Kirstin Burke:
So today we’re going to be talking about, I would say, old threat in terms of insider threats, things people have struggled with for a long time. But layered on top of that is a new factor, which is ChatGPT. Everyone’s using it in some form or fashion, whether you’re an individual maybe trying to help you do travel plans, whether you are someone looking for it to help you write code, whether you’re a communications person or having it work with you with copy. So it’s something that everyone is testing out and playing around with. And I think every organization out there today is trying to figure out how to incorporate AI into their business to experience the benefits of it. But lurking underneath there, that good friend that we’re adopting, our new ChatGPT friend, is a potential foe.
And even early on, we’re seeing folks like JPMorgan and Verizon just completely blocking access to ChatGPT until they figure out what to do. You see companies, it was reported a little while ago, Samsung had three different situations where sensitive data was shared on ChatGPT, not maliciously or deliberately. And so we’ve got something new breaking here, and I think we wanted to talk today about what do we do about this? And we have a mentality around what insider threats are, but we’re now bringing a friend into the house and what we share with that friend may wind up inadvertently sharing corporate information with the world.
So Shahin, how do you see the lay of the land?
Shahin Pirooz:
So it really hasn’t changed. There’s this new approach to security that over the last year, we talked about it in a previous Tech Talk, has been starting to emerge. And this approach is, the acronym for it is SSPM, and it stands for SaaS Security Posture Management. And when you hear that, you immediately automatically jump to Office 365, Salesforce, but it’s more than that. An example of a SaaS tool is ChatGPT. An example of a SaaS tool is GitHub. An example of a SaaS tool is all of the myriads of tools that you are not aware that your users are using on a day-in day-out basis in the environment. And Grammarly as an example, is a perfect thing. I got to write this proposal for a customer, I want to make it sound better. I’m going to load the whole proposal into Grammarly and tell it what to do.
That’s effectively what ChatGPT is being used for today. And it’s good because buried in a chat format, you can have a dialogue with ChatGPT. And this is not to single out ChatGPT, Claude just made it on the scene, Great AI model, it’s another LLM that is really doing some cool things. Google’s working with their own large language model and has created some great progression with Bard and in some ways has started to exceed ChatGPT’s functionality and capability. At the end of the day, all of these productivity tools are helping our end users do things that maybe they don’t have the subject matter expertise around and help them to sound better, talk better, do things better, and fine tune it with simple language. Let’s edit for this audience, let’s tweak it to be more fun, let’s make it more serious, let’s make it business like.
And it’s very easy to quickly have a dialogue with a chatbot to do that rather than going through a bunch of configurations and using the native tools like Microsoft that has been doing a lot of work on Word to do some of these things, but there’s all these third party ISVs out there that are integrating solutions for it. So what’s the issue? The example you gave is a perfect one. People are putting sensitive data into these SaaS tools and that sensitive data is now in these large language models being embedded in the large language model. So what happens if that large language model gets compromised? Your sensitive data is there, so it’s like a password leak, but now it’s even more, it’s probably has PII in it. It probably has HIPAA data in it. There’s a big concern associated with that, but those are the common use cases.
Everybody’s like, “Yeah, we thought people might do this as soon as we figured out how cool it is and what it can do and we’re going to block it as an example and not let them get to it.” The bigger threat is we are starting to see a rise in emergence of people that are going and saying, “I’m trying to figure out X, Y, or Z”, and they get a link back in the response and they go to that link and ChatGPT’s not supposed to give links, but this is where the large language model poisoning comes into play. They get a link, they click on it, they go to the link and all of a sudden they get hit with ransomware and their machine is encrypted. And that might be just one user if they’re at home, but if they download something inside your office and you don’t have the proper controls, that now spreads to your entire ecosystem.
So the importance of paying attention to proper distributed security is even more relevant now because if you have more sources of attack, vectors of attack that the bad actors can take to get into an end user systems. And at the end of the day, our weakest point of security is that end user because we’re relying on them to do their day job and also wear a security hat and maintain our security posture. So not having the right tools to help them to reduce the noise to block the bad things makes it difficult for them to succeed.
