Google AI Cutbacks, MIT AI Risk Tool, CISA Ruling Impact, FCC Cybersecurity for Schools

[00:00:01] [SPEAKER_00]: It's Wednesday, August 14th, 2024, and I'm Dave Solbo.

[00:00:05] [SPEAKER_00]: Four things to know today.

[00:00:07] [SPEAKER_00]: Google scales back AI overviews among user complaints as MIT releases a comprehensive

[00:00:13] [SPEAKER_00]: AI risk tool.

[00:00:14] [SPEAKER_00]: CISA analyzes the Supreme Court ruling's impact as the FCC unveils a $200 million

[00:00:21] [SPEAKER_00]: cybersecurity program for schools.

[00:00:23] [SPEAKER_00]: SOC Radar responds to scraping allegations and Synchro launches AI-driven smart ticket

[00:00:30] [SPEAKER_00]: management.

[00:00:31] [SPEAKER_00]: This is the Business of Tech.

[00:00:35] [SPEAKER_00]: MIT has launched the AI Risk Repository, a comprehensive database cataloging over

[00:00:41] [SPEAKER_00]: 700 unique risks associated with AI systems, consolidating information from 43 existing

[00:00:48] [SPEAKER_00]: taxonomies.

[00:00:49] [SPEAKER_00]: This resource aims to assist organizations in assessing and mitigating AI risks through

[00:00:55] [SPEAKER_00]: a structured classification system based on causes and domains.

[00:01:01] [SPEAKER_00]: The repository is publicly available and will be regularly updated, serving as a valuable

[00:01:05] [SPEAKER_00]: tool for both enterprises and researchers in navigating the evolving landscape of

[00:01:10] [SPEAKER_00]: AI risks.

[00:01:12] [SPEAKER_00]: Google's AI overviews and search results have significantly decreased, with only

[00:01:18] [SPEAKER_00]: 7.7% of searches producing an AI response in July, down from 64% in February.

[00:01:27] [SPEAKER_00]: The average length of these summaries has also dropped by nearly 40%.

[00:01:31] [SPEAKER_00]: The company is scaling back the feature due to user complaints about odd and incorrect

[00:01:36] [SPEAKER_00]: answers and is refining its implementation to improve quality.

[00:01:40] [SPEAKER_00]: Despite the decline, some niche topics, particularly relationships, still see a higher

[00:01:46] [SPEAKER_00]: occurrence of AI overviews.

[00:01:49] [SPEAKER_00]: And I have to cover this one.

[00:01:51] [SPEAKER_00]: Dashlane's inaugural Passkey report highlights the rapid adoption of passkeys as a

[00:01:57] [SPEAKER_00]: password replacement, driven primarily by consumer demand in e-commerce, finance

[00:02:02] [SPEAKER_00]: and social media apps.

[00:02:04] [SPEAKER_00]: Key findings include that passkeys enhance security and user experience with a 400%

[00:02:10] [SPEAKER_00]: increase in monthly passkey authentications since early 2024.

[00:02:16] [SPEAKER_00]: Amazon is leading the charge at 89% growth.

[00:02:19] [SPEAKER_00]: Other notable sites include Target, Moneybird, eBay and Adobe.

[00:02:25] [SPEAKER_00]: Passkey usage is strongest among eBay users at 13.8%.

[00:02:30] [SPEAKER_00]: Now why do we care?

[00:02:32] [SPEAKER_00]: It's easy to have large growth numbers when you start small.

[00:02:35] [SPEAKER_00]: This is a significant set of movement and it's happening in the consumer world.

[00:02:40] [SPEAKER_00]: This should be a natural fit for SMB.

[00:02:44] [SPEAKER_00]: As I consider security in products, two key questions should now be asked of vendors

[00:02:49] [SPEAKER_00]: in addition to your regular ones.

[00:02:52] [SPEAKER_00]: Have you assigned SysSys Secure by Design pledge and have you implemented passkeys?

[00:02:58] [SPEAKER_00]: Google got ahead of themselves at the launch of AI overviews.

[00:03:01] [SPEAKER_00]: It's critically important to release products that work and MIT's resource gives you

[00:03:06] [SPEAKER_00]: an ability to make assessments on your own projects so you don't end up with a black

[00:03:10] [SPEAKER_00]: eye like Google did.

