📬 nenna.ai monthly newsletter - Mai

Hello nenna.ai fellows 

Welcome to our Mai edition! This month's newsletter is packed with updates from BSI, some regulatory informations and of course from Nenna. Scroll down for more 👇

AND Thank you for being a part of our community! 💜


TODAY´S MENU

  • NIS-2

  • BSI Publication

  • Nenna.ai insights

  • Data Security: Microsoft

  • What else was important 

NIS-2
Everyone talks about EU AI Act, but have you ever heard about NIS-2?


Summary: The NIS-2 Directive mandates significant cybersecurity measures for companies offering cloud services, expanding the scope of cybersecurity laws to include firms with 50+ employees or over €10 million in revenue.

Details:

  1. Scope and Impact: Companies providing cloud storage, application access, or IT infrastructure services, with 50+ employees or over €10 million in revenue, must comply with new cybersecurity regulations by October 17, 2024. 🧑‍💻

  2. Regulated Sectors and Services: The NIS-2 Directive applies to various regulated sectors, including cloud service providers offering IaaS, PaaS, and SaaS, making cybersecurity a mandatory requirement.

  3. Compliance Requirements: Affected companies must implement and document comprehensive risk management measures, overseen and approved by management, to avoid personal liability for executives

Why is it important: The NIS-2 Directive significantly expands the scope of cybersecurity obligations, making it crucial for companies to proactively enhance their security measures to ensure compliance and avoid potential legal repercussions.

If you want to check if you also need to think about NIS-2 - here is a good guideline 👈

BSI Publication
AI Transforming the Cyber Threat Landscape

Summary: The BSI publication provides an overview of the opportunities and risks associated with LLMs and suggests countermeasures to address these security threats.

Details:

  1. Impact on Cyber Threats: AI-powered applications, particularly large language models, lower the barriers to entry for cyberattacks, enhancing the scale, speed, and effectiveness of malicious activities.

  2. Generative AI in Cyberattacks: AI facilitates the creation of high-quality phishing messages and can be used for the automatic generation and mutation of malware.

  3. Cyber Defense Benefits: AI also boosts productivity for defenders, aiding in code generation, vulnerability analysis, malware detection, and situational awareness.

Access: You can download that publication here 👈

Why is it important: The integration of AI in cybersecurity marks a significant shift in both offensive and defensive capabilities. While AI enhances the efficiency and sophistication of cyberattacks, it also provides powerful tools for cyber defenders, balancing the evolving threat landscape.

Nenna.ai Preview
Ensuring Document Security in AI Workflows 🤓

In our last newsletter, we gave you an initial preview of our product development. Today, we want to share more insights with you.

As you know, our goal is to identify sensitive data and anonymize it in a way that protects information from AI solutions like ChatGPT, allowing everyone to use these solutions without concern. This works great with prompts or content that is copy-pasted into AI solutions! BUT what about documents like Word, PDF, PowerPoint, or Excel spreadsheets?

Exactly, we asked ourselves the same questions because documents are indispensable for today’s work processes. To ensure everyone is protected in every work process, we at Nenna have developed a solution that also anonymizes documents, enabling their use in AI workflows. 🔥

DATA SECURITY
Microsoft Copilot: Enhancing Productivity at the Expense of Data Privacy?

Summary: Microsoft Copilot, an easy entry point into Generative AI for many organizations, amplifies existing data quality and privacy issues despite its promise of increased workplace productivity.

Details:

  1. Benefits: Microsoft Copilot, integrated with Microsoft 365, offers a straightforward implementation for organizations already using Microsoft services. Despite Microsoft’s claims of strong data protection, concerns have been raised by the US Congress and Gartner about the risks of sensitive data exposure and insufficient permission controls.

  2. Data Security Concerns: Copilot could exacerbate existing data security flaws, such as over-permissioned user accounts and inconsistent data labeling. These vulnerabilities could lead to significant security incidents, including internal data compromise and enhanced data discovery by malicious actors.

Why is that important: While Microsoft Copilot promises significant productivity gains, it also introduces substantial risks to data security and privacy. Organizations must be vigilant in managing permissions and ensuring the quality of data shared with AI systems to prevent potential security breaches and maintain data integrity.

NEWS
What else was important

  • Slack:  Slack automatically trains its machine learning models on user data, including messages and uploads, with all users opted in by default. This practice has raised privacy concerns among users, who were not given advance notice or an easy opt-out option. Better watch out which service you trust!🤨

  • EU: Just yesterday, the European Council has formally approved the AI Act, the world’s first law to regulate artificial intelligence based on a risk-based approach, set to harmonize AI rules across the EU. The groundbreaking legislation, which aims to enhance the development and use of safe AI while ensuring fundamental rights, will officially become law 20 days after its publication in the EU’s Official Journal and take effect two years later, with specific provisions for high-risk and prohibited AI practices.

  • Microsoft: Big brother is watching you 🤯Microsoft’s new AI tool, Recall, revolutionizes Windows PCs by tracking and retrieving every action on the device, offering a searchable, contextual timeline of user activities. This feature, enhances productivity with deep Windows integration and stringent privacy controls. If everything is tracked, your activities will be more transparent than ever before…