Newsletter Mar 02 2020

*|MC:SUBJECT|*
View this email in your browser

From The Microphone

Welcome to the MSP Radio newsletter, catching you up on some stories you might have missed!    Each week we'll pull a few stories from the podcasts, give you highlights and insights, and make it easy for you to catch up on the latest news and commentary.
 
Support MSP Radio
If you find value in the content, please support MSP Radio with our "give what you want" model.   Any amount is welcome, and your support allows for an independent voice!  



Share the newsletter and podcast with your colleagues, and help change the conversation around delivering technology services.

You May Have Missed... 

Phishing you can teach customers with

From Thursday, Feb 27th's Business of Tech Podcast:   Barbara Corcoran of “Shark Tank” fame was scammed out of almost $400,000 this week in a sophisticated phishing attack.     Here’s how it went down.
 
An email chain from a woman named Christine was forwarded from Corcoran’s bookkeeper with the appearance of coming from her assistant Emily.    The scammers changed just one letter in Emily’s email address to appear to be coming from Corcoran’s assistant. 
 
The bookkeeper did ask follow up questions, asking what the money was for, and got a solid cover story back.    The bookkeeper executes the wire payment, and then emails to the real Emily at her real address, and the scam is uncovered… too late.

Why do we care?
 
I’m offering this story up because it’s high profile.   This is an opportunity to take security education to customers, and a reminder to reinforce that security training.
 
You may know the sophistication of these attacks, but examples like this are useful to communicate that to your customers.   This is a high profile celebrity businesswoman, but the research and subsequent scam can happen to anyone.
 
It’s not a unique scam.  What is different is the recognizable nature of the victim, which does make the story relatable, and likely to have broken through the noise.
CompTIA Backs off Right to Repair
 
CompTIA Backs off Right to Repair: Learn about how we got here.
Cloud security from Google... and a call to vendors

From Wednesday, Feb 26th's episode:  Google Cloud announced a series of new security capabilities designed to cater to enterprise customers.    This includes a new way to detect threats using technology from Chronicle, the cybersecurity company from Alphabet’s moonshot X unit which was folded into Google Cloud last year.
 
Customers can now detect threats using YARA-L, which allows rules to be built to detect attacks.  YARA is a open source language for writing rules to detect malware, and the YARA-L is focused on logs.
 
The announcement includes new options for protecting against activities like scraping, credential misuse, and automated account creation,
 
as well as capabilities via Web Risk API for idenfying known bad sites, warning users before they click bad links, and preventing users from posting links to known malicious pages.

Why do we care?

Previously, I covered data about cloud adoption for technology services companies, and observed a lack of innovation in management in this space for those focused on small and midsized organization.
 
Today, I’m going to observe the same disparity on security technologies.   Enterprises are getting capabilities to address security concerns that are far ahead of what a small organization can leverage.    One of the values that companies that deliver technology to providers has been is the ability to take these complicated pieces of tech and make them available to a larger population, particularly SMBs.     The rise of the Remote Monitoring and Management space is a great example.
 
I’m waiting for these kinds of offerings to get delivered to the masses.    I think there is opportunity here for vendors that move here, but I’m also disappointed in the lack of investment I’m seeing from the larger vendors who have the spoils to build this capability out.   I think they’d rather just buy things and add revenue than build anything.
  
 
Key Update from Apple

From Tuesday, Feb 25th's episode: Apple has announced that long-life HTTPS certificates will no longer be accepted in Safari later this year.
 
From the Register: “Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. That means websites using long-life SSL/TLS certs issued after the cut-off point will throw up privacy errors in Apple's browser. “

This implementation in Safari impacts both iOS and macOS devices.

Why do we care?

Apple has unilaterally made this decision, and with such a significant portion of web traffic being iOS alone, this now matters.  Check those certificate expirations, because this will cause problems to certificates as of Sept 1, 2020.     Service providers, you have been warned.
 

Podcast

The Business of Tech

Are you subscribing to the Business of Tech podcast?   Each day, the flood of technology news hits.  In an industry that always changes, finding focus on the important things is critical.   The Business of Tech podcast focuses on the news you need to know and why.   Subscribe now to get this 5 minute podcast in your favorite podcatcher.
Upcoming events!

Catch these upcoming educational events!
  • Making Ethics Pay in a World of Distrust and Big Tech
    • March 9-12, 2020 at the Venetian & Sands Expo in Las Vegas, I'll be presenting this unique keynote address, as well as participating on another panel and moderating a third.  Use promo code SOBEL to save on your registration. Would love to have you there.

Facebook
Twitter
Instagram
YouTube
Copyright © 2020 MSP Radio, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.