March 27, 2023 • 18 mins
Each week, TechTarget's news team and industry experts provide candid insight and analysis of the biggest IT news headlines of the week. On today's show, T. Ravichandran, an associate dean for research at the Lally School of Management at Rensselaer Polytechnic Institute, discusses the risks associated with using third-party AI in business, TechTarget reporter Esther Ajao explains Nvidia's latest moves in generative AI, and TechTarget reporter Arielle Waldman tells us why security pros are unhappy with the growing influence of cyber-insurance companies.
Watch Tech News this Week on the TechTarget News Bytes Channel:
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Unknown (00:00):
In some cases, insurance carriers may be
(00:02):
overpaying the attackers just tokind of get the case over with
but that can perpetuate theransomware cycle and incentivize
the attackers.
Antone Gonsalves (00:12):
Hi, and welcome to Tech News this week.
I'm your host, techtarget newsdirector and drunken Sophos. On
today's show, we're going todiscuss what to consider before
using third party AI in yourbusiness. The video is moves
into generative AI, and whysecurity professionals are
(00:33):
rattled by the growing influenceof cyber insurance companies.
First up is third party AI inbusiness. Every day tech vendors
are announcing some type of AIin their products. So it's a
good idea to step back and thinkabout what they are asking you
to do. They're asking to runyour data through their AI
(00:56):
engines on the promise ofdelivering intelligence that
make your business moreefficient. And employees more
productive hitter explained therisk associated with third party
AI tools is T ravish. Chandranand Associate Dean for Research
at lallie School of Managementat renessa, Polytechnic
(01:19):
Institute in Troy, New York. Soyou know, so what should
businesses consider whenallowing a vendor to, you know,
become so embedded in theirbusiness operations.
Unknown (01:31):
So you mentioned generative AI, and I think the
more popular ones that we heardof in the news is Chad GPT. And,
and the more recent versions ofit, as a class of technology,
generative AI, is an artificialintelligence system that takes
content that it has kind oflearned that is available on the
(01:54):
web, and product is able togenerate new content. Now,
companies are embedding thistool as, as a feature in many of
the software that they'reselling to a platform that
they're selling to companies andcompanies are trying to use
them. That there are manychallenges that arise with this.
(02:16):
First is, if we talk about IP asa as a space to kind of consider
the challenges. The content thatthese generative AI systems
create, is learned based oncontent that is out there on the
web. If you take images, forexample, text to image
(02:39):
generation, you can give aprompt to say, okay, generate
image of a chicken with a tophat. Okay? In order to do that,
the technology kind of learnsquite a bit about various
configurations of you know,chicken fingers and top hat
figures and puts them togetherand creates an image that is
(03:01):
appropriate for the prompt thatyou gave. But when it is
learning that it is using imagesthat is out there on the web,
some of them might becopyrighted. So it's not very
clear who owns the copyright forcontent that is generated from
this technology, I think recentrulings, at least from the
(03:24):
copyright office is not thatclear. For example, there was a
comic book that was generatedusing images created to this
method. And initially, thecopyright was given to the to
the book, and then subsequentlythe review rate, and recipient
the copyright, saying that theCreator, in this case, the
(03:44):
author did not have enoughcontrol over the material that
was generated, particularly theimage, and so the corporate was
rescinded. And thensubsequently, they kind of
granted the copyright for onlythe arrangement or the image and
the text in whatever creativefashion that the author did, but
not for the images themselves.So it does create challenges.
(04:08):
When companies use this inmarketing, communications or
creating images as part of theircommunication. It's not clear
whether they own the copyrightfor it, and whether they're
liable to be sued or or or otherparties claiming use of it. The
others could also probably useit, use it if they need to,
(04:29):
because the company may not ownthe copyright for it.
Antone Gonsalves (04:32):
So is there is there anything, is there any way
businesses can protectthemselves against, say a
lawsuit over copyrightinfringement?