Kirstin Burke:
Well, it sounds like organizations are trying to respond at several levels, right? Gartner did a report and said that over half of the HR professionals out there are now trying to figure out how to embed either ChatGPT or AI in their employee training manuals. So here’s what you do, here’s what you don’t do. Some companies are saying, “We’ve got an upload, you can only upload this much”, but it just sounds like it’s so new. And to your point, in some cases it is an old, I won’t say old, but it’s a philosophy that security people have had for a while. We’re just adding something new to it.
And so I think there’s a struggle for how to incorporate this new in, and in any situation we want to add security into our employee handbook. Here’s what we expect, usually what we don’t. But you’re not banking on that to stop everything because something’s going to happen. Someone’s going to make mistakes, someone will do something malicious. From a security tools perspective, what is it? The challenge seems to be we’re trying to protect data from either tools we can’t see or platforms we can’t see, from threats we don’t really know what they are with things we can’t always control. So there’s just a lot of ambiguity there.
So how does someone put guardrails around something that’s so ambiguous?
Shahin Pirooz:
The short answer is, what’s missing in the world today is let’s call it live inline data leak prevention, so that when you’re pasting something to a website, it is looking for sensitive data and blocking it. I guarantee you, in the next 18 to 24 months, we’re going to have three or four companies pop up that do exactly what I’m saying right now, but they’re not here yet. So the DLP is the answer to prevent PII, or personally identifiable information, from leaking in any environment. And so what we’re dealing with now is we’re not sending something, we’re not going through email gateways, we’re not going through DLP solutions that look at files.
We’re literally copying and pasting into a web interface. And so there are a lot of browser-based security tools that are out there, but they have limited efficacy because they’re designed to work with enterprise class browsers, which end up being Chrome or Chromium based solutions. And then if your users are using Safari or they’re using Opera or something else that isn’t tied into that enterprise, they can bypass the enterprise security for the browser protection.
As part of our services, we’re evaluating right now, how do we create browser security to help from this perspective? But it’s very difficult unless you do browser extensions for every possible browser and pre-install all those browsers. It’s very difficult to say that somebody’s not going to download a different browser and every week the want to be hidden from the rest of the world grew out there, creates a new browser because the old one is no longer effective. So this is definitely a Sisyphean challenge, which is effectively we’re always going to be pushing this rock uphill and the next morning it’ll be back down at the bottom of the hill again.
And the only way to address this is really to do security awareness training for your users and educate them that we’ve done a lot of work with our end users and our community to talk about here’s what we’re not allowed to share. Here’s the training we do that says if you see social security numbers, customer names, employee names, account numbers, anything that is identifiable, IP addresses, don’t send that stuff in email, encrypt it, do something different.
That same logic has to apply, don’t copy and paste it into Grammarly, don’t copy and paste it into a chatbot if you’re not supposed to share it publicly. Don’t assume just because you think this is your chat that it’s not being shared publicly. And including for example, putting it in your personal email, which might be the free edition of Hotmail or Gmail or whatever, which there are no restrictions to data protection in those free environments. They’re looking for telemetry, they’re using your data. The reason it’s free is they’re getting information about you and who you are and what you do. So that data is not free and protected. It is not protected, it is free.
Kirstin Burke:
It’s one form of free.
Shahin Pirooz:
Exactly. So best practices is the short answer today. There’s no solid… Browser protection helps. You can put in tools for example, we have part of our XDR solution has whitelist blacklisting where we can blacklist all the other browsers and just make it so that they can only use one browser and then you can put browser extensions in that help to secure it. So there’s a lot of factors that come into play here and our advanced phishing protection includes that browser capability. But again, if you don’t lock down the browsers… So it’s like I said, it’s a difficult game to play whack-a-mole with.
Kirstin Burke:
Sure. Well, and it’s interesting, we’re in the tech space and so, one of the things that we hear so often that folks are using it for is coding. So either helping work out an issue or helping make something better or faster or whatever, because truly it is an accelerator for people. Yet that code likely has some element of confidentiality to it. And so there’s this tension where I’m sure you’ve got a lot of developers, even your team that are always being pushed to let’s get this out faster, let’s do better. Let’s correct it in the right way first time.
