Featured post by OurCrowd’s Cybersecurity Venture Partner Ron Moritz.
There have been several inflections that have driven cybersecurity and contributed to the growth and maturity of the industry. The emergence of the commercial Internet in the 1990s drove early innovation as it became clear that security was a basic requirement for access. Following the “dot com” collapse of the early 2000s, security spend as a percentage of the overall technology budget reached unprecedented double-digit highs and sparked the first cybersecurity gold rush.
There have been several other inflection points along the way and some experts, such as former A&T chief security, Ed Amoroso, are suggesting that the recent WannaCry represents yet another. This may be so but not because of the ransom paid – current estimates put the ransom collected to unlock files at less than $100,000 in comparison to the potential of tens of millions of dollars – but because of how many systems it infected, how quickly it propagated, and how much media it generated.
Though the actual damage caused may be small in comparison to the noise and buzz, the extent and force of the WannaCry attack will certainly trigger reviews of staffing, investment and policy by firms large and small and across every industry vertical. Valuation of public cybersecurity companies, already up this year, experienced an additional pop as a result of the WannaCry attack and anticipation of further growth in cybersecurity spend. The innovation race will certainly benefit as it has during the better part of this decade. And the good guys, those fighting the good fight, will find a more receptive bosses and supervisory boards. All-in-all, positive consequences of a seemingly frightening, sky-is-falling attack.
In practical terms, there is a perspective that there is good that comes from the bad. While WannaCry demonstrated how fragile our systems really are, such attacks highlight the importance of cybersecurity and the need for ongoing diligence and review of systems and processes. On one hand, many thought they had done enough and woke up to the reality that they had not. On the other hand, the fact that so little ransom was paid suggests that most organizations had developed recovery capabilities and were, in fact, prepared.
In the end, however, it was all about the people. People cannot be controlled. At best, they can be trained. But, by design, they are capable of being fooled – by other people as well as computer programs crafted by people. It’s unclear how we can fix our people problems. In the meantime, we’ll have to rely on entrepreneurs and their innovation.
Several of the OurCrowd cybersecurity portfolio companies continue to demonstrate the value of their products in the ongoing battle of good versus bad. Because the perspectives they offer are linked to the specific problems they help solve, the articles shed light on the true complexity of the cybersecurity defense challenge and why the category will continue to experience double-digit annual growth for many years to come.
- BioCatch, a leader in continuous authentication and behavior biometrics and continuous authentication, offered ideas on how to protect companies form the rise of ransomware and contributed to a MarketWatch story.
- CyberX, a leader in industrial control, critical infrastructure and manufacturing security, contributed to articles in Control, Drives & Automation and eWeek.
- Kenna Security, a leader in risk intelligence, blogged about why WannaCry doesn’t make them cry.
- MorphiSec, a leader in moving target defense, blogged about the importance of a cybersecurity strategy and dissected the threat profile of ransomware.