Unknown (04:42):
So one way to think about it as to use this
generator systems to createideas and create content that is
that gives you suggestions, andnot necessarily explicitly use
them assets. That may not be asproductive as generating content
(05:03):
straightaway and using it. Butthat perhaps allows for the
businesses to claim that therewas content that was generated
by the system, but then ourpeople worked on it and
developed it further. And sothere is a certain claim for
ownership that the companies canhave on the content, it also
creates some challenges, forexample, you might hire a third
(05:25):
party to develop some contentfor you. And you, you, you have
to be clear that whether thethird party generate the content
using these kinds oftechnologies, and if they do,
then that again, you know,usually in those contracts, you
can provide a contract and thecontent that is generated by the
(05:46):
third party, eventually the IPgets transferred to the
ownership gets transferred toyou as a company. But if the
third party are generated,using, you know, these kinds of
technologies, it's not clearwhether that ownership of IPS is
us. Okay. Okay, so is
Antone Gonsalves (06:05):
it. So is it time for Congress to take a look
at this? And is there a need forregulation,
Unknown (06:14):
there certainly is a need for regulation, I think the
copyright laws, once we have it,have to be revisited given that
these technologies are onlygoing to grow in their
popularity and use as well asthe overall capabilities will
continue to grow. I mean, we'veseen examples of, you know,
(06:35):
Chad, GPD, and Microsoft beingusing it and creating all kinds
of silly errors. But that's justthe start of the, it's very
nascent, and the initial stagein its lifecycle. As these
technologies get deployed,they're going to grow in terms
of their capabilities. And theywill become more sophisticated,
in which case in which time,companies will make it, it'll be
(06:59):
compelling for organizations tobe able to use that. So the
copyright laws have to evolve tokind of address this, right now
we have the fair use doctrine.And in us, which, which has some
leeway, that allowsorganizations to use content
(07:20):
that is out there in areasonable way. But it's not
clear whether that will, thoseare sufficient to protect
companies from potentiallawsuits that they're using. The
challenge is even bigger whenyou're dealing with coal,
because these technologies canalso be used to generate code.
(07:44):
So the game, sometimes, youknow, the code gets generated
might be something that getscopied from somewhere else. And
there's enough evidence now thatthese generate new technologies,
they're not necessarily creatingcompletely new things there,
where they have an ability toharness a lot of information
(08:06):
that is already existing there,and then putting it together in
ways that aligns with the usersprompts or requests. And in the
process, some of it could be,you know, replication of what is
already there. And that createsa gain, you know, if you're
embedding some of the codegenerated through these
technologies in your product,then it's not clear whether you
(08:29):
have the complete rights to therevenues and benefits that we
generate through those products.So there are a lot of gray areas
here that needs to be navigatedcarefully. And already, there
are lawsuits that are out therethat are trying to sort these
things out. And some of some ofit will become clearer as we go
forward. But I think that therehas to be some legal frameworks
(08:51):
that make it even more clearerfor technology providers and for
companies that are using it.Okay, so
Antone Gonsalves (08:59):
we're gonna have to sort of companies are
going to have to get their legalteams involved. And hopefully,
at some point the Congress willgive us our politicians will
give us some clarity into theseissues. But as you say, it is
evolving and it's going to taketake some time. It's an
interesting discussion, Ravi andunfortunately, we have to end it
(09:19):
here. You know, thanks forcoming on the show.
Unknown (09:23):
Thank you very much.
Antone Gonsalves (09:26):
Okay, so the video. The video is chips you
know, I used to power AIapplications, its success and
selling hardware. Sellinghardware has powered big gains
in the company's stock price andrevenues. This week at the
company's developer conference,nividia unveiled cloud services
(09:50):
for building AI models. Here toexplain in the video his latest
AI moves is techtarget reporteras the Agile. Alright, so what
is the video offering this new?And what can businesses do with
it?
Esther Ajao (10:06):
Yeah, so So this week they, they kind of
introduced their, what they calltheir foundational platforms.
And so this allows companies andenterprises to go and kind of
build their own generative AImodels. So part of that is
Nvidia Nemo, which is a largelanguage model. And the new
thing when Nemo, which theyintroduced previously last year,
(10:27):
is that now they have thisretrieval application. And so it
enables when you're buildingyour model enables, I guess, for
you to have like kind of like asite for the large LinkedIn
model to be able to cite whereit gets a sources form. And also
to kind of correct whereverthere's an error. And then they
have Picasso, and Picasso,they're working with content
(10:50):
stock providers, like AdobeShutterstock, as well as Getty
Images. And then they have theirbio Nemo, which is working in
the medical side of it andtrying to do work with drug
discovery process. So those arethe things that they're working
with, with a generative AIspace, they made an emphasis to
(11:10):
say we are providing a place forenterprises for developers to be
able to create their owngenerated AI models. So this
isn't like nothing new, but theplatform is, this is a place for
you to work with it yourself andtry to figure out what works
best for you.
