April 2023 Reading Roundup

Written By Kaysie Anthony

Top IT Articles from April with a focus on Cybersecurity

5 Vulnerabilities You Should Prepare For

Attackers utilize numerous methods to compromise targets, from creative next-gen techniques to tried-and-true classic threat vectors. This article breaks down five of the top risks that you can mitigate. In my opinion, these vulnerabilities represent the minimum threshold that your organization should meet in your security journey. You can read more via TechTarget.

SANS Top Five Most Dangerous

SANS dropped their list of the top five most dangerous cyber attacks for 2023 at this year’s RSA. This list deviates from the content you see most writers detail, such as utilizing AI for social engineering and prioritizing developers as targets. You can read more via DarkReading.

AI Improves Business Analytics

Your company likely has years, or decades, worth of data that is not being properly utilized to make current business decisions. AI tools automate this discovery process, unlocking the potential of your data. You can read about practical ways businesses are utilizing these tools via The Wallstreet Journal.

CISA Unpatched Notifications

The US cybersecurity agency, CISA, rolled out a program to notify organizations of vulnerabilities. The services seems to be working, so far. Your organization can sign up and enroll, if you’d like. You can learn more via CISA.

They’re Selling Your Data

Each month I include an article related to organizations selling your data to ad giants, including personal healthcare information. These activities will continue until we pass stringent laws that protect our privacy. You can read more about companies selling our data for corporate gain via The Verge.

CommScope Bites the Dust

CommScope disclosed a breach, which impacted critical business data and employee data, on March 27th. Employees last heard from executives on April 18th. Executives noted that employee data was wrongly stored in locations that were not appropriate. Employees are growing uneasy due to the lack of updates. In security, no news is rarely good news. You can read more via TechCrunch.

Protect Growing Attach Surfaces

Last year there was a ransomware attack every 11 seconds. It’s predicted that there will be a ransomware attack every 14 seconds in 2023, which will eventually grow into attacks every 2 seconds. 1 Combine this with the fact that our attack surface continues to grow as data expands, due to a variety of trends, such as public cloud, private cloud, edge computing, SaaS and more. Legacy solutions are sufficient for legacy data, but the shift in data management calls for a Zero Trust methodology for the modern age. You can read more via Cohesity.

US Gov Limits Spyware

The Biden administration recently signed an executive order that limits the utilization of commercial spyware by US agencies. While this is not an outright ban, we should hope that it drastically reduces an agency’s ability to spy on US citizens and violating basic human rights. Notable commercial tools include Pegasus, Predator and Candiru spyware. You can read more via Reuters.

Hyperscaler Spending is Slowing Down

Boards and CFO’s have challenged IT to streamline app and cloud spending. It’s no secret that moving workloads to hyperscalers isn’t cheap. Check out this article from Wall Street Journal that highlights some of the changes we’re facing.

With that being said, a hybrid model can improve performance and streamline your budget. Holler at your boy and I’ll show you how.

Attacks Based in China Increase

Attacks focused on the US government and private businesses have increased from Chinese-backed hackers. It appears that these agents are focusing on edge devices, such as firewalls, from which they pivot and seek to take control of the environment. You can read more via Mandiant. Our friends at Fortinet released a blog focused on patches, which you can find here.

Exploding USB Sticks

Public Service Announcement: Do not plug in random USB sticks. You likely know that you should never plug-in random USB sticks because they potentially contain malware. If you don’t know that, your organization should consider security awareness training. In modern times, USB sticks EXPLODE! You read that right. Read the full article via BBC News.

TikTok Ban

The US Senate Intel Chair Mark Warner has asked for the US Spies responsible for requesting the TikTok ban provide content to back up their requests. Will this team of spies provide the transparency requested? That’s difficult to say. You can read more via Wired.

Companies Aren’t Prepared for Software Price Hikes

It’s not uncommon for businesses to face price-hikes upwards of 30% from software vendors, such as Microsoft. These upticks in price shock end users, and leave them stunned. This is further complicated by the fact that “breaking up” with your software vendor isn’t as easy as it seems. You can read more via Wall Street Journal.

Protect Thy Supply Chain

Hackers have increased their focus on infiltrating your supply chain as a means of breaching your environment. In this case, 3CX’s app was compromised and 600k global customers were impacted. You can read more via Bleeping Computer.

ChatGPT Data Breach

That didn’t take long. Chat histories of users were exposed. All you’ll learn from my chat history is that your boi is boring, but I know some of you have been naughty! The internet never forgets, friends. You can read more via ChatGPT’s press release.

US Agents Misuse Data Access

A recent reported from Wired sheds light on a concerning trend of U.S. Immigration Enforcement Agencies misuse of data. It’s being reported that agents utilize these resources to harass, stalk and even sell to criminals! You can read the full report via Wired.

