When the Log4J vulnerability sounded alarms in IT departments in late 2021, Oscar Morales, solutions architect at the managed security services firm Calian IT and Cyber Solutions, was getting a lot of questions from concerned CIOs, CEOs, and IT directors.

Could you scan for Log4J?

Were there any protections or workarounds?

What is Log4J?

Vendor advisories began appearing in early December, weeks after the flaw’s discovery on November 24, 2021, but those responding struggled to find authoritative sources of information.

While IT pros like Morales had to quickly learn about the vulnerability, find it, and patch it, they also had to calm anxious customers.

“Having those communication skills and being able to translate and explain what’s going on and what needs to be done is crucial,” said Morales.

As cybersecurity professionals continue to deal with the unexpected disaster—a surprise vulnerability here, a ransomware attack there—infosec job recruiters are looking not just for degrees and certifications, but for experience handling emergencies.

“Understanding how to keep cool during a crisis and push forward and make the best decisions and lead through that—that’s a skill that security analysts use every day, because they’re constantly dealing with potential breaches,” said Allie Mellen, senior analyst at the advisory Forrester.

A recent PwC survey showed that companies are making cuts, while also leaving room for the right cybersecurity talent. While 88% percent of respondent executives said they’re “concerned” about cybersecurity, 52% said they were “very concerned.”

Today’s job requirements for security operations center (SOC) analysts include non-technical, crisis-focused requests:

• “Ability to multitask, work with minimal supervision, and achieve results in a fast-paced environment.”
• “Ability to remain calm under pressure and respond to incidents, particularly in emergencies.”
• “Sense of urgency—reacts quickly to resolve situations.”

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

Watch your back. Industrial ransomware attacks are on the rise.

A report from security firm Dragos last month found that Q3 attacks on the industrial sector in North America rose to 36% from 26% the previous quarter, indicating that hackers are increasingly aiming at the region (attacks worldwide remained flat). Gangs like Ragnar Locker, Cl0p Leaks, Karakurt, and LockBit 3.0 have been aiming at manufacturers and infrastructural systems.

“The threat level genuinely has increased astonishingly much in the last 18 months,” Xage Security CEO Duncan Greatwood told IT Brew.

The attacks have come as industrial concerns move operations to the cloud and IT/OT convergence increases. As operations are pushed into information technology spaces, the attack surfaces increase in number, opening up the possibility for real damage and chaos, making convergence a double-edged sword.

“Because of the need for that data to flow in and out, the periphery is getting kind of like Swiss cheese,” Greatwood said.

Remote access. Part of the problem when it comes to ransomware is IT/OT convergence, said Forrester analyst Brian Wrozek. As industrial IT services move to the cloud, the ability for threat actors to access the systems is increasing. The move has made it so that where adversaries used to have to physically access OT systems, they can now do it remotely—a major change. And to get online, OT systems are relying increasingly on off-the-shelf computer systems rather than specially made computers.

“A lot of what drove the automation and power plants and all that was isolated from the internet and isolated from the company network,” Wrozek said, adding, “now, just like other companies, they are starting to connect those systems to other computer systems into the internet.”

Read about it here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @EoinHiggins_ on Twitter.

In five years, you might have a one-on-one meeting with your boss—avatar to avatar.

That’s the guess from the market research firm Gartner, which delivered this prediction in October:

Through 2027, fully virtual workspaces will account for 30% of the investment growth by enterprises in metaverse technologies and will “reimagine” the office experience.

VR is showing glimpses of becoming an enterprise reality, but it’s been less than smooth sailing. In early October, Microsoft and Meta teamed up to go immersive. Now, Meta is laying off over 11,000 employees after enduring falling share prices and criticism over its half-baked VR efforts.

According to a recent survey from the networking-systems firm Ciena, 78% of 15,000 global respondents said they would try immersive tools like the metaverse over videoconferencing ones.

“What we’ve been seeing lately is an increase in interest in not just the metaverse technology, but also the kind of adjacent VR space for building virtual environments for employees to use, to get work done. And so these could be meeting services. In some cases, they’re also just a kind of desktop extension, using virtual reality, where you can have an infinite number of monitors,” Chris Trueman, senior principal analyst at Gartner, told IT Brew.

Virtual opportunities also exist for HR: Imagine a day one onboarding where you get to see the new office from your apartment, for example.

But the immersive setup requires hardware, backend systems, and headsets—a device the market continues to reject, according to ComputerWorld’s Rob Enderle.

“Despite the hype, the metaverse isn’t real enough to be compelling. And headsets are tied tightly to VR experiences that aren’t going to drive their use en masse. This leads to an imbalance between cost, appearance, and utility,” Enderle wrote recently.

What do you think? Will VR become an enterprise reality? Or just another flash in the pan?

Yes
Nope
Maybe?

Today’s top IT reads.

Stat: 48%. That’s the percentage of respondents who told YouGov their companies have either deficient or no automated processes for securely offboarding employees. (Computer World)

Quote: “Our diagnosis is that individual developers do not pay for tools.”—Adam Smith, founder of AI coding assistant startup Kite, on going out of business (DevClass)

Read: The offshore workforce that trains Amazon’s warehouse-tracking algorithms says they face harsh conditions on the job. (The Verge)

Subscribe: Join over 4 million people who read Morning Brew—the daily email covering the latest news across business, finance, and tech. It’s free and takes only 5 minutes to read, so there’s no reason not to check it out.

IT can be easy: We teamed up with Electric to survey 500+ tech decision-makers about the challenges and solutions to scaling in today’s environment—and how they’re leveraging the right tools to alleviate common pitfalls for good. Read their insight here.*

^{*This is sponsored advertising content.}