Bad Actors are Eating Software
Or at least nibbling aggressively at its edges...
O2’s Blue Door Expo on October 14/15 2020 provided opportunities for business leaders to engage in topics that spark debate and explore creative solutions that embrace change. It was an opportunity for Speedinvest to share our view on key themes in security, looking through the lens of an early stage European venture fund.
Security is a critical and very broad topic with direct relevance on the geopolitical, national, business, and personal levels. I personally feel there are not enough cybersecurity startups in Europe. Looking at the EU plans to build a 1B euro cybersecurity investment platform, I am not alone.
You can see my in-depth discussion on the future of security here:
But if you are on the go, here are the key points about the security startup ecosystem through three high-level themes. Here it goes:
1. Taking Humans out of the Loop
We all know humans are the weakest link in any kill chain. The majority of breaches are caused by the use of stolen or weak passwords and phishing attacks that exploit human behavior.
On the other hand, cybersecurity teams have too many tools and are inundated with more alerts than they can handle. To manage the volume, a majority of DevSecOps even adjust security policies “downwards”!
Two-thirds of SMBs have been the victim of a cyberattack or data breach in the last twelve months. This situation is especially difficult to manage in these cases, as the impact of a successful attack is particularly severe, and SMBs are the most constrained in terms of resources. There is a continued need for highly capable, economical and easy-to-use solutions.
The technology to help end-users use strong password and authentication is here and has been for a while: password managers and MFA solutions. In addition, we also continue to have an interest in solutions that solve alert fatigue, reduce notification chaos and help security teams respond to breaches before lasting damage happens. Our recent investment in SOC.OS is a great example of this.
2. Holistically Manage Complexity through Data
The complexity and size of the attack surface available to bad actors continues to expand. This starts with the growing number of connected devices in our homes, our public spaces, at work, and even on the battlefield. It continues with the growing complexity of our (software-defined) infrastructure. It has become very fragmented as software is broken up into, for example, microservices, as well as code that can run on small devices, and potentially millions of future edge data centers through a technology like Web Assembly.
Managing this complexity is a huge investment opportunity on its own, and so is dealing with its security. From an investment perspective, we are interested in:
- Solutions that manage the complexity by using data (a.k.a. telematics) to build a holistic picture — not just the security posture across this landscape, but also of its real-time security dynamics
- Solutions that help companies implement new security concepts like Zero Trust
3. Emerging Technologies
We are already seeing some very large threat vectors appearing, many of which either don’t yet have clear solutions for how to address them effectively, or where the adoption of mitigation solutions is still in its infancy.
Here are some new developments we track:
- Post Quantum Security: Making sure the encryption we use today can withstand expected attack capabilities of quantum computers in the future
- Securing AI: making sure the AI we build and deploy is not only in compliance with the law, but also protected against the growing number of attack vectors being explored in research (for example, data poisoning, evasion, model theft, etc)
- Deep Fakes: You can now actually be a cat on the Internet! While one president dissing the other and Elon Musk showing off his iron-pumping skills are amusing, it is easy to see how deep fakes can be abused in very sophisticated and concerning ways. What is the business model to address these “attacks”?
These are all topics in which we have invested and will continue to invest in at Speedinvest because as software continues to eat the world, bad actors will continue to try to eat software!