And so how do you see people resolving that tension of really using this tool as friend, as that extra thing on your team that helps you do better, yet you’ve got this tension of, well, I need to get it done and I’ve got this tool, but can I really do this? How do you balance that?
Shahin Pirooz:
So the short answer is go back to the business policies that I talked about. So if it has personally identifiable information, do not put it in any of these tools. That doesn’t mean that the tool’s a bad tool. I hate to use the word “common sense” because I don’t believe in that concept, but that does not mean that you can’t use it for creative work, for example. Or when you’re writing a project and you need a script or something, you can answer questions very quickly.
And I’ve never once seen code that comes out of ChatGPT that is 100% accurate, but it’s close. And if you’ve got a little bit of a development skillset, you can take that and get it working and properly support it, have it do what you need it to do. But if you’re not sure what some function calls or method calls or things like that in it or a library that they load, you’ve never heard of it before, don’t use it.
Use human sense. I don’t know what we want to call it. I hate the “common sense” term but similarly, if you’re going to write a blog for example, there is no reason you can’t put some concepts in and say give me some ideas for X, Y, or Z. The creative side of it is pretty cool.
What you have to be careful of, we talked about this in our first ChatGPT talk, is that ChatGPT is based on data up to 2021. So it was trained on data that stopped in 2021. You can’t expect it to know anything past that. The model is improving and they keep giving it more data, but you can’t expect it to know anything that happened in ’23. So current events, things like that, you can’t rely on that. “What’s the best EDR tool today?” Can’t rely on that because it’s four year old data.
And what you want to pay attention to though is concepts are okay, however, those concepts are being pulled from all of the internet readable data that they fed ChatGPT with, and there’s bias in all that data. So whoever posted a blog post about X, Y, Z, you have no idea if that blog post was accurate or not.
It’s like the Wikipedia problem where anybody could go in and create a Wiki and that Wiki can look like it’s accurate, look like it’s authoritative, but unless you validate the sources and check it, there’s no way to know. So always take it with a grain of salt. Take the feedback you’re getting, the results you’re getting, use your own knowledge base and check it out. Always be checking it out, does this smell right? Does it look right, do other sources align with this? Then use that data. But you can’t just blindly ask it to write you a blog post and post it and you could be putting something out there which is completely biased and the wrong results.
Kirstin Burke:
Right. So we’re always going to be having something new and we talk about this, right? Whether we’re talking about security tools and we’re talking about the shelf life and efficacy, right? Because you don’t know what’s around the corner. All of us, we’re aware of AI, but I think this surge and this craziness of ChatGPT and just how wildly it has come on, I don’t know that anyone was prepared for that, particularly security teams.
Shahin Pirooz:
Ultimately, if you think about it, it is search 3.0, Google and Yahoo really created a search model would change the way we browse the internet. And a lot of players have tried to create better, stronger, faster search engines and they haven’t really come up with a model that works and ChatGPT has broken that seal. And now there’s a lot of, including Bard, who is again putting Google in the top ranks again, is really solving this problem of search just got old and long in the tooth and you had to learn how to ask questions in order to get responses. And then you had to separate what’s ads versus what’s real.
And ultimately, where we’re at today is having an interaction with a chatbot like Bard or Claude or ChatGPT, it helps me to find things so much faster. And that’s what I use as a resource for one of the things that I’m evaluating. I don’t take it as the source of truth, I take it as one source and look at other things. I still go to traditional search models, I still read documents, I still look at white papers. So you have to always fact check. We had a colleague in the past who used to always say, “When in doubt, check it out.” And that is more true now than ever.
Kirstin Burke:
Yeah. For sure. So as we wrap up today, we’ve talked about training and we’ve talked about not really even a lot of tools, but really training and awareness. What are the top three things someone ought to take away as they think about ChatGPT about how it’s being used and incorporated in their business and really what to take forward? Clearly training your user community and really what do I share? What do I not, where do I stop? Where do I start?
Anything else that would just be great takeaways for folks and their security?
Shahin Pirooz:
So the most obvious answer is train your users. Don’t wait for them to figure this stuff out on your own, but what do you train them on? The first step is you need to document your privacy policies and your sharing of data policies. If you don’t already have that, if you’re regulated, then you have a better idea of what you’re allowed to and not allowed to share.
