Cisco's Duo Incident, Ransomware Victims and Backup Compromises, Cyber Salaries Revealed

[00:00:00] It's Wednesday, April 17th, 2024 and I'm Dave Sulte.

[00:00:05] Three things to know today.

[00:00:07] Cisco's dual security incident.

[00:00:09] Threat actor accesses MFA SMS logs through a supplier phishing attack.

[00:00:15] A SOFO study reveals an alarming trend 94% of ransomware victims had their backups compromised

[00:00:21] and an ISC2 study.

[00:00:23] Cybersecurity salaries are high but gender and ethnic disparities challenge the sector.

[00:00:29] This is the Business of Tech.

[00:00:32] You're looking for security solutions for your MSP and Bitdefender has new ones for you.

[00:00:38] With advanced protection, simplified management, 24x7 analyst-led security, thread hunting and

[00:00:43] end-to-end protection options, it's time to check out Bitdefender's new offerings.

[00:00:49] With the ability to customize the security solution for what you and your customers

[00:00:53] need, you'll find a cost-effective selection with adaptive and scalable security.

[00:00:58] Wanna check it out?

[00:00:59] Bitdefender would love to schedule a demo for you.

[00:01:03] Just visit bitdefender.com or the link in the show notes.

[00:01:09] Cisco has informed customers about a security incident involving one of their duo telephony

[00:01:14] suppliers.

[00:01:15] A threat actor gained access to the supplier's internal systems using a phishing attack

[00:01:20] and downloaded MFA SMS message logs.

[00:01:23] The logs contain phone numbers, carriers, countries and states but not message content.

[00:01:29] The supplier has taken immediate action including invalidating the employee's credentials,

[00:01:33] implementing mitigation measures and providing awareness training.

[00:01:37] Customers are advised to notify affected users, be vigilant against social engineering

[00:01:41] attacks and report any suspicious activity.

[00:01:44] Duo isn't alone.

[00:01:46] The US cybersecurity agency CISA is advising Sisense customers to reset their credentials

[00:01:52] following a security incident.

[00:01:54] The exact nature of the incident is unclear.

[00:01:57] Sis is actively collaborating with industry partners to respond.

[00:02:01] Sisense is a data analytics company and serves big companies globally and relies on

[00:02:05] credentials to access customer data for analysis.

[00:02:09] The company has not commented on the incident.

[00:02:11] Angry customers are demanding more detailed answers and clarification on the impact.

[00:02:16] The breach allegedly started with hackers breaching Sisense GitLab code repository

[00:02:21] and exfiltrating several terabytes of customer data.

[00:02:25] The FBI has issued a warning about a massive wave of SMS phishing attacks targeting Americans

[00:02:31] with fake road toll fee notifications.

[00:02:34] The scammers impersonate toll collection services and send text messages, claiming

[00:02:39] that the recipient owes money for unpaid tolls.

[00:02:42] The FBI has received over 2,000 complaints regarding these attacks and the scam appears

[00:02:47] to be moving from state to state.

[00:02:50] Recipients are advised not to click on any links, delete the messages and report them

[00:02:54] to the FBI's Internet Crime Complaints Center.

[00:02:58] Why do we care?

[00:03:00] Duo is a popular choice among IT service providers so if you're not aware, now

[00:03:03] you are.

[00:03:05] Contrast that with Sisense's response.

[00:03:07] Silence does the company no favors.

[00:03:10] It bears repeating, over-communicate in a crisis.

[00:03:13] It's a core tenant for a reason.

[00:03:16] The lack of clarity and delayed response from Sisense, as reported, coupled with

[00:03:19] the substantial customer data allegedly involved, could erode trust and affect customer relations

[00:03:25] significantly.

[00:03:27] Organizations must have rapid response strategies in place not only to mitigate

[00:03:31] the damage but also to communicate effectively with stakeholders to maintain confidence.

[00:03:38] The UK's response to security breaches has astounded experts with low figures for

[00:03:44] incident response plans and reporting to authorities.

[00:03:47] Only 22% of businesses have a formal incident response plan and only 10% report the most

[00:03:53] disruptive breaches to the police.

[00:03:56] Small and micro-businesses have lower response rates compared to medium and large

[00:04:00] businesses.

[00:04:01] The decline in awareness of security initiatives and willingness to seek support is also

[00:04:05] a concern.

[00:04:07] The average cost of a security breach is £1,206, but breaches resulting in data theft

[00:04:12] can result to costs up to £40,400 for medium and large-sized businesses.

[00:04:19] Phishing is the most common type of cybercrime affecting US businesses.

[00:04:24] According to a study by Sophos, 94% of companies hit by ransomware in the past

[00:04:28] year had their backups targeted by cybercriminals.

[00:04:32] Attackers are increasingly compromising backups along with production data to put

[00:04:36] pressure on victims to pay the ransom.

[00:04:40] The study also found that organizations with compromised backups paid eight times

[00:04:44] more for recovery efforts and were 63% more likely to have their data encrypted

[00:04:49] by attackers.

[00:04:51] State and local governments, as well as the media, leisure and entertainment

[00:04:54] sectors, were the most at risk of having their backups targeted during

[00:04:58] ransomware attacks.

[00:05:01] Why do we care?

[00:05:03] I'm struck by those low preparedness numbers.

