Cybersecurity Backlog, VMware Shift, Microsoft Price Hike, Apple AI Date, IT Leadership Report

[00:00:02] It's Tuesday, October 8th, 2024 and I'm Dave Sobel. Four things to know today.

[00:00:07] NIST faces vulnerability report backlog as cloud threats dominate the cybersecurity concerns.

[00:00:13] VMware users are flocking to OpenStack amid acquisition uncertainty while Microsoft ups system center pricing for 2025.

[00:00:21] Apple addresses the Mac OS Sequoia cybersecurity bugs ahead of their AI launch with iOS 18.1 and

[00:00:29] IT leadership diversity stagnates as DEI efforts face scrutiny. This is the Business of Tech.

[00:00:39] NIST has made some progress in reducing its backlog of security vulnerability reports in the National

[00:00:45] Vulnerability Database. Still, it missed its September 30th deadline to restore processing speeds to pre-February

[00:00:53] levels. As of September 21st, over 17,000 CVEs remain unprocessed, impacting organizations' visibility into

[00:01:01] new vulnerabilities. The backlog poses risks in the cybersecurity landscape as organizations may not

[00:01:07] be aware of the vulnerabilities that are actively being exploited. While NIST has hired external consultants

[00:01:13] to assist, the situation remains critical, affecting security processes and open-source projects reliant on

[00:01:21] NBD data. In 2023, the Cybersecurity and Infrastructure Security Agency's Vulnerability Disclosure Policy

[00:01:29] Program saw over 7,000 security flaws submitted, a 132% increase from 2022. Valid disclosures and remediated

[00:01:39] flaws also rose significantly. Despite the associated management costs, the program has resulted in average

[00:01:46] remediation savings of nearly $4.45 million and improved vulnerability submission validation efficiency

[00:01:54] for participating agencies. Cloud threats are the top concern for executives, with 42% identifying them

[00:02:02] as their biggest security worry, according to PwC's cybersecurity report. The report highlights the leading

[00:02:09] threats as hack-and-leak operations, third-party breaches, attacks on connected products, and ransomware.

[00:02:17] Organizations feel least prepared to address these threats, particularly cloud attacks. The report also

[00:02:24] emphasizes the dual role of AI in cybersecurity, increasing vulnerability while aiding in threat

[00:02:30] detection. Microsoft informed customers of a software bug that led to inconsistent log data collection for

[00:02:37] key security products, including Microsoft Sentinel and Entra, between September 2 and September 19, 2024.

[00:02:46] Although there is no evidence of cyber attacks related to this incident, the failure to record logs could

[00:02:51] hinder the detection of unauthorized access. Microsoft emphasizes security as a top priority with plans

[00:02:58] to evaluate employee performance based on security measures. Why do we care? Risk management is the key to

[00:03:06] effective cybersecurity. Pressure your vendors to participate in disclosure programs and sign CISA's Secure by Design pledge.

[00:03:15] Favor funding NIST to ensure it can deliver intelligence. And focus your own efforts to ensure you're executing the basics well,

[00:03:23] which leads with incident response planning.

[00:03:28] Today's episode is supported by Huntress. You want to focus on your clients and are always looking for ways to get more time. Use Huntress' fully managed cybersecurity platform to fight off cyber threats. Huntress is more than cybersecurity software for endpoints and identities. It's a 24 by 7 security operations center. It's security awareness training, community engagement, and dedicated partner support with an average CSAT score.

[00:04:23] A score of 99.3%

[00:04:26] Customers, leading many to seek alternatives like OpenStack, which has recently launched version 30, codenamed Dalmatian. OpenStack is experiencing a resurgence as former VMware users migrate to its platform, benefiting from improved tools that simplify the transition. While technical challenges exist, the main hurdles are related to adapting to new management paradigms. The OpenStack ecosystem is poised for growth, driven by increasing demand and a stable feature-rich platform that helps the game to improve in advanced IoT.

[00:04:56] that can respond quickly to user needs.

[00:04:59] Microsoft announced a 10% price increase for the 2025 edition

[00:05:04] of its System Center management tool set to launch on November 1st.

[00:05:09] The new pricing supports ongoing development and maintains the existing licensing model.

[00:05:14] System Center 2025 will introduce enhanced security features

[00:05:18] and improved management tools while remaining independent

[00:05:21] of the Windows Server 2025 release, which is still in preview.

[00:05:25] Why do we care?

[00:05:27] It was inevitable that there would be an opening for competitors to VMware.

[00:05:32] Will System Center have the same issues? We'll have to watch.

[00:05:37] I noted that the release of the new macOS Sequoia broke some cybersecurity tools.

[00:05:42] Well, Apple has released an update for macOS 15

[00:05:45] that addresses bugs affecting the functionality of several cybersecurity tools,

[00:05:50] including those from CrowdStrike and Microsoft.

[00:05:52] The update, macOS 15.0.1, improves compatibility with third-party security software

[00:05:59] and resolves networking issues that cybersecurity professionals report.

[00:06:03] And while I'm on Apple, Apple Intelligence is set to launch on October 28, 2024,

[00:06:09] alongside iOS 18.1, marking Apple's entry into the AI space.

[00:06:14] The initial release will feature basic functionalities like notification summaries

[00:06:19] with more advanced features expected in future updates,

[00:06:22] including improved Siri and integration with ChatGPT.

