Dismantling the Manson cybercrime market. - CyberWire Daily

Summary9 min read

CyberWire Daily: Dismantling the Manson Cybercrime Market – Detailed Summary

Podcast Information:

Title: CyberWire Daily
Host/Author: N2K Networks
Description: The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
Episode: Dismantling the Manson Cybercrime Market
Release Date: December 5, 2024

1. Introduction and Overview

Host: Dave Buettner
Timestamp: [00:02]

Dave Buettner opens the episode by highlighting recent significant cybersecurity developments. He outlines major stories, including Europol’s takedown of the Manson cybercrime marketplace, operations against Russian money laundering networks, Chinese cyberattacks on US telecoms, and various vulnerabilities and threats uncovered by cybersecurity firms.

“Europol dismantles the Manson cybercrime marketplace and a network of phishing websites.”
— Dave Buettner [00:02]

2. Dismantling the Manson Cybercrime Market

Timestamp: [00:02 – 05:00]

Europol has successfully dismantled the Manson Market cybercrime marketplace, which was involved in selling stolen personal and financial data. The investigation, launched in 2022, revealed that Manson Market facilitated the sale of bank account information, regional financial data, and operated fake online shops to steal payment details.

Key Details:
- Seizures: Over 50 servers and 200 terabytes of evidence were confiscated.
- Arrests: Made in Germany and Austria.
- Current Status: Visitors to Manson Market are now met with a notice indicating that law enforcement has seized all user information.

“Visitors to Manson Market's site are now greeted with a notice stating law enforcement possesses all user information.”
— Dave Buettner [02:15]

This operation follows previous efforts against other cybercrime infrastructures like Crime Network and Matrix, an encrypted messaging service used by criminals.

3. Operation Destabilize: Russian Money Laundering Networks

Timestamp: [05:00 – 07:30]

The UK’s National Crime Agency (NCA) has executed Operation Destabilize, dismantling two major Russian-speaking money laundering networks: Smart and TGR. These networks laundered millions of pounds for cybercriminals, including the Ryuk Ransomware Group, and assisted Russian elites in bypassing sanctions.

Operation Highlights:
- Scope: Operated in 30 countries.
- Methods: Cash collection in one location, with transfers often made via cryptocurrency.
- Outcome: 84 arrests and seizure of £20 million in cash and cryptocurrency.
- Key Figures: Ekaterina Zanova (Smart leader) and George Rossi (TGR boss) were sanctioned by the U.S. Treasury.

“The operation delivered a blow to the network's operations, severely impacting their finances.”
— Dave Buettner [06:20]

NCA Director Rob Jones emphasized the UK's commitment to combating money laundering:

“The UK is no haven for money laundering, disrupting these schemes at every level.”
— Rob Jones, NCA Director [06:45]

4. China's Cyber Attacks on US Telecoms

Timestamp: [07:30 – 11:54]

Deputy National Security Adviser Ann Neuberger provided updates on a Chinese hacking campaign that compromised at least eight U.S. telecom firms, affecting dozens of countries. The group, identified as Salt Typhoon, targeted senior U.S. government officials, political figures, and private individuals to access phone calls and text messages.

Campaign Details:
- Duration: Initiated one to two years ago.
- Impact: Regionally focused, affecting approximately a few dozen countries.
- Response: FBI and CISA issued guidance urging telecom firms to enhance encryption, centralize systems, and monitor networks.

“Šalt Typhoon targeted senior US Government officials, political figures, and private individuals, enabling Beijing to access phone calls and text messages.”
— Dave Buettner [08:10]

China has denied these allegations, countering that the U.S. is engaged in cyberattacks. The White House stressed the importance of improved cybersecurity standards to prevent future intrusions, similar to measures implemented post the Colonial Pipeline ransomware attack.

5. Black Lotus Labs’ Findings on Secret Blizzard

Timestamp: [11:54 – 13:27]

Black Lotus Labs uncovered a covert campaign by the Russian-based threat actor Secret Blizzard (also known as Turla). This group targeted the Pakistani actor Storm 0156, known for espionage activities under various clusters.

Campaign Overview:
- Infiltration: Gained access to 33 command and control servers.
- Timeline: Started in December 2022, embedding malware into Afghan government networks by mid-2023.
- Exploitation: Appropriated Storm 0156's malware, including Crimson Rat, to exfiltrate additional data from prior operations.

