A recent survey reveals that while 80% of IT leaders express confidence in their recovery strategies post-ransomware attacks, nearly 70% have paid ransoms despite having policies against it. The episode emphasizes the importance of proactive defense strategies, as Tenable's research shows that only 3% of vulnerabilities pose significant risks, urging organizations to prioritize their cybersecurity efforts effectively.
Host Dave Sobel also addresses the alarming rise in ransomware incidents, which increased by 33% globally over the past year, with the U.S. and UK experiencing significant spikes. The discussion includes insights into the tactics employed by attackers, such as living-off-the-land techniques that allow them to evade detection. Additionally, the episode highlights the shift in scam operations towards smaller, more targeted schemes, reflecting a trend of increased efficiency and profitability for cybercriminals.
The episode further explores the U.S. Department of Labor's expanded cybersecurity guidance for employee benefit plans, emphasizing the fiduciary responsibility to mitigate risks. The new guidelines outline best practices for maintaining cybersecurity programs and conducting risk assessments. Sobel also discusses the launch of a new incident reporting portal by CISA, encouraging organizations to report cyber incidents to enhance community resilience against threats.
Finally, the episode delves into the findings of a Washington University study that uncovers significant data privacy risks associated with GPT applications in OpenAI's GPT store. The study reveals that a majority of these applications fail to disclose their data collection practices adequately, raising concerns about user data exposure. Sobel concludes by discussing vulnerabilities in AI platforms, such as Microsoft 365 Copilot, and the need for IT service providers to focus on AI-specific security strategies to ensure compliance and protect sensitive information.
Four things to know today
00:00 Ransomware Recovery Gaps Expose Overconfidence: Why IT Providers Must Focus on Real-World Incident Testing
04:51 CISA’s Incident Reporting Portal and Expanded DOL Guidance: Why IT Providers Must Enhance Cybersecurity Services
08:26 Washington University Study Uncovers Data Privacy Risks in GPT Store
10:21 CrowdStrike and Intel Face Critical Moments
Supported by: https://timezest.com/mspradio/
Pulseway Event: https://www.pulseway.com/v2/land/webinar-nexus-msp?rfid=vendor/?partnerref=vendor
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
[00:00:02] [SPEAKER_00]: It's Wednesday, September 11th, 2024, and I'm Dave Sobel.
[00:00:05] [SPEAKER_00]: Four things to know today.
[00:00:07] [SPEAKER_00]: Ransomware Recovery Gaps Expose Overconfidence,
[00:00:11] [SPEAKER_00]: Sys' Incident Reporting Portal and Expanded DOL Guidance,
[00:00:15] [SPEAKER_00]: Washington University Study Uncovers Data Privacy Risks in the GPT Store, and
[00:00:20] [SPEAKER_00]: CrowdStrike and Intel Face Critical Moments.
[00:00:24] [SPEAKER_00]: This is the Business of Tech.
[00:00:27] [SPEAKER_00]: So let's talk some security and where to focus your attention.
[00:00:31] [SPEAKER_00]: Companies overestimate their cyber resilience,
[00:00:34] [SPEAKER_00]: with many unable to meet business recovery goals after ransomware attacks.
[00:00:39] [SPEAKER_00]: A survey reveals that nearly 70% of IT leaders paid ransoms despite policies against it,
[00:00:45] [SPEAKER_00]: and almost half needed over six days to recover core processes.
[00:00:49] [SPEAKER_00]: While 80% express confidence in their resilience strategies,
[00:00:53] [SPEAKER_00]: actual recovery times often exceed expectations,
[00:00:56] [SPEAKER_00]: highlighting a significant disconnect between perceived and actual capabilities.
[00:01:02] [SPEAKER_00]: Tenable's research indicates that only 3% of vulnerabilities pose significant cybersecurity
[00:01:06] [SPEAKER_00]: risks, highlighting the need for organizations to adopt that proactive defense strategy.
[00:01:12] [SPEAKER_00]: The study utilizes the Vulnerability Priority Rating model to prioritize vulnerabilities,
[00:01:17] [SPEAKER_00]: revealing that those with a VPR above 9.0 are high-priority targets.