[00:03:17] [SPEAKER_00]: Did you know tickets date back to the 1800s?

[00:03:21] [SPEAKER_00]: And customers hate tickets.

[00:03:23] [SPEAKER_00]: Thread uses an approach for connecting, communicating and ultimately collaborating.

[00:03:28] [SPEAKER_00]: Thread allows people to come together around a topic.

[00:03:32] [SPEAKER_00]: They can discuss and make decisions.

[00:03:33] [SPEAKER_00]: They can share and invite the right people.

[00:03:36] [SPEAKER_00]: The future of service is collaborative.

[00:03:39] [SPEAKER_00]: Supercharge your service experience by seamlessly integrating AI and automation to meet your

[00:03:44] [SPEAKER_00]: customers where they are – in Teams, Slack and Desktops, not in tickets.

[00:03:49] [SPEAKER_00]: With instant updates to and from ConnectWise, AutoTask and Halo PSA, keep all communication

[00:03:55] [SPEAKER_00]: in one place – where it should be – with people.

[00:03:59] [SPEAKER_00]: Decrease time to resolution 30% with chat-based support by visiting getthread.com slash MSP

[00:04:07] [SPEAKER_00]: radio to declare death to the ticket.

[00:04:12] [SPEAKER_00]: Jenny Sterly, director of CISA, stated it's too early to determine the impact

[00:04:16] [SPEAKER_00]: of a recent Supreme Court ruling on the agency's new cyber incident reporting rule

[00:04:21] [SPEAKER_00]: under CERCXIA.

[00:04:23] [SPEAKER_00]: The ruling overturned the Chevron doctrine raising concerns about potential lawsuits

[00:04:27] [SPEAKER_00]: against federal regulations.

[00:04:30] [SPEAKER_00]: CISA is currently analyzing the implications of the ruling and aims to finalize the CERCXIA

[00:04:35] [SPEAKER_00]: rule by later next year, hoping organizations will view it as beneficial for improving

[00:04:41] [SPEAKER_00]: cybersecurity rather than a strict regulation.

[00:04:45] [SPEAKER_00]: The White House is developing a cyber insurance policy proposal for catastrophic incidents,

[00:04:51] [SPEAKER_00]: collaborating with the Department of Treasury and with CISA.

[00:04:55] [SPEAKER_00]: National Cyber Director Harry Coger Jr. emphasized the need for a policy that manages risk, not

[00:05:01] [SPEAKER_00]: avoids it and aims to stabilize insurance markets to enhance cybersecurity practices.

[00:05:07] [SPEAKER_00]: The proposal, expected by year end, will address gaps in the insurance market's

[00:05:12] [SPEAKER_00]: response to catastrophic cyber events and seek input from various shareholders.

[00:05:17] [SPEAKER_00]: And from NextGov, congressional agencies are making progress in adopting artificial

[00:05:21] [SPEAKER_00]: intelligence tools guided by voluntary federal recommendations.

[00:05:25] [SPEAKER_00]: A report from the House Administration Committee highlights the identification of AI use cases

[00:05:30] [SPEAKER_00]: and the establishment of guardrails focusing on human oversight, policy clarity, testing,

[00:05:36] [SPEAKER_00]: transparency and education.

[00:05:38] [SPEAKER_00]: Agencies like the U.S. Capitol Police and the Smithsonian are utilizing the NIST

[00:05:43] [SPEAKER_00]: AI Risk Management Framework to develop their strategies with the Smithsonian forming

[00:05:48] [SPEAKER_00]: a working group for AI policy development and the architect of the capital planning

[00:05:52] [SPEAKER_00]: to appoint a chief AI officer.

[00:05:56] [SPEAKER_00]: The FCC has launched a three-year cybersecurity pilot program for schools and libraries,

[00:06:01] [SPEAKER_00]: providing up to $200 million in funding to enhance their cybersecurity measures

[00:06:05] [SPEAKER_00]: against increasing cyber attacks.

[00:06:09] [SPEAKER_00]: Applications will open on August 29th, and the program aims to help institutions

[00:06:13] [SPEAKER_00]: protect their broadband networks and sensitive data.

[00:06:17] [SPEAKER_00]: This initiative is separate from the existing E-Rate program and addresses the rising threat

[00:06:22] [SPEAKER_00]: of ransomware and other cyber attacks targeting educational institutions.

