Why Paying Should Be A Last Resort In Ransomware Attacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

This is the published version of Forbes’ CIO newsletter, which offers the latest news for chief innovation officers and other technology-focused leaders. Click here to get it delivered to your inbox every Thursday.

The economy as a whole hasn’t shown much improvement. Inflation has been much stickier than most analysts and companies were hoping, with the Federal Reserve declining to lower interest rates on Wednesday. GDP growth has also been much slower than analysts expected. But Big Tech’s push into AI is providing markets with the optimism they’re missing elsewhere. Google parent company Alphabet, Microsoft and Amazon all reported earnings in the last week, and each showed impressive AI-related earnings gains with the promise of more to come.

On Tuesday, Amazon’s quarterly report saw a 13% year-over-year increase in net sales. While the bulk of that came from its e-commerce division, its AWS cloud computing segment saw a 17% sales boost, bringing in $25 billion. Part of AWS’s success came from some of its new AI functions, including its Amazon Q AI assistant for writing, testing, debugging and translating code; and through its Amazon Bedrock generative AI service, which allows companies to build their own apps based on the foundation of LLMs from leading companies including Anthropic, Meta and Mistral AI. Amazon’s optimistic earnings boosted its share price 3% in immediate trading.

Following a blockbuster earnings report last Thursday afternoon that smashed analysts’ expectations, Google parent Alphabet’s stock price surged nearly 10%, boosting it to its first valuation reliably exceeding $2 trillion. Microsoft, which also reported earnings Thursday afternoon, beat analysts’ expectations with overall revenue increasing 17% year over year. Both companies’ success pushed the overall stock market higher and gave a significant boost to the share prices of tech companies in the chip business, including Nvidia, AMD and Arm Holdings.

While Alphabet and Microsoft both have a wide variety of business areas, AI was the engine that drove the results and the rallies. In the beginning of the earnings call, Alphabet CEO Sundar Pichai describes the company as being in an AI-first mindset since 2016. He touted the company’s accomplishments using AI—the technology now is present in Google’s search, messaging and advertising efforts, as well as its Chrome browser. Their cloud infrastructure is prepared to support AI applications, already working with several large companies. And its Gemini chatbot is utilized by both everyday users and enterprises. For Microsoft, its AI-heavy intelligent cloud division saw a 21% increase in revenue in the last quarter.

While general optimism for better economic days has largely defined the stock market trajectory for the much of the last six months, Amazon, Microsoft and Alphabet all have something to show in terms of their AI developments. As analysts wait for the rest of the economy to catch up, the tech companies making strides in the new technology are delivering actual results.

As good technology gets more sophisticated, so do the bad actors trying to use it to manipulate others for their own profit. Ransomware attacks continue to increase, both in numbers and severity, and companies need to be prepared. I talked to Halcyon founder and CEO Jon Miller about how to get ready and what to do in case of an attack. An excerpt from our conversation is later in this newsletter.


et neutrality advocates protest outside the Federal Communication Commission building in 2017, when the commission repealed net neutrality. Similar rules were approved by the FCC last week.

Late last week, the Federal Communications Commission brought back net neutrality, which basically ensures that internet service providers treat content equally, prohibiting them from blocking, slowing down or charging more money for faster service for some forms of content. Net neutrality, which assumes broadband is an essential service that can be regulated by the FCC, has been a political football for 20 years, with free market Republicans arguing broadband providers didn’t need the extra regulation, and Democrats arguing that regulation is necessary to preserve fair access for all. Comprehensive net neutrality first became law in 2015 under former president Barack Obama, and the Trump Administration reversed it in 2017.

The net neutrality rules passed the FCC with a 3-2 vote, with two Republican commissioners voting against it. The dissenting commissioners argued repealing net neutrality in 2017 didn’t result in higher rates for consumers. A group of congressional Republicans who oppose the rules wrote in a letter to FCC Commissioner Jessica Rosenworcel that Congress treats broadband access as an information service and not telecommunications, and that the new rules give the FCC unfettered power to impose onerous regulations on broadband providers. Forbes senior contributor Tony Bradley spoke to several free speech advocates who cheered the return of net neutrality. Ishan Mehta, media and democracy program director for Common Cause, told Bradley that restoring net neutrality is a victory for consumers and democracy. It “returns control of the Internet to the American people instead of corporate interests.”


Sales figures have shown that a wide swath of current consumers aren’t interested in VR headsets. But what about less constricting smart glasses? In 2021, Meta first partnered with Ray-Ban to make what looks like a regular pair of glasses interface with the online world. With new AI-enabled abilities, the glasses can connect with smartphones, music streaming and a camera to be able to provide a new depth of information. Forbes senior contributor David Bloom wrote about a demo of the newly enabled smart glasses, which have a retail price of $299. A wearer can look at something and ask Meta what it is—like looking at a wild mushroom and asking the glasses to identify it. “I describe it as a search engine for reality,” Ray-Ban parent Luxottica’s Chief Wearables Officer Rocco Basilico said. Forbes contributor Tim Bajarin details his experience wearing the new glasses. They instantly figured out the tip on a restaurant check and gave him the total, but had some problems identifying succulents and insects in his garden. However, he writes, glasses like these, with a variety of beneficial functions, are likely the gateway that could eventually bring the VR headset experience into widespread use.


