The Federal Communications Commission (FCC) now requires wireless providers to notify customers before they grant any requests for a SIM-card change. The order, announced on Nov. 15, puts greater responsibility on comms companies to curb a social-engineering impersonation tactic called SIM swapping, which led to over $72 million in losses in 2022, according to the FBI.

“Consumers must be able to count on secure verification procedures and reliable privacy guarantees from their wireless providers. And they should be able to go about their day without fearing that someone, somewhere, might take control of their phone without a single warning sign,” said Commissioner Geoffrey Starks in a statement following the announcement.

A SIM swap occurs when a bad actor convinces a carrier to assign the victim’s phone number over to a device in the attacker’s possession. The scammer may present verbal identification or claim that their phone and SIM card were lost and destroyed.

And the tactic has worked. The FBI’s Internet Crime Report counted 2,026 total victims of SIM swaps in 2022. Between January 2018 and December 2020, the agency received only 320 complaints and total adjusted losses of “approximately $12 million,” according to the agency.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Is tackling computational tasks, navigating workflows, and drumming up creative concepts bogging you down? Sounds like it’s time to level up your Gen AI workflow.

Luckily for you, Equus collaborated with NVIDIA and Ravel to bring you a first-of-its-kind workflow that’s ideal for both on-premises and remote teams. Equipped with state-of-the-art NVIDIA technology and managed seamlessly by RAVEL Orchestrate™, these tools are the future.

And get this: On Dec. 14 at 2pm CST, they’re hosting a virtual Visualizing the Power of AI Workflows webinar that’ll showcase how these three innovative solutions work together to provide users with incredible Stable Diffusion outputs.

Get the deets on NVIDIA’s Gen AI GPUs, Equus’ Compute Solutions Innovation-as-a-Service and On-Prem Infrastructure, and Stratuscore’s RAVEL Orchestrate™ software.

Register here.

Taylor Lehmann likes to say he’s had almost every job in security, in almost every facet of healthcare. In addition to previous roles as CIO and consultant, he has been a chief information security officer at the health system Tufts Medicine and the medical IT-services provider Athena Health. His title these days is director, office of the CISO for Google Cloud Health.

His responsibilities at Google, Lehmann said, include assisting healthcare customers as they adopt cloud-based automation and the high-powered data processing that supports workplace functions such as automatic scheduling, discharge notes, and shift-change alerts.

“It’s fun to be able to work [at Google] on some of these harder problems that you can only really see once you’ve experienced them from all these different vantage points,” Lehmann said.

In a conversation with IT Brew, Lehmann talked about those harder problems, secure data practices, hospitals’ movements to the cloud, and the unique threats to healthcare environments.

This interview has been edited for length and clarity.

It seems tough to be a confident CISO of a hospital because there are so many risks. What strategies can help provide a level of assurance?

I think what most high-performing CISOs do is, number one, they participate in intelligence-sharing religiously: That is, building small, growing networks between themselves, their peers, and other organizations that kind of fit within the threat landscape that they face, have similarities, and then have a shared belief or goal that an attack on one is an attack on all. Therefore, the better able they are to learn from the things they see, and share them, the better protected all of these organizations will be.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

You gotta keep ’em separated.

The advent of AI-powered software prompt engineering has enormous potential, but with it comes the risk of expanding threat surfaces and exposing proprietary code. Earlier this year, Samsung notably experienced a leak of data earlier and on May 1 ordered employees to stop using outside generative AI tech on company-owned devices, Bloomberg reported.

At GitHub, meanwhile, executives say their prompt engineering software, Copilot, can write working code from abstract, natural-language prompts without customers exposing internal data.

Executives at the GitHub Universe conference in early November told IT Brew that their AI can’t learn from prompts, removing the vulnerability from the tool.

“It doesn’t hold anything in it that we’re allowed to continuously [learn from],” Mario Rodriguez, VP of product at GitHub, told IT Brew. “We don’t train the model on the customer data that is coming in.”

In practice, that means the AI you get out of the box is the AI you work with. Copilot won’t independently learn from your code, though Rodriguez said that models above the base model may offer that option in the future.

Threat detected. The way AI is being utilized may expose internal information to possible attackers, IT Brew reported in May. Proprietary data leaking into generative AI models can lead to severe security risks, Cyberhaven CEO Howard Ting told IT Brew at the time.

Keep reading here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: $14.5 billion. That’s Nvidia revenue for Q3 2023, up 279% YOY due to hyperscaler AI hype. (CIO Dive)

Quote: “There’s absolutely no probability that you’re going to see this so-called AGI, where computers are more powerful than people, in the next 12 months…But I still think the time for safety is now.”—Microsoft President Brad Smith speaking to reporters in the UK on developments in AI (Reuters)

Read: Watch out—any Gmail accounts that haven’t been logged into for at least two years will be deleted starting Dec. 1 as part of a cybersecurity initiative. (the Wall Street Journal)

Workflow win: Equus, NVIDIA, and Ravel collaborated to create a first-of-its-kind workflow, and they’re holding a virtual webinar on Dec. 14 at 2pm CST to show it off. Save your spot.*

^{*A message from our sponsor.}