[00:06:28] [SPEAKER_00]: Why do we care?

[00:06:30] [SPEAKER_00]: How much authority will CISA have in the future may be an open question, although

[00:06:34] [SPEAKER_00]: he surely notes in the interview that their guidance may be different.

[00:06:37] [SPEAKER_00]: Considering how uneven the cyber insurance market has been, establishing a base policy

[00:06:41] [SPEAKER_00]: for catastrophes may be a solid step forward.

[00:06:44] [SPEAKER_00]: But if you work with schools or libraries, there's a new program to consider for your customers.

[00:06:52] [SPEAKER_00]: Here's a… not breach?

[00:06:55] [SPEAKER_00]: SOCradar responded to claims by a threat actor alleging the scraping of 330 million emails,

[00:07:01] [SPEAKER_00]: confirming that their internal systems were not breached.

[00:07:04] [SPEAKER_00]: The actor accessed the platform using a legitimate license collecting publicly available

[00:07:10] [SPEAKER_00]: from telegram channels without exploiting any vulnerabilities.

[00:07:15] [SPEAKER_00]: SOCradar has found no risk to customer data and is enhancing security measures

[00:07:20] [SPEAKER_00]: while maintaining communication with law enforcement.

[00:07:22] [SPEAKER_00]: They're committed to client security and will provide updates as necessary.

[00:07:27] [SPEAKER_00]: A security research revealed at Black Hat 2024 that two zero-day vulnerabilities in

[00:07:33] [SPEAKER_00]: Windows allow downgrade attacks, enabling attackers to unpatch fully updated systems

[00:07:39] [SPEAKER_00]: and reintroduce old vulnerabilities.

[00:07:42] [SPEAKER_00]: Microsoft has issued advisories for these vulnerabilities but has not yet released a fix.

[00:07:48] [SPEAKER_00]: The downgrade attacks can compromise critical OS components and disable Windows virtualization

[00:07:53] [SPEAKER_00]: based security, making previously patched systems susceptible to exploitation.

[00:07:59] [SPEAKER_00]: Microsoft is working on mitigations but acknowledges the significant

[00:08:02] [SPEAKER_00]: implications for Windows and other operating systems.

[00:08:06] [SPEAKER_00]: Other highlights from DEFCON and Black Hat included the hacking of EVOVAC robots for

[00:08:11] [SPEAKER_00]: surveillance, a security researcher's infiltration of the Lockbit ransomware gang,

[00:08:16] [SPEAKER_00]: the development of a laser microphone for keystroke surveillance,

[00:08:20] [SPEAKER_00]: and a prompt injection technique that exploits Microsoft Co-Pilot.

[00:08:25] [SPEAKER_00]: Additionally, vulnerabilities in ransomware leak sites helped save

[00:08:29] [SPEAKER_00]: six companies from ransom payments.

[00:08:32] [SPEAKER_00]: Why do we care?

[00:08:34] [SPEAKER_00]: SOCradar's answer is certainly something.

[00:08:38] [SPEAKER_00]: Not a breach and using the product legitimately,

[00:08:41] [SPEAKER_00]: email addresses were collected and they're enhancing security.

[00:08:45] [SPEAKER_00]: Huh.

[00:08:46] [SPEAKER_00]: I'm thankful for ethical security researchers spending time on making infrastructure safer.

[00:08:54] [SPEAKER_00]: Synchro has launched its AI-powered smart ticket management solution for managed

[00:08:59] [SPEAKER_00]: and IT operations, designed to enhance efficiency and ticket resolution.

[00:09:04] [SPEAKER_00]: Key features include automatic ticket classification,

[00:09:07] [SPEAKER_00]: guided resolution steps, and a smart ticket search utilizing natural language processing.

[00:09:13] [SPEAKER_00]: The solution aims to bridge the skills gap among technicians and streamline workflows,

[00:09:18] [SPEAKER_00]: reflecting Synchro's commitment to innovation in IT management.

[00:09:22] [SPEAKER_00]: And SAS Alerts has integrated Microsoft Defender for Endpoint

[00:09:25] [SPEAKER_00]: into its security platform for MSPs, allowing for centralized monitoring of

[00:09:30] [SPEAKER_00]: Microsoft 365 applications and endpoint security.

