The Cyber Why: What We Read This Week...
... and why you should too! (05/30/23)
Happy Memorial Day (one day, belated). I spent Friday through Monday in a mental haze of cheap beer, bourbon, and steaks delaying our normal Friday email. So instead, we are sending this week’s Cyber Why newsletter out on a Tuesday! In the future, Tuesdays will be our new release day giving us the weekend to write. Now onto the content. This week TCW covers API security, the potential “Dead Cat Bounce” of the tech market, a primer on AI cyber risk, the right to delete, and chatbots taking over online dating. Enjoy the content, and if you like TCW, please remember to share!
API Security - The BIG Issue
Are Your APIs Leaking Sensitive Data (The Hacker News)
API Security - What You Need to Do to Protect Your APIs (Gartner)
API security is not a new problem - it’s just been exacerbated to extreme levels over the last 24-36 months. API traffic now represents over 80% of all Internet traffic, making securing them a massive concern. While these articles are light on details, let’s all take a moment and consider what we can do to solve the big API security problem. Personally, I’d start with discovery and layer on protection. General AI and AI plugins will make APIs even more risky if we don’t tackle this issue soon. Check out the Gartner piece for more specific details on how to protect your APIs.
The Bottom Or Just A Dead Cat Bounce
VC firms are in more talks to sell stakes in startups, says NewView Capital Founder (Fortune)
The Acquihire Market for Early Stage Startups is Ice Cold. One Better Strategy? Announce You’re For Sale (Hunter Walk)
We are nearing the bottom. At least, that is what my ever-so-inaccurate spidey senses are telling me. We’ve seen the first 5 months of 2023 crush cybersecurity startups’ ability to sell products, and in response, their valuations fell through the floor. Due to layoffs, many companies can’t even exit via acquihire. The great Warren Buffet once said to be “fearful when others are greedy, and greedy when others are fearful.” Venture capitalists are dumping shares on the secondary market at a discount between 30%-50% from the previous valuations. When a fire sale occurs, the rich get richer, buying at a discount. Good luck going shopping!
AI Cyber Risk Primer and Areas of Analysis
TP#18 The AI Trust Paradox (Craig Balding)
OpenAI leaders propose an international regulatory body for AI (TechCrunch)
OWASP Top 10 for Large Language Model Applications (OWASP Foundation)
The more things change in cyber, the more I realize that cyber attack models don’t evolve. The areas of security analysis we used to use when I was a consultant at ‘@Stake have never changed. They were just applied to different areas of focus. While the threat models are nothing new, the risk is absolutely real. Check out this AI Trust Paradox piece by Craig Balding for a great primer on AI attacks. Then read the OWASP Top 10 for LLMs to get the high-level focus areas. And FINALLY, read up on the fact that we are already behind the 8-ball with very little chance of getting regulation in place in time to save the day.
Right To Delete - Delete Means GONE!
A Twitter Bug is Restoring Deleted Tweets and Retweets (The Verge)
This is particularly scary. Shouldn’t “deleted” mean GONE - permanently? The author of this article, and many other people, began noticing their previously deleted tweets, likes, DMs, and more reappearing on their timelines. When the author emailed Twitter to comment on the article, they got an automated POOP emoji per Twitter’s new PR policy. I guess it’s true - what you put on the Internet does remain there forever. Especially if the service you run it through has a “shitty” level of privacy and pr support!
Bootstrapping Should be the New VC Funding
The Impact of AI on the Cost of Starting and Running a Business (Data-Driven VC)
In 2021 and 2022, when valuations were soaring, and companies were taking in hundreds of millions of dollars in venture capital to kick off their fledgling businesses, I often asked myself WHY so much. The advent of the cloud, the improvements in coding speed, API-driven development, and much more made it cheaper and easier to build a company than at any other time in history. Yet companies were raising an order of magnitude more to start their businesses. It just didn’t make sense. Then the crash came. Valuations were slashed, and companies with the grow-at-all-costs mentality faced a reckoning. Now we’re seeing it happen all over again with AI. If AI makes it easier than ever to start a business, why aren’t we seeing more bootstrapped, or at least low-raising, companies? Just something to ponder as you read this awesome piece about AI’s impact on the cost of starting and running a business.
AI Takes Over Dating - Flirting with WALL-E
Would You Flirt With a Chatbot (Liz Plank)
If you can’t talk to a member of the opposite sex face to face, you turn to text messaging and online flirting. If you can’t even stomach typing to the person, you can hire a ChatBot to do it for you! At first, I thought this article would be a ridiculous description of socially awkward people using bots to dupe people of the opposite sex into dating them. But once I got into it, I was pleasantly surprised. There really is a “two sides to the coin” discussion to be had here. Chatbots in dating can help people as much as they can amplify the worst pieces of society. Check this piece out with an open mind, and maybe you’ll use a ChatBot to find the love of your life!
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!