Cybersecurity Breaches, AI Ethics, Cloud Competition, and CISO Liability

[00:00:02] It's Wednesday, November 27th, 2024, and I'm Dave Solt. Four things to know today.

[00:00:07] Telecom breaches, data exploitation, and CISO liability, the growing complexity of cyber risk.

[00:00:13] How European cloud competition, FCC leadership, and CISA training shape IT's future.

[00:00:20] Why OpenAI and Uber's latest moves raise crucial questions about AI and labor.

[00:00:25] And what AI in medicine, the workforce, and defense teaches us about trust and simplicity.

[00:00:32] This is the Business of Tech.

[00:00:36] In what has been described as the worst telecommunications hack in U.S. history, Chinese government hackers,

[00:00:42] known as Salt Typhoon, have infiltrated American telecom infrastructure, allowing them to listen

[00:00:48] to phone calls and read text messages.

[00:00:51] Reports from The Washington Post and New York Times reveal that fewer than 150 individuals

[00:00:56] have been identified as having their communications monitored.

[00:00:59] However, the potential number of affected people could reach millions.

[00:01:04] The breach, first reported in October, has raised alarms among U.S. officials, including

[00:01:09] Senator Mark Warner, who warned that the networks remain compromised and repair could require

[00:01:15] replacing outdated equipment.

[00:01:17] Warner emphasized that this espionage effort predates the recent elections, with the infiltration

[00:01:24] occurring months ago.

[00:01:25] All major U.S. carriers, including AT&T, Verizon, and T-Mobile, have been impacted, leaving U.S.

[00:01:32] cybersecurity vulnerable as the nation approaches a critical transition period.

[00:01:37] And a joint investigation by Wired, Bayreischer-Runfunk, and netspolitic.org reveals serious national

[00:01:44] security risks posed by U.S. companies selling data advertising data, which can track the movements of

[00:01:51] American military personnel overseas. This data, which includes detailed movement patterns of troops in

[00:01:58] Germany, raises significant concerns about national security and the safety of service members.

[00:02:03] For instance, nearly 2,000 devices were tracked at Ramstein Air Base, and about 191,000 signals were

[00:02:11] recorded at Gruffenwar training area, where U.S. troops train Ukrainian soldiers. Data from a Florida-based

[00:02:19] broker included over 3.6 billion location coordinates from up to 11 million mobile advertising IDs, revealing

[00:02:28] sensitive patterns of U.S. service members, including those stationed at those key military sites in

[00:02:33] Germany. In a significant development for chief information security officers, New Jersey-based

[00:02:39] insurer Crum and Forster has launched a professional liability insurance policy specifically designed to

[00:02:46] protect CISOs from personal liability. Traditionally, these executives have been excluded from coverage

[00:02:52] under directors' and officers' liability policies, leaving them vulnerable in the face of potential

[00:02:57] legal claims. The new policy can be obtained individually or through a company and offers

[00:03:03] consulting work even on a pro bono basis. Costs for this insurance typically range from $3,000 to $5,000

[00:03:10] per insured person depending on various factors, including coverage limits and company status.

[00:03:16] The policy offers zero deductible defense costs and broad claims coverage, providing CISOs with robust

[00:03:23] protection against personal liabilities. Why do we care? With all major U.S. carriers implicated,

[00:03:30] this hack isn't just about espionage. It's about the fragility of a foundational component of modern IT

[00:03:36] services—secure communications. And the unchecked sale of digital advertising data poses not just privacy

[00:03:43] risks but tangible national security threats. For IT service providers managing sensitive data or

[00:03:49] supporting industries like defense, the commoditization of location data highlights a dangerous blind spot

[00:03:55] in supply chain governance. And the introduction of CISO-specific liability insurance acknowledges the

[00:04:01] evolving role of cybersecurity leaders and the risks they face. IT services firms, especially those offering

[00:04:08] virtual CISO services, should see this as an opportunity to both protect and empower cybersecurity professionals.

