As part of the Kleiner Perkins Caufield & Byers (KPCB) Leadership Salon series, KPCB General Partner Ted Schlein recently hosted a panel of cybersecurity experts intent on reshaping the way the tech industry protects information. Panelists included Ionic Security Founder and CTO Adam Ghetti, Shape Security CEO Derek Smith, and AlienVault CEO Barmak Meftah.
KPCB’s Ted Schlein asks the panelists to discuss whether the Target security breach and its aftermath – including the ouster of the retail giant’s CEO – will lead to widespread changes in the industry, including more executive accountability for privacy and data security.
Derek Smith highlights the importance of training employees to be aware of security risks and Barmak Meftah discusses the role that detection response analytics need to play in improved risk management. Adam Ghetti adds that the most important asset companies need to protect is their data, whether in the cloud or on an internal server.
Symantec recently declared that antivirus software is now obsolete. Ted Schlein wonders what effect this news will have on the security sector and asked the panelists to weigh in. Adam Ghetti thinks the news is “almost liberating (…) because the industry itself has spent a lot of time evolving and very rarely rebooting.” Derek Smith agrees, since this “forces the industry to acknowledge that there is no possible way that they can defend the endpoint.” Barmak Meftah adds that this announcement should have been made ten years ago, since the security industry has already known that it needs to move beyond antivirus but hadn’t publicly acknowledged it.
Ted Schlein introduces the concept of relying on crowdsourced threat information and asks for the panelists’ point-of-view on whether this would be a more effective way to combat cyberattacks. Barmak Meftah agrees that more cooperation is critical and discusses some of the reasons why this is not yet happening today. Derek Smith, who previously worked at the Department of Defense, adds that public-private sector collaboration has a long way to go in this respect as well.
Adam Ghetti discusses how security should be a priority focus for start-ups from the very beginning – security can’t be an afterthought, build-on, or feature – and why a Chief Security Officer should be one of a founder’s first five hires.
Where do the panelists see the cybersecurity industry in 2020? Adam Ghetti thinks the industry will have made a lot of progress in gaining users’ trust, something that currently seems to be eroding on a daily basis: “The problem is, trust isn’t just a technical issue. It’s a user experience issue and the experience has gotten pretty poor.” Derek Smith comments that by 2020 “there will be a momentum gained around authentication in the cyber realm that lets us identify [the] less than one percent of bad actors who cause most of the pain in cyber.” Barmak Maftah predicts that corporate accountability will rise – and that the role of CSOs will increase.