CYBER THOUGHTS NEWSLETTER
First up, Happy New Year! We are entering 2024 with a positivity boarding on exuberance; we hope you are too.
Given that this is a monthly newsletter we don’t have the space to both wrap up 2023, make predictions for 2024, and keep it short enough to match the world’s modern day Twitter/X attention span. But we are going to try.
2023 - It was a rough reset for cyber, venture, and the economy, but it wasn’t as bad as most people feared last January. In fact, we may have landed the plane with only scrapes and bruises.
2024 - While there are a lot of reasons to believe 2024 may be a great year, there are still some issues working themselves through the snake. Cybersecurity budgets are still tighter than years past, no longer growing at double-digit percentages, and many VC firms may not be able to raise new funds due to bad decisions made in 2021.
We predict that cybersecurity consolidation will continue in 2024 and that PE firms will be active in the space.
Now, on to our regularly scheduled snark.
AI will kill us all… Again.
The rumor mill has it that OpenAI’s latest model, named Q* (Q-Star), can do advanced math and that it has broken AES-192. AES is a cryptographic cipher that isn’t considered quantum secure and cryptographers have been finding attack vectors for a while. So, while it is known to have some deficiencies, it would still be quite impressive if Q* really broke it.
The other part of this rumor is that this was the reason Mr. Altman was fired from OpenAI. We feel like this is pretty deep in the conspiracy theory forest, but who really knows?
What we should take away from this is that AI and quantum computing will likely up-end encryption as we know, and the world isn’t prepared. “But what can we do, you ask? And how, by the way, do you look so great in that hat?”
First, thanks,our hat game is pretty tight. Second, there is an idea called crypto-agility. Let’s turn to Wikipedia:
“In cryptographic protocol design, cryptographic agility or crypto-agility is the ability to switch between multiple cryptographic primitives.”
Simply put, this means creating applications where the encryption system used can be simply swapped out for any reason at all. Quantum computing breaks your system; swap it for a newer protocol. AI makes your encryption into Swiss cheese? Replace it in minutes.
Moving encryption choice from the programmers of an application to the security team maintaining it would be a giant leap forward. It would cut the time to fix these systems dramatically, and it’s just good hygiene.
On a different note, we spoke with a CISO for an MSSP, and he is worried about the industry in 2024; at least for those selling software, naturally, he’s pretty sure his firm will benefit. His thesis is that with CISOs needing to do more with less, they won’t have the budget to try new solutions, so most startups will feel the pinch. His MSSP should benefit since firms can use them in lieu of increasing headcount.
Of course, his crystal ball is as accurate as everyone else’s and we won’t really have any evidence until the end of Q1. As far as Q4 2023, we saw a lot of budgets open up and thus far, the numbers for security sales appear good. Fingers crossed, since it would be good if the checks clear before AI destroys the banking system.
Below are a few of the articles that caught our attention this month. Moreover, we’ve inserted one or two sentences in italics, summarizing each article’s importance. We hope you enjoy and appreciate the material.
WHAT WE'RE READING
Here's a curated list of things we found interesting.
ByteDance is Secretly Using OpenAI’s Tech to Build a Competitor
We are shocked! Shocked! ByteDance has been using OpenAI data to train their own model. They discuss trying to hide the fact. Guess they failed. Microsoft had released research saying this was possible, but now we know it’s being done.
‘They really just don’t want to get caught.’ The frenzied race to win in generative AI means that even the biggest players are cutting corners.
Regulators Got Tough on Cyber in 2023 as Crime Soared
Here is a year in review of the hack and the political fallout in a fun little timeline. Worth the 3 minutes.
Significant third-party breaches and attacks against high-profile targets characterized 2023 in cybersecurity, but governments and regulators also focused their attention on how to tackle security for years to come.
Apple Develops Breakthrough Method for Running LLMs on iPhones
It is inevitable that LLMs will end up running on phones, the only question is the timeline. To that end, it may happen sooner than anticipated.
Apple GPT in your pocket? It could be a reality sooner than you think. Apple AI researchers say they have made a key breakthrough in deploying large language models (LLMs) on iPhones and other Apple devices with limited memory by inventing an innovative flash memory utilization technique.
Deals that caught our eye.
Okta to Acquire Israeli Startup Spera Security
Okta agreed to acquire Spera Security in a move to broaden Okta’s Identity threat detection and security posture management capabilities. The deal was reportedly done for between $100MM and $130MM.
What we're listening to.
Cyber Thoughts Podcast, Episode 6 – Justine Bone: Ballet Dancer, Hacker, Spy
In this episode Lucas interviews Justine Bone, a ballet dancer turned spy who became the first CISO of Bloomberg. Justine's experience as a founder of multiple cybersecurity companies also comes to the forefront, offering a rare insight into the industry's dynamic landscape. We think you'll love this episode.
Lytical Ventures is a New York City-based venture firm investing in Enterprise Intelligence, comprising cybersecurity, data analytics, and artificial intelligence. Lytical’s professionals have decades of experience in direct investing generally and in Corporate Intelligence specifically.