Cloud Hosting

Utah Governor Spencer Cox has appointedand the Utah Senate has approvedMaria J. Garciaz and Bassam T. Salem to the University of Utahs Board of Trustees.

Garciaz and Salem began their terms on July 1, 2021. They filled seats vacated by H. David Burton and Anne-Marie Lampropoulos. Burton leaves the board after eight years of service, including three years as board chairman. Lampropoulos leaves after four years of service.

Garciaz is the CEO of NeighborWorks Salt Lake, a nonprofit community development corporation that has worked since 1977 to revitalize neighborhoods experiencing blight and decline. She oversees 19 staff members and an operating budget of $3.2 million and a development budget of $8 million, with $32 million in assets.

NeighborWorks lines of businesses include mortgage and commercial lending, real estate development, economic development and community engagement focused on generating products, strategic plans and reinvestment approaches to help meet needs of low- and moderate-income communities.

She was an early supporter and community partner of University Neighborhood Partners and brings a fresh and important perspective on the needs of Salt Lake Citys westside communities.

Over the past 30 years, Garciaz also has been involved in high risk youth intervention strategies and supporting fine arts and cultural events.

Garciaz received a bachelors degree in political science from the University of Utah and a masters degree in education from Utah State University. She is also a national internship graduate of the Development Training Institute and completed executive education in community development at Harvard Universitys Kennedy School of Government.

She serves as an independent director for American Express Centurion Bank and on advisory boards for US Bank, Morgan Stanley Bank, Select Health, the Legal Defenders Association and the Utah Multicultural Commission. She is a consultant for NeighborWorks America. Garciazs past experience includes service on the State Judicial Performance Evaluation Board, the San Francisco Federal Reserve Banks Salt Lake Branch, the Utah Board of Juvenile Justice, the Utah State History Board, and the Salt Lake Winter 2002 Olympic Organizing Committee.

She has received numerous awards and recognitions, including the Leonardos Womens Award for Human Services, the MLK Humanitarian Award from Salt Lake Community College, the Utah Hispanic Chamber Community Trailblazer Award, the Gov. Scott M. Matheson Leadership Award, the National NeighborWorks America Lifetime Achievement Award and the Cesar Chavez Peace & Justice Award. Garciaz was born and raised in Salt Lake City.

Salem is the CEO and founder of Mindshare Venture, a management consulting and venture firm that helps technology startups and entrepreneurs succeed, and of AtlasRTX, a platform for artificial intelligence-based customer software engagement used in a variety of industries.

He is the former chief operation officer of MaritzCX, the worlds largest customer experience technology company, where he was responsible for global operations and a $125 million budget and retention of $200 million in revenue. Salem also worked as the chief business officer at inContact, where he oversaw more than 300 employees and revenue growth of $175 million.

Salem received four degrees from the U: a bachelor, master and master of philosophy in computer science and an MBA in management of technology. While at the U, he led a five-member team that developed the Marriott Librarys first workstation-based reporting system and a then-first suite of digital library automation systems; he also developed the College of Sciences first database-driven inventory management system.

He served on the boards of the Utah Technology Council, the Park City Education Foundation and the University of Utahs Business Alumni Board. Salem is also the former chairman of the Summit County Planning Commission. He has supported scholarships in the Us David Eccles School of Business.

Salem was born in Egypt, spent his childhood in France and England and immigrated to the U.S. when he was a teenager. He entered high school at age 12, university at age 15 and began professionally programming at age 16; he completed his first masters degree at age 21.

Read the rest here:

Meet the new members of the University of Utah's Board of Trustees | @theU - @theU

A slew of disruptive ransomware attacks have rattled the U.S., including the recent massive breach of software company Kaseya, and a reported attempted hack on the Republican National Committee. In the aftermath, both the corporate sector and U.S. government officials are scrambling to address how Congress and individual businesses should handle the growing threat.

Weve got a moment in time where you cant ignore it anymore, said Sen. Lindsey Graham, R-S.C., at a June 17 press conference to unveil legislation that would target cybercrime. Graham said cyber threats should be considered part of the nations core infrastructure.