Antone Gonsalves (11:27):
And you know, from our previous guests, he
brought up concerns overcopyright issues in the use of
of AI, particularly when you'regoing from text to images, text,
video, that type of thing, whichI believe in the videos
offering, what steps, how isn'ta video addressing a potential
(11:48):
copyright problems?
Esther Ajao (11:50):
Yeah, I mean, this is interesting. We've had like
your previous guest was talkingobviously, there has been loss
of Getty Images as one of thosewho have sued on the creators of
these text images, allegedlysaying that they use their, you
know, copyrighted photos, andlike being in datasets. And so
by partnering with like Getty, Ipartnered with Adobe, and Vidya
(12:12):
is kind of helping develop thiskind of like, respect for
artists is the best way that Ican speak about it, because
these artists have already giventheir work to these stock
providers. And I believe, Adobe,if I'm not Long Island, there'll
be an all Getty they'reproviding whatever they get from
the creation of these images,generated images, they kind of
(12:35):
given the revenue part of therevenue. So artists, so it's of
a respectful relationship thatwe're starting to see,
especially as many artists, notonly artists, but mainly artists
are concerned about how thesenew tools are going to take away
from them, and how they're goingto, I guess lead to the
elimination of their jobs.
Antone Gonsalves (12:55):
Okay. And last question is, the video is cloud
services, in essence are goingto be competing with Microsoft
and Google. Have, at the sametime, Microsoft and Google our
customers in the videos, theybuy their hardware. So how do
you expect the video to navigatebeing a competitor and a
(13:18):
supplier to some of these techcompanies?
Esther Ajao (13:21):
Yeah, I asked him that question that was like, so
you guys are kind of working ina fine line here. And I think
their main differentiatingfactor, and what they said is
like we are, we are catering toenterprises, right. And that's
what they that's what they'rereally focusing on while Google
and Microsoft, and AWS, alsoCanada enterprises and viewers
(13:42):
alike. We are solely catering toenterprises, we are solely
interested in giving them thetools to be able to create those
models. And I think that will betheir main competing factor. I
mean, Google also last week,like we spoke about releasing
API's that give enterprisingdevelopers the ability to create
these models, but Nvidia issolely focused on that. So I
(14:02):
think that is their maincompeting factor. We will still
have to see who's going to comeout on top and this generated
generative AI space but it'sinteresting so high.
Antone Gonsalves (14:12):
Yeah, certainly is interesting. And
there's a lot there's a lot toone unfold over time. So so we
shall see and we'll be watchingor you'll be watching closely.
Okay, so over the last severalyears, a growing number of
businesses are turning toinsurance companies that offer
(14:36):
policies to cover damages fromcyber attacks, that the trend
has placed insurance companiesin the middle of post attack
investigations. This worriescompanies and security pros to
tell us why is that istechtarget news writer Ariel
Waldman. So how is the role ofinsurance companies in post
(14:58):
attack investigations grown?Yeah, out. Well, more
Unknown (15:01):
and more enterprises are needing cyber coverage, or
they're being told by theirboards that they need to
implement a policy. So the cyberinsurance market is expanding
exponentially in itself. Mostorganizations do have policies
and many of those have usedthose policies multiple times.
So it just shows how much of agrowth it's experienced. The
(15:22):
Cyber market is increasinglybeing driven by ransomware
attacks. So insurers arebecoming more involved in
ransomware response. That's oneof the main areas where their
role has grown immensely.
Antone Gonsalves (15:35):
So what's the problem with have insurance
companies getting involved inthese investigations, they do
have to protect their interests.
