On Staying Focused (or “When to Ignore the Headlines”)

Written By Shay Colson

10–28–2024 (Monday)

Hello and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for growth stage companies, investors, and management teams.

I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.

Today is Monday, October 28, 2024, and it’s time for us to have a pretty frank discussion about getting shit done in cyber. And to do that, we have to stay focused.

What do I mean? Let’s dive in.

Stay Focused (or “When to Ignore the Headlines”)

The past week - including today - has seen a rash of headlines that seem like things that could be VERY important to discuss in the context of cybersecurity.

The first, we’ve briefly touched on here before, but the New York Times had more over the weekend in a piece called “What to Know About the Chinese Hackers Who Targeted the 2024 Campaigns.”

They are, of course, talking about Salt Typhoon, the Chinese threat actors who are said to have compromised telecommunications companies including Verizon and AT&T to gather intelligence about both major presidential campaigns here in the United States.

We also saw a headline last week about some new legislation in the European Union, which Lawfare and Seriously Risk Business titled as follows: “The EU Throws a Hand Grenade on Software Liability.”

This piece gets right to the point of what the EU Council has done, as they “issued a directive updating the EU’s product liability law to treat software in the same way as any other product. Under this law, consumers can claim compensation for damages caused by defective products without having to prove the vendor was negligent or irresponsible.”

Now - we could spend the rest of this video, and many more, frankly, discussing the implications of both Salt Typhoon and Software Liability Law. In fact, I’ve got lots of thoughts on both.

But will that materially change anything for any of us here in the middle market?

No.

Is is possible that we’ll use up (waste?) a whole bunch of time in things that are at the same time very interesting and not very helpful?

Yes.

And so, just like many other areas of our security practices, we need to exercise some discretion here and stay focused.

The same goes true for everything from worrying about issues that don’t impact our enterprise to tuning the alerts on our systems and technology. The most scarce resource we have - and we’ve all got scarce resources - is our attention. Even more scarce than time, I would argue.

Letting that focus be coopted by headlines that won’t matter to us in the near term or, frankly, long term is just another way to get distracted, feel busy, but not have much to show for it.

And so, let’s just not. Get back to the things on your plate that matter - including your people, processes, and technology.

I guarantee that you don’t have to worry about Salt Typhoon or Software Liability today, and you won’t have to worry about it tomorrow, either.

Running from headline to headline, breach to breach, vulnerability to vulnerability is a great way to feel exhausted and still be standing in the same place you started.

Don’t do that to yourself, and don’t let your team or leadership fall in to the same trap.

Staying focused, over time, is a real super power, and requires real and consistent effort. You won’t always get it right. But, with effort, you can get it right most of the time, and that should be seen as success.

Fundraising

From a fundraising perspective, back to the big numbers, with more than $25B in newly committed capital this week, including:

  • EnCap Investments of Houston raised $5.25b for its 12th oil and gas fund

  • Mubadala Capital (Abu Dhabi’s state owned fund) raised $3.1b for its fourth private equity fund.

  • General Catalyst raised $8b for its new funds: $4.5b for its core VC funds, $1.5b for its startup creation strategy, and $2b for separately managed accounts.

  • Nautic Partners closed Nautic Partners XI with $4.5b.

Finally, in the public markets, Alphabet, Google’s parent company, reports tomorrow. Meta and Microsoft follow on Wednesday, with Apple and Amazon on Thursday

Big week for the markets!

With that, a reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.

Links

https://www.nytimes.com/2024/10/26/us/politics/salt-typhoon-hack-what-we-know.html

https://www.lawfaremedia.org/article/the-eu-throws-a-hand-grenade-on-software-liability

Shay Colson
Previous

You Might Not Be Interested in Geopolitics, but Geopolitics is Interested in You
Next

The Ransomware Battle is Shifting - And So Should Our Response