Weekly Video: August 8, 2022
Hello and welcome to another edition of Cyber Risk at Deal Speed your weekly video rundown of cybersecurity news and strategy for investors, deal teams, and the management teams of portfolio companies.
I’m your host, Shay Colson, Managing Partner for Cyber Diligence at Coastal Cyber Risk Advisors. You can find us online at coastalcyber.io
This week we’ve got a set of “tangentials” - stories that are perhaps not directly related to the core functions of a typical private equity investment, but that I think will have impacts in the space and are worth being aware of.
We’re going to cover three stories - but not going to discuss carried interest or Khloe Kardashian (you’re welcome). And - we’re going to do it in 5 minutes or less.
Crypto Breaches
Microsoft Expands Threat Intelligence, Attack Surface
The CHIPS Act
Crypto Breaches
While we don’t often discuss crypto on these weekly summaries, I do think there are some very good lessons to be learned from this week’s set of crypto breaches.
If you haven’t been following this space closely, you might not have realized how frequently Crypto startups are getting breached - and real money is being stolen (one of the key differences for these companies, when they’re attacked, their users typically have significant and immediate financial impacts).
This past week, users on the Solana blockchain lost $5.8M in funds, and the finger is being pointed at a crypto wallet called Slope, which had a fundamental flaw. As a reminder, wallets help manage the backend cryptographic portions of “crypto” transactions.
Apparently, the application was logging the recovery phrase - words generated when users secret keys are created - in plain text, meaning anyone with those could recover the key and execute transactions.
The reason I raise this is that these are core Secure Software Development Lifecycle (SDLC) issues that any developers should be aware of - ensuring sensitive information isn’t capture or stored in logs.
Earlier in the week, crypto protocol Nomad suffered a $200M loss because of a fundamental flaw in their smart contract that allowed users to manipulate funds that didn’t belong to them and re-route transactions into wallets they controlled.
Again, these are basics that so often get overlooked - which is the message here for our portfolio companies and potential investments.
We MUST get the basics right - because they remain the security challenges that are actually causing these impacts, and are well within our control. Not that we don’t ever need to worry about advanced external threats, but we’ve got some work to do at home first.
Microsoft Expands Threat Intelligence, Attack Surface
Speaking of getting the basics right, Microsoft announced a new Threat Intelligence and Attack Surface tool this week, following their acquisition of RiskIQ last year.
In an explicit effort to directly reduce the impact of ransomware, Microsoft is beefing up their Defender suite with additional Threat Intelligence and External Attack Surface Management.
Not only does this help inform Microsoft customers of the TTPs (tactics, techniques, and protocols) of threat actors so they can better defend against them, the Attack Surface tools help enterprises understand the actual lay of the land with regards to their digital footprint so they can manage it more intentionally.
Threat Intelligence and Attack Surface have been two of the hottest areas of cybersecurity investment and startups over the past year or two, and to see Microsoft make this move is a clear sign that they’re looking to help SMBs move the needle.
In contrast to AWS and Google, Microsoft seems to be making a play whereby they give customers tools that can actually move the needle on these threats, which is not only a competitive advantage against the other cloud providers, but a huge win for the end users.
If you’re an Azure or Microsoft Defender customer, these tools are absolutely worth checking out and integrating into your workflows.
The CHIPS Act
Finally, after much discussion, we saw the passage of the CHIPS Act - allocating $52B in funding for new chip fabs, worker training, and some R&D.
Economist Noah Smith wrote a very interesting piece entitled “Industrial policy starts with semiconductors,” wherein he argued that while this isn’t an incredible amount of money, it does demonstrate a bipartisan appetite for reigniting the industrial engine of America.
Lots of good analysis of the industrial, economic, and military implications, as well as the threat from China (though Taiwan, South Korea, and Japan get honorable mentions). Europe lags.
Worth reading, because if we’ve learned anything in the past few months, it’s that macro trends really do have impacts here in the private equity space and understanding them is tremendously helpful.
Fundraising
Congratulations to the more than $25.7B in newly committed capital last week.
We’re back to the big numbers, and this much dry powder is likely to carry investment activity forward through the end of the year.
Best of luck to all the funds with new capital to deploy.
You can find all the links to the stories we covered below, and we’ll see you next week with another edition of Cyber Risk at Deal Speed.
LINKS: