N Korean IT Hires, Crowdstrike Testimony, AI Compliance, and Mobile Voting

[00:00:00] [SPEAKER_00]: We're brought to you by Factor. Warmer, sunnier days are calling. Fuel up with them with factors. No prep, no mess meals.

[00:00:06] [SPEAKER_00]: Meet your wellness goals in time for summer thanks to the menu of chefcrafted meals

[00:00:10] [SPEAKER_00]: with options like calorie smart, protein plus, and Kato. Factor freshest, never frozen meals

[00:00:16] [SPEAKER_00]: are dietitian improved and ready to eat in just two minutes. So no matter how busy you are,

[00:00:21] [SPEAKER_00]: you'll always have time to enjoy nutritious, great tasting meals. Make today the day you

[00:00:26] [SPEAKER_00]: kickstart a new healthy routine. What are you waiting for? With 35 different meals and more of these 60

[00:00:31] [SPEAKER_00]: add-ons to choose from with every week, you'll always have new flavors to explore. Crush your

[00:00:37] [SPEAKER_00]: wellness goals this month with dietitian approved meals and ingredients that you can trust.

[00:00:41] [SPEAKER_00]: Head to factormeals.com slash tcfe50 and use the promo code TCFE50 to get 50% off your first box

[00:00:49] [SPEAKER_00]: plus 20% off your next month. Once again, that's promo code TCFE50 at factormeals.com slash TCFE50

[00:00:58] [SPEAKER_00]: to get 50% off your first box plus 20% off your next month while your subscription is still active.

[00:01:07] [SPEAKER_01]: It's Friday, September 27th, 2024 and I'm Dave Solp, four things to know today. Fortune 100

[00:01:13] [SPEAKER_01]: firms unknowingly hire North Korean workers exposing critical gaps in cybersecurity

[00:01:18] [SPEAKER_01]: hiring practices. Perfect storm or negligence. Crowdstrike's outage highlights the potential

[00:01:24] [SPEAKER_01]: shift in cyber liability as they testify before Congress. If your AI does the crime, you'll do

[00:01:31] [SPEAKER_01]: the time, the DOJ's new compliance guidelines targeting AI risks and from mobile voting to AI

[00:01:38] [SPEAKER_01]: ROI. Big idea is driving technology, security and trust. This is the business of tech. Remember

[00:01:47] [SPEAKER_01]: me covering know before hiring a North Korean remotely? Turns out they aren't alone. In a report

[00:01:53] [SPEAKER_01]: by Mandian, dozens of Fortune 100 companies have unknowingly hired North Korean IT workers using

[00:02:00] [SPEAKER_01]: fake identities. Often based in China or Russia, these workers gain access to sensitive systems,

[00:02:06] [SPEAKER_01]: raising concerns about cyber attacks. The report highlights the need for companies to

[00:02:11] [SPEAKER_01]: implement stricter hiring practices including thorough background checks and verification

[00:02:16] [SPEAKER_01]: of identities. U.S. law enforcement has initiated actions against those facilitating this scheme,

[00:02:23] [SPEAKER_01]: which has reportedly generated significant revenue for the North Korean regime.

[00:02:28] [SPEAKER_01]: Conversely, over the past year, over half of organizations have faced cyber threats,

[00:02:33] [SPEAKER_01]: with 37% of surveyed IT and cybersecurity professionals reporting job losses due to

[00:02:39] [SPEAKER_01]: cyber attacks. Larger companies are significantly more affected and these incidents contribute

[00:02:44] [SPEAKER_01]: to both direct dismissals and broader layoffs. Enables data indicates a 56% increase in disaster

[00:02:52] [SPEAKER_01]: recovery events from Microsoft 365 domains in 2024 alongside a rise in backups among partners

[00:03:00] [SPEAKER_01]: to enhance ransomware resilience. The report highlights over 3400 cyber alerts in the first

[00:03:06] [SPEAKER_01]: half of 2024, emphasizing the growing threat landscape. Managed service providers increasingly

[00:03:12] [SPEAKER_01]: focus on backup services with a 46% increase in protected Microsoft 365 users and a significant

[00:03:19] [SPEAKER_01]: rise in data backed up, underscoring the critical need for robust data protection strategies.

[00:03:26] [SPEAKER_01]: Why do we care? These insights highlight the critical importance of viewing cybersecurity

[00:03:31] [SPEAKER_01]: through a holistic lens, addressing not just the technical aspects but the human,

[00:03:36] [SPEAKER_01]: organizational and strategic factors that underpin true resilience. For IT service providers,

[00:03:43] [SPEAKER_01]: this includes offering tools and services that support companies in vetting remote workers,

[00:03:48] [SPEAKER_01]: particularly those in sensitive IT roles. This could involve partnerships with identity

[00:03:54] [SPEAKER_01]: verification services or developing in-house solutions that integrate directly with HR systems.