On July 2, the Miami-based software company Kaseya announced it was investigating a possible cyber attack on its VSA software, an IT management tool. According to Kaseya, many customers who use the compromised software provide third-party IT service to between 800,000 and 1 million other companies, intensely magnifying the possible impact of the breach, which used a technique called a supply-chain attack.

Kaseya said Monday that the breach compromised just 800 to 1,500 of those companies, still making it one of the largest ransomware attacks to date. Hackers thought to be associated with the group REvil requested a $70 million payment in Bitcoin to unlock the compromised data. The attack is not thought to have damaged any U.S. critical infrastructure.

WATCH: Why ransomware attacks target local governments like Atlanta

But earlier attacks have made it clear that U.S. critical infrastructure is not safe from cybercrime. In May, a ransomware attack left Colonial Pipeline stalling its operations, prompting consumers to flood gas stations amid fears of a gas shortage The company paid upwards of $5 million to the hackers in Bitcoin the currency of their choosing before the governmentrecovered about half back. And just weeks later, cybercriminals ransomed meat-packer JBS, forcing some of its facilities to temporarily close before they paid $11 million in ransom.

These attacks along with news of several high-profile data breaches linked to the Russian government-backed hack of American software company SolarWinds, including at tech titans like Microsoft have prompted questions about how these attacks have occured, and how to better guard against them.

State and local leaders testified June 17 before the Senate about how cyber threats they face have grown. And along with the increased penalties for cybercriminials included in a bipartisan Senate infrastructure package, a second bipartisan Senate bill would require public and private entities to report cybersecurity breaches to the government within 24 hours, as well as add liability protections to help encourage businesses to come forward.

Heres what you should know as debate over cybersecurity and how to fight ransomware continues.

Traditionally, ransomware is a kind of malicious software that encrypts a users files, making them impossible to access without a key. In exchange for that key, a user must pay a ransom to the attackers withholding the data.

This model has existed for more than two decades, emerging in the late 1980s and rising in popularity and complexity in the early 2010s. But experts say the attacks that have recently embroiled companies in the U.S. are more complex. Not only have the keys for unlocking files become much harder to crack without paying the ransom, the stakes for victims have also grown.

Weve seen ransomware grow to a point where now its not just about locking up data and just collecting a ransom to release that data, said Steve Morgan, CEO of market research firm and publisher Cybersecurity Ventures. Its about extortion.

Hackers now threaten to leak or sell sensitive information accessed through a process called dwelling, in which they spend weeks or months embedded in an organizations computer system undetected. Spending time inside the network of an organization allows cybercriminals to find the most valuable data to encrypt and exploit, said cyber defense specialist Roger Grimes.

An encryption is the least of your worries, said Grimes, a so-called Data-driven Defense Evangelist with the cybersecurity training company KnowBe4. If youre checking your bank account, 401(k), medical stuff, the bad guys are getting all that information.

And the damage doesnt end there. News of data breaches and cyber attacks can hurt a companys reputation on several fronts: it generates bad press, it can turn employees or customers against the victimized organization and it proves further to cybercriminals that the organization is vulnerable to these types of attacks. These many factors, which Grimes calls quintuple extortion, push companies to pay hackers the ransom.

Ransomware attacks have garnered increasing attention as more and larger attacks continue to plague U.S. entities. A recent report from the Institute for Security and Technology found that the amount of victims paying the ransom increased more than 300 percent from 2019 to 2020. Experts say the attacks act in a vicious cycle: a company is hit and pays the ransom, the attack is widely publicized, more hackers see the attacks success and want to do it themselves, with increasing stakes for steeper payouts.

The answer is yes to both, experts say. Not only has the sheer number of attacks increased, the price of ransoms has, too.

Without question, were seeing an explosion of ransomware attacks, said Steve Morgan, who is also the editor-in-chief of Cybercrime Magazine.

Between 2019 and 2020, ransomware attacks rose by 62 percent worldwide, and by 158 percent in North America alone, according to cybersecurity firm SonicWalls 2021 report. The FBI received nearly 2,500 ransomware complaints in 2020, up about 20 percent from 2019, according to its annual Internet Crime Report. The collective cost of the ransomware attacks reported to the bureau in 2020 amounted to roughly $29.1 million, up more than 200 percent from just $8.9 million the year before.

