Cybersecurity & Ransom Payments, Open Source Mandate, , Google's Cookie Reversal, AI Advancements

[00:00:00] It's Wednesday, July 24th, 2024, and I'm Dave Sobel. Three things to know today. We talk more cybersecurity with a Windows Hello issue and fix, AT&T paid the ransom, the Swiss go open source and CIS's leadership changes, Google reverses their third-party

[00:00:20] cookie phase-out, what it means, and OpenAI and Meta's latest advances, Instruction Hierarchy, LLAMA 3.1, and the Business Implications. This is the Business of Tech. CrowdStrike wasn't the only security news. Microsoft's Windows Hello for Business authentication model, designed to be phishing-resistant, has been found to be vulnerable to downgrade attacks.

[00:00:48] Attackers can intercept and alter authentication requests, downgrading Windows Hello for Business to less secure authentication methods. Microsoft has released a fix for this vulnerability, and a security researcher will demonstrate the attack and mitigation at Black Hat USA 2024.

[00:01:05] Administrators can now activate a new conditional access capability called Authentication Strength to enforce phishing-resistant authentication. This fix ensures that users can only authenticate with secure methods. And I want to revisit that AT&T breach because it appears AT&T paid the ransom.

[00:01:24] AT&T's response involved paying a hacker $370,000 to delete the stolen call records, which seems to have mitigated the fallout. AT&T believed that the data stolen during the breach was never made public, but there may still be pockets of customer data floating around hacking circles. They aren't alone.

[00:01:45] 84% of security professionals surveyed earlier this year said their company had paid ransoms after being attacked. And here's a different approach. Switzerland has passed a groundbreaking law, the Federal Law on the Use of Electronic Means for the Fulfillment of Governmental Tasks, or MBAG, which mandates using open-source

[00:02:07] software in the public sector. The law requires public bodies to disclose the source code of software developed by or for them, promoting transparency, security, and efficiency. The implementation of MBAG is expected to serve as a model for other countries.

[00:02:26] The Cybersecurity and Infrastructure Security Agency has published a playbook for resilience planning in critical infrastructure. The playbook provides guidance on improving security and resilience, minimizing the impact of cyberattacks, and reducing system restoration costs. It includes processes, tabletop exercises, and key actions for resilience planning.

[00:02:48] The playbook is a voluntary resource and does not carry any regulations or statutory authority. And speaking of CISA, Brandon Wales, the executive of the agency, will be leaving the agency after three years. Bridget Bean will take over as the new executive director in August.

[00:03:06] Wales played a critical role in guiding CISA through major cybersecurity threats and shaping the agency's strategic plan. This departure follows the recent departure of Eric Goldstein, the executive assistant for cybersecurity at CISA. Why do we care?

[00:03:22] Well, tactically, make sure your Windows Hello settings are correct and the PICs applied. Also leverage that CISA playbook and know that CISA is maturing, like most organizations, with changes in leadership. Strategically, I'm with the security experts who say not to pay ransoms.

[00:03:39] And I believe this should be your plan, expecting not to pay the ransom. That said, it appears I'm in the minority. And know that it's possible to go entirely different routes than everyone else. The Swiss government has gone all open source.

[00:03:55] No one says you have to do everything like everyone else. Today's episode is supported by Huntress. If you want to focus on your clients and are always looking for ways to get more time, use Huntress' fully managed cybersecurity platform to fight off cyber threats.

[00:04:15] Huntress is more than cybersecurity software for endpoints and identities. It's a 24 by 7 security operations center. It's security awareness training, community engagement, and dedicated partner support with an average CSAT score of 99.3%. Security can only get you so far.

[00:04:34] Human expertise is what's needed to truly elevate and protect small businesses. And you get that with Huntress. Secure your clients and help them thrive with the number one rated EDR for SMBs on G2. Visit huntress.com slash MSP radio to find out more.

