Today, wearing a seat belt is second nature, but not too long ago there was a time when many cars didn’t have seatbelts and if they did, wearing them was viewed as optional. It took a generation — and lots of education — to convince car owners that the seatbelt is a vital component of vehicle safety. This shift in sentiment is exactly what’s needed to educate consumers and employees on information security best practices as we continue to witness a variety of large scale breaches like this month’s Russian crime ring theft of over 1.2 billion user name and password combinations.
As you may already know, the number of reported data breaches resulting from cyber attacks has reached an all-time high. We’re seeing more targeted incidents, new threat vectors, and more variation than ever before. The bad guys have upped their level of sophistication and they aren’t slowing down, yet some consumers and enterprises are still not taking appropriate action (until it’s too late) to protect their data. Much like seatbelt safety, many of our online security issues stem from a lack of awareness or effort to protect oneself.
Education is Paramount
I’m convinced that the average computer user still doesn’t know enough about what to do to protect his or her data, and isn’t very motivated to find out. At the most basic level, almost all new smartphones are equipped with passcodes (and some newer models with biometrics) yet many people don’t activate these features. There are also numerous new mobile security apps available to further protect these devices. Most desktop and laptop operating systems support disk/file system encryption and many forms of password/login security methods.
IT Teams Struggle to Keep Pace
It’s no wonder that cyber security is a $66 billion growth market where the pace of innovation is driven by constant threat. Many enterprise-level companies are not just tasked with securing their internal network and a growing number of employee smartphones (BYOD or otherwise), but must also secure important applications (and data) that are rapidly moving to the cloud. Luckily there are a number of innovative security companies devoted to protecting the enterprise.
Here are a few in which Norwest Venture Partners has invested:
- Apprity will help with assessing cloud vulnerabilities
- Bitglass secures corporate data in the cloud and online
- Exabeam will allow security teams to find the needle in the haystack regarding cyber attacks
- FireEye stops advanced cyber attacks by detecting attempted incursions
- MobileIron offers a broad-based platform for enterprise mobility management
- Pertino secures cloud-based networks
- PICS Auditing helps companies create a safe and sustainable prequalification program for contractors, vendors and suppliers
- Seculert was designed to detect Advanced Persistent Threats attacking computer networks
- Shape Security technology defends against website attacks
Again, while there are many options available for both consumer and the enterprise, they must be turned on and used properly in order to provide adequate protection.
The profile of a cyber criminal has evolved over the last several years; modern day attackers are profit motivated, educated, and talented operators with computer science expertise and an immense knowledge of Internet infrastructure. To battle the constant onslaught, IT teams must proactively deploy and manage an integrated, multilayered threat strategy that combines many best-of-breed detection, prevention, and response tools. They must become highly adaptive strategists capable of thwarting never-ending attacks. Welcome to the new normal.
The good news is that we are making progress. More than half of all organizations today are employing a Chief Information Security Officer (CISO) and in 2013 computer security spending reached $66 billion, which is a growth rate four times faster than general IT spending.
The bad guys are learning and moving quickly but with cutting edge security companies solving complex problems, there are fewer excuses to not protect against preventable cyber crime. In our increasingly mobile and tech heavy world, online security is a huge issue and a tremendous amount of education must be done before an adequate level of online security becomes automatic. Like the seatbelt debate of the 1960s, it will take a generation to create a new level of security awareness for end users and organizations.
Check out the NBC Press:Here interview with host Scott McGrew, which aired on Sunday, August 10, where I share my thoughts on current security trends, cyber criminals, and the innovative companies we are funding to thwart them.