The largest reason for the increase in these attacks, Morgan argues, is that more companies are choosing to pay the ransom to get their data back, and cybercriminals are taking note.

Its the proverbial get rich quick scheme for a lot of criminals, he said.

Other cybersecurity professionals, including Luta Security founder & CEO Katie Moussouriss, cite the rise of cryptocurrency like Bitcoin as a major reason for the increase in ransomware attacks. The value of Bitcoin, now down from a peak of around $60,000 earlier this year, rose more than 800 percent between April 2020 and April 2021, according to data from CoinDesk. Cryptocurrencies like Bitcoin are less regulated and harder to trace than other forms of payment, making them attractive to hackers.

The cryptocurrency exchanges, outside the U.S. especially, allow for a lot more anonymity in these transactions that are criminal in nature, Moussouriss said.

A third reason for the uptick in attacks is simply the growing number of people online, said Morgan. Though internet use has risen steadily since the webs inception, the pandemic prompted a spike in internet usage across the world, especially as many shifted to working and learning remotely. Like a populous city, Morgan said, more humans online means more crime.

As the rate of crime grows, so do the payouts. Global ransomware costs are expected to reach $20 billion in 2021, according to the latest report from Cybersecurity Ventures. Thats up from an estimate of $325 million in 2015, a 57-fold increase over the last six years. And cybercrime costs in general, now estimated at around $6 trillion for 2021, are expected to continue their rise at a rate of 15 percent each year for the next five years, the firm predicts.

In a vicious cycle, the many factors that push a company to pay the ransom incentivize cybercriminals to continue ransomware attacks and ask for higher sums of money.

Imagine if people were able to rob banks, walk away with money and never get caught, said Grimes. Would we have more or less bank robberies?

The first step to dealing with any kind of cybercrime is to be proactive rather than reactive, experts say.

Be prepared, Morgan advised. Engage expertise you dont have before youre hit with ransomware.

He counsels companies to reach out to the FBIs cybercrime arm, cybersecurity firms and other law enforcement to help stop attacks before they start. Organizations should be backing up every piece of data they have and investing in insurance policies that cover cyberattacks, he said.

Many organizations are taking heed: the proportion of companies with a cyber policy in addition to their existing coverage rose from about a quarter in 2016 to nearly half in 2020, according to a May report from the Government Accountability Office. But with the risk and cost of cybercrime on the rise, insurance agencies are faced with the question of how to continue coverage without losing money.

In the event of a ransomware attack, the FBI and many cybersecurity experts have been firm in urging victims not to pay up.

Ideally youre dealing with your security hygiene number one, Moussouriss said.But if its already too late and youve been hit, try and determine what options you have that do not include paying the ransom.

Still, thats not always a practical solution for especially vulnerable industries like healthcare, which saw a 123 percent increase in attacks per customer last year, according to SonicWalls report. In those cases, although paying the ransom may seem the only option, Morgan says preparation is even more important.

Every hospital in the country should ask themselves, What do we do if the oncology equipment goes down? he said. Otherwise theyll pay the ransom.

READ MORE: How ransomware attacks are roiling the cyber insurance industry

Individuals can also take fairly simple steps to make their own information more secure, said KnowBe4s Roger Grimes. First, be wary of social engineering, or attackers pretending to be someone theyre not. That alone accounts for between 70 percent and 90 percent of cyberattacks, according to Grimes research.

Dont get tricked into doing something you shouldnt do, he said. Thats how most people are compromised.

Phishing emails are a classic example of social engineering, Grimes said. Thats when a hacker poses as someone else in an email maybe pretending to be a colleague or a trusted company in an attempt to make the user click a link containing malicious software that would compromise their computer.

He also recommends regularly updating software, which often includes fixes to patch vulnerabilities developers may have noticed, and using a different password for each of your log-ins. Password manager programs like 1Password or BitWarden can make that task less daunting.

As for the array of cybersecurity bills currently working their way through Congress, Cybersecurity Ventures Steve Morgan believes theyre a step in the right direction. Still, he cautioned that companies should be able to exercise their judgement, in tandem with the FBI, on determining whether reporting cyberattacks within 24 hours would actually further compromise security, as a reported bipartisan Senate bill would mandate.