[00:06:26] Why do we care?

[00:06:28] Well, these are tactical updates.

[00:06:30] That macOS update is required for those with those security tools

[00:06:33] and be warned of new AI starting to roll out to users in 20 days.

[00:06:40] Each quarter, this podcast releases our research data on the makeup of IT leadership,

[00:06:45] broken down by race and sex.

[00:06:47] By surveying public websites, we're looking to track the change over time.

[00:06:51] This quarter, we surveyed 300 companies and 4,395 humans.

[00:06:57] 47% vendors, 48% technology providers.

[00:07:01] This quarter, we found that 89.6% are white and 3.4% are black.

[00:07:06] The breakdown is also 79% male.

[00:07:09] This is nearly identical to last quarter, although roughly 0.2% less black.

[00:07:15] When we looked at publicly traded or Fortune 100 companies,

[00:07:19] the numbers improved for women, remaining at 26%.

[00:07:22] The racial divide remains within 2%.

[00:07:25] This data is essentially identical to last quarter and the previous quarter.

[00:07:31] The Society for Human Resource Management has removed equity

[00:07:34] from its diversity, equity, and inclusion strategy,

[00:07:37] broken controversy as companies reconsider their DEI initiatives.

[00:07:41] Critics view this as a retreat from commitments made

[00:07:44] after George Floyd's death, while SHRM emphasizes a focus on inclusion

[00:07:49] as a mean to address societal backlash.

[00:07:52] Experts argue that equity is essential for ensuring equal opportunities in the workplace

[00:07:57] and the decision may embolden those against DEI efforts.

[00:08:01] SHRM maintains that its commitment to equity remains,

[00:08:04] albeit integrated into an inclusion framework.

[00:08:07] Why do we care?

[00:08:08] I will quote Tech Bullion from their article,

[00:08:12] Why is Gender Diversity in IT Important?

[00:08:15] Quote,

[00:08:16] Research indicates that gender-diverse teams tend to exceed the performance

[00:08:20] and productivity of homogeneous groups.

[00:08:23] Leveraging the diverse skills and strengths that women contribute

[00:08:26] can significantly enhance companies' efficiency and effectiveness

[00:08:29] in handling and interpreting data.

[00:08:32] Gender-diverse teams are also better equipped to grasp

[00:08:35] and cater to the requirements of a varied customer demographic,

[00:08:38] resulting in heightened customer satisfaction and loyalty.

[00:08:42] End quote.

[00:08:43] Want a better business?

[00:08:45] That's why we care.

[00:08:48] Today's episode is supported by CoreView.

[00:08:52] Your customers need your Microsoft 365 expertise,

[00:08:55] and CoreView has the only M365 management platform designed for MSPs.

[00:09:01] Manage hundreds of tenants, automate manual tasks, and monitor compliance,

[00:09:06] all while intelligently comparing to the baseline.

[00:09:08] With a no-code control approach,

[00:09:11] CoreView revolutionizes your Microsoft 365 administration.

[00:09:14] This powerful platform enables automatic reporting and remediation,

[00:09:19] ensuring optimal performance and security.

[00:09:22] The best part?

[00:09:23] You achieve this high level of service without the need for a large workforce,

[00:09:27] allowing you to focus on growing your business through efficiency.

[00:09:31] Want to know more?

[00:09:32] Visit coreview.com slash MSP and find out more.

[00:09:39] Thanks for listening.

[00:09:40] Today is National Pierogi Day.

[00:09:42] It's also National Salmon Day.

[00:09:44] That's a bit of a weird dinner.

[00:09:46] I'll be doing two live broadcasts as part of S&B TechFest on October 17th and 18th,

[00:09:51] so make sure to sign up and join the event.

[00:09:53] S&BTechFest.com slash go slash Sobel.

[00:09:56] Link in the show notes.

[00:09:59] Have a question you want answered?

[00:10:00] I take those listener questions,

[00:10:02] send them in, ideally as a voice memo or video,

[00:10:04] to question at mspradio.com.

[00:10:06] There'll be a live show tomorrow, Wednesday,

[00:10:09] on YouTube and LinkedIn, 3 p.m. Eastern.

[00:10:11] And if you've got a comment or a thought on a story,

[00:10:13] put it in the comments if you're on YouTube,

[00:10:15] or reach out on LinkedIn if you're listening to the podcast.

[00:10:18] I'll talk to you again tomorrow.

[00:10:21] The Business of Tech is written and produced by me, Dave Sobel,

[00:10:26] under ethics guidelines, posted at businessof.tech.

[00:10:29] If you like the content, please make sure to hit that like button,

[00:10:33] follow or subscribe.

[00:10:34] It's free and easy and the best way to support the show and help us grow.

[00:10:39] You can also check out our Patreon,

[00:10:42] where you can join the Business of Tech community

[00:10:44] at patreon.com slash mspradio,

[00:10:48] or buy our Why Do We Care merch at businessof.tech.

[00:10:52] Finally, if you're interested in advertising on this show,

[00:10:55] visit mspradio.com slash engage.

[00:10:59] Once again, thanks for listening to me.

[00:11:02] I'll talk to you again on our next episode of the Business of Tech.

[00:11:08] Part of the MSP Radio Network.