Cybersecurity Milestones and Market Shifts, Microsoft's Price Hike and the Push for Windows 11

[00:00:02] It's Wednesday, January 22nd, 2025 and I'm Dave Solt. Four things to know today. Cybersecurity Milestones amid a crisis, the US critical infrastructure secured while cybercrime surges. AvePoint expands their MSP platform amid an $80 billion cybersecurity market surge. Upgrade or else, Microsoft raises prices and pushes users towards Windows 11 and Copilot AI and, who is the MSP Collective?

[00:00:29] They're building a trusted directory for critical infrastructure security. This is the Business of Tech. In the final days of the Biden administration, Ann Nürburgring, the Deputy National Security Advisor for Cyber and Emerging Technology, reflected on her team's achievements, highlighting the establishment of baseline cybersecurity requirements for critical infrastructure with 100% compliance among US pipelines.

[00:00:56] 70% of railways now comply with their base-running requirements, and she added that 60% of airports also now follow new requirements as of last week. US prosecutors have linked the arrest of Army communications specialist Cameron Jardwagnius to a significant theft of phone records from AT&T and Verizon.

[00:01:16] Wagnius was arrested in Texas on December 20th and is accused of unlawfully transferring confidential phone records as part of a larger scheme involving hackers who breached the cloud computing company Snowflake. Approximately 50 billion records were compromised, affecting numerous companies, including AT&T, which lost nearly all its customer call records. Prosecutors stated that both Wagnius and the alleged hackers are connected through overlapping evidence in the case.

[00:01:44] Wagnius is currently detained in Washington state as investigations continue into the cyber attack. President Donald Trump has dismissed all members of the Cyber Safety Review Board within the Department of Homeland Security, including former CISA head Chris Krebs. This action comes as the board was investigating the Chinese state-sponsored hacking group known as Salt Typhoon, responsible for breaches and at least nine telecommunication networks in recent months.

[00:02:12] Acting Homeland Security Secretary Benjamin C. Huffman stated that the dismissals were intended to prevent a misuse of resources. The future of the Cyber Safety Review Board remains uncertain, with a letter indicating that dismissed members may reapply in the future. The board was originally formed as part of President Biden's 2021 executive order aimed at reviewing significant cyber incidents affecting the federal executive branch. Why do we care?

[00:02:42] I'm struck by the dichotomy of the previous team laying out of their data of what was accomplished and the incoming team firing investigators. As one focused on network security, I'd like to understand the how behind the Salt Typhoon breaches. The letter dismissing the group indicates potentials for new committees. We care to see if those are formed. Because the data shows that focus on these efforts brings results.

[00:03:07] Are your customers getting the most from their Microsoft 365 Business Premium subscriptions? Are you delivering maximum value while ensuring best-in-class margins? Nerdio's new modern work features let you streamline the management of Microsoft technologies like Azure Virtual Desktop, Windows 365, Intune and Defender. Reduce the need for multiple tools, consolidate your vendor stack and deliver greater value to your customers.

[00:03:35] Help your customers maximize their investments, free up your team for strategic tasks and drive meaningful business outcomes. With Nerdio Manager for MSP, a single flexible platform with mix and match plans ensures a flexible perfect fit for you and your customers. Deliver solutions that achieve real business impact. Visit GetNerdio.com to find out more.

[00:04:02] AavePoint, who focuses on data security and governance, has announced its agreement to acquire Yedentic. Y-D-E-N-T-I-C. a software-as-a-service company that specializes in centralized management for Microsoft managed services providers. This strategic acquisition, expected to close by the end of this month, aims to enhance AvePoint's Elements MSP platform by improving operational efficiency and security for managed service providers. With the cybersecurity managed services market exceeding $80 billion last year,

[00:04:32] the move positions AvePoint to capitalize on significant growth opportunities. The Identic, founded in 2017, has been recognized in Deloitte's Technology Fast 50 program for its impressive growth and innovative automation solutions. Why do we care? AvePoint's acquisition is a strategic move highlighting the growing importance of centralized tools, particularly those focused on Microsoft ecosystems.

[00:04:56] The acquisition aligns with broader trends in the MSP market, platform plays in particular, and positions AvePoint to expand its foothold in the cybersecurity managed services space. The MSP platform space continues to interest. Success hinges on seamless integration, real differentiation, and clear value articulation to providers. While the focus on Microsoft ecosystems positions AvePoint well for current trends,

[00:05:24] worth watching how they handle competition, those integration challenges, and the push for broader market relevance. I spotted this additional information about Microsoft's consumer products. Microsoft is increasing the price of its consumer Microsoft 365 bundle by $3 per month, marking the first price hike in 12 years. The monthly cost for Microsoft 365 personal will rise from $7 to $10, with the family plan will increase from $10 to $13 monthly.

[00:05:54] This change will provide subscribers access to those artificial intelligence features, including co-pilot AI assistant, across various applications such as Word and Excel. The price adjustment takes effect immediately for new subscribers, with existing users seeing the change upon renewal. Microsoft has announced that it will no longer support its Office applications on Windows 10 after October 14th of this year, coinciding with the end of support for the operating system itself.

[00:06:21] Users will need to upgrade to Windows 11 to continue using Microsoft 365 applications. Although the apps will continue to function after support ends, Microsoft warns of potential performance and reliability issues over time. The company is encouraging users to refresh their Windows 10 PCs, declaring 2020 as the year for this transition. Microsoft is also offering extended security updates, allowing consumers to pay $30 for an extra year of updates,

[00:06:48] while businesses can purchase up to three years of extended support. The push for Windows 11 comes amid strict hardware requirements that prevent many older machines from upgrading. And according to a recent Gartner survey, only 3.3% of IT leaders reported that Microsoft Co-Pilot has delivered significant value to their organizations. Microsoft's AI Red Team warns that the security of generative AI systems is an ongoing challenge,

[00:07:14] as their recent analysis of over 100 products revealed that these models not only amplify existing security risks, but they also create new ones. The team emphasizes that the task of securing AI will never be complete. They suggest that understanding the capabilities of AI systems is crucial for effective defense, and highlight that simpler attack methods may often be more effective than complex gradient-based attacks. Their findings are detailed in a pre-print paper,

[00:07:42] where they outline key lessons learned, including the importance of human oversight in red teaming and the pervasive but hard-to-measure harms of responsible AI. Microsoft is also implementing a significant change to its account sign-in process starting next month, where users will be automatically kept signed in to their Microsoft accounts unless they choose to sign out or use private browsing. This new policy, which affects usage on public computers, means that users will no longer receive a prompt

[00:08:12] to stay signed in each time they access their accounts. Users are urged to remember to sign out after their session or utilize private browsing to protect their information. If a user forgets to sign out, they can still remotely sign out from all devices except Xbox consoles. This update follows Microsoft's recent addition of past key support for consumer accounts, allowing users to sign in using biometric data or security keys. Why do we care?

[00:08:41] Copilot hasn't been an overwhelming success so far, sales-wise, and as any savvy salesperson will tell you, bundle, bundle, bundle. I both have to compliment them on the strategy to push adoption, and at the same time, question why adoption is low. There are a host of potential reasons, from product not working, to lack of training for users, to questionable ROI. Thematically, Microsoft's choices are pushing the drive to adoption they want.

[00:09:09] More AI and migration to Windows 11 being top priorities for the company. Your role with your customers is to ensure these align with their goals. I spotted a press release from the Managed Services Provider Collective announcing the launch of a validated directory of service providers who've achieved the Level 2 assessment certification from the Cybersecurity Maturity Model Certification, or CMMC. The directory aims to assist organizations

[00:09:38] seeking certified services to comply with their security requirements. Scott Edwards, the executive director of the MSP Collective, emphasized the organization's mission to support critical infrastructure sectors. Companies that have received their certification can request inclusion in the directory at no cost, with a validation process carried out in partnership with the assessing authority. The directory will expand as more providers achieve certification, enhancing the resources available for organizations needing reliable service providers.

[00:10:08] If you're asking who the MSP Collective is, I'm with you. From their websites, About Us. Quote, To inform the U.S. government and critical infrastructure industries on topics related to managed service providers and managed security service providers dedicated to the national security mission of maintaining a secure, functioning, and resilient critical infrastructure. End quote. On the website, there's also a membership application form with memberships starting at $2,500 annually,

[00:10:36] and LinkedIn lists the organization as founded in 2023. Why do we care? Scott Edwards is also CEO of Summit 7 at MSP, and board members Jacob Horn, Joy Belland, and Amy Edwards are all Summit 7 staff. You know the XKCD comic about standards? Sometimes I feel this is the situation with MSP groups, where there are so many, clearly the solution is to create another.

[00:11:04] Is a directory of those with certifications useful? Absolutely. Would I have preferred this be done by a trade association that existed rather than a new organization? Also absolutely. This collective feels like it should have been part of an existing organization. Thanks for listening. Today is National Blondie Brownie Day and National Hot Sauce Day. It's also National Grandpa Day. But I wouldn't add hot sauce to a blondie.

[00:11:34] Thank you, your grandpa. I'm doing live events with SMB Tech Fest tomorrow, Thursday, and Friday. Sign up for a virtual pass at smbtechfest.com. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too.

[00:12:03] If you want to support the show, visit patreon.com slash mspradio, and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech. Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video to question at mspradio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you've got a comment or a thought on a story,

[00:12:33] put it in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast. And if you want to advertise on the show, visit mspradio.com slash engage. Once again, thanks for listening, and I will talk to you again on our next episode. Part of the MSP Radio Network.