Unknown (15:42):
Well, during the ransomware attacks, threat
actors encrypt systemsexfiltrate data, they demand
payments to unlock it. But theworst part is how attackers
extortion threats, which arebecoming more ruthless, they
threaten to publicly leak thestolen data if the company does
not pay the ransom. So insurersthat become more involved in
negotiating those payments andassisting with recovery. And
(16:05):
enterprises are worried that theinsurance insurers may have too
much influence when it comes toransomware response and the
decision on whether to pay theransom or not. In some cases,
insurance carriers may beoverpaying the attackers just to
kind of get the keys over withthe fat can perpetuate the
ransomware cycle and incentivizethe attackers. Another
(16:27):
challenging area is aroundnotification requirements
following an attack. In somecases, the insurers require
enterprises to notify thecarrier before law enforcement
and incident response teams thatcan present a problem if the
companies are being penalizedfor notifying law enforcement
first, contacting intelligenceand collecting intelligence as
(16:52):
quickly as possible can becritical. So notifying law
enforcement can be reallyimportant. And if the insurers
are, like requiring thecompanies to notify them before
law enforcement that couldpresent some problems.
Antone Gonsalves (17:09):
I would assume that businesses are in a
position where they kind of haveto do with the insurance
companies tell them or at leastconsider it seriously, because
they're depending on gettingpaid?
Unknown (17:21):
Yeah, yeah. Those clauses say that if the
notification clauses say thatthey have to notify people in a
certain order, and then theydon't do that. Yeah, then that's
not fair to the company.
Antone Gonsalves (17:34):
No, it isn't. So insurance companies are, you
know, tightening policyrequirements. Right. So what's
behind these restrictive terms?
Unknown (17:45):
It's actually a positive thing for enterprises
that insurers are kind oftightening up in that area. I
think the insurers they kind ofknow where attackers, they're
using similar techniques.They're using, you know, the
ransomware attacks. They'retargeting vulnerable companies
that haven't patched theirsoftware, certain software
(18:07):
vulnerabilities. They're doingphishing attacks. So the
insurers now are kind of tryingto look to sew up those holes
with, you know, basic securityhygiene, which could be you
know, employee awarenesstraining, implementing multi
factor authentication to protectcredentials and passwords. So
(18:28):
that's actually been reallyhelpful for the companies. Some
security experts say thatthere's actually been a decrease
in attacks because companies arebeing forced to implement these
basic security controls becauseof cyber insurance, especially
for small and medium sizedbusinesses.
Antone Gonsalves (18:46):
All right, that wraps up this week's show.
Thanks for watching. Enjoy theweekend.
In some cases, insurance carriers may be
(00:02):
overpaying the attackers just tokind of get the case over with
but that can perpetuate theransomware cycle and incentivize
the attackers.
Antone Gonsalves (00:12):
Hi, and welcome to Tech News this week.
I'm your host, techtarget newsdirector and drunken Sophos. On
today's show, we're going todiscuss what to consider before
using third party AI in yourbusiness. The video is moves
into generative AI, and whysecurity professionals are
(00:33):
rattled by the growing influenceof cyber insurance companies.
First up is third party AI inbusiness. Every day tech vendors
are announcing some type of AIin their products. So it's a
good idea to step back and thinkabout what they are asking you
to do. They're asking to runyour data through their AI
(00:56):
engines on the promise ofdelivering intelligence that
make your business moreefficient. And employees more
productive hitter explained therisk associated with third party
AI tools is T ravish. Chandranand Associate Dean for Research
at lallie School of Managementat renessa, Polytechnic
(01:19):
Institute in Troy, New York. Soyou know, so what should
businesses consider whenallowing a vendor to, you know,
become so embedded in theirbusiness operations.
Unknown (01:31):
So you mentioned generative AI, and I think the
more popular ones that we heardof in the news is Chad GPT. And,
and the more recent versions ofit, as a class of technology,
generative AI, is an artificialintelligence system that takes
content that it has kind oflearned that is available on the
(01:54):
web, and product is able togenerate new content. Now,
companies are embedding thistool as, as a feature in many of
the software that they'reselling to a platform that
they're selling to companies andcompanies are trying to use
them. That there are manychallenges that arise with this.
