May 2023 Reading Roundup
The latest trends in IT
Rubrik Discloses Data Breach
I missed this article from March of 2023. Backups are a key component of defense in depth and bad actors will target these resources in an attempt to compromise your data. Rubrik is blaming this breach on Fortra’s Zero-day, but notes that only a non-production environment was compromised. You can read more via TechTarget.
App Migration Guidance
You’ve been using a legacy application for a billion years. No one exactly knows how it works or why it’s so important, but everyone is terrified of breaking it. Does that sound like you? If not, it’s because you’re a startup or you just went through this migration. Let’s talk about mistakes to avoid via TierPoint.
Ransomware Tales from Those Who Paid
This is a fascinating article. Of those impacted by ransomware, approximately 80% paid up. Of that total, 21% never recovered their data. You can read more via Forbes.
Data Protection
Our own Perry Crabtree kicked off a seven-part series on data protection. The first article covers the stages of data and steps your organization can take to protect it. As always, we’ll present vendor-agnostic content that’s meant to be helpful. You can read more via White Oak Review.
TikTok & Montana
The first state to ban TikTok is Montana. My vote was on Florida, but Montana makes sense. There’s a strong chance this could be overturned by the Supreme Court, but who knows how the Supreme Court will respond these days. This is an interesting move, since the US is slow to create laws that protect our personal data and US agencies have been caught spying on its citizens numerous times. Rules for thee but not for me! You can read more via Associated Press.
Migrating Datacenters
End users are migrating in mass from their traditional premise-based datacenters, which are costly to maintain and lack the resiliency of modern datacenters, to the public cloud, private cloud and colo. Let's talk about the migration process via TierPoint.
Windows 10
The final Windows 10 security update will come October 14, 2025. Will organizations migrate to Windows 11 now or hold off a bit longer? I encounter numerous new environments per week and I’m always shocked by the amount of Windows 10 still in the wild and the lack of a realistic plan to migrate. You can read more about the risks via Crowdstrike.
Unified Endpoint Management
This solution allows you to manage and secure desktop computers, laptops, smartphones and tablets from a single pane of glass. You’ll also be able to push out updates to these devices in the field. You can learn more via TechTarget.
Volt Targeting Fortinet
Critical infrastructure in the US is being targeted by a state-sponsored attack from China. The Volt group seeks to compromise out-of-date Fortinet Fortiguard devices. Patching is key! You can read more via CISA.
Capita Breached Again!
Capita left one of the ol’ Amazon S3 storage buckets exposed for years. This is the second breach for Capita in recent memory. Capita is catching heat for initially denying the second breach. We can gleen several lessons from Capita: convey the truth quickly and lock down cloud workloads. Misconfigured buckets sting! You can read more via TechCrunch.
DaaS vs VDI
Are you considering VDI? This article compares Desktop as a Service to tradtional VDI services, including costs, features, functionality and scalability. You can read more via White Oak Review.
A Healthcare Breach of the Year Candidate
PharMerica is victim to one of the largest breaches of the year. This is interesting because this breach received little coverage. In March the Money Message gang gathered PI, including SSN and medical information of 5.8 million users. This data is already being leaked onto the street. You can read more via The Register.
Premom Giving Away Data
The FTC issued a $100,000 fine to Premom for accidently sharing your personal data with advertisers. This happened without consent from end users. You can read more via the Washington Post.
Building an Incident Response Framework
How will your organization respond during an unplanned incident? I would argue you don’t really know unless you’ve created a detailed plan and tested it multiple times. There were 24,000+ incidents in 2021 and 5,400+ discolosed breaches. Don’t rely on hopes and prayers! You can learn about the differences between a plan and a framework via TechTarget.
AI Utilization for Backup & Recovery
AI is the hot topic at the moment. This article covers how AI can help your organization monitor and manage ransomware threats before recovery is needed. It’s also possible for AI to crunch the numbers to help you spot dependencies with your data and help you determine the best prioritization of processes. You can read more via TechTarget.
Securing the Remote Worker
Our pals at DarkReading released a free report that details steps you can take to mitigate the risks of off-site attacks on resources. You can download the report via DarkReading.
Large Language Models and AI Empathy
Customer engagements and interactions that display empathy score much higher in terms of overall customer satisfaction. End users expect agents to be empathetic, but that same mentatility extends to chatbots, as well. We want the robots to be nice to us! Learn how Large Language Models help us build Generative AI into our customer experience journey. You can read more via Dialpad.
Staffing Still Sucks
One might assume that the mass layoffs by Big Tech would lead to more resources to fill open vacancies downstream, but you might be wrong. This article highlights the trend amongst top talent, which often have no desire to swim downstream to fill roles in IT departments. You can read more via Wall Street Journal.
Mitigating the Challenges of Multi-Cloud
If you’ve read any of our content, you know we’re big proponents of hybrid cloud strategies. Hybrid is the future, and the future is happening right now. If you’d like a primer, check out this White Oak Review article on Hybrid Cloud. While introducing a multi-cloud strategy offers great flexibility/scalability, it does introduce complexity. This article from Digital Realty discusses ways to mitigate those complexities.
Salesforce Ghost Sites
First, I’ll click on any article with Salesforce and Ghost in the title; that’s just good marketing. This is a simple problem. Organizations occassionally abandon Salesforce and move to a new platform, but they forget to clean up after closing down shop. As a result, sensitive data is stranded. You can learn more via DarkReading.
Pen Test vs Breach Simulation
This article compares penetration testing and breach simulation. Both are beneficial for your organization. This quick read is brought to you by TechTarget.
The Robots are Coming
AI is the top trending topic in IT at the moment. Honestly, it’s a bit exhausting. Here’s yet another article that prolaims the end of civilization as we know it. You can read the full article from TechCrunch.
AI = Extinction
That’s what the article alleges. 350 folks, ranging from Google to OpenAI, claim that the threat of AI is on par with the pandemic and nuclear war. You can read more via Wall Street Journal.
Another Toyota Breach
Toyota recently anounced that another 260k customers had their data exposed FOR A DECADE. How did it happen? Another misconfiguration of a cloud solution. I don’t like to make a sales pitch during reading roundups, but you should consider a security assessment of your cloud assets. I can help with that. You can read more about the Toyota breach via TechCrunch.
Massive Dental Breach
What time is your dentist appointment? Tooth-hurty. MCNA confirmed that nine million patients were impacted by a breach. Some patients have already seen their data hit the web after this LockBit ransomware attack. You can learn more via DarkReading.
Another Hospital Breach Due to Ransomware
Clarke County Hospital in Iowa is another victim to fall to Royal ransomware. The hospital acknowledged the breach approximatley one month after Royal claimed victory. You can read more via TechTarget.