Author: Michael Terlich

Cloud Application Protection

ESET Cloud Office Security offers advanced protection for Microsoft 365 and Google Workspace apps. It includes antispam, anti-phishing, and anti-malware defenses, as well as advanced threat defense through ESET LiveGuard Advanced, which analyzes suspicious samples in a cloud sandbox. The solution also provides a cloud-based console for management and automation, ensuring continuous protection for new users. Supported applications include Exchange Online, OneDrive, Teams, SharePoint Online, Gmail, and Google Drive.

For more information, visit ESET Cloud Application Protection

Benefits of Local Large Language Models

Local large language models (LLMs) refer to powerful artificial intelligence (AI) systems designed to understand and generate human-like text, which are deployed and run on local hardware rather than relying on cloud-based services. These models can be used for various natural language processing tasks, such as text generation, summarisation, translation, and sentiment analysis.

Benefits of Local Large Language Models

1. Privacy and Security

Running LLMs locally ensures that sensitive data remains within the user’s control. This minimizes the risk of data breaches and ensures compliance with data privacy regulations, which is crucial for industries handling confidential information, such as healthcare, finance, and legal sectors.

2. Reduced Latency

Local LLMs can provide faster response times compared to cloud-based models since data does not need to be sent to and processed by remote servers. This is particularly beneficial for applications requiring real-time or near-real-time interactions, such as customer service chatbots, real-time translation services, and interactive educational tools.

3. Cost Efficiency

For organisations with high usage rates, running LLMs locally can be more cost-effective over time compared to paying for cloud-based AI services. This is especially true for businesses that already have the necessary hardware infrastructure.

4. Customisation and Control

Local deployment allows for greater customisation of the language model to better suit specific needs. Organisations can fine-tune the model on proprietary data, ensuring it aligns more closely with their specific domain or use case. Additionally, they have full control over updates, maintenance, and performance optimization.

5. Reliability and Independence

Relying on local hardware reduces dependency on internet connectivity and third-party service availability. This makes local LLMs a more reliable option for critical applications where consistent uptime is essential, such as in remote areas with unstable internet connections or in scenarios where uninterrupted access to AI capabilities is required.

6. Scalability

With advancements in hardware, such as more powerful CPUs, GPUs, and specialised AI accelerators, it is becoming increasingly feasible to run large and complex models locally. This scalability allows businesses to start with smaller models and gradually move to larger, more powerful ones as their needs grow and their hardware capabilities expand.

7. Data Sovereignty

For regions and industries with strict data sovereignty laws, keeping data and processing within local boundaries is not just beneficial but often required by law. Local LLMs ensure compliance with these regulations, avoiding legal complications and fostering trust with users and stakeholders.

By leveraging local large language models, organisations can harness the power of advanced AI while maintaining control over their data, improving response times, and reducing costs. These benefits make local LLMs a compelling choice for many applications, from enhancing customer interactions to driving innovation in various industries.

We can help you with the right hardware and software to work with Local LLM’s.  For example – GPU’s, Ollama, web UI’s and desktop clients.

Safetica – data loss prevention and insider risk management solutions to protect sensitive information

Safetica offers data loss prevention and insider risk management solutions to protect sensitive information. It provides tools for data discovery and classification, user activity monitoring, and insider threat detection. The platform helps businesses comply with regulations like GDPR, PCI-DSS, HIPAA, and ISO/IEC 27001. Safetica ensures confidential data is not shared with unauthorised parties and aids in mitigating data security incidents through comprehensive monitoring and analytics

Safetica is a comprehensive Data Loss Prevention (DLP) and Insider Risk Management solution designed to safeguard business-critical data against various security threats. The following are the key features and functionalities of Safetica:

1. Data Discovery and Classification: helps identify and classify sensitive data using its Unified Classification system. This includes analysing file content, origin, and properties to provide complete visibility and continuous monitoring of data, whether it is at rest or in motion. The solution also integrates with third-party classification systems and can detect sensitive data in image files using OCR technology.

2. Data Loss Prevention: protects sensitive data from being accidentally or intentionally leaked. It audits all data activities and provides visibility into how data is handled within an organisation. The solution can block risky applications, websites, and prevent data from being uploaded to unauthorised cloud storage or emailed outside the organisation.

3. Insider Risk Management: proactively detects and mitigates insider threats by monitoring user activities and identifying behavioral anomalies. It provides real-time alerts and reports on suspicious activities, helping organisations respond quickly to potential threats. The system also addresses non-malicious insider risks, such as human errors, and helps manage Shadow IT by identifying unauthorised applications and devices.

4. Cloud Data Protection: ensures the secure handling of data within cloud environments like Microsoft 365. It monitors file activities in cloud storage, conducts audits, and prevents unauthorised uploads of sensitive files. The solution supports seamless integration with cloud services to provide comprehensive protection.

5. Regulatory Compliance: assists organisations in complying with various data protection regulations, including GDPR, HIPAA, PCI-DSS, and ISO/IEC 27001. Provides audit capabilities, incident investigation support, and real-time alerts to ensure regulatory compliance and protect against data breaches.

Overall, Safetica helps businesses protect sensitive data, detect and prevent data breaches, manage insider risks, and comply with regulatory requirements, all while promoting security awareness among employees.

For more detailed information, you can visit https://www.safetica.com or contact us for implementation and pricing information.

Are cloud providers too big to fail?

Too big to fail used to apply exclusively to banks and financial services institutions, but now regulators around the world are concerned about a different type of organisation creating systemic risks to the global financial system. As more and more banks move critical processes to the cloud, reliance upon a very small number of dominant cloud service providers is creating risks to operational resilience.

READ MORE

ESET® CYBERSECURITY AWARENESS TRAINING

ESET Cybersecurity Awareness Training is specifically designed to educate your workforce—because employees who recognize phishing, avoid online scams and understand internet best practices add a vital layer of protection for your business.

Read More

An Inside Look at a Real Phishing Attack

Phishing attacks are growing more sophisticated and are still one of the most common threats to organisations. Phishing can lead to credential theft, unauthorised access to sensitive systems, and data breaches of confidential information. In this guide, we dissect the anatomy of a phishing attack using a real-life case study of a popular social network that was breached through targeted phishing, and how it could have been prevented.

READ MORE

The Essential Eight

The Australian Cyber Security Centre’s Essential Eight are a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries/security attacks. The mitigation strategies can be customised based on each organisation’s risk profile and the adversaries they are most concerned about.

While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Furthermore, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.

There is a suggested implementation order for each adversary to assist organisations in building a strong cyber security posture for their systems. Once organisations have implemented their desired mitigation strategies to an initial level, they should focus on increasing the maturity of their implementation such that they eventually reach full alignment with the intent of each mitigation strategy.

Mitigation Strategies to Prevent Malware Delivery and Execution

[1]  Application control to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.
Why: All non-approved applications (including malicious code) are prevented from executing.

[2]  Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.

[3]  Patch applications e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.
Why: Security vulnerabilities in applications can be used to execute malicious code on systems.

[4]  User application hardening. Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.

Mitigation Strategies to Limit the Extent of Cyber Security Incidents

[5]  Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.
Why: Admin accounts are the ‘keys to the kingdom’. Adversaries use these accounts to gain full access to information and systems.

[6]  Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
Why: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.

[7]  Patch operating systems. Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don’t use unsupported versions.
Why: Security vulnerabilities in operating systems can be used to further the compromise of systems.

Mitigation Strategies to Recover Data and System Availability

[8]  Daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.
Why: To ensure information can be accessed following a cyber security incident (e.g. a ransomware incident).