(02:16):
First is, if we talk about IP asa as a space to kind of consider
the challenges. The content thatthese generative AI systems
create, is learned based oncontent that is out there on the
web. If you take images, forexample, text to image
(02:39):
generation, you can give aprompt to say, okay, generate
image of a chicken with a tophat. Okay? In order to do that,
the technology kind of learnsquite a bit about various
configurations of you know,chicken fingers and top hat
figures and puts them togetherand creates an image that is
(03:01):
appropriate for the prompt thatyou gave. But when it is
learning that it is using imagesthat is out there on the web,
some of them might becopyrighted. So it's not very
clear who owns the copyright forcontent that is generated from
this technology, I think recentrulings, at least from the
(03:24):
copyright office is not thatclear. For example, there was a
comic book that was generatedusing images created to this
method. And initially, thecopyright was given to the to
the book, and then subsequentlythe review rate, and recipient
the copyright, saying that theCreator, in this case, the
(03:44):
author did not have enoughcontrol over the material that
was generated, particularly theimage, and so the corporate was
rescinded. And thensubsequently, they kind of
granted the copyright for onlythe arrangement or the image and
the text in whatever creativefashion that the author did, but
not for the images themselves.So it does create challenges.
(04:08):
When companies use this inmarketing, communications or
creating images as part of theircommunication. It's not clear
whether they own the copyrightfor it, and whether they're
liable to be sued or or or otherparties claiming use of it. The
others could also probably useit, use it if they need to,
(04:29):
because the company may not ownthe copyright for it.
Antone Gonsalves (04:32):
So is there is there anything, is there any way
businesses can protectthemselves against, say a
lawsuit over copyrightinfringement?
Unknown (04:42):
So one way to think about it as to use this
generator systems to createideas and create content that is
that gives you suggestions, andnot necessarily explicitly use
them assets. That may not be asproductive as generating content
(05:03):
straightaway and using it. Butthat perhaps allows for the
businesses to claim that therewas content that was generated
by the system, but then ourpeople worked on it and
developed it further. And sothere is a certain claim for
ownership that the companies canhave on the content, it also
creates some challenges, forexample, you might hire a third
(05:25):
party to develop some contentfor you. And you, you, you have
to be clear that whether thethird party generate the content
using these kinds oftechnologies, and if they do,
then that again, you know,usually in those contracts, you
can provide a contract and thecontent that is generated by the
(05:46):
third party, eventually the IPgets transferred to the
ownership gets transferred toyou as a company. But if the
third party are generated,using, you know, these kinds of
technologies, it's not clearwhether that ownership of IPS is
us. Okay. Okay, so is
Antone Gonsalves (06:05):
it. So is it time for Congress to take a look
at this? And is there a need forregulation,
Unknown (06:14):
there certainly is a need for regulation, I think the
copyright laws, once we have it,have to be revisited given that
these technologies are onlygoing to grow in their
popularity and use as well asthe overall capabilities will
continue to grow. I mean, we'veseen examples of, you know,
(06:35):
Chad, GPD, and Microsoft beingusing it and creating all kinds
of silly errors. But that's justthe start of the, it's very
nascent, and the initial stagein its lifecycle. As these
technologies get deployed,they're going to grow in terms
of their capabilities. And theywill become more sophisticated,
in which case in which time,companies will make it, it'll be
(06:59):
compelling for organizations tobe able to use that. So the
copyright laws have to evolve tokind of address this, right now
we have the fair use doctrine.And in us, which, which has some
leeway, that allowsorganizations to use content
(07:20):
that is out there in areasonable way. But it's not
clear whether that will, thoseare sufficient to protect
companies from potentiallawsuits that they're using. The
challenge is even bigger whenyou're dealing with coal,
because these technologies canalso be used to generate code.
