Amazon Employees React Negatively to New Five Day Return to Office Mandate

Summary Bullets:

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services
  • A survey of 2,585 Amazon staffers conducted by Blind, an anonymous social media platform, reported that 91% are dissatisfied with the new five-day in-office policy.
  • Separate Blind research involving employees from multiple companies found 65% are anxious about return to office (RTO) orders.

If there was any upside to the 2020 COVID 19-driven lockdown, the overnight move to remote work granted many corporate employees a new work from home perk. The move eliminated difficult and often costly commutes. Working from home also gave families flexibility to lessen the load in areas like childcare and logistics. But the biggest benefit of working from home might be the gift of time. Many enterprises retained at least hybrid working operations, requiring staff to come in on a limited basis. But now, more than four years after lockdown began, more corporations are calling employees back in the office for the full five days.

Continue reading “Amazon Employees React Negatively to New Five Day Return to Office Mandate”

Healthcare Organizations Struggle to Evade Ransomware

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• A recent RiskRecon study of 1,454 serious ransomware cases finds that healthcare provider organizations account for more than 18% of these incidents, by far the most targeted sector.

• Geography was not a factor with healthcare providers under fire around the globe.

As an industry, healthcare is not exactly known as information technology-forward. The sector lags other verticals in IT adoption and innovation outside of medical technology, extending to cybersecurity where gaps in controls have rendered healthcare institutions vulnerable to ransomware and other types of attacks. Recently published research from risk management provider RiskRecon bears this out, showing that more than any other segment, healthcare providers are targeted in what the company terms “destructive ransomware events” in which the compromised institution’s operations are disrupted because of encryption of essential systems. The study, examining 1,454 destructive ransomware events that have occurred between 2016 and 2023, find that even if an organization has an excellent security posture itself, if there are any vulnerabilities in its supply chain, then it could be successfully targeted.

Continue reading “Healthcare Organizations Struggle to Evade Ransomware”

New Cisco Research Shows OT Security is a High Priority for Industrial Organizations

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• In a survey of more than 1,000 large industrial organizations, Cisco finds that 89% of all organizations label OT cybersecurity as either very or extremely important.

• Eighty-seven percent (87%) say that they will have a unified cybersecurity approach by 2026 for information technology (IT) and operational technology (OT) networks.

A rash of high-profile cyberattacks on industrial organizations is driving a renewed understanding of the criticality of having an effective security strategy. In its survey of decision makers from 1,000 large organizations, Cisco notes that the overwhelming majority label cybersecurity as a top priority. Many – 37% – see cybersecurity risks as a barrier to growth. Forty percent (40%) worry about the scarcity of skilled workers stalling expansion plans.

Continue reading “New Cisco Research Shows OT Security is a High Priority for Industrial Organizations”

Google Cloud Research Paints a Rosy Picture on Returns from GenAI

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• A recent Google Cloud canvas of 2,508 executives show 84% have been able to implement an AI use case concept into production within six months of the initial ideation.

• Seventy-four percent (74%) of respondents report their companies are already achieving a return on their generative AI (genAI) investments.

GenAI dominates corporate discussions around top investment priorities for the present and the future. Organizations are shifting budget and other resources to address the need to convert ideas into production applications, and to do so quickly. Expectations are high for what these can return, not just in terms of production efficiencies, improved customer service, and cost savings, but also bottom-line benefits.

Continue reading “Google Cloud Research Paints a Rosy Picture on Returns from GenAI”

Verizon Mobile Security Index Shows Mobility Plus IoT Expands the Enterprise Attack Surface

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Most enterprises say mobile devices are crucial to operations; 95% have connected device deployments.

• AI-driven attacks including deepfakes and SMS phishing are top of mind with 77% saying they expect these types of attacks to be successful.

In this century, the sweeping impact of mobile infrastructure on corporate operations can’t be overstated. Workers have become increasingly dependent on their mobile devices to perform work-related functions. With the COVID-19 lockdown-related movement toward remote and hybrid work becoming permanent in more organizations, the importance of mobile devices has become even more outsized. But this, along with the expansion of connected device deployments, makes securing these sprawling virtual business operations environments complicated.

Continue reading “Verizon Mobile Security Index Shows Mobility Plus IoT Expands the Enterprise Attack Surface”

As Questions Continue About the CrowdStrike Snafu, Microsoft and Others Revisit Resiliency

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:
• A flaw in an update of CrowdStrike’s Falcon threat intelligence and incidence response platform brought down millions of Windows systems, disrupting operations around the world earlier this month.