[00:01:23] [SPEAKER_00]: This approach aims to help cybersecurity teams focus on the most dangerous threats
[00:01:28] [SPEAKER_00]: rather than being overwhelmed by fragmented data.
[00:01:31] [SPEAKER_00]: Research indicates that most ransomware attacks occur between 1am and 5am,
[00:01:36] [SPEAKER_00]: taking advantage of off-duty security professionals.
[00:01:40] [SPEAKER_00]: Global ransomware incidents rose by 33% over the past year,
[00:01:43] [SPEAKER_00]: with significant increases in the UK, 67%, and US, 63%.
[00:01:48] [SPEAKER_00]: Smaller ransomware groups are becoming more active,
[00:01:52] [SPEAKER_00]: with their share of attacks rising from 25% to 31%.
[00:01:55] [SPEAKER_00]: The services industry is the most targeted,
[00:01:58] [SPEAKER_00]: while the US accounts for nearly half of all attacks globally.
[00:02:02] [SPEAKER_00]: Attackers increasingly use living-off-the-land techniques to evade detection,
[00:02:07] [SPEAKER_00]: resulting in faster attack timelines.
[00:02:10] [SPEAKER_00]: Online scam cycles have become shorter and more effective,
[00:02:13] [SPEAKER_00]: with 43% of scam revenues tracked by chain analysis sent to newly active wallets,
[00:02:20] [SPEAKER_00]: indicating a rise in new scamming campaigns.
[00:02:23] [SPEAKER_00]: The average duration of scams has decreased from 271 days in 2020 to just 42 days this year.
[00:02:32] [SPEAKER_00]: Scammers are shifting towards smaller, targeted operations,
[00:02:35] [SPEAKER_00]: quickly discarding old infrastructure to evade detection,
[00:02:39] [SPEAKER_00]: which is seen as more profitable and less risky than larger schemes.
[00:02:43] [SPEAKER_00]: The 2024 Unit 42 Attack Surface Threat Report by Palo Alto Networks
[00:02:48] [SPEAKER_00]: reveals that critical sectors like insurance, pharmaceuticals,
[00:02:52] [SPEAKER_00]: and manufacturing face evolving cybersecurity threats, particularly AI-driven attacks.
[00:02:58] [SPEAKER_00]: Key findings include an average of over 300 new services added monthly,
[00:03:02] [SPEAKER_00]: high risk exposures primarily in IT infrastructure,
[00:03:06] [SPEAKER_00]: and significant vulnerabilities in remote access and business operation applications.
[00:03:10] [SPEAKER_00]: The report emphasizes the need for AI-driven tools for continuous asset discovery and monitoring
[00:03:16] [SPEAKER_00]: to maintain visibility and mitigate risks as digital transformation accelerates.
[00:03:22] [SPEAKER_00]: Why do we care?
[00:03:24] [SPEAKER_00]: IT service providers and cybersecurity professionals should focus on real-world
[00:03:28] [SPEAKER_00]: incident recovery testing, prioritized vulnerability management,
[00:03:32] [SPEAKER_00]: and around-the-clock protection against ransomware and other evolving threats.
[00:03:36] [SPEAKER_00]: AI will be both the adversary and the solution,
[00:03:40] [SPEAKER_00]: and businesses that embrace proactive AI-driven tools
[00:03:43] [SPEAKER_00]: will be better positioned to mitigate risks as the digital landscape grows more complex.
[00:03:48] [SPEAKER_00]: Being good at the basics, being ready for incidents, keeping a regular rhythm of updates
[00:03:52] [SPEAKER_00]: and backups will make all the difference. And most are not doing this well.
[00:03:59] [SPEAKER_00]: Are you and your clients tired of the time-consuming ticket tennis?
[00:04:05] [SPEAKER_00]: Of coordinating meetings and help desk calls?
[00:04:08] [SPEAKER_00]: Wouldn't it be better to automate this process with a tool
[00:04:12] [SPEAKER_00]: that connects directly to ConnectWise Manage or Autotask?
