Cybersecurity in the New Paradigm
- Keywords:
- covid-19
With COVID-19 forcing more and more people to work from home, cyber-security is becoming that much more of an important issue for companies who want to keep their workers, and their data, safe. Before this crisis began, Cybersecurity Ventures had said that hacks will cost the world $6 trillion a year by 2021, up from $3 trillion in 2015, but it’s possible that number could be even larger as companies become more vulnerable to attacks now that their employees are no longer using office-approved computers and devices. Innovation, Technology and Culture are keys to cyber success in this new paradigm.
Prior to COVID unfolding, I wrote about some of the top security-related trends I felt executives should pay attention to, and on February 26, I asked a panel of CEOs and investors to share their thoughts on the trends they’re focusing on.
The panel, which took place in San Francisco, adjacent to the RSA Conference, featured some of the top industry minds, including Sri Dronamraju, BMO Financial Group’s Chief Information Security Officer; Fran Rosch, CEO of ForgeRock; Jim Dolce, CEO of Lookout; Samir Kumar, Managing Director of M12; John Hurley, Director of Information Security Strategy and Innovation at BMO Financial Group; Deepak Jeevankumar, Managing Director at Dell Technologies Capital; Prasad Parthasarathi, Director & Domain Leader for Cybersecurity in Cisco’s Corporate Development and Venture Investments Group and Sanjay Beri, CEO of Netskope.
Here are some of the takeaways from the event.
Dronamraju began by saying it’s important to stay ahead of threat actors by continuing to invest in new capabilities. Currently, hackers spend more money penetrating or infiltrating companies than organizations spend defending themselves. “That's the number one challenge facing the industry today,” he said.
The industry also needs to continue producing more talent, he said. At the moment, there’s more demand for people who can work on security issues than are available.
Ultimately, by investing in new technology and upskilling our people, “our security operations are able to consistently protect our customer data and assets,” he said.
Trend #1: Always evolving technology
Dronamraju’s comments echoed the panel’s, who agreed that investing in innovative technology is a major focus for executives and Chief Information Security Officers (CISOs).
Rosch, whose San Francisco-based company manages digital identities, said that companies want their tech to do more for them. CISOs are increasingly interested in using artificial intelligence and machine learning to combat hackers, especially when it comes to protecting data and identities.
“From an identity perspective, you sit at the intersection of a ton of authentications, a ton of log-ons and a ton of access requests,” he said. “It’s a great opportunity to be able to leverage that technology to remove the need for rules or manual approvals, and to leverage AI and machine learning so it’s smarter and so they don’t have to get new tools.”
Lookout’s Dolce pointed out that it was only a few years ago that people used firewalls to protect against hackers. Now, they’re using a host of cloud-based solutions. While that’s made it easier to quickly adopt and implement new technologies, it’s also caused a lot of confusion, as businesses end up buying many programs they don’t end up using.
Security tech, he said, will evolve to the point where companies use a single platform that comes with multiple pieces of software, rather than having to piece together several different programs on their own.
“You’re going to (use) platforms where you can add different kinds of modules to be able to bring new capabilities and services,” he said. “You’re going to see companies offering platforms rather than individual point products.”
Trend #2: More attention to physical
It’s not just software that companies need to keep top of mind. M12’s Kumar said that more companies must consider how their physical environment impacts their chance of an attack.
While that might involve thinking about how people get into a building or whether staff are allowed to take their company laptops home, it’s also about considering how vulnerable smart technology, like a WiFi-enabled thermostat or a voice assisted device, might be to an attack.
“This is going to become more and more of an issue,” said Kumar. “Many Internet of Things (IoT) vendors lack when it comes to security, both at the hardware and software level. If you think about the role of IoT security, whether it’s in smart cities or in physical systems, I think that is a problem that has not been really tackled yet.”
Trend #3: Simplification
One trend that was discussed at last year’s panel and is still relevant today is simplifying a company’s security tech needs. Dolce said that many companies use a hodgepodge of security tools. Many companies end up paying for things they don’t use or they’re not making the best use of what they have. Companies are now starting to think about simplifying.
“CEOs… are in the midst of all this transformation. And they're simply looking to consolidate these technologies,” he said. “And so these cloud native solutions have to evolve into platforms where you can add different kinds of modules to be able to bring new capabilities and new services, and combine these modules and these capabilities into a platform-oriented solution. You’re going to see companies offering platforms rather than individual point products.”
Trend #4: Security from the start
For Jeevankumar, the speed at which a company can adapt to change is important, too.
“There’s always a fight between what is time critical and what is mission critical,” he said. The CISOs he talks to are interested in what he calls “the intersection of the developer lifestyle code and cybersecurity.”
