Cybersecurity Threats, Microsoft Price Hikes, AI in Consulting, and Password Trends Explored

[00:00:04] It's Thursday, November 14th, 2024, and I'm Dave Sobel for Things to Know Today.

[00:00:10] Volt Typhoon resurfaces with advanced attacks on critical infrastructure.

[00:00:15] CISA and TSA cybersecurity efforts as secure by design in NIST framework are gaining ground.

[00:00:21] Microsoft's price hike targets, monthly subscriptions, and premium services with Teams phone to rise by 25%.

[00:00:29] And IT consultancies doubled down on AI, data, and integration. This is the Business of Tech.

[00:00:38] The security scorecard strike team has uncovered a renewed threat from the state-sponsored cyber espionage group Volt Typhoon,

[00:00:47] which targets critical infrastructure using outdated devices like Cisco and Netgear routers.

[00:00:52] Once thought to be dismantled, Volt Typhoon has become more sophisticated,

[00:00:57] compromising 30% of visible Cisco RV320 and 325 routers in just 37 days.

[00:01:05] Their tactics include operating a botnet named JDYFJ, which masks itself using encrypted channels.

[00:01:13] A significant concern is the reliance on legacy technology, which makes sectors like energy vulnerable.

[00:01:19] A report by Security Scorecard and KPMG indicates that third-party breaches account for 45% of incidents in the U.S. energy sector.

[00:01:29] As global law enforcement disrupts parts of the botnet, Volt Typhoon quickly adapts by establishing new command servers.

[00:01:37] Why do we care?

[00:01:38] Well, this was highlighted by two security experts while I was at IT Nation last week and one of their biggest concerns, rogue access to core infrastructure.

[00:01:48] Now, the obvious answer is make sure your customers are not exposed, but also to push for better vendor responsibility here.

[00:01:57] Are you and your clients tired of the time-consuming ticket tennis of coordinating meetings and help desk calls?

[00:02:06] Wouldn't it be better to automate this process with a tool that connects directly to ConnectWise Manage or Autotask?

[00:02:15] TimeZest offers scheduling automation that gives you complete control of your schedule and eliminates the hassle of calendar ping-pong.

[00:02:24] As the only service designed specifically for MSPs, it integrates into your workflow and makes scheduling appointments easy on you and your clients.

[00:02:33] Plus, you can try TimeZest for free. Visit TimeZest.com slash MSB Radio and use the code MSB Radio to get 10% off your first year of TimeZest.

[00:02:50] Jack Cable from CISA provided an update on the progress of the Secure by Design pledge, emphasizing its importance in enhancing cybersecurity around the U.S.

[00:02:58] He highlighted that more than 100 companies have committed to adopting secure development practices, a significant increase from the previous year.

[00:03:07] Cable also noted that a recent survey by Cybersecurity Ventures revealed that 60% of organizations believe Secure by Design principles will significantly reduce vulnerabilities in their software.

[00:03:19] Looking ahead, he urged continued collaboration between government and industry to ensure these initiatives lead to tangible improvements in security standards.

[00:03:28] The Transportation Security Administration has proposed new cybersecurity regulations to protect high-risk pipelines and railroad operators from cyber threats.

[00:03:38] This initiative, which builds on previous security directives following incidents like the 2021 Colonial Pipeline ransomware attack, requires nearly 300 operators, including 73 freight railroads and 115 pipeline facilities,

[00:03:52] to establish cyber risk management programs under the National Institute of Standards and Technology's cybersecurity framework.

[00:04:00] Additionally, operators would be mandated to report cyber incidents to the Cybersecurity and Infrastructure Security Agency within 24 hours.

[00:04:09] The proposed rule is open for public comment until February 5th, 2025.

[00:04:14] And in the 2024 edition of NordPass's annual report on the most commonly used passwords, the most popular password in the U.S. is secret, followed by 123456 and password.

[00:04:29] Overall, across 44 countries, the most common password remains 123456.

[00:04:35] Notably in Canada, QWERTY123 tops the list, while in Mexico, 123456 is the most frequently used password.

[00:04:44] People still use awful passwords.

[00:04:48] A recent survey by the FIDO Alliance reveals that awareness and adoption of past keys has significantly increased,

[00:04:54] with 57% of respondents now familiar with them, up from 39% in 2022.

[00:05:00] A survey reached 10,000 consumers across multiple countries and found that 62% of those aware of past keys use them for their online accounts.

[00:05:09] Meanwhile, the reliance on passwords is declining, with only 28% of respondents entering passwords manually in the last two months, compared to 38% the previous year.

[00:05:20] Experts emphasize that past keys, which utilize public key cryptography and myometric authentication, enhance security and reduce the risk of cyber attacks.

[00:05:28] Over half of the participants reported increased online scams this year, highlighting the need for stronger authentication methods.