(07:44):
So the game, sometimes, youknow, the code gets generated
might be something that getscopied from somewhere else. And
there's enough evidence now thatthese generate new technologies,
they're not necessarily creatingcompletely new things there,
where they have an ability toharness a lot of information
(08:06):
that is already existing there,and then putting it together in
ways that aligns with the usersprompts or requests. And in the
process, some of it could be,you know, replication of what is
already there. And that createsa gain, you know, if you're
embedding some of the codegenerated through these
technologies in your product,then it's not clear whether you
(08:29):
have the complete rights to therevenues and benefits that we
generate through those products.So there are a lot of gray areas
here that needs to be navigatedcarefully. And already, there
are lawsuits that are out therethat are trying to sort these
things out. And some of some ofit will become clearer as we go
forward. But I think that therehas to be some legal frameworks
(08:51):
that make it even more clearerfor technology providers and for
companies that are using it.Okay, so
Antone Gonsalves (08:59):
we're gonna have to sort of companies are
going to have to get their legalteams involved. And hopefully,
at some point the Congress willgive us our politicians will
give us some clarity into theseissues. But as you say, it is
evolving and it's going to taketake some time. It's an
interesting discussion, Ravi andunfortunately, we have to end it
(09:19):
here. You know, thanks forcoming on the show.
Unknown (09:23):
Thank you very much.
Antone Gonsalves (09:26):
Okay, so the video. The video is chips you
know, I used to power AIapplications, its success and
selling hardware. Sellinghardware has powered big gains
in the company's stock price andrevenues. This week at the
company's developer conference,nividia unveiled cloud services
(09:50):
for building AI models. Here toexplain in the video his latest
AI moves is techtarget reporteras the Agile. Alright, so what
is the video offering this new?And what can businesses do with
it?
Esther Ajao (10:06):
Yeah, so So this week they, they kind of
introduced their, what they calltheir foundational platforms.
And so this allows companies andenterprises to go and kind of
build their own generative AImodels. So part of that is
Nvidia Nemo, which is a largelanguage model. And the new
thing when Nemo, which theyintroduced previously last year,
(10:27):
is that now they have thisretrieval application. And so it
enables when you're buildingyour model enables, I guess, for
you to have like kind of like asite for the large LinkedIn
model to be able to cite whereit gets a sources form. And also
to kind of correct whereverthere's an error. And then they
have Picasso, and Picasso,they're working with content
(10:50):
stock providers, like AdobeShutterstock, as well as Getty
Images. And then they have theirbio Nemo, which is working in
the medical side of it andtrying to do work with drug
discovery process. So those arethe things that they're working
with, with a generative AIspace, they made an emphasis to
(11:10):
say we are providing a place forenterprises for developers to be
able to create their owngenerated AI models. So this
isn't like nothing new, but theplatform is, this is a place for
you to work with it yourself andtry to figure out what works
best for you.
Antone Gonsalves (11:27):
And you know, from our previous guests, he
brought up concerns overcopyright issues in the use of
of AI, particularly when you'regoing from text to images, text,
video, that type of thing, whichI believe in the videos
offering, what steps, how isn'ta video addressing a potential
(11:48):
copyright problems?
Esther Ajao (11:50):
Yeah, I mean, this is interesting. We've had like
your previous guest was talkingobviously, there has been loss
of Getty Images as one of thosewho have sued on the creators of
these text images, allegedlysaying that they use their, you
know, copyrighted photos, andlike being in datasets. And so
by partnering with like Getty, Ipartnered with Adobe, and Vidya
(12:12):
is kind of helping develop thiskind of like, respect for
artists is the best way that Ican speak about it, because
these artists have already giventheir work to these stock
providers. And I believe, Adobe,if I'm not Long Island, there'll
be an all Getty they'reproviding whatever they get from
the creation of these images,generated images, they kind of
(12:35):
given the revenue part of therevenue. So artists, so it's of
a respectful relationship thatwe're starting to see,
especially as many artists, notonly artists, but mainly artists
are concerned about how thesenew tools are going to take away
from them, and how they're goingto, I guess lead to the
elimination of their jobs.
Antone Gonsalves (12:55):
Okay. And last question is, the video is cloud
services, in essence are goingto be competing with Microsoft
and Google. Have, at the sametime, Microsoft and Google our
customers in the videos, theybuy their hardware. So how do
you expect the video to navigatebeing a competitor and a
(13:18):
supplier to some of these techcompanies?
Esther Ajao (13:21):
Yeah, I asked him that question that was like, so
you guys are kind of working ina fine line here. And I think
their main differentiatingfactor, and what they said is
like we are, we are catering toenterprises, right. And that's
what they that's what they'rereally focusing on while Google
and Microsoft, and AWS, alsoCanada enterprises and viewers
(13:42):
alike. We are solely catering toenterprises, we are solely
interested in giving them thetools to be able to create those
models. And I think that will betheir main competing factor. I
mean, Google also last week,like we spoke about releasing
API's that give enterprisingdevelopers the ability to create
these models, but Nvidia issolely focused on that. So I
(14:02):
think that is their maincompeting factor. We will still
have to see who's going to comeout on top and this generated
generative AI space but it'sinteresting so high.