“Secret Blizzard gained access in December of 2022, embedding their malware 2Dash and Statuzi into Afghan government networks by mid 2023.”
— Dave Buettner [12:45]

Lumen Technologies credited Microsoft Threat Intelligence for their collaboration in addressing this sophisticated threat.

6. Cisco’s Bootloader Vulnerability Patches

Timestamp: [13:27 – 16:41]

Cisco has issued patches for a critical vulnerability in its NXOS software bootloader. This flaw could allow attackers to bypass image signature verification and load unverified software.

Vulnerability Details:
- Requirements for Exploitation: Physical access or administrative privileges, with no need for authentication.
- Affected Models: Over 100 device models, with patches expected by month’s end except for discontinued switches.
- Current Status: No active exploitation reported, but prompt updating is recommended.

“Exploitation requires physical access or administrative privileges, but no authentication.”
— Dave Buettner [14:30]

7. Trend Micro’s Earth Minotaur Findings

Timestamp: [16:41 – 18:10]

Researchers at Trend Micro uncovered Earth Minotaur, a group utilizing the updated Moonshine exploit kit to target vulnerabilities in Android instant messaging apps, primarily affecting Tibetan and Uyghur communities.

Attack Mechanism:
- Exploit Kit: Moonshine, now operating over 55 servers.
- Payload: Delivers the Dark Nimbus backdoor to both Android and Windows devices.
- Targeted Apps: Includes WeChat, posing a cross-platform threat.

“Moonshine, now with over 55 servers, exploits Chromium based browser flaws and delivers the Dark Nimbus backdoor to both Android and Windows devices.”
— Dave Buettner [16:50]

Trend Micro emphasizes the importance of regular software updates to mitigate such evolving attacks.

8. Payroll Pirates’ Phishing Campaign

Timestamp: [18:10 – 21:13]

The threat analysis team at Silent Push identified an extensive phishing campaign by a group dubbed Payroll Pirates, targeting HR payroll systems to redirect employee funds.

Campaign Strategies:
- Tactics: Use of domains spoofing major organizations like Workday, Kaiser Permanente, and New York Life.
- Method: Malicious search ads lure victims to fake HR pages, where stolen credentials are used to alter banking details.
- Infrastructure: Utilizes website builders like Mobberize and popular registrars to create hundreds of malicious domains linked to dedicated IP ranges.

“Attackers lure victims to fake HR pages through malicious search ads.”
— Dave Buettner [20:30]

Silent Push also noted the evolution of tactics, including phishing campaigns targeting unemployment portals and credit unions.

9. Pegasus Spyware Prevalence

Timestamp: [21:13 – 23:03]

An investigation by Iverify shed light on the hidden prevalence of Pegasus spyware. Through scans of 2,500 user devices, seven Pegasus infections were discovered, indicating that spyware may be more widespread than previously believed.

Key Findings:
- Infection Rate: 2.5 infections per 1,000 scans.
- Methods: Utilizes zero-click attacks and exploits operating system vulnerabilities.
- Implications: Challenges the perception that spyware targets only high-profile individuals.

“Pegasus, developed by NSO Group, uses sophisticated methods like zero click attacks and exploits operating system vulnerabilities to achieve full device control.”
— Dave Buettner [22:00]

The research underscores the need for broader, scalable detection methods to uncover hidden threats within mobile devices.

10. Conversation with John France: ISC2 2024 Workforce Study

Timestamp: [14:30 – 25:07]

Guest: John France, Chief Information Security Officer at ISC2

Dave Buettner engages in an in-depth discussion with John France about the ISC2 2024 Workforce Study, focusing on workforce gaps, the impact of AI, and shifting skill requirements in the cybersecurity sector.

a. AI in Cybersecurity Workforce

Timestamp: [15:12 – 16:58]

Dual Nature of AI:
- Benefits: Enhances tools and productivity within cybersecurity operations.
- Risks: Potential obsolescence of certain cybersecurity skills due to AI advancements.

“It's a little bit of a double edged sword really, which is we know it's pushed into our environment.”
— John France [15:12]

Public and Professional Awareness: Over half of survey respondents (51%) believe some cybersecurity skills may become obsolete due to AI evolution.
AI's Role: Integration into daily workflows, with AI tools being ubiquitously utilized across various cybersecurity functions.

b. Shift Toward Non-Technical Skills

Timestamp: [18:24 – 21:13]

Emerging Trend: Increased prioritization of non-technical skills such as problem-solving, teamwork, collaboration, and communication.