[00:04:15] So some action items? Perform risk assessments on clients' communications infrastructures, monitor evolving

[00:04:22] regulations to ensure compliance readiness, and partner with insurers to bundle liability coverage

[00:04:27] into cybersecurity consulting packages. Today's episode is supported by Huntress. You want to focus on

[00:04:37] your clients and are always looking for ways to get more time. Use Huntress's fully managed cybersecurity platform

[00:04:44] to fight off cyber threats. Huntress is more than cybersecurity software for endpoints and identities.

[00:04:50] It's a 24 by 7 security operations center. It's security awareness training, community engagement,

[00:04:57] and dedicated partner support with an average CSAT score of 99.3%. Technology can only get you so far.

[00:05:05] Human expertise is what's needed to truly elevate and protect small businesses. And you get that with Huntress.

[00:05:24] A European cloud group known as the Cloud Infrastructure Service Providers in Europe has launched the European

[00:05:31] Cloud Competition Observatory to monitor Microsoft's compliance with a recent settlement aimed at enhancing

[00:05:37] market competition competition. This initiative follows Microsoft's agreement to settle that involved a $22 million

[00:05:44] payment and changes to its licensing practices after accusations of anti-competitive behavior.

[00:05:50] The Observatory will also scrutinize licensing practices of other major players like Broadcom and

[00:05:56] VMware to ensure fair competition in the market. The Observatory is set to release progress reports in February and April

[00:06:03] 2025 as it seeks to address unfair software licensing practices that can restrict customer choices and

[00:06:10] inflate costs for cloud users in Europe. And Federal Communications Commission Chairwoman Jessica Rosenworcel has

[00:06:17] announced that she will step down from her position on January 20, 2025, coinciding with the inauguration of

[00:06:23] President-elect Donald Trump. Rosenworcel, the first woman to lead the FCC, highlighted her tenure as an honor and

[00:06:30] emphasized her commitment to closing the digital divide. Under her leadership, the Affordable

[00:06:34] Connectivity Program assisted over 23 million low-income housing in accessing high-speed internet.

[00:06:40] Additionally, she addressed the homework gap, helping more than 17 million students secure essential

[00:06:45] online learning tools. Rosenworcel also launched the FCC's first-ever Space Bureau to enhance U.S.

[00:06:52] leadership in satellite communications and updated the agency's broadband definition, increasing the benchmark from

[00:06:58] 25 megabits per second to 100 megabits per second. The Cybersecurity and Infrastructure Security Agency has

[00:07:05] launched a new education platform called CISA Learning, aimed at providing modern cybersecurity training to its

[00:07:11] staff, the federal workforce, veterans, and external users. This platform replaces both the agency's internal

[00:07:18] education system and the federal virtual training environment, which served over 500,000 users, including 412,000

[00:07:26] federal employees, and 25,000 individuals from state and local governments. CISA Learning offers courses in

[00:07:32] various areas, including cloud security and ethical hacking, while allowing users to track their progress

[00:07:37] and customize their learning experiences. The initial operational capacity is now live, with plans for

[00:07:43] continuous improvement in user experience and course suggestions. Why do we care? By monitoring compliance,

[00:07:50] the requirements, this initiative could lead to increased flexibility for European businesses and cloud

[00:07:55] vendor selection. This is especially relevant for smaller IT service providers who may struggle with

[00:08:00] restrictive licensing terms. Be warned, monitoring compliance and enforcing settlements can be slow

[00:08:06] and bureaucratic, potentially delaying meaningful change in licensing practices. Jessica Rosenworcel's departure

[00:08:13] marks a significant change in leadership for an agency that has had substantial influence on broadband access,

[00:08:19] digital equity, and telecommunications policy. The transition could shift priorities, potentially

[00:08:25] impacting IT infrastructure investments. And CISA Learning aims to address a critical skills gap in

[00:08:31] cybersecurity, a sector that directly impacts IT service providers and managed security services. As cyber

[00:08:37] threats grow in volume and complexity, the platform's success could indirectly bolster the broader workforce

[00:08:43] readiness in this domain. Plus, it's a resource to use. OpenAI has halted access to its

[00:08:51] upcoming video generation tool, Sora, following a protest by a group of artists who leaked access to

[00:08:58] the tool. These artists raised concerns about their treatment, claiming they were used as public relations

[00:09:03] puppets with minimal compensation for their contributions. Although hundreds of artists were granted early access to

[00:09:09] test Sora, about 20 of them voiced that OpenAI exploited their unpaid labor. And Uber Technologies has launched a

[00:09:17] new division called Scaled Solutions, focusing on artificial intelligence training and data labeling services.

[00:09:23] This initiative aims to connect businesses with independent contractors for virtual annotation tasks necessary

[00:09:30] for training AI models. Scaled Solutions is already serving notable clients like Aurora Innovation and Ninantic.

[00:09:37] The company plans to onboard contractors globally, including in regions such as India, the United States, Canada,

[00:09:43] Poland, and Nicaragua. Workers will be compensated on a per-task basis, although concerns persist regarding fair

[00:09:51] pay, particularly in developing countries. Why do we care? There's a problem when your beta testers

[00:09:58] leak your product. OpenAI's reliance on artists for feedback without compensation or transparency reveals a

[00:10:05] misstep in stakeholder engagement. IT companies must recognize the long-term value of ethical collaboration,

[00:10:11] particularly when working with creative or technical communities. I also wanted to highlight how Uber is

[00:10:17] coming for advanced technical work as gig work. For IT service providers, this move signals both an

[00:10:23] opportunity and a warning about the competitive landscape for labor-intensive AI support services.

[00:10:29] IT service providers should take these developments as cues to invest in ethical frameworks, robust compliance

[00:10:35] practices, and differentiated services to sustain trust and competitiveness in the market.

[00:10:43] Before Thanksgiving in the US, let's do some big ideas to contemplate on the couch after all that turkey.

[00:10:49] I covered that story about doctors and their use of AI. One useful thing goes deeper on why. A recent

[00:10:56] paper has highlighted the challenges doctors face when using artificial intelligence, specifically the model

[00:11:01] GPT-4 for diagnosing diseases. Despite the model's impressive accuracy, doctors using AI performed no better

[00:11:09] than their peers who did not, and both groups were outperformed by the AI alone. This phenomenon is attributed to

[00:11:16] algorithmic aversion, where doctors often disregard AI recommendations that conflict with their judgment.

[00:11:23] The study indicates that most users struggle with effectively utilizing AI, often treating it like a search

[00:11:30] engine rather than a comprehensive diagnostic tool. Experts suggest that learning to use AI for specific

[00:11:37] tasks can enhance its utility, emphasizing the importance of spending about 10 hours engaging with the technology

[00:11:44] to develop a better understanding of its capabilities. The key takeaway is that while AI can be a powerful ally,

[00:11:51] effective prompting and open-mindedness in its application are crucial for maximizing its potential in medicine.

[00:11:58] In the debate about human versus AI, in a recent discussion about the future of work, computer scientist Jeffrey Hinton

[00:12:05] warned that artificial intelligence could soon outperform humans across various occupations, potentially

[00:12:12] leading to widespread unemployment and rising inequality. He emphasized that while AI can replicate many

[00:12:18] cognitive tasks, it cannot replace the unique human traits that are valued in the workplace, such as vulnerability and social connections.

[00:12:26] The article outlines seven significant advantages humans hold over AI, starting with the fact that

[00:12:32] approximately 84 million jobs in the U.S. require physical presence and cannot be effectively performed remotely.

[00:12:38] These include roles in food preparation, healthcare, and education. Furthermore, while automation may eliminate some

[00:12:45] positions, it often creates new ones, as seen in food preparation facilities where robots complement human workers.

