NIST Vulnerability Processing, Live Nation Breach, Open Data Formats, Cybersecurity Gender Disparity

[00:00:02] It's Tuesday, June 4th, 2024, and I'm Dave Sobel. Four things to know today.

[00:00:07] NIST accelerates the vulnerability processing as ACP closure threatens internet access for

[00:00:13] millions. The Live Nation breach highlights growing cybersecurity concerns as 83% of

[00:00:19] firms plan budget increases. Open formats transform the data industry. Snowflake,

[00:00:25] Databricks, and the future of cloud services. And CompTIA data highlights cybersecurity gender

[00:00:31] disparity strategies for recruitment and retention. This is the Business of Tech.

[00:00:39] The National Institute of Standards and Technology has awarded a new contract to an outside vendor

[00:00:44] to help process software and hardware bugs in the National Vulnerability Database. The contract aims

[00:00:50] to clear the backlog of unanalyzed vulnerabilities by the end of the fiscal year. NIST is confident

[00:00:56] that the additional support will allow them to return to their previous processing rates.

[00:01:02] The U.S. government has announced the closure of the Affordable Connectivity Program,

[00:01:06] which provided low-income Americans with internet service subsidies. The program's

[00:01:11] closure, due to lack of funding, threatens to impact nearly 60 million Americans.

[00:01:15] The ACP officially ended on June 1st, leaving many households in financial distress. Efforts

[00:01:22] to extend the program through bipartisan legislation have stalled, and President Biden

[00:01:26] has called on Congress to pass legislation to restore funding. The U.S. Justice Department

[00:01:32] and international partners have dismantled the 911S5 proxy botnet, arresting its administrator

[00:01:39] Yun-He Wang in Singapore. The botnet, believed to be the world's largest, used malicious VPN

[00:01:45] applications to infect millions of residential Windows computers and conducted various cyber

[00:01:50] crimes. Wang collected approximately $99 million by selling access to the compromised device's IP

[00:01:57] addresses. The criminal network was involved in activities such as cyber attacks, fraud,

[00:02:03] child exploitation, and more. The Justice Department has also seized multiple domains

[00:02:08] associated with the botnet and imposed sanctions on Wang and other individuals involved.

[00:02:14] Why do we care? We care to see NIST delivering on its promises, so this is good news,

[00:02:20] coupled with bad news for extending the reach of internet services.

[00:02:23] Those investments do pay off. Another botnet is taken down.

[00:02:29] In less good news, Ticketmaster's parent company Live Nation has confirmed a data breach that

[00:02:35] exposed the personal information of 560 million customers. The breach, advertised on hacking

[00:02:41] forums, included names, email addresses, phone numbers, and credit card details. Live Nation

[00:02:46] is working to mitigate the risk and has notified law enforcement and regulatory authorities.

[00:02:51] The company believes the breach will not materially impact its business operations.

[00:02:57] They aren't alone, of course. Almost all organizations have experienced repercussions

[00:03:01] from cyber incidents, per new findings in Connectwise Research's latest report, with 83%

[00:03:08] planning to increase their cybersecurity budgets by an average of 19% over the next year. Additionally,

[00:03:14] 32% of organizations plan to use AI and other technologies to enhance operational efficiency

[00:03:19] and competitiveness. The research also reveals that 94% of small and medium-sized businesses

[00:03:25] have experienced at least one cyber attack, a significant increase from 64% in 2019.

[00:03:32] Furthermore, 76% of small businesses lack the in-house skills to address security issues properly,

[00:03:39] increasing the demand for managed services providers. Why do we care? Ticketmaster believes

[00:03:46] there will be no impact to their business. That's notable. The obvious advice is to consider their

[00:03:52] investment, right? But with no impact, why should they? So I wanted to pair this data because while

[00:03:58] I do believe in investing to avoid disruption, I also pair that with noting that these investments

[00:04:03] must be paired with the risk properly. No impact to business by a breach? That's one point.

[00:04:12] I also want to highlight some reporting in runtime. Open storage formats have disrupted

[00:04:18] the rivalry between Snowflake and Databricks, creating a new battleground in the data industry.

