Buzz in the cyber space tends to be focused on shiny new tech that promises to provide a silver bullet. At Dawn, we see a gap for a new generation of cyber champions focused on using tech to supercharge security processes, not reinvent them.
Today’s world is a hacker’s dream. With millions of employees across the globe working from home — and outside of their companies’ security systems — the attack surface has substantially increased. The 600% year-on-year growth in cyber attacks on companies, government, and individuals has been serious enough for the UN to issue an official warning. So all eyes are turned to the next generation of security technology. Yet, while there are technological advances that look promising, we believe that the next cyber champion won’t be the startup with the latest in artificial intelligence, but instead the business that truly fixes security processes.
Most security software has functioned in the same way forever: scanning systems, identifying problems, and leaving the company to act on the information. The key difference these days lies in the technology used, with companies now employing machine learning to identify and flag anomalies.
While these systems sound impressive, there are two key issues. The first is efficacy: once you’ve installed them, it’s impossible to be sure whether they’re actually working. If you get no security alerts, does that mean there are no problems, that the software isn’t capturing those problems, or that it’s capturing them but not alerting you? Much like refusing to walk under a ladder, you’ll never know whether your superstitious caution protected you from harm or whether there was simply nothing to fear in the first place.
So the gap we see in the market isn’t for shiny new software; it’s for software that keeps it simple. If you want to ensure your webcam is secure, you could install software that blocks the camera when it’s not in use — or just stick some tape over the lens. A crude example, but companies that can clearly demonstrate their efficacy — and thus prove ROI — will have a genuine competitive advantage. Nobody ever wondered if Ronseal did what it said on the tin.
This is the philosophy of Debate Security, an initiative of several security leaders that was created to challenge the fashion among corporate technology vendors and buyers for features and functionality in favour of tools that actually deliver what they claim to: better security.
The second area ripe for innovation is automation of workflow. As a security team in a corporation, it doesn’t matter how many tools you have or how sophisticated they are; if you don’t act on the issues they flag, they’re as good as useless. So we see an unprecedented opportunity for security companies to move beyond detection, alerts and prioritisation, and into workflow, focusing on pragmatic outputs from existing systems.
This is the massive opportunity that Vulcan (a recent Dawn investment) has set about tackling. Vulcan’s technology ingests vulnerabilities in your network and endpoints. But rather than just throwing that information over the wall to your in-house security team and hoping for the best, Vulcan helps you close the loop by prioritising vulnerabilities in order of risk, matching them against confirmed fixes, and creating a maintenance ticket before handing it to your IT department. This automated workflow gives overstretched security teams clear, actionable output, allowing businesses to scale securely.
This approach shares a lot in common with the methodology outlined by surgeon Atul Gawande in his bestselling book The Checklist Manifesto. Gawande explains why all experts need checklists — literal written guides that walk them through the key steps of a complex procedure. Conducting a successful surgery is not just about being the most talented medical professional; you have to follow key steps throughout the process — put your mask on, wash your hands, open and close up the wound safely. Security breaches are the same: most likely to happen when the small but vital steps in the process are skipped or overlooked. By automating workflow, you vastly reduce the chance of human error at any stage in the process.
Automating these security ‘checklists’ is vital when security talent is scarce and budgets are low. Those in charge of corporate security are often doing more with fewer resources, keeping businesses up and running under increasingly challenging circumstances, and supporting executives as they take necessary business risks to maintain productivity. While technology gets the attention, security is still a human job. With the right software, security professionals gain more mental bandwidth, helping them to enforce consistent processes and actions day-to-day.
Ultimately, the future of security is not about more technology, or no technology; it is about using technology intelligently to build products that meet the genuine needs of the customer, making their lives easier and their businesses safer.
