Speedinvest Blog

Bad Actors are Eating Software

Deep Tech

by 

Marcel van der Heijden

October 21, 2020

Or at least nibbling aggressively at its edges...

O2’s Blue Door Expo on October 14/15 2020 provided opportunities for business leaders to engage in topics that spark debate and explore creative solutions that embrace change. It was an opportunity for Speedinvest to share our view on key themes in security, looking through the lens of an early stage European venture fund.

Security is a critical and very broad topic with direct relevance on the geopolitical, national, business, and personal levels. I personally feel there are not enough cybersecurity startups in Europe. Looking at the EU plans to build a 1B euro cybersecurity investment platform, I am not alone.

You can see my in-depth discussion on the future of security here:

But if you are on the go, here are the key points about the security startup ecosystem through three high-level themes. Here it goes:

1. Taking Humans out of the Loop

We all know humans are the weakest link in any kill chain. The majority of breaches are caused by the use of stolen or weak passwords and phishing attacks that exploit human behavior.

On the other hand, cybersecurity teams have too many tools and are inundated with more alerts than they can handle. To manage the volume, a majority of DevSecOps even adjust security policies “downwards”!

Two-thirds of SMBs have been the victim of a cyberattack or data breach in the last twelve months. This situation is especially difficult to manage in these cases, as the impact of a successful attack is particularly severe, and SMBs are the most constrained in terms of resources. There is a continued need for highly capable, economical and easy-to-use solutions.

The technology to help end-users use strong password and authentication is here and has been for a while: password managers and MFA solutions. In addition, we also continue to have an interest in solutions that solve alert fatigue, reduce ​notification ​chaos and​ ​help security teams respond to ​breaches ​before ​lasting ​damage happens​. ​Our recent investment in SOC.OS is a great example of this.

2. Holistically Manage Complexity through Data

The complexity and size of the attack surface available to bad actors continues to expand. This starts with the growing number of connected devices in our homes, our public spaces, at work, and even on the battlefield. It continues with the growing complexity of our (software-defined) infrastructure. It has become very fragmented as software is broken up into, for example, microservices, as well as code that can run on small devices, and potentially millions of future edge data centers through a technology like Web Assembly.

Managing this complexity is a huge investment opportunity on its own, and so is dealing with its security. From an investment perspective, we are interested in:

  • Solutions that manage the complexity by using data (a.k.a. telematics) to build a holistic picture — not just the security posture across this landscape, but also of its real-time security dynamics
  • Solutions that help companies implement new security concepts like Zero Trust

3. Emerging Technologies

We are already seeing some very large threat vectors appearing, many of which either don’t yet have clear solutions for how to address them effectively, or where the adoption of mitigation solutions is still in its infancy.

Here are some new developments we track:

Image for post
Peter Steiner’s cartoon, as published in The New Yorker
  • Post Quantum Security: Making sure the encryption we use today can withstand expected attack capabilities of quantum computers in the future
  • Securing AI: making sure the AI we build and deploy is not only in compliance with the law, but also protected against the growing number of attack vectors being explored in research (for example, data poisoning, evasion, model theft, etc)
  • Deep Fakes: You can now actually be a cat on the Internet! While one president dissing the other and Elon Musk showing off his iron-pumping skills are amusing, it is easy to see how deep fakes can be abused in very sophisticated and concerning ways. What is the business model to address these “attacks”?

These are all topics in which we have invested and will continue to invest in at Speedinvest because as software continues to eat the world, bad actors will continue to try to eat software!

Authored by Marcel van der Heijden, a member of the Speedinvest Deep Tech team. The team backs pre-seed and seed-stage European tech startups with global aspirations. With a focus on AI, cybersecurity, cloud-native infrastructure, developer tools and open-source projects, they use their extensive, industry-specific network to support founders along every step of their journey.

Sign-up to get the latest Speedinvest news, insights and resources right in your inbox.

From The Blog

Platform+
Taking Your First Steps as a Venture Capitalist
Subscriptions & Health
Digital Health Exits in Europe: Q1 2021 Update
Fintech
Investing in Women in Fintech

Discover more articles like this on the Speedinvest Blog

Experts
Footer Logo
Speedinvest
About UsTeamPortfolioPlatform+OfficesCareersSubmit PitchBlogPress RoomLegal Notices
Investment Teams
Deep TechFintechIndustrial TechNetwork EffectsSubscriptions & Health

Speedinvest is supported by InnovFin Equity, with the financial backing of the European Union under Horizon 2020 Financial Instruments and the European Fund for Strategic Investments (EFSI) set up under the Investment Plan for Europe. The purpose of EFSI is to help support financing and implementing productive investments in the European Union and to ensure increased access to financing.

© Speedinvest. Legal Notices