Is Your Salesforce Leaking Data?

It’s very common for these low code/no code platforms to be misconfigured, which leads to massive data leaks. You can read about examples via Krebs on Security.

ChatGPT Therapy

It didn’t take long for ChatGPT to take the reigns on therapy. You read that right. The machines are now providing therapy for the humans. 2023 is really something. You can read more via Bloomberg.

TikTok Trial is Lit

If you’re following the TikTok trial, you know it’s a mess. One of the interesting takeaways from the coverage is that this problem could be resolved if America passed effective data protection legislation, rather than attempting to ban a single app. So far, it looks like a total ban of TikTok could take a while. You can read more via Reuters.

Experts are also calling on Congress to step up their game and take on data brokers who sell our personal information. While Congress mindlessly goes on-and-on about TikTok, our data is freely being sold to the highest bidder. You can read more via CyberScoop.

Fortra Lies to Customers Following Breach

So far, 130 companies have been impacted by the Clop breach. The list is growing by the day. Fortra committed the cyber-sin of telling their customers their data was safe, when it was not. It will take some time, but let’s see how this story develops. You can read more via Reuters.

VMware & Broadcom Probe

The UK’s Competition and Markets Authority (CMA) announced and investigation that could take six months. This comes on the heals of the CMA giving Broadcom five days to respond to concerns. Clearly Broadcom’s response did not impress. You can read more via TechCrunch.

Let’s Talk about Cloud Optimization

It’s 2023. By now, you have a cloud strategy (even if you don’t realize it). Your organization consumes some form of cloud services, from SaaS to hyperscalers. This blog details three of the primary ROIs your organization benefits from with cloud optimization services. Streamline your bill, ensure those buckets are configured correctly so you can avoid data loss, or determine which form of cloud is right for your workloads. You can read more via TierPoint.

*I’ve personally found great success with TierPoint. Their offerings are agile, pricing is predictable and the engineering resources are top notch. If you’d like to learn more about my experience, including testimonials by your peers, just holler at me!

Making the Most of a Bad Situation

Ransomware sucks. Mandiant’s director of incident response had a few helpful tips for how your organization can navigate this difficult terrain. Examples include counterdemands to paying the ransom. As you know, it’s common for organizations to pay the ransom only to have the hackers utilize a backdoor to retake the environment. You can read more via TechTarget.

3CX Supply Chain Breach

The VoIP company is the latest organization to fall. Hackers infiltrated 3CX and utilized their app to push ransomware. 3CX has 600,000+ customers worldwide. It should be noted that 3CX didn’t acknowledge the breach for nearly a week. In some instances 3CX outright denied it. You can read more via 3CX.

Business Continuity Plans & Ransomware

Your organization should have a business continuity plan. This is a layer that helps mitigate the risk of ransomware, but it is not a silver bullet. If you’re not testing and improving the process, you won’t be fully prepared when you’re called to action. You can read more via TechTarget.

The Future is Hybrid

It’s honestly surprising that customers approach me on a weekly basis to say, “We migrated everything to a hyperscaler (AWS, Azure, Google) and it’s too expensive.” It’s literally every single week. The future will hold on-prem, public cloud and private cloud for the future. Simply put, the future is hybrid. This article via TierPoint discusses a few of the key items you’ll want to keep in mind when determining your strategy.

Western Digital Gets It

Western Digital is the latest in a long list of tech companies disclosing a breach. This is clearly bad news as many organizations utilize these services to back up their data. At this time, WD is fairly quiet. I’m sure you’ve noticed this, but it’s usually bad news with organizations are slow to provide updates to their end users when core services are disrupted. You can read more via Reuters.

Human Error Caused DC Breach

Last month I highlighted a breach of Washington DC’s health exchance. This breach impacted approximately 56,000 people. We’ve now learned that the breach as the result of human error. Another day, another misconfiguration. You can read more via AP News.

Windows 10

Windows 10 controls 73% of the marketplace, but no more updates are coming your way. It’s time to make a change. You can read more via ZD Net.

Classified War Plans Leaked

We’re living in wild times, people. Classified docs, including strategy plans for the war, spy data, propaganda and operators in Ukraine, was leaded on the Mimecast Map Discord. Sometimes life comes at you fast. You can read more via Wall Street Journal.

This week I was honored to be included on the weekly podcast, Next Level Biztech, to discuss SASE and global backbones. You can check it out on Spotify or Apple Podcast.

If you’re a glutton for punishment, you can also watch the full episode via YouTube.

Kaysie Anthony
Previous

Build Contact Centers of the Future
Next

What's the value in SASE and global backbones?