The Cyber Why: What We Read This Week...
... and why you should too! (1/24/24)
In this week’s TCW: Microsoft stumbles and lands face first in the muck, a tech debate that doesn’t devolve to referencing Hitler, what is a ZIRPcorn, the HackerAI vs. CyberAI cage match, and a couple of killer memes. Don’t forget to check out this week’s quick hits and hidden gems - it’s a bit longer than usual and overly meaty!
Featured Sponsor - Nudge Security
The CISO’s guide to reducing the SaaS attack surface
Your workforce is adopting new cloud and SaaS tools all the time, which means your attack surface is constantly changing. Our CISO’s guide provides a strategic blueprint for reducing your SaaS attack surface without slowing down the business.
Microsoft’s Secure Future Initiative Is Off To A Rocky Start
Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard (Microsoft)
Microsoft SEC Form 8-K (Microsoft)
Microsoft network breached through password-spraying by Russia-state hackers (Ars Technica)
(Rick Pick) Microsoft’s new Secure Future Initiative appears to be off to a less than secure start. On Friday (always on a Friday), our friends in Redmond announced an intrusion at the hands of the infamous Russian APT threat actor Midnight Blizzard/APT29/Cozy Bear. The name might be familiar as they are the group that targeted SolarWinds. What is particularly embarrassing for Microsoft is the manner in which APT29 gained its access. Microsoft wrote:
“The threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts.”
Technical debt for the loss? Based on the announcement, it doesn’t appear that APT29 had to use “advanced” techniques for its initial access. Guess whose email accounts were compromised? The senior leadership team, as well as employees in cybersecurity and legal teams. Also, what happened between the initial access and gaining access to senior leaders’ email? Transparency isn’t that transparent.
This breach is a setback for Microsoft, especially considering the Secure Future Initiative is partly a public relations and branding effort to rebuild Microsoft’s reputation in cybersecurity following a challenging 2023. It’s clear that Microsoft has significant work ahead in this area.
CyberAI vs HackerAI - The Dream Cage Match
Is artificial intelligence the solution to cyber security threats? (Financial Times)
I often debate this topic with some of the other TCW authors. I firmly believe that AI will ultimately bring massive improvement to cybersecurity, improving how we find and eradicate attackers. While others aren’t entirely convinced, I can confidently state - that they are WRONG! <sly grin>. Quoting many of the top OG cyber folks, such as Sam King (Veracode CEO) and Phil Venables, (CISO Google Cloud), this article touches on some of the critical aspects of where “AI in cyber” will be most effective and where it might fail.
When asked who would win in a war of cyber AI vs hacker AI, Phil Venables said: “Ultimately, it is the defenders who have the upper hand, given that we own the technology and thus can direct its development with specific use cases in mind. In essence, we have the home-field advantage and intend to fully utilize it.”
When Is A Unicorn NOT A Unicorn - When It’s A ZIRPcorn
Welcome Back to the Unicorn Club, 10 Years Later (Cowboy Ventures)
Quick trivia question for you… Who invented the term “Unicorn”? Answer: Aileen Lee of Cowboy Ventures. Early on in the founding of Cowboy Ventures, Aileen and her team sat down to analyze a dataset of US-based, VC-backed startups worth over $1B dollars. They named this herd of companies “unicorns” to represent rarity and magical qualities. In 2013, there were 39 unicorns. Today, there are 532 companies in the Unicorn Club. In this article, Aileen and her team deep dive into the statistics around these Unicorns and the primary differences between the cohort analyzed in 2013 and those that exist today. To tease the article and get you enticed to go read it, here are a few of the juiciest analysis bullets:
93% of Unicorns today are ‘Papercorns’ - privately valued companies
21% are valued at exactly $1B
40% are trading below $1B in secondary markets
Only 7% have exited vs 66% a decade ago
You Can’t Bootstrap a Cyber Biz (Or Can You)
Haroon’s Threat On LinkedIn (LinkedIn)
Original post from Ross (LinkedIn)
This thread is incredible. It’s the first Internet debate that I’ve seen in a long time that didn’t devolve via Godwin’s Law. This is likely due to the immense intelligence and respect of the two participants.
, of fame, and Haroon Meer, CEO of Thinkst Applied Research, had a lovely open debate about the merits and requirements to take in venture capital to succeed in the cyber security arena. Haroon is known for building a very successful bootstrapped cyber business. At the same time, Ross takes the side that it’s extremely difficult, if not near impossible, to succeed in any level of competitive niche of cybersecurity.While both techniques have merit and are technically possible, the question that isn’t brought up by either side is, “Can you define success?” They didn’t really get into whether you would rather sell your company at $30M and own 100% of it or if you would prefer to sell at $300M and own 10% of the business at the time. The outcomes are the same for you as an individual, yet I’m betting some readers believe that one is a success and the other a lesser success (or potentially a failure.) There is no correct answer to this debate. In reality, what matters when building a business is that you grow something that delivers value to the customer. If you do that, the rest of the financial decisions will always sort themselves out.
As a quick side aside… I disagree that cybersecurity companies are not winner-take-all markets. I think they are much closer to “winner-take-all” than we would like to admit, and at a minimum, they end with only a few winners shoving the rest of the contenders to the side. Happy to debate in the comments and notes sections below!
A Quick Meme To Make You Laugh
I will end this week’s TCW newsletter with some quick memes to make you laugh. The first one is to all of my fellow cyber marketers out there:
The second one is for everyone else.. because it’s just plain awesome. Have a great week!
Quick Hits and Hidden Gems
The Wired Worst Hacks of 2023 (Cyberinsights) - It’s like the Razzies but for cyber. This article offers commentary on the Wired report.
2023 Was Not the End of Cybersecurity (The Security Industry) - Richard always has brilliant insights into the industry. His 2023 recap is no different.
Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup (Ross Haleliuk) - Ross published a book! Go buy it. He’s awesome.
Why we need more startups and venture capital in cybersecurity, and what needs to change for the industry to mature (Venture In Security) - This time around, I disagree with Ross. While he lays out strong reasoning, I think the next wave of innovation comes from the big companies - Palo Alto, Crowdstrike, Microsoft, and others.
Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It (Wired) - Hmmm, how’s this going to end up for you?
Silicon Valley’s Cargo Culting Problem - Wearing a Black Turtleneck Doesn’t Make You Steve Jobs (Venture Curator) - Learn and apply. Don’t just regurgitate. The circumstances are never exactly the same, and neither is your reasoning.
When an Active Pause Is the Best Strategic Choice (HBR) - Sometimes, choosing to do nothing is the correct choice to make. Often, people don’t realize this and just do something for the sake of action creating a bad result.
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!