As 2014 came to a close, we got a front row seat to the horror show that was the Sony hack. As if we needed a case study to show us, we saw, with vivid clarity, what can happen when hackers run amok inside servers and start sharing confidential business content with the world — and we learned it gets ugly in a hurry. We’re less than a week into the new year and already we’ve seen a major Bitcoin attack. You know that it’s only a matter of time before we hear about the next catastrophic system assault. It’s a bit like cybersecurity roulette. We keep spinning the wheel to find out who the next victim is. The question is, why are we still so vulnerable, and why is the industry not banding together to solve this once and for all? Security matters to everyone from governments to finance to private sector companies of all sorts. Nobody wants to be the next JP Morgan, Home Depot or Sony. Yet everybody seems equally vulnerable. That’s why we must work together and put the best minds to bear on the problem to figure this out. The trouble is these are dreadfully difficult problems or we would have solved them by now. If Security Were Easy, We Wouldn’t Be Having This Discussion David Cowan, a partner with the venture capital firm Bessemer Ventures has been working with security companies since the 1990s and says the problem for most organizations is that they’re just not in the security business. “Sony has a technology business, but they are not Google or Amazon. They make movies and they hire people who are great at making movies. That’s what they think about. They don’t think about data, trust and security,” Cowan told me. Andre Durand, CEO at Ping Identity says another aspect of the problem is that the security industry as a whole tends to be reactive, rather than proactive. “An attack happens, and they plug it. They don’t invest proactively to stop a class of threats in a fundamental manner. It’s not like they don’t try to aggregate threats and think ahead, they do, but by and large, they respond like an immune system. Nothing happens until a virus comes in and they address it,” he explained. Cowan points out that there is a basic security disconnect in most enterprises, and given the number of highly publicized incidents, he says, we might finally be reaching the point where organizations have to take this more seriously. “Up until this year, most businesses and people had the attitude that cyber-crime and warfare were things that happened to other people. Everyone had the idea, ‘I’m not that interesting. Nobody wants to read my email.'” Cowan says people realize now that just about anyone can be interesting, and if a nation-state or organized hacking collective is hell bent on getting into your servers, there’s not a lot you can do about it. “I can assure you if Russia or China, or the US or Israel, or North Korea or Iran — if one of those players wants information,
will get it,” Cowan told me.
More via TechCrunch.