20 Jul 2021

Nefarious actors are trying to disrupt my business – what do I do about it?  

Marcus Bartram

General Partner

Follow Me On:

Investments, Networking, New Technology or Careers?

By Marcus Bartram , General Partner

 

Cybercrime has never been worse. 

The 2020 Internet Crime Report highlights an increase of 300,000 complaints in suspected internet crime over 2019 – with reported losses exceeding $4.2 billion.

It seems no one is safe. Research shows that one in two companies will experience a data breach every year, with the average cost of a data breach costing companies $3.86M.

It’s so bad, that the US Justice Department has just launched a direct Task Force to disrupt the digital ecosystem that supports nefarious actors.

Regulators are also driving companies to protect their personal and confidential data. The result is a new ecosystem of companies emerging and investment opportunities that come with it.

Last year accelerated the adoption of new technology by a decade. 

In 2020, the COVID-19 pandemic kept people in their homes and drove them out of the corporate office.

IT departments were forced to evolve to rapidly enable systems to be accessed from home, ramping up the digitization of their core applications and services. Security teams pivoted to support the rapid increase in the adoption of cloud-based applications and home setups.

These unique conditions, helped by the pandemic, are helping cybercriminals (aka nefarious actors) get smarter.

Combined with the increasing amount of personal information that can be found online, cyber-criminals have become more deceptive and authentic in their cyberattacks and communications.

 

It’s all about your data.

The two most significant steps you can take to protect yourself from cyberattacks are:

 

  1. Know who has access, what, and where your most crucial data is.
  2. Back up your data, and make sure you have data encryption policies and procedures in place.

 

A solid data backup system will ensure your company can recover. Having a copy of the data means you can recover, and data encryption means that even if your data is stolen, it cannot be sold as it will be unintelligible.

 

A new ecosystem.

We are seeing an emerging class of companies appear around data and privacy operations that are helping companies discover where their data is stored across multiple legacy and cloud technology stacks. They are focused on helping classify this data, managing access rights, encrypting the right data at the right time, and putting governance policies in place. The companies that will win here will automate as much of this process as possible, so they don’t slow down a company or its people.

This problem is being faced by every company globally, so the market opportunity is massive, but so are the technical challenges to overcome.

CISOs are expected to add more than 30 new capabilities to their function over the next two years, such as security strategists responsible for setting the security strategy and informing the enterprise-wide strategy. 

 

Which cybersecurity solution do you choose? 

The unwelcome news is that there isn’t one ‘off the shelf’ solution to keep your business safe from cybercrime. Businesses need to consider that they will be affected by cyber-crime. Remember, no one is 100% safe.

The good news is that there are a lot of emerging and highly effective options to consider.

First – proactively shift the potential impact of cybercrime by taking out cyber insurance.

Seek out a specialist cyber insurer who will help you recover after an incident.

Corvus Insurance, one of our portfolio companies that recently raised $100M in Series C funding, offers a broker-focused approach and uses AI (Artificial Intelligence) capabilities to predict and prevent loss due to cybercrime.

Second – secure the new environments you built during 2020.

The digitization of businesses in 2020 led companies to adopt new technologies and cloud platforms at an increasingly rapid rate. It is estimated that spend on cloud computing grew by over 30% in 2020 alone. In the rush to put people online and the intense demand placed on people to migrate, companies may have left core infrastructure exposed, revealing privileged access to core platforms that go far beyond the person’s needs.

Now is the time to reign in access and potentially rebuild core access controls before we begin the transition back to the corporate office.

Cloudknox, a portfolio company, is a cloud infrastructure management platform that manages permissions and access within an organization – regardless of its location. It can find which users are doing what to which resources. Permission misuse or abuse can allow both human and machine identities to create and destroy portions of the cloud infrastructure.

Third – Understand your data.

What data do you have? Where is your data? How important is the data? Who has access to it? Is the data subject to regulation? How can I ensure my data is only getting to the intended audience? Loss or compromise of data can be devastating for a business.

 

The big opportunity to solve the data problem.

It is technically particularly challenging to weave together interests from security, data teams, governance requirements, and privacy rules, all while doing it in a way where automation rules and ‘cottage industries’ of employees aren’t created to maintain the structures, rules, and platforms.

 

Expect more nefarious acts.

Cybersecurity has been a top-three risk for global enterprises for over a decade, but it is paramount to prioritize right now.

It is not surprising that Gartner predicts that by 2023, 30% of chief information security officers’ effectiveness will be directly measured on the role’s ability to create value for the business.

Expect to see even more emails that entice you to click on questionable links and more companies appearing to stop nefarious actors from stealing data and company secrets.

Remember – cyberattacks happen to everyone. Keep a cautious mindset before you open or click and educate your team.