How You Can Protect Your Company From Hackers
Technology is not enough to combat cyber threats alone-human talent plays a critical role too
We’ve entered a Golden Age of cybersecurity capabilities. Companies are flooding the market with high-end cybersecurity software products that gather large amounts of data. New technologies such as machine learning can make increasingly accurate predictions about when a cyberattack is taking place. Why then are powerful organizations such as Facebook, Quora, and JP Morgan still falling victim to data breaches?
In cybersecurity, defense is much more challenging than offense. Companies on the defense must secure every vulnerability, but attackers only need to find one hole. To make matters worse, the cost of launching a cyberattack continues to decrease, as hackers have access to more sophisticated technologies than ever before. Cybersecurity threats continue to evolve, and as they become more sophisticated, it will become more challenging to stop them. By taking a bird’s-eye view of potential cybersecurity risks, defenses and implementation processes, companies can best identify their weakness and move quickly to address the risks.
Use best-of-breed, but fill the gaps in your patchwork system
As we have seen in recent headlines, cyberattacks can take the form of intricate, highly organized plots or can simply exploit careless behaviour. Currently, the best cybersecurity technology is being built by highly specialized growth-stage vendors focused on gathering certain types of data, training learning systems that recognize anomalous behaviour and quarantining systems when a breach is detected. They can effectively sniff out attacks and cut off vulnerabilities before breaches inflict damage.
The level of innovation cybersecurity companies are developing is extraordinary. However, it leaves the responsibility of integrating different products to the customer, or to security consulting firms. Cobbling together different tools can be a challenge – but today it’s a necessary one to overcome.
Follow the economic power
When it comes to cybersecurity, both customers and investors should try to find vendors with products that benefit from “demand-side economies of scale”—products that get better as more people use them. It matters how quickly the product is improving, not only how good it is today.
Many larger, legacy cybersecurity companies have lost technical talent and the ability to build high-caliber products. Their investor bases often want a return of capital instead of investment in new capabilities—a major disadvantage when dealing with evolving cyberthreats.
On the other end of the spectrum, very early stage venture-backed companies are innovative, but they often lack the scale and maturity to support large multinational corporations or governments as customers.
Growth-stage vendors are in a “sweet spot”, in that they can build best-in-class, innovative products that improve as more customers use them, and yet they are substantive enough to handle the most demanding customers.
These companies can make better investments, and the scale leader in each cybersecurity domain can have a considerable economic moat.
And customers profit from using the product that is improving the most quickly, benefiting from the “herd immunity” that comes from using the most widely-deployed cybersecurity product.
Final steps to implementation
Technology is not enough to combat cyber threats alone—human talent plays a critical role, too. Cybersecurity tools are often complicated and require the retraining of human capital, including at the most senior levels of leadership. Organizations need to have a plan for keeping employees up-to-speed on new cybersecurity tools.
The companies with the best cyberdefenses today employ a blend of human talent and technology working together. Technology gathers data and makes predictions; humans exhibit judgment and take action.
A look ahead
In 2019, expect cybersecurity technology to journey beyond just monitoring, generating alerts and issuing quarantines of systems and data—new capabilities such as obfuscation (intentionally confusing attackers) and adaptive systems will allow cybersecurity technology to automatically respond to attacks.
The quality of cybersecurity software predictions will improve as machine learning systems benefit from more usage, better data, granular feedback and improved algorithms.
Meanwhile, the human machine interface in cybersecurity will also be refined, as software becomes more intuitive to use and easier to understand.
Finally, expect to see industry consolidation as customers demand integrated best-of-breed capabilities. They do not want to cobble together products themselves or settle for mediocre bundles from legacy vendors.
The future looks bright for growth-stage cybersecurity vendors bringing innovative solutions to market. Economic power and access to data will continue to drive this segment forward, and for companies looking to defend themselves from threats, investing in this “sweet spot”— powerful products from growth-stage cybersecurity vendors—is a smart approach.
Lonne Jaffe is the managing director at Insight Venture Partners. He was previously the CEO of Insight portfolio company Syncsort, which he joined in 2013 after serving as the senior vice president for corporate strategy at CA Technologies. Prior to CA, Lonne spent over a decade at IBM, where he led a number of sizable software acquisitions and held various technology strategy and operating executive roles.
Lonne received undergraduate (Walt Disney Company Foundation Scholarship, Detur Book Prize, Phi Beta Kappa) and master’s degrees from Harvard University.