Antone Gonsalves (14:12):
Yeah, certainly is interesting. And
there's a lot there's a lot toone unfold over time. So so we
shall see and we'll be watchingor you'll be watching closely.
Okay, so over the last severalyears, a growing number of
businesses are turning toinsurance companies that offer
(14:36):
policies to cover damages fromcyber attacks, that the trend
has placed insurance companiesin the middle of post attack
investigations. This worriescompanies and security pros to
tell us why is that istechtarget news writer Ariel
Waldman. So how is the role ofinsurance companies in post
(14:58):
attack investigations grown?Yeah, out. Well, more
Unknown (15:01):
and more enterprises are needing cyber coverage, or
they're being told by theirboards that they need to
implement a policy. So the cyberinsurance market is expanding
exponentially in itself. Mostorganizations do have policies
and many of those have usedthose policies multiple times.
So it just shows how much of agrowth it's experienced. The
(15:22):
Cyber market is increasinglybeing driven by ransomware
attacks. So insurers arebecoming more involved in
ransomware response. That's oneof the main areas where their
role has grown immensely.
Antone Gonsalves (15:35):
So what's the problem with have insurance
companies getting involved inthese investigations, they do
have to protect their interests.
Unknown (15:42):
Well, during the ransomware attacks, threat
actors encrypt systemsexfiltrate data, they demand
payments to unlock it. But theworst part is how attackers
extortion threats, which arebecoming more ruthless, they
threaten to publicly leak thestolen data if the company does
not pay the ransom. So insurersthat become more involved in
negotiating those payments andassisting with recovery. And
(16:05):
enterprises are worried that theinsurance insurers may have too
much influence when it comes toransomware response and the
decision on whether to pay theransom or not. In some cases,
insurance carriers may beoverpaying the attackers just to
kind of get the keys over withthe fat can perpetuate the
ransomware cycle and incentivizethe attackers. Another
(16:27):
challenging area is aroundnotification requirements
following an attack. In somecases, the insurers require
enterprises to notify thecarrier before law enforcement
and incident response teams thatcan present a problem if the
companies are being penalizedfor notifying law enforcement
first, contacting intelligenceand collecting intelligence as
(16:52):
quickly as possible can becritical. So notifying law
enforcement can be reallyimportant. And if the insurers
are, like requiring thecompanies to notify them before
law enforcement that couldpresent some problems.
Antone Gonsalves (17:09):
I would assume that businesses are in a
position where they kind of haveto do with the insurance
companies tell them or at leastconsider it seriously, because
they're depending on gettingpaid?
Unknown (17:21):
Yeah, yeah. Those clauses say that if the
notification clauses say thatthey have to notify people in a
certain order, and then theydon't do that. Yeah, then that's
not fair to the company.
Antone Gonsalves (17:34):
No, it isn't. So insurance companies are, you
know, tightening policyrequirements. Right. So what's
behind these restrictive terms?
Unknown (17:45):
It's actually a positive thing for enterprises
that insurers are kind oftightening up in that area. I
think the insurers they kind ofknow where attackers, they're
using similar techniques.They're using, you know, the
ransomware attacks. They'retargeting vulnerable companies
that haven't patched theirsoftware, certain software
(18:07):
vulnerabilities. They're doingphishing attacks. So the
insurers now are kind of tryingto look to sew up those holes
with, you know, basic securityhygiene, which could be you
know, employee awarenesstraining, implementing multi
factor authentication to protectcredentials and passwords. So
(18:28):
that's actually been reallyhelpful for the companies. Some
security experts say thatthere's actually been a decrease
in attacks because companies arebeing forced to implement these
basic security controls becauseof cyber insurance, especially
for small and medium sizedbusinesses.
Antone Gonsalves (18:46):
All right, that wraps up this week's show.
Thanks for watching. Enjoy theweekend.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com