3 Interesting Articles

Cyber Leaders With Tight Budgets Still Must Secure AI, Cloud
Wall Street Journal ($): In 2024, corporate cybersecurity leaders face the challenge of managing tighter budgets while ensuring the security of critical technologies like AI and cloud computing. With limited financial resources, there’s a growing emphasis on judicious spending and careful vendor selection. Cybersecurity departments are adapting to the impact of broader business budget cuts, which constrain their capacity for implementing security projects. A key focus is moving away from traditional password systems to prevent hacks, and conducting thorough analyses to justify cybersecurity investments. The cybersecurity industry’s dynamics, reshaped by layoffs and acquisitions, lead to a trend of consolidating vendors for efficiency. Prioritization of cloud security and technologies like generative AI is essential, with an approach to embed security features early in the development process to align with overall business goals and optimize cybersecurity spending.

23andMe: ‘Negligent’ Users at Fault for Breach of 6.9M Records
Dark Reading: 23andMe is facing lawsuits after a data leak affecting millions, but denies liability, attributing the breach to users’ weak password management. Hackers accessed accounts through credential stuffing, exploiting reused passwords. The company argues that the exposed information, mainly from its DNA Relatives feature, couldn’t cause financial harm. In response, 23andMe enhanced security measures, including mandatory password resets. This incident highlights a shared responsibility for online security between service providers and users, emphasizing the need for strong user passwords and robust security protocols from companies. The case raises questions about the extent of a company’s responsibility to protect user data against common cybersecurity threats.

Cyber Insecurity and Misinformation Top WEF Global Risk List
Infosecurity Magazine: The World Economic Forum’s Global Risks Report 2024 highlights misinformation and disinformation as a top global risk, which is especially concerning with impending elections globally. The ease of spreading false information, increasingly facilitated by AI, is a major threat to the legitimacy of governments. Additionally, the report notes a rise in cybercrime, with threats shifting towards less digitally savvy regions in Asia and Africa. Cybersecurity concerns remain prominent, with the concentration of AI technology production in a few entities creating significant supply chain and systemic risks. The report calls for effective and timely regulation to combat these risks and stresses the need for equitable global development in AI and cybersecurity capabilities.

2 Stats You Should Know

In 2003, 19 year old Van T. Dinh became the first person charged by the SEC with using a Trojan horse and someone else’s online brokerage account to sell thousands of worthless stock options to an unwilling buyer. His diary was read at his sentencing hearing. (source)

Following a breach, share prices of breached companies hit a low point approximately 110 market days later. Share prices fall -3.5% on average and underperform the NASDAQ by -3.5%. (source)

1 More Thing

Cybersecurity without a SOC team (source)