Dell Technologies Capital wants to work with innovative tech startups that have developers who can react to cybersecurity issues quickly.
“We’re looking for startups that are innovative, not just in technology, but also in a go-to market that can straddle between the developer go-to market and cybersecurity go-to market,” he noted.
To this point, Cisco’s Parthasarathi postulated that DevSecOps, where developers think about software security from the start, “is gaining religion.”
“Increasingly, security controls will be injected into the code at inception and security hygiene will be applied in production as well as run-time environments,” according to Parthasarathi.
Trend #5: Creating better cultures
Another issue for companies is creating the right culture for innovation, said Netskope’s Beri.
Some of the traditional brand-name security companies ran into trouble over the last few years because people stopped wanting to work for them. Having a strong company culture that permeates every part of the business, from recruiting and evaluating to who you take on as an investor, is critical to success.
“The single biggest thing I would say is stay true to the culture you want across your board, your investors, your team, your employees,” Beri suggested. “It pays big dividends and your customers who see it, they see how you work and they want to work with you.”
Rosch added that timing is important to success, too. Delivering products that people want is a must, but, of course, that’s easier said than done.
“I've tried to do innovation and been too early to the market, or I’ve been too late. But that timing is really important,” he said. “It’s great (we’re) in the identity space, because so many companies are prioritizing that.”
Trend #6: Build companies to last
One problem in the security startup space is that entrepreneurs are too eager to sell, which can impact innovation, said Dolce. He hopes to see more people building strong companies for the long-term.
“You don’t sell a company – you get bought,” he said. “You come to work every day and you build a company to last, and you focus on the business model and the metrics; you grow your revenue, you grow your gross margin, make it profitable, you build good innovation – innovative technologies to bring to market. And if you do that job well, then perhaps along the way, somebody may notice you.”
There are other trends to consider – BMO’s Hurley says that educating employees on cybersecurity issues will be even more of a focus in the future – but, ultimately, it’s the companies that create innovative products and the ones that can leverage new technologies – pandemic or not – that will ultimately beat the bad guys.
Yogesh Amle, CFA, is a Managing Director in the BMO Capital Markets Technology and Business Services Group where he leads software banking. Based in San Francisco, he has more than 20 years of corporate finance and enterprise software & systems experience advising high-growth technology companies.
Read more
Yogesh Amle
Yogesh Amle is a Managing Director in the BMO Capital Markets Technology and Business Services Group where he leads software banking. Based in San Francisco, he has more than 20 years of corporate finance and enterprise software & systems experience advising high-growth technology companies.
View Full Profile
With COVID-19 forcing more and more people to work from home, cyber-security is becoming that much more of an important issue for companies who want to keep their workers, and their data, safe. Before this crisis began, Cybersecurity Ventures had said that hacks will cost the world $6 trillion a year by 2021, up from $3 trillion in 2015, but it’s possible that number could be even larger as companies become more vulnerable to attacks now that their employees are no longer using office-approved computers and devices. Innovation, Technology and Culture are keys to cyber success in this new paradigm.
Prior to COVID unfolding, I wrote about some of the top security-related trends I felt executives should pay attention to, and on February 26, I asked a panel of CEOs and investors to share their thoughts on the trends they’re focusing on.
The panel, which took place in San Francisco, adjacent to the RSA Conference, featured some of the top industry minds, including Sri Dronamraju, BMO Financial Group’s Chief Information Security Officer; Fran Rosch, CEO of ForgeRock; Jim Dolce, CEO of Lookout; Samir Kumar, Managing Director of M12; John Hurley, Director of Information Security Strategy and Innovation at BMO Financial Group; Deepak Jeevankumar, Managing Director at Dell Technologies Capital; Prasad Parthasarathi, Director & Domain Leader for Cybersecurity in Cisco’s Corporate Development and Venture Investments Group and Sanjay Beri, CEO of Netskope.
Here are some of the takeaways from the event.
Dronamraju began by saying it’s important to stay ahead of threat actors by continuing to invest in new capabilities. Currently, hackers spend more money penetrating or infiltrating companies than organizations spend defending themselves. “That's the number one challenge facing the industry today,” he said.
The industry also needs to continue producing more talent, he said. At the moment, there’s more demand for people who can work on security issues than are available.
Ultimately, by investing in new technology and upskilling our people, “our security operations are able to consistently protect our customer data and assets,” he said.
Trend #1: Always evolving technology
Dronamraju’s comments echoed the panel’s, who agreed that investing in innovative technology is a major focus for executives and Chief Information Security Officers (CISOs).
Rosch, whose San Francisco-based company manages digital identities, said that companies want their tech to do more for them. CISOs are increasingly interested in using artificial intelligence and machine learning to combat hackers, especially when it comes to protecting data and identities.
