News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | Attackability as a measurement of vulnerability risk

Some research by Randori – the team examined “attackability” in the enterprise through the lens of Log4J exposure.    Quoting Dark Reading:  “Adversaries consider several factors when picking their targets, such as where the most initial damage would likely occur and what kind of impact the intrusion would have on the environment. Adversaries are more likely to target applications that would allow them to remain in the environment, so they would be less interested in systems that have a lot of security software that would detect the intrusion. Applications that grant access to other systems or give adversaries privileged access would be a more tempting target. 

VMware Horizon is considered the most attackable because, if compromised, it gives adversaries access to the rest of the network. Mobile device management platform Jamf and single-sign-on platform PingFederate are used by 1% to 2% of the enterprise market but are ranked second and third on the attackable list because of what adversaries would be able to do. next, Randori noted.” 

Two new attackers are back – Emotet’s botnet has re-emerged, focused on phishing emails in mass spam campaigns, and REvil’s TOR servers are back up, recruiting new affiliates.  

The continuing trend of government investment in mitigation – the US Department of Energy is providing 12 million dollars in funding to six university teams to develop defense and mitigation tools for the US energy systems to defend against cyber attacks.   

Finally, a fascinating profile of Bob Lord by NextGov, who is a new senior advisor at CISA after stints at Yahoo, Twitter, and the DNC.     Here’s what got my attention: He’s quote as “something of a digital Marie Kondo— the Japanese tidying expert—decluttering the DNC’s networks, excising old software and canceling extraneous vendor contracts.”

Why do we care?

That comparison to Marie Kondo particularly struck me.  Is a minimalist approach… optimal?   How much so?     How many services firms take this approach – that less is more?

The other highlight for me today was attackability.  Consider many of the multi-tenant tools used by IT services companies now – just like Jamf and PingFederate, they are highly attackable and remain tempting targets.      

Now combine the two – is less… more?   Can you serve your customers better with a lot fewer tools?       To really bend your mind today, consider the previous story – could you do that with more humans to ease your dependency on expensive ones?     

It feels like a lot of assumptions worth questioning today.   

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories