Half of MSPs Prepare for Ransomware, SaaS Security Gaps, and Open AI Servers Found
Managed service providers (MSPs) are increasingly allocating budgets for ransomware payments, with a recent report indicating that 45% have set aside funds specifically for this purpose. This trend raises concerns about normalizing the act of paying criminals, as many experts argue that such practices inadvertently support criminal activities. While some MSPs are turning to cyber insurance for protection, a significant portion remains vulnerable due to a lack of allocated budgets for ransomware payments or insurance. Additionally, MSP leaders are increasingly worried about artificial intelligence threats, which have surpassed traditional concerns like ransomware and malware.
A study by AppOmni reveals a troubling disconnect in the security posture of organizations using software-as-a-service (SaaS) applications. Despite 75% of organizations reporting breaches in the past year, 89% believe they have adequate visibility into their security environments. The study highlights that many incidents stem from permission issues and misconfigurations, emphasizing the need for improved security hygiene. Providers are urged to focus on addressing these basic issues rather than preparing for ransom payments, as this is where they can truly add value and protect their clients.
In a concerning development, a startup has been found selling hacked data from over 50 million computers to various industries, including debt collectors and divorce attorneys. This practice raises ethical and legal questions, as the sale of such information may not be illegal in many jurisdictions. Additionally, researchers have discovered nearly 2,000 AI protocol servers exposed online without any authentication, posing significant risks to sensitive data. Experts warn that individuals whose data is sold may remain unaware of the exploitation of their personal information, highlighting the urgent need for stronger data protections.
The UK government is reconsidering its demand for Apple to provide access to encrypted user data, influenced by pressure from the U.S. government. This shift comes after Apple withdrew its Advanced Data Protection Service from the UK, emphasizing its commitment to user privacy. Meanwhile, Meta has rejected the EU's Code of Practice for Artificial Intelligence, citing concerns over regulatory overreach. In contrast, OpenAI has formed a strategic partnership with the UK government to enhance the country's AI infrastructure, indicating a growing trend of governments aligning with major tech players in the AI sector. For MSPs, these developments underscore the importance of engaging in conversations about encryption resilience and understanding the evolving regulatory landscape.
Four things to know today
00:00 45% of MSPs Planning to Pay Hackers? SaaS Breach Rates Show Why That’s the Wrong Bet
03:55 Startup Sells Data From 50M Hacked PCs as AI Servers Leak Sensitive Info Without Authentication
09:15 Microsoft Patches Critical SharePoint Flaws as China-Linked Actor Linked to Incident
Supported by: https://getnerdio.com/nerdio-manager-for-msp/
Tell us about a newsletter! h