[00:04:53] Google has abandoned its plan to drop support for third party cookies in Chrome. Instead, the company will introduce a new experience that allows users to make an informed choice about their web browsing privacy. The Privacy Sandbox, a suite of APIs for privacy protecting online ad delivery and analytics,

[00:05:12] will coexist with third party cookies in Chrome. This decision comes after Google's five year effort to build a privacy preserving ad tech stack faced opposition from online advertisers. Why do we care? Well, five years of effort is reversed here.

[00:05:28] Your marketing teams will want to know about this change, as they may well be very relieved. The industry's heavy reliance on third party cookies for targeted advertising and performance measurements made the initial phase out plan a significant concern. We'll see what's next.

[00:05:47] OpenAI has developed a technique called instruction hierarchy to address the issue of AI models being tricked by injecting misleading instructions. This technique prioritizes the developer's original prompt and prevents the model from being influenced by unauthorized instructions.

[00:06:04] The new safety method has been implemented in OpenAI's GPT-4.0 mini model, making it more resistant to prompt injections. And Meta has released LLAMA 3.1, an open source AI model that outperforms OpenAI's GPT-4.0 LLAMA 3.1 is the largest ever open source AI model and was trained with NVIDIA's H100 GPUs.

[00:06:32] Meta aims to make LLAMA the most widely used assistant by the end of the year, as working with companies like Microsoft, Amazon and Google to deploy their own versions. According to a survey by Capgemini, 90% of businesses are exploring generative AI with

[00:06:48] IT, risk management and logistics being the most common adoption routes. Generative AI adoption has improved productivity, customer engagement, operational efficiency and sales. However, concerns about bias in models and a lack of clarity around model fairness in training data remain.

[00:07:06] A recent study from the University of Pennsylvania found that while using AI tools like ChatGPT in schools can improve performance, it can also inhibit learning. The study showed that students with access to generative AI tutors performed 17% worse than their non-AI assisted peers when the tools were removed.

[00:07:27] This research highlights the need for vigilance and technical understanding when using AI in education. Why do we care? Another day, another set of models. Meta really is leaning into open source in a big way.

[00:07:42] Moving beyond the model updates, the right tool for the right job remains the theme. Everyone's exploring, but not every use case produces the improvements hoped for. This is good news. The business of advice and measuring success is exactly where IT service providers want to be.

[00:08:00] Are you and your clients tired of the time-consuming ticket tennis of coordinating meetings and help desk calls? Wouldn't it be better to automate this process with a tool that connects directly to ConnectWise Manage or Autotask? TimeZest offers scheduling automation that gives you complete control of your schedule

[00:08:24] and eliminates the hassle of calendar paintball. As the only service designed specifically for MSPs, it integrates into your workflow and makes scheduling appointments easy on you and your clients. Plus, you can try TimeZest for free.

[00:08:41] Visit timezest.com slash msbradio and use the code MSBRADIO to get 10% off your first year of TimeZest. Thanks for listening. Today is National Tequila Day, it's National Day of Motoring, and National Drive-Thru Day. Two of those go together. Maybe it's fun to figure out which two.

[00:09:07] Have a question you want answered? We do take those listener questions, send them in, ideally as a voice member or video, to question at msbradio.com. I answer listener questions live. Next week it'll be on Wednesday at our live show, 3 p.m. Eastern on YouTube and LinkedIn.

[00:09:21] Now if you've got a comment or a thought on a story, put it in the comments if you're on YouTube, and reach out on LinkedIn if you're listening to the podcast. I will talk to you again tomorrow.

[00:09:33] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines. Post it at businessof.tech. If you like the content, please make sure to hit that like button, follow or subscribe.

[00:09:46] It's free and easy and the best way to support the show and help us grow. You can also check out our Patreon where you can join the Business of Tech community at patreon.com.msbradio or buy our Why Do We Care merch at businessof.tech.

[00:10:02] Finally, if you're interested in advertising on the show, visit msbradio.com. Once again, thanks for listening to me. I'll talk to you again on our next episode of the Business of Tech.