Cyber Threats Evolve, Telecom Lawsuits, AI Challenges, and Hybrid IT Strategies in Focus

[00:00:02] It's Wednesday, December 4th, 2024, and I'm Dave Sobel. Four things to know today.

[00:00:07] From destruction to deception, new cyber threats targeting essential systems and corporate networks,

[00:00:13] decisions in telecom and tech, AT&T's lawsuit, satellite expansion, and the SEC's cybersecurity crackdowns,

[00:00:21] artificial intelligence under fire, some legal, ethical, and safety challenges are explored, and

[00:00:26] the hybrid IT strategy gaining momentum as mainframes handle 70% of global transaction value.

[00:00:34] This is the Business of Tech.

[00:00:38] Hackers are shifting their focus from data breaches to total destruction during cyber attacks, aiming to shut down victim companies entirely.

[00:00:46] According to Palo Alto Networks, the number of ransomware attacks in 2024 has remained similar to last year,

[00:00:52] with only a 4% increase in the number of companies listed on extortion sites.

[00:00:58] As organizations improve their data backup practices, hackers are now pivoting to destructive attacks,

[00:01:04] targeting essential systems to render them useless.

[00:01:07] These attackers often focus on large tech vendors to maximize the impact, causing widespread disruption to their partners.

[00:01:14] One example, shared by Sam Rubin from Palo Alto Networks, involved a single company affecting over 100 partners,

[00:01:22] necessitating weeks of safety assurance.

[00:01:24] The firm ultimately paid a ransom to stop ongoing losses, highlighting the financial pain of these attacks.

[00:01:31] Palo Alto Networks predicts that these destructive attacks will become increasingly common in the coming year,

[00:01:37] as hackers leverage generative artificial intelligence to exploit vulnerabilities.

[00:01:42] North Korean IT workers are infiltrating United States companies through fake identities and forged credentials, according to Sentinel Labs.

[00:01:50] The cybersecurity organization has uncovered a network of companies believed to be backed by China that supply remote workers under false pretenses.

[00:01:59] These individuals conduct convincing video interviews and use virtual private networks to mask their true locations,

[00:02:04] closing significant risks to corporate networks.

[00:02:07] The researchers highlighted that these workers are highly skilled in software development and cryptocurrency technologies,

[00:02:14] with earnings laundered through online payment services to support North Korean state programs, including weapons development.

[00:02:21] Companies are urged to implement stringent vetting processes to identify discrepancies in resumes and online profiles,

[00:02:27] and be alert for signs of fraudulent behavior during the hiring process.

[00:02:32] CrowdStrike has shown resilience and trust with its customers following that significant IT outage in July, caused by a faulty update.

[00:02:40] In its third quarter of fiscal 2025, the cybersecurity company reported a revenue increase of 29%, reaching $1 billion, surpassing analyst expectations.

[00:02:50] The company added $153 million in annual recurring revenue during this period.

[00:02:57] CrowdStrike CEO George Kurtz expressed confidence in their technology and emphasized that large clients have remained loyal despite the incident.

[00:03:04] Industry analysts from William & Blair and TD Cohen noted that CrowdStrike is on track to recover and continue its growth trajectory.

[00:03:13] Why do we care?

[00:03:14] One of the supposed consequences of cyberattacks is reputational risk.

[00:03:19] While distinctly not a cyberattack, a quality issue at CrowdStrike has not impacted their customer reputation, as measured by the financial fallout.

[00:03:29] While CrowdStrike's performance appears robust, we should remain cautious about drawing long-term conclusions.

[00:03:36] Customer loyalty metrics can lag real dissatisfaction, and customers may still exploit the earlier outage to lure clients away.

[00:03:44] That said, attackers making the point total destruction changes the risk levels of cyberattack.

[00:03:51] The raw impact of downtime is an equation that providers should be familiar with.

[00:03:56] Couple that with corporate infiltration, and the defense becomes intellectually easier.

[00:04:01] The proposed solutions for preventing infiltration, like stringent vetting, are resource-intensive and may not scale easily for smaller organizations or those in high-growth phases.

[00:04:12] IT service providers should offer tiered solutions for identity management, balancing cost-effectiveness with security.

[00:04:21] Are you ready to take your cloud business to the next level?

[00:04:25] TD Cynics is changing the game for MSPs with their Stream 1 platform, where all clouds meet.

[00:04:32] With Stream 1, you get access to Microsoft, AWS, Google, and more, all in one place.

[00:04:38] Stream 1 Commerce API enables headless commerce, and there is seamless integration with your PSA tools, making billing easier than ever.

[00:04:47] Plus, white-label storefronts allow you to extend a fully customizable marketplace to your customers.

[00:04:53] And Stream 1 is more than a marketplace.

