Security specialist Netskope says enterprises are leaking sensitive data – notably source code – to ChatGPT.
According to Netskope's research, for every 10,000 enterprise users there are approximately 183 incidents of sensitive data being posted to ChatGPT per month, with source code accounting for the largest share of such leaks.
Cloud & Threat Report: AI Apps in the Enterprise is based on data from millions of enterprise users around the world.
It reports that generative AI app usage has grown 22.5% in the last two months alone, and organisations with 10,000 users or more use an average of five AI apps daily. ChatGPT accounts for more than eight times as many daily active users as any of its competitors.
Although Google Bard has been the fastest growing AI app in that period (more than four times faster than ChatGPT), at current rates it will take more than a year to catch up to ChatGPT for over a year – but a lot can change in a year.
The study found that source code is posted to ChatGPT at a rate of 158 incidents per 10,000 users per month, making it the most common type of sensitive information to be leaked.
Other data being fed to ChatGPT includes financial, healthcare and other types of personally identifiable information, as well as intellectual property other than source code.
Even passwords and keys are being leaked, though most commonly when they are embedded in source code.
"It is inevitable that some users will upload proprietary source code or text containing sensitive data to AI tools that promise to help with programming or writing," said Netskope Threat Labs threat research director Ray Canzanese.
"Therefore, it is imperative for organisations to place controls around AI to prevent sensitive data leaks. Controls that empower users to reap the benefits of AI, streamlining operations and improving efficiency, while mitigating the risks are the ultimate goal. The most effective controls that we see are a combination of DLP and interactive user coaching."
Netskope also found that nearly one organisation in five in the financial services and healthcare sectors have implemented a blanket ban on employee use of ChatGPT. Similar bans are in place at around 5% of the technology sector.
To maintain security, Netskope recommends domain and URL filtering along with content inspection, as well as blocking access to apps that do not serve any legitimate business purpose or that pose a disproportionate risk to the organisation, user education about company policy regarding AI apps, and the application of modern data loss prevention technologies.
"As security leaders, we cannot simply decide to ban applications without impacting on user experience and productivity," said Netskope deputy CISO James Robinson.
"Organisations should focus on evolving their workforce awareness and data policies to meet the needs of employees using AI products productively. There is a good path to safe enablement of generative AI with the right tools and the right mindset."
GARTNER MARKET GUIDE FOR NDR 2022
You probably know that we are big believers in Network Detection and Response (NDR).
Did you realise that Gartner also recommends that security teams prioritise NDR solutions to enhance their detection and response?
Picking the right NDR for your team and process can sometimes be the biggest challenge.
If you want to try out a Network Detection and Response tool, why not start with the best?
Vectra Network Detection and Response is the industry's most advanced AI-driven attack defence for identifying and stopping malicious tactics in your network without noise or the need for decryption.
Download the 2022 Gartner Market Guide for Network Detection and Response (NDR) for recommendations on how Network Detection and Response solutions can expand deeper into existing on-premises networks, and new cloud environments.
PROMOTE YOUR WEBINAR ON ITWIRE
It's all about Webinars.
Marketing budgets are now focused on Webinars combined with Lead Generation.
If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.
The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.
Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
0 Comments