[00:04:01] [SPEAKER_01]: And beyond technical solutions, companies need guidance on organizational resilience.

[00:04:07] [SPEAKER_01]: This involves incident response planning, training programs and the integration of AI-driven

[00:04:12] [SPEAKER_01]: risk assessment tools that help identify weak points in both technology and personnel structures.

[00:04:20] [SPEAKER_01]: CrowdStrike was in front of Congress this week. While CEO George Kurtz declined to participate,

[00:04:25] [SPEAKER_01]: CrowdStrike's senior vice president, Adam Myers, testified before lawmakers instead.

[00:04:31] [SPEAKER_01]: Myers explained during the hearing that a perfect storm of issues led to the incident,

[00:04:36] [SPEAKER_01]: stemming from a mismatch in update parameters. CrowdStrike has since implemented new safeguards

[00:04:42] [SPEAKER_01]: and committed $60 million in customer credits, while lawmakers demanded accountability for

[00:04:47] [SPEAKER_01]: the outages' impact on consumers. The company emphasized that an outage was not

[00:04:52] [SPEAKER_01]: due to a cyber attack and updated its testing processes to prevent future occurrences.

[00:04:58] [SPEAKER_01]: lawmakers emphasized the need for accountability and cybersecurity and discussed potential

[00:05:03] [SPEAKER_01]: legal reforms to hold software providers liable for negligence.

[00:05:08] [SPEAKER_01]: Jenni Sturley, director of the Cybersecurity and Infrastructure Security Agency,

[00:05:12] [SPEAKER_01]: said in an interview that she's been speaking to members of the Homeland Security Committee

[00:05:16] [SPEAKER_01]: and others about a plan that would permit lawsuits to hold software providers legally

[00:05:22] [SPEAKER_01]: liable for gross negligence, supplemented by significant safe harbor provisions that would

[00:05:29] [SPEAKER_01]: exempt companies following good practices. Why do we care? The scrutiny on CrowdStrike

[00:05:36] [SPEAKER_01]: and the broader discussions about holding software providers legally liable for negligence

[00:05:41] [SPEAKER_01]: reflects a pivotal moment in the cybersecurity landscape. The message is clear,

[00:05:46] [SPEAKER_01]: accountability and transparency are no longer optional. Here's the other insight. This isn't

[00:05:52] [SPEAKER_01]: a security incident. There's no attacker to blame. This is all CrowdStrike and it might just mean

[00:05:59] [SPEAKER_01]: an actual change to liability. And speaking of regulation, the U.S. Department of Justice

[00:06:07] [SPEAKER_01]: has updated its evaluation of corporate compliance program guidelines to include the use of AI,

[00:06:14] [SPEAKER_01]: emphasizing that companies must assess AI's potential for harm and include and ensure compliance

[00:06:21] [SPEAKER_01]: with criminal laws. Compliance officers are now expected to address questions regarding AI's

[00:06:27] [SPEAKER_01]: impact on legal compliance and mitigate risks associated with its use. Companies will be held

[00:06:33] [SPEAKER_01]: accountable for any illegal actions facilitated by AI, highlighting the need for proactive monitoring

[00:06:39] [SPEAKER_01]: and risk management in their compliance programs. The National Institute of Standards and Technology

[00:06:45] [SPEAKER_01]: is proposing new cybersecurity guidelines focusing on identity proofing and fraud detection

[00:06:51] [SPEAKER_01]: or credential service providers. Key updates include expanded identity verification methods,

[00:06:57] [SPEAKER_01]: continuous monitoring and AI and machine learning transparency requirements to mitigate bias.