[00:05:06] Is it a massive opportunity?

[00:05:07] Do customers not care?

[00:05:09] Both.

[00:05:10] Every security vendor is wanting you to buy their product and solve all your

[00:05:14] problems.

[00:05:15] Instead, no, we're dealing with a people problem.

[00:05:17] Process and procedure will be product.

[00:05:21] The findings from the Sophos study highlight a critical evolution in the tactics

[00:05:25] of cybercriminals, specifically their focus on targeting backups along with

[00:05:29] primary data during ransomware attacks.

[00:05:31] This strategy undermines one of the key defenses against ransomware, the

[00:05:35] ability to restore data from backups without paying the ransom.

[00:05:39] The fact that compromised backups results in significantly higher recovery

[00:05:42] costs and a higher likelihood of data encryption emphasizes the need for

[00:05:47] organizations to enhance the security of their backup solutions and consider

[00:05:50] multilayered defense strategies to protect against sophisticated attack.

[00:05:56] You better have backups.

[00:05:59] And how much do US cyber professionals make?

[00:06:03] Per ISC2 research, cybersecurity professionals in the US earn an average

[00:06:08] salary of $147,000 with variations based on experience, job level, gender

[00:06:15] and ethnicity.

[00:06:16] While pay disparity remains a challenge, cybersecurity shows more pay

[00:06:21] parity compared to the broader labor market.

[00:06:25] A new report from Women in Cybersecurity and Alaria reveals significant

[00:06:29] gender disparities in the cybersecurity workplace with women facing exclusion

[00:06:34] at twice the rate of men.

[00:06:36] The study identifies four main categories of exclusion, respect,

[00:06:41] career and growth, access and participation and recognition.

[00:06:45] The study shows that women report 350 percent more exclusion and

[00:06:50] recognition and 250 percent more in respect than their male counterparts.

[00:06:56] The exclusion index for women is substantially higher across all categories

[00:07:01] with distinct disparities, especially in recognition at 450 percent higher

[00:07:05] and respect 250 percent higher.

[00:07:08] The data also shows a glass ceiling effect with 48 percent of women

[00:07:12] experiencing issues related to career and growth significantly more than the

[00:07:16] 26 percent of men who report similar experiences.

[00:07:21] Now why do we care?

[00:07:23] We desperately need more cyber professionals and the job is a good one

[00:07:27] that pays well.

[00:07:28] Addressing pay disparities can lead to more engaged cybersecurity teams

[00:07:32] and minimize workforce gaps.

[00:07:35] For the cybersecurity industry to thrive and effectively safeguard against

[00:07:38] those threats, there's an urgent need for inclusivity and equity

[00:07:42] in workplace practices.

[00:07:44] Companies must actively work to dismantle the barriers identified

[00:07:47] in the studies by implementing equitable hiring practices,

[00:07:50] promoting mentorship programs, ensuring fair evaluation processes

[00:07:55] and fostering an inclusive corporate culture.

[00:07:57] It's all good business.

[00:08:02] Today's episode is supported by Huntress.

[00:08:04] You want to focus on your clients and are always looking for ways

[00:08:08] to get more time.

[00:08:10] Use Huntress' fully managed cybersecurity platform to fight off cyber threats.

[00:08:15] Huntress is more than cybersecurity software for endpoints and identities.

[00:08:20] It's a 24 by 7 security operations center.

[00:08:23] It's security awareness training, community engagement and dedicated

[00:08:27] partner support with an average CSAT score of 99.3 percent.

[00:08:32] Technology can only get you so far.

[00:08:34] Human expertise is what's needed to truly elevate and protect small

[00:08:39] businesses and you get that with Huntress.

[00:08:42] Secure your clients and help them thrive with the number one rated EDR

[00:08:46] for SMBs on G2.

[00:08:47] Visit Huntress.com slash MSB radio to find out more.

[00:08:54] Thanks for listening.

[00:08:55] Today is National Cheeseball Day.

[00:08:58] I've got a total soft spot for a cheeseball.

[00:09:01] Have a question you want answered?

[00:09:03] We're taking listener questions and send them ideally as a voice

[00:09:06] memoir video to question at MSBradio.com.

[00:09:09] I answer listener questions live each week on our Wednesday live show

[00:09:12] on YouTube and LinkedIn.

[00:09:14] And if you got a comment or a thought on a story, put it in the comments

[00:09:17] if you're on YouTube or reach out on LinkedIn if you're listening

[00:09:20] the podcast.

[00:09:21] I'll talk to you again tomorrow.

[00:09:24] The Business of Tech is written and produced by me, Dave Sobel

[00:09:28] under Ethics Guidelines posted at business of dot tech.

[00:09:32] If you like the content, please make sure to hit that like button,

[00:09:35] follow or subscribe.

[00:09:37] It's free and easy and the best way to support the show and help us grow.

[00:09:42] You can also check out our Patreon where you can join the

[00:09:45] Business of Tech community at Patreon dot com slash MSB radio or buy our

[00:09:51] Why Do We Care merch at business of dot tech.

[00:09:55] Finally, if you're interested in advertising on the show, visit

[00:09:58] MSB radio dot com slash engage.

[00:10:02] Once again, thanks for listening to me.

[00:10:04] I will talk to you again on our next episode of The Business of Tech.

[00:10:11] Part of the MSB Radio Network.