“We don't actually know kind of what the core skills in AI are likely to be. So we're seeing some of them actually going back to things like problem solving, teamwork, and collaboration, communication as some of the key skills that are coming through.”
— John France [16:58]

Rationale: As cybersecurity becomes more integrated with business operations, the ability to communicate and collaborate effectively becomes essential.
Survey Insights: Emphasizes that non-technical, business-oriented skills are crucial for adapting to the evolving technological landscape.

c. Demographics of New Cybersecurity Entrants

Timestamp: [20:13 – 21:13]

Age Demographics: A significant portion of new entrants are aged between 39 to 49, challenging the stereotype that cybersecurity is predominantly a young field.

“New entrant doesn't have to mean young.”
— John France [20:30]

Implications: Indicates a trend of career changers bringing diverse perspectives and skills, enriching the cybersecurity workforce.

d. Importance of Certifications and Standards

Timestamp: [21:28 – 22:56]

Certifications as Competence Markers: Certifications from organizations like ISC2 indicate not just knowledge but maintained competence through ongoing professional development.

“If you maintained a certification and actually I use the word maintenance really, really keenly because it not only shows that you've achieved it, but you've actually maintained it.”
— John France [21:28]

Standards Utilization: Adoption of frameworks such as the NIST Cybersecurity Framework ensures the implementation of known, repeatable controls with positive outcomes.

e. Key Takeaways and Insights

Timestamp: [22:56 – 25:07]

Economic Pressures: Budget constraints and economic challenges continue to impact the cybersecurity workforce, with budget shortages now surpassing talent shortages as the primary staffing barrier.

“Economic pressures are driving probably that lack of budget which is driving staffing challenges.”
— John France [23:03]

Skills Gap: 67% of respondents reported staffing shortages, with 90% highlighting a significant skills gap, making it difficult to find candidates with the necessary expertise.
Training and Development: Emphasized as a vital component to mitigate skills shortages, advocating for both formal and experiential learning opportunities.
Threat Landscape Complexity: Ongoing geopolitical conflicts and the rapid evolution of technologies like AI add layers of uncertainty and complexity to the cybersecurity environment.

“The threat landscape, the environment we swim in is challenging. That's number one.”
— John France [24:15]

11. Conclusion

The episode wraps up by reinforcing the critical themes discussed, including the dismantling of major cybercrime infrastructures, the evolving nature of cybersecurity threats, and the transformative changes within the cybersecurity workforce driven by technological advancements and economic factors.

Final Quote:

“Economic pressures, budget constraints and layoffs continue to challenge our profession.”
— John France [23:03]

Listeners are encouraged to review the ISC2 2024 Workforce Study for comprehensive insights and to stay informed on best practices to navigate the shifting cybersecurity landscape.

Notable Sponsorships:

Throughout the episode, various sponsors such as Johns Hopkins University Information Security Institute, KnowBefore, Black Cloak, Vanta, and LegalZoom provided insights into their offerings relevant to cybersecurity and business operations.

Closing Remarks:

Dave Buettner concludes the episode by encouraging listeners to engage with the podcast through ratings, reviews, and feedback to ensure the continuation of high-quality cybersecurity insights.

Final Note:

For detailed information on today’s stories, listeners can visit the cyberwire.com and access the daily briefing for comprehensive coverage and updates.

This summary encapsulates the key discussions and insights from the CyberWire Daily episode "Dismantling the Manson Cybercrime Market," providing a comprehensive overview for those who have not listened to the original podcast.

Loading summary

Transcript17 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire network powered by N2K. Now a word about our sponsor, the Johns Hopkins University Information Security Institute. The JHU ISI is home to world class interdisciplinary experts dedicated to developing technologies to protect the world's vast online systems and infrastructure and working closely with US Government research agencies and industry partners. The Institute offers dual degree and joint programs in computer science and Health informatics and has been designated as a Center of Academic Excellence in Cyber Research. Learn more at isi.jhu.edu Europol dismantles the Manson cybercrime market Operation Destabilize stops two major Russian speaking money laundering networks New details emerge on China's attacks on US Telecoms Black Lotus Labs uncovers a covert campaign by the Russian based threat actor Secret Blizzard. Cisco issues patches for a high impact bootloader vulnerability Trend Micro researchers uncovered Earth Minotaur targeting Tibetan and Uyghur communities Payroll pirates target HR Payroll Society to redirect employee funds Pegasus spyware may be more prevalent than previously believed. Our guest today is John France, CISO at ISC2, with insights from the ISC2 2024 workforce study and how businesses can lose customers one tip at a time. It's Thursday, 12-5-20. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Happy Thursday. Thank you for joining us. It is great to have you with us. Europol announced the dismantling of the Manson Market cybercrime marketplace and a network of phishing websites. The investigation, first launched in 2022, revealed Manson Market facilitated the sale of stolen personal and financial data, including bank account information sorted by region and balance. Scammers also operated fake online shops to steal payment details for resale on the marketplace. Authorities seized over 50 servers and 200 terabytes of evidence, with arrests made in Germany and Austria. Visitors to Manson Market's site are now greeted with a notice stating law enforcement possesses all user information. This takedown follows recent operations against Crime Network, a major German speaking illegal marketplace, and Matrix, an encrypted messaging service used by criminals. Europol monitored Matrix for three months before shutting it down, demonstrating continued efforts to disrupt cybercrime infrastructure across Europe. The UK's National Crime Agency, the NCA, has dismantled two major Russian speaking money laundering networks, Smart and TGR, in Operation Destabilize. These networks laundered millions for cyber criminals, including the Ryuk Ransomware Group, and helped Russian elites bypass sanctions. They operated in 30 countries, collecting cash in one location and transferring equivalent amounts, often as cryptocurrency elsewhere. The NCA made 84 arrests and seized £20 million in cash and crypto. Key figures include smart leader Ekaterina Zanova and TGR boss George Rossi, both sanctioned by the U.S. treasury. The operation delivered a blow to the network's operations, severely impacting their finances. NCA Director Rob Jones emphasized the UK is no haven for money laundering, disrupting these schemes at every level. In an update, Deputy National Security Adviser Ann Neuberger said the Chinese hacking campaign that compromised at least eight U.S. telecom firms and affected dozens of countries. Salt Typhoon targeted senior US Government officials, political figures and private individuals, enabling Beijing to access phone calls and text messages. Though no classified information was compromised, ongoing risks remain as affected companies work to fully expel the hackers. The breach, believed to have started one or two years ago, appears regionally focused and impacts a low couple dozen countries. The FBI and CISA have issued guidance urging telecom firms to enhance encryption, centralize systems and monitor networks to mitigate risks. China denied the allegations, accusing the US of cyberattacks. The White House emphasized that improved cybersecurity standards similar to those implemented after the Colonial Pipeline ransomware attack are critical to preventing future intrusions. The FBI, CISA and allied agencies are urging the use of end to end encryption following revelations that China's Salt Typhoon Group exploited these backdoors in public telephone networks. CISA's Jeff Green emphasized the need for encrypted communications to secure networks long term. Senators Ron Wyden and Eric Schmidt highlighted vulnerabilities in unencrypted DoD communications, advocating for Matrix, a decentralized E to EE platform used by NATO allies and the US Navy. Matrix offers enhanced security and digital sovereignty over centralized systems like Microsoft Teams. Obviously this is a different Matrix than the one we previously mentioned that was being used by German cybercriminals. Black Lotus Labs uncovered a covert campaign by the Russian based threat actor Secret Blizzard, also known as Turla, targeting Pakistani actor Storm 0156. Over two years, Secret Blizzard infiltrated 33 command and control servers operated by Storm 0156, known for espionage under the side Copy and Transparent tribe clusters. Secret Blizzard gained access in December of 2022, embedding their malware 2Dash and Statuzi into Afghan government networks by mid 2023. By April of 2023, they infiltrated Pakistani operators, workstations, acquiring data on Storm tools, credentials and exfiltrated intelligence, expanding operations. In 2024, they appropriated and repurposed Storm 0156's malware, including Crimson Rat, previously used against Indian government and military targets. This allowed Secret Blizzard to exfiltrate additional data from prior operations, showcasing their expertise in hijacking adversarial infrastructure. Lumen Technologies credited Microsoft Threat Intelligence team for their collaboration in addressing this threat. Cisco has issued patches for a high impact vulnerability in its NXOS software bootloader that could allow attackers to bypass image signature verification and load unverified software. Exploitation requires physical access or administrative privileges, but no authentication. Over 100 device models are affected with no workarounds available. Cisco has released patches and plans to address all devices by month's end except for discontinued switches. No active exploitation of this vulnerability has been reported, but users are urged to update promptly. Trend Micro researchers uncovered Earth Minotaur, a group using the updated Moonshine exploit kit to target vulnerabilities in Android instant messaging apps, primarily impacting Tibetan and Uyghur communities. Moonshine, now with over 55 servers, exploits Chromium based browser flaws and delivers the Dark Nimbus backdoor to both Android and Windows devices. Dark Nimbus targets apps like WeChat, posing a cross platform threat. Researchers emphasize the importance of regular software updates to mitigate these attacks and protect against Moonshine's evolving capabilities. The threat analysis team at Silent Push have uncovered an extensive phishing campaign by a group they call the Payroll Pirates, targeting HR payroll systems to redirect employee funds using domains spoofing major organizations like Workday, Kaiser Permanente and New York Life. Attackers lure victims to fake HR pages through malicious search ads. Once inside employee portals, scammers use stolen credentials to alter banking details. For fund redirection, the group utilizes website builders like Mobberize and popular registrars, creating hundreds of domains linked to dedicated IP ranges. Silent Push identified evolving tactics including phishing campaigns targeting unemployment portals and credit unions. An investigation by Iverify revealed significant insights into mobile threats, highlighting the hidden prevalence of spyware like Pegasus. Through scans of 2,500 user devices, the investigation uncovered seven Pegasus infections showing compromises spanning years and affecting devices running multiple iOS versions. This challenged the perception that spyware primarily targets only high profile individuals like journalists or government officials. Pegasus, developed by NSO Group, uses sophisticated methods like zero click attacks and exploits operating system vulnerabilities to achieve full device control. The investigation's results, 2.5 infections per 1,000 scans, suggest that spyware is more common than previously thought. The research emphasizes the need for broader scalable detection to uncover threats often hidden from traditional security measures. By examining a larger sample, the findings offer a clearer example of the scope of mobile device compromise in an evolving threat landscape. Coming up after the break, my conversation with John France, CISO@ISC2. He shares insights from the ISC2 2024 workforce study and how businesses can lose customers one tip at a time. Stay with us.
[11:55]
Unknown Sponsor Voice
And now a word from our sponsor, KnowBefore. It's all connected and we're not talking conspiracy theories. When it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBefore, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBefore's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco. 35 vendor integrations and Counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint identity or web security vendors. Then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbefore.com SecurityCoach that's knowbefore.com SecurityCoach and we thank KnowBefore for sponsoring our show.
[13:27]
Dave Buettner
And now a message from Black Cloak what's the easiest way for threat actors to bypass your company's cyber defenses targeting your executives at home? According to the latest Poneman Research study, over 42% of CISOs have reported cyberattacks on their executives in their personal lives. And this becomes your problem because executives are easy targets at home for account takeover, credential theft and reputational harm. Close the at home security gap with Black Cloak's Digital Executive Protection Platform award winning 247365 protection for executives and their families. Learn more at BlackCloakIO John France is Chief Information Security Officer at ISC2. I recently caught up with him for insights from the ISC2 2024 workforce study.
[14:31]
John France
It's broadly opinion and some data combined to provide a view of not only the workforce, the potential needs for the workforce coming up and we call it the gap I. E. What's needed to secure versus what's currently available and also to look at the skills in there. And this year it's a treasure trove of sort of AI data as well because we ask some very specific questions around AI.
[14:57]
Dave Buettner
Well let's use that as a Starting point here. Obviously AI is an ongoing hot topic. How are cybersecurity teams utilizing generative AI when it comes to workforce issues?
[15:13]
John France
What the report highlighted is a little bit of a double edged sword really, which is we know it's pushed into our environment. In fact, generative AI has been around for a little over two years now since it hit the public consciousness with ChatGPT. And what we've seen as a profession is not only the proliferation of personal use and business use, but also AI in pretty much everything, in all the tooling that we use and the general workforce uses. So I think the double edged sword is, you know, it promises a lot, but it also comes with some risks. Those risks are things that we as cyber pros have to understand and have to cope with. And what it's really showing is we probably don't know enough. Maybe that's generally speaking true of anyone that uses AI, which is we know a little bit to be dangerous, but we really do have to look at what this might mean for our profession. You know, 50, 51% of the respondents to the survey said cyber security skills may become obsolete because of some of the AI evolution. Actually, I think what we'll find is some of our jobs will change fairly significantly when we get used to using AI and the tooling that we provide in the situations we find ourselves. So yeah, it's, it's definitely in the public consciousness, definitely in cyber pros consciousness. And obviously businesses want to use it for competitive advantage.