[00:07:03] [SPEAKER_01]: The guidelines aim to enhance security against investigated cyber threats,

[00:07:08] [SPEAKER_01]: particularly in government systems, and organizations are encouraged to adopt AI

[00:07:12] [SPEAKER_01]: governance programs to comply with these standards. CISA warns of ongoing cyber threats

[00:07:18] [SPEAKER_01]: to U.S. water systems following a cybersecurity incident in Arkansas City, Kansas, which forced

[00:07:24] [SPEAKER_01]: to switch to manual operations. The agency emphasizes the vulnerability of operational

[00:07:29] [SPEAKER_01]: technology and industrial control systems urging water system operators to implement

[00:07:34] [SPEAKER_01]: security recommendations. Water industry groups last year partnered with Republican lawmakers

[00:07:39] [SPEAKER_01]: to stop federal efforts to protect water systems, despite significant increases in the number of

[00:07:45] [SPEAKER_01]: ransomware attacks and nation-state intrusions. The EU's AI pact has over 100 signatories,

[00:07:53] [SPEAKER_01]: including Amazon, Google Microsoft and OpenAI. It aims to foster voluntary commitments to

[00:07:59] [SPEAKER_01]: AI governance and compliance with the AI Act. Apple and Meta are absent, with Meta focusing

[00:08:05] [SPEAKER_01]: on the AI Act itself. The pact encourages companies to adopt AI strategies, identify

[00:08:12] [SPEAKER_01]: high-risk systems and promote AI literacy. Penalties for non-compliance with the AI

[00:08:17] [SPEAKER_01]: Act can be significant, prompting companies to consider their participation carefully.

[00:08:22] [SPEAKER_01]: I'll note Axios covered how Apple faces significant challenges in complying with the

[00:08:27] [SPEAKER_01]: EU's new digital antitrust rules, specifically regarding interoperability for its iPhone and iPad

[00:08:33] [SPEAKER_01]: operating systems. The European Commission has initiated proceedings to enforce these

[00:08:38] [SPEAKER_01]: requirements under the Digital Markets Act, giving Apple six months to adapt or risk fines.

[00:08:44] [SPEAKER_01]: While Apple has made minor adjustments, such as easing app store restrictions,

[00:08:48] [SPEAKER_01]: these changes are seen as insufficient, raising concerns about the company's ability

[00:08:53] [SPEAKER_01]: to operate in the EU. Why do we care? The headline was great, if your AI does the crime,

[00:09:00] [SPEAKER_01]: you'll do the time. The DOJ's updated guidelines, NIST cybersecurity proposals,

[00:09:05] [SPEAKER_01]: and the EU's AI Act all emphasize the need for enhanced compliance frameworks.

[00:09:13] [SPEAKER_01]: Lots of big ideas this week. This one made me ponder security and authentication. In

[00:09:22] [SPEAKER_01]: the past, the EU has been a big advocate for mobile voting to enhance democratic participation,

[00:09:27] [SPEAKER_01]: arguing it could increase voter turnout and reduce political polarization.

[00:09:32] [SPEAKER_01]: While critics raise concerns about security and privacy, TOSC highlights successful pilot

[00:09:37] [SPEAKER_01]: programs that improved turnout and maintained election integrity. He envisions mobile

[00:09:42] [SPEAKER_01]: voting becoming more widespread by next year or 2026, suggesting it should complement

[00:09:48] [SPEAKER_01]: existing voting methods rather than replace them.

[00:09:52] [SPEAKER_01]: Over in Forbes, Mihara Shuka writes about getting ROI on AI.

[00:09:58] [SPEAKER_01]: To achieve ROI from AI, organizations must break down enterprise silos and adopt

[00:10:03] [SPEAKER_01]: integrated systems that enhance collaboration and data sharing. This involves establishing

[00:10:09] [SPEAKER_01]: clear data ownership protocols, forming cross-functional teams, setting common goals,

[00:10:14] [SPEAKER_01]: and embracing change management principles to ensure a cohesive transformation.

[00:10:19] [SPEAKER_01]: Without this approach, investments in AI may yield minimal productivity returns

[00:10:23] [SPEAKER_01]: similar to past technology adoptions.

[00:10:26] [SPEAKER_01]: And I considered this one in legislation, but it hasn't happened yet.

[00:10:30] [SPEAKER_01]: The DeepView looks at the content authenticity initiative led by Adobe,

[00:10:36] [SPEAKER_01]: aimed at ensuring the authenticity of AI-generated content that highlights

[00:10:41] [SPEAKER_01]: the challenges posed by deep fakes and the need for transparency and digital content.

[00:10:45] [SPEAKER_01]: The initiative includes the Coalition for Content Providence and Authenticity,

[00:10:51] [SPEAKER_01]: which seeks to establish standards for content origin and history.

[00:10:55] [SPEAKER_01]: Despite the vulnerabilities of watermarking, the initiative combines secure metadata,

[00:11:00] [SPEAKER_01]: watermarking, and fingerprinting to enhance content security.

