News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | BlackHat stories

National Cyber Director Chris Inglis on Monday made the case for establishing an office within the Department of Homeland Security (DHS) to track and analyze cybersecurity incidents in order to ensure the nation has an early warning system to understand adversary efforts to target U.S. organizations.   Later in the week, DHS unveiled the Joint Cyber Defense Collaborative, initially to focus on combating ransomware and cyberattacks on cloud-computing providers.   The goal long term is to improve defense planning between the government and private sector.    Included in the group – Microsoft, Google, and Amazon.  

A Senate oversight report published this week reveals that the cyberdefenses of key US federal agencies remains inadequate.    Inspectors found essentially the same failures as the prior 10 years.     And – it’s not that the government needs cutting edge new technology.   It’s that they have not allocated the budget or organization will to implement best practices.  

IBM found that the average data breach now costs companies around $4.24 million per incident, the highest amount in the report’s 17-year history.   The average expense of a data breach rose by 10% in 2021 over the previous year. Breaches also cost $1 million more on average when remote work was revealed as a factor compared with businesses without this factor.

Accenture says there has been a triple-digit increase in cyber intrusions in the first half of 2021, compared with the same period last year.    The US accounts for more than 36% of incident volume, followed by the UK at 24% and Australia at 11%.   Consumer goods & services is the top target, at 21% of cyberattacks, then industrial/manufacturing, banking, and travel & hospitality industries at 16%, 10% and 9%, respectively.

While thinking about attacks, DDos attacks largely target the US, per data from Atlas VPN.   In June 2021 alone, more than a third of DDoS attacks worldwide targeted servers in the U.S.    Who’s targeted?  The computer and internet industry — domain providers, web hosts, ISPs, and other online services, was the recipient of 83.2% of all DDoS attacks.  The idea – take out the infrastructure to impact business services.

Also targeted – MSPs.  Reuters is reporting on statements by the Dutch Institute for Vulnerability Disclosure, indicating that having discovered how successful attacks on MSPs can be “they are already busy, they have already moved on and we don’t know where.”.  Those researchers indicated they have discovered more vulnerabilities in MSPs.. who have not yet fixed all the problems.

It’s not just Kaseya.  At a presentation this week at BlackHat, security researchers presented techniques they have developed which let them hijack Jamf, that Mac focused management tool.  

Also from BlackHat: reports from the Colaition Against Stalkerware of a surge in the use of stalkerware in intimate partner violence and gender-based violence.    Stalkerware is software, made available directly to individuals, that enables a remote user to monitor the activities on another user’s device without consent and without “explicit, persistent notification to that user in a manner that may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.”

Finally, directing listeners to research coming out from the Dolos Group.    They were hired to test the security of a client’s network.  They received a preconfigured Lenovo laptop with the firm’s standard security stack, and received no test credentials, configuration details, or other information about the machine… and demonstrated they were able to gain access in less than 30 minutes with no soldering, and just simple and available tools and hardware.    Ars Technica with the writeup.

Why do we care?

Did that Senate oversight report resonate?  Even the US government is not allocating resources.      
The IT industry seems to be waking up to the fact it’s a target.    Sure… ok.  Let’s go with that.      I highlighted the JAMF story to illustrate that while Kaseya got all the headlines, the more important takeaway is constantly evaluating the attack surface of you, and your customers.  

There’s specific tactical advice here too – getting the basics right is the first step, and so many aren’t doing that.  Then, examine the further repercussions, be it in understanding how to address what the Ars Technica research finds, or how to look at the implication of technology on things like stalking.     A veritable smorgasbord of opportunity… although none are “easy”.

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories