Cybersecurity and the Future of Digital Defense

Data security is an innately precious and increasingly expensive thing. In a world where the majority of people spend their time online, either working or socializing, the opportunities for bad actors to seize sensitive information is ever-growing.

According to IBM, the average cost of a corporate breach is north of $4M, with that number showing higher in the United States. And it’s not just organizations that are vulnerable - crime syndicates have launched recent attacks on government and state infrastructure. This trend will only continue in 2023, as many nations are set to hold political elections, events frequently targeted by hostile parties.

In this changing digital environment - where home and enterprise networks intertwine - it’s important to understand the trends and challenges of the cybersecurity space. Because if the last 12 months have taught us anything, it’s that adapting isn’t easy.

Zero Trust Architecture

Almost every company, to some extent, will become a tech company. And with the increase in digitization and remote working comes a rise in cyberattacks. As the lines blur between cloud and cybersecurity, the responsibility of protecting company data has shifted from the IT department to the board room. Systems must be continuously tested for vulnerabilities and threats must be actively monitored. This is where zero trust security plays a critical role. Based on the concept of 'never trust, always verify', a zero trust environment continuously validates user access using several authentication methods. As current VPNs struggle with scalability demands and remain prone to security attacks, I expect zero trust network architecture - paired with passwordless authentication - to be the fastest growing form of network security (and ultimately replace VPNs).

Artificial Intelligence

Traditional security tools rely on predefined rules and signatures to detect threats, which can be easily bypassed by an average hacker. Artificial Intelligence can be a powerful tool in this fight, analyzing data much faster than a human. Companies can proactively leverage AI to spot malware attacks, improve protection protocols, and reduce the risk of false positives. Machine learning algorithms can recognize patterns in user/network behaviors, thus improving threat detection systems by instantly notifying admins of a breach. And organizations can operate more efficiently - AI can automate many repetitive tasks for IT departments, including patch management, compliance checks, and malware detection. This frees up human labor to focus on more challenging issues, thereby improving productivity and reducing costs. According to Gartner, the market for these products will be nearly $140 billion in 2030, a 10x increase from that in 2021.

Internet of Things and Cloud Security

The rise in Internet of Things (IoT) devices will undoubtedly play a risk. Research analysts predict there will be over 43 billion IoT connected devices in the world by the end of 2023. As smart fridges and speakers become more common in households, opportunities will increase for hackers to use them as gateways to access sensitive data. The same can be said for automated driving software. These vehicles use Bluetooth and WiFi technologies to create a seamless driving experience, and will soon be widely connected to other consumer tech wearables - this creates a need for manufacturers to issue frequent security patches and updates.

Nozomi Networks - a San Francisco based outfit that’s raised $166M across 8 rounds - is a rapidly growing player offering asset inventory, threat detection, and IoT device integration. It supports customers in the fields of energy, manufacturing, and transportation.

There is opportunity for more industry-specific platforms such as Nozomi to emerge. They have advantages over generic counterparts, as they better understand sector regulations, provide more relevant data and metrics, and integrate with unique systems that are not present in other industries.

SaaS Security Solutions

Cybersecurity has become too complex for many organizations to manage on their own, especially as they scale and rely more on cloud computing. SaaS security solutions can provide flexibility by scaling up or down, depending on usage or demand, and can be more cost-efficient compared to on-site platforms. They tend to have intuitive interfaces that are updated regularly, and provide access to an array of services including threat detection, web app firewalls, identity/access management, and data protection. The sector received a lot of funding last year. Although it has some drawbacks, such as limited customization and interoperability, I predict SaaS security solutions will outpace API tools in 2023.

No-code SaaS solutions can be useful for non-technical employees across departments. As more organizations store sensitive information in the cloud, having a culture wary of threats is important to mitigate risk. Bonus points for companies that can “simulate” fake attacks, allowing employees to respond to threats and evaluate the status of their security systems. SnapAttack - an early stage startup with $8M in funding - provides a simulation platform that creates attacks and analyzes the entire threat detection process with a no-code builder solution.

Here are some other players operating in the space:

Third-Party Risk Management

A reliance on third-party solutions will have an impact on business strategy, risk management, and operations. Hacker attacks have become more advanced, using AI and Machine Learning techniques to bypass security protocols controlling data. Many of them are evading sophisticated defenses by targeting smaller organizations across supply chains. These companies won't have the same levels of protection, but may have access to the same valuable information. Third-party vendors and software used to improve productivity should be closely monitored, which is why SaaS Security Posture Monitoring (SSPM) will be more widely discussed. All of these factors have contributed to the rise in cyber insurance premiums, making it difficult for companies to afford coverage. Fostering cyber resilience will require detailed use of vendor and software questionnaires to catalog relevant risks. Risk assessments can address underwriting concerns and determine gaps in coverage.

Founded in 2021, Conveyor offers an online platform for vendors to upload risk questionnaires and compliance documents, helping companies monitor and compare the security posture of their vendors.

As cybersecurity continues to evolve and increase in complexity, new solutions are needed to ensure the safety of organizations, individuals, and governments. To improve the cybersecurity sector, startups can focus on developing AI and ML technologies for threat detection and response, and improve security for users of cloud-based services. I didn’t mention this above, but there is also growing demand for solutions that address the shortage of cybersecurity professionals. The field pays well relative to others.

For venture capitalists, investing in cybersecurity startups that address these challenges could be a wise investment decision. By funding these companies, VCs can drive innovation and growth in the sector, and make a couple of bucks while doing so.

Cheers for reading.