In contrast, Roger Grimes sees any nationally focused legislation as limited, because cybercrime is international.

I dont think a lack of laws or regulations is our problem, he told the PBS NewsHour. [Cybercriminals] are mostly untouchable already. You could threaten them with the death penalty and they would laugh.

Instead, he said, governments should focus on bettering communication and cooperation across borders to prosecute cybercriminals worldwide. But those efforts are largely thwarted by countries like Russia, which he and other experts point to as one of the safe havens for cyber criminals, so long as they do not attack entities within that country. All four of the recent high-profile cyber attacks in the U.S., on SolarWinds, JBS, Colonial Pipeline and Kaseya are thought to have originated in Russia.

The demand for cybersecurity professionals to tackle these threats is increasing. Morgan, whose market research firm tracks the demand for jobs, says there are 3.5 million unfilled cybersecurity jobs worldwide enough to fill approximately 50 NFL stadiums, he says.

In the U.S., data from the Bureau of Labor Statistics (BLS) projects that between 2019 and 2029, employment for information security analysts will grow 31 percent, a rate the BLS considers much faster than average. That translates to adding 40,900 jobs and is the 10th fastest-growing occupation out of the nearly 800 occupations the bureau projects, according to BLS economist Lindsey Ice.

Businesses are expanding their digital presence, digitizing their operations, adopting cloud services all of these factors are going to continue to increase demand for [information technology] services in general, as well as cybersecurity, Ice said.

The jobs are well-paying, too. The median pay for information security analysts was $103,590 annually, according to BLS 2020 data, compared to a $41,950 median for all other occupations BLS tracks.

But Bryson Payne, professor of computer science and director of the University of North Georgias Center for Cyber Operations Education, says that if there are not enough young people in the pipeline for cybersecurity jobs in the next decade, existing tech staff should also be retrained.

Payne teaches college and high school students how to reverse engineer ransomware and also about ethical hacking, so that it gives students a chance to think like an adversary, but to behave ethically.

They look for weaknesses in their systems, so they can strengthen, so they can harden those computer systems against attacks, he said.

Payne says his students are very easily getting jobs in cybersecurity and often graduating with multiple offers from both private sector employers and public sector agencies in the military, the defense department and the National Security Agency (NSA).

The demand has been very high for the cybersecurity programs at the Community College of Denver, according to program chair and associate professor, Jesse Brannen.

Weve had a massive influx of students, Brannen said. They definitely see the correlation between the demand for cybersecurity, what it has the potential to pay, and how fast they can get into the field.

But Brannen cautions that the quality of training is most important. Candidates that go through haphazard training with inexperience could potentially leave companies vulnerable. Brannen isnt so much worried about the quantity of candidates that enter the market but the quality, since some go through quick certification or expedited bootcamp programs. Thats why Payne, whose program has the seal of approval from the Department of Homeland Security and the National Security Agency, says educators need to recruit students into cybersecurity and IT support early. We really need students thinking about careers [in cybersecurity] in middle and high school, Payne said.

There are hurdles still in the way: About half (52 percent) of American adults say more people dont pursue science, technology, engineering and mathematics (STEM) fields because they believe the subjects are too difficult, according to a Pew Research Center study released in 2018. But the cybersecurity sector actually needs people from a variety of backgrounds, says Payne, because he believes it takes a diverse team of problem solvers and ethical hackers to tackle cyberthreats.

From May 2020 to May 2021, the share of job searches for cybersecurity roles on jobs site Indeed increased by almost 14 percent. But in that same time period, the share of Indeed job postings for cybersecurity roles decreased by almost 20 percent.

Between 2020 and in 2021, there was a 30 percent increase in cybersecurity job counts on LinkedIn. But year over year, there has been only a 2 percent increase in the number of members who have a cybersecurity-related job title.

This means the share of members with a cybersecurity title is down when expressed as a percentage of total membership across LinkedIn, suggesting that the cybersecurity field is not growing as rapidly as the overall talent market, the company said in an analysis for the PBS NewsHour

Its a chicken-and-egg problem, Luta Securitys Moussouriss said. Everyones fighting for the same slice of the cybersecurity workforce.

