Discover more from The Cyber Why
The Cyber Why: What We Read This Week...
... and why you should too! (08/01/23)
I’m back at the wheel for this week’s The Cyber Why, just in time to take next week off, as the entire TCW staff will be flying to Las Vegas for the always excellent Blackhat and Defcon cybersecurity conferences. I’ve been attending these events for over 20 years (yep, I’m that old), and I still love them. Send me an email if you want to connect next week - I’m always open to meeting new friends and hearing amazing stories. And with that.. here’s the rundown on this week’s reading list:
Liquidation preferences can kill a company, some sick data bombs regarding the economic state of the USA, if a virus only hits 500 or so gamers, do we care, AI for the bad guys, and the legal risks of being a CISO! Check it out below, and I’ll see you soon in Las Vegas!
Ping me to meet in Vegas next week. Or subscribe here.. either way it’s a smart move!
Founders - Don’t Fall Into This Hidden Trap!
Hidden Trap Of Convertible Note and Liquidation Preference Multiples (VCs Newsletter)
I get a fair amount of stock related questions both from founders as well as employees at young startups. They range from tax related to when to purchase your options, but the one thing I don’t get often enough is questions around how convertible notes, preference stacks and liquidation preferences work. While not surprising, it is a bad disheartening. It’s a trap that many founders and early stage start up employees unwittingly walk directly into. I highly recommend reading this excellent summary of how convertible notes, liquidation preferences, and stock options actually operate. There’s a little bit of “math” in this one but the pain is worth it.
Data Makes Us SMARTER!
I’m a data nerd. Without data we can’t make informed decisions. What I really like about this research is that it’s data for data sake and it leaves the conclusions to be drawn by the reader. My overall takeaway here is that things are nearly as bad as many people have made them out to be. Yes we’ve seen a blip in the macro economic radar, but at the end of the day, the Fed has managed to orchestrate a reasonably soft landing. Check out the links for tons of geeky graphs that are sure to make your brain explode.
When Call of Duty Gets PWNED…
Hackers are infecting players of Call of Duty: Modern Warfare 2 with a self-spreading malware that appears to spread through online lobbies automatically from one infected player to another. The malware was first reported on a Steam forum and has been confirmed to be a worm by an industry insider. The game's developer, Activision, has acknowledged the issue and taken the game's multiplayer offline while investigating. The motive behind the malware is unclear, but it is believed that the hackers are exploiting bugs in the game to execute malicious code on other players' computers. So far about 600 gamers living in their moms basements have been compromised. (Sorry.. I couldn’t resist the joke)
Policy Vs. Bad Guy Tool Creation
New AI Tool 'FraudGPT' Emerges, Tailored for Sophisticated Attacks (The Hacker News)
A new partnership to promote responsible AI (Google Blog)
Have we kicked off a new arms race? The bad guys are adopting AI backed systems just as fast, if not faster, than the good guys. A new tool was released last week that hackers can use to automatically generate really good phishing emails, create new malware, and automate the discovery of new vulnerabilities. There have been over 3000 sales and reviews at $200 a month subscription. AI and automation is power for both the good and the bad - It’s all in how you use it that matters. While you are reading you should also check out the new Frontier Model Forum presented by Google, MS, Anthropic, and OpenAI. My prediction: we will see an uptick in the phishing and ransomware based attack models as we move into 2024. Uh oh!
Will Smith as Neo! It Didn’t Happen (Or Did It)
WOW! This article is essentially something straight out of the movie “Inception”. Using deep fake videos, researchers were able to incept false memories into subjects convincing them that they had seen movies that didn’t exist and even getting some people to rate them higher than the originals. What we have here is yet another method for distribution of misinformation to the world. If you think you get a lot of annoying “weird emails” from your distant relatives who live in Florida now? Just wait until deepfake disinformation becomes the norm! Yikes!
CISO or CSO - What Is In A Name?
The Impact Of Legal Action Against CISOs (The Reformed Analyst)
The risk of holding the role of Chief Information Security Officer at a company that gets breached lives in a grey area. With the Solarwinds hack and the Uber breach acting as bellwether events, the writing appears to be on the wall regarding the dangers you may face, making the change from CISO to CSO (Chief Scapegoat Officer) a likely outcome. The author of the article did a great job reporting on both sides of the issue in what is otherwise a very touchy debate. The key take away I got from the article can be summed up in this paragraph:
“Rothke then cited what’s known as “Spaf’s Law,” and the first principle written and promoted by Professor Gene Spafford of Purdue University. The rule says, “If you have responsibility for security but have no authority to set rules or punish violators, your whole (sic) role in the organization is to take the blame when something big goes wrong.”
Comment in the threads if you agree or disagree with the article.
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!