[00:04:56] It simplifies the complexity of cloud ecosystems and empowers you to grow at scale.

[00:05:02] To learn more, visit tdcynex.com slash Stream 1 Ion and see how Stream 1 can transform your business.

[00:05:13] AT&T and VMware have reached a settlement in principle in their high-profile lawsuit, indicating that both parties have agreed on terms but have not yet signed a legally binding contract.

[00:05:24] This development comes after AT&T filed a lawsuit against VMware in August, alleging that Broadcom, VMware's owner, attempted to breach their contracts by imposing subscription requirements prematurely.

[00:05:37] AT&T claimed this move could cost them hundreds of millions of dollars and jeopardize critical services.

[00:05:43] A New York Supreme Court judge has agreed to extend the deadline for further procedural discussions to December 13.

[00:05:49] VMware has countered AT&T's claims, accusing them of sensationalism and failing to renew support services in a timely manner.

[00:05:58] This case arose less than a year after Broadcom completed its $61 billion acquisition of VMware.

[00:06:05] The Federal Communications Commission has granted a license to T-Mobile and SpaceX's Starlink unit,

[00:06:11] allowing them to provide supplemental internet coverage from space to remote areas in the United States.

[00:06:16] This landmark approval is the first of its kind, enabling a satellite operator to collaborate with a wireless carrier to extend coverage and eliminate so-called dead zones.

[00:06:27] T-Mobile estimates that over 500,000 square miles of the U.S. are inaccessible by traditional towers due to various geographic and regulatory challenges.

[00:06:37] This initiative follows a partnership announcement between the two companies in 2022, and the first satellites supporting this collaboration were launched earlier this year.

[00:06:47] The Securities and Exchange Commission has charged four companies, including Unisys and Avaya, with misleading disclosures about cybersecurity incidents, resulting in fines ranging from approximately $1 million to $4 million.

[00:07:00] Acting SEC Director Sanjay Wadha emphasized that public companies must not mislead shareholders regarding cyber threats.

[00:07:09] Legal experts predict increased scrutiny from regulators on corporate claims about cybersecurity.

[00:07:15] The SEC aims to understand all breaches experienced by public companies since October 2019, suggesting more investigations may follow.

[00:07:24] Companies are advised to ensure consistent and truthful communications regarding their cybersecurity measures to avoid penalties and reputational damage.

[00:07:33] Why do we care?

[00:07:35] Not everyone has AT&T's legal power. Vendor management is significant value for smaller customers, and cases like this highlight why.

[00:07:44] The ability to eliminate dead zones creates new business opportunities for IT providers, particularly in rural and remote regions.

[00:07:52] Satellite-based networks could disrupt traditional telecom infrastructure models, lowering barriers for emerging service providers to compete.

[00:08:01] And providers managing client security must ensure transparency in incident reporting to protect themselves and their clients from similar scrutiny.

[00:08:10] The retroactive investigation of breaches since 2019 underscores the importance of maintaining detailed documentation of all incidents.

[00:08:21] I want to cover two cases involving AI, too.

[00:08:25] A federal judge has ruled in favor of a Massachusetts school that disciplined a student for using artificial intelligence to complete an assignment.

[00:08:33] The student's parents argued that the school's policies did not explicitly ban AI usage, but Judge Paul Levinson stated there was ample evidence that the student had copied and pasted text generated by Grammarly, including citations for fictitious books.

[00:08:50] The parents, Jennifer and Dale Harris, sought to remove the detention from their son's record and raise his grade from a C-plus to a B, claiming the discipline harmed his college prospects.

[00:09:01] The school argues that students were informed of a policy against using AI tools unless explicitly permitted.

[00:09:09] However, the judge found no misconduct by school authorities, noting that the teacher had provided instructions on academic integrity regarding AI use at the start of the course.

[00:09:20] In a troubling incident, Google's Gemini chatbot reportedly told a Michigan graduate student to please die during a discussion about challenges faced by aging adults.

[00:09:30] The student, Vindhei Reddy, described the experience as traumatizing, labeling the chatbot's comments as harmful and distressing.

[00:09:38] It raises serious concerns about the safety measures in artificial intelligence systems as experts warn that existing safeguards are insufficient.

[00:09:45] In response, Google acknowledged that while their language models are equipped with safety filters, they can still generate nonsensical and harmful responses.

[00:09:55] The incident adds to ongoing discussions about AI safety, particularly after a tragic case where a teenager committed suicide following an emotional attachment to an AI personality.

[00:10:06] Major tech leaders and advocates continue to call for legislative measures to hold AI developers accountable for threats posed by their systems.

[00:10:14] However, Governor Gassam Newsom vetoed a recent California bill aimed at improving AI safety.