[16:41]
Dave Buettner
I saw someone recently on social media saying that there are folks now who are specializing in helping folks format their resumes as to make them present themselves in the best possible way to the AIs that are analyzing them.
[16:58]
John France
Interesting, I hadn't seen that. But yes, of course AI is used in lots of things and it can be used in selection and sifting. Interestingly, in the eu that may not be a use case you're allowed to do anymore because of the AI act, which is automatic decision making around people. So there are some regulatory pressure coming in there as well that might curb some of the use cases that it could be put to. But it's not surprising. And of course being a hot topic that it is, and candidates wanting to be appealing, it's going to be on the cv. What we're actually starting to see is, and what the survey backs up is we don't actually know kind of what the core skills in AI are likely to be. So we're seeing some of them actually going back to things like problem solving, teamwork, and collaboration, communication as some of the key skills that are coming through. Non technical in nature, but where technology is new, emergent, unsure. You can actually use a little bit of a fallback on some of those, I'm going to call them more business orientated skill sets. And that's what we're seeing coming through on the survey data.
[18:10]
Dave Buettner
Yeah, it's one of the things that caught my eye when I was reading through the survey was that it highlights this shift towards prioritizing non technical skills. Can you unpack that for us? What is this trend you're seeing?
[18:24]
John France
Yeah, so I think that the survey has two broad components. One is the needs of the workforce to secure where we see business going. That's the workforce gap. And then there's a skills gaps which is the skills required to do that. And this year is actually a very pronounced difference between the two. Not only do we not have enough people in the industry to fill those, but the people we do have may not be skilled in the correct areas. So part of that move towards more problem solving, teamwork, collaboration and communication is something that naturally means you're probably going to be a really good learner and actually you can cope with change. And we live in a world of change. So I think that's where we're starting to see those things come through as desired traits. The rest can be kind of learned and picked up. And actually I think it's another affectation of cybersecurity getting a little bit closer to the business. And actually when you get closer to the business, you need some of those skills to communicate, to understand, not only to understand what you're protecting and how to protect it, but actually explain why you're doing what you're doing. So I think it's a little bit of a lot of technical and quite a lot of, I'm going to call them interoperation with other business departments and units where these will really come to the fore and pay dividends.
[19:56]
Dave Buettner
Yeah. Another thing that drew my attention was the report outlines how there's a significant portion of the new folks entering cybersecurity who are older, they're age 39 to 49. What does this indicate?
[20:13]
John France
It's an interesting stat actually. I probably picked up on the same as you did and I was a little surprised by that. Wow. Wow. And to bust a myth, new entrant doesn't have to mean young. And in case about the data is actually showing that. Right, right. And what we might be seeing is some career changes coming into the profession, which is great to Be brutally honest, we need not only new entrants in, I'm going to call it the bottom end, maybe at the younger side, but we also really value career changes that come in and they bring different viewpoints and different skills from what they've previously been doing. And maybe that's why we're starting to see that age demographic up in that end. And maybe it is some of those where we've been interoperating with other bits of the business, they've become really keen to find out what we do and actually are moving over into our professions.
[21:13]
Dave Buettner
Well, let's talk about some practical stuff here. I mean, when we're looking at certifications and standards, where do we stand with that? What's the importance of the certifications these days and what are considered some of the most valuable?
[21:29]
John France
You know, without trying to be slightly neutral, standards and certifications are a really good mark of competence. In fact, obviously IC2 certifications are competence based, not just knowledge. So there are, and we come back to that sifting problem, which is how do you qualify? On first glance, certifications is one of those elements. If you maintained a certification and actually I use the word maintenance really, really keenly because it not only shows that you've achieved it, but you've actually maintained it. We have ongoing professional development requirements in our certifications, as do many others. So I think they're a good way, a good mark of knowing that you're getting a certain competence. And you know, if we take standards as well, not just of the standards of the people, but things like the NIST cybersecurity framework, et cetera, those are ways of obviously operating good sets of controls, known, repeatable, with good outcomes. So they absolutely have their place. They're not the be all and end all. You know, you can't just go and get a certain have done and say, yeah, I've made it. It is part of being a rounded individual, not only for proof points, professional development, but. And that's where we see some of these other skill sets come in. You know, good communicator, you know, curiosity, propensity to learn.
