For threats to the industrial sector—still rather weak on cybersecurity—it’s best to find creative ways to address the issue.

Lesley Carhart, technical director for industrial incident response at Dragos, told IT Brew at the RSA Conference in early May that she recommends an approach that encompasses gaming out the problem and purple teaming.

“You have to start thinking about, what will you do if you have to do incident response, because it can happen to anyone,” Carhart said.

Your move. To begin with, she explained, it’s best to make a plan. Organizations can start with tabletop exercises, where teams can examine what the problem is and how to manage it. Hypothesizing attack possibilities in a contained environment is also a good way to work on team cohesion.

“That’s easy, that’s cheap, that’s low pressure,” she said. “It’s a good relationship builder. But at some point, you have to move on beyond that.”

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Remove the guesswork from deployment without disruption. The upcoming Amazon Web Services (AWS) webinar is all about helping you identify the right way to get there.

In collaboration with the DevOps Institute, AWS will go through how to identify the best path to deployment without live disruption. They’ll explore best-practice code deployment strategies using AWS Marketplace tools that manage user safety at scale + provide secure testing of application code in production.

You’ll learn how to:

• Implement seven low-risk strategies focused on safe deployment.
• Verify that new code can be tested safely and securely in production.
• Elevate deployment capabilities with AWS Marketplace tools + other services.

Why waste time theorizing about how to safely modify production code? Get the right strategy for your process. Register for the webinar.

A team of researchers at the University of Illinois Urbana-Champaign (UIUC) has demonstrated that OpenAI’s GPT-4 model is capable of autonomously exploiting zero-day vulnerabilities—at least as long as multiple GPT-4 instances work in tandem. The method, called Hierarchical Planning with Task-Specific Agents (HPTSA), involves employing one GPT-4 agent as a “planning agent” that generates and manages subagents to handle specific tasks.

The researchers were able to give GPT-4 agents the ability to interact directly with sandbox websites by deploying a web server configured to run the LLM’s outputs as commands; it then reported back the results. This allowed GPT-4 to “basically run in a loop by asking itself to do things,” Daniel Kang, an assistant professor of computer science at UIUC who worked on the research, told IT Brew.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

An ounce of prevention is worth a pound of cure—or in the case of a breach, prevention could be worth $4.45 million in savings. That was the lesson taught by Immersive Labs, which hosted a Cyber Drills Roadshow in New York City on May 22 alongside IT specialists, team leads, and C-suite executives.

The nearly four-hour experience included a drill in which Orchid—a fictitious firm that provides POS systems and e-commerce solutions to small businesses globally—suffered a breach. In the drill, teams had to consider how to classify the incident, whether or not to escalate it to the CEO, legal team, and PR team during certain stages of the attack, and overall, how to mitigate the situation and find a quick solution for fictional customers who planned on attending an event at Madison Square Garden that day.

Participants could also utilize an AI chatbot to negotiate and make contact with the ransomware operator, answer questions from a tech reporter, or chat with an Orchid customer affected by the cyber incident.

Keep reading here.—AF

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Crack the code on AI deployment. Wish you had a roadmap to bring generative AI to your org? Tune into NVIDIA’s on-demand webinar, Deploying Generative AI in Production, to learn how to manage AI inference at scale + see NVIDIA’s streamlined solutions come to life. Watch it here.