Press "Enter" to skip to content

Spending up on security amidst White House meetings and large attack surfaces

Microsoft has revealed they defended against a 2.4 Tbps DDoS attack back in August.    Targeted specifically against an Azure customer in Europe, it came in three bursts over 10 minutes.   

The company has also revealed that Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members.   China, meanwhile, accounted for fewer than 1 in 10 of the state-backed hacking attempts Microsoft detected but was successful 44% of the time in breaking into targeted networks, Microsoft said in its second annual Digital Defense Report, which covers July 2020 through June 2021.  That from the AP.  

Untangle looked at the budgets here – their fourth annual SMB IT Security Report.     Compared to 2020, SMBs have increased their annual IT security budgets. More small businesses – defined as those with under 25 employees – are making investments in IT. In 2020, only 28% had annual budgets of $1,000 – $5,000, compared to 35% in 2021, the survey showed. Half (50%) of SMBs now have the majority of their employees working back in the office. However, 41% have transitioned a quarter or more of their workers to a hybrid work model permanently.

Continued movement by governments – the Australian government has set a new series of criminal offenses for people who use ransomware.   This includes incident reporting for companies over $10 million per year.     These will move through the process to become law. 

This while the White House is hosting a series of meetings today and tomorrow on how to address ransomware.   Russia is not in attendance.  

That said… Randori dug into the attack surface of organizations in a new report, assigning a “temptation score” to assets to understand the exposed assets.    A great headline – 1 in 15 organizations run an actively exploited version of SolarWinds.   25% have RDP exposed.   15% are running outdated version of IIS 6.   The list goes on.. and on…

Why do we care?

The idea of reputational damage being a motivator to upgrade is one I’ve put out to pasture.    The Randori researchers cite “ignorance, not negligence” as the reason for the current state of affairs.  That leaves out another – financial incentive.    I’ve argued that the financial incentives just aren’t strong enough now to change behavior.    

String this together – the budgets are increasing, attention is also increasing, yet big sections of the market are just… behind.    This isn’t an easy problem to be sure – there are massive threats out there that are incredibly well organized.    There are signs of progress… this issue being examined at the highest levels of government.  Just don’t expect the risk analysis to change quickly.