for All Things 5G
1 年Great article John Bruggeman.