Cybersecurity Snapshot: New Guides Offer Best Practices for Preventing Shadow AI and for Deploying Secure Software Updates

The Cloud Security Alliance has released a white paper on AI organizational responsibilities, which includes guidance on preventing "shadow AI," or the use of unapproved AI tools by employees. To prevent shadow AI, organizations should create a comprehensive inventory of AI systems, conduct gap analyses, and implement ways to detect unauthorized AI wares. The white paper also covers risk management, governance and compliance, and safety culture and training. US and Australian cyber agencies have published a guide on safe software deployment, which provides recommendations for software manufacturers to ensure the reliability of their products. The guide outlines key steps for a secure software development process, including planning, development and testing, and internal rollout. A report by CompTIA found that generative AI, attack variety, and data security are top drivers of cybersecurity strategies. Organizations are trying to understand how generative AI can help their cybersecurity programs and how it is being used by malicious actors. The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of software development practices that are most harmful for security, including using programming languages considered "memory unsafe" and releasing products with default passwords. The European Union has adopted a new law, the Cyber Resilience Act, which outlines cybersecurity requirements for the design, development, and lifecycle maintenance of connected digital products. The UK's National Cyber Security Centre has emphasized the importance of CISOs communicating effectively with boards of directors to ensure that cybersecurity is a top priority.