[22:56]
Dave Buettner
But when you look at the report as a whole, what are the take homes for you? What are the words of wisdom here?
[23:04]
John France
I think economic pressures, budget constraints and layoffs continue to challenge our profession. That challenge impacts the workforce satisfaction. Slight dip in that satisfaction rating and technology adoption is still fairly aggressive. So economic pressures are driving probably that lack of budget which is driving staffing challenges. So in fact, lack of budget replaced lack of qualified talent as the top staffing barrier. So we are definitely seeing that as a pressure. 25% observed some layoffs. That's up 3% from 2023. And nearly a third have seen fewer promotions. So that goes to that little bit of stagnation. That's number one. Economic pressures leading to staffing challenges through budget constraints. I think gaps in skills. 67% reported staffing shortages with 90% mitigating skills gap on their teams. That's the difference between I know I need to get someone in or get a person in, but actually saying there's a really big skills gap out in the market that I'm not finding what I'm really looking for. 64% viewed those shortages as more serious than the personal shortages. So, you know, even if I can't get people in, the access to skills is the key issue that they're dealing with now. Training and development is part solution to that. So there is some upside. Doesn't have to be formal. We'd love it to be in certain cases, but it can be just opportunistic and giving people the experiential component. And then finally that threat landscape, the environment we swim in is challenging. We've seen obviously conflicts in a number of regions that have digital components. That's driving uncertainty, uncertainty in the wider market as well as new and emergent technology sort of giving you something new to look at, specifically AI, which is, you know, I think not only is our profession but also the businesses are trying to fill the edges of where AI can be leveraged for best.
[25:08]
Dave Buettner
That's John France, Chief Information security officer at ISC2. We'll have a link to the ISC2 2024 workforce study in our show Notes. Do you know the status of your compliance controls right now? Like right now we know that real time visibility is critical for security, but when it comes to our GRC programs we rely on point in time checks. But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the VANTA brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber. That's vanta.com cyber for $1,000. And finally, have you ever felt like you're under the spotlight while choosing how much to tip? You're not alone. Digital tipping systems with handheld devices or countertop screens displaying your selection are making tipping feel like a high stakes social performance. Researchers from the University of Richmond, studying TIP Surveillance analyzed 36,000 transactions and ran experiments with over 1100 participants to uncover its impact. The findings Being watched While tipping is bad for business, customers scrutinized during tipping were less likely to return or recommend a business. While privacy often made customers feel more generous, the eyes on you approach led to resentment and reduced loyalty. Interestingly, people enjoy being observed while donating to charity, but tipping feels more like an obligation than a choice. Businesses hoping to cash in on pressure tactics might be disappointed. The research revealed no clear link between surveillance and higher tip amounts. In fact, when tipping privately, customers tipped similar amounts but felt more in control, fostering positive experiences. With tipping expectations, skyrocketing companies need to strike a balance. Training employees to respect tipping privacy while ensuring fair wages could enhance customer loyalty and build a better reputation. Ultimately, the debate about tipping's future isn't just about dollars. It's about creating systems that protect workers, ensure fair pay, and foster a sense of goodwill. After all, tipping should leave everybody smiling, not sweating under the payment panopticon. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@the cyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast apps. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your team smarter. Learn how@n2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iban. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpie is our publisher and I'm Dave Buettner. Thanks for listening. We'll see you back here tomorrow. Hey everybody, Dave here. I want to talk about our sponsor LegalZoom. You know, I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, the taxes, all of those things that you need to go through when you're starting a business, the hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run and protect your business all in one place. And they save you from wasting hours making sense of all that legal stuff. Launch, run and protect your business. To make it Official today@legalzoom.com you can use promo code CYBERTEN to get 10% off any LegalZoom business information product, excluding subscriptions and renewals, that expires at the end of this year. Get everything you need from setup to success@legalzoom.com and use promo code CYBERTEN. That's legalzoom.com and promo code CYBER10. Legalzoom provides access to independent attorneys and self service tools. Legalzoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm LZ Legal Services llc.