[00:04:17] [SPEAKER_00]: TimeZest offers scheduling automation that gives you complete control of your schedule
[00:04:22] [SPEAKER_00]: and eliminates the hassle of calendar paintball.
[00:04:25] [SPEAKER_00]: As the only service designed specifically for MSPs,
[00:04:29] [SPEAKER_00]: it integrates into your workflow and makes scheduling appointments easy on you and your
[00:04:34] [SPEAKER_00]: clients. Plus, you can try TimeZest for free. Visit timezest.com slash MSBradio
[00:04:43] [SPEAKER_00]: and use the code MSBRadio to get 10% off your first year of TimeZest.
[00:04:52] [SPEAKER_00]: The U.S. Department of Labor has expanded its cybersecurity guidance to include
[00:04:56] [SPEAKER_00]: all ERISA-covered employee benefit plans, including health and welfare plans.
[00:05:02] [SPEAKER_00]: This guidance emphasizes the fiduciary obligation to mitigate cybersecurity risks.
[00:05:07] [SPEAKER_00]: It outlines best practices such as maintaining a documented cybersecurity program,
[00:05:11] [SPEAKER_00]: conducting risk assessments, and ensuring proper oversight of service providers.
[00:05:15] [SPEAKER_00]: The guidance highlights the need for compliance across various employee benefits and distinguishes
[00:05:21] [SPEAKER_00]: between the requirements under the Department of Labor and HIPAA,
[00:05:25] [SPEAKER_00]: urging fiduciaries to take proactive steps in safeguarding plan data.
[00:05:30] [SPEAKER_00]: NSYSA has launched a new services portal to enhance cyber incident reporting.
[00:05:35] [SPEAKER_00]: The portal features secure access, report management, and collaboration tools.
[00:05:39] [SPEAKER_00]: Organizations are encouraged to report cyber incidents to benefit from
[00:05:43] [SPEAKER_00]: NSYSA's resources and help the broader community mitigate risks.
[00:05:47] [SPEAKER_00]: The Commerce Department has proposed new reporting requirements for AI developers
[00:05:52] [SPEAKER_00]: and cloud providers to enhance national security and safety standards for advanced AI models.
[00:05:58] [SPEAKER_00]: This initiative, aligned with the Biden administration's AI Executive Order,
[00:06:02] [SPEAKER_00]: aims to collect vital information on cybersecurity measures,
[00:06:05] [SPEAKER_00]: development processes, and potential risks associated with dual-use AI technologies.
[00:06:11] [SPEAKER_00]: The proposed rules are intended to ensure that AI systems can withstand cyber attacks
[00:06:16] [SPEAKER_00]: and mitigate misuse by adversaries, reflecting the government's proactive approach to the
[00:06:21] [SPEAKER_00]: dual-use nature of advanced AI.
[00:06:24] [SPEAKER_00]: And the Biden administration is considering a new Cybersecurity Executive Order that
[00:06:29] [SPEAKER_00]: emphasizes using artificial intelligence to enhance cyber defenses,
[00:06:33] [SPEAKER_00]: despite concerns about the risks associated with AI reliance.
[00:06:37] [SPEAKER_00]: Officials highlight AI's potential in analyzing threats, generating source code,
[00:06:42] [SPEAKER_00]: and quickly patching vulnerabilities, particularly in the energy sector.
[00:06:46] [SPEAKER_00]: However, there are cautionary notes regarding adversaries for using AI for cyber attacks,
[00:06:52] [SPEAKER_00]: prompting initiatives for more secure product design and collaboration with industry on incident response.
[00:06:58] [SPEAKER_00]: Federal leaders stress the need for further research to understand AI technologies better
[00:07:03] [SPEAKER_00]: to ensure their safe application in cybersecurity.
[00:07:07] [SPEAKER_00]: And OpenAI and Anthropic have signed agreements with the U.S. AI Safety Institute to provide
[00:07:12] [SPEAKER_00]: their AI models for testing and safety research, allowing for the identification and mitigation
[00:07:16] [SPEAKER_00]: of safety risks.
[00:07:18] [SPEAKER_00]: These agreements support the Institute's mission to develop safe standards for AI,
[00:07:23] [SPEAKER_00]: aligning with the AI Executive Order.
[00:07:26] [SPEAKER_00]: The Institute plans to collaborate with the U.K.'s AI Safety Institute for safety feedback
[00:07:31] [SPEAKER_00]: amidst ongoing discussions about AI regulation and funding challenges in the U.S. and U.K.
[00:07:37] [SPEAKER_00]: The agreements mark a significant step toward responsible AI development and safety practices.
[00:07:43] [SPEAKER_00]: Why do we care?
[00:07:45] [SPEAKER_00]: The expansion of cybersecurity guidelines, increased incident reporting requirements,
[00:07:49] [SPEAKER_00]: and the introduction of AI safety measures reflects that proactive stance by the U.S.
[00:07:53] [SPEAKER_00]: government to secure critical infrastructure and sensitive data.
[00:07:56] [SPEAKER_00]: IT service providers must pivot to meet these growing demands by offering comprehensive
[00:08:01] [SPEAKER_00]: compliance services, AI security solutions, and enhanced incident reporting capabilities.
[00:08:07] [SPEAKER_00]: Organizations that embrace these challenges and integrate robust cybersecurity strategies,
[00:08:12] [SPEAKER_00]: both for their employee benefit plans and their AI systems, will be better equipped
[00:08:16] [SPEAKER_00]: to meet the regulatory challenges ahead and mitigate emerging risks.
[00:08:20] [SPEAKER_00]: Many of these will need to be implemented into your plans, particularly that CISA reporting portal.
[00:08:27] [SPEAKER_00]: Let's talk about some vulnerabilities too.
[00:08:29] [SPEAKER_00]: A study by researchers from Washington University reveals that many GPT apps in OpenAI's GPT store
[00:08:36] [SPEAKER_00]: violate data collection policies, with only 5.8% of services clearly disclosing their practices.
[00:08:43] [SPEAKER_00]: The analysis of nearly 120,000 GPTs found extensive data collection,
[00:08:48] [SPEAKER_00]: including sensitive information like passwords, often without adequate privacy documentation.
[00:08:54] [SPEAKER_00]: The researchers highlight significant privacy and security issues, noting that third-party
[00:08:58] [SPEAKER_00]: actions within GPTs can access and share user data across apps, raising data exposure risks.
[00:09:05] [SPEAKER_00]: Despite OpenAI's removal of non-compliant GPTs,
[00:09:09] [SPEAKER_00]: the study concludes that the company's enforcement and privacy controls are insufficient.
[00:09:15] [SPEAKER_00]: Microsoft has patched a vulnerability in Microsoft 365 CoPilot that allowed
[00:09:19] [SPEAKER_00]: data theft through ASCII smuggling, which made invisible data flickable.
[00:09:24] [SPEAKER_00]: The attack involved prompt injections and could exfiltrate sensitive information,
[00:09:29] [SPEAKER_00]: including multi-factor authentication codes, to adversary-controlled servers.
[00:09:33] [SPEAKER_00]: Microsoft emphasized the need for enterprises to assess their risk
[00:09:37] [SPEAKER_00]: and implement security controls to prevent data leaks from CoPilot systems.
[00:09:42] [SPEAKER_00]: Why do we care?
[00:09:44] [SPEAKER_00]: The vulnerabilities exposed in AI platforms like GPT apps in CoPilot highlight the growing security
[00:09:49] [SPEAKER_00]: risks associated with AI. For IT service providers, this is a call to focus on AI-specific
[00:09:55] [SPEAKER_00]: security and privacy strategies. You conduct AI risk assessments to enforce stricter data
[00:10:00] [SPEAKER_00]: governance and compliance checks, and the future of AI relies on ensuring that these systems are
[00:10:05] [SPEAKER_00]: secure and compliant. Businesses adopting AI need partners who understand these risks
[00:10:11] [SPEAKER_00]: and can provide proactive solutions to mitigate potential vulnerabilities,
[00:10:15] [SPEAKER_00]: ensuring AI innovation doesn't come at the cost of privacy and security.
[00:10:19] [SPEAKER_00]: And that partner should be you.
[00:10:23] [SPEAKER_00]: I swear I'm not picking on these companies.
[00:10:26] [SPEAKER_00]: First, CrowdStrike CFO Bert Podbara reported that the company has not yet faced any lawsuits
[00:10:32] [SPEAKER_00]: related to the global IT outage in July, which was caused by a configuration error.
[00:10:37] [SPEAKER_00]: He acknowledged some financial impact but noted that customer relations improved as
[00:10:41] [SPEAKER_00]: the company communicated effectively during the disruption. Despite the lack of lawsuits so far,
[00:10:46] [SPEAKER_00]: concerns remain, particularly following threats of litigation from Delta Airlines.
[00:10:51] [SPEAKER_00]: Podbara emphasized the need to focus on business discussions rather than legal issues
[00:10:56] [SPEAKER_00]: as the situation evolves. Intel has decided to abandon its 20A process node for the upcoming
[00:11:03] [SPEAKER_00]: Arrow Lake processors, opting to utilize an external foundry instead, likely TSMC,
[00:11:09] [SPEAKER_00]: due to readiness issues with its 18A process. This shift aims to optimize engineering resources
[00:11:16] [SPEAKER_00]: and maintain momentum for its 18A technology, despite reports of Broadcom rejecting 18A
[00:11:22] [SPEAKER_00]: wafers for mass production. The move comes amid ongoing challenges for Intel,
[00:11:27] [SPEAKER_00]: including stock price declines and potential restructuring of its foundry business.
[00:11:33] [SPEAKER_00]: Why do we care? Delta Airlines has made noises that they're suing. I do expect them to file.
[00:11:39] [SPEAKER_00]: And Intel's pivot is significant for IT service providers and partners relying on Intel,
[00:11:44] [SPEAKER_00]: as it indicates potential production changes, supply risks, and delays in Intel's roadmap.
[00:11:49] [SPEAKER_00]: It's also pretty telling that their plans keep failing.
[00:12:14] [SPEAKER_00]: With a no-code control approach, CoreView revolutionizes your Microsoft 365 administration.
[00:12:20] [SPEAKER_00]: This powerful platform enables automatic reporting and remediation,
[00:12:24] [SPEAKER_00]: ensuring optimal performance and security. The best part? You achieve this high level of
[00:12:30] [SPEAKER_00]: service without the need for a large workforce, allowing you to focus on growing your business
[00:12:35] [SPEAKER_00]: through efficiency. Want to know more? Visit coreview.com slash MSP and find out more.
[00:12:44] [SPEAKER_00]: Thanks for listening. I want to recognize it's September 11th.
[00:12:47] [SPEAKER_00]: The adversity of that, I'm not going to make any fun quips.
[00:12:50] [SPEAKER_00]: I'll be speaking at Pulseway Nexus today and tomorrow, so make sure to sign up and register
[00:12:55] [SPEAKER_00]: to join me. Link in the show notes and description. You got a comment or a thought on a story? Put it
[00:13:00] [SPEAKER_00]: in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast.
[00:13:04] [SPEAKER_00]: And the number one thing you can do to help? Share it with a colleague or a friend.
[00:13:08] [SPEAKER_00]: Tell them how you like the business of tech. And we'll talk to you again tomorrow.
[00:13:14] [SPEAKER_00]: The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines.
[00:13:19] [SPEAKER_00]: Posted at businessof.tech. If you like the content, please make sure to hit that like button,
[00:13:25] [SPEAKER_00]: follow or subscribe. It's free and easy and the best way to support the show and help us grow.
[00:13:31] [SPEAKER_00]: You can also check out our Patreon where you can join the Business of Tech community
[00:13:36] [SPEAKER_00]: at patreon.com slash MSP radio or buy our Why Do We Care merch at businessof.tech.
[00:13:44] [SPEAKER_00]: Finally, if you're interested in advertising on the show, visit mspradio.com slash engage.
[00:13:51] [SPEAKER_00]: Once again, thanks for listening to me. I'll talk to you again
[00:13:55] [SPEAKER_00]: on our next episode of the Business of Tech.