But generally speaking, if you take a look at what the definition of PII is for GDR, that’s a great basis to say anything that matches PII for that category is probably a safe thing to say, don’t share this. And so just to make it simple, just look at the definition of PII for GDR, the policy around that. Train your users, educate them on it is the second component.
The last thing is if you ever get a link from any of these chatbots, don’t click on it. They’re not supposed to give you links. If they tell you to go find, it’s this company does it, go look up that company separately, just like an email. If you get a link in email, don’t click on it. It’s the very simple things. Like for example, I’m a little paranoid, I’m paid to be paranoid and my wife gets mad at me all the time. But when I get an email even from my bank that says transaction just happened, I go to the browser, open the browser and type the bank URL and go look the transaction from the bank URL, I do not click the link in the email even if it looks completely legit.
Kirstin Burke:
Yeah. Yeah.
Shahin Pirooz:
Now that’s sort of true. You should never do this. But a lot of times I’ll do it to see if it is or isn’t a real thing so that we can build our education from a security perspective and help protect customers. But as a user, always go to the browser. Don’t click on links in email, don’t click on links on ChatGPT or I’m not trying to single out ChatGPT. Any large language model is susceptible to model poisoning.
Kirstin Burke:
They are.
Shahin Pirooz:
And we just saw it’s not the hack, it’s model poisoning is the real key because they don’t have to have access to it to model poison. They can create websites that look like they’re answering common questions. And as it reads that website in, and that’s one of the threats that we’ve seen rising right now is I’m sure many of you have seen that you go to a website, you click on a link, you go to a website and a popup pops up and says, “Your system is encrypted, call this number” or “Microsoft will help you, call Microsoft.”
I’ve had many friends who told me my mom called and then they were on their machine for a half hour. We had a recent conversation with someone that had got the same thing out of ChatGPT in this case, and it routed them to one of those website. They got the popup, they clicked the link to get help. And of course then the information was exposed. So do not click on links. I can’t repeat number three more importantly than any of the other two, educate your people. And one of the education pieces is do not click on links in email. Do not click on links in chatbots.
Kirstin Burke:
Yeah.
Shahin Pirooz:
Or even any SaaS application that’s taking data and giving you a response. Any place that’s using the internet as a source of data, it’s so easy to poison the models out there.
Kirstin Burke:
Interesting. So this is the first time I’ve heard model poisoning. So I learn something new every time we meet, but interesting to understand what’s happening and to be vigilant about it.
Shahin Pirooz:
Yeah. And just so we’re clear, it isn’t even necessarily intentional model poisoning. It’s not like somebody’s targeting ChatGPT to model poison. They built a website, and remember the data’s from 2021. They built a website that said, let’s say for example, give me an answer on this tax law. One of the search items that would come up on Google, on ChatGPT, takes you to a website and that website happens to be a fake site that purports to answer this question.
And as soon as you go there, you get the popup that says you’ve been hacked, you haven’t been hacked at that point, you close your browser and you don’t click anything, you’re fine. But the typical end user is going to say, “Oh my God, I got to click ‘Call Microsoft’.” Because it looks like it’s a native OS dialogue and not on the web browser. So it’s one of the oldest.
Kirstin Burke:
I was going to say, yeah, that is not new but they’re finding a new way to embed it.
Shahin Pirooz:
And it’s not even that they’re finding it, ChatGPT just scoured, just ingested that website and that was an answer to the question that somebody asked.
Kirstin Burke:
Wow.
Shahin Pirooz:
So it’s do not click links.
Kirstin Burke:
There you go.
Shahin Pirooz:
Did I say that?
Kirstin Burke:
I heard it. I heard it loud and clear. Watch after those links. Well, thank you Shahin. And this is going to be one of our common themes as we go forward. We’re hearing a lot of questions from prospects and customers. Shahin and his team are doing all sorts of research in terms of what is it that we need to know, how is it that we might need to adapt within our service.
So we’re going to be checking in every once in a while and just having a recurring ChatGPT conversation about what it is we’re hearing and what it is we’re learning and what it is that folks need to know. So thank you Shahin, and thank you for joining us.