Tech Risk Reading Picks

1. Cloud risk: In 2024, cloud security predictions suggest a trend of organizations moving away from the public cloud, an increase in risks associated with new software-as-a-service (SaaS) offerings, and a shift in focus from rapidly building application protocol interfaces (APIs) to mitigating the associated security risks. [more]

2. Barrier to AI adoption: Businesses eager to harness the benefits of artificial intelligence, such as task automation and improved decision-making, face challenges in adopting AI technology. A survey of 120 U.S. AI decision-makers in late 2023 revealed that less than 40% have successfully implemented an AI project. The primary obstacle identified is the increasing threat of cybersecurity, with 58% of respondents citing data security as a major barrier to AI adoption. [more]

3. Prepare for post quantum cryptography: Quantum computing presents opportunities and challenges for enterprises. While it can solve complex problems, it poses a risk to traditional cryptographic systems, especially public-key encryption. CISOs need to educate themselves about quantum computing, address potential risks, and establish cryptographic agility. Future quantum computers may break widely used algorithms, making sensitive information vulnerable. Organizations should take three critical steps (Discover, Observe, Transform) to become quantum-safe and protect their data from potential attacks. [more]

4. Tech risk landscape ahead: The 11th annual "Global Technology Audit Risks Survey" gathered insights from over 550 Chief Audit Executives (CAEs) and IT audit professionals. The key findings includes cybersecurity concerns, AI risk and IT talent gap. [more]

   1. Cybersecurity is the top concern: Almost 75% of respondents, particularly 82% of CAEs and tech audit leaders, see cybersecurity as a high-risk area in the next 12 months. The integration of emerging technologies raises concerns about next-gen cyber threats over the next 2-3 years.

   2. AI poses emerging risks: While only 28% see AI and machine learning as immediate threats, 54% believe advanced AI systems, including generative AI, present substantial risks in the next 2-3 years. There are significant gaps in organizational preparedness and internal audit proficiency in handling AI-related risks.

   3. Talent gap in IT is a growing concern: To address cyber and AI risks, companies need talent with a deep understanding of these areas, which is currently scarce. Focusing on hiring, retaining, and upskilling talent is crucial for companies to navigate these technological challenges.

   4. Other significant threats include:

      • Third parties/vendors (60%)

      • Data privacy and compliance (58%)

      • Transformations and system implementations (55%)

Web3 Cryptospace Spotlight

1. Wise suffered flash loan attack: Wise Lending, a prominent lending application and yield aggregator in the Web3 space, experienced a flash loan attack that led to a significant loss of around $464,000. [more]

2. Socket protocol hack: A bug in the technology supporting the crypto bridge aggregator Bungee resulted in a loss of $3.3 million for over 200 wallets. The incident occurred due to a security flaw in Socket, the underlying technology managed by the Socket project, which experienced a security breach affecting wallets with infinite approvals to Socket contracts. Socket paused the exploited smart contract to prevent further damage. The bug had been inadvertently deployed three days prior, allowing the hacker to target users who had previously utilized the Bungee bridge for token transfers. Users are advised to revoke approvals granted to DeFi protocols after transactions to enhance security and prevent unauthorized access. [more]

3. Crypto drainer: The Inferno Drainer malware operated from November 2022 to November 2023, generating illicit profits exceeding $87 million by deceiving over 137,000 victims. It is one of several similar scams offered as a service to affiliates, who receive a 20% share of their earnings under the scam-as-a-service model. [more]

4. Understand smart contract audit: A smart contract audit involves a thorough examination of the code written by developers for a smart contract. Security engineers conduct this audit to find and address potential security issues, risks, and coding inefficiencies. The goal is to ensure the reliability and strength of smart contracts by identifying and fixing any problems during the auditing process. [more]