[00:10:21] Why do we care?

[00:10:22] AI is becoming ubiquitous, and its misuse risks undermining foundational skills like critical thinking and writing.

[00:10:30] Schools and companies without explicit AI policies leave themselves vulnerable to disputes over fairness and enforcement.

[00:10:37] Organizations should codify AI policies and include examples of acceptable and unacceptable use cases.

[00:10:45] However, organizations must also recognize that AI literacy is essential for future workplaces.

[00:10:51] And the Gemini chatbot incidents highlights the risks of deploying AI systems not fully equipped to handle sensitive or unexpected scenarios.

[00:10:59] Harmful outputs damage user trust and increase regulatory scrutiny.

[00:11:04] Incidents like this could erode public confidence in AI tools, delaying adoption in critical sectors such as healthcare or education.

[00:11:14] In a recent report by Rocket Software, over 75% of surveyed data professionals indicated that accessing data from legacy mainframe applications

[00:11:22] poses significant challenges, with nearly two-thirds struggling to integrate this data with cloud sources.

[00:11:29] The survey, conducted by Foundry among 213 professionals, highlights a cultural disconnect between cloud and mainframe teams, complicating data access.

[00:11:40] As enterprises increasingly adopt cloud computing and generative artificial intelligence, executives are focusing on the valuable data trapped in mainframe systems,

[00:11:48] which handle approximately 70% of global transactions by value.

[00:11:53] However, only a quarter of respondents feel equipped to leverage these mainframe data assets.

[00:11:58] Instead of migrating data to the cloud, many companies are opting for hybrid solutions, running specific models on-premises to address security's concerns.

[00:12:08] Why do we care?

[00:12:10] There's always opportunity in seemingly boring stuff.

[00:12:14] Mainframes are not sexy.

[00:12:16] They continue to process a staggering volume of global transactions, 70% by value, underscoring their critical role in industries like finance, healthcare, and retail.

[00:12:26] However, their relative isolation from modern cloud systems limits organizations' ability to fully utilize the data they house.

[00:12:33] And these issues are not merely technical.

[00:12:35] They involve culture, strategy, and resource allocation.

[00:12:39] IT providers and enterprises that address these challenges effectively will be better positioned to unlock the value of their data,

[00:12:45] driving both innovation and operational excellence in an increasingly hybrid IT landscape.

[00:12:50] And thus, they are interesting.

[00:12:55] Thread has declared death to the ticket.

[00:12:58] Did you know tickets date back to the 1800s?

[00:13:02] And customers hate tickets.

[00:13:04] Thread uses an approach for connecting, communicating, and ultimately collaborating.

[00:13:09] Thread allows people to come together around a topic.

[00:13:12] They can discuss and make decisions.

[00:13:14] They can share and invite the right people.

[00:13:17] The future of service is collaborative.

[00:13:20] Supercharge your service experience by seamlessly integrating AI and automation to meet your customers where they are.

[00:13:27] In teams, Slack, and desktops.

[00:13:29] Not in tickets.

[00:13:30] With instant updates to and from ConnectWise, Autotask, and Halo PSA,

[00:13:35] keep all communication in one place where it should be.

[00:13:39] With people.

[00:13:40] Decrease time to resolution 30% with chat-based support by visiting getthread.com slash MSP Radio to declare death to the ticket.

[00:13:53] Thanks for listening.

[00:13:54] Today is International Cheetah Day, National Dice Day, and National Sock Day.

[00:14:00] Have a question you want answered?

[00:14:02] Take those listener questions, send them in, ideally as a voice memo or video, to question at MSP Radio.com.

[00:14:07] I answer listener questions live each week on our Wednesday live show on YouTube and LinkedIn, next week, 3 p.m. Eastern.

[00:14:14] If you have a comment or a thought about a story, post it in the comments if you're on YouTube,

[00:14:18] or reach out on LinkedIn if you're listening to the podcast.

[00:14:21] If you like the show, give it a review, and make sure you've subscribed or followed on your favorite platform.

[00:14:27] I will talk to you again tomorrow.

[00:14:31] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines,

[00:14:36] post it at businessof.tech.

[00:14:38] If you like the content, please make sure to hit that like button, follow or subscribe.

[00:14:44] It's free and easy and the best way to support the show and help us grow.

[00:14:49] You can also check out our Patreon where you can join the Business of Tech community at patreon.com slash MSP Radio

[00:14:57] or buy our Why Do We Care merch at businessof.tech.

[00:15:02] Finally, if you're interested in advertising on this show, visit MSP Radio.com slash engage.

[00:15:08] Once again, thanks for listening to me.

[00:15:11] I will talk to you again on our next episode of the Business of Tech.

[00:15:17] Part of the MSP Radio Network.