In January, the FBI shut down a botnet of hundreds of home and office routers that Chinese cyber criminals were using to obfuscate their hacking of critical infrastructure in the US. Volt Typhoon has compromised critical infrastructure within communications, transportation, water, energy, and other sectors, US agencies confirmed in a cybersecurity advisory published last week.

Volt Typhoon not only exploits known or zero-day vulnerabilities in routers but also in firewalls and VPNs. They then connect to a victim’s network using a VPN to further their schemes, according to the Cybersecurity and Infrastructure Security Agency (CISA).

Whether you’re working remotely or in the office, there are a few key steps you can take to mitigate the reach of Volt Typhoon and other hacking groups mining for US data.

IT Brew caught up with Mike Bimonte, who serves as the CTO for state, local, and education (SLED) government sectors at cybersecurity company Armis, to chat cyber risk patterns and staying safe.

Read more here.—AF

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Morning Brew’s unique community of young, hard-to-reach readers (that’s 22m+ monthly readers who are 1.7x more likely to have a household income of $150k+, to be exact) can give your B2B offerings the visibility you’re looking for.

B2B decision-makers, it’s crucial to get your business’s potential in front of the right s. That’s why the Brew’s paid advertising opportunities connect your brand to our audience by leveraging our popular B2B-centric franchise newsletters, specialized events, and skyrocketing collection of multimedia content.

Morning Brew is powered by the knowledge you need. From Marketing Brew’s trending insights to CFO Brew’s timely updates, we’ve got a B2B Brew for you. Choose yours to grow with.

In a real “ask the large language model to build the plane while flying” kind of situation, today’s data privacy professionals have the tough task of embracing generative AI ideas while teaching employees how to run with them securely. Privacy officers like Intuit’s Elise Houlik instruct a company on how to use large language models (LLMs) while protecting sensitive data like source code or personally identifiable information.

After December’s live IT Brew event, “A Delicate Balance: Tech Innovation and Privacy,” an attendee had the following question for guest Elise Houlik, chief privacy officer at the fintech platform:

“How do you approach privacy training when technology emerges so quickly and potentially makes that training obsolete? Can training be quantified as a hit on company ROI?”

We posed the question to Houlik and separately, to other data-privacy pros this month.

These responses have been edited for length and clarity.

Houlik: If I’m building a new ecosystem, where the concepts of how to appropriately use and handle personal information are essential to navigating the web of new technology coming around, to me, training is essential: How do you get your ecosystem to know and understand the guardrails between the right and wrong ways to use data?

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Automated devices are popping up all over, inside and outside the home—and the connectivity they require for updates, instructions, and programming could open the door for threat actors.

At tech showcase CES in January, autonomous internet-of-things (IOT) startups were on the floor showing off their products.

Consumer interest. Ensuring IoT devices are safe and secure is important to users, Rapid7 Principal Security Researcher Deral Heiland told IT Brew, because if it can be hacked, it will be. Consumers are becoming more security aware and are going to be looking out to ensure the companies whose products they buy have their interests in mind.

“We need the vendors to step up and start thinking about, ‘Hey, I’m starting to see more awareness in our consumers from security, privacy, how my data is being handled,’” Heiland said. “I think it’s to their advantage that they make a statement on that and make that data available.”

One of the main threats from hackers attacking connected IoT devices is that they could be used to access vulnerable home networks. Heiland told IT Brew that while it’s a danger, it’s one that carries a risk-reward calculation for the average attacker that doesn’t necessarily line up.

Keep reading here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].