Cybersecurity Surge: AI Risks, Intel's Spin-Offs, Google’s Gmail Encryption, and More

[00:00:02] It's Tuesday, April 1st, 2025, and I'm Dave Solt. Four things to know today. Cybersecurity startups see revenue surge as AI threats multiply. Are we prepared? Intel's Strategic Reset are spinning off non-core assets to boost custom chip development. Google brings enterprise-level encryption to Gmail as Apple patches a major iOS vulnerability. CrowdStrike and SnapLogic step up partnerships while OpenAI sweetens their bug bounty reward.

[00:00:32] This is the Business of Tech. Cybersecurity startups are experiencing significant growth driven by the increased threats associated with artificial intelligence. Companies like ChainGuard have reported a remarkable seven-fold increase in annualized revenue, reaching approximately $40 million. $40 million. Similarly, Island anticipates its revenue will hit $160 million by the end of the year,

[00:00:57] while CyberHaven has surpassed a billion-dollar valuation. The surge in cyber attacks, with a 138% rise in phishing sites since the launch of ChatGPT, has led to a greater demand for cybersecurity solutions. According to consultancy McKinsey & Company, the number of dedicated phishing sites companies rose to $5 million last year. New players are entering the market, raising substantial funding

[00:01:22] to combat those threats. For instance, Sierra's annualized revenue jumped to $50 million, up from $15 million the previous year. A recent report from Tenable highlights significant cybersecurity risks associated with the deployment of artificial intelligence services in cloud environments. The study reveals that a staggering 91% of organizations examined have configured Amazon SageMaker,

[00:01:47] an AI data analytics platform, to allow root access by default, exposing them to potential threats. The report emphasizes that many organizations are making common misconfigurations, including excessive permissions and public exposures, which can lead to severe security vulnerabilities. As AI adoption continues to grow, it's crucial for organizations to address the risks by implementing best practices such as maintaining an inventory of cloud resources and adopting a least-privileged access model to safeguard

[00:02:17] sensitive information. Experts warn that without prompt action, businesses could face increased cyber threats, particularly this year, as attackers look for new ways to exploit the vulnerabilities. A study by iProove revealed a staggering 300% increase in face-swap attacks and a 2,665% increase in injection attacks against virtual cameras. Additionally, Menlo Security found a 140% rise in browser-based phishing

[00:02:46] attacks attributed to the misuse of generative AI. Despite 95% of organizations using AI tools for cybersecurity, more than half lack specific strategies to address threats posed by generative technologies. Mimecast's recent survey indicates that 43% of companies have experienced internal threats due to compromised employees. The U.S. National Institute of Standards and Technology has published new guidelines to help mitigate these risks, emphasizing the importance of addressing the human element in

[00:03:16] cybersecurity. Why do we care? The convergence of AI adoption and cybersecurity threats highlights a critical gap between innovation and risk management. While startups are stepping in to address AI-driven risks, many organizations remain unprepared for the specific threats that AI introduces. Providers need to reassess their security offerings, integrating advanced AI-driven protection and human-centric approaches that address

[00:03:42] internal risks. And customers should demand a holistic security strategy that goes beyond just deploying technology. Ultimately, the key takeaway is that AI and cybersecurity is both a solution and a problem. As AI-driven attacks become more common and sophisticated, proactive measures such as rigorous cloud configuration management, comprehensive staff training, and staying updated on emerging threat patterns are essential to maintaining security resilience.

[00:04:11] This episode is supported by Synchro. Synchro, the integrated remote monitoring and management and professional services automation platform, is designed for mid-sized and growing managed service providers. Its latest innovations include an AI-powered smart ticket management system with automatic ticket classifications, guided resolution steps using pre-approved scripts, and a natural language smart search function. These tools streamline ticket handling and improve response times.

[00:04:40] Discover more at Synchromsp.com Intel's new CEO, Lip Bu Tang, announced at the Intel Vision Conference that the company will spin off non-core assets to focus on its primary mission. While he did not define what constitutes core versus non-core assets, Tang confirmed plans to introduce new products including custom semiconductors for clients. He emphasized the importance of recruiting and retaining engineering talent,

[00:05:07] but did not discuss any potential breakup of the company, a strategy that has been considered recently. Tang took over as CEO on March 18th following the departure of former CEO Pat Gelsinger in December. Why do we care? Intel's decision to spin off non-core assets signals a strategic refocus on its primary mission, advancing semiconductor innovation. By shedding non-core segments, Intel aims to streamline

[00:05:32] operations and allocate resources more effectively toward custom semiconductor development. While the strategy sounds promising, Intel has struggled with execution in recent years. Spinning off assets doesn't guarantee success if the remaining core businesses don't gain competitive momentum. If Intel can leverage its legacy strengths while strategically shedding distractions, it could solidify its role in the increasingly competitive semiconductor landscape. However,