Last week, IBM announced its intention to buy HashiCorp for an enterprise value of $6.4 billion. The acquisition will bring HashiCorp’s products to manage cloud systems and applications from an infrastructure and security standpoint to the business tech titan. Forbes contributor Steve McDowell writes this acquisition represents a strong strategic fit with IBM’s leadership in cloud solutions. It’s also bringing products with a strong track record into the fold at IBM. HashiCorp has more than 4,400 clients, and 85% of Fortune 500 companies use its services.

Nvidia also announced a big acquisition: GPU orchestrator Run:ai. The purchase price has not been disclosed, but Forbes senior contributor Janakiram MSV writes that reports value the company between $700 million and $1 billion. Run:ai uses the Kubernetes standard that allows companies to use portions of GPUs or multiple GPUs for processing needs, since the technology cannot easily be inherently shared. This technology will give Nvidia a way to help enterprises get more efficient use out of chips, helping companies to scale their technology more sensibly and giving Nvidia another competitive advantage.


Halcyon CEO Jon Miller On What To Do (And What Not To Do) About Ransomware Attacks

In 2023, three out of four of businesses reported at least one ransomware attack, with 26% saying they were targeted four or more times, according to Halcyon’s statistics. Ransomware is a growing threat to all enterprises, largely because it’s highly profitable, relatively easy to do and difficult to punish, said Halcyon founder and CEO Jon Miller. I talked to him about the threats and prevention strategies. This conversation has been edited for length, clarity and continuity.

These attacks are getting to be so prevalent. After an attack, do companies generally talk about what happened to them, what they did, and how to prevent it?

Miller: That’s a weird, complicated thing. The government came in with a bunch of regulations around disclosure, so you are seeing companies get to a point where they’re disclosing more than a breach happened. But rolling the clock back, the government has some legislation around making ransomware payments illegal. They didn’t want money going to terrorist groups and such. When they did that, where there was more public discourse going on, a lot of that pulled back. Now you’re starting to get concerned. If you are going to pay, engaging in a third party to minimize the risks to the organization, you saw a lot of that go unreported.

We’re always in a weird state. There’s a lot of proactive reporting going on company to company to help each other. I think that a lot of it flows up to security companies like ours, where we go through and gather intelligence from the different companies and try to use it to protect everyone. But everyone in the industry has been trying to figure out how to make information sharing and threat sharing work for a long time, and nobody seemed to come up with a compelling use case for it yet. But ransomware attacks are so destructive and so expensive that I can see, as time goes on, it becoming more of a reason for companies to start opening up. To not just share their experiences, but to get other companies to share their experiences.

What does a company do to prepare for and prevent ransomware?

The first thing they have to do is understand: What is ransomware? What are the risks that it poses to my business? The two major [risks] are disruption of systems via encryption. They’ll come in and encrypt your systems. The other is data exfiltration—what they call double extortion—where they’ll steal your data and then lock up your systems. And then they’ll come back and say: We want you to pay X amount of dollars for the keys to get your systems back, and then X amount of dollars for us to not release and delete your data. I say that with an asterisk. They say that they’ll delete your data, but in no world are they ever actually going to delete that data. You can pay them to not release it, but once that data is gone, it’s gone.

Understanding where your data is at, what’s important, what’s business critical, having backups of that data—and it’s not just having backups of it, it’s having backups of it that can’t be tampered with by the ransomware group. The first thing ransomware does after they compromise an environment is make sure that they have appropriate domain and admin privileges, and then they go after either disabling or destroying data. Having some form of offline backup, as well as a plan. If you had to recover everything from backup, how long would that take you and is that something you’re comfortable with?

If somebody is targeted by a ransomware attack, should they pay? What should they do?

It depends on the business case. If you can recover in a time to your business that’s acceptable without paying, do not pay. In more than half of the scenarios where you pay, you get ransomwared again within the next year. The second you show that you’re vulnerable to these people, you’ll never ever fall off their radar, because when you pay once, you’re gonna pay again. Having a plan that allows you to go through one of these attacks without paying is paramount.

But when it comes down to it, there are a lot of areas where paying is the right thing to do. At the same time, you have to be aware that if you’re paying, you are marked. The gaps that you had before not only need to get identified and immediately closed, but your overall security posture has to drastically improve because they are going to go after you harder than they did the last time.


In its earnings report earlier this week, Samsung reported a gigantic increase in its operating profits due to chip price recovery and skyrocketing demand for AI-driven products.

933%: Year-over-year quarterly increase in operating profits

6: Consecutive quarters in which Samsung reported operating profit losses. The most recent quarter broke the streak

‘Business conditions are expected to remain positive’: Projection for the second half of 2024, mainly due to generative AI


Unilateral decision making is usually not a good idea, especially when it relates to big things like company strategy. AI implementation is this kind of a big decision, and here’s a “dream team” to discuss and decide how your company will go forward with this technology.

An IBM survey of executives estimates that 40% of employees will need AI-related training and reskilling in the next three years. However, the speed of innovation may be pushing up training schedules. Here’s how to think about training initiatives.


Activists in Austria filed a complaint against OpenAI this week. Why?

A. It violates privacy laws when it “hallucinates” inaccurate information about people

B. It trains on copyrighted material without permission or compensation

C. It only operates well in English

D. It doesn’t always address users in a gender neutral way

See if you got the answer right here.


Click Here For The Original Source.


National Cyber Security