The Cyber Why: What We Read This Week...
... and why you should too! (4/14/2023)
This week's TCW newsletter is one hell of a “spicy meatball.” Details emerged about the demise of SVB while cybersecurity funding took a nosedive. Teslas are taking intimate pictures of their owners, and once again, we can’t avoid writing about the onslaught of AI stories. One AI system even went so far as to try to end all of humanity (good thing it didn’t succeed). Finally, the US Gov wakes up to secure by design while FTX is shown to be vulnerable from the start! This and more in TCW!
Cyber Funding Slumps and SVB Details Emerge
Cybersecurity Funding Drops 58% From Q1 2022 (Crunchbase)
They say that the cybersecurity market is resilient and that spending never really dips. That may be true, but funding certainly has. In speaking with a number of VCs personally this week, it’s clear that the cybersecurity funding downturn is real, and raising capital as a cyber startup right now is the hardest it’s ever been. Funding is down 58% year over year in Q1, and deal flow was down to 149 announced deals representing a drop of 45% compared to Q1 2022. They also say that NOW is the time to build a company… assuming you can find the money!
The Last Days of SVB (Puck)
As it’s happening, it’s impossible to know the exact details of a story such as the death of Silicon Valley Bank. Eventually, someone writes a book (or article) that details the sausage grinding specifics. While heavy on the finance jargon, this article explains what happened and is an enlightening read. The real winner in the SVB crash, according to The New York Times, was Goldman Sachs. Goldman made or will make more than $100M in profit on the trade. Some even say the profits could reach $200M! Now THAT’s capitalism at its finest!
Tesla Vehicles Spy On Intimate Moments
Tesla workers shared images from car cameras, including “scenes of intimacy” (Ars Technica)
Oh boy. In a story that reminds me of the Uber tracking of random people debacle from a handful of years ago, Tesla has gone and stepped in it again. It’s come to light that Tesla in-car cameras were being used by Telsa employees to remotely spy on owners revealing hilarious, scary, and often raunchy images. From sexual devices to undergarments, and even to an accident or two, this issue will likely end up very badly if the lawsuits start flowing in. Good luck with that, Tesla!
Aren’t We Done With AI Yet?!
Me Ranting About AI Marketing (linkedin.com/in/rickhholland)
The marketing at next week’s RSA Conference in San Francisco might be the end of us all. In the cybersecurity world, AI is the new Zero Trust. It’s the marketing buzzword of the day. Vendors are already unleashing their AI press releases with reckless abandon. Cyber AI will soon become product table stakes, and vendors must deliver on value, or this will all fade away as fast as it appeared. I’ll be at RSAC, so you don’t have to, and I will report back to the TCW crew how much AI BUZZ per square foot is on the expo floor.
No, We’re Not Done… AI LIVES ON!
Generative AI could raise global GDP by 7% (Goldman Sachs)
The newest version of ChatGPT passed the US medical licensing exam with flying colors (Business Insider)
AI news is everywhere. We had hoped to move on from it in this week’s TCW, but the universe had other plans. Goldman Sachs recently released a report showing the potential impact on US GDP could be as much as 7% or almost $7T dollars. Goldman also predicts that over the next decade, 85% of occupations could be partially automated by AI. We went through a similar ride when the Internet was pushed into the mainstream. We will adapt and survive. Just go ask your robot doctor! He’ll give you a chill pill and tell you to relax!
Or, Is AI Done With US!?
Meet Chaos-GPT: An AI Tool That Seeks to Destroy Humanity (Decrypt)
10 Nightmare Scenarios That Could Happen With Current Generation AI (Slashgear)
15 Scariest Movies About Artificial Intelligence (Movieweb)
Beware of AI. It’s coming for you! If AI is truly ready to terminate us, the above content regarding AI cybersecurity marketing is the least of our concerns. Meet ChaosGPT, one of the most BONKERS stories of the week. Its main objective is to destroy society, establish global dominance, cause chaos and destruction, control humanity through manipulation, and attain mortality. If you want to be scared, check out this YouTube video of Chaos-GPT in action. If you want to be TRULY MORITIFIED, just watch the movie Transcendence - it really is that bad.
Moving Towards Secure By Design…
Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and-Default (Rick Pick - CISA)
Following on the heels of the Biden administration's National Cybersecurity Strategy announcement in March, our .gov friends at Cybersecurity & Infrastructure Security Agency (CISA) have issued new guidance that "urges manufacturers to take urgent steps necessary to ship products that are secure-by-design and -default." What a novel concept. I'm skeptical of adoption by cybersecurity startups focused on getting products out the door. You can download "Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default" here.
.. Instead of Vulnerable From the Start
FTX's Cybersecurity Was Hilariously Bad (Rick Pick - Gizmodo)
Talking about vulnerable by design or vulnerable by not giving a shit, Sam Bankman-Fried’s (aka Cyber Bernie Madoff’s) company, FTX, had some of the worst security controls you could imagine. In an independent bankruptcy report, auditors found, "The FTX Group failed to implement basic, widely accepted security controls to protect crypto assets." Virtually all crypto assets were stored in hot wallets, not cold wallets. The private keys for over $100m of assets were stored in plain text with no backups. There were no: principles of least privilege, multi-factor authentication, single sign-on, network segmentation, endpoint protection tools, or asset inventories. Shockingly, a third party didn't steal all of FTX's assets before Cyber Bernie Madoff did. Go download the 43-page report in all its glory.
Wooly Mammoth Meatball
Wooly Mammoth Meatball (Uncrate)
Yep, it’s big. Yep, it’s real. Yep, it’s part Wooly Mammoth and part African elephant (the mammoth’s closest living relative). The Mammoth Meatball is named as such because it's at least partly made using woolly mammoth DNA. To quote the article, “Experimental food collective Forged by Vow blended the mammoth DNA with that of the African elephant — the mammoth's closest living relative — then grew the cultured meat in a lab, forming it into a familiar spherical shape.” Now THAT’S a spicy meatball!
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!