“From an identity perspective, you sit at the intersection of a ton of authentications, a ton of log-ons and a ton of access requests,” he said. “It’s a great opportunity to be able to leverage that technology to remove the need for rules or manual approvals, and to leverage AI and machine learning so it’s smarter and so they don’t have to get new tools.”
Lookout’s Dolce pointed out that it was only a few years ago that people used firewalls to protect against hackers. Now, they’re using a host of cloud-based solutions. While that’s made it easier to quickly adopt and implement new technologies, it’s also caused a lot of confusion, as businesses end up buying many programs they don’t end up using.
Security tech, he said, will evolve to the point where companies use a single platform that comes with multiple pieces of software, rather than having to piece together several different programs on their own.
“You’re going to (use) platforms where you can add different kinds of modules to be able to bring new capabilities and services,” he said. “You’re going to see companies offering platforms rather than individual point products.”
Trend #2: More attention to physical
It’s not just software that companies need to keep top of mind. M12’s Kumar said that more companies must consider how their physical environment impacts their chance of an attack.
While that might involve thinking about how people get into a building or whether staff are allowed to take their company laptops home, it’s also about considering how vulnerable smart technology, like a WiFi-enabled thermostat or a voice assisted device, might be to an attack.
“This is going to become more and more of an issue,” said Kumar. “Many Internet of Things (IoT) vendors lack when it comes to security, both at the hardware and software level. If you think about the role of IoT security, whether it’s in smart cities or in physical systems, I think that is a problem that has not been really tackled yet.”
Trend #3: Simplification
One trend that was discussed at last year’s panel and is still relevant today is simplifying a company’s security tech needs. Dolce said that many companies use a hodgepodge of security tools. Many companies end up paying for things they don’t use or they’re not making the best use of what they have. Companies are now starting to think about simplifying.
“CEOs… are in the midst of all this transformation. And they're simply looking to consolidate these technologies,” he said. “And so these cloud native solutions have to evolve into platforms where you can add different kinds of modules to be able to bring new capabilities and new services, and combine these modules and these capabilities into a platform-oriented solution. You’re going to see companies offering platforms rather than individual point products.”
Trend #4: Security from the start
For Jeevankumar, the speed at which a company can adapt to change is important, too.
“There’s always a fight between what is time critical and what is mission critical,” he said. The CISOs he talks to are interested in what he calls “the intersection of the developer lifestyle code and cybersecurity.”
Dell Technologies Capital wants to work with innovative tech startups that have developers who can react to cybersecurity issues quickly.
“We’re looking for startups that are innovative, not just in technology, but also in a go-to market that can straddle between the developer go-to market and cybersecurity go-to market,” he noted.
To this point, Cisco’s Parthasarathi postulated that DevSecOps, where developers think about software security from the start, “is gaining religion.”
“Increasingly, security controls will be injected into the code at inception and security hygiene will be applied in production as well as run-time environments,” according to Parthasarathi.
Trend #5: Creating better cultures
Another issue for companies is creating the right culture for innovation, said Netskope’s Beri.
Some of the traditional brand-name security companies ran into trouble over the last few years because people stopped wanting to work for them. Having a strong company culture that permeates every part of the business, from recruiting and evaluating to who you take on as an investor, is critical to success.
“The single biggest thing I would say is stay true to the culture you want across your board, your investors, your team, your employees,” Beri suggested. “It pays big dividends and your customers who see it, they see how you work and they want to work with you.”
Rosch added that timing is important to success, too. Delivering products that people want is a must, but, of course, that’s easier said than done.
“I've tried to do innovation and been too early to the market, or I’ve been too late. But that timing is really important,” he said. “It’s great (we’re) in the identity space, because so many companies are prioritizing that.”
Trend #6: Build companies to last
One problem in the security startup space is that entrepreneurs are too eager to sell, which can impact innovation, said Dolce. He hopes to see more people building strong companies for the long-term.
“You don’t sell a company – you get bought,” he said. “You come to work every day and you build a company to last, and you focus on the business model and the metrics; you grow your revenue, you grow your gross margin, make it profitable, you build good innovation – innovative technologies to bring to market. And if you do that job well, then perhaps along the way, somebody may notice you.”
There are other trends to consider – BMO’s Hurley says that educating employees on cybersecurity issues will be even more of a focus in the future – but, ultimately, it’s the companies that create innovative products and the ones that can leverage new technologies – pandemic or not – that will ultimately beat the bad guys.
Yogesh Amle, CFA, is a Managing Director in the BMO Capital Markets Technology and Business Services Group where he leads software banking. Based in San Francisco, he has more than 20 years of corporate finance and enterprise software & systems experience advising high-growth technology companies.
Tell us three simple things to
customize your experience
