Cyber Leaders With Tight Budgets Still Must Secure AI, Cloud
Wall Street Journal ($): In 2024, corporate cybersecurity leaders face the challenge of managing tighter budgets while ensuring the security of critical technologies like AI and cloud computing. With limited financial resources, there’s a growing emphasis on judicious spending and careful vendor selection. Cybersecurity departments are adapting to the impact of broader business budget cuts, which constrain their capacity for implementing security projects. A key focus is moving away from traditional password systems to prevent hacks, and conducting thorough analyses to justify cybersecurity investments. The cybersecurity industry’s dynamics, reshaped by layoffs and acquisitions, lead to a trend of consolidating vendors for efficiency. Prioritization of cloud security and technologies like generative AI is essential, with an approach to embed security features early in the development process to align with overall business goals and optimize cybersecurity spending.
23andMe: ‘Negligent’ Users at Fault for Breach of 6.9M Records
Dark Reading: 23andMe is facing lawsuits after a data leak affecting millions, but denies liability, attributing the breach to users’ weak password management. Hackers accessed accounts through credential stuffing, exploiting reused passwords. The company argues that the exposed information, mainly from its DNA Relatives feature, couldn’t cause financial harm. In response, 23andMe enhanced security measures, including mandatory password resets. This incident highlights a shared responsibility for online security between service providers and users, emphasizing the need for strong user passwords and robust security protocols from companies. The case raises questions about the extent of a company’s responsibility to protect user data against common cybersecurity threats.
Cyber Insecurity and Misinformation Top WEF Global Risk List
Infosecurity Magazine: The World Economic Forum’s Global Risks Report 2024 highlights misinformation and disinformation as a top global risk, which is especially concerning with impending elections globally. The ease of spreading false information, increasingly facilitated by AI, is a major threat to the legitimacy of governments. Additionally, the report notes a rise in cybercrime, with threats shifting towards less digitally savvy regions in Asia and Africa. Cybersecurity concerns remain prominent, with the concentration of AI technology production in a few entities creating significant supply chain and systemic risks. The report calls for effective and timely regulation to combat these risks and stresses the need for equitable global development in AI and cybersecurity capabilities.
In 2003, 19 year old Van T. Dinh became the first person charged by the SEC with using a Trojan horse and someone else’s online brokerage account to sell thousands of worthless stock options to an unwilling buyer. His diary was read at his sentencing hearing. (source)
Following a breach, share prices of breached companies hit a low point approximately 110 market days later. Share prices fall -3.5% on average and underperform the NASDAQ by -3.5%. (source)
Cybersecurity without a SOC team (source)
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.