[00:11:04] [SPEAKER_01]: I like unexpected outcomes. CNN looks at self-service kiosks at McDonald's and other

[00:11:11] [SPEAKER_01]: fast-food chains, which were initially feared as job killers but have instead increased

[00:11:17] [SPEAKER_01]: kitchen staff workload and encouraged customers to order more. While kiosks aim to enhance sales

[00:11:25] [SPEAKER_01]: and service speed, they've led to complexities in restaurant operations and have not universally

[00:11:30] [SPEAKER_01]: improved efficiency. Some locations have seen kiosks underutilized and their implementation

[00:11:36] [SPEAKER_01]: has not resulted in significant job losses as roles have shifted rather than diminished.

[00:11:42] [SPEAKER_01]: The impact of kiosks mirrors that of other self-service technologies

[00:11:46] [SPEAKER_01]: suggesting a need for better communications about their benefits to both customers and employees.

[00:11:53] [SPEAKER_01]: I wanted to ensure I highlighted Sam Altman's post this week titled,

[00:11:57] [SPEAKER_01]: The Intelligence Age. He anticipates a leap forward in prosperity,

[00:12:01] [SPEAKER_01]: significantly accelerated over a few thousand days to superintelligence.

[00:12:08] [SPEAKER_01]: Why do we care? Well, this is all designed to give you something to think about over the weekend.

[00:12:14] [SPEAKER_01]: I look forward to hearing your feedback.

[00:12:18] [SPEAKER_01]: Looking to reach an audience of thousands of MSPs and IT service providers?

[00:12:23] [SPEAKER_01]: Put your ad right here on the business of tech and be on the show that 64% of MSPs report

[00:12:29] [SPEAKER_01]: having listened to. A recurring top 50 tech news podcast, there are affordable options for you

[00:12:36] [SPEAKER_01]: to reach our audience and we can support any budget. Podcast listeners are more engaged,

[00:12:42] [SPEAKER_01]: have a higher level of brand retention and are more willing to listen to ads here

[00:12:47] [SPEAKER_01]: than any other avenues. Want to know more? There's information at mspradio.com

[00:12:54] [SPEAKER_01]: slash engage, including a button to book a time to talk. I'm looking forward to that discussion.

[00:13:02] [SPEAKER_01]: Thanks for listening today, National Chocolate Milk Day and National Corn Beef Hatch Day.

[00:13:08] [SPEAKER_01]: I'll be doing two live broadcasts as part of the SMB Tech Fest on October 17th and 18th,

[00:13:15] [SPEAKER_01]: so make sure to sign up and join the event. smbtechfest.com slash go slash sobel link

[00:13:22] [SPEAKER_01]: in the show notes. This weekend, in the podcast feed, I'll drop the live show with Howard Cohen

[00:13:27] [SPEAKER_01]: and we got into citizen AI, being an IT tool Smith and the post verticalization world.

[00:13:35] [SPEAKER_01]: This weekend, you'll also get my interview with Eric O'Neill, famous for his key role in

[00:13:40] [SPEAKER_01]: apprehending spy Robert Hansen and what espionage teaches us about cybersecurity.

[00:13:46] [SPEAKER_01]: If you've got a comment or a thought on a story, put it in the comments if you're on

[00:13:49] [SPEAKER_01]: YouTube or reach out on LinkedIn if you're listening to the podcast. Enjoy your weekend.

[00:13:54] [SPEAKER_01]: I'll talk to you again on Monday.

[00:14:42] [SPEAKER_00]: Part of the MSP radio network.

[00:14:50] [SPEAKER_01]: You need to be sharp to run your business, particularly on the long days.

[00:14:54] [SPEAKER_01]: Fuel up for those days with factors no prep, no mess meals. Meet your wellness goals thanks to the

[00:14:59] [SPEAKER_01]: menu of chefcrafted meals with options like calorie smart, protein plus and keto. Factors

[00:15:06] [SPEAKER_01]: fresh, never frozen meals are dietitian approved and ready to eat in just two minutes. So no

[00:15:12] [SPEAKER_01]: matter how busy you are, you'll always have time to enjoy nutritious, great tasting meals.

[00:15:16] [SPEAKER_01]: Make today the day you kickstart a new healthy routine with 35 different meals and more than

[00:15:23] [SPEAKER_01]: 60 add-ons to choose from every week. You'll always have new flavors to explore.

[00:15:29] [SPEAKER_01]: Head to factormeals.com slash MSP radio 50 and use code MSP radio 50 to get 50% off your first

[00:15:39] [SPEAKER_01]: box plus 20% off your next month. That's code MSP radio 50 at factormeals.com slash MSP radio 50

[00:15:49] [SPEAKER_01]: to get 50% off your first box plus 20% off your next month while your subscription is active.