[00:06:00] the lack of clarity on what constitutes core remains a critical question, and the potential fallout from divestments should be monitored very closely. Google has announced that enterprise Gmail users can now easily apply end-to-end encryption, a feature previously available only to larger organizations with significant IT resources. This new capability comes amid rising email attacks underscoring the need for enhanced security. Emails encrypted with this feature ensure that only the sender controls

[00:06:30] the encryption key stored outside of Google's infrastructure. Users can activate this option with a simple click. In addition to sending secure emails within their organization, users will soon be able to send encrypted messages to Gmail users outside their organization with full support for all email inboxes expected within the year. Google is also introducing other security enhancements, including default encryption modes for sensitive data teams, classification labels

[00:06:56] for message sensitivity, and new tools to prevent data loss. The shift toward democratizing high-security email aims to make secure communication accessible without the burden of extensive IT management or technical knowledge. Apple has fixed a significant vulnerability in its iOS 18.2 Passwords app, which left users exposed to phishing attacks for three months after the release of iOS 18. The flaw allowed sensitive information to be leaked due to

[00:07:23] unencrypted requests for logos and icons associated with stored passwords. This meant that attackers on the same Wi-Fi network, such as at airports or coffee shops, could redirect users to fraudulent sites to steal their login credentials. The issue was first identified by security researchers at the app development company MISC, who initially reported it in September. Following the discovery, Apple addressed the vulnerability by implementing HTTPS for network communications.

[00:07:52] Why do we care? Google's decision to make end-to-end encryption more accessible to enterprise Gmail users is a significant shift in email security. Previously, this level of protection was largely reserved for larger enterprises. Now, even smaller organizations can leverage advanced encryption without needing extensive technical expertise. The move addresses a critical pain point, the rising frequency and sophistication of email-based cyber attacks. By allowing users to control the encryption key themselves, Google is effectively reducing the risk of data

[00:08:21] interception, even from its own infrastructure. This approach directly challenges the traditional trade-off between ease of use and robust security. The vulnerability within Apple's password app highlights a fundamental oversight, relying on unencrypted HTTP requests for something as critical as password-related data. The flaw left users vulnerable to phishing attacks, particularly in those public environments. Apple's response moving to HTTPS addresses the issue, but the fact that it took three months from discovery to resolution

[00:08:51] and raises questions about the speed of response for such critical vulnerabilities. CrowdStrike has launched its new Services Partner Program aimed at enhancing the efficiency of security operations centers by promoting the adoption of its Falcon Next-Gen Security Information and Event Management Technology, or SIEM. The initiative comes as cyber attacks increase in speed and complexity, and the skills gap in

[00:09:16] cybersecurity continues to widen. The program offers incentives, training, and resources for global systems integrators and managed service providers, enabling them to better serve their clients. Notable partners such as Deloitte, Echelon, and YPro are already on board to drive business growth through the technology. SnapLogic has launched its Partner Connect program to enhance collaboration with technology and consulting partners, enabling them to meet the growing demand for seamless integration and

[00:09:43] automation. The program provides essential tools for customer integration and success in artificial intelligence, including training and certification resources. SnapLogic's AI-powered solutions such as SnapGPT and Agent Creator are designed to streamline integration development, promoting faster delivery and improved efficiency for enterprises. The program is divided into three tiers – Authorized Partner, Advanced Partner, and Premier Partner – each offering escalating benefits as partners deepen their commitment.

[00:10:11] Daniel Carty, SnapLogic's Global Vice President of Channels, emphasized the company's dedication to building a strong partner ecosystem aimed at simplifying enterprise integration and driving innovation. OpenAI has announced a significant five-fold increase in its bug bounty program, raising the maximum reward from $20,000 to $100,000. The change reflects the organization's commitment to rewarding impactful security research.

[00:10:37] The updated program, which was first launched in April of 2023, aims to enhance cybersecurity initiatives, including a new grant program that supports research in five critical areas – software patching, model privacy, detection and response, security integration, and agentic artificial intelligence security. Additionally, OpenAI is introducing micro-grants in the form of API credits for high-quality proposals.

[00:11:02] The company emphasizes that these initiatives are essential to its goal of achieving artificial general intelligence, which aims for machines to possess human-like intelligence. OpenAI's – Why do we care? CrowdStrike and SnapLogic are leaning into partner ecosystems to scale their influence, while OpenAI's bounty increase underscores the need for ongoing vigilance as AI becomes ubiquitous.

[00:11:27] OpenAI's – Thanks for listening. Besides April Fool's Day, it's International Fun at Work Day, and National Fun Day, and National Reading Card Day, and National Sourdough Bread Day. I promise those are all real. I was speaking on a webinar on April 22 about inbound marketing in the AI era with the author of a new book. Link in the show notes and description to sign up and register now.

[00:11:53] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too. If you want to support the show, visit patreon.com slash MSPRadio, and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech.

[00:12:23] Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video to question at MSPRadio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you've got a comment or a thought on a story, put it in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast. And if you want to advertise on the show, visit MSPRadio.com slash engage.

[00:12:50] Once again, thanks for listening, and I will talk to you again on our next episode. Part of the MSP Radio Network.