[00:05:35] Currently, 20% of the top 100 global websites support past keys, and industry leaders are pushing for broader adoption in the coming year.

[00:05:44] Why do we care?

[00:05:46] Across these updates, two main themes emerge.

[00:05:49] The shift to proactive design-oriented security, then the drive towards password-less authentication methods.

[00:05:55] Both trends suggest a possible future where security becomes a foundational element rather than an afterthought,

[00:06:02] a reality that IT service providers should prepare for now.

[00:06:06] Embrace vendors who embrace secure by design and secure by default, and pressure those who do not.

[00:06:15] Microsoft will implement a 5% premium on annual subscriptions with monthly billing for various services starting April 1, 2025.

[00:06:24] The change, effective from December 1, 2021 for Microsoft 365 CoPilot and other CoPilot subscriptions, aims to provide customers with cash flow flexibility.

[00:06:33] Additionally, prices for Teams Phone will increase by 25%, and Power BI will see a price hike of up to 40%.

[00:06:41] Notably, the new Teams Phone pricing will cost $120 per user annually.

[00:06:47] Microsoft's chairman, Sachi Nadella, highlighted that usage of the Teams platform is at an all-time high, with nearly 75% of enterprise customers now using premium features.

[00:06:56] The price adjustments are part of Microsoft's strategy to align pricing consistency across its services.

[00:07:02] Microsoft has officially released Windows 11 ISO media for ARM 64 PCs, allowing users to clean install the operating system directly on their devices.

[00:07:12] This significant development, anticipated for years, includes ISOs sized around 5GB, designed primarily for virtual machines but also compatible for direct installation.

[00:07:23] While the ISOs will boot seamlessly on the latest Snapdragon X processors, older models like the Snapdragon 8CX Gen3 require additional steps to integrate necessary drivers before installation.

[00:07:36] And VMware has announced that its desktop hypervisors, VMware Fusion and VMware Workstation, are now free for everyone to use for commercial, educational and personal uses.

[00:07:48] This change comes after the company previously offered the Pro versions for personal use free.

[00:07:53] Users can access all features without costs, although support ticketing will no longer be available.

[00:07:59] Broadcom, which oversees VMware, confirmed that existing commercial contracts will remain effective until their term ends.

[00:08:07] The company is committed to continuing development and timely updates for these tools.

[00:08:12] A new security feature in iOS 18 makes it increasingly difficult for law enforcement to unlock iPhones.

[00:08:18] The feature reboots devices that haven't been unlocked for four days, placing them in a more secure before first unlock state and requiring users to enter their passcodes.

[00:08:30] This change has frustrated police as it limits access to data during investigations.

[00:08:36] According to 404 Media, the introduction of this inactivity reboot code was first reported on November 9th, 2024.

[00:08:44] And Google has announced that multi-factor authentication, or MFA, will become mandatory for all Google Cloud accounts by the end of the year.

[00:08:52] Around 30% of Google Cloud users do not utilize MFA.

[00:08:56] Starting this month, they will receive reminders to enable it.

[00:08:59] The rollout will occur in three phases, with notifications for new and existing users beginning in early 2025.

[00:09:06] By the end of 2025, MFA will be required for all users, according to the announcement.

[00:09:11] Research from the Cybersecurity and Infrastructure Security Agency shows that MFA reduces the likelihood of being hacked by 99%.

[00:09:19] Why do we care?

[00:09:20] Well, this is very much a list of tactical updates, moves you need to know about.

[00:09:25] I'll highlight that Windows on ARM is at a key point where investment is significant.

[00:09:30] That's the second story this week.

[00:09:34] Time for some big ideas.

[00:09:36] From Information Week, in a recent analysis, IT consultancies are gearing up to focus on artificial intelligence, data governance, and platform integration as they look toward 2025.

[00:09:47] According to West Monroe Partners, organizations must prioritize building robust data platforms to support long-term business objectives.

[00:09:55] As AI technologies evolve, clean and accessible data is crucial for unlocking new opportunities.

[00:10:01] Consulting firms emphasize the growing demand for specialized expertise in AI and data-driven fields, with many clients seeking help modernizing their legacy systems and enhancing operational efficiencies.

[00:10:13] The need for upskilling in organizational design and change management is also increasing, as businesses strive to integrate AI into their operations effectively.

[00:10:22] As reported, firms like SmartBridge are transitioning from technology service providers to strategic partners, helping clients navigate broader digital strategies that future-proof their business models.

[00:10:34] And trying to understand Broadcom better is runtime.

[00:10:39] Broadcom is making a significant move in the cloud computing space with its $61 billion acquisition of VMware, shifting the focus towards private cloud solutions.

[00:10:48] CEO Huck Tan emphasized that the company's vision for the future of enterprise technology is to be centered on private infrastructure, as VMware rolls out new features aimed at retaining customers amid rising costs and competitor threats.

[00:11:03] Customers have reported a staggering 300% increase in VMware account pricing since the acquisition, leading Gardner to predict that half of enterprises will explore alternative hybrid infrastructure solutions within the next few years.

[00:11:18] And remember that Polish radio station I covered that tried out AI-generated hosts?

[00:11:23] Well, off-radio Krakow faced public outrage after the artificial intelligence conducted a simulated interview with the late, also known as dead, Nobel laureate Wisla Sibroska.

[00:11:36] The station, struggling with dwindling listenership, claimed the AI-generated interview aimed to attract a younger audience, boosting its listener count from nearly zero to 8,000 overnight.

[00:11:47] Critics, including former hosts and public figures, condemned the move as unethical, warning it sets a dangerous precedent for replacing human jobs in media.

[00:11:57] The head of radio Krakow claimed the intent was not to replace humans, but to revive the station.

[00:12:03] However, following the backlash, the AI experiment was suspended, emphasizing ongoing concerns about the potential impact of AI in creative industries.

[00:12:12] And from the Washington Post, in better applications of AI, country music legend Randy Travis, known for his iconic baritone voice, experienced a heartbreaking loss of his singing ability.

[00:12:24] But thanks to advancements in artificial intelligence, he's made a remarkable comeback.

[00:12:29] Travis released a new song titled Where That Come From this year, touted as the first AI-generated song produced with the artist's involvement and consent.

[00:12:40] The music industry is cautiously optimistic about the technology, reflecting on the possibilities it presents for artists facing similar challenges.

[00:12:48] The development comes as discussions around AI's role in music continue to grow, with the industry grappling with its implications.

[00:12:57] Why do we care?

[00:12:59] I happen to believe IT consultancy is the new hotness.

[00:13:03] I value precision advice.

[00:13:06] Broadcom tells you why they're doing what they're doing.

[00:13:08] And more importantly, less emphasis on smaller customers.

[00:13:12] Believe them.

[00:13:14] AI replacing humans continues to be a bad idea, but assisting humans can lead to beautiful things like Travis's voice being restored.

[00:13:23] With his blessing.

[00:13:26] Today's episode is supported by CoreView.

[00:13:29] CoreView.

[00:13:29] Your customers need your Microsoft 365 expertise, and CoreView has the only M365 management platform designed for MSPs.

[00:13:38] Manage hundreds of tenants, automate manual tasks, and monitor compliance, all while intelligently comparing to the baseline.

[00:13:46] With a no-code control approach, CoreView revolutionizes your Microsoft 365 administration.

[00:13:51] This powerful platform enables automatic reporting and remediation, ensuring optimal performance and security.

[00:13:59] The best part?

[00:14:00] You achieve this high level of service without the need for a large workforce, allowing you to focus on growing your business through efficiency.

[00:14:08] Want to know more?

[00:14:10] Visit coreview.com slash MSP and find out more.

[00:14:16] Thanks for listening.

[00:14:18] It's National Pickle Day, World Diabetes Day, and International Girls Day.

[00:14:23] Put on your seatbelt for National Seatbelt Day.

[00:14:26] Hold your National American Teddy Bear Day while you wear your National Family PJ Day.

[00:14:32] Big ideas came early as I wanted to start sharing some of the interviews I recorded at IT Nation.

[00:14:38] Tomorrow, you'll hear from ConnectWise's Jeff Bishop to go deeper on the ASIO platform.

[00:14:43] Saturday, you'll get the live show from Wednesday, a conversation with Ryan Morris and Luis Geraldo about commoditization in the MSP space.

[00:14:52] And on Sunday, Peter Kujawa is back with more insights on service provider revenues from Q3.

[00:14:59] I'm back on Monday with the news.

[00:15:01] Got a comment or a thought on a story?

[00:15:03] Put it in the comments if you're on YouTube or reach out on LinkedIn if you're listening to the podcast.

[00:15:07] And if you like the show, give me a review.

[00:15:10] And make sure you subscribe or follow on your favorite platform.

[00:15:14] Talk to you again on Monday.

[00:15:17] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech.

[00:15:24] If you like the content, please make sure to hit that like button, follow or subscribe.

[00:15:30] It's free and easy and the best way to support the show and help us grow.

[00:15:35] You can also check out our Patreon where you can join the Business of Tech community at patreon.com slash MSP radio or buy our Why Do We Care merch at businessof.tech.

[00:15:47] Finally, if you're interested in advertising on this show, visit MSP radio.com slash engage.

[00:15:54] Once again, thanks for listening to me.

[00:15:57] I'll talk to you again on our next episode of the Business of Tech.

[00:16:04] Part of the MSP radio network.

[00:16:06] again on our next episode of the Business of Tech.

[00:16:06] Thank you.