Manufacturers are at a high risk of attack from threat actors, a BlackBerry survey found, as IT leaders are often underprepared and working with outdated infrastructure. That’s changing, though, as cybersecurity becomes more of a priority for teams across the industry.

“Across the sector, the concerns about cybersecurity were growing, leading organizations to invest more in defending themselves from threats,” Shishir Singh, EVP and CTO of BlackBerry’s cybersecurity business unit, told IT Brew in a recent interview on the survey.

Topline info. BlackBerry asked around 1,500 senior IT leaders in the manufacturing sector about their cybersecurity preparedness and fears. Respondents were from the US, UK, Germany, Japan, Australia, and Canada, representing companies varying in size from 100 to 17,500 employees with an annual revenue of nearly $277 million.

Singh, who joined BlackBerry in January 2022, told IT Brew that the findings revealed an industry with some work to do.

“Almost three-quarters of the organizations have either been targeted by a cyberattack or found themselves to be vulnerable to cybersecurity threats,” Singh said. “This includes incidents arising from employees.”

The threats include ransomware, which has continued to be a major concern for companies and organizations around the world in almost every sector and industry—and increasingly offered as something of a software-as-a-service, Singh told IT Brew.

Need for speed. Older, larger companies with outdated equipment in use on many older factory floors are at a higher risk of attack in part because they are more attractive targets to nation-state actors and affiliates who have interests in disruption tactics.

Keep reading here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Are you looking to accelerate your organization’s growth without the associated pains? Want to scale quickly and avoid typical hiccups, slowdowns, and challenges? Get ready to meet your solution.

Rocket Software understands the challenges that come with modernizing and scaling your business. That’s why they’ve developed modernization solutions that enable your business to grow seamlessly and effortlessly.

Their modernization solutions are designed to help you transition smoothly from where you are to where you want to be—with ease. Uncover insights, streamline your infrastructure, and boost performance while reducing costs, giving your business the competitive edge it needs.

Partner with Rocket Software today to grow without the growing pains.

Volunteer moderators of Q&A site Stack Overflow—one of the internet’s most active forums for programmers, data scientists, and IT professionals—have declared they are going on strike in response to mandates they say prohibit them from restricting AI-generated content.

In December 2022, Stack Overflow declared a temporary ban on ChatGPT-generated content. Yet it quickly backtracked, leaving the decision in the hands of the volunteers who run individual sites. Moderators on the site and across the Stack Exchange network, which has hundreds of other Q&A communities, say the company has switched gears again and handed down guidance making it de facto impossible to stem the tide of AI-generated content.

In a May 30 post to the site, a Stack Overflow staff member wrote the company is asking moderators to apply “very strict standard of evidence to determining whether a post is AI-authored when deciding to suspend a user,” citing the inadequacy of moderators’ intuition and demonstrable inaccuracy in “current GPT detectors.” In response, a group of moderators announced a strike, issuing an open letter saying that alongside the public statement, the company had also issued private guidance prohibiting mods from taking action on AI-generated content in the vast majority of cases.

“This change has direct, harmful ramifications for the platform, with many people firmly believing that allowing such AI-generated content masquerading as user-generated content will, over time, drive the value of the sites to zero,” moderators wrote in a collective statement on Meta Stack Exchange.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

As the automotive industry becomes more and more tech-centric, it needs to make sure connected cars are secure. That’s made penetration testing, or pentesting, a major factor in how the electronic control units (ECUs) in new cars are made airtight against hackers.

New world. As IT Brew reported in February, the changing tech is offering opportunities for hackers to get inside your dashboard.

“It’s kind of a complicated technology—so in the future, you’re going to see vulnerabilities,” Yuga Labs Staff Security Engineer Sam Curry told IT Brew at the time.

Roman Lysecky, founder and CTO of IoT monitoring company BG Networks, wrote about the new state of play in a June 7 column for Embedded Computing Design.

“Without penetration testing, it is impossible to know if a device is truly secure,” Lysecky wrote. “No one would consider releasing an automotive ECU without extensive testing of core features for functionality and safety.”

Cash money. Lysecky argued that the high number of devices that need to be secure and the relatively limited number of pentesters who can provide service are combining to drive up prices at a time when the industry can ill afford it.

That means remote testing options, like BG’s new CRATE system, will  increase in importance. BG isn’t the only company offering automotive pentesting. ETAS, a Bosch subsidiary, is also selling the service.

“Overcoming these challenges requires specialized skills and expertise in automotive ECU security testing, as well as a thorough understanding of the unique characteristics of automotive systems,” Lysecky wrote. “Pentesters must be able to work with a wide range of tools and techniques to identify vulnerabilities and provide recommendations for remediation.”

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: 96%. That’s the accuracy of a new technique that can identify the location of SMS recipients, researchers found. (Cornell University)

Quote: “Reality has become pixels, and pixels are now infinitely inventable.”—Michael Graziano, Princeton University professor of psychology and neuroscience, on how AI could lead to a “post-truth world” (Wired)

Read: Reddit’s woes continue as hackers warn they’ll leak 80 gigabytes of private data taken from the site. (TechCrunch)

Secure API infrastructure: Nylas, the go-to provider of email and calendar APIs, is diving into the 3 critical questions you should be asking about API security at their live webinar on June 27. Save your seat.*

^{*This is sponsored advertising content.}