Or at least nibbling aggressively at its edges...
O2’s Blue Door Expo on October 14/15 2020 provided opportunities for business leaders to engage in topics that spark debate and explore creative solutions that embrace change. It was an opportunity for Speedinvest to share our view on key themes in security, looking through the lens of an early stage European venture fund.
Security is a critical and very broad topic with direct relevance on the geopolitical, national, business, and personal levels. I personally feel there are not enough cybersecurity startups in Europe. Looking at the EU plans to build a 1B euro cybersecurity investment platform, I am not alone.
You can see my in-depth discussion on the future of security here:
But if you are on the go, here are the key points about the security startup ecosystem through three high-level themes. Here it goes:
We all know humans are the weakest link in any kill chain. The majority of breaches are caused by the use of stolen or weak passwords and phishing attacks that exploit human behavior.
On the other hand, cybersecurity teams have too many tools and are inundated with more alerts than they can handle. To manage the volume, a majority of DevSecOps even adjust security policies “downwards”!
Two-thirds of SMBs have been the victim of a cyberattack or data breach in the last twelve months. This situation is especially difficult to manage in these cases, as the impact of a successful attack is particularly severe, and SMBs are the most constrained in terms of resources. There is a continued need for highly capable, economical and easy-to-use solutions.
The technology to help end-users use strong password and authentication is here and has been for a while: password managers and MFA solutions. In addition, we also continue to have an interest in solutions that solve alert fatigue, reduce notification chaos and help security teams respond to breaches before lasting damage happens. Our recent investment in SOC.OS is a great example of this.
The complexity and size of the attack surface available to bad actors continues to expand. This starts with the growing number of connected devices in our homes, our public spaces, at work, and even on the battlefield. It continues with the growing complexity of our (software-defined) infrastructure. It has become very fragmented as software is broken up into, for example, microservices, as well as code that can run on small devices, and potentially millions of future edge data centers through a technology like Web Assembly.
Managing this complexity is a huge investment opportunity on its own, and so is dealing with its security. From an investment perspective, we are interested in:
We are already seeing some very large threat vectors appearing, many of which either don’t yet have clear solutions for how to address them effectively, or where the adoption of mitigation solutions is still in its infancy.
Here are some new developments we track:
These are all topics in which we have invested and will continue to invest in at Speedinvest because as software continues to eat the world, bad actors will continue to try to eat software!