Slowing Down LockBit is Easier Said Than Done

Story by Carrie Pallardy

Key Points:

• Last year, LockBit hit victims like ICBC Financial Services, CDW, and Taiwan Semiconductor Manufacturing Company (TSMC). The group has exploited more than 2,000 victims and raked in more than $120 million in ransom payments, according to the US Department of Justice.
• The Federal Bureau of Investigation (FBI), the UK’s National Crime Agency (NCA), and partners in nine other countries banded together to create Operation Cronos. As a part of that operation, FBI breached LockBit’s servers using a PHP exploit, according to BleepingComputer.
• In the near-term, law enforcement’s seizure of a sizeable chunk of its infrastructure and the release of decryption tools hampers the group’s ability to operate and to extort victims for ransom payments.
• In the wake of this law enforcement action, other ransomware groups may enter a temporary quiet period, determining their own risk of compromise. But any lull in activity will likely be short lived.

You already know that every day at InformationWeek brings expert insights and advice to help today’s IT leaders identify the best strategies and tools to drive their organizations forward.

That means original reporting from our team of journalists and unique commentary you won’t see anywhere else! But in case you missed them, here are some of our other must-read favorites from this week:

Avast 's Broken Promises

Story by Shane Snider

Key Points:

• The FTC says Avast , through its Czech subsidiary, collected consumers’ browsing information through the company’s browser extensions and antivirus software and sold the data without notice or consent.
• “ Avast ’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law,” Sam Levine, director for the FTC’s Bureau of Consumer Protection, said in a statement.
• FTC said Avast has been collecting browsing information through browser extensions since at least 2014.'
• The FTC’s proposed order, in addition to levying the $16.5 fine, will impose several provisions, including a prohibition on selling or licensing browsing data, requiring the company obtains affirmative express consent, forcing data and model deletion, directing the company to notify affected customers, and requiring Avast to implement a comprehensive privacy program.

Breaking Down Cybersecurity Burnout

Story by Richard Pallardy

Key Points:

• Employees who are not focused on cybersecurity often feel that safeguarding procedures represent an undue impediment to completing their assigned tasks. And cybersecurity professionals must contend with an ever-growing panoply of alerts and crises -- in the midst of a massive shortage of both workers and skillsets.
• The causes for cybersecurity burnout -- fatigue, cynicism and diminished sense of self-efficacy -- are multifarious.
• Cybersecurity professionals must be highly attentive to their work and conspicuous failures can often be traced to a single error, increasing the burden of responsibility on even low-level employees.
• One of the more optimistic approaches suggests that implementing "human factors" programs may help to mitigate the problems that lead to burnout.

Right-size Your Workforce with Delegation

Story by Nathan Eddy

Key Points:

• Because workforce streamlining can also be stressful for teams -- with the assessment of any organization comes the threat of role elimination -- it is crucial for organizations to maintain transparency throughout the transition processes.
• Dave Walters , CTO of Hired , says IT leadership can streamline their workforce and still maintain key knowledge and technical skills by offering continued learning opportunities for their employees to continue upskilling.
• Vara Kumar Namburu , co-founder and head of R&D at Whatfix , explains IT leaders should initiate a comprehensive skills gap analysis to assess and optimize organizational models in alignment with evolving skill sets and shifting business requirements.
• In addition to uncovering opportunities to eliminate silos, IT leaders must identify redundancies and look for areas in which tasks are being duplicated.

Understanding Optimizes AI Utilization

Story by Shane Snider

Key Points:

• There is danger in adopting powerful generative AI tools without a sound strategy or defined business use cases, says Manoj Saxena , founder and chairman of the Responsible AI Institute (RAI Institute).
• The institute’s new model outlines five stages of maturity, including aware, active, operational, systemic, and transformative.
• Used in conjunction with RAI’s benchmark tools, the group hopes the maturity model will help organizations realize better AI practices and provide a grading process to track AI maturity.
• In the story above, InformationWeek interviewed Saxena, who is the former general manager of IBM ’s Watson Solutions, to find out more about RAI’s efforts.

Latest Major Tech Layoff Announcements

Original Story by Jessica C. Davis , Updated by Brandon Taylor

Key Points:

• As COVID drove everyone online, tech companies hired like crazy. Now we are hitting the COVID tech bust as tech giants shed jobs by the thousands.
• Updated Feb. 23, 2024?with layoff announcements from Rivian , meati? , and FARFETCH .
• Check back regularly for updates to our IT job layoffs tracker.

REGISTER NOW!

"Strategies for Maximizing IT Automation"

LIVE virtual event on 3/28 - Presented by ITPro Today & InformationWeek

On Thursday – March 28, beginning at 11am ET – tune into?our free virtual event! This live broadcast by will be moderated by?our colleague Dana Gardner - President & Principal Analyst at Interarbor Solutions. REGISTER?now at the link above!

"Strategies for Maximizing IT Automation"

Although IT automation is quickly becoming more commonplace, IT leaders are still struggling with the best strategy for implementing at scale, as well as wrestling with how new technology trends like generative AI are transforming the automation landscape.

In this event we’ll explore the options available to IT leaders to better understand not only ways to automate, but also how to intelligently plan the strategy to take advantage of new features while avoiding costly overruns and complexities in implementation.

IT automation is a broad, all-encompassing effort that involves networking, security, operations, business processes, cloud computing, software development, and so much more, so sifting through all the details and crafting a strategy that’s right for your business involves understanding all the parts and including the right stakeholders.

Before embarking on your own IT automation effort, join us and our expert speakers to learn about the latest tools, best practices, and pitfalls to avoid.

These seismic shifts in cybersecurity will shape the face of zero-day attacks, ransomware, and supply chain compromises, leaving security teams wondering if their existing defenses can hold up against a new wave of threats powered by AI and new cloud-borne and cloud-targeted attacks.

In this event we’ll discuss:

• Automation as an essential survival skill
• The risks and rewards of using Generative AI to accelerate IT Automation Adoption
• Strategies for successfully automating ITSM

Treasures from the Archives...

Story by Kelly Sheridan

Key Points:

• To celebrate Black History Month this February, we look at innovators who influenced modern technology. Some of these tech pioneers have had an impact on technology in ways that affect you every day, though you may not know it.
• Consider Granville T. Woods, an early inventor with more than 50 patents, or Gerald A. Lawson, whose work is enjoyed by anyone who has used an Xbox, PlayStation, or Nintendo Wii gaming console.
• However, despite many contributions to the technology landscape, minorities continue to make up a small percentage of the tech workforce.
• Read on in the story above to learn more about the innovators we are highlighting here and how their work influenced the technology we use today.

SIGN UP NOW:

InformationWeek 's Cyber Resilience Newsletter!

Cut through the dizzying noise of cyberattack news, and get the most important takeaways for CIOs and other tech execs.

This exclusive newsletter covers the whole realm of unhappy possibilities that impact IT resiliency -- from ransomware, to cloud outages, to natural disasters, to political upheaval. Click the link below to join us now!

Sent Thursday nights (because disasters don’t wait until morning).

This is just a taste of what’s going on. If you want the whole scoop, then register for one of our email newsletters,?but only if you’re going to read it.?We want to improve the sustainability of editorial operations, so we don’t want to send you newsletters that are just going to sit there unopened. If you're a subscriber already, please make sure Mimecast and other inbox bouncers know that we’re cool and they should let us through.

And if you’re thinking about subscribing, then maybe start with the InformationWeek in Review; it only arrives on our new look Saturdays.