Despite the industrys apparent skills-to-need mismatch, Morgan believes theres cause for hope as more people enter the field.

Im definitely seeing momentum, Morgan added. I think were gonna be in a much better place in four to five years.

See the original post:

Why ransomware attacks are on the rise and what can be done to stop them - PBS NewsHour

Lets get one thing straight right off the bat. If someone has been named president of International Business Machines Corporation, it means they are the heir apparent and future chief executive officer of what used to be the worlds largest IT supplier and, with prior presidents, actually was the worlds largest IT supplier. Which is why the announcement of the departure of Jim Whitehurst from IBM on the Friday before the Independence Day holiday in America started was such a surprise.

Someone at the company forgot what being named president of the IBM Company means. Or no longer cared.

That someone is very likely current CEO Arvind Krishna, who was given that role back in January 2021, when the companys board of directors also named Whitehurst president. Whitehurst came to IBM after being CEO at Red Hat, the open source software giant the only open source software giant if you want to be precise that IBM paid $34 billion to acquire in October 2018. Perhaps Krishna, who is 59 and already coming up against the traditional retirement age of 60 for IBMs chairman and CEO, has decided that he is best to run Big Blue and that the person who ran Red Hat for more than a dozen years, who was chief operating officer for Delta Air Lines for six years (covering ops as a well as the CIO role), who was a partner at the Boston Consulting Group for a dozen years, and who got a double major in computer science and economics from Rice University and an MBA from Harvard University, is not.

To be fair, that someone who forgot the meaning of the president title at IBM could have been the companys board, it could have been the executive management at Big Blue, or it could have been Whitehurst himself. Or maybe all four at once.

The upshot is we will never know what that future IBM, one that brought the sensibilities Whitehurst has developed in his long career from outside of Big Blue, could have been. We expected transformation, and because there is precedent for bringing outsiders inside Big Blue to help transform it, as former chief executive officer and chairman Louis Gerstner masterfully did when he was brought in from outside of Big Blue to literally save its corporate life on April Fools Day 1993. There is an equally important one which we will explain below, and Whitehurst could have been the third.

Those of us who have been around for a long time and who watched IBM very carefully know exactly how dire IBMs situation was in the late 1980s and early 1990s, as the entire computer business was shapeshifting and the world as Big Blue knew is suddenly collapsed. Back then, mainframe and minicomputer demand dried up and the Unix open systems revolution took the corporate datacenters of the world by storm. It was hard to watch IBMs death spiral, and that is what it truly was.

In the late 1980s, at its peak, IBM had well over 400,000 employees and half of them were in the United States. In 1991, IBM shed around 30,000 employees and booked a $3.4 billion charge, pushing it to report a $2.8 billion loss. In 1992, IBMs revenues shrank a bit, but it lost nearly $5 billion and the employee count dropped nearly 43,000, just above 300,000 people worldwide. The following year, 1993, was just awful for IBM, with revenues trending down by a few points and IBM shedding another 45,000 employees and posted a stunning $8.9 billion in restructuring charges and an $8.1 billion loss against $62.7 billion in sales. Chairman and CEO John Akers retired in April that year and Gerstner was brought in to replace him. The next year, IBM was able to boost revenue by two points to $64 billion and actually posted a $3 billion profit, but the layoffs continued and the employee count shrank by 36,000 to 220,000.

This was the first time an outsider ran Big Blue aside from Thomas Watson himself, when he joined the Computing-Tabulating-Recording Company in May 1914 to be its general manager and nearly a year later was named its first president. CTR was eventually rejiggered, with meat slicers and scales sold off and it focused on the punch card tabulating gear that turned it into the first iteration of what we know as IBM. Gerstner rejiggered IBM in a different way, putting its services and software front and center and opening both up to competitive IT platforms while making its four platforms mainframes, proprietary minicomputers, Unix minicomputers, and X86 servers open to running operating systems, middleware, and applications created by others. The commercial Internet and the dot-com boom and the e-business explosion in the wake of this helped keep IBM alive for another decade. Gerstner retired a hero and joined private equity firm The Carlyle Group.