[00:04:24] Enterprises are adopting open source table formats, allowing data to be stored in low-cost

[00:04:30] services like AWS S3 and processed by various tools. Snowflake and Databricks have converged

[00:04:37] on open formats like Data Lake and Iceberg, with Iceberg emerging as the leading choice.

[00:04:43] Microsoft and Google are betting on services that work with any format, potentially calming a

[00:04:48] standards war. The decoupling of storage from computing engines driven by the rise of open

[00:04:54] formats is reshaping the landscape. Security and governance remain key challenges in the adoption

[00:05:00] of open formats. Why do we care? I've talked about data management as a service on the show,

[00:05:07] and this leads to the obvious statement. When selecting cloud services, consider those that

[00:05:13] offer support for multiple storage formats and ensures future proofing and provides the

[00:05:18] flexibility to adapt as industry standards evolve. For those not familiar, this article is a good

[00:05:24] set of information to start with. I also wanted to highlight some reporting by Rich Freeman in

[00:05:31] Channelholic. According to recent data from CompTIA, the cybersecurity workforce is currently only 20

[00:05:37] to 25 percent female, highlighting the gender disparity in the field. Factors contributing to

[00:05:43] this include unconscious bias, self-perpetuating networks, and a lack of female role models.

[00:05:50] Suggestions for addressing this issue include countering stereotypes, hiring from within,

[00:05:54] casting a wider net for recruitment, emphasizing retention and advancement,

[00:05:58] and promoting membership and support. Despite the challenges, progress has been made,

[00:06:03] and it's expected that women will account for 30 percent of the global security workforce by 2025.

[00:06:11] Why do we care? There are actionable statements there. Conduct regular unconscious bias training

[00:06:17] for hiring managers and teams to raise awareness and reduce the impact of biases in recruitment and

[00:06:23] promotion decisions. Encourage and support women within the organization to pursue cybersecurity

[00:06:29] roles through training programs, certification, and career development opportunities. Actively

[00:06:35] seek out candidates from non-traditional backgrounds, including educational institutions

[00:06:40] and career transition programs, to diversify your talent pool. Create policies and programs that

[00:06:46] support work-life balance, professional development, and career progression for women

[00:06:50] in cybersecurity roles. And set up mentorship programs that connect female cybersecurity

[00:06:55] professionals with experienced mentors to provide guidance, support, and career advice.

[00:07:03] Today's episode is supported by CoreVue. Your customers need your Microsoft 365 expertise,

[00:07:09] and CoreVue has the only M365 management platform designed for MSPs. Manage hundreds of tenants,

[00:07:17] automate manual tasks, and monitor compliance, all while intelligently comparing to the baseline.

[00:07:22] With a no-code control approach, CoreVue revolutionizes your Microsoft 365 administration.

[00:07:28] This powerful platform enables automatic reporting and remediation, ensuring optimal performance

[00:07:34] and security. The best part? You achieve this high level of service without the need for a

[00:07:40] large workforce, allowing you to focus on growing your business through efficiency.

[00:07:45] Want to know more? Visit corevue.com slash MSP and find out more.

[00:08:05] MSP Radio.com. I answer them live each week on the Wednesday live show this week, 3pm eastern

[00:08:11] YouTube and LinkedIn. And we got a comment or a thought, put it in the comments if you're on

[00:08:15] YouTube or reach out to me on LinkedIn. If you're listening to the podcast, talk to you twice tomorrow.

[00:08:22] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted

[00:08:27] at businessof.tech. If you like the content, please make sure to hit that like button,

[00:08:33] follow or subscribe. It's free and easy and the best way to support the show and help us grow.

[00:08:39] You can also check out our Patreon where you can join the Business of Tech community

[00:08:44] at patreon.com slash MSP Radio, or buy our Why Do We Care merch at businessof.tech.

[00:08:52] Finally, if you're interested in advertising on the show, visit mspradio.com slash engage.

[00:08:59] Once again, thanks for listening to me. I will talk to you again on our next episode

[00:09:04] of the Business of Tech. Part of the MSP Radio network.