2 Truths & a Lie: Venture Capital Frenzy Misses Cyber Security Mark
USA Today recently opined that the venture capital flooding into the cyber security marketplace is justified. Unlike the dotcom boom and bust cycle of the late 90s, it says, the current spending on securing information capital is justified, as the Internet and corporate networks are in dire need of better protection. Without even a moment’s hiccough, this is undeniably true.
Take some recent cases in point: China hacking into the New York Times and Wall Street Journal, or the Syrian Electronic Army cracking into the Associated Press and 60 Minutes. If you’re looking for corporate examples, look no further than the $45 million stolen by cyber thieves via MasterCard pre-paid debit cards. Cyber security is the new darling of the Obama administration, the media and Sandhill Road because all three are finally learning how much they have to lose (or in the case of VCs, gain) by ignoring cyber security.
To the venture capitalists’ credit, many of the newly minted information security startups in Silicon Valley, the DC Beltway and elsewhere will in fact make huge profits. After all, nothing sells like fear. The mission of a venture capitalist is almost soley to make money. Acknowledged and forgiven. But making money doesn’t solve cyber crime. So what does? That’s where we encounter the lie. So far we have two truths: 1. spending on cybersecurity is justified and 2. VCs aim to make money. Now for the lie.
The Lie: Technology is the Rosetta-Stone-Solution that solves cyber security threats.
If you look at the recent funding frenzy described in the USA Today article, a majority of the VC investments target hardware and software companies that solve one (or maybe several aspects) of our new cyber reality. Some make firewalls, other protect the cloud. This one targets malware and that one WiFi encryption. These are all important pieces of the virtual puzzle. And yet, none of the startups I have seen incorporate solutions for the common denominator of nearly all cyber security breaches: we humans.
Behind every great firewall is an employee who brings their own unauthorized device into the company network (ever emailed a business file using your personal account?). At the heart of many a great hack are usernames and passwords that are identical for a user’s Facbook account, bank account and workplace login. Steal the Facebook login and voila, you are into the corporate network as a privileged user.
Security does not exist in a technological vacuum. It lives in the gaps between innovative tools like firewalls and the humans that configure, update and utilize them. If you don’t properly train the humans on cyber security, identity protection, fraud prevention, social engineering and the like, the technology becomes useless.
And the company that finds a solution to the human problem and incorporates it into the technology won’t just make a load of profits, they will make a world of difference.
John Sileo is the CEO of The Sileo Group and an advisor on the human element of cyber security, social engineering and fraud prevention. His body of work includes engagements with the Department of Defense, Visa, Homeland Security and hundreds of businesses of all sizes. View John’s client testimony, interactive keynotes & national media coverage.