[00:12:52] The article concludes that the ability to form genuine relationships, the independence of human judgment,

[00:12:58] and the scarcity of human attention will ensure the continued importance of human labor in the economy,

[00:13:04] despite the advancements in AI technology.

[00:13:07] And with a title like, AI hasn't shittified America's advanced stealth fighter, I had to know more.

[00:13:13] A recent report from the Office of the Director of Operational Test and Evaluation highlights significant issues with the F-35 stealth fighter jet,

[00:13:21] particularly its maintenance software known as the Autonomic Logistics Information System.

[00:13:27] The report reveals that the system, initially pitched as a user-friendly maintenance hub,

[00:13:32] has instead created numerous challenges, including high false alarm rates that lead to unnecessary maintenance tasks.

[00:13:39] Despite promising to streamline operations, the software has been criticized for its poor usability and has led to distrust among maintenance crews.

[00:13:49] Lockheed Martin is attempting to replace the system with a new solution called the Operational Data Integrated Network,

[00:13:55] but it has yet to be tested.

[00:13:57] This comes amid a backdrop of ongoing problems with the F-35, which have faced scrutiny for its performance and reliability,

[00:14:04] raising concerns as the Pentagon prepares to invest trillions in its continued production and support.

[00:14:11] Why do we care?

[00:14:13] Ask yourself these three questions.

[00:14:15] How might organizations and individuals be coupled with AI technologies to overcome algorithmic aversion?

[00:14:23] How can Hinton's insights provide some of those logical steps?

[00:14:27] And what lessons of over-complexity can we take from the F-35 to drive better results?

[00:14:33] Are you ready to get your brand in front of the tech leaders shaping the future of managed services?

[00:14:41] Here at the Business of Tech, we offer flexible sponsorship opportunities to meet your needs,

[00:14:47] whether it's live show sponsorship, podcast advertising, event promotion, or custom webinars.

[00:14:53] From affordable exposure options to exclusive sponsorships,

[00:14:57] our offerings are designed to fit businesses and vendors of all sizes looking to make an impact.

[00:15:02] Prices start at just $500 per month, making our packages a fraction of typical event sponsorship costs.

[00:15:11] Be a part of the conversation that matters to IT service providers worldwide.

[00:15:17] Join us at MSP Radio and amplify your message where it counts.

[00:15:22] Visit MSPRadio.com slash Engage today to explore all the ways we can help you grow.

[00:15:30] Thanks for listening.

[00:15:32] Apparently, it's Drinksgiving, one of the busiest nights at bars.

[00:15:35] It's also National Jukebox Day.

[00:15:38] It'll be the Thanksgiving holiday in the U.S., and you'll get lots of bonus content to celebrate.

[00:15:43] Tomorrow, my interview with Dennis O'Shea, who launched his MSP focused on mobile.

[00:15:48] Friday, Ken Carnisi gives us insights on DNS and AI.

[00:15:52] Saturday, you'll get my Q&A live show, and on Sunday, an interview with Colin Britton about the future of the device management space.

[00:16:01] If you've enjoyed the show, give it a review, and make sure you've subscribed or followed on your favorite platform.

[00:16:06] Talk to you again with the news on Monday.

[00:16:09] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines, posted at businessof.tech.

[00:16:17] If you like the content, please make sure to hit that like button, follow, or subscribe.

[00:16:22] It's free and easy, and the best way to support the show and help us grow.

[00:16:26] You can also check out our Patreon, where you can join the Business of Tech community at patreon.com slash mspradio,

[00:16:35] or buy our Why Do We Care merch at businessof.tech.

[00:16:40] Finally, if you're interested in advertising on this show, visit mspradio.com slash engage.

[00:16:46] Once again, thanks for listening to me, and I'll talk to you again on our next episode of the Business of Tech.

[00:16:55] Part of the MSP Radio Network.