The Cyber Why: What We Read This Week...
... and why you should too! (05/05/23)
I apologize for the late delivery of this week’s TCW news roundup. I was on the road last week and had no time to write. Working with startups, raising money, and writing articles are all full-time jobs - does anyone want to help me?! Luckily,
stepped up and carried me across the finish line! In this week’s TCW we comment on fat unicorns needing to lose weight, Joe Sullivan and the wrist slap heard around the CISO world, some great threat reporting from and Andy Greenberg, of course AI is in the mix, including ChatGPT being PWNED! So grab your Sunday morning coffee and read this week’s “The Cyber Why.”Down Rounds and The Crush Continues
Down rounds are prevailing as power shifts to VCs again (TechCrunch)
Overfed unicorns: The high cost of overfunding billion-dollar startups (CB Insights Research)
The VC / founder power dynamic shifted to the founder for a while. With so much cash on the sidelines, even the shittiest of companies were getting astronomical valuations resulting in some very overweight unicorns! Now that reality has set in, that power pendulum has swung hard the other way. According to Carta, down rounds were nearly 4x higher in Q1 2023 compared to the year prior. That’s one heck of an economic CRUSH! Downrounds lead to outsized dilution, unhappy investors, employees worried their shares would be worthless, and many more issues. At some point, these chunky one-headed horses will have to go on a real diet!
This Week In Threat News
Cops Just Revealed a Record-Breaking Dark Web Dragnet (Rick pick - Wired) SolarWinds: The Untold Story of the Boldest Supply-Chain Hack (Rick pick - Wired)
We have double Wired stories here from two of the best cyber security journalists. First, Andy Greenberg writes about Operation SpecTor, where law enforcement used intelligence gained from taking down a dark web market, Monopoly, to arrest 288 people and seize $53M; that is a lot of cheddar! Next, Kim Zetter provides a detailed behind-the-scenes report on the Russian SolarWinds supply chain attack. Kim’s story reminds me of similar detailed reporting by Andy on NotPetya and Maersk. These are all well-researched and well-written articles. Check them out.
A Slap On The Wrist - Happy Day!
Ex-Uber security chief gets probation for concealing 2016 data breach (Rick pick - Axios)
If you are a CISO like me, you are likely aware of the Sullivan case. Sullivan was the CISO at Uber and was found guilty of obstructing an active FTC investigation and concealing a 2016 data breach. Sullivan avoided jail time, and this sentencing feels like a positive outcome for the CISO community. Scapegoating is a legitimate concern for security leaders. I don't have the whole story, but the Legal team and CEO could have also been culpable. This case will make CISOs closely consider their approach to breach disclosures and their own liability in the future.
Ready, Fire, Aim! LLMs And Data Protection
Samsung tells employees not to use AI tools like ChatGPT, citing security concerns (Rick pick - The Verge) Microsoft could offer private ChatGPT to businesses for “10 times” the normal cost (Rick pick - Ars Technica) Private AI’s PrivateGPT aims to combat ChatGPT privacy concerns (Rick pick - Venture Beat)
Securing emerging tech is a challenge, and then securing emerging tech with the meteoric adoption rates of ChatGPT is like trying to put out a dumpster fire with a squirt gun – good luck with that! Italy initially gave ChatGPT the boot, and many firms, including JP Morgan Chase and now Samsung, are pumping the LLM brakes. You have to balance the potential innovation from LLMs against the risks. Companies that don't find a way to enable LLMs securely are headed for a competitive disadvantage. With new security and privacy measures on the horizon, like redaction and isolated instances, let's hope organizations don't accidentally spill the beans and inadvertently give up sensitive data. This was a hot hallway con topic at RSA Conference last week.
ChatGPT Gets PWNWED
ChatGPT Confirms Data Breach, Raising Security Concerns (Security Intelligence)
Well, that didn’t take long now, did it!? It turns out that when you build something mind-blowing, the hackers come at you in full force. ChatGPT was hacked using an open-source vulnerability in the Redis library. This article combines two of our favorite topics - AI and application security. It looks like the damage was minimized, but the results did take the service offline for a short period as well as disclose a small percentage of users’ billing details. This could have been way worse. If you are looking for a job, OpenAI is hiring for several security roles (link).
Microsoft Chief Scientific Officer Ain’t Scccrrd!
How’s that for a title? Not Chief Scientist, nope, that’s too plebeian! Chief SCIENTIFIC Officer. This super smart dude from Microsoft believes that there is a significant amount of untapped potential in AI and that it won’t replace people so much as be used as a tool to leverage the ability of humans to do things that machines can’t. I’ve been saying the same thing all along. I don’t think we’ll see AI take over so much, as I believe it will augment everything we do so we can move on to higher-order value. Look at that! I made the same points and didn’t even have that fancy title! (I joke about the guy, but the article is awesome and worth reading!)
A Beer Commercial Safe From Kid Rock’s Bullets
AI-generated beer commercial contains joyful monstrosities, goes viral (Rick Pick - Ars Technica)
Let’s highlight a creepy yet entertaining AI-generated beer commercial as we wrap up this week's stories. AI video generation has a long way to go! Check out these faces and how they drink their cold beers. The original version, “Synthetic Summer” is set to Smash Mouth's "All-Star," which is now stuck in my head. Or you can watch the YouTube version that uses generic music to avoid copyright issues below!
Editors note: In my opinion, the addition of an AI-generated Kid Rock could have totally made this video better! Imagine THAT!
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!