[00:09:33] [SPEAKER_00]: Key features include PSA ticketing, centralized alerting,

[00:09:37] [SPEAKER_00]: and customizable automation rules for threat response.

[00:09:40] [SPEAKER_00]: The support from Microsoft Defender will be available in August as part

[00:09:43] [SPEAKER_00]: of the standard subscription which includes a free 14-day trial.

[00:09:49] [SPEAKER_00]: Why do we care?

[00:09:50] [SPEAKER_00]: The application of AI-to-ticket resolution makes a lot of sense to me in this context.

[00:09:55] [SPEAKER_00]: Classification, providing insights on resolution, and helping find information

[00:09:59] [SPEAKER_00]: is exactly the right kind of application of AI.

[00:10:03] [SPEAKER_00]: This isn't having the machine solve the problem for a technician,

[00:10:06] [SPEAKER_00]: it's about helping the technician get to solution faster.

[00:10:12] [SPEAKER_00]: Today's episode is supported by CoreView.

[00:10:15] [SPEAKER_00]: Your customers need your Microsoft 365 expertise

[00:10:18] [SPEAKER_00]: and CoreView has the only M365 management platform designed for MSPs.

[00:10:24] [SPEAKER_00]: Manage hundreds of tenants, automate manual tasks and monitor compliance,

[00:10:29] [SPEAKER_00]: all while intelligently comparing to the baseline.

[00:10:31] [SPEAKER_00]: With a no-code control approach, CoreView revolutionizes your Microsoft 365 administration.

[00:10:38] [SPEAKER_00]: This powerful platform enables automatic reporting and remediation,

[00:10:42] [SPEAKER_00]: ensuring optimal performance and security.

[00:10:45] [SPEAKER_00]: The best part?

[00:10:46] [SPEAKER_00]: You achieve this high level of service without the need for a large workforce,

[00:10:50] [SPEAKER_00]: allowing you to focus on growing your business through efficiency.

[00:10:54] [SPEAKER_00]: Want to know more?

[00:10:56] [SPEAKER_00]: Visit coreview.com slash msp and find out more.

[00:11:02] [SPEAKER_00]: Thanks for listening, it's National Financial Awareness Day

[00:11:05] [SPEAKER_00]: and it's also National Creamsicle Day.

[00:11:07] [SPEAKER_00]: So get on top of your finances and reward yourself with a creamsicle.

[00:11:11] [SPEAKER_00]: Have a question you want answered?

[00:11:12] [SPEAKER_00]: I take those list or questions, send them in at question at mspradio.com.

[00:11:17] [SPEAKER_00]: I answer list or questions live each week on the live show.

[00:11:21] [SPEAKER_00]: This week it's on Thursday, next week Wednesday.

[00:11:24] [SPEAKER_00]: 3pm Eastern, YouTube and LinkedIn.

[00:11:27] [SPEAKER_00]: And if you got a comment or thought on a story,

[00:11:28] [SPEAKER_00]: put it in the comments if you're on YouTube or reach out on LinkedIn

[00:11:31] [SPEAKER_00]: if you're listening to the podcast.

[00:11:33] [SPEAKER_00]: Talk to you again tomorrow.

[00:11:36] [SPEAKER_00]: The Business of Tech is written and produced by me,

[00:11:39] [SPEAKER_00]: Dave Sobel under Ethics Guidelines, posted at businessof.tech.

[00:11:44] [SPEAKER_00]: If you like the content, please make sure to hit that like button, follow or subscribe.

[00:11:49] [SPEAKER_00]: It's free and easy and the best way to support the show

[00:11:52] [SPEAKER_00]: and help us grow.

[00:11:54] [SPEAKER_00]: You can also check out our Patreon where you can join the Business of Tech community

[00:11:58] [SPEAKER_00]: at patreon.com slash mspradio or buy our Why Do We Care merch at businessof.tech.

[00:12:07] [SPEAKER_00]: Finally, if you're interested in advertising on this show,

[00:12:10] [SPEAKER_00]: visit mspradio.com slash engage.

[00:12:14] [SPEAKER_00]: Once again, thanks for listening to me

[00:12:16] [SPEAKER_00]: and I'll talk to you again on our next episode of the Business of Tech.