• The event, which took days to recover from, put the need for greater operational resiliency and better quality control as well as better protections for systems and data in sharp relief.

Earlier this month, the combination of an undetected error in CrowdStrike’s Rapid Response content update and a bug in the content validator used to ensure the code is hygienic led to the corrupt update being released in production. The software distribution led to 8.5 million Windows systems being knocked offline and operations being interrupted around the world. The fix was manual and kludgey in nature. Thousands of flights were canceled, medical procedures postponed, and operations across industries were stalled, in some cases for days. The incident is expected to cost organizations billions of dollars when the fallout from the disruption is tallied.

Continue reading “As Questions Continue About the CrowdStrike Snafu, Microsoft and Others Revisit Resiliency”

AT&T Under Fire After Disclosing Massive Data Breach

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• AT&T divulged that the call and text records of 109 million cellular customers had been unlawfully downloaded from a third-party cloud provider’s environment.

• Wired magazine reports AT&T paid $370,000 to hackers to delete the records, which included cell site data. While the hacker provided a video of the deletion, there is no way to prove the threat actors don’t have a copy of the records.

AT&T is feeling the heat after admitting that the call and text records of 109 million wireless customers had been illegally downloaded from third-party provider Snowflake’s cloud. The records, which include the incoming and outgoing phone numbers and cell site locations that these communications were relayed through, covered a more than six-month time span in 2022 and a single day in January 2023.

Continue reading “AT&T Under Fire After Disclosing Massive Data Breach”

US Government Accountability Office Sounds Alarm About Critical Cybersecurity Challenges

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• In a report to Congress, the Government Accountability Office (GAO) said the cyber threat environment is throwing challenges at public and private sector entities alike that put national security, the economy, the environment, and human safety at risk. As evidence, the GAO cited the fact that federal agencies reported 30,659 cybersecurity incidents to the Department of Homeland Security’s US Computer Emergency Readiness Team in 2022.

• The report urged government agencies to work in tandem with the private sector to ward off threats.

A GAO report to Congress flagged the serious, and in many cases unaddressed, risks that could jeopardize national security. Since 2010, the agency has recommended to other agencies 1,610 steps to close security gaps. The current cyber risk report noted that nearly 600 of these haven’t been acted upon, putting the security of federal systems and critical infrastructure at risk. The GAO blamed a mix of competing budget priorities, communications failures, and the inability of some agencies to accurately measure outcomes.

Continue reading “US Government Accountability Office Sounds Alarm About Critical Cybersecurity Challenges”

US Surgeon General Wants a Warning Label for Social Media

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• In an opinion piece published in The New York Times, US Surgeon General Dr. Vivek H. Murthy calls for a warning label for social media to educate adolescents and adults about the links between the medium and negative mental health effects.

• Referencing research that ties adolescent depression, poor body image, and harassment to social media consumption, Murthy says that while a warning label will not correct the issues, it would go a long way toward educating the public about the potential for harm associated with sites like Snapchat and Instagram.

Social media companies have long been under fire for using algorithms to manipulate sometimes vulnerable populations into viewing potentially harmful content. By its nature, social media encourages overuse to the point of near-addiction. Research has uncovered links between anxiety and depression in adolescents and social media use. A JAMA Network survey of 6,595 US adolescents finds that spending just 30 minutes on social media leads to an increase in internalizing issues and becoming depressed. The longer the session, the higher the rate of anxiety and depression. The study indicates that teenagers who spend three or more hours daily on social media are at a higher risk for mental health issues.

Continue reading “US Surgeon General Wants a Warning Label for Social Media”

IBM Sheds QRadar in an Active Cybersecurity M&A Season

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• IBM is selling its QRadar security assets, including its security information and event management (SIEM) to partner Palo Alto Networks for an undisclosed sum.

• IBM will train 1,000 staffers on the technology and its consulting unit will continue to support the technology.

Cybersecurity is a priority but also a challenge for enterprises navigating tight budgets, skill set limitations, and too many discrete solutions to manage. Cybersecurity vendors are dealing with some pushback from customers who want to streamline security management and work with fewer disparate tools. Vendors often excel in one area of security but lack key adjacent capabilities. Innovation requires significant investment. Continue reading “IBM Sheds QRadar in an Active Cybersecurity M&A Season”