Snowflake Breach, Microsoft Recall, VMware Backlash, RTO Mandates

[00:00:00] It's Tuesday, June 11th, 2024, and I'm Dave Sobel. Four things to know today. The TIGIMAXER breach is tied to Snowflake, 400 companies at risk. Microsoft responds to that recall feature concerns with improved security and privacy controls. Broadcom faces potential backlash from VMware customers amid their acquisition.

[00:00:23] And RTO mandates are linked to backchannel layoffs, per some studies. This is the Business of Tech. I mentioned that Live Nation breach recently. Well, Snowflake has warned its customers about hackers targeting accounts without multi-factor authentication.

[00:00:41] The warning is part of an evolving story that may be connected to the TIGIMAXER breach. The extent of unauthorized access and its connection to massive data breaches is still being determined. Stolen credentials remain an easy way for attackers to break into accounts, reminding

[00:00:55] us of the need for MFA. The TIGIMAXER data breach, along with breaches at Satander and Advanced Auto Parts, are connected to Snowflake. The threat actor responsible claims that 400 companies are impacted and aims to blackmail Snowflake into buying the data back for $20 million.

[00:01:13] Snowflake is investigating a targeted threat campaign and has found evidence of unauthorized access through credentials obtained via info-stealing malware. Why do we care? MFA alone should be the headline. Learning how the attackers breach the walls is the insight.

[00:01:30] I've also previously talked about Microsoft's new Recall feature coming in their AI-powered PCs that takes screenshots of everything done on a PC, raising some cybersecurity concerns. Despite promises of security and privacy, cybersecurity expert Kevin Baumont has discovered

[00:01:47] potential security flaws, including storing data in plain text in a local database. This could make it easier for attackers to extract the database and its context. In response, Microsoft will update the Recall feature for Copilot Plus PCs to be more secure and require users to opt-in.

[00:02:05] Users will need to prove their presence via Windows Hello to enable and use Recall. The feature will encrypt the Search Index database and require authentication for access. These updates will be shipped to customers with Copilot Plus PCs on June 18.

[00:02:21] Microsoft is prioritizing security after facing pushback and concerns about privacy. The Recall feature uses local AI models to capture and search snapshots of user activity on their PC. Why do we care? This is exactly the right way to position yourself as the advisor.

[00:02:39] Implement strict access control measures to limit who can enable and use the Recall feature within an organization. Provide training on secure use practices and include how to manage and protect data captured by the Recall feature. Implement multi-factor authentication for accessing critical features and data.

[00:02:57] And most have all helped customers with the policies around the use of the technology. And I've also been talking about VMware after Broadcom acquired it and made changes to focus on its top customers. A survey of IT workers at North American VMware Customers reveals widespread concerns and

[00:03:15] anxiety over Broadcom's acquisition of VMware. The survey indicates that customers expect significant price hikes, view the acquisition as disruptive to their IT strategy, and have concerns about Broadcom's ownership. Despite these concerns, most respondents plan to stay with VMware, either partially or fully,

[00:03:35] citing factors such as the embedded nature of VMware in their infrastructures and the challenges of migrating mission-critical workloads. However, the survey suggests Broadcom could face backlash for months or even years. And in that landscape, Stormagic is launching its new Hyper-Converged Infrastructure Solution

[00:03:54] – SVHCI, which offers an alternative to VMware for edge and SMB environments. SVHCI combines hypervisor and virtual networking with Stormagic's storage technology, providing high availability and reducing costs by up to 62%. Now why do we care?

[00:04:14] There won't be a VMware exodus, but there is an opportunity to leverage the changes when there is a business reason. Cost savings, clearly, will be one such reason. According to a PluralSight survey, organizations face skills gaps in cybersecurity, cloud,

[00:04:32] and software development, leading to increased workloads and abandoned projects for existing IT staff. The main roadblocks to upskilling include lack of support from leadership, time constraints, disengaged employees, and financial constraints. Upskilling is seen as a cost-effective strategy, with organizations taking an average of 10

[00:04:51] weeks to fill open IT positions and the average cost of upskilling an IT employee being lower than hiring new talent. While AI and ML talent gaps are not a top priority, organizations that invest in technical upskilling have seen improvements in IT skills gaps.

[00:05:09] And according to research from Gartner, one-third of executives and 19% of non-executive employees plan to leave their current roles if forced to comply with return-to-office mandates. A study reveals that a quarter of executives and a fifth of HR professionals hoped return-to-office

[00:05:25] mandates would result in staff leaving, indicating that RTO plans may have been a way to conduct back-channel layoffs. The study also suggests that the post-COVID work culture has led to increased workplace surveillance, performative behaviors, and decreased productivity.

[00:05:43] And yet, according to a survey conducted by ResumeBuilder.com, one in four businesses with return-to-work policies plan to increase in-office days next year. The main reasons cited for this decision are to improve productivity and company culture. However, some companies have also experienced talent loss due to their return-to-office

[00:06:03] mandates. And in contrast, during a House Oversight and Accountability Committee hearing, the Office of Personnel Management Director Rob Shriver advocated for continued remote work for cybersecurity professionals in federal agencies. Shriver emphasized that requiring these professionals to come into the office five days a week would

[00:06:22] hinder recruitment efforts and suggested that agencies should focus on ensuring remote work arrangements drive good performance. This comes in response to proposed legislation requiring federal workers to spend more time in their offices. OPM also supports initiatives to connect aspiring tech talent with federal employee opportunities

[00:06:41] to strengthen agency cyber and emerging tech programs. Why do we care? Apparently, we're still doing this. RTO is about bad managers and real estate leases. Keep that in mind. The generic advice is the importance of creating an open culture that listens to employees

[00:06:59] and avoids micromanagement for success, regardless of whether staff work remotely, return to the office, or adapt a hybrid approach. Employers should focus on motivating rather than mandating, provide clear reasons for returning to the office, and involve employees in shaping the requirements to improve retention and engagement.

[00:07:17] And the insightful advice is to make sure you're not fighting the battle. Even the Fed gets that. Looking to reach an audience of thousands of MSPs and IT service providers? Get your ad right here on the Business of Tech and be on the show that 64% of MSPs report

[00:07:36] having listened to. A recurring top 50 tech news podcast, there are affordable options for you to reach our audience and we can support any budget. Podcast listeners are more engaged, have a higher level of brand retention, and are more willing to listen to ads here than any other avenues.

[00:07:57] Want to know more? There's information at MSPradio.com slash engage, including a button to book a time to talk. I'm looking forward to that discussion. Thanks for listening. Today, National Corn on the Cob Day. We seem to have a summer theme going this week. You got a question?

[00:08:16] Send it in at question at MSPradio.com. I'll be answering those live on the Wednesday live show on YouTube and LinkedIn, 3 p.m. Eastern. You like the show? Share it with a friend. Tell them to listen and I'd love to hear your feedback.

[00:08:30] I will talk to you again tomorrow. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines. Post it at businessof.tech. If you like the content, please make sure to hit that like button, follow or subscribe.

[00:08:47] It's free and easy and the best way to support the show and help us grow. You can also check out our Patreon where you can join the Business of Tech community at patreon.com.mspradio or buy our Why Do We Care merch at businessof.tech.

[00:09:03] Finally, if you're interested in advertising on the show, visit mspradio.com slash engage. Once again, thanks for listening to me. I will talk to you again on our next episode of the Business of Tech. Part of the MSP Radio Network.