To one way of looking at it, IBMs situation is not as bad now in 2021 as it was starting in 1991. But to another way, IBM is a lot less relevant today than it was in the early 1990s, and Red Hat was exactly the big transfusion of fresh blood that IBM needed to revitalize and change itself. Whitehurst was without question one of the big assets that Big Blue got in the deal, and it was no doubt a goal of former IBM president, chief executive officer, and chairman Ginni Rometty, who preceded Krishna and Whitehurst in their roles, to see Whitehurst eventually and we think sooner rather than later take the helm. We fully expected for Krishna to be chairman for several years, by the way, before Whitehurst assumed that role.

The precedent for presidents is clear here at IBM, and it is important to point this out. Whatever happened with Whitehurst violates that precedent, which means it had to be pretty significant. While it is true, as has been reported, that Whitehurst, who is 54, wants to be CEO at a company before he retires, the CEO job he undoubtedly thought he would have and that any IBMer and IBM watcher already thought he had was the future CEO at IBM.

Thomas Watson, who is called IBMs founder but thats a bit fuzzy if you look into the long history of the companies that make up IBM, all the way back to Hermann Holleriths punch card tabulators that were used in the US Census in 1890, was succeeded by his son, Thomas Watson, Jr, who was named president in 1952 and CEO when his father died in 1956. This was when IBM was transforming itself into the mainframe computer maker that made it a household name and fabulously rich by any corporate standards you care to bring to the table. Vin Learson was named IBM president in 1966 and was chairman and CEO from 1971 through 1973. Frank Cary was named president in 1971, with Learson approaching the mandatory 60 retirement age in 1973, when Cary was then named chairman and CEO. Cary was CEO until 1981 and chairman until 1983. John Opel was named president in 1974 under Cary and took over as CEO and chairman when Cary relinquished those roles. John Akers was named president in 1983 and two years later was named CEO and chairman when Opel stepped down. IBM did not initially have a president when Gerstner came in, but Akers had an assistant named Sam Palmisano who Gerstner took a shining to, and in 2000 he was named president, in 2002 he was named CEO, and in 2003 he was named chairman. As Palmisano approached the 60 retirement age, Ginni Rometty was named president and CEO in early 2012 and chairman in late 2012. When Rometty relinquished her president and CEO roles in January 2020, Krishna was named CEO and Whitehurst president, and she stepped down as chairman in December 2020 and Krishna took on that role.

The split CEO/president roles that Rometty did across two people is unusual in IBMs history, but not without precedent, either. It was reasonable to expect that Whitehurst would be CEO and wield the power while Krishna would be chairman and provide the IBM historical context. Krishna has been calling all the plays since Rometty stepped down, including selling off a big chunk of the services business and focusing down on the hybrid cloud message. Neither is particularly exciting to Wall Street or customers, even if the latter is indeed how computing will be done for most of the large enterprises that Big Blue cares most about.

IBM did not have a platform that captures the imagination and it did not have a story to tell, and Red Hat definitely gave it both of those. We wonder why Whitehurst is not the one who is going to be calling the plays and relaying that message to the world. Given his experience as consultant, CIO, and CEO of a major software company that has shaken up the enterprise, it is a wonder indeed. And we wonder what kind of IBM might have emerged under Whitehursts guidance a few years hence. IBM will persevere, and Red Hat is still a wonderful asset, but Big Blue cannot be the same after this. It will be a little less red and a little more blue, at the very least.

In other IBM reorganization news, Tom Rosamilia, who we always thought might be president and CEO at Big Blue, has been put in charge of the Cloud and Cognitive Software group at the company the role that Krishna held when Rometty did the Red Hat deal. Ric Lewis, who used to run Hewlett Packard Enterprises Mission Critical Systems division has been brought in to run Systems group, replacing Rosamilia. Bridget van Kralingen is retiring and has stepped down as head of Global Markets, a group and division spanning marketing and sales role, and Rob Thomas, who has run various hardware and software units, has taken over that role.

Continued here:

The Future IBM We Will Probably Never See - The Next Platform